From e930ff0b1f527591b16e8f94f62ab2027b1c40fb Mon Sep 17 00:00:00 2001 From: Marius Vikhammer Date: Thu, 8 Feb 2024 18:16:36 +0800 Subject: [PATCH 01/10] fix(system): update reset reasons for C6 and H2 --- components/esp_rom/include/esp32h2/rom/rtc.h | 5 ++--- components/esp_system/include/esp_system.h | 3 +++ components/esp_system/port/soc/esp32c6/reset_reason.c | 9 +++++++++ components/esp_system/port/soc/esp32h2/reset_reason.c | 9 +++++++++ components/soc/esp32c6/include/soc/reset_reasons.h | 1 - components/soc/esp32h2/include/soc/reset_reasons.h | 4 +--- 6 files changed, 24 insertions(+), 7 deletions(-) diff --git a/components/esp_rom/include/esp32h2/rom/rtc.h b/components/esp_rom/include/esp32h2/rom/rtc.h index 69e625dc50cd..3cb3320a93b5 100644 --- a/components/esp_rom/include/esp32h2/rom/rtc.h +++ b/components/esp_rom/include/esp32h2/rom/rtc.h @@ -82,7 +82,6 @@ typedef enum { TG0WDT_SYS_RESET = 7, /**<7, Timer Group0 Watch dog reset digital core*/ TG1WDT_SYS_RESET = 8, /**<8, Timer Group1 Watch dog reset digital core*/ RTCWDT_SYS_RESET = 9, /**<9, RTC Watch dog Reset digital core*/ - INTRUSION_RESET = 10, /**<10, Instrusion tested to reset CPU*/ TG0WDT_CPU_RESET = 11, /**<11, Time Group0 reset CPU*/ RTC_SW_CPU_RESET = 12, /**<12, Software reset CPU*/ RTCWDT_CPU_RESET = 13, /**<13, RTC Watch dog Reset CPU*/ @@ -90,11 +89,11 @@ typedef enum { RTCWDT_RTC_RESET = 16, /**<16, RTC Watch dog reset digital core and rtc module*/ TG1WDT_CPU_RESET = 17, /**<17, Time Group1 reset CPU*/ SUPER_WDT_RESET = 18, /**<18, super watchdog reset digital core and rtc module*/ - GLITCH_RTC_RESET = 19, /**<19, glitch reset digital core and rtc module*/ EFUSE_RESET = 20, /**<20, efuse reset digital core*/ USB_UART_CHIP_RESET = 21, /**<21, usb uart reset digital core */ USB_JTAG_CHIP_RESET = 22, /**<22, usb jtag reset digital core */ POWER_GLITCH_RESET = 23, /**<23, power glitch reset digital core and rtc module*/ + JTAG_CPU_RESET = 24, /**<24, jtag reset CPU*/ } RESET_REASON; // Check if the reset reason defined in ROM is compatible with soc/reset_reasons.h @@ -111,11 +110,11 @@ ESP_STATIC_ASSERT((soc_reset_reason_t)RTCWDT_BROWN_OUT_RESET == RESET_REASON_SYS ESP_STATIC_ASSERT((soc_reset_reason_t)RTCWDT_RTC_RESET == RESET_REASON_SYS_RTC_WDT, "RTCWDT_RTC_RESET != RESET_REASON_SYS_RTC_WDT"); ESP_STATIC_ASSERT((soc_reset_reason_t)TG1WDT_CPU_RESET == RESET_REASON_CPU0_MWDT1, "TG1WDT_CPU_RESET != RESET_REASON_CPU0_MWDT1"); ESP_STATIC_ASSERT((soc_reset_reason_t)SUPER_WDT_RESET == RESET_REASON_SYS_SUPER_WDT, "SUPER_WDT_RESET != RESET_REASON_SYS_SUPER_WDT"); -ESP_STATIC_ASSERT((soc_reset_reason_t)GLITCH_RTC_RESET == RESET_REASON_SYS_CLK_GLITCH, "GLITCH_RTC_RESET != RESET_REASON_SYS_CLK_GLITCH"); ESP_STATIC_ASSERT((soc_reset_reason_t)EFUSE_RESET == RESET_REASON_CORE_EFUSE_CRC, "EFUSE_RESET != RESET_REASON_CORE_EFUSE_CRC"); ESP_STATIC_ASSERT((soc_reset_reason_t)USB_UART_CHIP_RESET == RESET_REASON_CORE_USB_UART, "USB_UART_CHIP_RESET != RESET_REASON_CORE_USB_UART"); ESP_STATIC_ASSERT((soc_reset_reason_t)USB_JTAG_CHIP_RESET == RESET_REASON_CORE_USB_JTAG, "USB_JTAG_CHIP_RESET != RESET_REASON_CORE_USB_JTAG"); ESP_STATIC_ASSERT((soc_reset_reason_t)POWER_GLITCH_RESET == RESET_REASON_CORE_PWR_GLITCH, "POWER_GLITCH_RESET != RESET_REASON_CORE_PWR_GLITCH"); +ESP_STATIC_ASSERT((soc_reset_reason_t)JTAG_CPU_RESET == RESET_REASON_CPU0_JTAG, "JTAG_CPU_RESET != RESET_REASON_CPU0_JTAG"); typedef enum { NO_SLEEP = 0, diff --git a/components/esp_system/include/esp_system.h b/components/esp_system/include/esp_system.h index 135473487578..ebf58972f829 100644 --- a/components/esp_system/include/esp_system.h +++ b/components/esp_system/include/esp_system.h @@ -35,6 +35,9 @@ typedef enum { ESP_RST_SDIO, //!< Reset over SDIO ESP_RST_USB, //!< Reset by USB peripheral ESP_RST_JTAG, //!< Reset by JTAG + ESP_RST_EFUSE, //!< Reset due to efuse error + ESP_RST_PWR_GLITCH, //!