coap: move mbedTLS config options from component to examples

CoAP component relies on some mbedTLS crypto configuration options, e.g. DTLS and PSK. These configuration options if selected, have footprint impact on generic TLS examples like https_request or https_ota as well. Footprint of https_request example with/without change is per below: $ ./tools/idf_size.py new_https_request.map --diff old_https_request.map <CURRENT> MAP file: new_https_request.map <REFERENCE> MAP file: old_https_request.map Difference is counted as <CURRENT> - <REFERENCE>, i.e. a positive number means that <CURRENT> is larger. Total sizes of <CURRENT>: <REFERENCE> Difference DRAM .data size: 14796 bytes 14796 DRAM .bss size: 23560 bytes 23680 -120 Used static DRAM: 38356 bytes ( 142380 available, 21.2% used) 38476 -120 ( +120 available, +0 total) Used static IRAM: 89045 bytes ( 42027 available, 67.9% used) 89045 ( +0 available, +0 total) Flash code: 554231 bytes 563823 -9592 Flash rodata: 179000 bytes 181224 -2224 Total image size:~ 860632 bytes (.bin may be padded larger) 872568 -11936 This commit moves relevant config options to CoAP specific examples and also adds some run time warnings if they are kept disabled. Closes https://github.com/espressif/esp-idf/issues/5262
2020-05-12 14:56:21 +05:30 · 2020-05-12 14:56:21 +05:30 · edb84c19dd
parent 84b51781c8
commit edb84c19dd
4 changed files with 24 additions and 6 deletions
--- a/components/coap/Kconfig
+++ b/components/coap/Kconfig
@ -11,15 +11,9 @@ menu "CoAP Configuration"
            - Encrypt using defined Public Key Infrastructure (PKI if uri includes coaps://)

        config COAP_MBEDTLS_PSK
-            select MBEDTLS_SSL_PROTO_DTLS
-            select MBEDTLS_PSK_MODES
-            select MBEDTLS_KEY_EXCHANGE_PSK
            bool "Pre-Shared Keys"

        config COAP_MBEDTLS_PKI
-            select MBEDTLS_SSL_PROTO_DTLS
-            select MBEDTLS_PSK_MODES
-            select MBEDTLS_KEY_EXCHANGE_PSK
            bool "PKI Certificates"

    endchoice #COAP_MBEDTLS_ENCRYPTION_MODE
--- a/components/coap/port/coap_mbedtls.c
+++ b/components/coap/port/coap_mbedtls.c
@ -908,6 +908,7 @@ fail:
 }
 #endif /* !defined(ESPIDF_VERSION) || CONFIG_MBEDTLS_TLS_SERVER) */

+#if !defined(ESPIDF_VERSION) || defined(CONFIG_MBEDTLS_PSK_MODES)
 #define MAX_CIPHERS 100
 static int psk_ciphers[MAX_CIPHERS];
 static int pki_ciphers[MAX_CIPHERS];
@ -964,6 +965,7 @@ set_ciphersuites(mbedtls_ssl_config *conf, int is_psk)
  }
  mbedtls_ssl_conf_ciphersuites(conf, is_psk ? psk_ciphers : pki_ciphers);
 }
+#endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_PSK_MODES */

 static int setup_client_ssl_session(coap_session_t *c_session,
                                    coap_mbedtls_env_t *m_env)
@ -1066,7 +1068,9 @@ static int setup_client_ssl_session(coap_session_t *c_session,
 #if !defined(ESPIDF_VERSION) || defined(CONFIG_MBEDTLS_SSL_PROTO_DTLS)
    mbedtls_ssl_set_mtu(&m_env->ssl, c_session->mtu);
 #endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_SSL_PROTO_DTLS */
+#if !defined(ESPIDF_VERSION) || defined(CONFIG_MBEDTLS_PSK_MODES)
    set_ciphersuites(&m_env->conf, 0);
+#endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_PSK_MODES */
  }
  return 0;

@ -1260,6 +1264,13 @@ int coap_dtls_context_set_psk(struct coap_context_t *c_context,
 {
  coap_mbedtls_context_t *m_context =
              ((coap_mbedtls_context_t *)c_context->dtls_context);
+#if defined(ESPIDF_VERSION) && (!defined(CONFIG_MBEDTLS_PSK_MODES) || !defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK))
+  coap_log(LOG_EMERG, "coap_dtls_context_set_psk:"
+           " libcoap not compiled with MBEDTLS_PSK_MODES and MBEDTLS_KEY_EXCHANGE_PSK"
+           " - update mbedTLS to include psk mode configs\n");
+  return 0;
+#endif /* ESPIDF_VERSION && (!CONFIG_MBEDTLS_PSK_MODES || !CONFIG_MBEDTLS_KEY_EXCHANGE_PSK) */
+
 #if defined(ESPIDF_VERSION) && !defined(CONFIG_MBEDTLS_TLS_SERVER)
  coap_log(LOG_EMERG, "coap_dtls_context_set_psk:"
           " libcoap not compiled for Server Mode for MbedTLS"
@ -1322,6 +1333,13 @@ int coap_dtls_context_set_pki(struct coap_context_t *c_context,
                          coap_dtls_pki_t *setup_data,
                          coap_dtls_role_t role UNUSED)
 {
+#if defined(ESPIDF_VERSION) && (!defined(CONFIG_MBEDTLS_PSK_MODES) || !defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK))
+  coap_log(LOG_EMERG, "coap_dtls_context_set_pki:"
+           " libcoap not compiled with MBEDTLS_PSK_MODES and MBEDTLS_KEY_EXCHANGE_PSK"
+           " - update mbedTLS to include psk mode configs\n");
+  return 0;
+#endif /* ESPIDF_VERSION && (!CONFIG_MBEDTLS_PSK_MODES || !CONFIG_MBEDTLS_KEY_EXCHANGE_PSK) */
+
  coap_mbedtls_context_t *m_context =
             ((coap_mbedtls_context_t *)c_context->dtls_context);

--- a/examples/protocols/coap_client/sdkconfig.defaults
+++ b/examples/protocols/coap_client/sdkconfig.defaults
@ -0,0 +1,3 @@
+CONFIG_MBEDTLS_SSL_PROTO_DTLS=y
+CONFIG_MBEDTLS_PSK_MODES=y
+CONFIG_MBEDTLS_KEY_EXCHANGE_PSK=y
--- a/examples/protocols/coap_server/sdkconfig.defaults
+++ b/examples/protocols/coap_server/sdkconfig.defaults
@ -0,0 +1,3 @@
+CONFIG_MBEDTLS_SSL_PROTO_DTLS=y
+CONFIG_MBEDTLS_PSK_MODES=y
+CONFIG_MBEDTLS_KEY_EXCHANGE_PSK=y