espressif / esp-wolfssl

WolfSSL port for ESP-IDF & ESP8266_RTOS_SDK
40 stars 13 forks source link

how to configure TLS 1.3 DH key size? #11

Closed gojimmypi closed 3 years ago

gojimmypi commented 3 years ago

When building the esp-wolfssl/examples/wolfssl_client example, I am encountering an error:

$ idf.py build
Executing action: all (aliases: build)
Running ninja in directory /mnt/c/workspace/esp-wolfssl/examples/wolfssl_client/build
Executing "ninja all"...
[0/1] Re-running CMake...
-- Building ESP-IDF components for target esp32
-- Project sdkconfig file /mnt/c/workspace/esp-wolfssl/examples/wolfssl_client/sdkconfig
-- App "wolfssl" version: 19613e4
...
[937/1107] Building C object esp-idf/wolfssl/CMakeFiles/__idf_wolfssl.dir/src/tls.c.obj
FAILED: esp-idf/wolfssl/CMakeFiles/__idf_wolfssl.dir/src/tls.c.obj
...
/home/gojimmypi/esp/esp-idf/components/wolfssl/src/tls.c:90:10: error: #error Please configure your TLS 1.3 DH key size using either: HAVE_FFDHE_2048, HAVE_FFDHE_3072, HAVE_FFDHE_4096, HAVE_FFDHE_6144 or HAVE_FFDHE_8192
         #error Please configure your TLS 1.3 DH key size using either: HAVE_FFDHE_2048, HAVE_FFDHE_3072, HAVE_FFDHE_4096, HAVE_FFDHE_6144 or HAVE_FFDHE_8192

I followed the instructions in the README.md regarding the idf.py menuconfig but I didn't see any mention of key size.

I've also tried the WolfSSL download code as described in my blog here with essentially the same error.

Any suggestions on setting the TLS 1.3 DH key size? Thanks.

*edit: also tried adding #define HAVE_FFDHE_2048 at the beginning of wolfssl_client_demo.c, no luck. I also tried adding the define just above this line in tls.c - also no joy.

gojimmypi commented 3 years ago

The root cause of this error for me was that I was editing the wrong settings.h file.

I was editing the incorrect file from the repo clone, in my case for WSL:

/mnt/c/workspace/wolfssl/wolfssl/wolfcrypt/settings.h

For the ESP32/Embedded target, the proper file to edit is:

~/esp/esp-idf/components/wolfssl/wolfssl/wolfcrypt/settings.h

This is somewhat documented in wolfssl/IDE/Espressif/ESP-IDF/, but it is not entirely obvious, as least to me. I created https://github.com/wolfSSL/wolfssl/pull/4357 that may make this more clear.

See also espressif/esp-wolfssl