diff --git a/.gitignore b/.gitignore index dd950c04cc0..f0679a22aad 100644 --- a/.gitignore +++ b/.gitignore @@ -414,15 +414,55 @@ XXX-fips-test # Generated user_settings_asm.h. user_settings_asm.h -# VisualGD +# auto-created CMake backups +**/CMakeLists.txt.old + +# VisualGDB **/.visualgdb # Espressif sdk config default should be saved in sdkconfig.defaults # we won't track the actual working sdkconfig files /IDE/Espressif/**/sdkconfig -# auto-created CMake backups -**/CMakeLists.txt.old +# Espressif managed components to exclude: +/IDE/Espressif/**/managed_components/** + +# Espressif managed component lock files to exclude. +# "In general, it's ok to have it under version control, however, it ties +# the solution to the exact version of ESP-IDF and will be ignored if an +# example is built against another IDF version or for a different target. +# So it's better to git ignore it for the examples." +/IDE/Espressif/**/dependencies.lock + +# exclude any local oqs components +/IDE/Espressif/ESP-IDF/examples/**/components/oqs + +/IDE/Espressif/**/sdkconfig.old + +# ESP Registry Files + +# Temporary wolfssl component install directories that are copied locally at install time +/IDE/Espressif/wolfssl +/IDE/Espressif/component-manager/wolfssl +/IDE/Espressif/component-manager/wolfcrypt +/IDE/Espressif/component-manager/src +/IDE/Espressif/component-manager/dist + +# Exclude most of the example files that are copied at install time +# from https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples +/IDE/Espressif/component-manager/examples/*/CMakeLists.txt +/IDE/Espressif/component-manager/examples/*/partitions_singleapp_large.csv +/IDE/Espressif/component-manager/examples/*/sdkconfig.defaults +/IDE/Espressif/component-manager/examples/*/main/CMakeLists.txt +/IDE/Espressif/component-manager/examples/*/main/*.c +/IDE/Espressif/component-manager/examples/*/main/*.h +/IDE/Espressif/component-manager/examples/*/main/component.mk +/IDE/Espressif/component-manager/examples/*/main/Kconfig.projbuild + +# The only ESP Registry Files specific to this location +!/IDE/Espressif/component-manager/examples/*/main/idf_component.yml +!/IDE/Espressif/component-manager/examples/*/README.md +/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/cryptoauthlib # MagicCrypto (ARIA Cipher) MagicCrypto diff --git a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults new file mode 100644 index 00000000000..2842aa34e0e --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults @@ -0,0 +1,23 @@ +CONFIG_FREERTOS_HZ=1000 +CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y + +# +# Default main stack size +# +# This is typically way bigger than needed for stack size. See user_settings.h +# +CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 + +# Legacy stack size for older ESP-IDF versions +CONFIG_MAIN_TASK_STACK_SIZE=10500 + +# +# Compiler options +# +CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +CONFIG_COMPILER_HIDE_PATHS_MACROS=y +CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y +CONFIG_COMPILER_STACK_CHECK=y + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h index 7b85be227aa..243a70e9c11 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h @@ -32,6 +32,10 @@ #define DEFAULT_PORT 11111 +#ifndef CONFIG_TARGET_HOST + #define CONFIG_TARGET_HOST 192.168.1.42 +#endif + #define TLS_SMP_CLIENT_TASK_NAME "tls_client_example" #define TLS_SMP_CLIENT_TASK_WORDS 10240 #define TLS_SMP_CLIENT_TASK_PRIORITY 8 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv new file mode 100644 index 00000000000..5a1a339c94e --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv @@ -0,0 +1,34 @@ +# This tag is used to include this file in the ESP Component Registry: +# __ESP_COMPONENT_SOURCE__ + +# to view: idf.py partition-table +# +# ESP-IDF Partition Table +# Name, Type, SubType, Offset, Size, Flags +nvs, data, nvs, 0x9000, 24K, +phy_init,data, phy, 0xf000, 4K, +factory, app, factory, 0x10000, 1500K, + + +# For other settings, see: +# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables +# +# Here is the summary printed for the “Single factory app, no OTA” configuration: +# +# # ESP-IDF Partition Table +# # Name, Type, SubType, Offset, Size, Flags +# nvs, data, nvs, 0x9000, 0x6000, +# phy_init, data, phy, 0xf000, 0x1000, +# factory, app, factory, 0x10000, 1M, +# +# +# Here is the summary printed for the “Factory app, two OTA definitions” configuration: +# +# # ESP-IDF Partition Table +# # Name, Type, SubType, Offset, Size, Flags +# nvs, data, nvs, 0x9000, 0x4000, +# otadata, data, ota, 0xd000, 0x2000, +# phy_init, data, phy, 0xf000, 0x1000, +# factory, app, factory, 0x10000, 1M, +# ota_0, app, ota_0, 0x110000, 1M, +# ota_1, app, ota_1, 0x210000, 1M, diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv new file mode 100644 index 00000000000..5a1a339c94e --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv @@ -0,0 +1,34 @@ +# This tag is used to include this file in the ESP Component Registry: +# __ESP_COMPONENT_SOURCE__ + +# to view: idf.py partition-table +# +# ESP-IDF Partition Table +# Name, Type, SubType, Offset, Size, Flags +nvs, data, nvs, 0x9000, 24K, +phy_init,data, phy, 0xf000, 4K, +factory, app, factory, 0x10000, 1500K, + + +# For other settings, see: +# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables +# +# Here is the summary printed for the “Single factory app, no OTA” configuration: +# +# # ESP-IDF Partition Table +# # Name, Type, SubType, Offset, Size, Flags +# nvs, data, nvs, 0x9000, 0x6000, +# phy_init, data, phy, 0xf000, 0x1000, +# factory, app, factory, 0x10000, 1M, +# +# +# Here is the summary printed for the “Factory app, two OTA definitions” configuration: +# +# # ESP-IDF Partition Table +# # Name, Type, SubType, Offset, Size, Flags +# nvs, data, nvs, 0x9000, 0x4000, +# otadata, data, ota, 0xd000, 0x2000, +# phy_init, data, phy, 0xf000, 0x1000, +# factory, app, factory, 0x10000, 1M, +# ota_0, app, ota_0, 0x110000, 1M, +# ota_1, app, ota_1, 0x210000, 1M, diff --git a/IDE/Espressif/component-manager/CMakeLists.txt b/IDE/Espressif/component-manager/CMakeLists.txt new file mode 100644 index 00000000000..265a0c32f28 --- /dev/null +++ b/IDE/Espressif/component-manager/CMakeLists.txt @@ -0,0 +1,492 @@ +# +# Copyright (C) 2006-2023 wolfSSL Inc. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# +# cmake for wolfssl Espressif projects +# +# Version 5.6.0.007 for wolfssl 6205 spaces in path and cleanup +# +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html +# + +cmake_minimum_required(VERSION 3.16) +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +set(CMAKE_CURRENT_SOURCE_DIR ".") +set(COMPONENT_REQUIRES freertos lwip) # we typically don't need lwip directly in wolfssl component + +# COMPONENT_NAME = wolfssl +# The component name is the directory name. "No feature to change this". +# See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 + +# set the root of wolfSSL: +# set(WOLFSSL_ROOT "C:/some path/with/spaces") +# set(WOLFSSL_ROOT "c:/workspace/wolfssl-gojimmypi") +# set(WOLFSSL_ROOT "/mnt/c/some path/with/spaces") +# or use this logic to assign value from Environment Variable WOLFSSL_ROOT, +# or assume this is an example 7 subdirectories below: + +# We are typically in [root]/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl +# The root of wolfSSL is 7 directories up from here: + +if(CMAKE_BUILD_EARLY_EXPANSION) + message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:") + idf_component_register( + REQUIRES "${COMPONENT_REQUIRES}" + PRIV_REQUIRES # esp_hw_support + freertos + esp_timer + driver # this will typically only be needed for wolfSSL benchmark + ) + +else() + # not CMAKE_BUILD_EARLY_EXPANSION + message(STATUS "************************************************************************************************") + message(STATUS "wolfssl component config:") + message(STATUS "************************************************************************************************") + + # Check to see if we're already in wolfssl, and only if WOLFSSL_ROOT not specified + if ("${WOLFSSL_ROOT}" STREQUAL "") + # wolfssl examples are 7 directories deep from wolfssl repo root + # 1 2 3 4 5 6 7 + set(THIS_RELATIVE_PATH "./") + get_filename_component(THIS_SEARCH_PATH "${THIS_RELATIVE_PATH}" ABSOLUTE) + message(STATUS "Searching in path = ${THIS_SEARCH_PATH}") + + if (EXISTS "${THIS_SEARCH_PATH}/wolfcrypt/src") + # we're already in wolfssl examples! + get_filename_component(WOLFSSL_ROOT "${THIS_SEARCH_PATH}" ABSOLUTE) + message(STATUS "Using wolfSSL example with root ${WOLFSSL_ROOT}") + else() + # We're in some other repo such as wolfssh, so we'll search for an + # adjacent-level directory for wolfssl. (8 directories up, then down one) + # + # For example wolfSSL examples: + # C:\workspace\wolfssl-gojimmypi\IDE\Espressif\ESP-IDF\examples\wolfssl_benchmark\components\wolfssl + # + # For example wolfSSH examples: + # C:\workspace\wolfssh-gojimmypi\ide\Espressif\ESP-IDF\examples\wolfssh_benchmark\components\wolfssl + # + # 1 2 3 4 5 6 7 8 + set(THIS_RELATIVE_PATH "../../../../../../../..") + get_filename_component(THIS_SEARCH_PATH "${THIS_RELATIVE_PATH}" ABSOLUTE) + message(STATUS "Searching next in path = ${THIS_SEARCH_PATH}") + endif() + endif() + + # search other possible locations + if ("${WOLFSSL_ROOT}" STREQUAL "") + # there's not a hard-coded WOLFSSL_ROOT value above, so let's see if we can find it. + if( "$ENV{WOLFSSL_ROOT}" STREQUAL "" ) + message(STATUS "Environment Variable WOLFSSL_ROOT not set. Will search common locations.") + + message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") + get_filename_component(THIS_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) + message(STATUS "THIS_DIR = ${THIS_DIR}") + + # find the user name to search for possible "wolfssl-username" + message(STATUS "USERNAME = $ENV{USERNAME}") + if( "$ENV{USER}" STREQUAL "" ) # the bash user + if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user + message(STATUS "could not find USER or USERNAME") + else() + # the bash user is not blank, so we'll use it. + set(THIS_USER "$ENV{USERNAME}") + endif() + else() + # the bash user is not blank, so we'll use it. + set(THIS_USER "$ENV{USER}") + endif() + message(STATUS "THIS_USER = ${THIS_USER}") + + # This same makefile is used for both the wolfssl component, and other + # components that may depend on wolfssl, such as wolfssh. Therefore + # we need to determine if this makefile is in the wolfssl repo, or + # some other repo. + + if( "{THIS_USER}" STREQUAL "" ) + # This is highly unusual to not find a user name. + # In this case, we'll just search for a "wolfssl" directory: + message(STATUS "No username found!") + get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl" ABSOLUTE) + else() + # We found an environment USER name! + # The first place to look for wolfssl will be in a user-clone called "wolfssl-[username]" + message(STATUS "Using [THIS_USER = ${THIS_USER}] to see if there's a [relative path]/wolfssl-${THIS_USER} directory.") + get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl-${THIS_USER}" ABSOLUTE) + + if( EXISTS "${WOLFSSL_ROOT}" ) + message(STATUS "Found wolfssl in user-suffix ${WOLFSSL_ROOT}") + else() + # If there's not a user-clone called "wolfssl-[username]", + # perhaps there's simply a git clone called "wolfssl"? + message(STATUS "Did not find wolfssl-${THIS_USER}; continuing search...") + get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl" ABSOLUTE) + + if( EXISTS "${WOLFSSL_ROOT}" ) + message(STATUS "Found wolfssl in standard ${WOLFSSL_ROOT}") + else() + # Things are looking pretty bleak. We'll likely not be able to compile. + message(STATUS "Did not find wolfssl in ${WOLFSSL_ROOT}") + endif() + endif() + endif() + + else() + # there's an environment variable, so use it. + set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}") + + if( EXISTS "${WOLFSSL_ROOT}" ) + get_filename_component(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") + else() + message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") + message(STATUS "$ENV{WOLFSSL_ROOT}") + endif() + endif() + # end of search for wolfssl component root + else() + # There's already a value assigned; we won't search for anything else. + message(STATUS "Found user-specified WOLFSSL_ROOT value.") + endif() # WOLFSSL_ROOT user defined + + # After all the logic above, does our WOLFSSL_ROOT actually exist? + if( EXISTS "${WOLFSSL_ROOT}" ) + message(STATUS "WOLFSSL_ROOT = ${WOLFSSL_ROOT}") + else() + # Abort. We need wolfssl _somewhere_. + message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}. Try setting environment variable or git clone.") + endif() + + + set(INCLUDE_PATH ${WOLFSSL_ROOT}) + + set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/benchmark\"" # the benchmark application + "\"${WOLFSSL_ROOT}/wolfcrypt/test\"" # the test application + ) # COMPONENT_SRCDIRS + message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") + + set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") + + # Espressif may take several passes through this makefile. Check to see if we found IDF + string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) + + # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa + file(GLOB EXCLUDE_ASM *.S) + file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") + + message(STATUS "IDF_PATH = $ENV{IDF_PATH}") + message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}") + message(STATUS "EXCLUDE_ASM = ${EXCLUDE_ASM}") + + # + # Check to see if there's both a local copy and EDP-IDF copy of the wolfssl and/or wolfssh components. + # + if( EXISTS "${WOLFSSL_PROJECT_DIR}" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" ) + # + # wolfSSL found in both ESP-IDF and local project - needs to be resolved by user + # + message(STATUS "") + message(STATUS "**************************************************************************************") + message(STATUS "") + message(STATUS "Error: Found components/wolfssl in both local project and IDF_PATH") + message(STATUS "") + message(STATUS "To proceed: ") + message(STATUS "") + message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ") + message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ") + message(STATUS "") + message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") + message(STATUS "") + message(STATUS "**************************************************************************************") + message(STATUS "") + + # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") + + else() + if( EXISTS "$ENV{IDF_PATH}/components/wolfssl/" ) + # + # wolfSSL found in ESP-IDF components and is assumed to be already configured in user_settings.h via setup. + # + message(STATUS "") + message(STATUS "Using components/wolfssl in IDF_PATH = $ENV{IDF_PATH}") + message(STATUS "") + else() + # + # wolfSSL is not an ESP-IDF component. + # We need to now determine if it is local and if so if it is part of the wolfSSL repo, + # or if wolfSSL is simply installed as a local component. + # + + if( EXISTS "${WOLFSSL_PROJECT_DIR}" ) + # + # wolfSSL found in local project. + # + if( EXISTS "${WOLFSSL_PROJECT_DIR}/wolfcrypt/" ) + message(STATUS "") + message(STATUS "Using installed project ./components/wolfssl in CMAKE_HOME_DIRECTORY = ${CMAKE_HOME_DIRECTORY}") + message(STATUS "") + # + # Note we already checked above and confirmed there's not another wolfSSL installed in the ESP-IDF components. + # + # We won't do anything else here, as it will be assumed the original install completed successfully. + # + else() # full wolfSSL not installed in local project + # + # This is the developer repo mode. wolfSSL will be assumed to be not installed to ESP-IDF nor local project + # In this configuration, we are likely running a wolfSSL example found directly in the repo. + # + message(STATUS "") + message(STATUS "Using developer repo ./components/wolfssl in CMAKE_HOME_DIRECTORY = ${CMAKE_HOME_DIRECTORY}") + message(STATUS "") + + message(STATUS "************************************************************************************************") + # When in developer mode, we are typically running wolfSSL examples such as benchmark or test directories. + # However, the as-cloned or distributed wolfSSL does not have the ./include/ directory, so we'll add it as needed. + # + # first check if there's a [root]/include/user_settings.h + if( EXISTS "${WOLFSSL_ROOT}/include/user_settings.h" ) + message(FATAL_ERROR "Found stray wolfSSL user_settings.h in " + "${WOLFSSL_ROOT}/include/user_settings.h " + " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )") + else() + # we won't overwrite an existing user settings file, just note that we already have one: + if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" ) + message(STATUS "Using existing wolfSSL user_settings.h in " + "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + else() + message(STATUS "Installing wolfSSL user_settings.h to " + "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/user_settings.h" + DESTINATION "${CMAKE_HOME_DIRECTORY}/wolfssl/include/") + endif() + endif() # user_settings.h + + # next check if there's a [root]/include/config.h + if( EXISTS "${WOLFSSL_ROOT}/include/config.h" ) + message(FATAL_ERROR "Found stray wolfSSL config.h in ${WOLFSSL_ROOT}/include/config.h (please move it to ${WOLFSSL_PROJECT_DIR}/include/config.h") + else() + # we won't overwrite an existing user settings file, just note that we already have one: + if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/config.h" ) + message(STATUS "Using existing wolfSSL config.h ${WOLFSSL_PROJECT_DIR}/include/config.h") + else() + message(STATUS "Installing wolfSSL config.h to ${WOLFSSL_PROJECT_DIR}/include/config.h") + file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/dummy_config_h" DESTINATION "${WOLFSSL_PROJECT_DIR}/include/") + file(RENAME "${WOLFSSL_PROJECT_DIR}/include/dummy_config_h" "${WOLFSSL_PROJECT_DIR}/include/config.h") + endif() # Project config.h + endif() # WOLFSSL_ROOT config.h + message(STATUS "************************************************************************************************") + message(STATUS "") + endif() + + else() + # we did not find a ./components/wolfssl/include/ directory from this pass of cmake. + if($WOLFSSL_FOUND_IDF) + message(STATUS "") + message(STATUS "WARNING: wolfSSL not found.") + message(STATUS "") + else() + # probably needs to be re-parsed by Espressif + message(STATUS "wolfSSL found IDF. Project Source:${PROJECT_SOURCE_DIR}") + endif() # else we have not found ESP-IDF yet + endif() # else not a local wolfSSL component + + endif() #else not an ESP-IDF component + endif() # else not local copy and EDP-IDF wolfSSL + + + # RTOS_IDF_PATH is typically: + # "/Users/{username}/Desktop/esp-idf/components/freertos/include/freertos" + # depending on the environment, we may need to swap backslashes with forward slashes + string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos") + + string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + + if(IS_DIRECTORY "${RTOS_IDF_PATH}") + message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}") + else() + # ESP-IDF prior version 4.4x has a different RTOS directory structure + string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/include/freertos") + if(IS_DIRECTORY "${RTOS_IDF_PATH}") + message(STATUS "Found legacy RTOS path: ${RTOS_IDF_PATH}") + else() + message(STATUS "Could not find RTOS path") + endif() + endif() + + + set(COMPONENT_ADD_INCLUDEDIRS + "./include" # this is the location of wolfssl user_settings.h + "\"${WOLFSSL_ROOT}/\"" + "\"${WOLFSSL_ROOT}/wolfssl/\"" + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" + "\"${RTOS_IDF_PATH}/\"" + ) + + + if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib) + list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib") + endif() + + list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/\"") + list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"") + + + + set(COMPONENT_SRCEXCLUDE + "\"${WOLFSSL_ROOT}/src/bio.c\"" + "\"${WOLFSSL_ROOT}/src/conf.c\"" + "\"${WOLFSSL_ROOT}/src/misc.c\"" + "\"${WOLFSSL_ROOT}/src/pk.c\"" + "\"${WOLFSSL_ROOT}/src/ssl_asn1.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_bn.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/x509.c\"" + "\"${WOLFSSL_ROOT}/src/x509_str.