< Reset due to power glitch detected + ESP_RST_CPU_LOCKUP, //!< Reset due to CPU lock up } esp_reset_reason_t; /** diff --git a/components/esp_system/port/soc/esp32c6/reset_reason.c b/components/esp_system/port/soc/esp32c6/reset_reason.c index 6a5b4cedcafc..93c6812d16f7 100644 --- a/components/esp_system/port/soc/esp32c6/reset_reason.c +++ b/components/esp_system/port/soc/esp32c6/reset_reason.c @@ -54,6 +54,15 @@ static esp_reset_reason_t get_reset_reason(soc_reset_reason_t rtc_reset_reason, case RESET_REASON_CORE_USB_JTAG: return ESP_RST_USB; + case RESET_REASON_CORE_EFUSE_CRC: + return ESP_RST_EFUSE; + + case RESET_REASON_CPU0_JTAG: + return ESP_RST_JTAG; + + case RESET_REASON_CORE_SDIO: + return ESP_RST_SDIO; + default: return ESP_RST_UNKNOWN; } diff --git a/components/esp_system/port/soc/esp32h2/reset_reason.c b/components/esp_system/port/soc/esp32h2/reset_reason.c index e9f8f0b71777..31b39761288f 100644 --- a/components/esp_system/port/soc/esp32h2/reset_reason.c +++ b/components/esp_system/port/soc/esp32h2/reset_reason.c @@ -54,6 +54,15 @@ static esp_reset_reason_t get_reset_reason(soc_reset_reason_t rtc_reset_reason, case RESET_REASON_CORE_USB_JTAG: return ESP_RST_USB; + case RESET_REASON_CORE_EFUSE_CRC: + return ESP_RST_EFUSE; + + case RESET_REASON_CORE_PWR_GLITCH: + return ESP_RST_PWR_GLITCH; + + case RESET_REASON_CPU0_JTAG: + return ESP_RST_JTAG; + default: return ESP_RST_UNKNOWN; } diff --git a/components/soc/esp32c6/include/soc/reset_reasons.h b/components/soc/esp32c6/include/soc/reset_reasons.h index bd9831d5dddf..b6b0e33ae397 100644 --- a/components/soc/esp32c6/include/soc/reset_reasons.h +++ b/components/soc/esp32c6/include/soc/reset_reasons.h @@ -23,7 +23,6 @@ extern "C" { #endif -// TODO: IDF-5719 /** * @brief Naming conventions: RESET_REASON_{reset level}_{reset reason} * @note refer to TRM: chapter diff --git a/components/soc/esp32h2/include/soc/reset_reasons.h b/components/soc/esp32h2/include/soc/reset_reasons.h index dddfc94eefbd..24ce66c9a4f1 100644 --- a/components/soc/esp32h2/include/soc/reset_reasons.h +++ b/components/soc/esp32h2/include/soc/reset_reasons.h @@ -23,7 +23,6 @@ extern "C" { #endif -// ESP32H2-TODO: IDF-5719 Need update /** * @brief Naming conventions: RESET_REASON_{reset level}_{reset reason} * @note refer to TRM: chapter @@ -31,7 +30,6 @@ extern "C" { typedef enum { RESET_REASON_CHIP_POWER_ON = 0x01, // Power on reset RESET_REASON_CHIP_BROWN_OUT = 0x01, // VDD voltage is not stable and resets the chip - RESET_REASON_CHIP_SUPER_WDT = 0x01, // Super watch dog resets the chip RESET_REASON_CORE_SW = 0x03, // Software resets the digital core by RTC_CNTL_SW_SYS_RST RESET_REASON_CORE_DEEP_SLEEP = 0x05, // Deep sleep reset the digital core RESET_REASON_CORE_MWDT0 = 0x07, // Main watch dog 0 resets digital core @@ -44,11 +42,11 @@ typedef enum { RESET_REASON_SYS_RTC_WDT = 0x10, // RTC watch dog resets digital core and rtc module RESET_REASON_CPU0_MWDT1 = 0x11, // Main watch dog 1 resets CPU 0 RESET_REASON_SYS_SUPER_WDT = 0x12, // Super watch dog resets the digital core and rtc module - RESET_REASON_SYS_CLK_GLITCH = 0x13, // Glitch on clock resets the digital core and rtc module RESET_REASON_CORE_EFUSE_CRC = 0x14, // eFuse CRC error resets the digital core RESET_REASON_CORE_USB_UART = 0x15, // USB UART resets the digital core RESET_REASON_CORE_USB_JTAG = 0x16, // USB JTAG resets the digital core RESET_REASON_CORE_PWR_GLITCH = 0x17, // Glitch on power resets the digital core + RESET_REASON_CPU0_JTAG = 0x18, // JTAG resets the CPU 0 } soc_reset_reason_t; From 4521a50db5744b6d892d0380126bf0588f163b61 Mon Sep 17 00:00:00 2001 From: zhanghaipeng Date: Thu, 22 Feb 2024 17:04:46 +0800 Subject: [PATCH 02/10] fix(ble/bluedroid): Update maximum BLE reconnection attempts configuration --- components/bt/host/bluedroid/Kconfig.