From: Angus Gratton <angus@espressif.com>
Date: Thu, 17 Aug 2017 04:19:03 +0000 (+1000)
Subject: mbedtls: Remove "unsafe" warning, enable AES by default & make SHA/MPI optional
X-Git-Tag: v3.1-dev~347^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0ea4cd67ddc0fd7edc3b68538bdc0717483e834b;p=esp-idf

mbedtls: Remove "unsafe" warning, enable AES by default & make SHA/MPI optional
---

diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
index 8d9d708206..f1016f5c29 100644
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@@ -31,26 +31,18 @@ config MBEDTLS_DEBUG
 	   at runtime in order to enable mbedTLS debug output via the ESP
 	   log mechanism.
 
-config MBEDTLS_UNSAFE_ACCELERATION
-   bool "Allow buggy hardware acceleration features"
-   depends on !FREERTOS_UNICORE
-   default n
-   help
-       A bug currently prevents dual cores & crypto hardware acceleration from being used together.
-
-       Enable this option to allow hardware acceleration anyhow (note that invalid results or crashes may occur.)
-
 config MBEDTLS_HARDWARE_AES
    bool "Enable hardware AES acceleration"
-   depends on MBEDTLS_UNSAFE_ACCELERATION || FREERTOS_UNICORE
    default y
    help
        Enable hardware accelerated AES encryption & decryption.
 
+       Note that if the ESP32 CPU is running at 240MHz, hardware AES does not
+       offer any speed boost over software AES.
+
 config MBEDTLS_HARDWARE_MPI
    bool "Enable hardware MPI (bignum) acceleration"
-   depends on MBEDTLS_UNSAFE_ACCELERATION || FREERTOS_UNICORE
-   default y
+   default n
    help
        Enable hardware accelerated multiple precision integer operations.
 
@@ -62,7 +54,7 @@ config MBEDTLS_HARDWARE_MPI
 config MBEDTLS_MPI_USE_INTERRUPT
     bool "Use interrupt for MPI operations"
     depends on MBEDTLS_HARDWARE_MPI
-    default y
+    default n
     help
         Use an interrupt to coordinate MPI operations.
 
@@ -71,16 +63,18 @@ config MBEDTLS_MPI_USE_INTERRUPT
 
 config MBEDTLS_HARDWARE_SHA
    bool "Enable hardware SHA acceleration"
-   depends on MBEDTLS_UNSAFE_ACCELERATION || FREERTOS_UNICORE
-   default y
+   default n
    help
        Enable hardware accelerated SHA1, SHA256, SHA384 & SHA512 in mbedTLS.
 
        Due to a hardware limitation, hardware acceleration is only
        guaranteed if SHA digests are calculated one at a time. If more
-       than one SHA digest is calculated at the same time, only will
+       than one SHA digest is calculated at the same time, one will
        be calculated fully in hardware and the rest will be calculated
-       (at least partially calculated) in software.
+       (at least partially calculated) in software. This happens automatically.
+
+       SHA hardware acceleration is faster than software in some situations but
+       slower in others. You should benchmark to find the best setting for you.
 
 config MBEDTLS_HAVE_TIME
    bool "Enable mbedtls time"
diff --git a/components/mbedtls/test/test_mbedtls_sha.c b/components/mbedtls/test/test_mbedtls_sha.c
index e31eec9bb7..fba16ef0b5 100644
--- a/components/mbedtls/test/test_mbedtls_sha.c
+++ b/components/mbedtls/test/test_mbedtls_sha.c
@@ -119,13 +119,15 @@ static void tskRunSHA256Test(void *pvParameters)
     vTaskDelete(NULL);
 }
 
-TEST_CASE("mbedtls SHA multithreading", "[mbedtls][ignore]")
+#define SHA_TASK_STACK_SIZE (10*1024)
+
+TEST_CASE("mbedtls SHA multithreading", "[mbedtls]")
 {
     done_sem = xSemaphoreCreateCounting(4, 0);
-    xTaskCreate(tskRunSHA1Test, "SHA1Task1", 8192, NULL, 3, NULL);
-    xTaskCreate(tskRunSHA1Test, "SHA1Task2", 8192, NULL, 3, NULL);
-    xTaskCreate(tskRunSHA256Test, "SHA256Task1", 8192, NULL, 3, NULL);
-    xTaskCreate(tskRunSHA256Test, "SHA256Task2", 8192, NULL, 3, NULL);
+    xTaskCreate(tskRunSHA1Test, "SHA1Task1", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
+    xTaskCreate(tskRunSHA1Test, "SHA1Task2", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
+    xTaskCreate(tskRunSHA256Test, "SHA256Task1", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
+    xTaskCreate(tskRunSHA256Test, "SHA256Task2", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
 