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" + "\"${EXCLUDE_ASM}\"" + ) + + spaces2list(COMPONENT_REQUIRES) + + separate_arguments(COMPONENT_SRCDIRS NATIVE_COMMAND "${COMPONENT_SRCDIRS}") + separate_arguments(COMPONENT_SRCEXCLUDE NATIVE_COMMAND "${COMPONENT_SRCEXCLUDE}") + separate_arguments(COMPONENT_ADD_INCLUDEDIRS NATIVE_COMMAND "${COMPONENT_ADD_INCLUDEDIRS}") + + # + # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#example-component-requirements + # + message(STATUS "COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") + message(STATUS "COMPONENT_ADD_INCLUDEDIRS = ${COMPONENT_ADD_INCLUDEDIRS}") + message(STATUS "COMPONENT_REQUIRES = ${COMPONENT_REQUIRES}") + message(STATUS "COMPONENT_SRCEXCLUDE = ${COMPONENT_SRCEXCLUDE}") + + # + # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path + # + set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}") + idf_component_register( + SRC_DIRS "${COMPONENT_SRCDIRS}" + INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" + REQUIRES "${COMPONENT_REQUIRES}" + EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" + PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark + ) + # some optional diagnostics + if (1) + get_cmake_property(_variableNames VARIABLES) + list (SORT _variableNames) + message(STATUS "") + message(STATUS "ALL VARIABLES BEGIN") + message(STATUS "") + foreach (_variableName ${_variableNames}) + message(STATUS "${_variableName}=${${_variableName}}") + endforeach() + message(STATUS "") + message(STATUS "ALL VARIABLES END") + message(STATUS "") + endif() + + # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") +endif() # CMAKE_BUILD_EARLY_EXPANSION + + + +# check to see if there's both a local copy and EDP-IDF copy of the wolfssl components +if( EXISTS "${WOLFSSL_PROJECT_DIR}" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" ) + message(STATUS "") + message(STATUS "") + message(STATUS "********************************************************************") + message(STATUS "WARNING: Found components/wolfssl in both local project and IDF_PATH") + message(STATUS "********************************************************************") + message(STATUS "") +endif() +# end multiple component check + + +# +# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT) +# +# Save the THIS_VAR as a string in a macro called VAR_OUPUT +# +# VAR_OUPUT: the name of the macro to define +# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process() +# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful. +# +function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT ) + # is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true. + string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE) + + # if we had a successful operation, save the THIS_VAR in VAR_OUPUT + if(${IS_VALID_VALUE}) + # strip newline chars in THIS_VAR parameter and save in VAR_VALUE + string(REPLACE "\n" "" VAR_VALUE ${THIS_VAR}) + + # we'll could percolate the value to the parent for possible later use + # set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE) + + # but we're only using it here in this function + set(${VAR_OUPUT} ${VAR_VALUE}) + + # we'll print what we found to the console + message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}") + + # the interesting part is defining the VAR_OUPUT name a value to use in the app + add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\") + else() + # if we get here, check the execute_process command and parameters. + message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT") + set(${VAR_OUPUT} "Unknown") + endif() +endfunction() # LIBWOLFSSL_SAVE_INFO + +# create some programmatic #define values that will be used by ShowExtendedSystemInfo(). +# see wolfcrypt\src\port\Espressif\esp32_utl.c +if(NOT CMAKE_BUILD_EARLY_EXPANSION) + set (git_cmd "git") + message(STATUS "Adding macro definitions:") + + # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}") + + # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}") + + # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") + + # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") + + # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\' + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") + + message(STATUS "************************************************************************************************") + message(STATUS "wolfssl component config complete!") + message(STATUS "************************************************************************************************") +endif() diff --git a/IDE/Espressif/component-manager/INSTALL.md b/IDE/Espressif/component-manager/INSTALL.md new file mode 100644 index 00000000000..16f00578fd7 --- /dev/null +++ b/IDE/Espressif/component-manager/INSTALL.md @@ -0,0 +1,235 @@ +# Install for ESP Component Manager + +This is the documentation for the wolfSSL install / publish to [components.espressif.com](https://components.espressif.com/components/wolfssl/wolfssl). +When using a managed component, all of the respective source code is in the local project `managed_components` directory. +The wolfssl component `CMakeFiles.txt` from the examples is _not_ used. The managed component is manged entirely by `idf.py`. + +See the [Espressif IDF Component Manager Docs](https://docs.espressif.com/projects/idf-component-manager/en/latest/). + +Configuration for the component is in the top-level [idf_component.yml](./idf_component.yml) file. +Note that this is *different* from the same-name files in the example projects. + +Edit version in: +- Component configuration [idf_component.yml](./idf_component.yml) +- Example application [lib/idf_component.yml](./lib/idf_component.yml) +- Example staging application [lib/idf_component.yml](./lib/idf_component-staging-gojimmypi.yml) +- [README_REGISTRY_PREPEND.md](./README_REGISTRY_PREPEND.md) +Version numbers must exactly match between these files and follow the [Semantic Versioning Specification](https://semver.org/#spec-item-11). + +Note that when using the staging environment, the staging user namespace and component name +will be used. There should be a `./lib/idf_component-staging-[user name].yml` file. +For example, for the `gojimmypi` user, the [./lib/idf_component-staging-gojimmypi.yml](./lib/idf_component-staging-gojimmypi.yml) +should contain the alternate namespace (typically the username) and component name (typically with "my" prefix): + +```yml +## IDF Component Manager Manifest File +dependencies: + gojimmypi/mywolfssl: "^5.6.3-f9082c5.2" +``` + +See the `wolfssl_component_publish.sh` bash script. Set private `IDF_COMPONENT_API_TOKEN` +environment variable as appropriate. Optionally set the `IDF_COMPONENT_REGISTRY_URL`. +Typically there's only one valid option. See [Staging](./INSTALL.md#Staging), below. + +```bash +# set your paths as appropriate: +export IDF_COMPONENT_API_TOKEN=YOUR_TOKEN_VALUE +export WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1 +export WOLFSSL_ROOT=/mnt/c/workspace/wolfssl-$USER/IDE/Espressif/component-manager/ +export IDF_COMPONENT_REGISTRY_URL=https://components-staging.espressif.com + +# install looks for wolfssl-master +cd /mnt/c/workspace/ +git clone https://github.com/wolfSSL/wolfssl.git wolfssl-master + +cd "$WOLFSSL_ROOT" +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +./wolfssl_component_publish.sh +``` + +Set the staging environment from PowerShell: +``` +$env:IDF_COMPONENT_REGISTRY_URL = "https://components-staging.espressif.com" +``` + +The script automates the process of populating a directory with wolfSSL source code and examples to publish. +The core command for this is: + +```bash +compote component upload --namespace wolfssl --name wolfssl +``` + +An alternative manual staging looks like this: + +``` +compote component upload --namespace gojimmypi --name wolfssl +``` + +The output can be found in the `dist` directory, for example a file called `wolfssl_5.6.0-stable.tgz` and +directory of the contents: + +```text +wolfssl_5.6.0-stable +wolfssl_5.6.0-stable.tgz +``` + +Consider disconnecting local network to go through the whole process without actually +uploading. There's a `dryrun` capability not yet implemented in script. + +Examples are copied into the local [./examples/](./examples/README.md) directory. + +Each example project needs to have a `main/idf_component.yml` file, +as well as a file called `init_demo.sh`. + +The example project `idf_component.yml` file should be edited as needed. Typical contents: + +``` +## IDF Component Manager Manifest File +dependencies: + wolfssl/wolfssl: "^5.6.0-stable" + ## Required IDF version + idf: + version: ">=4.1.0" +``` + +## Staging + +There's a staging site at https://components-staging.espressif.com/ for testing deployments. + +To use this, set the `IDF_COMPONENT_REGISTRY_URL` environment variable: + +``` +export IDF_COMPONENT_REGISTRY_URL=https://components-staging.espressif.com/ +``` + +This setting is needed for _both_ deployment and client testing of staging-site components. + +The default when not set is the production site at https://components.espressif.com + +## License File + +License field is added to the manifest: See [docs](https://docs.espressif.com/projects/idf-component-manager/en/latest/reference/manifest_file.html#manifest-file-idf-component-yml-format-reference). +The [spdx format license text](https://spdx.org/licenses/) is used. + +## ESP Component Examples + +Note that when the ESP Component manager installs wolfSSL, then the source code for wolfSSL +will be *in the local component directory*. Normally there's only a cmake file that points +to where the wolfSSL library is located. + +Managed components are distinguished by the `idf_component.yml` file in the `projectname/main` directory. + +The wolfSSL component must be either managed or non-managed. Not both. + +``` +idf.py create-project-from-example "gojimmypi/mywolfssl^5.6.3-f9082c5.5:wolfssl_benchmark" +cd wolfssl_benchmark +idf.py -b 115200 flash monitor +``` + +## Coponent Configuration + +Examples such as the wolfssl_server and wolfssl_client need specific parameters set, in particular +the target server IP address, SSID, and SSID password. The `idf.py menuconfig` command is needed. +Set values in `Example Configuration` and `Example Connection Configuration`: + +```bash +idf.py menuconfig +``` + +## Non-ESP Component Example + +For a wolfSSL getting started example, see the basic [wolfSSL Template Project](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template) +and the [other examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples). + +Non-managed components are distinguished by having no `idf_component.yml` file in the `projectname/main` directory. +Instead there's a `components/wolfssl/CMakeLists.txt` file. + +The wolfSSL component must be either managed or non-managed. Not both. + +## Test build of examples + +Set `WOLFSSL_ROOT` to the location of the to-be-published wolfSSL directory: + +```bash +export WOLFSSL_ROOT=/mnt/c/workspace/wolfssl-gojimmypi-PR/IDE/Espressif/component-manager/ +cd "$WOLFSSL_ROOT" +``` + +The component files in [./lib/components/wolfssl](./lib/components/wolfssl/README.md) will +be copied to each respective example project to confirm they will build. + +There's a [wolfssl_build_example.sh](./wolfssl_build_example.sh) script the will temporarily remove +the project `./main/idf_component.yml` component file to ensure the currently-published ESP Registry code +is not used during the build test. That script is called for each of the [component manager examples](./examples/README.md). + +The source code for the local examples to be published is copied from [Espressif/ESP-IDF/examples](../ESP-IDF/examples/README.md). + + +## Common Problems + + +When there's both `idf_component.yml` file in the `projectname/main` and a +`components/wolfssl/CMakeLists.txt` file, an error such as this will occur: + +``` +CMake Error at /mnt/c/SysGCC/esp32/esp-idf/v5.1/tools/cmake/component.cmake:250 (message): + ERROR: Cannot process component requirements. Multiple candidates to + satisfy project requirements: + + requirement: "wolfssl" candidates: "wolfssl, wolfssl__wolfssl" +``` + +To resolve, either: + +* Remove the `idf_component.yml` file and remove wolfssl directory from `projectname/managed__components` +* Remove the wolfssl directory from `projectname/components` + +### Cannot program, _The chip needs to be in download mode_: + +``` +Serial port /dev/ttyS9 +Connecting...................................... + +A fatal error occurred: Failed to connect to ESP32: Wrong boot mode detected (0x13)! The chip needs to be in download mode. +For troubleshooting steps visit: https://docs.espressif.com/projects/esptool/en/latest/troubleshooting.html +CMake Error at run_serial_tool.cmake:66 (message): + + /home/gojimmypi/.espressif/python_env/idf5.1_py3.10_env/bin/python;;/mnt/c/SysGCC/esp32/esp-idf/v5.1/components/esptool_py/esptool/esptool.py;--chip;esp32 + failed. + + + +FAILED: CMakeFiles/flash +``` + +While holding the `boot` button down, tap the `en` button, then release the `boot` button. Try again. + +If that didn't work, try the same sequence _after_ you've press `enter` for the `idf.py flash` command +while the `esptool.py` is attempting the upload. + +If _that_ didn't work, try the same sequence but press `boot` _before_ you've pressed `enter` +for the `idf.py flash` command, and press & release `en` _after_ you've pressed `enter` +while attempting the upload. + +If _still_ reading as none of _those_ options worked, try first erasing the flash: + +``` +idf.py erase-flash -p /dev/ttyS9 -b 115200 +``` + +For a robust programing experience that does not depend on bootloader mode, consider a JTAG +programmer such as the [Tigard](https://github.com/tigard-tools/tigard). + +## Cannot find source + +```text +Executing action: create-project-from-example +ERROR: Version of the component "gojimmypi/mywolfssl" satisfying the spec "^5.6.3-f9082c5.7" was not found. +``` + +Check the `IDF_COMPONENT_REGISTRY_URL` setting. Blank defaults to production. See above for staging. + +See also [Espressif ESP32 Troubleshooting](https://docs.espressif.com/projects/esptool/en/latest/esp32/troubleshooting.html) diff --git a/IDE/Espressif/component-manager/LICENSE.txt b/IDE/Espressif/component-manager/LICENSE.txt new file mode 100644 index 00000000000..8d594381a98 --- /dev/null +++ b/IDE/Espressif/component-manager/LICENSE.txt @@ -0,0 +1,354 @@ + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use +under the GPLv2 (or at your option any later version) or a standard commercial +license. For our users who cannot use wolfSSL under GPLv2 +(or any later version), a commercial license to wolfSSL and wolfCrypt is +available. + +Please contact wolfSSL Inc. directly at: + +Email: licensing@wolfssl.com +Phone: +1 425 245-8247 + +More information can be found on the wolfSSL website at www.wolfssl.com. + + + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. \ No newline at end of file diff --git a/IDE/Espressif/component-manager/NEW_README.md b/IDE/Espressif/component-manager/NEW_README.md new file mode 100644 index 00000000000..420924006b5 --- /dev/null +++ b/IDE/Espressif/component-manager/NEW_README.md @@ -0,0 +1,360 @@ +This is a staging experimental version! + +When testing staging components, be sure to set `IDF_COMPONENT_REGISTRY_URL`: + +``` +export IDF_COMPONENT_REGISTRY_URL=https://components-staging.espressif.com +``` + +Set the value when not testing: + +``` +export IDF_COMPONENT_REGISTRY_URL=https://components.espressif.com +``` +This is the Espressif Component Version of wolfSSL v5.6.3-Staging01-237d10a.3, Staging Release #11 (version ^5.6.3-Staging01-237d10a.3) +When testing staging components: + +``` +export IDF_COMPONENT_REGISTRY_URL=https://components-staging.espressif.com +``` + +For questions or beta test of this library, please send a message to support@wolfssl.com + +For details on how wolfSSL is published to the ESP Component Registry, see the +[INSTALL.md](https://github.com/wolfssl/wolfssl/tree/master/IDE/Espressif/component-manager/INSTALL.md) file. + +See the [wolfSSL Manual](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html). + +The [wolfSSL embedded TLS library](https://www.wolfssl.com/products/wolfssl/) is a lightweight, portable, +C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, +speed, and feature set. It works seamlessly in desktop, enterprise, and cloud environments as well. +wolfSSL supports industry standards up to the current [TLS 1.3](https://www.wolfssl.com/tls13) and DTLS 1.3, +is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, +OCSP and CRL support, is backed by the robust [wolfCrypt cryptography library](https://github.com/wolfssl/wolfssl/tree/master/wolfcrypt), +and much more. + +The CMVP has issued FIPS 140-2 Certificates #3389 and #2425 for the wolfCrypt Module developed by wolfSSL Inc. +For more information, see our [FIPS FAQ](https://www.wolfssl.com/license/fips/) or contact fips@wolfssl.com. + +# Getting Started + +Check out the Examples on the right pane of the [wolfssl component page](https://components.espressif.com/components/wolfssl/wolfssl/). + +Typically you need only 4 lines to run an example from scratch in the EDP-IDF environment: + +``` +. ~/esp/esp-idf/export.sh +idf.py create-project-from-example "wolfssl/wolfssl^5.6.0-stable:wolfssl_benchmark" +cd wolfssl_benchmark +idf.py -b 115200 flash monitor +``` + +or for VisualGDB: + +``` +. /mnt/c/SysGCC/esp32/esp-idf/v5.0/export.sh +``` + + +### Espressif Component Notes + +Here are some ESP Registry-specific details of the wolfssl component. + +#### Component Name + +The naming convention of the build-system name of a dependency installed by the component manager +is always `namespace__component`. The namespace for wolfSSL is `wolfssl`. The build-system name +is thus `wolfssl__wolfssl`. We'll soon be publishing `wolfssl__wolfssh`, `wolfssl__wolfmqtt` and more. + +A project `cmakelists.txt` doesn't need to mention it at all when using wolfSSL as a managed component. + + +#### Component Manager + +To check which version of the [Component Manager](https://docs.espressif.com/projects/idf-component-manager/en/latest/getting_started/index.html#checking-the-idf-component-manager-version) +is currently available, use the command: + +``` +python -m idf_component_manager -h +``` + +The Component Manager should have been installed during the [installation of the ESP-IDF](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/#installation). +If your version of ESP-IDF doesn't come with the IDF Component Manager, +you can [install it](https://docs.espressif.com/projects/idf-component-manager/en/latest/guides/updating_component_manager.html#installing-and-updating-the-idf-component-manager): + +``` +python -m pip install --upgrade idf-component-manager +``` + +For further details on the Espressif Component Manager, see the [idf-component-manager repo](https://github.com/espressif/idf-component-manager/). + +#### Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at +[support@wolfssl.com](mailto:support@wolfssl.com?subject=Espressif%20Component%20Question) or +[open an issue on GitHub](https://github.com/wolfSSL/wolfssl/issues/new/choose). + +# Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use +under the GPLv2 (or at your option any later version) or a standard commercial +license. For our users who cannot use wolfSSL under GPLv2 +(or any later version), a commercial license to wolfSSL and wolfCrypt is +available. + +See the [LICENSE.txt](./LICENSE.txt), visit [wolfssl.com/license](https://www.wolfssl.com/license/), +contact us at [licensing@wolfssl.com](mailto:licensing@wolfssl.com?subject=Espressif%20Component%20License%20Question) +or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](https://www.wolfssl.com/products/support-and-maintenance/) + +# wolfSSL Embedded SSL/TLS Library + +The [wolfSSL embedded SSL library](https://www.wolfssl.com/products/wolfssl/) +(formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and +targeted for embedded, RTOS, and resource-constrained environments - primarily +because of its small size, speed, and feature set. It is commonly used in +standard operating environments as well because of its royalty-free pricing +and excellent cross platform support. wolfSSL supports industry standards up +to the current [TLS 1.3](https://www.wolfssl.com/tls13) and DTLS 1.2, is up to +20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, +Curve25519, Blake2b and Post-Quantum TLS 1.3 groups. User benchmarking and +feedback reports dramatically better performance when using wolfSSL over +OpenSSL. + +wolfSSL is powered by the wolfCrypt cryptography library. Two versions of +wolfCrypt have been FIPS 140-2 validated (Certificate #2425 and +certificate #3389). FIPS 140-3 validation is in progress. For additional +information, visit the [wolfCrypt FIPS FAQ](https://www.wolfssl.com/license/fips/) +or contact fips@wolfssl.com. + +## Why Choose wolfSSL? + +There are many reasons to choose wolfSSL as your embedded, desktop, mobile, or +enterprise SSL/TLS solution. Some of the top reasons include size (typical +footprint sizes range from 20-100 kB), support for the newest standards +(SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3, DTLS 1.0, and DTLS 1.2), current +and progressive cipher support (including stream ciphers), multi-platform, +royalty free, and an OpenSSL compatibility API to ease porting into existing +applications which have previously used the OpenSSL package. For a complete +feature list, see [Chapter 4](https://www.wolfssl.com/docs/wolfssl-manual/ch4/) +of the wolfSSL manual. + +## Notes, Please Read + +### Note 1 +wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no longer +supports static key cipher suites with PSK, RSA, or ECDH. This means if you +plan to use TLS cipher suites you must enable DH (DH is on by default), or +enable ECC (ECC is on by default), or you must enable static key cipher suites +with one or more of the following defines: + +``` +WOLFSSL_STATIC_DH +WOLFSSL_STATIC_RSA +WOLFSSL_STATIC_PSK +``` +Though static key cipher suites are deprecated and will be removed from future +versions of TLS. They also lower your security by removing PFS. + +When compiling `ssl.c`, wolfSSL will now issue a compiler error if no cipher +suites are available. You can remove this error by defining +`WOLFSSL_ALLOW_NO_SUITES` in the event that you desire that, i.e., you're +not using TLS cipher suites. + +### Note 2 +wolfSSL takes a different approach to certificate verification than OpenSSL +does. The default policy for the client is to verify the server, this means +that if you don't load CAs to verify the server you'll get a connect error, +no signer error to confirm failure (-188). + +If you want to mimic OpenSSL behavior of having `SSL_connect` succeed even if +verifying the server fails and reducing security you can do this by calling: + +```c +wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); +``` + +before calling `wolfSSL_new();`. Though it's not recommended. + +### Note 3 +The enum values SHA, SHA256, SHA384, SHA512 are no longer available when +wolfSSL is built with `--enable-opensslextra` (`OPENSSL_EXTRA`) or with the +macro `NO_OLD_SHA_NAMES`. These names get mapped to the OpenSSL API for a +single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` and +`WC_SHA512` should be used for the enum name. + + +# wolfSSL Release 5.6.3 (Jun 20, 2023) + +Release 5.6.3 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. + +Release 5.6.3 of wolfSSL embedded TLS has 4 bug fixes: + +* Fix for setting the atomic macro options introduced in release 5.6.2. This issue affects GNU gcc autoconf builds. The fix resolves a potential mismatch of the generated macros defined in options.h file and the macros used when the wolfSSL library is compiled. In version 5.6.2 this mismatch could result in unstable runtime behavior. +* Fix for invalid suffix error with Windows build using the macro GCM_TABLE_4BIT. +* Improvements to Encrypted Memory support (WC_PROTECT_ENCRYPTED_MEM) implementations for modular exponentiation in SP math-all (sp_int.c) and TFM (tfm.c). +* Improvements to SendAlert for getting output buffer. + + +# wolfSSL Release 5.6.2 (Jun 09, 2023) + +Release 5.6.2 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. +https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance + +NOTE: * --enable-heapmath is being deprecated and will be removed by 2024 + +Release 5.6.2 of wolfSSL embedded TLS has bug fixes and new features including: + +## Vulnerabilities +* [Low] In cases where a malicious agent could analyze cache timing at a very detailed level, information about the AES key used could be leaked during T/S Box lookups. One such case was shown on RISC-V hardware using the MicroWalk tool (https://github.com/microwalk-project/Microwalk). A hardened version of T/S Box lookups was added in wolfSSL to help mitigate this potential attack and is now on by default with RISC-V builds and can be enabled on other builds if desired by compiling wolfSSL with the macro WOLFSSL_AES_TOUCH_LINES. Thanks to Jan Wichelmann, Christopher Peredy, Florian Sieck, Anna Pätschke, Thomas Eisenbarth (University of Lübeck): MAMBO-V: Dynamic Side-Channel Leakage Analysis on RISC-V. Fixed in the following GitHub pull request https://github.com/wolfSSL/wolfssl/pull/6309 +* [High] In previous versions of wolfSSL if a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing surreptitious access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. We recommend that TLS 1.3 client side users update the version of wolfSSL used. Thanks to Johannes from Sectra Communications and Linköping University for the report. Fixed in the following GitHub pull request https://github.com/wolfSSL/wolfssl/pull/6412 + +## New Feature Additions + +### New Ports and Expansions +* Add support for STM32H5 +* Add support for Renesas TSIP v1.17 +* Add Renesas SCE RSA crypto-only support +* STARCORE DSP port and example builds added +* Add the function wc_PKCS7_SetDefaultSignedAttribs for setting PKCS7 signed attributes to use with PKCS7 bundle creation +* NXP IMX6Q CAAM port with QNX and performance optimizations for AES-CTR + +### New Build Options +* ASN.1 print utility to decode ASN.1 syntax and print out human readable text --enable-asn-print. Utility app is located in the directory ./examples/asn1/ +* Add introspection for math build, wc_GetMathInfo() to get information about the math library compiled into the linked wolfSSL library +* Implement TLS recommendations from RFC 9325 for hardening TLS/DTLS security. Enabled with the autoconf flag --enable-harden-tls. +* Add option to support disabling thread local storage, --disable-threadlocal +* Added wc_DsaSign_ex() and wc_DsaVerify_ex() for handling alternative digest algorithms with DSA Sign/Verify +* Implement atomic operations interface. Macros auto-detect if atomic operations are expected to be available, can be turned off with the macro WOLFSSL_NO_ATOMICS +* Added support for DTLS 1.3 Authentication and Integrity-Only Cipher Suites +* Expand crypto callback to have a device ID find callback function with wc_CryptoCb_SetDeviceFindCb. Enabled with the macro WOLF_CRYPTO_CB_FIND + +## Enhancements and Optimizations + +### Optimizations +* Increased performance with ChaCha20 C implementation and general XOR operations +* Added integer type to the ASN.1 sequencing with ASN.1 Integer sequence +* With wolfSSL_get_x509_next_altname reset alt name list to head once cycled through if compiling with the macro WOLFSSL_MULTICIRCULATE_ALTNAMELIST +* Additional key validity sanity checks on input to wolfSSL_EC_KEY_set_private_key +* adds support for TLSv1.3 stateful session tickets when using SSL_OP_NO_TICKET + +### Memory Optimizations +* Improvements to stack usage and management with SP int math library +* Optimization to TLS 1.3 server to remove caching messages for Ed25519/Ed448 +* Added a HAVE_CURL macro build for building a subset of the wolfSSL library when linking with cURL +* Memory usage improvement with reducing the size of alignment needed with AES +* Reduce run time memory used with ECC operations and ALT_ECC_SIZE +* Fixes and improvements for building edge cases such as crypto callback without hash-drbg with low footprint options +* Support HAVE_SESSION_TICKET build option without depending on realloc + +### Documentation +* Instructions for GPDMA on STM32 configuration added +* Add in instructions for compiling with zephyr on STM32 +* Documentation fixup for wolfSSL_get_chain_cert() +* Fix the file pointed to in the TI RTOS documentation that we maintain +* Documentation for wolfSSL_CertManagerFreeCRL +* Updates made to AES and Chacha documentation +* Update Japanese comments for Ed25519, AES, and other miscellaneous items + +### Tests +* Add in an option for easily testing malloc failures when building with WOLFSSL_MEM_FAIL_COUNT macro +* Updated in process for using Expect vs Assert to facilitate more malloc failure tests +* Enhance wolfCrypt test for builds that do not have ECC SECP curves enabled +* ESP32 platform-specific VisualGDB test & benchmark projects +* Update to dependencies in docker container file used for tests +* Fix up for base 10 output with bundled benchmark application + +### Port Updates +* Zephyr port update, compile time warning fixes, misc. fixes when used with TLS and update of includes +* Update RIOT-OS to not compile out use of writev by default +* Update Micrium port to enable use of STM32_RNG +* Micrium updates for XMEMOVE and XSTRTOK use +* Various Espressif HW crypto, SHA2, AES, MP updates +* Added in ASIO build option with CMake builds + +### General Enhancements +* Global codebase cleanup for C89 compliance and wolfCrypt -Wconversion hygiene +* PKCS#11 enhancement adding a callback for RSA key size when using a hardware key, by default 2048 bit key is used +* Allow for unknown OIDs in extensions in wolfSSL_X509_set_ext() +* Allow user to override XSTAT by defining the macro XSTAT when compiling +* Support UPN and SID with x509 certificate extensions and custom OID build +* Write next IV in wolfSSL_DES_ede3_cbc_encrypt for better handling of inline encryption +* Adding NO_ASN_TIME_CHECK build option for compiling out certificate before/after checks +* Improve different peer recvfrom handling and error reporting with ipv4 vs ipv6 + +## Fixes +* Fix for STM32 ECC sign and verify out of bounds buffer write when the hash length passed in is larger than the key size. Thanks to Maximilian for the report. +* Fix to skip Async_DevCtxInit when using init rsa/ecc label/id api's +* Revert WOLFSSL_NO_ASN_STRICT macro guard around alternate names directory list +* In async mode, don't retry decrypting if a valid error is encountered on a packet parse attempt +* Add additional sanity check on PKCS7 index value in wc_PKCS7_DecryptKekri +* Fix for padding when using an AuthEnvelope PKCS7 type with GCM/CCM stream ciphers +* Fix siphash assembly so that no register is left behind +* Fix to not send a TLS 1.3 session ID resume response when resuming and downgrading to a protocol less than TLS 1.3 +* Fix overwriting serialNumber by favouriteDrink when generating a certificate using Cert struct +* Fix for the default realloc used with EspressIf builds +* Track SetDigest usage to avoid invalid free under error conditions +* DTLS v1.3 fix for epoch 0 check on plaintext message +* Fix for session ticket memory leak in wolfSSL_Cleanup +* Fixes for propagating SendAlert errors when the peer disconnects +* Replace XMEMCPY with XMEMMOVE to fix valgrind-3.15.0 reports "Source and destination overlap in memcpy" when using --enable-aesgcm-stream +* Fix for potential out-of-bounds write edge case in fp_mod_2d with --enable-fastmath math library +* Fix getting ECC key size in stm32_ecc_sign_hash_ex +* Fix for case where wc_PeekErrorNodeLineData was not unlocking error queue on error +* Fix for async ECC shared secret state +* Fix for better error checking with sp_gcd with SP int math library +* Fix memory leak in TLSX_KeyShare_Setup when handling an error case +* Fix for double free edge case in InitOCSPRequest when handling a memory allocation failure +* X509 NAME Entry fix for leaking memory on error case +* Fix wolfssl_asn1_time_to_tm setting unexpected fields in tm struct +* Fix for FIPS ECC integrity check with crypto callback set +* BN_to_ASN1_INTEGER fix for handling leading zero byte padding when needed +* Fix a typo in PP macro and add a ceiling to guard against implementation bugs +* DTLS 1.3 fix for using the correct label when deriving the resumption key +* OCSP fix for GetDateInfo edge case with non ASN template builds +* Allow a user set certificate callback function to override the skipAddCA flag when parsing a certificate +* SP int: sp_radix_size when radix 10 fix temp size for handling edge case +* Fixes and improvements for handling failures with memory allocations +* Fix for DecodeECC_DSA_Sig to handle r and s being initialized +* Fix for wc_ecc_is_point to ensure that the x and y are in range [0, p-1] and z is one (affine ordinates) + +### Build Fixes +* Fix for building on Windows with CMake and using USER_SETTINGS and fix for options.h creation with CMake when using USER_SETTINGS +* CMake fixes and improvements for use with mingw32 +* Fix for building with wpas and x509 small options +* Check if colrm is available for options.h creation when using autoconf +* Clean up NO_BIG_INT build, removing WOLFSSL_SP_MATH macro and heapmath compile +* Fix PKCS#7 build with NO_PKCS7_STREAM +* Fix compilation error in CC-RX and remove unnecessary public key import +* SP Build fixes for ARM assembly with ARMv6 clz and ARM thumb debug build +* For to not advertise support for RSA in TLS extensions when compiled with NO_RSA + +For additional vulnerability information visit the vulnerability page at: +https://www.wolfssl.com/docs/security-vulnerabilities/ + +See INSTALL file for build instructions. +More info can be found on-line at: https://wolfssl.com/wolfSSL/Docs.html + + +# Resources + +[wolfSSL Website](https://www.wolfssl.com/) + +[wolfSSL Wiki](https://github.com/wolfSSL/wolfssl/wiki) + +[FIPS 140-2/140-3 FAQ](https://wolfssl.com/license/fips) + +[wolfSSL Documentation](https://wolfssl.com/wolfSSL/Docs.html) + +[wolfSSL Manual](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html) + +[wolfSSL API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html) + +[wolfCrypt API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html) + +[TLS 1.3](https://www.wolfssl.com/docs/tls13/) + +[wolfSSL Vulnerabilities](https://www.wolfssl.com/docs/security-vulnerabilities/) + +[Additional wolfSSL Examples](https://github.com/wolfssl/wolfssl-examples) diff --git a/IDE/Espressif/component-manager/README.md b/IDE/Espressif/component-manager/README.md new file mode 100644 index 00000000000..420924006b5 --- /dev/null +++ b/IDE/Espressif/component-manager/README.md @@ -0,0 +1,360 @@ +This is a staging experimental version! + +When testing staging components, be sure to set `IDF_COMPONENT_REGISTRY_URL`: + +``` +export IDF_COMPONENT_REGISTRY_URL=https://components-staging.espressif.com +``` + +Set the value when not testing: + +``` +export IDF_COMPONENT_REGISTRY_URL=https://components.espressif.com +``` +This is the Espressif Component Version of wolfSSL v5.6.3-Staging01-237d10a.3, Staging Release #11 (version ^5.6.3-Staging01-237d10a.3) +When testing staging components: + +``` +export IDF_COMPONENT_REGISTRY_URL=https://components-staging.espressif.com +``` + +For questions or beta test of this library, please send a message to support@wolfssl.com + +For details on how wolfSSL is published to the ESP Component Registry, see the +[INSTALL.md](https://github.com/wolfssl/wolfssl/tree/master/IDE/Espressif/component-manager/INSTALL.md) file. + +See the [wolfSSL Manual](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html). + +The [wolfSSL embedded TLS library](https://www.wolfssl.com/products/wolfssl/) is a lightweight, portable, +C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, +speed, and feature set. It works seamlessly in desktop, enterprise, and cloud environments as well. +wolfSSL supports industry standards up to the current [TLS 1.3](https://www.wolfssl.com/tls13) and DTLS 1.3, +is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, +OCSP and CRL support, is backed by the robust [wolfCrypt cryptography library](https://github.com/wolfssl/wolfssl/tree/master/wolfcrypt), +and much more. + +The CMVP has issued FIPS 140-2 Certificates #3389 and #2425 for the wolfCrypt Module developed by wolfSSL Inc. +For more information, see our [FIPS FAQ](https://www.wolfssl.com/license/fips/) or contact fips@wolfssl.com. + +# Getting Started + +Check out the Examples on the right pane of the [wolfssl component page](https://components.espressif.com/components/wolfssl/wolfssl/). + +Typically you need only 4 lines to run an example from scratch in the EDP-IDF environment: + +``` +. ~/esp/esp-idf/export.sh +idf.py create-project-from-example "wolfssl/wolfssl^5.6.0-stable:wolfssl_benchmark" +cd wolfssl_benchmark +idf.py -b 115200 flash monitor +``` + +or for VisualGDB: + +``` +. /mnt/c/SysGCC/esp32/esp-idf/v5.0/export.sh +``` + + +### Espressif Component Notes + +Here are some ESP Registry-specific details of the wolfssl component. + +#### Component Name + +The naming convention of the build-system name of a dependency installed by the component manager +is always `namespace__component`. The namespace for wolfSSL is `wolfssl`. The build-system name +is thus `wolfssl__wolfssl`. We'll soon be publishing `wolfssl__wolfssh`, `wolfssl__wolfmqtt` and more. + +A project `cmakelists.txt` doesn't need to mention it at all when using wolfSSL as a managed component. + + +#### Component Manager + +To check which version of the [Component Manager](https://docs.espressif.com/projects/idf-component-manager/en/latest/getting_started/index.html#checking-the-idf-component-manager-version) +is currently available, use the command: + +``` +python -m idf_component_manager -h +``` + +The Component Manager should have been installed during the [installation of the ESP-IDF](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/#installation). +If your version of ESP-IDF doesn't come with the IDF Component Manager, +you can [install it](https://docs.espressif.com/projects/idf-component-manager/en/latest/guides/updating_component_manager.html#installing-and-updating-the-idf-component-manager): + +``` +python -m pip install --upgrade idf-component-manager +``` + +For further details on the Espressif Component Manager, see the [idf-component-manager repo](https://github.com/espressif/idf-component-manager/). + +#### Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at +[support@wolfssl.com](mailto:support@wolfssl.com?subject=Espressif%20Component%20Question) or +[open an issue on GitHub](https://github.com/wolfSSL/wolfssl/issues/new/choose). + +# Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use +under the GPLv2 (or at your option any later version) or a standard commercial +license. For our users who cannot use wolfSSL under GPLv2 +(or any later version), a commercial license to wolfSSL and wolfCrypt is +available. + +See the [LICENSE.txt](./LICENSE.txt), visit [wolfssl.com/license](https://www.wolfssl.com/license/), +contact us at [licensing@wolfssl.com](mailto:licensing@wolfssl.com?subject=Espressif%20Component%20License%20Question) +or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](https://www.wolfssl.com/products/support-and-maintenance/) + +# wolfSSL Embedded SSL/TLS Library + +The [wolfSSL embedded SSL library](https://www.wolfssl.com/products/wolfssl/) +(formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and +targeted for embedded, RTOS, and resource-constrained environments - primarily +because of its small size, speed, and feature set. It is commonly used in +standard operating environments as well because of its royalty-free pricing +and excellent cross platform support. wolfSSL supports industry standards up +to the current [TLS 1.3](https://www.wolfssl.com/tls13) and DTLS 1.2, is up to +20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, +Curve25519, Blake2b and Post-Quantum TLS 1.3 groups. User benchmarking and +feedback reports dramatically better performance when using wolfSSL over +OpenSSL. + +wolfSSL is powered by the wolfCrypt cryptography library. Two versions of +wolfCrypt have been FIPS 140-2 validated (Certificate #2425 and +certificate #3389). FIPS 140-3 validation is in progress. For additional +information, visit the [wolfCrypt FIPS FAQ](https://www.wolfssl.com/license/fips/) +or contact fips@wolfssl.com. + +## Why Choose wolfSSL? + +There are many reasons to choose wolfSSL as your embedded, desktop, mobile, or +enterprise SSL/TLS solution. Some of the top reasons include size (typical +footprint sizes range from 20-100 kB), support for the newest standards +(SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3, DTLS 1.0, and DTLS 1.2), current +and progressive cipher support (including stream ciphers), multi-platform, +royalty free, and an OpenSSL compatibility API to ease porting into existing +applications which have previously used the OpenSSL package. For a complete +feature list, see [Chapter 4](https://www.wolfssl.com/docs/wolfssl-manual/ch4/) +of the wolfSSL manual. + +## Notes, Please Read + +### Note 1 +wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no longer +supports static key cipher suites with PSK, RSA, or ECDH. This means if you +plan to use TLS cipher suites you must enable DH (DH is on by default), or +enable ECC (ECC is on by default), or you must enable static key cipher suites +with one or more of the following defines: + +``` +WOLFSSL_STATIC_DH +WOLFSSL_STATIC_RSA +WOLFSSL_STATIC_PSK +``` +Though static key cipher suites are deprecated and will be removed from future +versions of TLS. They also lower your security by removing PFS. + +When compiling `ssl.c`, wolfSSL will now issue a compiler error if no cipher +suites are available. You can remove this error by defining +`WOLFSSL_ALLOW_NO_SUITES` in the event that you desire that, i.e., you're +not using TLS cipher suites. + +### Note 2 +wolfSSL takes a different approach to certificate verification than OpenSSL +does. The default policy for the client is to verify the server, this means +that if you don't load CAs to verify the server you'll get a connect error, +no signer error to confirm failure (-188). + +If you want to mimic OpenSSL behavior of having `SSL_connect` succeed even if +verifying the server fails and reducing security you can do this by calling: + +```c +wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); +``` + +before calling `wolfSSL_new();`. Though it's not recommended. + +### Note 3 +The enum values SHA, SHA256, SHA384, SHA512 are no longer available when +wolfSSL is built with `--enable-opensslextra` (`OPENSSL_EXTRA`) or with the +macro `NO_OLD_SHA_NAMES`. These names get mapped to the OpenSSL API for a +single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` and +`WC_SHA512` should be used for the enum name. + + +# wolfSSL Release 5.6.3 (Jun 20, 2023) + +Release 5.6.3 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. + +Release 5.6.3 of wolfSSL embedded TLS has 4 bug fixes: + +* Fix for setting the atomic macro options introduced in release 5.6.2. This issue affects GNU gcc autoconf builds. The fix resolves a potential mismatch of the generated macros defined in options.h file and the macros used when the wolfSSL library is compiled. In version 5.6.2 this mismatch could result in unstable runtime behavior. +* Fix for invalid suffix error with Windows build using the macro GCM_TABLE_4BIT. +* Improvements to Encrypted Memory support (WC_PROTECT_ENCRYPTED_MEM) implementations for modular exponentiation in SP math-all (sp_int.c) and TFM (tfm.c). +* Improvements to SendAlert for getting output buffer. + + +# wolfSSL Release 5.6.2 (Jun 09, 2023) + +Release 5.6.2 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. +https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance + +NOTE: * --enable-heapmath is being deprecated and will be removed by 2024 + +Release 5.6.2 of wolfSSL embedded TLS has bug fixes and new features including: + +## Vulnerabilities +* [Low] In cases where a malicious agent could analyze cache timing at a very detailed level, information about the AES key used could be leaked during T/S Box lookups. One such case was shown on RISC-V hardware using the MicroWalk tool (https://github.com/microwalk-project/Microwalk). A hardened version of T/S Box lookups was added in wolfSSL to help mitigate this potential attack and is now on by default with RISC-V builds and can be enabled on other builds if desired by compiling wolfSSL with the macro WOLFSSL_AES_TOUCH_LINES. Thanks to Jan Wichelmann, Christopher Peredy, Florian Sieck, Anna Pätschke, Thomas Eisenbarth (University of Lübeck): MAMBO-V: Dynamic Side-Channel Leakage Analysis on RISC-V. Fixed in the following GitHub pull request https://github.com/wolfSSL/wolfssl/pull/6309 +* [High] In previous versions of