Introduce Espressif wolfcrypt warmup

Author: gojimmypi

IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c

@@ -20,17 +20,19 @@
  */
 
 /* ESP-IDF */
-#include <esp_log.h>
 #include "sdkconfig.h"
+#include <esp_log.h>
 
 /* wolfSSL */
-/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
-/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+/* The wolfSSL user_settings.h is automatically included by settings.h file.
+ * Never explicitly include wolfSSL user_settings.h in any source file.
+ * The settings.h should also be listed above wolfssl library include files. */
 #if defined(WOLFSSL_USER_SETTINGS)
     #include <wolfssl/wolfcrypt/settings.h>
     #if defined(WOLFSSL_ESPIDF)
         #include <wolfssl/version.h>
         #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfssl/wolfcrypt/logging.h>
         #include <wolfcrypt/test/test.h>
         #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
         #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
@@ -187,7 +189,16 @@ void app_main(void)
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "Stack Start: 0x%x", stack_start);
-
+#ifdef HAVE_WOLFCRYPT_WARMUP
+    /* Unless disabled, we'll try to allocate known, long-term heap items early
+     * in an attempt to avoid later allocations that may cause fragmentation. */
+    ESP_ERROR_CHECK(esp_sdk_wolfssl_warmup());
+#endif
+#ifdef DEBUG_WOLFSSL
+    /* Turn debugging on and off as needed: */
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
+#endif
 #ifdef WOLFSSL_ESP_NO_WATCHDOG
     ESP_LOGW(TAG, "Found WOLFSSL_ESP_NO_WATCHDOG, disabling...");
     esp_DisableWatchdog();

wolfcrypt/src/port/Espressif/esp32_util.c

@@ -50,6 +50,12 @@
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/version.h>
 
+#ifndef NO_WOLFCRYPT_WARMUP
+    #define HAVE_WOLFCRYPT_WARMUP
+    #if !defined(NO_AES) && defined(HAVE_AESGCM)
+        #include <wolfssl/wolfcrypt/aes.h>
+    #endif
+#endif
 /*
 ** Version / Platform info.
 **
@@ -365,6 +371,95 @@ static int ShowExtendedSystemInfo_platform_espressif(void)
 *******************************************************************************
 */
 
+/*
+** All platforms: Warmup wolfssl
+*/
+esp_err_t esp_sdk_wolfssl_warmup(void)
+{
+    esp_err_t ret = ESP_OK;
+#ifdef NO_WOLFCRYPT_WARMUP
+    ESP_LOGW(TAG, "esp_sdk_wolfssl_warmup called with NO_WOLFCRYPT_WARMUP");
+#else
+    /* Even though some [name]_NO_MALLOC may defined, there's always the host
+     * freeRTOS heap. So here, we'll initialize things early on to attempt
+     * having the heap allocate long term items near the endge of free memory,
+     * rather than in the middle. */
+    WC_RNG rng;
+    byte dummy;
+#if !defined(NO_AES) && defined(HAVE_AESGCM)
+    Aes aes;
+    unsigned char key16[16];
+    unsigned char out[16];
+    unsigned char in[16];
+    unsigned char iv[12];
+    int devId;
+#endif /* NO_AES && HAVE_AESGCM declarations */
+
+#if defined(DEBUG_WOLFSSL_MALLOC_VERBOSE)
+    ESP_LOGI(TAG, "Warming up RNG");
+#endif
+    ret = wc_InitRng(&rng);
+    if (ret == 0) {
+        /* forces Hash_DRBG/SHA */
+        ret = wc_RNG_GenerateBlock(&rng, &dummy, 1);
+        if (ret != 0) {
+            ESP_LOGI(TAG, "wolfCrypt_Init wc_RNG_GenerateBlock failed");
+        }
+    }
+    if (ret != 0) {
+        ESP_LOGI(TAG, "wolfCrypt_Init RNG warmup failed");
+    }
+    ret = wc_FreeRng(&rng);
+    if (ret != 0) {
+        ESP_LOGI(TAG, "wolfCrypt_Init wc_FreeRng failed");
+    }
+
+#if !defined(NO_AES) && defined(HAVE_AESGCM)
+#if defined(DEBUG_WOLFSSL_MALLOC_VERBOSE)
+    ESP_LOGI(TAG, "Warming up AES");
+#endif
+    memset(key16, 0, sizeof(key16));
+    memset(iv, 0, sizeof(iv));
+    memset(in, 0, sizeof(in));
+    devId = INVALID_DEVID;
+
+    ret = wc_AesInit(&aes, NULL, devId);
+    if (ret == 0) {
+        /* Set an ECB key (no IV). This avoids pulling in GCM/GHASH. */
+        ret = wc_AesSetKey(&aes, key16, (word32)sizeof(key16), NULL,
+                            AES_ENCRYPTION);
+    }
+    if (ret == 0) {
+#ifdef WOLFSSL_AES_DIRECT
+        /* Single direct block encrypt to exercise the core/driver. */
+        ret = wc_AesEncryptDirect(&aes, out, in);
+#elif !defined(NO_AES_CBC)
+    /* One-block CBC (tiny; no padding; does not pull GCM). */
+    ret = wc_AesSetIV(&aes, iv);
+    if (ret == 0) {
+        ret = wc_AesCbcEncrypt(&aes, out, in, (word32)sizeof(in));
+    }
+#elif defined(HAVE_AES_CTR) || defined(WOLFSSL_AES_COUNTER)
+    /* As another lightweight option, CTR one-block. */
+    ret = wc_AesSetIV(&aes, iv);
+    if (ret == 0) {
+        ret = wc_AesCtrEncrypt(&aes, out, in, (word32)sizeof(in));
+    }
+#else
+    /* No small mode available; setting key already did most of the warmup. */
+    ret = 0;
+#endif /* WOLFSSL_AES_DIRECT, NO_AES_CBC, HAVE_AES_CTR, etc*/
+    }
+    if (ret != 0) {
+        ESP_LOGI(TAG, "AES warmup failed during wolfCrypt_Init");
+    }
+    wc_AesFree(&aes);
+#endif /* !NO_AES && HAVE_AESGCM */
+#endif /* !NO_WOLFCRYPT_WARMUP */
+
+    return ret;
+}
+
 /*
 ** All platforms: git details
 */

wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h

@@ -142,6 +142,9 @@
 extern "C" {
 #endif
 
+#define HAVE_WOLFCRYPT_WARMUP
+WOLFSSL_LOCAL esp_err_t esp_sdk_wolfssl_warmup(void);
+
 WOLFSSL_LOCAL esp_err_t esp_sdk_time_mem_init(void);
 
 WOLFSSL_LOCAL esp_err_t sdk_var_whereis(const char* v_name, void* v);