     for(int i = 0; i < 4; i++) {
         if(!xSemaphoreTake(done_sem, 10000/portTICK_PERIOD_MS)) {
@@ -165,14 +167,10 @@ void tskRunSHASelftests(void *param)
 TEST_CASE("mbedtls SHA self-tests multithreaded", "[mbedtls]")
 {
     done_sem = xSemaphoreCreateCounting(2, 0);
-    xTaskCreate(tskRunSHASelftests, "SHASelftests1", 8192, NULL, 3, NULL);
-    xTaskCreate(tskRunSHASelftests, "SHASelftests2", 8192, NULL, 3, NULL);
-
-#ifdef CONFIG_MBEDTLS_HARDWARE_SHA
-    const int TIMEOUT_MS = 12000;
-#else
-    const int TIMEOUT_MS = 20000; // Soft-only SHA may need a little longer
-#endif
+    xTaskCreate(tskRunSHASelftests, "SHASelftests1", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
+    xTaskCreate(tskRunSHASelftests, "SHASelftests2", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
+
+    const int TIMEOUT_MS = 20000;
 
     for(int i = 0; i < 2; i++) {
         if(!xSemaphoreTake(done_sem, TIMEOUT_MS/portTICK_PERIOD_MS)) {
diff --git a/tools/unit-test-app/sdkconfig b/tools/unit-test-app/sdkconfig
index 55a5121e21..e97cb3c45c 100644
--- a/tools/unit-test-app/sdkconfig
+++ b/tools/unit-test-app/sdkconfig
@@ -19,7 +19,6 @@ CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y
 # CONFIG_LOG_BOOTLOADER_LEVEL_DEBUG is not set
 # CONFIG_LOG_BOOTLOADER_LEVEL_VERBOSE is not set
 CONFIG_LOG_BOOTLOADER_LEVEL=2
-# CONFIG_BOOTLOADER_LTO is not set
 
 #
 # Security features
@@ -174,6 +173,11 @@ CONFIG_ESP32_DEEP_SLEEP_WAKEUP_DELAY=0
 # CONFIG_ESP32_XTAL_FREQ_26 is not set
 CONFIG_ESP32_XTAL_FREQ_AUTO=y
 CONFIG_ESP32_XTAL_FREQ=0
+# CONFIG_NO_BLOBS is not set
+
+#
+# Wi-Fi
+#
 CONFIG_ESP32_WIFI_STATIC_RX_BUFFER_NUM=10
 CONFIG_ESP32_WIFI_DYNAMIC_RX_BUFFER_NUM=0
 # CONFIG_ESP32_WIFI_STATIC_TX_BUFFER is not set
@@ -181,8 +185,9 @@ CONFIG_ESP32_WIFI_DYNAMIC_TX_BUFFER=y
 CONFIG_ESP32_WIFI_TX_BUFFER_TYPE=1
 CONFIG_ESP32_WIFI_DYNAMIC_TX_BUFFER_NUM=32
 CONFIG_ESP32_WIFI_AMPDU_ENABLED=y
+CONFIG_ESP32_WIFI_TX_BA_WIN=6
+CONFIG_ESP32_WIFI_RX_BA_WIN=6
 CONFIG_ESP32_WIFI_NVS_ENABLED=y
-CONFIG_PHY_ENABLED=y
 
 #
 # PHY
@@ -280,10 +285,16 @@ CONFIG_TCP_SYNMAXRTX=6
 CONFIG_TCP_MSS=1436
 CONFIG_TCP_SND_BUF_DEFAULT=5744
 CONFIG_TCP_WND_DEFAULT=5744
+CONFIG_TCP_RECVMBOX_SIZE=6
 CONFIG_TCP_QUEUE_OOSEQ=y
 CONFIG_TCP_OVERSIZE_MSS=y
 # CONFIG_TCP_OVERSIZE_QUARTER_MSS is not set
 # CONFIG_TCP_OVERSIZE_DISABLE is not set
+
+#
+# UDP
+#
+CONFIG_UDP_RECVMBOX_SIZE=6
 # CONFIG_LWIP_DHCP_DOES_ARP_CHECK is not set
 CONFIG_TCPIP_TASK_STACK_SIZE=2048
 # CONFIG_PPP_SUPPORT is not set
@@ -299,7 +310,10 @@ CONFIG_TCPIP_TASK_STACK_SIZE=2048
 #
 CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=16384
 # CONFIG_MBEDTLS_DEBUG is not set
-# CONFIG_MBEDTLS_UNSAFE_ACCELERATION is not set
+CONFIG_MBEDTLS_HARDWARE_AES=y
+CONFIG_MBEDTLS_HARDWARE_MPI=y
+CONFIG_MBEDTLS_MPI_USE_INTERRUPT=y
+CONFIG_MBEDTLS_HARDWARE_SHA=y
 CONFIG_MBEDTLS_HAVE_TIME=y
 # CONFIG_MBEDTLS_HAVE_TIME_DATE is not set
 
@@ -315,3 +329,10 @@ CONFIG_OPENSSL_ASSERT_DO_NOTHING=y
 #
 # CONFIG_SPI_FLASH_ENABLE_COUNTERS is not set
 CONFIG_SPI_FLASH_ROM_DRIVER_PATCH=y
+
+#
+# Wear Levelling
+#
+# CONFIG_WL_SECTOR_SIZE_512 is not set
+CONFIG_WL_SECTOR_SIZE_4096=y
+CONFIG_WL_SECTOR_SIZE=4096