wolfSSL if a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing surreptitious access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. We recommend that TLS 1.3 client side users update the version of wolfSSL used. Thanks to Johannes from Sectra Communications and Linköping University for the report. Fixed in the following GitHub pull request https://github.com/wolfSSL/wolfssl/pull/6412 + +## New Feature Additions + +### New Ports and Expansions +* Add support for STM32H5 +* Add support for Renesas TSIP v1.17 +* Add Renesas SCE RSA crypto-only support +* STARCORE DSP port and example builds added +* Add the function wc_PKCS7_SetDefaultSignedAttribs for setting PKCS7 signed attributes to use with PKCS7 bundle creation +* NXP IMX6Q CAAM port with QNX and performance optimizations for AES-CTR + +### New Build Options +* ASN.1 print utility to decode ASN.1 syntax and print out human readable text --enable-asn-print. Utility app is located in the directory ./examples/asn1/ +* Add introspection for math build, wc_GetMathInfo() to get information about the math library compiled into the linked wolfSSL library +* Implement TLS recommendations from RFC 9325 for hardening TLS/DTLS security. Enabled with the autoconf flag --enable-harden-tls. +* Add option to support disabling thread local storage, --disable-threadlocal +* Added wc_DsaSign_ex() and wc_DsaVerify_ex() for handling alternative digest algorithms with DSA Sign/Verify +* Implement atomic operations interface. Macros auto-detect if atomic operations are expected to be available, can be turned off with the macro WOLFSSL_NO_ATOMICS +* Added support for DTLS 1.3 Authentication and Integrity-Only Cipher Suites +* Expand crypto callback to have a device ID find callback function with wc_CryptoCb_SetDeviceFindCb. Enabled with the macro WOLF_CRYPTO_CB_FIND + +## Enhancements and Optimizations + +### Optimizations +* Increased performance with ChaCha20 C implementation and general XOR operations +* Added integer type to the ASN.1 sequencing with ASN.1 Integer sequence +* With wolfSSL_get_x509_next_altname reset alt name list to head once cycled through if compiling with the macro WOLFSSL_MULTICIRCULATE_ALTNAMELIST +* Additional key validity sanity checks on input to wolfSSL_EC_KEY_set_private_key +* adds support for TLSv1.3 stateful session tickets when using SSL_OP_NO_TICKET + +### Memory Optimizations +* Improvements to stack usage and management with SP int math library +* Optimization to TLS 1.3 server to remove caching messages for Ed25519/Ed448 +* Added a HAVE_CURL macro build for building a subset of the wolfSSL library when linking with cURL +* Memory usage improvement with reducing the size of alignment needed with AES +* Reduce run time memory used with ECC operations and ALT_ECC_SIZE +* Fixes and improvements for building edge cases such as crypto callback without hash-drbg with low footprint options +* Support HAVE_SESSION_TICKET build option without depending on realloc + +### Documentation +* Instructions for GPDMA on STM32 configuration added +* Add in instructions for compiling with zephyr on STM32 +* Documentation fixup for wolfSSL_get_chain_cert() +* Fix the file pointed to in the TI RTOS documentation that we maintain +* Documentation for wolfSSL_CertManagerFreeCRL +* Updates made to AES and Chacha documentation +* Update Japanese comments for Ed25519, AES, and other miscellaneous items + +### Tests +* Add in an option for easily testing malloc failures when building with WOLFSSL_MEM_FAIL_COUNT macro +* Updated in process for using Expect vs Assert to facilitate more malloc failure tests +* Enhance wolfCrypt test for builds that do not have ECC SECP curves enabled +* ESP32 platform-specific VisualGDB test & benchmark projects +* Update to dependencies in docker container file used for tests +* Fix up for base 10 output with bundled benchmark application + +### Port Updates +* Zephyr port update, compile time warning fixes, misc. fixes when used with TLS and update of includes +* Update RIOT-OS to not compile out use of writev by default +* Update Micrium port to enable use of STM32_RNG +* Micrium updates for XMEMOVE and XSTRTOK use +* Various Espressif HW crypto, SHA2, AES, MP updates +* Added in ASIO build option with CMake builds + +### General Enhancements +* Global codebase cleanup for C89 compliance and wolfCrypt -Wconversion hygiene +* PKCS#11 enhancement adding a callback for RSA key size when using a hardware key, by default 2048 bit key is used +* Allow for unknown OIDs in extensions in wolfSSL_X509_set_ext() +* Allow user to override XSTAT by defining the macro XSTAT when compiling +* Support UPN and SID with x509 certificate extensions and custom OID build +* Write next IV in wolfSSL_DES_ede3_cbc_encrypt for better handling of inline encryption +* Adding NO_ASN_TIME_CHECK build option for compiling out certificate before/after checks +* Improve different peer recvfrom handling and error reporting with ipv4 vs ipv6 + +## Fixes +* Fix for STM32 ECC sign and verify out of bounds buffer write when the hash length passed in is larger than the key size. Thanks to Maximilian for the report. +* Fix to skip Async_DevCtxInit when using init rsa/ecc label/id api's +* Revert WOLFSSL_NO_ASN_STRICT macro guard around alternate names directory list +* In async mode, don't retry decrypting if a valid error is encountered on a packet parse attempt +* Add additional sanity check on PKCS7 index value in wc_PKCS7_DecryptKekri +* Fix for padding when using an AuthEnvelope PKCS7 type with GCM/CCM stream ciphers +* Fix siphash assembly so that no register is left behind +* Fix to not send a TLS 1.3 session ID resume response when resuming and downgrading to a protocol less than TLS 1.3 +* Fix overwriting serialNumber by favouriteDrink when generating a certificate using Cert struct +* Fix for the default realloc used with EspressIf builds +* Track SetDigest usage to avoid invalid free under error conditions +* DTLS v1.3 fix for epoch 0 check on plaintext message +* Fix for session ticket memory leak in wolfSSL_Cleanup +* Fixes for propagating SendAlert errors when the peer disconnects +* Replace XMEMCPY with XMEMMOVE to fix valgrind-3.15.0 reports "Source and destination overlap in memcpy" when using --enable-aesgcm-stream +* Fix for potential out-of-bounds write edge case in fp_mod_2d with --enable-fastmath math library +* Fix getting ECC key size in stm32_ecc_sign_hash_ex +* Fix for case where wc_PeekErrorNodeLineData was not unlocking error queue on error +* Fix for async ECC shared secret state +* Fix for better error checking with sp_gcd with SP int math library +* Fix memory leak in TLSX_KeyShare_Setup when handling an error case +* Fix for double free edge case in InitOCSPRequest when handling a memory allocation failure +* X509 NAME Entry fix for leaking memory on error case +* Fix wolfssl_asn1_time_to_tm setting unexpected fields in tm struct +* Fix for FIPS ECC integrity check with crypto callback set +* BN_to_ASN1_INTEGER fix for handling leading zero byte padding when needed +* Fix a typo in PP macro and add a ceiling to guard against implementation bugs +* DTLS 1.3 fix for using the correct label when deriving the resumption key +* OCSP fix for GetDateInfo edge case with non ASN template builds +* Allow a user set certificate callback function to override the skipAddCA flag when parsing a certificate +* SP int: sp_radix_size when radix 10 fix temp size for handling edge case +* Fixes and improvements for handling failures with memory allocations +* Fix for DecodeECC_DSA_Sig to handle r and s being initialized +* Fix for wc_ecc_is_point to ensure that the x and y are in range [0, p-1] and z is one (affine ordinates) + +### Build Fixes +* Fix for building on Windows with CMake and using USER_SETTINGS and fix for options.h creation with CMake when using USER_SETTINGS +* CMake fixes and improvements for use with mingw32 +* Fix for building with wpas and x509 small options +* Check if colrm is available for options.h creation when using autoconf +* Clean up NO_BIG_INT build, removing WOLFSSL_SP_MATH macro and heapmath compile +* Fix PKCS#7 build with NO_PKCS7_STREAM +* Fix compilation error in CC-RX and remove unnecessary public key import +* SP Build fixes for ARM assembly with ARMv6 clz and ARM thumb debug build +* For to not advertise support for RSA in TLS extensions when compiled with NO_RSA + +For additional vulnerability information visit the vulnerability page at: +https://www.wolfssl.com/docs/security-vulnerabilities/ + +See INSTALL file for build instructions. +More info can be found on-line at: https://wolfssl.com/wolfSSL/Docs.html + + +# Resources + +[wolfSSL Website](https://www.wolfssl.com/) + +[wolfSSL Wiki](https://github.com/wolfSSL/wolfssl/wiki) + +[FIPS 140-2/140-3 FAQ](https://wolfssl.com/license/fips) + +[wolfSSL Documentation](https://wolfssl.com/wolfSSL/Docs.html) + +[wolfSSL Manual](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html) + +[wolfSSL API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html) + +[wolfCrypt API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html) + +[TLS 1.3](https://www.wolfssl.com/docs/tls13/) + +[wolfSSL Vulnerabilities](https://www.wolfssl.com/docs/security-vulnerabilities/) + +[Additional wolfSSL Examples](https://github.com/wolfssl/wolfssl-examples) diff --git a/IDE/Espressif/component-manager/README_DIST.md b/IDE/Espressif/component-manager/README_DIST.md new file mode 100644 index 00000000000..2c3a4adef27 --- /dev/null +++ b/IDE/Espressif/component-manager/README_DIST.md @@ -0,0 +1,61 @@ +# Espressif Component Manager + +This directory does not need to be included in any wolfSSL distributions. The files +contained herein are used only to publish wolfSSL as a managed component to the [ESP Registry](https://components.espressif.com/). + +When managing a component: + +* Do not edit files in the local `./dist/` directory. Those are file sets previously published. + +* Do not edit files in the local `./[project]/managed_components/` directory. Those are files fetched from ESP Registry. + +Be sure to edit the [idf_component.yml](./idf_component.yml) version text, _and_ the +[README_REGISTRY_PREPEND.md](./README_REGISTRY_PREPEND.md) version text. Versions must match between these files. +Values are checked at publish time. + +Search for other instances of versions in the format `^1.0.`. Visual Studio File Types: `*.*;!*/dist/*;!*/managed_components/*;!*/.git/*`. +Consider editing older examples. + +See the local [wolfssl_component_publish.sh script](./wolfssl_component_publish.sh) for the steps used to copy wolfSSL +source files locally. + +The wolfSSL [README.md](https://github.com/wolfSSL/wolfssl/blob/master/README.md) is stripped of an embedded HTML +anchor tags that do not render well. + +The local [README_REGISTRY_PREPEND.md](./README_REGISTRY_PREPEND.md) text is prepended to the +wolfSSL [README.md](https://github.com/wolfSSL/wolfssl/blob/master/README.md) before being published to the registry. + +Other README.md files for the examples are appended automatically by the ESP Registry at pubish time. +As such example REAME files must _not_ contain any relative links. + +A working Internet connection is required to build the samples. + +Any new examples should have a manifest file in the `[project]/main` directory: + +```bash +## IDF Component Manager Manifest File +dependencies: + wolfssl/wolfssl: "^5.6.0-stable" + ## Required IDF version + idf: + version: ">=4.1.0" + # # Put list of dependencies here + # # For components maintained by Espressif: + # component: "~1.0.0" + # # For 3rd party components: + # username/component: ">=1.0.0,<2.0.0" + # username2/component2: + # version: "~1.0.0" + # # For transient dependencies `public` flag can be set. + # # `public` flag doesn't have an effect dependencies of the `main` component. + # # All dependencies of `main` are public by default. + # public: true +``` + + To publish, the ESP-IDF needs to be installed. + +```bash +cd /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/component-manager +. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh + +``` diff --git a/IDE/Espressif/component-manager/README_REGISTRY_PREPEND.md b/IDE/Espressif/component-manager/README_REGISTRY_PREPEND.md new file mode 100644 index 00000000000..f1a19919ef2 --- /dev/null +++ b/IDE/Espressif/component-manager/README_REGISTRY_PREPEND.md @@ -0,0 +1,91 @@ +This is the Espressif Component Version of wolfSSL v5.6.3-Staging01-237d10a.3, Staging Release #11 (version ^5.6.3-Staging01-237d10a.3) + +For questions or beta test of this library, please send a message to support@wolfssl.com + +For details on how wolfSSL is published to the ESP Component Registry, see the +[INSTALL.md](https://github.com/wolfssl/wolfssl/tree/master/IDE/Espressif/component-manager/INSTALL.md) file. + +See the [wolfSSL Manual](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html). + +The [wolfSSL embedded TLS library](https://www.wolfssl.com/products/wolfssl/) is a lightweight, portable, +C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, +speed, and feature set. It works seamlessly in desktop, enterprise, and cloud environments as well. +wolfSSL supports industry standards up to the current [TLS 1.3](https://www.wolfssl.com/tls13) and DTLS 1.3, +is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, +OCSP and CRL support, is backed by the robust [wolfCrypt cryptography library](https://github.com/wolfssl/wolfssl/tree/master/wolfcrypt), +and much more. + +The CMVP has issued FIPS 140-2 Certificates #3389 and #2425 for the wolfCrypt Module developed by wolfSSL Inc. +For more information, see our [FIPS FAQ](https://www.wolfssl.com/license/fips/) or contact fips@wolfssl.com. + +# Getting Started + +Check out the Examples on the right pane of the [wolfssl component page](https://components.espressif.com/components/wolfssl/wolfssl/). + +Typically you need only 4 lines to run an example from scratch in the EDP-IDF environment: + +``` +. ~/esp/esp-idf/export.sh +idf.py create-project-from-example "wolfssl/wolfssl^5.6.0-stable:wolfssl_benchmark" +cd wolfssl_benchmark +idf.py -b 115200 flash monitor +``` + +or for VisualGDB: + +``` +. /mnt/c/SysGCC/esp32/esp-idf/v5.0/export.sh +``` + + +### Espressif Component Notes + +Here are some ESP Registry-specific details of the wolfssl component. + +#### Component Name + +The naming convention of the build-system name of a dependency installed by the component manager +is always `namespace__component`. The namespace for wolfSSL is `wolfssl`. The build-system name +is thus `wolfssl__wolfssl`. We'll soon be publishing `wolfssl__wolfssh`, `wolfssl__wolfmqtt` and more. + +A project `cmakelists.txt` doesn't need to mention it at all when using wolfSSL as a managed component. + + +#### Component Manager + +To check which version of the [Component Manager](https://docs.espressif.com/projects/idf-component-manager/en/latest/getting_started/index.html#checking-the-idf-component-manager-version) +is currently available, use the command: + +``` +python -m idf_component_manager -h +``` + +The Component Manager should have been installed during the [installation of the ESP-IDF](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/#installation). +If your version of ESP-IDF doesn't come with the IDF Component Manager, +you can [install it](https://docs.espressif.com/projects/idf-component-manager/en/latest/guides/updating_component_manager.html#installing-and-updating-the-idf-component-manager): + +``` +python -m pip install --upgrade idf-component-manager +``` + +For further details on the Espressif Component Manager, see the [idf-component-manager repo](https://github.com/espressif/idf-component-manager/). + +#### Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at +[support@wolfssl.com](mailto:support@wolfssl.com?subject=Espressif%20Component%20Question) or +[open an issue on GitHub](https://github.com/wolfSSL/wolfssl/issues/new/choose). + +# Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use +under the GPLv2 (or at your option any later version) or a standard commercial +license. For our users who cannot use wolfSSL under GPLv2 +(or any later version), a commercial license to wolfSSL and wolfCrypt is +available. + +See the [LICENSE.txt](./LICENSE.txt), visit [wolfssl.com/license](https://www.wolfssl.com/license/), +contact us at [licensing@wolfssl.com](mailto:licensing@wolfssl.com?subject=Espressif%20Component%20License%20Question) +or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](https://www.wolfssl.com/products/support-and-maintenance/) diff --git a/IDE/Espressif/component-manager/README_STAGING.md b/IDE/Espressif/component-manager/README_STAGING.md new file mode 100644 index 00000000000..c7b22a73221 --- /dev/null +++ b/IDE/Espressif/component-manager/README_STAGING.md @@ -0,0 +1,26 @@ +# Espressif Component Staging Notes + +Thank you Sergei for these notes: + +Recently added: You can add a license field to the manifest: +See [docs](https://docs.espressif.com/projects/idf-component-manager/en/latest/reference/manifest_file.html#manifest-file-idf-component-yml-format-reference) +The description in the docs is not fully correct, it doesn't have to be SPDX string. +The server side is not deployed yet, but it will be there in a couple of days. + +Espressif has the test registry at this URL: + +https://components-staging.espressif.com/ + +It's not well reflected in the docs, how to use it, the simplest way is to set “IDF_COMPONENT_REGISTRY_URL=https://components-staging.espressif.com/" environment variable. + +Or set it in the [config file](https://docs.espressif.com/projects/idf-component-manager/en/latest/guides/packaging_components.html#authentication-with-a-config-file) + +FAQ for the documentation portal WIP, and this topic will be covered there. It should be published this week. (8/14/2023) + +Just like on the main server, every version can be uploaded only once. +You can still delete whatever you want using `compote component delete`, but still, +you cannot re-upload with the same version number. Usually, it's not a limitation because +during development you can use pre-release versions and for fixes of the component with the +same upstream version, "revision" component can be added to the name. + +https://docs.espressif.com/projects/idf-component-manager/en/latest/reference/versioning.html#versioning-scheme diff --git a/IDE/Espressif/component-manager/README_STAGING_PREPEND.md b/IDE/Espressif/component-manager/README_STAGING_PREPEND.md new file mode 100644 index 00000000000..6fa2e682d52 --- /dev/null +++ b/IDE/Espressif/component-manager/README_STAGING_PREPEND.md @@ -0,0 +1,15 @@ + +## This is a staging experimental version! + +When testing staging components, be sure to set `IDF_COMPONENT_REGISTRY_URL`: + +``` +export IDF_COMPONENT_REGISTRY_URL=https://components-staging.espressif.com +``` + +Set the value when not testing: + +``` +export IDF_COMPONENT_REGISTRY_URL=https://components.espressif.com +``` + diff --git a/IDE/Espressif/component-manager/component_manifest.txt b/IDE/Espressif/component-manager/component_manifest.txt new file mode 100644 index 00000000000..70504e20998 --- /dev/null +++ b/IDE/Espressif/component-manager/component_manifest.txt @@ -0,0 +1,78 @@ +# component_manifest.txt +# +# wolfSSL examples included in Espressif Component Manager +# +# Edit with caution. See wolfssl_component_publish.sh +# +# Files are copied to {$WOLFSSL_ROOT}\IDE\Espressif\component-manager\examples +# before being published to the Espressif site. +# +# Copy Template project +# + +template/README.md +template/main/main.c +template/main/include/main.h +template/CMakeLists.txt +template/main/CMakeLists.txt + +# +# Copy Benchmark project +# + +wolfssl_benchmark/README.md +wolfssl_benchmark/CMakeLists.txt +wolfssl_benchmark/sdkconfig.defaults +wolfssl_benchmark/main/CMakeLists.txt +wolfssl_benchmark/main/Kconfig.projbuild +wolfssl_benchmark/main/main.c +wolfssl_benchmark/main/main.h + +# +# Copy TLS Client project +# + +wolfssl_client/README.md +wolfssl_client/CMakeLists.txt +wolfssl_client/partitions_singleapp_large.csv +wolfssl_client/sdkconfig.defaults +wolfssl_client/main/CMakeLists.txt +wolfssl_client/main/client-tls.c +wolfssl_client/main/time_helper.c +wolfssl_client/main/wifi_connect.c +wolfssl_client/main/Kconfig.projbuild +wolfssl_client/main/include/wifi_connect.h +wolfssl_client/main/include/time_helper.h + +# +# Copy TLS Server project +# + +wolfssl_server/README.md +wolfssl_server/CMakeLists.txt +wolfssl_server/partitions_singleapp_large.csv +wolfssl_server/sdkconfig.defaults +wolfssl_server/main/CMakeLists.txt +wolfssl_server/main/server-tls.c +wolfssl_server/main/time_helper.c +wolfssl_server/main/wifi_connect.c +wolfssl_client/main/Kconfig.projbuild +wolfssl_server/main/include/time_helper.h +wolfssl_server/main/include/wifi_connect.h + +# +# Copy wolfcrypt test project +# + +wolfssl_test/README.md +wolfssl_test/CMakeLists.txt +wolfssl_test/sdkconfig.defaults +wolfssl_test/partitions_singleapp_large.csv +wolfssl_test/main/CMakeLists.txt +wolfssl_test/main/Kconfig.projbuild +wolfssl_test/main/main.c +wolfssl_test/main/time_helper.c +wolfssl_test/main/time_helper.h + +# +# End of component manifest diff --git a/IDE/Espressif/component-manager/idf_component.yml b/IDE/Espressif/component-manager/idf_component.yml new file mode 100644 index 00000000000..d11f4098981 --- /dev/null +++ b/IDE/Espressif/component-manager/idf_component.yml @@ -0,0 +1,43 @@ +version: "5.6.3-Staging01-237d10a.3" +description: wolfSSL Embedded SSL/TLS Library +url: https://www.wolfssl.com +repository: https://github.com/wolfSSL/wolfssl.git +documentation: https://www.wolfssl.com/documentation/manuals/wolfssl/index.html +issues: https://github.com/wolfSSL/wolfssl/issues +discussion: https://www.wolfssl.com/forums +files: + exclude: + - '**/*' # exclude everything, so next lines are redundant / reminder only: + - 'INSTALL.md' + - '*.py' + - '**/*.list' + - '**/.vs/**/*' + - '**/build/**/*' + - '**/dist/**/*' + - '**/dist.bak/**/*' + - '**/out/**/*' + - '*.sh' + - '*.bak' + - 'sdkconfig' + - 'README_DIST.md' + - 'README_REGISTRY_PREPEND.md' + - 'README_STAGING_PREPEND.md' + - 'README_STAGING.md' + - ./src/sp_arm64.c # exclude some large source files not used in Espressif targets + - ./src/sp_armthumb.c + - ./src/sp_x86_64.c + - ./src/sp_arm32.c + - ./src/sp_c32.c + - ./src/sp_cortexm.c + include: # only explicitly include things we actually want to publish: + - './README.md' + - './LICENSE.txt' + - './idf_component.yml' + - './CMakeLists.txt' + - './Kconfig' + - './install_log.txt' + - './src/**/*' + - './include/**/*' + - './wolfssl/**/*' + - './wolfcrypt/**/*' + - './examples/**/*' diff --git a/IDE/Espressif/component-manager/include/user_settings.h b/IDE/Espressif/component-manager/include/user_settings.h new file mode 100644 index 00000000000..23167c46ea3 --- /dev/null +++ b/IDE/Espressif/component-manager/include/user_settings.h @@ -0,0 +1,287 @@ +/* user_settings.