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/bt/host/bluedroid/Kconfig.in b/components/bt/host/bluedroid/Kconfig.in index 4ef80cff4dc1..a83f1395d8ec 100644 --- a/components/bt/host/bluedroid/Kconfig.in +++ b/components/bt/host/bluedroid/Kconfig.in @@ -273,7 +273,7 @@ config BT_GATTC_CACHE_NVS_FLASH config BT_GATTC_CONNECT_RETRY_COUNT int "The number of attempts to reconnect if the connection establishment failed" depends on BT_GATTC_ENABLE - range 0 7 + range 0 255 default 3 help The number of attempts to reconnect if the connection establishment failed From ca4f560f2b538ae62439312511f34e54ad9d0c66 Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Tue, 19 Dec 2023 13:31:49 +0530 Subject: [PATCH 03/10] fix(mbedtls/gcm): Add support for software fallback for non-AES ciphers in a GCM operation - Even if the config MBEDTLS_HARDWARE_AES is enabled, we now support fallback to software implementation of GCM operations when non-AES ciphers are used. --- components/mbedtls/Kconfig | 23 ++++++ components/mbedtls/mbedtls | 2 +- components/mbedtls/port/aes/esp_aes_gcm.c | 59 ++++++++++++++ .../mbedtls/port/include/aes/esp_aes_gcm.h | 2 + .../mbedtls/port/include/mbedtls/esp_config.h | 6 ++ components/mbedtls/port/include/mbedtls/gcm.h | 81 +++++++++++++++++++ 6 files changed, 172 insertions(+), 1 deletion(-) create mode 100644 components/mbedtls/port/include/mbedtls/gcm.h diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index 3194415a78cc..fb4757c7372f 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -413,6 +413,29 @@ menu "mbedTLS" mbedTLS will still use the hardware accelerated AES block operation, but on a single block at a time. + config MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER + bool "Enable support for non-AES ciphers in GCM operation" + depends on MBEDTLS_HARDWARE_AES + default n + help + Enable this config to support fallback to software definitions for a non-AES + cipher GCM operation as we support hardware acceleration only for AES cipher. + Some of the non-AES ciphers used in a GCM operation are DES, ARIA, CAMELLIA, + CHACHA20, BLOWFISH. + + If this config is disabled, performing a non-AES cipher GCM operation with + the config MBEDTLS_HARDWARE_AES enabled will result in calculation of an + AES-GCM operation instead for the given input values and thus could lead + to failure in certificate validation which would ultimately lead to a SSL + handshake failure. + + This config being by-default enabled leads to an increase in binary size + footprint of ~2.5KB. + In case you are sure that your use case (for example, client and server + configurations in case of a TLS handshake) would not involve any GCM + operations using a non-AES cipher, you can safely disable this config, + leading to reduction in binary size footprint. + config MBEDTLS_HARDWARE_MPI bool "Enable hardware MPI (bignum) acceleration" default y diff --git a/components/mbedtls/mbedtls b/components/mbedtls/mbedtls index 89cc7af4bb9c..09bba150d0d8 160000 --- a/components/mbedtls/mbedtls +++ b/components/mbedtls/mbedtls @@ -1 +1 @@ -Subproject commit 89cc7af4bb9cfaeac9c4aa08d1e8cf550fa0c155 +Subproject commit 09bba150d0d822aad2e58d71723f5407da5c21e0 diff --git a/components/mbedtls/port/aes/esp_aes_gcm.c b/components/mbedtls/port/aes/esp_aes_gcm.c index 0ed37cb2768b..c447934525ad 100644 --- a/components/mbedtls/port/aes/esp_aes_gcm.c +++ b/components/mbedtls/port/aes/esp_aes_gcm.c @@ -251,6 +251,27 @@ int esp_aes_gcm_setkey( esp_gcm_context *ctx, const unsigned char *key, unsigned int keybits ) { + /* Fallback to software implementation of GCM operation when a non-AES + * cipher is selected, as we support hardware acceleration only for a + * GCM operation using AES cipher. + */ +#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) + if (ctx->ctx_soft != NULL) { + mbedtls_gcm_free_soft(ctx->ctx_soft); + free(ctx->ctx_soft); + ctx->ctx_soft = NULL; + } + + if (cipher != MBEDTLS_CIPHER_ID_AES) { + ctx->ctx_soft = (mbedtls_gcm_context_soft*) malloc(sizeof(mbedtls_gcm_context_soft)); + if (ctx->ctx_soft == NULL) { + return MBEDTLS_ERR_CIPHER_ALLOC_FAILED; + } + mbedtls_gcm_init_soft(ctx->ctx_soft); + return mbedtls_gcm_setkey_soft(ctx->ctx_soft, cipher, key, keybits); + } +#endif + #if !SOC_AES_SUPPORT_AES_192 if (keybits == 192) { return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; @@ -332,6 +353,14 @@ void esp_aes_gcm_free( esp_gcm_context *ctx) if (ctx == NULL) { return; } +#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) + if (ctx->ctx_soft != NULL) { + mbedtls_gcm_free_soft(ctx->ctx_soft); + free(ctx->ctx_soft); + /* Note that the value of ctx->ctx_soft should be NULL'ed out + and here it is taken care by the bzero call below */ + } +#endif bzero(ctx, sizeof(esp_gcm_context)); } @@ -341,6 +370,11 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx, const unsigned char *iv, size_t iv_len ) { +#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) + if (ctx->ctx_soft != NULL) { + return mbedtls_gcm_starts_soft(ctx->ctx_soft, mode, iv, iv_len); + } +#endif /* IV is limited to 2^32 bits, so 2^29 bytes */ /* IV is not allowed to be zero length */ if ( iv_len == 0 || @@ -407,6 +441,11 @@ int esp_aes_gcm_update_ad( esp_gcm_context *ctx, const unsigned char *aad, size_t aad_len ) { +#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) + if (ctx->ctx_soft != NULL) { + return mbedtls_gcm_update_ad_soft(ctx->ctx_soft, aad, aad_len); + } +#endif /* AD are limited to 2^32 bits, so 2^29 bytes */ if ( ( (uint32_t) aad_len ) >> 29 != 0 ) { return ( MBEDTLS_ERR_GCM_BAD_INPUT ); @@ -442,6 +481,11 @@ int esp_aes_gcm_update( esp_gcm_context *ctx, unsigned char *output, size_t output_size, size_t *output_length ) { +#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) + if (ctx->ctx_soft != NULL) { + return mbedtls_gcm_update_soft(ctx->ctx_soft, input, input_length, output, output_size, output_length); + } +#endif size_t nc_off = 0; uint8_t nonce_counter[AES_BLOCK_BYTES] = {0}; uint8_t stream[AES_BLOCK_BYTES] = {0}; @@ -512,6 +556,11 @@ int esp_aes_gcm_finish( esp_gcm_context *ctx, size_t *output_length, unsigned char *tag, size_t tag_len ) { +#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) + if (ctx->ctx_soft != NULL) { + return mbedtls_gcm_finish_soft(ctx->ctx_soft, output, output_size, output_length, tag, tag_len); + } +#endif size_t nc_off = 0; uint8_t len_block[AES_BLOCK_BYTES] = {0}; uint8_t stream[AES_BLOCK_BYTES] = {0}; @@ -607,6 +656,11 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx, size_t tag_len, unsigned char *tag ) { +#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) + if (ctx->ctx_soft != NULL) { + return mbedtls_gcm_crypt_and_tag_soft(ctx->ctx_soft, mode, length, iv, iv_len, aad, aad_len, input, output, tag_len, tag); + } +#endif #if CONFIG_MBEDTLS_HARDWARE_GCM int ret; lldesc_t aad_desc[2] = {}; @@ -727,6 +781,11 @@ int esp_aes_gcm_auth_decrypt( esp_gcm_context *ctx, const unsigned char *input, unsigned char *output ) { +#if defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) + if (ctx->ctx_soft != NULL) { + return mbedtls_gcm_auth_decrypt_soft(ctx->ctx_soft, length, iv, iv_len, aad, aad_len, tag, tag_len, input, output); + } +#endif int ret; unsigned char check_tag[16]; size_t i; diff --git a/components/mbedtls/port/include/aes/esp_aes_gcm.h b/components/mbedtls/port/include/aes/esp_aes_gcm.h index 192f251b73ec..8efb87f40362 100644 --- a/components/mbedtls/port/include/aes/esp_aes_gcm.h +++ b/components/mbedtls/port/include/aes/esp_aes_gcm.h @@ -42,6 +42,8 @@ typedef struct { const unsigned char *aad; /*!