FelipeMdeO opened a new pull request, #3532:
URL: https://github.com/apache/nuttx-apps/pull/3532
## Summary
This PR adds two related changes that together bring up an SSH server
on the ESP32-C3 DevKit board using the Dropbear application:
**boards/risc-v/esp32c3/esp32c3-devkit/configs/dropbear**
A new `dropbear` defconfig is introduced for the ESP32-C3 DevKit board.
It wires up the Dropbear SSH server application together with:
- Wi-Fi STA mode with DHCP client (WAPI tooling included for link
bring-up at boot).
- urandom device for key material.
- SPIFFS on SPI flash (`/data` mountpoint) to persist the host key and
the password database.
- `FSUTILS_PASSWD` pointing to `/data/passwd` as the credential store,
replacing a previous Dropbear-specific password-file path.
- ECDSA host key stored at `/data/dropbear_ecdsa_host_key`.
- NSH autostart of the `dropbear` task on every boot.
- PTY support and Ctrl-C signal delivery enabled for interactive
sessions.
- `CONFIG_NETUTILS_DROPBEAR_STACKSIZE` pinned to 65536 bytes; the
default 32 KiB overflows during key exchange on this RISC-V target.
- `CONFIG_NETUTILS_DROPBEAR_LISTEN_RETRY_MAX=120` so the daemon keeps
retrying until the Wi-Fi link is fully up.
Wi-Fi credentials (`myssid` / `mypasswd`) are placeholders and must be
set via `menuconfig` before flashing.
**crypto: expose ChaCha20 stream helpers**
Dropbear uses the `[email protected]` cipher, which requires
a stateful, multi-call ChaCha20 stream interface rather than the single-
block interface currently exposed by `crypto/chachapoly.c`. Three helpers
and a context struct are added:
- `struct chacha20_stream_ctx` — opaque wrapper around `chacha_ctx`.
- `chacha20_stream_setkey()` — initialise the key.
- `chacha20_stream_ivctr64()` — set IV and 64-bit counter.
- `chacha20_stream_crypt()` — encrypt/decrypt an arbitrary-length buffer.
All three functions are thin wrappers over the existing `chacha_*`
primitives; no new algorithm code is introduced.
## Impact
- **New board configuration**: the `dropbear` defconfig is additive and
does not affect any existing configuration.
- **New public API**: three functions and one struct are added to
`include/crypto/chachapoly.h`. The change is purely additive; existing
users of `chacha20_setkey` / `chacha20_crypt` are unaffected.
- **Build**: no impact on boards or configurations that do not select
`CONFIG_NETUTILS_DROPBEAR`.
- **Security**: host keys and credentials live on a SPIFFS partition
under `/data`; they are generated at first run and persist across
reboots. Wi-Fi credentials must be provisioned by the user before
flashing.
## Testing
**Host:** Linux x86_64, GCC RISC-V toolchain
**Board:** ESP32-C3 DevKit (rev 0.4)
Build:
```
./tools/configure.sh esp32c3-devkit:dropbear
make -j$(nproc)
make flash ESPTOOL_PORT=/dev/ttyUSB0
```
First-time user provisioning (serial console):
The NuttX passwd file lives on SPIFFS (`/data/passwd`) and is empty on a
fresh flash. Before the first SSH login, create a user from the NSH
serial console:
```
nsh> useradd root <password>
```
The ECDSA host key is generated automatically on first boot.
Boot log shows Dropbear listening after Wi-Fi association:
```
NuttShell (NSH) NuttX-12.6.0
nsh> loaded ECDSA P-256 host key from /data/dropbear_ecdsa_host_key
using NuttX passwd auth at /data/passwd
dropbear: listening on port 2222
```
SSH connection from the host:
```
$ ssh -p 2222 root@<board-ip>
root@<board-ip>'s password: <password>
NuttShell (NSH) NuttX-12.6.0
nsh>
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