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include /* essential to chip set detection */ + +#undef WOLFSSL_ESPIDF +#undef WOLFSSL_ESPWROOM32 +#undef WOLFSSL_ESPWROOM32SE +#undef WOLFSSL_ESP32 +#undef WOLFSSL_ESP8266 + +/* The Espressif sdkconfig will have chipset info. +** +** Possible values: +** +** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 +** CONFIG_IDF_TARGET_ESP32S3 +** CONFIG_IDF_TARGET_ESP32C3 +** CONFIG_IDF_TARGET_ESP32C6 +*/ +#include "sdkconfig.h" + +#define WOLFSSL_ESPIDF + +/* + * choose ONE of these Espressif chips to define: + * + * WOLFSSL_ESP32 + * WOLFSSL_ESPWROOM32SE + * WOLFSSL_ESP8266 + */ + +#define WOLFSSL_ESP32 + +/* optionally turn off SHA512/224 SHA512/256 */ +/* #define WOLFSSL_NOSHA512_224 */ +/* #define WOLFSSL_NOSHA512_256 */ + +/* #define DEBUG_WOLFSSL_VERBOSE */ + +#define BENCH_EMBEDDED +#define USE_CERT_BUFFERS_2048 + +/* TLS 1.3 */ +#define WOLFSSL_TLS13 +#define HAVE_TLS_EXTENSIONS +#define WC_RSA_PSS +#define HAVE_HKDF +#define HAVE_AEAD +#define HAVE_SUPPORTED_CURVES + +#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + +/* when you want to use SINGLE THREAD */ +/* #define SINGLE_THREADED */ +#define NO_FILESYSTEM + +#define HAVE_AESGCM + +/* when you want to use SHA224 */ +/* #define WOLFSSL_SHA224 */ + +/* when you want to use SHA384 */ +/* #define WOLFSSL_SHA3 */ + +/* #define WOLFSSL_SHA384 */ +#define WOLFSSL_SHA512 +#define HAVE_ECC +#define HAVE_CURVE25519 +#define CURVE25519_SMALL +#define HAVE_ED25519 + +/* when you want to use pkcs7 */ +/* #define HAVE_PKCS7 */ + +#if defined(HAVE_PKCS7) + #define HAVE_AES_KEYWRAP + #define HAVE_X963_KDF + #define WOLFSSL_AES_DIRECT +#endif + +/* when you want to use aes counter mode */ +/* #define WOLFSSL_AES_DIRECT */ +/* #define WOLFSSL_AES_COUNTER */ + +/* esp32-wroom-32se specific definition */ +#if defined(WOLFSSL_ESPWROOM32SE) + #define WOLFSSL_ATECC508A + #define HAVE_PK_CALLBACKS + /* when you want to use a custom slot allocation for ATECC608A */ + /* unless your configuration is unusual, you can use default */ + /* implementation. */ + /* #define CUSTOM_SLOT_ALLOCATION */ +#endif + +/* rsa primitive specific definition */ +#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + /* Define USE_FAST_MATH and SMALL_STACK */ + #define ESP32_USE_RSA_PRIMITIVE + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #define EPS_RSA_EXPT_XBTIS 32 /* NOTE HW unreliable for small values! */ + /* X and Y of X * Y mod P greater than */ + #define ESP_RSA_MULM_BITS 9 +#endif +/* optional RSA low memory */ +/* #define RSA_LOW_MEM */ + +/* debug options */ +/* #define DEBUG_WOLFSSL */ +/* #define WOLFSSL_ESP32_CRYPT_DEBUG */ +/* #define WOLFSSL_ATECC508A_DEBUG */ + +/* date/time */ +/* if it cannot adjust time in the device, */ +/* enable macro below */ +/* #define NO_ASN_TIME */ +/* #define XTIME time */ + +/* when you want not to use HW acceleration */ +/* #define NO_ESP32WROOM32_CRYPT */ +/* #define NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH*/ +/* #define NO_WOLFSSL_ESP32WROOM32_CRYPT_AES */ +/* #define NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI */ + +/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ +#define ESP_RSA_TIMEOUT_CNT 0x249F00 + +#define HASH_SIZE_LIMIT /* for test.c */ + +/* only FAST_MATH has HW acceleration at this time */ +#define USE_FAST_MATH + +/* only valid on RISC-V chips such as ESP32-C3: */ +/* #define WOLFSSL_SP_RISCV32 */ + +/* optionally use SP_MATH */ +/* #define SP_MATH */ + +/* #define WOLFSSL_SMALL_STACK */ + +#define HAVE_VERSION_EXTENDED_INFO +#define HAVE_WC_INTROSPECTION + +/* allows for all version info, even that supporessed with intospection */ +#define ALLOW_BINARY_MISMATCH_INTROSPECTION + +#define HAVE_SESSION_TICKET + + +/* #define WOLFSSL_HAVE_SP_RSA */ + +/* #define HAVE_HASHDRBG */ + +/* Shared configuration in same directory */ +/* #include "Wolf_Features.h" */ + +/* Default is HW enabled unless turned off. +** Uncomment these lines for SW: */ +#if defined(CONFIG_IDF_TARGET_ESP32) + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ +#elif defined(CONFIG_IDF_TARGET_ESP32S2) + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#elif defined(CONFIG_IDF_TARGET_ESP32S3) + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ +#elif defined(CONFIG_IDF_TARGET_ESP32C2) + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#elif defined(CONFIG_IDF_TARGET_ESP32C6) + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#elif defined(CONFIG_IDF_TARGET_ESP32H2) + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#else + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#endif + +/* debug options */ +/* #define ESP_VERIFY_MEMBLOCK */ +#define WOLFSSL_HW_METRICS +/* #define DEBUG_WOLFSSL_VERBOSE */ +/* #define DEBUG_WOLFSSL */ +/* #define WOLFSSL_ESP32_CRYPT_DEBUG */ +#define NO_RECOVER_SOFTWARE_CALC + +/* optionally turn off individual math HW acceleration features */ + +/* Turn off Large Number Multiplication: +** [Z = X * Y] in esp_mp_mul() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + +/* Turn off Large Number Modular Exponentiation: +** [Z = X^Y mod M] in esp_mp_exptmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + +/* Turn off Large Number Modular Multiplication +** [Z = X × Y mod M] in esp_mp_mulmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + + +/* this is known to fail in TFM: */ +/* #define HONOR_MATH_USED_LENGTH */ + +/* this is known to fail in TFM */ +/* #define CHECK_MP_READ_UNSIGNED_BIN */ + +#define WOLFSSL_PUBLIC_MP /* used by benchmark */ +#define USE_CERT_BUFFERS_2048 + +/* Optionally include alternate HW test library: alt_hw_test.h */ +/* When enabling, the ./components/wolfssl/CMakeLists.txt file + * will need the name of the library in the idf_component_register + * for the PRIV_REQUIRES list. */ +/* #define INCLUDE_ALT_HW_TEST */ + +/* #define NO_HW_MATH_TEST */ + + +/* when turning on ECC508 / ECC608 support +#define WOLFSSL_ESPWROOM32SE +#define HAVE_PK_CALLBACKS +#define WOLFSSL_ATECC508A +#define ATCA_WOLFSSL +*/ + +/* USE_FAST_MATH is default */ + +/* use SP_MATH */ +/* +#undef USE_FAST_MATH +#define WOLFSSL_SP_MATH_ALL +*/ + +/* use integer heap math */ +/* +#undef USE_FAST_MATH +#define USE_INTEGER_HEAP_MATH +*/ + +/* optionally use DPORT_ACCESS_READ_BUFFER */ +/* +#define USE_ESP_DPORT_ACCESS_READ_BUFFER +*/ + diff --git a/IDE/Espressif/component-manager/lib/components/wolfssl/CMakeLists.txt b/IDE/Espressif/component-manager/lib/components/wolfssl/CMakeLists.txt new file mode 100644 index 00000000000..87ba6ff52be --- /dev/null +++ b/IDE/Espressif/component-manager/lib/components/wolfssl/CMakeLists.txt @@ -0,0 +1,517 @@ +# +# Copyright (C) 2006-2023 wolfSSL Inc. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# +# cmake for wolfssl Espressif projects +# +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html +# + +# allows /include/user_settings.h (ignores it). +# user_settings.h file to use must be in [project]/components/wolfssl/include + +cmake_minimum_required(VERSION 3.16) +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +set(CMAKE_CURRENT_SOURCE_DIR ".") +set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component +set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +set(WOLFCRYPT_PATH "wolfssl/wolfcrypt") # breadcrumb path to detect if we've found wolfssl + +# find the user name to search for possible "wolfssl-username" +if( "$ENV{USER}" STREQUAL "" ) # the bash user + if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user + message(STATUS "Could not find USER or USERNAME.") + else() + # the bash user is not blank, so we'll use it. + set(THIS_USER "$ENV{USERNAME}") + endif() +else() + # the bash user is not blank, so we'll use it. + set(THIS_USER "$ENV{USER}") +endif() +message(STATUS "THIS_USER = ${THIS_USER}") + +# COMPONENT_NAME = wolfssl +# The component name is the directory name. "No feature to change this". +# See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 + +# set the root of wolfSSL in top-level project CMakelists.txt: +# set(WOLFSSL_ROOT "C:/some path/with/spaces") +# set(WOLFSSL_ROOT "c:/workspace/wolfssl-[username]") +# set(WOLFSSL_ROOT "/mnt/c/some path/with/spaces") +# or use this logic to assign value from Environment Variable WOLFSSL_ROOT, +# or assume this is an example 7 subdirectories below: + +# We are typically in [root]/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl +# The root of wolfSSL is 7 directories up from here: + +if(CMAKE_BUILD_EARLY_EXPANSION) + message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:") + idf_component_register( + REQUIRES "${COMPONENT_REQUIRES}" + PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark + ) + +else() + # not CMAKE_BUILD_EARLY_EXPANSION + message(STATUS "************************************************************************************************") + message(STATUS "wolfssl component config:") + message(STATUS "************************************************************************************************") + + # Check to see if we're already in wolfssl, and only if WOLFSSL_ROOT not specified + if ("${WOLFSSL_ROOT}" STREQUAL "") + # wolfssl examples are 7 directories deep from wolfssl repo root + # 1 2 3 4 5 6 7 + set(THIS_RELATIVE_PATH "../../../../../../..") + get_filename_component(THIS_SEARCH_PATH "${THIS_RELATIVE_PATH}" ABSOLUTE) + message(STATUS "Searching in path = ${THIS_SEARCH_PATH}") + + if (EXISTS "${THIS_SEARCH_PATH}/${WOLFCRYPT_PATH}") + # we're already in wolfssl examples! + get_filename_component(WOLFSSL_ROOT "${THIS_SEARCH_PATH}" ABSOLUTE) + message(STATUS "Using wolfSSL example with root ${WOLFSSL_ROOT}") + else() + # We're in some other repo such as wolfssh, so we'll search for an + # adjacent-level directory for wolfssl. (8 directories up, then down one) + # + # For example wolfSSL examples: + # C:\workspace\wolfssl-gojimmypi\IDE\Espressif\ESP-IDF\examples\wolfssl_benchmark\components\wolfssl + # + # For example wolfSSH examples: + # C:\workspace\wolfssh-gojimmypi\ide\Espressif\ESP-IDF\examples\wolfssh_benchmark\components\wolfssl + # + # 1 2 3 4 5 6 7 8 + set(THIS_RELATIVE_PATH "../../../../../../../..") + get_filename_component(THIS_SEARCH_PATH "${THIS_RELATIVE_PATH}" ABSOLUTE) + message(STATUS "Searching next in path = ${THIS_SEARCH_PATH}") + endif() + endif() + + # search other possible locations + if ("${WOLFSSL_ROOT}" STREQUAL "") + # there's not a hard-coded WOLFSSL_ROOT value above, so let's see if we can find it. + if( "$ENV{WOLFSSL_ROOT}" STREQUAL "" ) + message(STATUS "Environment Variable WOLFSSL_ROOT not set. Will search common locations.") + + message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") + get_filename_component(THIS_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) + message(STATUS "THIS_DIR = ${THIS_DIR}") + + # This same makefile is used for both the wolfssl component, and other + # components that may depend on wolfssl, such as wolfssh. Therefore + # we need to determine if this makefile is in the wolfssl repo, or + # some other repo. + + if( "{THIS_USER}" STREQUAL "" ) + # This is highly unusual to not find a user name. + # In this case, we'll just search for a "wolfssl" directory: + message(STATUS "No username found!") + get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl" ABSOLUTE) + else() + # We found an environment USER name! + # The first place to look for wolfssl will be in a user-clone called "wolfssl-[username]" + message(STATUS "Using [THIS_USER = ${THIS_USER}] to see if there's a [relative path]/wolfssl-${THIS_USER} directory.") + get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl-${THIS_USER}" ABSOLUTE) + + if( EXISTS "${WOLFSSL_ROOT}/${WOLFCRYPT_PATH}" ) + message(STATUS "Found wolfssl in user-suffix ${WOLFSSL_ROOT}") + else() + # If there's not a user-clone called "wolfssl-[username]", + # perhaps there's simply a git clone called "wolfssl"? + message(STATUS "Did not find wolfssl in ${WOLFSSL_ROOT}; continuing search...") + get_filename_component(WOLFSSL_ROOT "${THIS_RELATIVE_PATH}/wolfssl" ABSOLUTE) + + if( EXISTS "${WOLFSSL_ROOT}" ) + message(STATUS "Found wolfssl in standard ${WOLFSSL_ROOT}") + else() + # Things are looking pretty bleak. We'll likely not be able to compile. + message(STATUS "Did not find wolfssl in ${WOLFSSL_ROOT}") + endif() + endif() + endif() + + else() + # there's an environment variable, so use it. + set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}") + + if( EXISTS "${WOLFSSL_ROOT}/${WOLFCRYPT_PATH}" ) + get_filename_component(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${WOLFSSL_ROOT}") + else() + # message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") + message(STATUS "$ENV{WOLFSSL_ROOT} not found or does not contain ${WOLFCRYPT_PATH}") + endif() + endif() + # end of search for wolfssl component root + else() + # There's already a value assigned; we won't search for anything else. + message(STATUS "Found user-specified WOLFSSL_ROOT value.") + endif() # WOLFSSL_ROOT user defined + + # After all the logic above, does our WOLFSSL_ROOT actually exist? + if( EXISTS "${WOLFSSL_ROOT}/${WOLFCRYPT_PATH}" ) + message(STATUS "WOLFSSL_ROOT = ${WOLFSSL_ROOT}") + else() + # Perhaps we are in wolfssl-examples, 4 directories down from parallel wolfssl? + # First, we'll see if we can find wolfssl in the wolfssl-[username] repo + # 1 2 3 4 |- parallel parent + set(NEXT_RELATIVE_PATH "../../../../../wolfssl-${THIS_USER}") + get_filename_component(THIS_SEARCH_PATH "${NEXT_RELATIVE_PATH}" ABSOLUTE) + message(STATUS "Searching for wolfssl in path: ${THIS_SEARCH_PATH}") + if(EXISTS "${THIS_SEARCH_PATH}/${WOLFCRYPT_PATH}" ) + set(WOLFSSL_ROOT "${THIS_SEARCH_PATH}") + message(STATUS "Found wolfssl in user suffix directory: ${WOLFSSL_ROOT}") + else() + # next, let's see if there's jsut a simple clone of wolfssl in the same parent directory + set(NEXT_RELATIVE_PATH "../../../../../wolfssl") + get_filename_component(THIS_SEARCH_PATH "${NEXT_RELATIVE_PATH}" ABSOLUTE) + message(STATUS "Searching wolfssl-examples for path = ${THIS_SEARCH_PATH}") + if( EXISTS "${THIS_SEARCH_PATH}/${WOLFCRYPT_PATH}" ) + set(WOLFSSL_ROOT "${THIS_SEARCH_PATH}") + message(STATUS "Found wolfssl in same parent directory: ${WOLFSSL_ROOT}") + else() + message(STATUS "unable to find wolfssl.") + message(STATUS "---- Try setting the WOLFSSL_ROOT environment variable") + message(STATUS "---- Or set WOLFSSL_ROOT in the CMakeFile.txt") + set(WOLFSSL_ROOT "../wolfssl") + # Abort. We need wolfssl _somewhere_. + message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}. Try setting environment variable or git clone.") + endif() # checking [workspace]/wolfssl + endif() # chcking [workspace]/wolfssl-[username] + endif() # alternate check if in wolfssl-examples + + + set(INCLUDE_PATH ${WOLFSSL_ROOT}) + + set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" + # "\"${WOLFSSL_ROOT}/wolfcrypt/benchmark\"" # the benchmark application + # "\"${WOLFSSL_ROOT}/wolfcrypt/test\"" # the test application + ) # COMPONENT_SRCDIRS + message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") + + set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") + + # Espressif may take several passes through this makefile. Check to see if we found IDF + string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) + + # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa + file(GLOB EXCLUDE_ASM *.S) + file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") + + message(STATUS "IDF_PATH = $ENV{IDF_PATH}") + message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}") + message(STATUS "EXCLUDE_ASM = ${EXCLUDE_ASM}") + + # + # Check to see if there's both a local copy and EDP-IDF copy of the wolfssl and/or wolfssh components. + # + if( EXISTS "${WOLFSSL_PROJECT_DIR}" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" ) + # + # wolfSSL found in both ESP-IDF and local project - needs to be resolved by user + # + message(STATUS "") + message(STATUS "**************************************************************************************") + message(STATUS "") + message(STATUS "Error: Found components/wolfssl in both local project and IDF_PATH") + message(STATUS "") + message(STATUS "To proceed: ") + message(STATUS "") + message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ") + message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ") + message(STATUS "") + message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") + message(STATUS "") + message(STATUS "**************************************************************************************") + message(STATUS "") + + # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") + + else() + if( EXISTS "$ENV{IDF_PATH}/components/wolfssl/" ) + # + # wolfSSL found in ESP-IDF components and is assumed to be already configured in user_settings.h via setup. + # + message(STATUS "") + message(STATUS "Using components/wolfssl in IDF_PATH = $ENV{IDF_PATH}") + message(STATUS "") + else() + # + # wolfSSL is not an ESP-IDF component. + # We need to now determine if it is local and if so if it is part of the wolfSSL repo, + # or if wolfSSL is simply installed as a local component. + # + + if( EXISTS "${WOLFSSL_PROJECT_DIR}" ) + # + # wolfSSL found in local project. + # + if( EXISTS "${WOLFSSL_PROJECT_DIR}/wolfcrypt/" ) + message(STATUS "") + message(STATUS "Using installed project ./components/wolfssl in CMAKE_HOME_DIRECTORY = ${CMAKE_HOME_DIRECTORY}") + message(STATUS "") + # + # Note we already checked above and confirmed there's not another wolfSSL installed in the ESP-IDF components. + # + # We won't do anything else here, as it will be assumed the original install completed successfully. + # + else() # full wolfSSL not installed in local project + # + # This is the developer repo mode. wolfSSL will be assumed to be not installed to ESP-IDF nor local project + # In this configuration, we are likely running a wolfSSL example found directly in the repo. + # + message(STATUS "") + message(STATUS "Using developer repo ./components/wolfssl in CMAKE_HOME_DIRECTORY = ${CMAKE_HOME_DIRECTORY}") + message(STATUS "") + + message(STATUS "************************************************************************************************") + # When in developer mode, we are typically running wolfSSL examples such as benchmark or test directories. + # However, the as-cloned or distributed wolfSSL does not have the ./include/ directory, so we'll add it as needed. + # + # first check if there's a [root]/include/user_settings.h + if( EXISTS "${WOLFSSL_ROOT}/include/user_settings.h" ) + message(STATUS "Found wolfSSL EXCLUDED user_settings.h in " + "${WOLFSSL_ROOT}/include/user_settings.h " + " (using ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )") + else() + # we won't overwrite an existing user settings file, just note that we already have one: + if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" ) + message(STATUS "Using existing wolfSSL user_settings.h in " + "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + else() + message(STATUS "Installing wolfSSL user_settings.h to " + "${WOLFSSL_PROJECT_DIR}/include/user_settings.h") + file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/user_settings.h" + DESTINATION "${CMAKE_HOME_DIRECTORY}/wolfssl/include/") + endif() + endif() # user_settings.h + + # next check if there's a [root]/include/config.h + if( EXISTS "${WOLFSSL_ROOT}/include/config.h" ) + # message(FATAL_ERROR "Found stray wolfSSL config.h in ${WOLFSSL_ROOT}/include/config.h (please move it to ${WOLFSSL_PROJECT_DIR}/include/config.h") + else() + # we won't overwrite an existing user settings file, just note that we already have one: + if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/config.h" ) + message(STATUS "Using existing wolfSSL config.h ${WOLFSSL_PROJECT_DIR}/include/config.h") + else() + message(STATUS "Installing wolfSSL config.h to ${WOLFSSL_PROJECT_DIR}/include/config.h") + file(COPY "${WOLFSSL_ROOT}/IDE/Espressif/ESP-IDF/dummy_config_h" DESTINATION "${WOLFSSL_PROJECT_DIR}/include/") + file(RENAME "${WOLFSSL_PROJECT_DIR}/include/dummy_config_h" "${WOLFSSL_PROJECT_DIR}/include/config.h") + endif() # Project config.h + endif() # WOLFSSL_ROOT config.h + message(STATUS "************************************************************************************************") + message(STATUS "") + endif() + + else() + # we did not find a ./components/wolfssl/include/ directory from this pass of cmake. + if($WOLFSSL_FOUND_IDF) + message(STATUS "") + message(STATUS "WARNING: wolfSSL not found.") + message(STATUS "") + else() + # probably needs to be re-parsed by Espressif + message(STATUS "wolfSSL found IDF. Project Source:${PROJECT_SOURCE_DIR}") + endif() # else we have not found ESP-IDF yet + endif() # else not a local wolfSSL component + + endif() #else not an ESP-IDF component + endif() # else not local copy and EDP-IDF wolfSSL + + + # RTOS_IDF_PATH is typically: + # "/Users/{username}/Desktop/esp-idf/components/freertos/include/freertos" + # depending on the environment, we may need to swap backslashes with forward slashes + string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos") + + string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + + if(IS_DIRECTORY "${RTOS_IDF_PATH}") + message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}") + else() + # ESP-IDF prior version 4.4x has a different RTOS directory structure + string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/include/freertos") + if(IS_DIRECTORY "${RTOS_IDF_PATH}") + message(STATUS "Found legacy RTOS path: ${RTOS_IDF_PATH}") + else() + message(STATUS "Could not find RTOS path") + endif() + endif() + + + set(COMPONENT_ADD_INCLUDEDIRS + "./include" # this is the location of wolfssl user_settings.h + "\"${WOLFSSL_ROOT}/\"" + "\"${WOLFSSL_ROOT}/wolfssl/\"" + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" + "\"${RTOS_IDF_PATH}/\"" + ) + + + if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib) + list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib") + endif() + + list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/\"") + list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"") + + + + set(COMPONENT_SRCEXCLUDE + "\"${WOLFSSL_ROOT}/include/user_settings.h\"" # use local file only + "\"${WOLFSSL_ROOT}/src/bio.c\"" + "\"${WOLFSSL_ROOT}/src/conf.c\"" + "\"${WOLFSSL_ROOT}/src/misc.c\"" + "\"${WOLFSSL_ROOT}/src/pk.c\"" + "\"${WOLFSSL_ROOT}/src/ssl_asn1.