< The additional data. */ esp_aes_context aes_ctx; esp_aes_gcm_state gcm_state; + /* Software context needed for soft fallback for non-AES ciphers */ + void *ctx_soft; } esp_gcm_context; diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index 9aebf99e299b..2d1e095df737 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -155,6 +155,12 @@ #ifdef CONFIG_MBEDTLS_HARDWARE_AES #define MBEDTLS_GCM_ALT +#ifdef CONFIG_MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER + /* Prefer hardware and fallback to software */ + #define MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK +#else + #undef MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK +#endif #endif /* MBEDTLS_SHAxx_ALT to enable hardware SHA support diff --git a/components/mbedtls/port/include/mbedtls/gcm.h b/components/mbedtls/port/include/mbedtls/gcm.h new file mode 100644 index 000000000000..d50527d4df50 --- /dev/null +++ b/components/mbedtls/port/include/mbedtls/gcm.h @@ -0,0 +1,81 @@ +/* + * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ +#pragma once + +#include_next "mbedtls/gcm.h" +#include "sdkconfig.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(MBEDTLS_GCM_ALT) && defined(MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK) + +/** + * When the MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK is defined, for non-AES GCM + * operations we need to fallback to the software function definitions of the + * mbedtls GCM layer. + * Thus in this case we need declarations for the software funtions. + * Please refer mbedtls/include/mbedtls/gcm.h for function documentations + */ + +void mbedtls_gcm_init_soft(mbedtls_gcm_context_soft *ctx); + + +int mbedtls_gcm_setkey_soft(mbedtls_gcm_context_soft *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits); + +int mbedtls_gcm_starts_soft(mbedtls_gcm_context_soft *ctx, + int mode, + const unsigned char *iv, size_t iv_len); + +int mbedtls_gcm_update_ad_soft(mbedtls_gcm_context_soft *ctx, + const unsigned char *add, size_t add_len); + +int mbedtls_gcm_update_soft(mbedtls_gcm_context_soft *ctx, + const unsigned char *input, size_t input_length, + unsigned char *output, size_t output_size, + size_t *output_length); + +int mbedtls_gcm_finish_soft(mbedtls_gcm_context_soft *ctx, + unsigned char *output, size_t output_size, + size_t *output_length, + unsigned char *tag, size_t tag_len); + + +int mbedtls_gcm_crypt_and_tag_soft(mbedtls_gcm_context_soft *ctx, + int mode, + size_t length, + const unsigned char *iv, + size_t iv_len, + const unsigned char *add, + size_t add_len, + const unsigned char *input, + unsigned char *output, + size_t tag_len, + unsigned char *tag); + + +int mbedtls_gcm_auth_decrypt_soft(mbedtls_gcm_context_soft *ctx, + size_t length, + const unsigned char *iv, + size_t iv_len, + const unsigned char *add, + size_t add_len, + const unsigned char *tag, + size_t tag_len, + const unsigned char *input, + unsigned char *output); + +void mbedtls_gcm_free_soft(mbedtls_gcm_context_soft *ctx); + +#endif /* MBEDTLS_GCM_ALT && MBEDTLS_GCM_NON_AES_CIPHER_SOFT_FALLBACK*/ + +#ifdef __cplusplus +} +#endif From 0f7c9a29a24ef50fd5da5149acceb8cf861e1e3e Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Thu, 21 Dec 2023 17:39:04 +0530 Subject: [PATCH 04/10] ci(mbedtls/gcm): Added test to verify software fallback for non-AES cipher GCM operations --- components/mbedtls/test_apps/main/test_gcm.c | 144 +++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 components/mbedtls/test_apps/main/test_gcm.c diff --git a/components/mbedtls/test_apps/main/test_gcm.c b/components/mbedtls/test_apps/main/test_gcm.c new file mode 100644 index 000000000000..07af880d9ce3 --- /dev/null +++ b/components/mbedtls/test_apps/main/test_gcm.c @@ -0,0 +1,144 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Unlicense OR CC0-1.0 + */ +#include +#include +#include "sys/param.h" +#include "esp_heap_caps.h" +#include "mbedtls/gcm.h" +#include "sdkconfig.h" +#include "unity.h" + + +#if CONFIG_MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER + +typedef struct { + uint8_t *plaintext; + size_t plaintext_length; + uint8_t *aad_buf; + size_t aad_length; + uint8_t *iv; + size_t iv_length; + uint8_t *key; + size_t key_bits; + size_t tag_len; +} gcm_test_cfg_t; + +typedef