FelipeMdeO opened a new pull request, #19062:
URL: https://github.com/apache/nuttx/pull/19062
## Summary
This PR adds two related changes that together bring up an SSH server
on the ESP32-C3 DevKit board using the Dropbear application:
**boards/risc-v/esp32c3/esp32c3-devkit/configs/dropbear**
A new `dropbear` defconfig is introduced for the ESP32-C3 DevKit board.
It wires up the Dropbear SSH server application together with:
- Wi-Fi STA mode with DHCP client (WAPI tooling included for link
bring-up at boot).
- urandom device for key material.
- SPIFFS on SPI flash (`/data` mountpoint) to persist the host key and
the password database.
- `FSUTILS_PASSWD` pointing to `/data/passwd` as the credential store,
replacing a previous Dropbear-specific password-file path.
- ECDSA host key stored at `/data/dropbear_ecdsa_host_key`.
- NSH autostart of the `dropbear` task on every boot.
- PTY support and Ctrl-C signal delivery enabled for interactive
sessions.
- `CONFIG_NETUTILS_DROPBEAR_STACKSIZE` pinned to 65536 bytes; the
default 32 KiB overflows during key exchange on this RISC-V target.
- `CONFIG_NETUTILS_DROPBEAR_LISTEN_RETRY_MAX=120` so the daemon keeps
retrying until the Wi-Fi link is fully up.
Wi-Fi credentials (`myssid` / `mypasswd`) - Please remember give some
connectivity to board.
**crypto: expose ChaCha20 stream helpers**
Dropbear uses the `[email protected]` cipher, which requires
a stateful, multi-call ChaCha20 stream interface rather than the single-
block interface currently exposed by `crypto/chachapoly.c`. Three helpers
and a context struct are added:
- `struct chacha20_stream_ctx` — opaque wrapper around `chacha_ctx`.
- `chacha20_stream_setkey()` — initialise the key.
- `chacha20_stream_ivctr64()` — set IV and 64-bit counter.
- `chacha20_stream_crypt()` — encrypt/decrypt an arbitrary-length buffer.
All three functions are thin wrappers over the existing `chacha_*`
primitives; no new algorithm code is introduced.
## Impact
- **New board configuration**: the `dropbear` defconfig is additive and
does not affect any existing configuration.
- **New public API**: three functions and one struct are added to
`include/crypto/chachapoly.h`. The change is purely additive; existing
users of `chacha20_setkey` / `chacha20_crypt` are unaffected.
- **Build**: no impact on boards or configurations that do not select
`CONFIG_NETUTILS_DROPBEAR`.
- **Security**: host keys and credentials live on a SPIFFS partition
under `/data`; they are generated at first run and persist across
reboots. Wi-Fi credentials must be provisioned by the user before
flashing.
## Testing
**Host:** Linux x86_64, GCC RISC-V toolchain
**Board:** ESP32-C3 DevKit (rev 0.4)
Build:
```
./tools/configure.sh esp32c3-devkit:dropbear
make -j$(nproc)
make flash ESPTOOL_PORT=/dev/ttyUSB0
```
Boot log shows Dropbear listening after Wi-Fi association:
```
NuttShell (NSH) NuttX-12.x
nsh> Starting Dropbear SSH server
Dropbear listening on port 22
```
SSH connection from the host:
```
$ ssh -o StrictHostKeyChecking=no user@<board-ip>
user@<board-ip>'s password: <passwd>
NuttShell (NSH) NuttX-12.x
nsh>
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