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_bn.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c + "\"${WOLFSSL_ROOT}/src/x509.c\"" + "\"${WOLFSSL_ROOT}/src/x509_str.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" + "\"${EXCLUDE_ASM}\"" + ) + + spaces2list(COMPONENT_REQUIRES) + + separate_arguments(COMPONENT_SRCDIRS NATIVE_COMMAND "${COMPONENT_SRCDIRS}") + separate_arguments(COMPONENT_SRCEXCLUDE NATIVE_COMMAND "${COMPONENT_SRCEXCLUDE}") + separate_arguments(COMPONENT_ADD_INCLUDEDIRS NATIVE_COMMAND "${COMPONENT_ADD_INCLUDEDIRS}") + + # + # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#example-component-requirements + # + message(STATUS "COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") + message(STATUS "COMPONENT_ADD_INCLUDEDIRS = ${COMPONENT_ADD_INCLUDEDIRS}") + message(STATUS "COMPONENT_REQUIRES = ${COMPONENT_REQUIRES}") + message(STATUS "COMPONENT_SRCEXCLUDE = ${COMPONENT_SRCEXCLUDE}") + + # + # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path + # + set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}") + idf_component_register( + SRC_DIRS "${COMPONENT_SRCDIRS}" + INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" + REQUIRES "${COMPONENT_REQUIRES}" + EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" + PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark + ) + # some optional diagnostics + if (1) + get_cmake_property(_variableNames VARIABLES) + list (SORT _variableNames) + message(STATUS "") + message(STATUS "ALL VARIABLES BEGIN") + message(STATUS "") + foreach (_variableName ${_variableNames}) + message(STATUS "${_variableName}=${${_variableName}}") + endforeach() + message(STATUS "") + message(STATUS "ALL VARIABLES END") + message(STATUS "") + endif() + + # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") +endif() # CMAKE_BUILD_EARLY_EXPANSION + + + +# check to see if there's both a local copy and EDP-IDF copy of the wolfssl components +if( EXISTS "${WOLFSSL_PROJECT_DIR}" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" ) + message(STATUS "") + message(STATUS "") + message(STATUS "********************************************************************") + message(STATUS "WARNING: Found components/wolfssl in both local project and IDF_PATH") + message(STATUS "********************************************************************") + message(STATUS "") +endif() +# end multiple component check + + +# +# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT) +# +# Save the THIS_VAR as a string in a macro called VAR_OUPUT +# +# VAR_OUPUT: the name of the macro to define +# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process() +# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful. +# +function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT ) + # is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true. + string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE) + + # if we had a successful operation, save the THIS_VAR in VAR_OUPUT + if(${IS_VALID_VALUE}) + # strip newline chars in THIS_VAR parameter and save in VAR_VALUE + string(REPLACE "\n" "" VAR_VALUE ${THIS_VAR}) + + # we'll could percolate the value to the parent for possible later use + # set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE) + + # but we're only using it here in this function + set(${VAR_OUPUT} ${VAR_VALUE}) + + # we'll print what we found to the console + message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}") + + # the interesting part is defining the VAR_OUPUT name a value to use in the app + add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\") + else() + # if we get here, check the execute_process command and parameters. + message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT") + set(${VAR_OUPUT} "Unknown") + endif() +endfunction() # LIBWOLFSSL_SAVE_INFO + +# create some programmatic #define values that will be used by ShowExtendedSystemInfo(). +# see wolfcrypt\src\port\Espressif\esp32_utl.c +if(NOT CMAKE_BUILD_EARLY_EXPANSION) + set (git_cmd "git") + message(STATUS "Adding macro definitions:") + + # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}") + + # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}") + + # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") + + # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") + + # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\' + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") + + message(STATUS "************************************************************************************************") + message(STATUS "wolfssl component config complete!") + message(STATUS "************************************************************************************************") +endif() diff --git a/IDE/Espressif/component-manager/lib/components/wolfssl/README.md b/IDE/Espressif/component-manager/lib/components/wolfssl/README.md new file mode 100644 index 00000000000..cd9a8a5746d --- /dev/null +++ b/IDE/Espressif/component-manager/lib/components/wolfssl/README.md @@ -0,0 +1,3 @@ +# publish-only component directory + +These files used only during publish to confirm examples will build. diff --git a/IDE/Espressif/component-manager/lib/components/wolfssl/include/user_settings.h b/IDE/Espressif/component-manager/lib/components/wolfssl/include/user_settings.h new file mode 100644 index 00000000000..7d5acfa302a --- /dev/null +++ b/IDE/Espressif/component-manager/lib/components/wolfssl/include/user_settings.h @@ -0,0 +1,203 @@ +/* user_settings.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include /* essential to chip set detection */ + +#undef WOLFSSL_ESPIDF +#undef WOLFSSL_ESP32 +#undef WOLFSSL_ESPWROOM32SE +#undef WOLFSSL_ESP32 +#undef WOLFSSL_ESP8266 + +/* The Espressif sdkconfig will have chipset info. +** +** Possible values: +** +** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 +** CONFIG_IDF_TARGET_ESP32S3 +** CONFIG_IDF_TARGET_ESP32C3 +** CONFIG_IDF_TARGET_ESP32C6 +*/ + +#define WOLFSSL_ESPIDF + +/* + * choose ONE of these Espressif chips to define: + * + * WOLFSSL_ESP32 + * WOLFSSL_ESPWROOM32SE + * WOLFSSL_ESP8266 + */ + +#define WOLFSSL_ESP32 + +/* optionally turn off SHA512/224 SHA512/256 */ +/* #define WOLFSSL_NOSHA512_224 */ +/* #define WOLFSSL_NOSHA512_256 */ + +#define BENCH_EMBEDDED +#define USE_CERT_BUFFERS_2048 + +/* TLS 1.3 */ +#define WOLFSSL_TLS13 +#define HAVE_TLS_EXTENSIONS +#define WC_RSA_PSS +#define HAVE_HKDF +#define HAVE_AEAD +#define HAVE_SUPPORTED_CURVES + +#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + +/* when you want to use SINGLE THREAD */ +#define SINGLE_THREADED + +#define NO_FILESYSTEM + +#define HAVE_AESGCM + +#define WOLFSSL_RIPEMD +/* when you want to use SHA224 */ +// #define WOLFSSL_SHA224 +#define NO_OLD_TLS +/* when you want to use SHA384 */ +//#define WOLFSSL_SHA3 +// +//#define WOLFSSL_SHA384 +//#define NO_SHA256 +#define WOLFSSL_SHA512 +#define HAVE_ECC +#define HAVE_CURVE25519 +#define CURVE25519_SMALL +#define HAVE_ED25519 + +/* when you want to use pkcs7 */ +/* #define HAVE_PKCS7 */ + +#if defined(HAVE_PKCS7) + #define HAVE_AES_KEYWRAP + #define HAVE_X963_KDF + #define WOLFSSL_AES_DIRECT +#endif + +/* when you want to use aes counter mode */ +/* #define WOLFSSL_AES_DIRECT */ +/* #define WOLFSSL_AES_COUNTER */ + +/* esp32-wroom-32se specific definition */ +#if defined(WOLFSSL_ESPWROOM32SE) + #define WOLFSSL_ATECC508A + #define HAVE_PK_CALLBACKS + /* when you want to use a custom slot allocation for ATECC608A */ + /* unless your configuration is unusual, you can use default */ + /* implementation. */ + /* #define CUSTOM_SLOT_ALLOCATION */ +#endif + +/* rsa primitive specific definition */ +#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + /* Define USE_FAST_MATH and SMALL_STACK */ + #define ESP32_USE_RSA_PRIMITIVE + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #define EPS_RSA_EXPT_XBTIS 32 + /* X and Y of X * Y mod P greater than */ + #define ESP_RSA_MULM_BITS 9 +#endif +#define RSA_LOW_MEM + +/* debug options */ +/* #define DEBUG_WOLFSSL */ +/* #define WOLFSSL_ESP32_CRYPT_DEBUG */ +/* #define WOLFSSL_ATECC508A_DEBUG */ + +/* date/time */ +/* if it cannot adjust time in the device, */ +/* enable macro below */ +/* #define NO_ASN_TIME */ +/* #define XTIME time */ + +/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ +#define ESP_RSA_TIMEOUT_CNT 0x249F00 + +#define HASH_SIZE_LIMIT /* for test.c */ + +#define USE_FAST_MATH + +/* optionally use SP_MATH */ +/* #define SP_MATH */ + +#define WOLFSSL_SMALL_STACK + +#define HAVE_VERSION_EXTENDED_INFO +#define HAVE_WC_INTROSPECTION + +/* allows for all version info, even that suppressed with introspection */ +#define ALLOW_BINARY_MISMATCH_INTROSPECTION + +/* Default is HW enabled unless turned off. +** Uncomment these lines for SW: */ +#if defined(CONFIG_IDF_TARGET_ESP32) + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ +#elif defined(CONFIG_IDF_TARGET_ESP32S2) + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#elif defined(CONFIG_IDF_TARGET_ESP32S3) + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ +#elif defined(CONFIG_IDF_TARGET_ESP32C2) + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#elif defined(CONFIG_IDF_TARGET_ESP32C6) + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#elif defined(CONFIG_IDF_TARGET_ESP32H2) + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#else + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#endif +//#define WOLFSSL_SHA384 +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */ +//#define WOLFSSL_SM2 +//#define WOLFSSL_SM3 +//#define WOLFSSL_SM4 diff --git a/IDE/Espressif/component-manager/lib/esp32-crypt.h b/IDE/Espressif/component-manager/lib/esp32-crypt.h new file mode 100644 index 00000000000..81d099b1578 --- /dev/null +++ b/IDE/Espressif/component-manager/lib/esp32-crypt.h @@ -0,0 +1,220 @@ +/* esp32-crypt.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef __ESP32_CRYPT_H__ + +#define __ESP32_CRYPT_H__ + +#include "wolfssl/wolfcrypt/settings.h" +#include /* for MATH_INT_T */ + +#include "esp_idf_version.h" +#include "esp_types.h" +#include "esp_log.h" +#include "esp_random.h" + +#ifdef WOLFSSL_ESP32WROOM32_CRYPT_DEBUG + #undef LOG_LOCAL_LEVEL + #define LOG_LOCAL_LEVEL ESP_LOG_DEBUG +#else + #undef LOG_LOCAL_LEVEL + #define LOG_LOCAL_LEVEL ESP_LOG_DEBUG +#endif + +#include +#include "soc/dport_reg.h" +#include "soc/hwcrypto_reg.h" + +#if ESP_IDF_VERSION_MAJOR < 5 + #include "soc/cpu.h" +#endif + +#if ESP_IDF_VERSION_MAJOR >= 5 + #include "esp_private/periph_ctrl.h" +#else + #include "driver/periph_ctrl.h" +#endif + +#if ESP_IDF_VERSION_MAJOR >= 4 + #include +#elif defined(CONFIG_IDF_TARGET_ESP32S3) + #include +#else + #include +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +int esp_CryptHwMutexInit(wolfSSL_Mutex* mutex); +int esp_CryptHwMutexLock(wolfSSL_Mutex* mutex, TickType_t xBloxkTime); +int esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex); + +#ifndef NO_AES + + #if ESP_IDF_VERSION_MAJOR >= 4 + #include "esp32/rom/aes.h" + #elif defined(CONFIG_IDF_TARGET_ESP32S3) + #include "esp32s3/rom/aes.h" + #else + #include "rom/aes.h" + #endif + + typedef enum tagES32_AES_PROCESS { + ESP32_AES_LOCKHW = 1, + ESP32_AES_UPDATEKEY_ENCRYPT = 2, + ESP32_AES_UPDATEKEY_DECRYPT = 3, + ESP32_AES_UNLOCKHW = 4 + } ESP32_AESPROCESS; + + struct Aes; /* see aes.h */ + int wc_esp32AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz); + int wc_esp32AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz); + int wc_esp32AesEncrypt(struct Aes *aes, const byte* in, byte* out); + int wc_esp32AesDecrypt(struct Aes *aes, const byte* in, byte* out); + +#endif + +#ifdef WOLFSSL_ESP32WROOM32_CRYPT_DEBUG + + void wc_esp32TimerStart(); + uint64_t wc_esp32elapsedTime(); + +#endif /* WOLFSSL_ESP32WROOM32_CRYPT_DEBUG */ + +#if (!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || \ + defined(WOLFSSL_SHA512)) && \ + !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) + + /* RAW hash function APIs are not implemented with esp32 hardware acceleration*/ + #define WOLFSSL_NO_HASH_RAW + #define SHA_CTX ETS_SHAContext + + #if ESP_IDF_VERSION_MAJOR >= 4 + #include "esp32/rom/sha.h" + #elif defined(CONFIG_IDF_TARGET_ESP32S3) + #include "esp32s3/rom/sha.h" + #else + #include "rom/sha.h" + #endif + + #undef SHA_CTX + + typedef enum { + ESP32_SHA_INIT = 0, + ESP32_SHA_HW = 1, + ESP32_SHA_SW = 2, + ESP32_SHA_FAIL_NEED_UNROLL = -1 + } ESP32_MODE; + + typedef struct { + byte isfirstblock; + + ESP32_MODE mode; /* typically 0 init, 1 HW, 2 SW */ + + /* we'll keep track of our own locks. + * actual enable/disable only occurs for ref_counts[periph] == 0 */ + int lockDepth; /* see ref_counts[periph] in periph_ctrl.c */ + + /* ESP32S3 defines SHA_TYPE to enum, all other ESP32s define it to + typedef enum. */ + #if defined(CONFIG_IDF_TARGET_ESP32S3) + SHA_TYPE sha_type; + #else + enum SHA_TYPE sha_type; + #endif + } WC_ESP32SHA; + + int esp_sha_try_hw_lock(WC_ESP32SHA* ctx); + int esp_sha_hw_unlock(WC_ESP32SHA* ctx); + + struct wc_Sha; + int esp_sha_digest_process(struct wc_Sha* sha, byte blockprocess); + int esp_sha_process(struct wc_Sha* sha, const byte* data); + + #ifndef NO_SHA256 + struct wc_Sha256; + int esp_sha256_digest_process(struct wc_Sha256* sha, byte blockprocess); + int esp_sha256_process(struct wc_Sha256* sha, const byte* data); + int esp32_Transform_Sha256_demo(struct wc_Sha256* sha256, const byte* data); + + + #endif + + /* TODO do we really call esp_sha512_process for WOLFSSL_SHA384 ? */ + #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) + struct wc_Sha512; + int esp_sha512_process(struct wc_Sha512* sha); + int esp_sha512_digest_process(struct wc_Sha512* sha, byte blockproc); + #endif + +#endif /* NO_SHA && */ + + +#if !defined(NO_RSA) || defined(HAVE_ECC) + + #if !defined(ESP_RSA_TIMEOUT_CNT) + #define ESP_RSA_TIMEOUT_CNT 0x249F00 + #endif + + /* operands can be up to 4096 bits long. + * here we store the bits in wolfSSL fp_int struct. + * see wolfCrypt tfm.h + */ + struct fp_int; + + + /* + * The parameter names in the Espressif implementation are arbitrary. + * + * The wolfSSL names come from DH: Y=G^x mod M (see wolfcrypt/tfm.h) + * + * G=base, X is the private exponent, Y is the public value w + **/ + + /* Z = (X ^ Y) mod M : Espressif generic notation */ + /* Y = (G ^ X) mod P : wolfSSL DH reference notation */ + int esp_mp_exptmod(struct fp_int* X, /* G */ + struct fp_int* Y, /* X */ + word32 Xbits, /* Ys typically = fp_count_bits (X) */ + struct fp_int* M, /* P */ + struct fp_int* Z); /* Y */ + + /* Z = X * Y */ + int esp_mp_mul(struct fp_int* X, + struct fp_int* Y, + struct fp_int* Z); + + + /* Z = X * Y (mod M) */ + int esp_mp_mulmod(struct fp_int* X, + struct fp_int* Y, + struct fp_int* M, + struct fp_int* Z); + +#endif /* NO_RSA || HAVE_ECC*/ + +/* end c++ wrapper */ +#ifdef __cplusplus +} +#endif + +#endif /* __ESP32_CRYPT_H__ */ diff --git a/IDE/Espressif/component-manager/lib/idf_component-staging-gojimmypi.yml b/IDE/Espressif/component-manager/lib/idf_component-staging-gojimmypi.yml new file mode 100644 index 00000000000..1e0bf53c363 --- /dev/null +++ b/IDE/Espressif/component-manager/lib/idf_component-staging-gojimmypi.yml @@ -0,0 +1,17 @@ +## STAGING SITE: IDF Component Manager Manifest File for Examples (component author user=gojimmypi) +dependencies: + gojimmypi/mywolfssl: "^5.6.3-Staging01-237d10a.3" + ## Required IDF version + idf: + version: ">=4.1.0" + # # Put list of dependencies here + # # For components maintained by Espressif: + # component: "~1.0.0" + # # For 3rd party components: + # username/component: ">=1.0.0,<2.0.0" + # username2/component2: + # version: "~1.0.0" + # # For transient dependencies `public` flag can be set. + # # `public` flag doesn't have an effect dependencies of the `main` component. + # # All dependencies of `main` are public by default. + # public: true diff --git a/IDE/Espressif/component-manager/lib/idf_component.yml b/IDE/Espressif/component-manager/lib/idf_component.yml new file mode 100644 index 00000000000..cc6bac2c920 --- /dev/null +++ b/IDE/Espressif/component-manager/lib/idf_component.yml @@ -0,0 +1,17 @@ +## IDF Component Manager Manifest File For Examples +dependencies: + wolfssl/wolfssl: "^5.6.3-Staging01-237d10a.3" + ## Required IDF version + idf: + version: ">=4.1.0" + # # Put list of dependencies here + # # For components maintained by Espressif: + # component: "~1.0.0" + # # For 3rd party components: + # username/component: ">=1.0.0,<2.0.0" + # username2/component2: + # version: "~1.0.0" + # # For transient dependencies `public` flag can be set. + # # `public` flag doesn't have an effect dependencies of the `main` component. + # # All dependencies of `main` are public by default. + # public: true diff --git a/IDE/Espressif/component-manager/lib/init_demo.sh b/IDE/Espressif/component-manager/lib/init_demo.sh new file mode 100644 index 00000000000..37609ea47c9 --- /dev/null +++ b/IDE/Espressif/component-manager/lib/init_demo.sh @@ -0,0 +1,69 @@ +#!/bin/bash +# +# Demo script for installing wolfSSL component from components.espressif.com +# +# https://components.espressif.com/components/wolfssl/wolfssl +# +# +# This project assumes the ESP-IDF environment is already installed. See: +# +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/ +# +# Espressif IDF is typically in: +# %userprofile%\esp +# +# VisualGDB is typically in: +# . /mnt/c/SysGCC/esp32/esp-idf/v5.0/export.sh + +MY_IDF_PORT=/dev/ttyS23 + + +# check if IDF_PATH is set +if [ -z "$IDF_PATH" ]; then + echo "Please follows the instruction of ESP-IDF installation and set IDF_PATH." + exit 1 +fi + +# make sure it actually exists +if [ ! -d "$IDF_PATH" ]; then + echo "ESP-IDF Development Framework doesn't exist.: $IDF_PATH" + exit 1 +fi + +# is export.sh in the IDF path? +if [ ! -e "$IDF_PATH/export.sh" ]; then + echo "ESP-IDF export.sh: $IDF_PATH/export.sh" + exit 1 +fi + +# Delete files not in GitHub to refresh a previously-built project +if [ -d "./build" ]; then + echo "Initializing local project..." + echo "Removing ./build/ directory..." + rm -rI ./build/ + + echo "Removing ./managed_components/ directory..." + rm -rI ./managed_components/ + + echo "Removing ./main/idf_component.yml" + rm ./main/idf_component.yml + + echo "Removing /sdkconfig" + rm ./sdkconfig + + echo "Removing ./dependencies.lock" + rm ./dependencies.lock +fi + +echo "Using MY_IDF_PORT = $MY_IDF_PORT" + +echo "Installing wolfSSL..." +idf.py add-dependency "wolfssl/wolfssl^5.6.0-stable" + +echo "Bulding project..." +idf.py build + +echo "Flashing project binary to device at $MY_IDF_PORT..." +idf.py -b 115200 -p $MY_IDF_PORT flash + +idf.py -b 115200 -p $MY_IDF_PORT monitor diff --git a/IDE/Espressif/component-manager/lib/options.h b/IDE/Espressif/component-manager/lib/options.h new file mode 100644 index 00000000000..107cde86ce3 --- /dev/null +++ b/IDE/Espressif/component-manager/lib/options.h @@ -0,0 +1,39 @@ +/* options.h.in + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfMQTT. + * + * wolfMQTT is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfMQTT is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +/* default blank options for autoconf */ + +#ifndef WOLFMQTT_OPTIONS_H +#define WOLFMQTT_OPTIONS_H + + +#ifdef __cplusplus +extern "C" { +#endif + + +#ifdef __cplusplus +} +#endif + + +#endif /* WOLFMQTT_OPTIONS_H */ diff --git a/IDE/Espressif/component-manager/lib/user_settings.h b/IDE/Espressif/component-manager/lib/user_settings.h new file mode 100644 index 00000000000..d7fe97b3bf8 --- /dev/null +++ b/IDE/Espressif/component-manager/lib/user_settings.h @@ -0,0 +1,283 @@ +/* user_settings.