struct { + const uint8_t *expected_tag; + const uint8_t *ciphertext_last_block; // Last block of the ciphertext +} gcm_test_expected_res_t; + +typedef enum { + GCM_TEST_CRYPT_N_TAG, + GCM_TEST_START_UPDATE_FINISH, +} gcm_test_type_t; + +static void gcm_test(gcm_test_cfg_t *cfg, gcm_test_expected_res_t *res, gcm_test_type_t gcm_type) +{ + mbedtls_gcm_context ctx; + mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_ARIA; + + uint8_t tag_buf_encrypt[16] = {}; + uint8_t tag_buf_decrypt[16] = {}; + uint8_t iv_buf[16] = {}; + uint8_t *ciphertext = malloc(cfg->plaintext_length); + uint8_t *output = malloc(cfg->plaintext_length); + size_t olen; + + if (cfg->plaintext_length != 0) { + TEST_ASSERT_NOT_NULL(ciphertext); + TEST_ASSERT_NOT_NULL(output); + } + + memset(ciphertext, 0, cfg->plaintext_length); + memset(output, 0, cfg->plaintext_length); + memcpy(iv_buf, cfg->iv, cfg->iv_length); + + mbedtls_gcm_init(&ctx); + TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher, cfg->key, cfg->key_bits) == 0); + + if (gcm_type == GCM_TEST_CRYPT_N_TAG) { + mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, cfg->plaintext_length, iv_buf, cfg->iv_length, cfg->aad_buf, cfg->aad_length, cfg->plaintext, ciphertext, cfg->tag_len, tag_buf_encrypt); + } else if (gcm_type == GCM_TEST_START_UPDATE_FINISH) { + TEST_ASSERT(mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_ENCRYPT, iv_buf, cfg->iv_length) == 0); + TEST_ASSERT(mbedtls_gcm_update_ad(&ctx, cfg->aad_buf, cfg->aad_length) == 0); + TEST_ASSERT(mbedtls_gcm_update(&ctx, cfg->plaintext, cfg->plaintext_length, ciphertext, cfg->plaintext_length, &olen) == 0); + TEST_ASSERT(mbedtls_gcm_finish(&ctx, ciphertext, cfg->plaintext_length, &olen, tag_buf_encrypt, cfg->tag_len) == 0); + } + + size_t offset = cfg->plaintext_length > 16 ? cfg->plaintext_length - 16 : 0; + /* Sanity check: make sure the last ciphertext block matches what we expect to see. */ + TEST_ASSERT_EQUAL_HEX8_ARRAY(res->ciphertext_last_block, ciphertext + offset, MIN(16, cfg->plaintext_length)); + TEST_ASSERT_EQUAL_HEX8_ARRAY(res->expected_tag, tag_buf_encrypt, cfg->tag_len); + + + if (gcm_type == GCM_TEST_CRYPT_N_TAG) { + TEST_ASSERT(mbedtls_gcm_auth_decrypt(&ctx, cfg->plaintext_length, iv_buf, cfg->iv_length, cfg->aad_buf, cfg->aad_length, res->expected_tag, cfg->tag_len, ciphertext, output) == 0); + } else if (gcm_type == GCM_TEST_START_UPDATE_FINISH) { + TEST_ASSERT(mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT, iv_buf, cfg->iv_length) == 0); + TEST_ASSERT(mbedtls_gcm_update_ad(&ctx, cfg->aad_buf, cfg->aad_length) == 0); + TEST_ASSERT(mbedtls_gcm_update(&ctx, ciphertext, cfg->plaintext_length, output, cfg->plaintext_length, &olen) == 0); + TEST_ASSERT(mbedtls_gcm_finish(&ctx, output, cfg->plaintext_length, &olen, tag_buf_decrypt, cfg->tag_len) == 0); + + /* mbedtls_gcm_auth_decrypt already checks tag so only needed for GCM_TEST_START_UPDATE_FINISH */ + TEST_ASSERT_EQUAL_HEX8_ARRAY(res->expected_tag, tag_buf_decrypt, cfg->tag_len); + } + + TEST_ASSERT_EQUAL_HEX8_ARRAY(cfg->plaintext, output, cfg->plaintext_length); + + mbedtls_gcm_free(&ctx); + free(ciphertext); + free(output); +} + + +TEST_CASE("mbedtls ARIA GCM test", "[gcm]") +{ + const unsigned SZ = 1600; + uint8_t aad[16]; + uint8_t iv[16]; + uint8_t key[16]; + + const uint8_t expected_last_block[] = { + 0xbe, 0x96, 0xf1, 0x57, 0x34, 0x07, 0x3f, 0x9d, + 0x87, 0x6b, 0x39, 0x22, 0xe4, 0xef, 0xff, 0xf0, + }; + const uint8_t expected_tag[] = { + 0xef, 0x4e, 0xa8, 0x24, 0x07, 0x65, 0x36, 0x12, + 0xb1, 0xde, 0x7e, 0x23, 0xda, 0xea, 0x7c, 0x6b, + }; + + uint8_t *plaintext = malloc(SZ); + TEST_ASSERT_NOT_NULL(plaintext); + + memset(plaintext, 0xAA, SZ); + memset(iv, 0xEE, 16); + memset(key, 0x44, 16); + memset(aad, 0x76, 16); + + gcm_test_cfg_t cfg = { + .plaintext = plaintext, + .plaintext_length = SZ, + .iv = iv, + .iv_length = sizeof(iv), + .key = key, + .key_bits = 