From edb84c19ddcfceb31860dd4ef3bc3a5957b93d57 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Tue, 12 May 2020 14:56:21 +0530 Subject: [PATCH] coap: move mbedTLS config options from component to examples CoAP component relies on some mbedTLS crypto configuration options, e.g. DTLS and PSK. These configuration options if selected, have footprint impact on generic TLS examples like https_request or https_ota as well. Footprint of https_request example with/without change is per below: $ ./tools/idf_size.py new_https_request.map --diff old_https_request.map MAP file: new_https_request.map MAP file: old_https_request.map Difference is counted as - , i.e. a positive number means that is larger. Total sizes of : Difference DRAM .data size: 14796 bytes 14796 DRAM .bss size: 23560 bytes 23680 -120 Used static DRAM: 38356 bytes ( 142380 available, 21.2% used) 38476 -120 ( +120 available, +0 total) Used static IRAM: 89045 bytes ( 42027 available, 67.9% used) 89045 ( +0 available, +0 total) Flash code: 554231 bytes 563823 -9592 Flash rodata: 179000 bytes 181224 -2224 Total image size:~ 860632 bytes (.bin may be padded larger) 872568 -11936 This commit moves relevant config options to CoAP specific examples and also adds some run time warnings if they are kept disabled. Closes https://github.com/espressif/esp-idf/issues/5262 --- components/coap/Kconfig | 6 ------ components/coap/port/coap_mbedtls.c | 18 ++++++++++++++++++ .../protocols/coap_client/sdkconfig.defaults | 3 +++ .../protocols/coap_server/sdkconfig.defaults | 3 +++ 4 files changed, 24 insertions(+), 6 deletions(-) create mode 100644 examples/protocols/coap_client/sdkconfig.defaults create mode 100644 examples/protocols/coap_server/sdkconfig.defaults diff --git a/components/coap/Kconfig b/components/coap/Kconfig index ad00334c1..2e5693893 100644 --- a/components/coap/Kconfig +++ b/components/coap/Kconfig @@ -11,15 +11,9 @@ menu "CoAP Configuration" - Encrypt using defined Public Key Infrastructure (PKI if uri includes coaps://) config COAP_MBEDTLS_PSK - select MBEDTLS_SSL_PROTO_DTLS - select MBEDTLS_PSK_MODES - select MBEDTLS_KEY_EXCHANGE_PSK bool "Pre-Shared Keys" config COAP_MBEDTLS_PKI - select MBEDTLS_SSL_PROTO_DTLS - select MBEDTLS_PSK_MODES - select MBEDTLS_KEY_EXCHANGE_PSK bool "PKI Certificates" endchoice #COAP_MBEDTLS_ENCRYPTION_MODE diff --git a/components/coap/port/coap_mbedtls.c b/components/coap/port/coap_mbedtls.c index 1727dac67..71e9108b7 100644 --- a/components/coap/port/coap_mbedtls.c +++ b/components/coap/port/coap_mbedtls.c @@ -908,6 +908,7 @@ fail: } #endif /* !defined(ESPIDF_VERSION) || CONFIG_MBEDTLS_TLS_SERVER) */ +#if !defined(ESPIDF_VERSION) || defined(CONFIG_MBEDTLS_PSK_MODES) #define MAX_CIPHERS 100 static int psk_ciphers[MAX_CIPHERS]; static int pki_ciphers[MAX_CIPHERS]; @@ -964,6 +965,7 @@ set_ciphersuites(mbedtls_ssl_config *conf, int is_psk) } mbedtls_ssl_conf_ciphersuites(conf, is_psk ? psk_ciphers : pki_ciphers); } +#endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_PSK_MODES */ static int setup_client_ssl_session(coap_session_t *c_session, coap_mbedtls_env_t *m_env) @@ -1066,7 +1068,9 @@ static int setup_client_ssl_session(coap_session_t *c_session, #if !defined(ESPIDF_VERSION) || defined(CONFIG_MBEDTLS_SSL_PROTO_DTLS) mbedtls_ssl_set_mtu(&m_env->ssl, c_session->mtu); #endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_SSL_PROTO_DTLS */ +#if !defined(ESPIDF_VERSION) || defined(CONFIG_MBEDTLS_PSK_MODES) set_ciphersuites(&m_env->conf, 0); +#endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_PSK_MODES */ } return 0; @@ -1260,6 +1264,13 @@ int coap_dtls_context_set_psk(struct coap_context_t *c_context, { coap_mbedtls_context_t *m_context = ((coap_mbedtls_context_t *)c_context->dtls_context); +#if defined(ESPIDF_VERSION) && (!defined(CONFIG_MBEDTLS_PSK_MODES) || !defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK)) + coap_log(LOG_EMERG, "coap_dtls_context_set_psk:" + " libcoap not compiled with MBEDTLS_PSK_MODES and MBEDTLS_KEY_EXCHANGE_PSK" + " - update mbedTLS to include psk mode configs\n"); + return 0; +#endif /* ESPIDF_VERSION && (!CONFIG_MBEDTLS_PSK_MODES || !CONFIG_MBEDTLS_KEY_EXCHANGE_PSK) */ + #if defined(ESPIDF_VERSION) && !defined(CONFIG_MBEDTLS_TLS_SERVER) coap_log(LOG_EMERG, "coap_dtls_context_set_psk:" " libcoap not compiled for Server Mode for MbedTLS" @@ -1322,6 +1333,13 @@ int coap_dtls_context_set_pki(struct coap_context_t *c_context, coap_dtls_pki_t *setup_data, coap_dtls_role_t role UNUSED) { +#if defined(ESPIDF_VERSION) && (!defined(CONFIG_MBEDTLS_PSK_MODES) || !defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK)) + coap_log(LOG_EMERG, "coap_dtls_context_set_pki:" + " libcoap not compiled with MBEDTLS_PSK_MODES and MBEDTLS_KEY_EXCHANGE_PSK" + " - update mbedTLS to include psk mode configs\n"); + return 0; +#endif /* ESPIDF_VERSION && (!CONFIG_MBEDTLS_PSK_MODES || !CONFIG_MBEDTLS_KEY_EXCHANGE_PSK) */ + coap_mbedtls_context_t *m_context = ((coap_mbedtls_context_t *)c_context->dtls_context); diff --git a/examples/protocols/coap_client/sdkconfig.defaults b/examples/protocols/coap_client/sdkconfig.defaults new file mode 100644 index 000000000..03171ab26 --- /dev/null +++ b/examples/protocols/coap_client/sdkconfig.defaults @@ -0,0 +1,3 @@ +CONFIG_MBEDTLS_SSL_PROTO_DTLS=y +CONFIG_MBEDTLS_PSK_MODES=y +CONFIG_MBEDTLS_KEY_EXCHANGE_PSK=y diff --git a/examples/protocols/coap_server/sdkconfig.defaults b/examples/protocols/coap_server/sdkconfig.defaults new file mode 100644 index 000000000..03171ab26 --- /dev/null +++ b/examples/protocols/coap_server/sdkconfig.defaults @@ -0,0 +1,3 @@ +CONFIG_MBEDTLS_SSL_PROTO_DTLS=y +CONFIG_MBEDTLS_PSK_MODES=y +CONFIG_MBEDTLS_KEY_EXCHANGE_PSK=y