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include /* essential to chip set detection */ + +#undef WOLFSSL_ESPIDF +#undef WOLFSSL_ESPWROOM32 +#undef WOLFSSL_ESPWROOM32SE +#undef WOLFSSL_ESP32 +#undef WOLFSSL_ESP8266 + +/* The Espressif sdkconfig will have chipset info. +** +** Possible values: +** +** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 +** CONFIG_IDF_TARGET_ESP32S3 +** CONFIG_IDF_TARGET_ESP32C3 +** CONFIG_IDF_TARGET_ESP32C6 +*/ +#include "sdkconfig.h" + +#define WOLFSSL_ESPIDF + +/* + * choose ONE of these Espressif chips to define: + * + * WOLFSSL_ESP32 + * WOLFSSL_ESPWROOM32SE + * WOLFSSL_ESP8266 + */ + +#define WOLFSSL_ESP32 + +/* optionally turn off SHA512/224 SHA512/256 */ +/* #define WOLFSSL_NOSHA512_224 */ +/* #define WOLFSSL_NOSHA512_256 */ + + +#define BENCH_EMBEDDED +#define USE_CERT_BUFFERS_2048 + +/* TLS 1.3 */ +#define WOLFSSL_TLS13 +#define HAVE_TLS_EXTENSIONS +#define WC_RSA_PSS +#define HAVE_HKDF +#define HAVE_AEAD +#define HAVE_SUPPORTED_CURVES + +#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + +/* when you want to use SINGLE THREAD */ +/* #define SINGLE_THREADED */ + +#define NO_FILESYSTEM + +#define HAVE_AESGCM + +/* when you want to use SHA224 */ +/* #define WOLFSSL_SHA224 */ + +/* when you want to use SHA384 */ +/* #define WOLFSSL_SHA3 */ + +/* #define WOLFSSL_SHA384 */ +#define WOLFSSL_SHA512 +#define HAVE_ECC +#define HAVE_CURVE25519 +#define CURVE25519_SMALL +#define HAVE_ED25519 + + +/* when you want to use pkcs7 */ +/* #define HAVE_PKCS7 */ + +#if defined(HAVE_PKCS7) + #define HAVE_AES_KEYWRAP + #define HAVE_X963_KDF + #define WOLFSSL_AES_DIRECT +#endif + +/* when you want to use aes counter mode */ +/* #define WOLFSSL_AES_DIRECT */ +/* #define WOLFSSL_AES_COUNTER */ + +/* esp32-wroom-32se specific definition */ +#if defined(WOLFSSL_ESPWROOM32SE) + #define WOLFSSL_ATECC508A + #define HAVE_PK_CALLBACKS + /* when you want to use a custom slot allocation for ATECC608A */ + /* unless your configuration is unusual, you can use default */ + /* implementation. */ + /* #define CUSTOM_SLOT_ALLOCATION */ +#endif + +/* rsa primitive specific definition */ +#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + /* Define USE_FAST_MATH and SMALL_STACK */ + #define ESP32_USE_RSA_PRIMITIVE + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #define EPS_RSA_EXPT_XBTIS 32 /* NOTE HW unreliable for small values! */ + /* X and Y of X * Y mod P greater than */ + #define ESP_RSA_MULM_BITS 9 +#endif +/* optional RSA low memory */ +/* #define RSA_LOW_MEM */ + +/* debug options */ +/* #define DEBUG_WOLFSSL */ +/* #define WOLFSSL_ESP32_CRYPT_DEBUG */ +/* #define WOLFSSL_ATECC508A_DEBUG */ + +/* date/time */ +/* if it cannot adjust time in the device, */ +/* enable macro below */ +/* #define NO_ASN_TIME */ +/* #define XTIME time */ + + +/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ +#define ESP_RSA_TIMEOUT_CNT 0x249F00 + +#define HASH_SIZE_LIMIT /* for test.c */ + +/* only FAST_MATH has HW acceleration at this time */ +#define USE_FAST_MATH + +/* only valid on RISC-V chips such as ESP32-C3: */ +/* #define WOLFSSL_SP_RISCV32 */ + +/* optionally use SP_MATH */ +/* #define SP_MATH */ + +/* #define WOLFSSL_SMALL_STACK */ + +#define HAVE_VERSION_EXTENDED_INFO +#define HAVE_WC_INTROSPECTION + +/* allows for all version info, even that supporessed with intospection */ +#define ALLOW_BINARY_MISMATCH_INTROSPECTION + +#define HAVE_SESSION_TICKET + + +/* #define WOLFSSL_HAVE_SP_RSA */ + +/* #define HAVE_HASHDRBG */ + +/* Shared configuration in same directory */ +/* #include "Wolf_Features.h" */ + +/* Default is HW enabled unless turned off. +** Uncomment these lines for SW: */ +#if defined(CONFIG_IDF_TARGET_ESP32) + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ +#elif defined(CONFIG_IDF_TARGET_ESP32S2) + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#elif defined(CONFIG_IDF_TARGET_ESP32S3) + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + /* #define NO_WOLFSSL_ESP32_CRYPT_AES */ + /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */ +#elif defined(CONFIG_IDF_TARGET_ESP32C2) + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#elif defined(CONFIG_IDF_TARGET_ESP32C6) + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#elif defined(CONFIG_IDF_TARGET_ESP32H2) + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#else + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI +#endif + +/* debug options */ +/* #define ESP_VERIFY_MEMBLOCK */ +#define WOLFSSL_HW_METRICS +/* #define DEBUG_WOLFSSL_VERBOSE */ +/* #define DEBUG_WOLFSSL */ +/* #define WOLFSSL_ESP32_CRYPT_DEBUG */ +#define NO_RECOVER_SOFTWARE_CALC + +/* optionally turn off individual math HW acceleration features */ + +/* Turn off Large Number Multiplication: +** [Z = X * Y] in esp_mp_mul() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + +/* Turn off Large Number Modular Exponentiation: +** [Z = X^Y mod M] in esp_mp_exptmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ + +/* Turn off Large Number Modular Multiplication +** [Z = X × Y mod M] in esp_mp_mulmod() */ +/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + + +/* this is known to fail in TFM: */ +/* #define HONOR_MATH_USED_LENGTH */ + +/* this is known to fail in TFM */ +/* #define CHECK_MP_READ_UNSIGNED_BIN */ + +#define WOLFSSL_PUBLIC_MP /* used by benchmark */ +#define USE_CERT_BUFFERS_2048 + +/* Optionally include alternate HW test library: alt_hw_test.h */ +/* When enabling, the ./components/wolfssl/CMakeLists.txt file + * will need the name of the library in the idf_component_register + * for the PRIV_REQUIRES list. */ +/* #define INCLUDE_ALT_HW_TEST */ + +/* #define NO_HW_MATH_TEST */ + + +/* when turning on ECC508 / ECC608 support +#define WOLFSSL_ESPWROOM32SE +#define HAVE_PK_CALLBACKS +#define WOLFSSL_ATECC508A +#define ATCA_WOLFSSL +*/ + +/* USE_FAST_MATH is default */ + +/* use SP_MATH */ +/* +#undef USE_FAST_MATH +#define WOLFSSL_SP_MATH_ALL +*/ + +/* use integer heap math */ +/* +#undef USE_FAST_MATH +#define USE_INTEGER_HEAP_MATH +*/ + +/* optionally use DPORT_ACCESS_READ_BUFFER */ +/* +#define USE_ESP_DPORT_ACCESS_READ_BUFFER +*/ + diff --git a/IDE/Espressif/component-manager/wolfssl_build_example.sh b/IDE/Espressif/component-manager/wolfssl_build_example.sh new file mode 100644 index 00000000000..e59e65e8b80 --- /dev/null +++ b/IDE/Espressif/component-manager/wolfssl_build_example.sh @@ -0,0 +1,101 @@ +#!/bin/bash +# +# wolfssl_build_example.sh +# +# Script to build wolfSSL examples for publish to Espressif ESP Registry. +# This file is not needed by end users. +# + +# the first parameter is expected to be a examples/project-name +if [ $# -lt 1 ]; then + echo "Usage: $0 " + exit 1 +else + THIS_EXAMPLE="$1" +fi + +# make sure the provided parameter directory exists +if [ ! -d "$THIS_EXAMPLE" ]; then + echo "Directory not found: $THIS_EXAMPLE" + exit 1 +fi +# we impose a requirement to have a sdkconfig.defaults file +if [ ! -e "$THIS_EXAMPLE/sdkconfig.defaults" ]; then + echo "File not found: $THIS_EXAMPLE/sdkconfig.defaults" + exit 1 +fi + +# check if IDF_PATH is set +if [ -z "$IDF_PATH" ]; then + echo "Please follow the instruction of ESP-IDF installation and set IDF_PATH." + exit 1 +fi + +# make sure it actually exists +if [ ! -d "$IDF_PATH" ]; then + echo "ESP-IDF Development Framework doesn't exist.: $IDF_PATH" + exit 1 +fi + +# is export.sh in the IDF path? +if [ ! -e "$IDF_PATH/export.sh" ]; then + echo "ESP-IDF export.sh: $IDF_PATH/export.sh" + exit 1 +fi + +# Ready to build; prep. +pushd "$THIS_EXAMPLE" + +export NEED_YML_RESTORE= +if [ -e "./main/idf_component.yml" ]; then + echo "Temporarily disabling ESP Component by renaming idf_component.yml" + mv ./main/idf_component.yml ./main/idf_component.yml.bak + export NEED_YML_RESTORE=Y +fi + +export NEED_DIR_RESTORE= +if [ -e "./managed_components" ]; then + echo "Temporarily renaming managed_components" + mv ./managed_components ./managed_components.bak + export NEED_DIR_RESTORE=Y +fi + +#************************************************************************************************** +# Build +#************************************************************************************************** +# put in a woldSSL component directory to act like the managed component published version +cp -r ../../lib/components ./ + +idf.py build +THIS_ERROR_CODE=$? + +rm -r ./components/ + +#************************************************************************************************** +# Restore managed components +#************************************************************************************************** +if [ "${NEED_YML_RESTORE^}" == "Y" ]; then + echo "Restoring ./main/idf_component.yml" + mv ./main/idf_component.yml.bak ./main/idf_component.yml +fi + +if [ "${NEED_DIR_RESTORE^}" == "Y" ]; then + echo "Restoring ./managed_components" + mv ./managed_components.bak ./managed_components +fi + +popd + +#************************************************************************************************** +# Done +#************************************************************************************************** + +if [ $THIS_ERROR_CODE -ne 0 ]; then + echo "" + echo "Failed to build" + exit 1 +else + echo "" + echo "Build successful." + echo "" +fi diff --git a/IDE/Espressif/component-manager/wolfssl_component_publish.sh b/IDE/Espressif/component-manager/wolfssl_component_publish.sh new file mode 100644 index 00000000000..e0f458a5f8f --- /dev/null +++ b/IDE/Espressif/component-manager/wolfssl_component_publish.sh @@ -0,0 +1,818 @@ +#!/bin/bash +# +# wolfssl_component_publish.sh [optional directory source to publish] +# +# Script to publish wolfSSL, wolfMQTT, and wolfSSH to Espressif ESP Registry. +# This file is duplicated across repositories. It is not needed by end users. +# +# NOTICE +# +# ***** PRODUCTION DEPLOYMENT MUST BE MANUALLY ENABLED ***** +# +# export $IDF_COMPONENT_REGISTRY_URL=https://components.espressif.com +# +# Version: 1.0 +# +# For usage, see INSTALL.md +# +# TODO: config file settings not yet supported here. See: +# https://docs.espressif.com/projects/idf-component-manager/en/latest/guides/packaging_components.html#authentication-with-a-config-file +# +# set our known production and staging links. No trailing "/" char. Edit with caution: +export PRODUCTION_URL="https://components.espressif.com" +export STAGING_URL="https://components-staging.espressif.com" + +# Unlike the default operation, is not explicitly set to production +# we assume the publish is staging. +echo "--------------------------------------------------------------------------------------------" +if [ -z "$IDF_COMPONENT_REGISTRY_URL" ]; then + export IDF_COMPONENT_REGISTRY_URL="$STAGING_URL" + echo "Setting default publishing location to ESP Registry: $STAGING_URL" + echo "" +fi + +#************************************************************************************************** +# copy_wolfssl_source() +# +# A function to copy a given wolfSSL root: $1 +# for a given subdirectory: $2 +# for a file type specification: $3 +# optionally append files with: $4 +# +# Example: copy wolfssl/src/*.c to the local ./src directory: +# copy_wolfssl_source /workspace/wolfssl "src" "*.c" +# +# Files in this local directory, typically called "component-manager" +# will be published to the Espressif ESP Registry. +# +# Contents of $dst will be DELETED unless $4 == "APPEND" +copy_wolfssl_source() { + local src="$1" + local dst="$2" + local file_type="$3" + local append="$4" + + # uncomment for verbose output: + # echo "" + # echo "Copying files: $file_type" + + if [[ -d "$dst" && "$append" != "APPEND" ]]; then + # uncomment for verbose output: + # echo "Deleting files in directory: $dst" + find "$dst" -type f -delete + fi + + # uncomment for verbose output: + # echo "Copying files from $src/$dst to $(pwd)/$dst" + mkdir -p "$dst" + + if find "$src"/"$dst" -type f -name "$file_type" -print -quit | grep -q '^'; then + # this gives a shellcheck warning: + # cp -u "$src"/"$dst"/$file_type "./$dst/" + # + # this does not work: (gives cp: cannot stat .. No such file or directory) + # cp -u "$src"/"$dst"/""$file_type" "./$dst/" + # + # so we'll assemble a local command var: + local cp_command="cp -u $src/$dst/$file_type ./$dst/" + # uncomment for verbose output: + echo "Executing command: $cp_command" + eval "$cp_command" + echo "Copied $dst/$file_type" + else + echo "ERROR: Not Found: $dst" + fi +} # copy_wolfssl_source() + +#************************************************************************************************** +# +# The first parameter, when present, is expected to be the path to the component to install: +# +# wolfssl_component_publish.sh /mnt/c/workspace/wolfssl-master +# +# The only acceptable names MUST contain the component name. (e.g. don't clone wolfssl into OtherName) +# +# Source directory names may contain a "-" delimiter: (e.g. wolfssl-username, wolfssl-master) +# +# If a parameter is not specified, this script is expected to be in [repo]/IDE/Espressif/component-manager +# +# e.g. /some/directory/path/wolfssl/IDE/Espressif/component-manager: +# +# The root to publish is 3 directories up from `component-manager` in `wolfssl`. +# +if [ $# -lt 1 ]; then + # This script directory is the source, assumed 3 levels down: + THIS_DIRECTORY_PARAMETER=$(dirname "$(dirname "$(dirname "$PWD")")") +else + # If a parameter was supplied, we'll use that, instead. + THIS_DIRECTORY_PARAMETER="$1" +fi + +# Whether specified or inferred, the directory must exist to proceed. +if [ ! -d "$THIS_DIRECTORY_PARAMETER" ]; then + echo "Directory Parameter doesn't exist.: $THIS_DIRECTORY_PARAMETER" + exit 1 +fi + +echo "Source to publish: $THIS_DIRECTORY_PARAMETER" +# get the directory name, e.g. wolfssl-master +COMPONENT_NAME_GUESS=$(basename "$THIS_DIRECTORY_PARAMETER") + +# Set the in field separator to "-" +IFS="-" + +# Read the directory name into an array. We only want the first part (e.g. wolfssl) +read -r -a COMPONENT_GUESS_PARTS <<< "$COMPONENT_NAME_GUESS" + +# Get just the wolfssl part if "wolfssl-username" +export THIS_DIRECTORY_COMPONENT="${COMPONENT_GUESS_PARTS[0]}" + +# Regardless of source text, we want lower case name components. +export THIS_DIRECTORY_COMPONENT="${THIS_DIRECTORY_COMPONENT,,}" + +echo "THIS_DIRECTORY_COMPONENT = $THIS_DIRECTORY_COMPONENT" + +# Need to set IFS if using it elsewhere: +IFS= + +#************************************************************************************************** +#************************************************************************************************** +# Begin script +#************************************************************************************************** +#************************************************************************************************** +# +# Reminder this script may be running from a development repo, but publishing source code from a +# *different* specified directory (see above). However, the GitHub component name must match. +# For example, if we are in `wolfMQTT-username`, we must only publish the wolfmqtt component. +echo "Searching for component name (this script must run in a github repo directory)" +THIS_COMPONENT_CONFIG="$(git config --get remote.origin.url)" +export THIS_COMPONENT +THIS_COMPONENT="$(basename -s .git "$THIS_COMPONENT_CONFIG")" || exit 1 + +# Our component names are all lower case, regardless of repo name: +THIS_COMPONENT="${THIS_COMPONENT,,}" + +# Check that we actually found a repository component name. +if [ -z "$THIS_COMPONENT" ]; then + echo "Could not find component name." + echo "Please run this script from a github repo directory." + exit 1 +else + echo "Found component to publish: $THIS_COMPONENT" +fi + +# Check that this repo and the source directory are for the same component name +if [ "$THIS_COMPONENT" == "$THIS_DIRECTORY_COMPONENT" ]; then + echo "Will publish $THIS_COMPONENT from $THIS_DIRECTORY_PARAMETER" +else + echo "ERROR: Not a $THIS_COMPONENT component in $THIS_DIRECTORY_PARAMETER" + exit 1 +fi + +export THIS_SOURCE="$THIS_DIRECTORY_PARAMETER" + +# Define the source directory and destination directory. +# We start in IDE/Espressif/component-manager +# We want examples from IDE/Espressif/ESP-IDF/examples +# +# EXAMPLE_SOURCE_DIR="$THIS_SOURCE/IDE/Espressif/ESP-IDF/examples" + +export EXAMPLE_SOURCE_DIR="missing" + +case "$THIS_COMPONENT" in + "wolfssl") + export COMPONENT_VERSION_STRING="LIBWOLFSSL_VERSION_STRING" + export EXAMPLE_SOURCE_DIR="$THIS_SOURCE/IDE/Espressif/ESP-IDF/examples" + ;; + "wolfssh") + export COMPONENT_VERSION_STRING="LIBWOLFSSH_VERSION_STRING" + export EXAMPLE_SOURCE_DIR="$THIS_SOURCE/ide/Espressif/ESP-IDF/examples" + ;; + "wolfmqtt") + export COMPONENT_VERSION_STRING="LIBWOLFMQTT_VERSION_STRING" + export EXAMPLE_SOURCE_DIR="$THIS_SOURCE/IDE/Espressif/ESP-IDF/examples" + ;; + *) + export COMPONENT_VERSION_STRING="" + echo "Not a supported component: $THIS_COMPONENT" + exit 1 + ;; +esac + +# check if there's an unsupported idf_component_manager.yml file. +if [ -e "./idf_component_manager.yml" ]; then + # There may be contradictory settings in idf_component_manager.yml vs environment variables, + # Which takes priority? Check not performed at this time. + echo "ERROR: This script does not yet support idf_component_manager.yml." + exit 1 +fi + +# check if IDF_PATH is set +if [ -z "$IDF_PATH" ]; then + echo "Please follow the instruction of ESP-IDF installation and set IDF_PATH." + exit 1 +fi + +# make sure it actually exists +if [ ! -d "$IDF_PATH" ]; then + echo "ESP-IDF Development Framework doesn't exist.: $IDF_PATH" + exit 1 +fi + +# is export.sh in the IDF path? +if [ ! -e "$IDF_PATH/export.sh" ]; then + echo "ESP-IDF export.sh: $IDF_PATH/export.sh" + exit 1 +fi + +# check if IDF_COMPONENT_API_TOKEN is set +if [ -z "$IDF_COMPONENT_API_TOKEN" ]; then + echo "Please follow the instructions and set IDF_COMPONENT_API_TOKEN value." + exit 1 +fi + +# there needs to be a version in the yml file +THIS_VERSION=$(grep "version:" ./idf_component.yml | awk -F'"' '{print $2}') +if [ -z "$THIS_VERSION" ]; then + echo "Quoted version: value not found in ./idf_component.yml" + exit 1 +fi + +# We need to have determined the published name before getting here (e.g. if called mywolfssl for staging) +if [ "$IDF_COMPONENT_REGISTRY_URL" == "$PRODUCTION_URL" ]; then + echo "WARNING: The live $THIS_COMPONENT will be replaced upon completion." + echo "" + export THIS_NAMESPACE=wolfssl + export THIS_COMPONENT_NAME="$THIS_COMPONENT" +else + if [ "$IDF_COMPONENT_REGISTRY_URL" == "$STAGING_URL" ]; then + # check if USER is set + if [ -z "$USER" ]; then + echo "Could not detect USER environment variable needed for staging" + exit 1 + fi + export THIS_NAMESPACE="$USER" + export THIS_COMPONENT_NAME="my$THIS_COMPONENT" + echo "" + echo "WARNING: The staging $THIS_COMPONENT_NAME component will be replaced upon completion:" + echo "" + echo " $IDF_COMPONENT_REGISTRY_URL/components/$THIS_NAMESPACE/$THIS_COMPONENT_NAME" + echo "" + else + echo "" + echo "WARNING: unexpected IDF_COMPONENT_REGISTRY_URL value = $IDF_COMPONENT_REGISTRY_URL" + echo "Expected blank or $STAGING_URL or $PRODUCTION_URL" + exit 1 + fi +fi + +# check if prior version tgz file already published. +FOUND_LOCAL_DIST= +if [ -f "./dist/${THIS_COMPONENT_NAME}_${THIS_VERSION}.tgz" ]; then + echo "Found file ${THIS_COMPONENT_NAME}_${THIS_VERSION}.tgz" + echo "Duplicate versions cannot be published. By proceeding, you will overwrite the local source." + echo "" + FOUND_LOCAL_DIST=true +fi + +# check if prior version directory already published +if [ -d "./dist/${THIS_COMPONENT_NAME}_${THIS_VERSION}" ]; then + echo "Found directory: ${THIS_COMPONENT_NAME}_${THIS_VERSION}" + echo "Duplicate versions cannot be published. By proceeding, you will overwrite the local source." + echo "" + FOUND_LOCAL_DIST=true +fi + +# check if this version distribution already exists, and if so, if it should be overwritten +if [ -z "$FOUND_LOCAL_DIST" ]; then + echo "Confirmed a prior local distribution file set does not exist for ${THIS_COMPONENT_NAME}_${THIS_VERSION}." +else + OK_TO_OVERWRITE_DIST= + until [ "${OK_TO_OVERWRITE_DIST^}" == "Y" ] || [ "${OK_TO_OVERWRITE_DIST^}" == "N" ]; do + read -r -n1 -p "Proceed? (Y/N) " OK_TO_OVERWRITE_DIST + OK_TO_OVERWRITE_DIST=${OK_TO_OVERWRITE_DIST^}; + echo; + done + + if [ "${OK_TO_OVERWRITE_DIST^}" == "Y" ]; then + echo "" + echo "Proceeding. Choosing to publish will OVERWRITE EXISTING DISTRIBUTION..." + echo "" + else + echo "Exiting..." + exit 1 + fi +fi + + +#************************************************************************************************** +# Show Ready Summary before step that will copy all source files related to the ESP Component Registry +#************************************************************************************************** +echo "" + + +echo "--------------------------------------------------------------------------------------------" +echo "" +echo "Current source directory:" +echo "" +pwd +echo "" +echo "Version to publish in local idf_component.yml (version numbers cannot be reused!)" +echo "" +grep "version:" idf_component.yml +echo "" + +#************************************************************************************************** +# copy all source files related to the ESP Component Registry +#************************************************************************************************** + +# Optionally specify an alternative source of wolfSSL to publish: + +# TODO REMOVE this line if not using /test/wolfssl-master + +# if [ "wolfmqtt" == "$THIS_COMPONENT" ]; then +# THIS_SOURCE=/mnt/c/workspace/wolfMQTT-master +# else +# if [ "wolfssl" == "$THIS_COMPONENT" ]; then +# THIS_SOURCE=/mnt/c/workspace/wolfssl-master +# else +# if [ "wolfssh" == "$THIS_COMPONENT" ]; then +# THIS_SOURCE=/mnt/c/workspace/wolfssh-master +# else +# echo "Error: not a supported component: $THIS_COMPONENT" +# exit 1 +# fi +# fi +# fi +# END TODO REMOVE + +# copy_wolfssl_source $THIS_SOURCE +echo "------------------------------------------------------------------------" +echo "Copying source to publish from $THIS_SOURCE" +echo "------------------------------------------------------------------------" +echo "" +echo "git status:" +pushd "$THIS_SOURCE" || exit 1 +git status +popd || exit 1 + +#************************************************************************************************** +# Confirm we actually want to proceed to copy. +#************************************************************************************************** +echo "Existing component-manager/examples files will be deleted and copied from $EXAMPLE_SOURCE_DIR" +OK_TO_COPY= +until [ "${OK_TO_COPY^}" == "Y" ] || [ "${OK_TO_COPY^}" == "N" ]; do + read -r -n1 -p "Proceed? (Y/N) " OK_TO_COPY + OK_TO_COPY=${OK_TO_COPY^}; + echo; +done + +echo "" + +if [ "${OK_TO_COPY^}" == "Y" ]; then + echo "Proceeding to copy..." +else + echo "Exiting..." + exit 1 +fi + +#************************************************************************************************** +# Copy root README.md file, clean it, and prepend README_REGISTRY_PREPEND.md text. +# Also prepend a staging note as appropriate. +#************************************************************************************************** +# Copy a fresh repository source README.md +cp "$THIS_SOURCE/README.md" ./README.md + +# strip any HTML anchor tags, that are irrelevant and don't look pretty +echo "Removing HTML anchor tags from README..." +sed -i '//d' ./README.md + +if [ -e "./README_REGISTRY_PREPEND.md" ]; then + if [ "$IDF_COMPONENT_REGISTRY_URL" == "$STAGING_URL" ]; then + echo "Prepend README_STAGING_PREPEND.md and README_REGISTRY_PREPEND.md to README.md" + cat ./README_STAGING_PREPEND.md ./README_REGISTRY_PREPEND.md ./README.md > ./NEW_README.md + else + echo "Prepend README_REGISTRY_PREPEND.md to README.md" + cat ./README_REGISTRY_PREPEND.md ./README.md > ./NEW_README.md + fi + THIS_ENCODING=$(file -b --mime-encoding ./NEW_README.md) + echo "Found encoding: $THIS_ENCODING" + + iconv --to-code=UTF-8//ignore --output=./README.md "./NEW_README.md" + THIS_ERROR_CODE=$? + + if [ $THIS_ERROR_CODE -ne 0 ]; then + echo "" + echo "Warning! Bad encoding in README.md file. Removing bad chars and converting to UTF-8" + iconv --to-code=UTF-8//ignore -c --output=./README.md "./NEW_README.md" + else + echo "" + echo "Confirmed README.md contains no bad encoding chars." + echo "" + fi +else + echo "ERROR: README_REGISTRY_PREPEND.md not found to prepend to README.md" + exit 1 +fi + +# Ensure there's a comment in the README.md for this specific version being published! +# +# grep "version:" idf_component.yml +# will typically return a value such as: version: "1.0.7-dev" +# +# we'll want to look for the 1.0.7-dev part in the README.md +# + +echo "Checking README.md for Version $THIS_VERSION" +grep "$THIS_VERSION" README.md +THIS_ERROR_CODE=$? + +if [ $THIS_ERROR_CODE -ne 0 ]; then + echo "" + echo "Version text not found in the README.md file. Please edit and try again." + echo " See file: README_REGISTRY_PREPEND.md that is used to create README.md" + exit 1 +else + echo "" + echo "Confirmed README.md contains the version text: $THIS_VERSION" + echo "" +fi + +# We need a user_settings.h in the include directory, +# However we'll keep a default Espressif locally, and *not* copy here: +# +# copy_wolfssl_source $THIS_SOURCE "include" "*.h" +# +# See also IDE/Espressif/ESP-IDF/user_settings.h +# +#************************************************************************************************** +# Copy C source files +# Reminder: each component must specify a value for EXAMPLE_SOURCE_DIR (above) +#************************************************************************************************** + +# wolfMQTT Files +if [ "wolfmqtt" == "$THIS_COMPONENT" ]; then + + echo "Copying wolfMQTT C Source files... $THIS_SOURCE" + copy_wolfssl_source "$THIS_SOURCE" "src" "*.c" + + # Copy C header files + echo "Copying wolfMQTT C Header files..." + copy_wolfssl_source "$THIS_SOURCE" "wolfmqtt" "*.h" + + # wolfMQTT looks for an options.h file + echo "Copying wolfMQTT options.h" + cp ./lib/options.h "./wolfmqtt/options.h" +fi + +# wolfSSH Files +if [ "wolfssh" == "$THIS_COMPONENT" ]; then + echo "Copying wolfSSH C Source files... $THIS_SOURCE" + copy_wolfssl_source "$THIS_SOURCE" "src" "*.c" + + # Copy C header files + echo "Copying wolfSSH C Header files..." + copy_wolfssl_source "$THIS_SOURCE" "wolfssh" "*.h" +fi + +# wolfSSL Files +if [ "wolfssl" == "$THIS_COMPONENT" ]; then + + echo "Copying wolfSSL C Source files... $THIS_SOURCE" + copy_wolfssl_source "$THIS_SOURCE" "src" "*.c" + copy_wolfssl_source "$THIS_SOURCE" "wolfcrypt/src" "*.c" + copy_wolfssl_source "$THIS_SOURCE" "wolfcrypt/benchmark" "*.c" + copy_wolfssl_source "$THIS_SOURCE" "wolfcrypt/src/port/atmel" "*.c" + copy_wolfssl_source "$THIS_SOURCE" "wolfcrypt/src/port/Espressif" "*.c" + copy_wolfssl_source "$THIS_SOURCE" "wolfcrypt/test" "*.c" + copy_wolfssl_source "$THIS_SOURCE" "wolfcrypt/user-crypto/src" "*.c" + + # Copy C header files + echo "Copying wolfSSL C Header files..." + copy_wolfssl_source "$THIS_SOURCE" "wolfcrypt/benchmark" "*.h" APPEND + copy_wolfssl_source "$THIS_SOURCE" "wolfcrypt/test" "*.h" APPEND + copy_wolfssl_source "$THIS_SOURCE" "wolfcrypt/user-crypto/include" "*.h" + copy_wolfssl_source "$THIS_SOURCE" "wolfssl" "*.h" + copy_wolfssl_source "$THIS_SOURCE" "wolfssl/openssl" "*.h" + copy_wolfssl_source "$THIS_SOURCE" "wolfssl/wolfcrypt" "*.h" + copy_wolfssl_source "$THIS_SOURCE" "wolfssl/wolfcrypt/port/atmel" "*.h" + copy_wolfssl_source "$THIS_SOURCE" "wolfssl/wolfcrypt/port/Espressif" "*.h" + + # Note that for example apps, the ESP Registry will append the these README files to + # the main README.md at publish time, and generate anchor text hyperlinks. + copy_wolfssl_source "$THIS_SOURCE" "wolfcrypt/benchmark" "README.md" APPEND + copy_wolfssl_source "$THIS_SOURCE" "wolfcrypt/test" "README.md" APPEND + + # TODO remove + # Files known to need attention + # The current examples expect user_settings in the root include directory + # this can be removed once subsequent PR updates are accepted for examples + cp ./lib/user_settings.h ./include/user_settings.h + + # The component registry needs a newer version of esp32-crypt.h + # cp ./lib/esp32-crypt.h ./wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h + # End TODO +fi +echo "" + +#************************************************************************************************** +# make sure the version found in ./$THIS_COMPONENT/version.h matches that in ./idf_component.yml +#************************************************************************************************** +if [ -e "./$THIS_COMPONENT/version.h" ]; then + WOLFSSL_VERSION=$(grep "${COMPONENT_VERSION_STRING}" ./"${THIS_COMPONENT}"/version.h | awk '{print $3}' | tr -d '"') + grep "$WOLFSSL_VERSION" ./idf_component.yml + THIS_ERROR_CODE=$? + if [ $THIS_ERROR_CODE -ne 0 ]; then + echo "" + echo "Version text in idf_component.yml does not match ./$THIS_COMPONENT/version.h ($WOLFSSL_VERSION). Please edit and try again." + # optionally exit TODO? + + # exit 1 + else + echo "" + echo "Confirmed idf_component.yml matches ./$THIS_COMPONENT/version.h the version text: $WOLFSSL_VERSION" + echo "" + fi +else + echo "ERROR: ./$THIS_COMPONENT/version.h not found" + exit 1 +fi + +#************************************************************************************************** +# All files from the wolfssl/IDE/Espressif/ESP-IDF/examples +# will be copied to the local ESP Registry ./examples/ directory +# +# Define the source directory and destination directory. +# We start in IDE/Espressif/component-manager +# We want examples from IDE/Espressif/ESP-IDF/examples +# +# We'll copy examples to publish into our local examples +# We start in IDE/Espressif/component-manager +# Copy example files to IDE/Espressif/component-manager/examples +destination_dir="examples" + +# Check if the destination directory exists, and create it if it doesn't +if [ ! -d "$destination_dir" ]; then + mkdir -p "$destination_dir" +else + rm -rf ../component-manager/examples + mkdir -p "$destination_dir" +fi + +# Check that we have a manifest for examples. +if [ -f "component_manifest.txt" ]; then + echo "Using manifest file: component_manifest.txt" +else + echo "Error: component_manifest.txt not found and is needed for examples." + exit 1 +fi + +MISSING_FILES=N +# Read the list of files from component_manifest.txt and copy them +while IFS= read -r file_path; do + + if [[ "$file_path" == "#"* ]]; then + echo "$file_path" + else + # Remove leading and trailing whitespace from the file path + file_path=$(echo "$file_path" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') + + # Check if the file path is empty (blank line) + if [ -z "$file_path" ]; then + continue + fi + + # Construct the full source and destination paths + full_source_path="$EXAMPLE_SOURCE_DIR/$file_path" + full_destination_path="$destination_dir/$file_path" + + # Create the directory structure in the destination if it doesn't exist + mkdir -p "$(dirname "$full_destination_path")" + + # Copy the file to the destination + cp "$full_source_path" "$full_destination_path" + THIS_ERROR_CODE=$? + if [ $THIS_ERROR_CODE -eq 0 ]; then + echo "Copied: $full_source_path -> $full_destination_path" + else + MISSING_FILES=Y + # echo "WARNING: File not copied: $full_source_path" + fi + fi # comment or file check +done < "component_manifest.txt" # loop through each of the lines in component_manifest.txt +echo "" + +#************************************************************************************************** +# Each project will be initialized with idf_component.yml in the project directory. +#************************************************************************************************** +echo "------------------------------------------------------------------------" +echo "Initialize projects with idf_component.yml" +echo "------------------------------------------------------------------------" +if [ "$IDF_COMPONENT_REGISTRY_URL" == "$PRODUCTION_URL" ]; then + export IDF_EXAMPLE_SOURCE="./lib/idf_component.yml" +else + if [ "$IDF_COMPONENT_REGISTRY_URL" == "$STAGING_URL" ]; then + export IDF_EXAMPLE_SOURCE="./lib/idf_component-staging-$USER.yml" + else + echo "" + echo "WARNING: unexpected IDF_COMPONENT_REGISTRY_URL value = $IDF_COMPONENT_REGISTRY_URL" + echo "Expected blank or $STAGING_URL or $PRODUCTION_URL" + exit 1 + fi +fi +echo "" + +#************************************************************************************************** +# make sure the idf_component.yml (or idf_component-staging-[user name].yml) file exists +#************************************************************************************************** +if [ -f "$IDF_EXAMPLE_SOURCE" ]; then + echo "Examples will use: $IDF_EXAMPLE_SOURCE" +else + echo "Error: staging environment found, but required example component yml file does not exist: $IDF_EXAMPLE_SOURCE" + exit 1 +fi + +#************************************************************************************************** +# each example needs a idf_component.yml from ./lib copied into [example]/name/ +#************************************************************************************************** +find ./examples/ -maxdepth 1 -mindepth 1 -type d -print0 | xargs -0 -I {} sh -c "echo 'Copying $IDF_EXAMPLE_SOURCE to {}/main/idf_component.yml ' && cp $IDF_EXAMPLE_SOURCE {}/main/idf_component.yml" || exit 1 + +#************************************************************************************************** +# Check if we detected any missing example files that did not successfully copy. +#************************************************************************************************** +if [ "${MISSING_FILES^}" == "Y" ]; then + echo "Some example files not copied. Continue?" + #************************************************************************************************** + # Confirm we actually want to proceed to publish if there were missing example source files. + #************************************************************************************************** + COMPONENT_MANAGER_CONTINUE= + until [ "${COMPONENT_MANAGER_CONTINUE^}" == "Y" ] || [ "${COMPONENT_MANAGER_CONTINUE^}" == "N" ]; do + read -r -n1 -p "Proceed? (Y/N) " COMPONENT_MANAGER_CONTINUE + COMPONENT_MANAGER_CONTINUE=${COMPONENT_MANAGER_CONTINUE^}; + echo; + done + + if [ "${COMPONENT_MANAGER_CONTINUE}" == "Y" ]; then + echo "Continuing with missing files..." + else + echo "Exiting..." + exit 1 + fi +fi + +echo "Copy operation completed for examples." + +# Check to see if we failed to previously build: +if [ -e "./build_failed.txt" ]; then + echo "Removing semaphore file: build_failed.txt" + rm ./build_failed.txt +fi +# end of prep + +#************************************************************************************************** +# Build all the projects in ./examples/ +# if an error is encountered, create a semaphore file called build_failed.txt +# +# NOTE: this checks if the *current* examples build with the *CURRENT* (already published) ESP Registry version. +# Run this script a second time (don't publish) to ensure the examples build with freshly-published wolfSSL code. +# Reminder that there may be a delay of several minutes or more between the time of publish, and the time +# when the files are actually available. + +# This build is for the *prior* version of ESP Component (the one *already* published) +# find ./examples/ -maxdepth 1 -mindepth 1 -type d | xargs -I {} sh -c 'cd {} && echo "\n\nBuilding {} for minimum component version: " && grep "wolfssl/wolfssl:" main/idf_component.yml && echo "\n\n" && idf.py build || touch ../../build_failed.txt' + +# we'll do a test build of the current to-be-published version of wolfSSL +# +# get a list of all directory names ---------------------| (SC2038 Use -print0/-0 or -exec + to allow for non-alphanumeric filenames.) +# send to xargs -----------------------------------------|-----------| +# use each directory name found as a parameter "{}" -----|-----------|-| +# run each as a shell script command --------------------|-----------|----| +# print a progress message for each example being built -|-----------|------------| +# send each directory found as a parameter to wolfssl_build_example.sh to build the project -------------------------------------------| +# The build_failed.txt will exist when one or more of the builds has failed -----------------------------------------------------------|------| +# +# TODO build disabled +#find ./examples/ -maxdepth 1 -mindepth 1 -type d -print0 | xargs -0 -I {} sh -c 'echo "\n\nBuilding {} " && ./wolfssl_build_example.sh {} || touch ../../build_failed.txt' + +echo "" +echo "Warning: build check for examples not yet in place." +echo "" + +# Check to see if we failed on this build: +if [ -e "./build_failed.txt" ]; then + echo "Build failed!" + exit 1 +fi +#************************************************************************************************** + +# Delete any managed components and build directories before uploading. +# The files *should* be excluded by default, so this is just local housekeeping. +# if not excluded, the upload will typically be 10x larger. Expected size = 10MB. +echo "Removing managed_components and build directories: (errors ok here)" +find ./examples/ -maxdepth 1 -mindepth 1 -type d -print0 | xargs -0 -I {} rm -r {}/managed_components/ +find ./examples/ -maxdepth 1 -mindepth 1 -type d -print0 | xargs -0 -I {} rm -r {}/build/ + +echo "" +echo "Samples files to publish:" +echo "" +find ./examples/ -print +echo "" + +# Check to see if we failed on this build: +if [ -e "./build_failed.txt" ]; then + echo "Build of 1 or more examples failed!" +else + echo "Build success for examples!" +fi + +echo "" +echo "Important: Review the list of files above to confirm they should ALL be published with the component." +echo "" +echo "Ready to publish..." + +if [ "${OK_TO_OVERWRITE_DIST^}" == "Y" ]; then + echo "" + echo " WARNING: The local distribution files have been updated." + echo "" + echo " By proceeding, you confirm this version has not been previously published." + echo "" + echo " If this version has been published, you will likely see an error when proceeding." + echo "" +fi + +echo "" +grep "version:" idf_component.yml +echo "" + +#************************************************************************************************** +# Confirm we actually want to proceed to publish. +#************************************************************************************************** +if [ -z "$IDF_COMPONENT_REGISTRY_URL" ]; then + echo "ERROR: IDF_COMPONENT_REGISTRY_URL should have been set." + echo "" + exit 1 +else + echo "Publishing local $THIS_COMPONENT source to ESP Registry: $IDF_COMPONENT_REGISTRY_URL" + echo "" + echo "=======================================================================================" + echo "=======================================================================================" + echo "" + echo "WARNING: The specified $THIS_COMPONENT_NAME component will be replaced upon completion." + echo "" + echo "=======================================================================================" + echo "=======================================================================================" + echo "" +fi + +COMPONENT_MANAGER_PUBLISH= +until [ "${COMPONENT_MANAGER_PUBLISH^}" == "Y" ] || [ "${COMPONENT_MANAGER_PUBLISH^}" == "N" ]; do + read -r -n1 -p "Proceed to publish $THIS_COMPONENT? (Y/N) " COMPONENT_MANAGER_PUBLISH + COMPONENT_MANAGER_PUBLISH=${COMPONENT_MANAGER_PUBLISH^}; + echo; +done + +if [ "${COMPONENT_MANAGER_PUBLISH}" == "Y" ]; then + echo; + echo "Here we go!" + echo "" + pwd + echo "" + echo "Creating files in ./dist/ then creating .tgz to upload. Please be patient..." + # + # The component will be called "wolfssl__wolfssl". There's no way to change that at this time. + # Unfortunately, there is no way to change the build-system name of a dependency installed + # by the component manager. It's always `namespace__component`. + # + # In the case of staging, the component will be called "[username]__mywolfssl" + # + + if [ "$IDF_COMPONENT_REGISTRY_URL" == "$PRODUCTION_URL" ]; then + # echo "WARNING: The live wolfSSL will be replaced upon completion." + echo "DISABLED: " + echo "compote component upload --namespace wolfssl --name $THIS_COMPONENT_NAME" || exit 1 + else + if [ "$IDF_COMPONENT_REGISTRY_URL" == "$STAGING_URL" ]; then + echo "Running: compote component upload --namespace $USER --name $THIS_COMPONENT_NAME" + echo "" + compote component upload --namespace "$THIS_NAMESPACE" --name "$THIS_COMPONENT_NAME" || exit 1 + else + echo "" + echo "WARNING: unexpected IDF_COMPONENT_REGISTRY_URL value = $IDF_COMPONENT_REGISTRY_URL" + echo "Expected blank or $STAGING_URL or $PRODUCTION_URL" + exit 1 + fi + fi + + echo "" + if [ -z "$IDF_COMPONENT_REGISTRY_URL" ]; then + echo "View the new component at https://components.espressif.com/components/wolfssl/wolfssl" + else + echo "View the new component at $IDF_COMPONENT_REGISTRY_URL/$THIS_NAMESPACE/$THIS_COMPONENT" + fi + echo "" + echo "Done!" + echo "" +else + echo; + echo "No files published!" +fi diff --git a/IDE/Espressif/include.am b/IDE/Espressif/include.am index 05fc62d78e4..3553eda3b23 100644 --- a/IDE/Espressif/include.am +++ b/IDE/Espressif/include.am @@ -2,10 +2,6 @@ # included from Top Level Makefile.am # All paths should be given relative to the root # -# NOTE: append_wolfssl_git_version.sh is not included as the -# distribution file set will not contain GitHub info -# -# see: https://github.com/wolfSSL/wolfssl/pull/5955 EXTRA_DIST+= IDE/Espressif/ESP-IDF/compileAllExamples.sh EXTRA_DIST+= IDE/Espressif/ESP-IDF/dummy_config_h @@ -18,6 +14,7 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/UPDATE.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/user_settings.h # Template +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/VisualGDB @@ -57,6 +54,7 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/VisualGDB_wolfssl_client.vgdbproj EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c @@ -72,6 +70,7 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/co EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/VisualGDB_wolfssl_server.vgdbproj EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt @@ -116,3 +115,28 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/test_wolfssl.c + +# Component Manager Publishing Files +EXTRA_DIST+= IDE/Espressif/component-manager/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/component-manager/INSTALL.md +EXTRA_DIST+= IDE/Espressif/component-manager/LICENSE.txt +EXTRA_DIST+= IDE/Espressif/component-manager/NEW_README.md +EXTRA_DIST+= IDE/Espressif/component-manager/README.md +EXTRA_DIST+= IDE/Espressif/component-manager/README_DIST.md +EXTRA_DIST+= IDE/Espressif/component-manager/README_REGISTRY_PREPEND.md +EXTRA_DIST+= IDE/Espressif/component-manager/README_STAGING.md +EXTRA_DIST+= IDE/Espressif/component-manager/README_STAGING_PREPEND.md +EXTRA_DIST+= IDE/Espressif/component-manager/component_manifest.txt +EXTRA_DIST+= IDE/Espressif/component-manager/idf_component.yml +EXTRA_DIST+= IDE/Espressif/component-manager/include/user_settings.h +EXTRA_DIST+= IDE/Espressif/component-manager/lib/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/component-manager/lib/components/wolfssl/README.md +EXTRA_DIST+= IDE/Espressif/component-manager/lib/components/wolfssl/include/user_settings.h +EXTRA_DIST+= IDE/Espressif/component-manager/lib/esp32-crypt.h +EXTRA_DIST+= IDE/Espressif/component-manager/lib/idf_component-staging-gojimmypi.yml +EXTRA_DIST+= IDE/Espressif/component-manager/lib/idf_component.yml +EXTRA_DIST+= IDE/Espressif/component-manager/lib/init_demo.sh +EXTRA_DIST+= IDE/Espressif/component-manager/lib/options.h +EXTRA_DIST+= IDE/Espressif/component-manager/lib/user_settings.h +EXTRA_DIST+= IDE/Espressif/component-manager/wolfssl_build_example.sh +EXTRA_DIST+= IDE/Espressif/component-manager/wolfssl_component_publish.sh