Guidance to use with Arduino as an IDF component in PIO

Question

Guidance to use with Arduino as an IDF component in PIO

hitecSmartHome opened this issue a month ago · comments

HITEC commented a month ago

Version

WOLFSSL: 5.7.0
Arduino: 2.0.16
IDF: 4.4.7

Description

I can't find a comprehensive guide to replace ESP-TLS with WolfSSL.

I have inluded wolfssl in my libdeps in platformio.ini

lib_deps = 
    https://github.com/joltwallet/esp_littlefs.git
    wolfssl/wolfSSL@^5.7.0-rev.3b

pio -t run menuconfig -> Component config -> ESP-TLS -> Choose SSL/TLS library for ESP-TLS

I only have mbedTLS

I have also got some compilation errors

In file included from .pio/libdeps/esp-wrover-kit/wolfssl/src/src/bio.c:26:
.pio/libdeps/esp-wrover-kit/wolfssl/src/wolfssl/wolfcrypt/settings.h:3566:6: error: #error "Found both ESPIDF and ARDUINO. Pick one."
     #error "Found both ESPIDF and ARDUINO. Pick one."
      ^~~~~
In file included from .pio/libdeps/esp-wrover-kit/wolfssl/src/src/conf.c:27:
.pio/libdeps/esp-wrover-kit/wolfssl/src/wolfssl/wolfcrypt/settings.h:3566:6: error: #error "Found both ESPIDF and ARDUINO. Pick one."
     #error "Found both ESPIDF and ARDUINO. Pick one."
      ^~~~~
Compiling .pio\build\esp-wrover-kit\libd11\wolfssl\src\crl.c.o
*** [.pio\build\esp-wrover-kit\libd11\wolfssl\src\bio.c.o] Error 1
*** [.pio\build\esp-wrover-kit\libd11\wolfssl\src\conf.c.o] Error 1
In file included from .pio/libdeps/esp-wrover-kit/wolfssl/src/src/crl.c:39:
.pio/libdeps/esp-wrover-kit/wolfssl/src/wolfssl/wolfcrypt/settings.h:3566:6: error: #error "Found both ESPIDF and ARDUINO. Pick one."
     #error "Found both ESPIDF and ARDUINO. Pick one."
      ^~~~~
*** [.pio\build\esp-wrover-kit\libd11\wolfssl\src\crl.c.o] Error 1
================================ [FAILED] Took 264.77 seconds ================================

kareem-wolfssl · Answer 1 · Tue Jun 11 2024 03:01:43 GMT+0800 (China Standard Time)

Hi @hitecSmartHome ,

To get wolfSSL working with ESP-IDF/Espressif, check out our example with documentation here: https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif

gojimmypi · Answer 2 · Tue Jun 11 2024 17:53:12 GMT+0800 (China Standard Time)

Hi @hitecSmartHome

I can't find a comprehensive guide to replace ESP-TLS with WolfSSL.

We do not at this time have such a guide. Further, as with many engineering topics, replacing ESP-TLS: "it depends".

Without additional details on your project, my recommendation on the replacement is just that: completely remove the ESP-TLS and use wolfSSL directly unless there's a compelling reason to need both.

Although the ESP-IDF offers the ability to switch between crypto libraries, it adds an unnecessary layer of complexity. Further, the espressif/esp-wolfssl is not managed by wolfSSL and is typically stale. As of today, the submodule is 2 years old.

That said, I'd like to help. Can you provide a code example?

I wrote a wolfSSL blog on PlatformIO, There's also the IDE/PlatformIO with benchmark and test examples, but I've not had a chance to add the TLS Client and Server examples that are available for Arduino.

Regarding the error: Found both ESPIDF and ARDUINO. Pick one. - Please note that there are two PlatformIO libraries:

I've not yet used both the IDF and Arduino concurrently. Are you using the Arduino as an ESP-IDF component? If so, perhaps try using the Arduino-wolfSSL library instead.

Thank you for your interest in wolfSSL. We look forward to learning more about your project.

HITEC · Answer 3 · Wed Jun 12 2024 14:40:35 GMT+0800 (China Standard Time)

Thank you very much for the explanation.
I tought I can just replace mbedTLS in menuconfig with wolfssl if it's in libdeps and let the IDF libraries use that instead.
I'm not using it in my own code for any specific reasons, just https, wss connections trought IDF libraries.

ESP-TLS uses a lot of RAM, I needed a way to minimise this. But if it does not work out of the box I have no time to write my own wrappers.

Thank you very much again!

gojimmypi · Answer 4 · Wed Jun 12 2024 16:37:22 GMT+0800 (China Standard Time)

@hitecSmartHome that's correct: one should be able to select wolfSSL in the ESP-IDF.

Coincidentally, I'll be focusing on improving this in the very near future and updating the referenced wolfSSL library at espressif/esp-wolfssl. I have a new CMakeLists.txt in the examples that allows pointing to wolfSSL source code via searching parent directories, assigning cmake variable, or setting environment variable for WOLFSSL_ROOT.

If you'd like, I could help with your project? It would be great to have your feedback for either the ESP-TLS, or using wolfSSL directly. Note there are also wolfSSL TLS client and server examples to help you get started.

I've been able to do TLS 1.3 in as little as 32KB RAM + 256KB flash on the Arduino Nano 33 IoT SAMD21. See tweet thread.

Best Regards.