coap: move mbedTLS config options from component to examples

CoAP component relies on some mbedTLS crypto configuration
options, e.g. DTLS and PSK. These configuration options if
selected, have footprint impact on generic TLS examples like
https_request or https_ota as well.

Footprint of https_request example with/without change is per below:

$ ./tools/idf_size.py new_https_request.map --diff old_https_request.map

<CURRENT> MAP file: new_https_request.map
<REFERENCE> MAP file: old_https_request.map
Difference is counted as <CURRENT> - <REFERENCE>, i.e. a positive number means that <CURRENT> is larger.
Total sizes of <CURRENT>:                                                 <REFERENCE>     Difference
 DRAM .data size:   14796 bytes                                                 14796
 DRAM .bss  size:   23560 bytes                                                 23680           -120
Used static DRAM:   38356 bytes ( 142380 available, 21.2% used)                 38476           -120 (   +120 available,      +0 total)
Used static IRAM:   89045 bytes (  42027 available, 67.9% used)                 89045                (     +0 available,      +0 total)
      Flash code:  554231 bytes                                                563823          -9592
    Flash rodata:  179000 bytes                                                181224          -2224
Total image size:~ 860632 bytes (.bin may be padded larger)                    872568         -11936

This commit moves relevant config options to CoAP specific examples
and also adds some run time warnings if they are kept disabled.

Closes https://github.com/espressif/esp-idf/issues/5262
This commit is contained in:
Mahavir Jain 2020-05-12 14:56:21 +05:30
parent d6a6ac4d2d
commit 7dbf01afad
4 changed files with 24 additions and 6 deletions

View File

@ -11,15 +11,9 @@ menu "CoAP Configuration"
- Encrypt using defined Public Key Infrastructure (PKI if uri includes coaps://)
config COAP_MBEDTLS_PSK
select MBEDTLS_SSL_PROTO_DTLS
select MBEDTLS_PSK_MODES
select MBEDTLS_KEY_EXCHANGE_PSK
bool "Pre-Shared Keys"
config COAP_MBEDTLS_PKI
select MBEDTLS_SSL_PROTO_DTLS
select MBEDTLS_PSK_MODES
select MBEDTLS_KEY_EXCHANGE_PSK
bool "PKI Certificates"
endchoice #COAP_MBEDTLS_ENCRYPTION_MODE

View File

@ -908,6 +908,7 @@ fail:
}
#endif /* !defined(ESPIDF_VERSION) || CONFIG_MBEDTLS_TLS_SERVER) */
#if !defined(ESPIDF_VERSION) || defined(CONFIG_MBEDTLS_PSK_MODES)
#define MAX_CIPHERS 100
static int psk_ciphers[MAX_CIPHERS];
static int pki_ciphers[MAX_CIPHERS];
@ -964,6 +965,7 @@ set_ciphersuites(mbedtls_ssl_config *conf, int is_psk)
}
mbedtls_ssl_conf_ciphersuites(conf, is_psk ? psk_ciphers : pki_ciphers);
}
#endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_PSK_MODES */
static int setup_client_ssl_session(coap_session_t *c_session,
coap_mbedtls_env_t *m_env)
@ -1066,7 +1068,9 @@ static int setup_client_ssl_session(coap_session_t *c_session,
#if !defined(ESPIDF_VERSION) || defined(CONFIG_MBEDTLS_SSL_PROTO_DTLS)
mbedtls_ssl_set_mtu(&m_env->ssl, c_session->mtu);
#endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_SSL_PROTO_DTLS */
#if !defined(ESPIDF_VERSION) || defined(CONFIG_MBEDTLS_PSK_MODES)
set_ciphersuites(&m_env->conf, 0);
#endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_PSK_MODES */
}
return 0;
@ -1260,6 +1264,13 @@ int coap_dtls_context_set_psk(struct coap_context_t *c_context,
{
coap_mbedtls_context_t *m_context =
((coap_mbedtls_context_t *)c_context->dtls_context);
#if defined(ESPIDF_VERSION) && (!defined(CONFIG_MBEDTLS_PSK_MODES) || !defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK))
coap_log(LOG_EMERG, "coap_dtls_context_set_psk:"
" libcoap not compiled with MBEDTLS_PSK_MODES and MBEDTLS_KEY_EXCHANGE_PSK"
" - update mbedTLS to include psk mode configs\n");
return 0;
#endif /* ESPIDF_VERSION && (!CONFIG_MBEDTLS_PSK_MODES || !CONFIG_MBEDTLS_KEY_EXCHANGE_PSK) */
#if defined(ESPIDF_VERSION) && !defined(CONFIG_MBEDTLS_TLS_SERVER)
coap_log(LOG_EMERG, "coap_dtls_context_set_psk:"
" libcoap not compiled for Server Mode for MbedTLS"
@ -1322,6 +1333,13 @@ int coap_dtls_context_set_pki(struct coap_context_t *c_context,
coap_dtls_pki_t *setup_data,
coap_dtls_role_t role UNUSED)
{
#if defined(ESPIDF_VERSION) && (!defined(CONFIG_MBEDTLS_PSK_MODES) || !defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK))
coap_log(LOG_EMERG, "coap_dtls_context_set_pki:"
" libcoap not compiled with MBEDTLS_PSK_MODES and MBEDTLS_KEY_EXCHANGE_PSK"
" - update mbedTLS to include psk mode configs\n");
return 0;
#endif /* ESPIDF_VERSION && (!CONFIG_MBEDTLS_PSK_MODES || !CONFIG_MBEDTLS_KEY_EXCHANGE_PSK) */
coap_mbedtls_context_t *m_context =
((coap_mbedtls_context_t *)c_context->dtls_context);

View File

@ -0,0 +1,3 @@
CONFIG_MBEDTLS_SSL_PROTO_DTLS=y
CONFIG_MBEDTLS_PSK_MODES=y
CONFIG_MBEDTLS_KEY_EXCHANGE_PSK=y

View File

@ -0,0 +1,3 @@
CONFIG_MBEDTLS_SSL_PROTO_DTLS=y
CONFIG_MBEDTLS_PSK_MODES=y
CONFIG_MBEDTLS_KEY_EXCHANGE_PSK=y