8 * sizeof(key), + .aad_buf = aad, + .aad_length = sizeof(aad), + .tag_len = 16 + }; + + gcm_test_expected_res_t res = { + .expected_tag = expected_tag, + .ciphertext_last_block = expected_last_block, + }; + + gcm_test(&cfg, &res, GCM_TEST_CRYPT_N_TAG); + gcm_test(&cfg, &res, GCM_TEST_START_UPDATE_FINISH); + free(plaintext); +} + +#endif /* CONFIG_MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER */ From 33271be13b6740b76e3705bb66ddd31dd85b530c Mon Sep 17 00:00:00 2001 From: Sudeep Mohanty Date: Tue, 20 Feb 2024 12:45:45 +0100 Subject: [PATCH 05/10] fix(esp_system): Updated the conditions for the GDBStub on Panic Kconfig option This commit updates the Panic handler behavior Kconfig setting to make the GDBStub on Panic (CONFIG_ESP_SYSTEM_PANIC_GDBSTUB) option to be only available when esp_gdbstub is part of the component list of the build. Closes https://github.com/espressif/esp-idf/issues/13218 --- components/esp_gdbstub/Kconfig | 3 ++- components/esp_system/Kconfig | 2 +- docs/en/api-guides/fatal-errors.rst | 4 ++++ docs/en/migration-guides/release-5.x/5.2/system.rst | 6 ++++++ 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/components/esp_gdbstub/Kconfig b/components/esp_gdbstub/Kconfig index bedc9bb3f9ab..a1729b95b6a9 100644 --- a/components/esp_gdbstub/Kconfig +++ b/components/esp_gdbstub/Kconfig @@ -1,9 +1,10 @@ menu "GDB Stub" - # Hidden option which is selected from the "Panic handler behavior" + # Hidden option which adds GDBStub on panic option to the "Panic handler behavior" # menu in the target component. config ESP_GDBSTUB_ENABLED bool + default y config ESP_SYSTEM_GDBSTUB_RUNTIME bool "GDBStub at runtime" diff --git a/components/esp_system/Kconfig b/components/esp_system/Kconfig index ce9e66629a0e..4f39dc72870d 100644 --- a/components/esp_system/Kconfig +++ b/components/esp_system/Kconfig @@ -38,7 +38,7 @@ menu "ESP System Settings" config ESP_SYSTEM_PANIC_GDBSTUB bool "GDBStub on panic" - select ESP_GDBSTUB_ENABLED + depends on ESP_GDBSTUB_ENABLED help Invoke gdbstub on the serial port, allowing for gdb to attach to it to do a postmortem of the crash. diff --git a/docs/en/api-guides/fatal-errors.rst b/docs/en/api-guides/fatal-errors.rst index ee23dd156797..47f93d4e73df 100644 --- a/docs/en/api-guides/fatal-errors.rst +++ b/docs/en/api-guides/fatal-errors.rst @@ -66,6 +66,10 @@ Subsequent behavior of the panic handler can be set using :ref:`CONFIG_ESP_SYSTE Start GDB server which can communicate with GDB over console UART port. This option will only provide read-only debugging or post-mortem debugging. See `GDB Stub`_ for more details. +.. note:: + + ``CONFIG_ESP_SYSTEM_PANIC_GDBSTUB`` choice in the configuration option :ref:`CONFIG_ESP_SYSTEM_PANIC` is only available when the component ``esp_gdbstub`` is included in the build. + The behavior of the panic handler is affected by three other configuration options. - If :ref:`CONFIG_ESP_DEBUG_OCDAWARE` is enabled (which is the default), the panic handler will detect whether a JTAG debugger is connected. If it is, execution will be halted and control will be passed to the debugger. In this case, registers and backtrace are not dumped to the console, and GDBStub / Core Dump functions are not used. diff --git a/docs/en/migration-guides/release-5.x/5.2/system.rst b/docs/en/migration-guides/release-5.x/5.2/system.rst index 7f2b7a8c82c9..ec4381f4c9a3 100644 --- a/docs/en/migration-guides/release-5.x/5.2/system.rst +++ b/docs/en/migration-guides/release-5.x/5.2/system.rst @@ -34,3 +34,9 @@ The Task Snapshot API has been made private due to a lack of a practical way for - ``#include "freertos/xtensa_api.h"`` is deprecated, please use ``#include "xtensa_api.h"`` instead. - ``#include "freertos/xtensa_context.h"`` is deprecated, please use ``#include "xtensa_context.h"`` instead. - ``#include "freertos/xtensa_timer.h"`` is deprecated, please use ``#include "xtensa_timer.h"`` instead. + + +Panic Handler Behavior +---------------------- + +The choice ``CONFIG_ESP_SYSTEM_PANIC_GDBSTUB`` in the configuration option :ref:`CONFIG_ESP_SYSTEM_PANIC` has been made dependent on whether the ``esp_gdbstub`` component is included in the build. When trimming the list of components in the build using ``set(COMPONENTS main)``, ``esp_gdbstub`` component has to be added to this list of components to make the ``CONFIG_ESP_SYSTEM_PANIC_GDBSTUB`` option available. From 8dfbb9e816778a4e53e8e51b223bdb5e05225e07 Mon Sep 17 00:00:00 2001 From: mofeifei Date: Tue, 5 Mar 2024 15:48:32 +0800 Subject: [PATCH 06/10] docs: update cn trans fatal-errors --- docs/en/api-guides/fatal-errors.rst | 2 +- docs/zh_CN/api-guides/fatal-errors.rst | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/en/api-guides/fatal-errors.rst b/docs/en/api-guides/fatal-errors.rst index 47f93d4e73df..d286e15e14e5 100644 --- a/docs/en/api-guides/fatal-errors.rst +++ b/docs/en/api-guides/fatal-errors.rst @@ -68,7 +68,7 @@ Subsequent behavior of the panic handler can be set using :ref:`CONFIG_ESP_SYSTE .. note:: - ``CONFIG_ESP_SYSTEM_PANIC_GDBSTUB`` choice in the configuration option :ref:`CONFIG_ESP_SYSTEM_PANIC` is only available when the component ``esp_gdbstub`` is included in the build. + The ``CONFIG_ESP_SYSTEM_PANIC_GDBSTUB`` choice in the configuration option :ref:`CONFIG_ESP_SYSTEM_PANIC` is only available when the component ``esp_gdbstub`` is included in the build. The behavior of the panic handler is affected by three other configuration options. diff --git a/docs/zh_CN/api-guides/fatal-errors.rst b/docs/zh_CN/api-guides/fatal-errors.rst index 64bc91cd5857..21dabc514bda 100644 --- a/docs/zh_CN/api-guides/fatal-errors.rst +++ b/docs/zh_CN/api-guides/fatal-errors.rst @@ -66,6 +66,10 @@ 启动 GDB 服务器,通过控制台 UART 接口与 GDB 进行通信。该选项只提供只读调试或者事后调试,详细信息请参阅 `GDB Stub`_。 +.. note:: + + 仅当构建中包含组件 ``esp_gdbstub`` 时,配置选项 :ref:`CONFIG_ESP_SYSTEM_PANIC` 中的 ``CONFIG_ESP_SYSTEM_PANIC_GDBSTUB`` 选项可用。 + 紧急处理程序的行为还受到另外两个配置项的影响: - 如果使能了 :ref:`CONFIG_ESP_DEBUG_OCDAWARE` (默认),紧急处理程序会检测 {IDF_TARGET_NAME} 是否已经连接 JTAG 调试器。如果检测成功,程序会暂停运行,并将控制权交给调试器。在这种情况下,寄存器和回溯不会被打印到控制台,并且也不会使用 GDB Stub 和 Core Dump 的功能。 From e5665a198a66f5f581d0b7abfc3d562c6fb75f7c Mon Sep 17 00:00:00 2001 From: Sumeet Singh Date: Thu, 15 Feb 2024 11:39:36 +0530 Subject: [PATCH 07/10] feat(nimble): read multiple variable length characteristics (v5.2) --- components/bt/host/nimble/nimble | 2 +- components/bt/host/nimble/port/include/esp_nimble_cfg.h | 4 ++++ components/bt/porting/nimble/include/nimble/nimble_opt_auto.h | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/components/bt/host/nimble/nimble b/components/bt/host/nimble/nimble index f5459aae80fe..f710ba9e81be 160000 --- a/components/bt/host/nimble/nimble +++ b/components/bt/host/nimble/nimble @@ -1 +1 @@ -Subproject commit f5459aae80fe0ee7ea2b8387e8b6f9d6b556ca2c +Subproject commit f710ba9e81be20dbb7083282c6e280edf9c8dc02 diff --git a/components/bt/host/nimble/port/include/esp_nimble_cfg.h b/components/bt/host/nimble/port/include/esp_nimble_cfg.h index d837d17ec144..3da9d557d8ea 100644 --- a/components/bt/host/nimble/port/include/esp_nimble_cfg.h +++ b/components/bt/host/nimble/port/include/esp_nimble_cfg.h @@ -610,6 +610,10 @@ #define MYNEWT_VAL_BLE_GATT_READ_MULT (MYNEWT_VAL_BLE_ROLE_CENTRAL) #endif +#ifndef MYNEWT_VAL_BLE_GATT_READ_MULT_VAR +#define MYNEWT_VAL_BLE_GATT_READ_MULT_VAR (MYNEWT_VAL_BLE_ROLE_CENTRAL) +#endif + #ifndef MYNEWT_VAL_BLE_GATT_READ_UUID #define MYNEWT_VAL_BLE_GATT_READ_UUID (MYNEWT_VAL_BLE_ROLE_CENTRAL) #endif diff --git a/components/bt/porting/nimble/include/nimble/nimble_opt_auto.h b/components/bt/porting/nimble/include/nimble/nimble_opt_auto.h index daf21533486c..c4baec843bee 100644 --- a/components/bt/porting/nimble/include/nimble/nimble_opt_auto.h +++ b/components/bt/porting/nimble/include/nimble/nimble_opt_auto.h @@ -84,6 +84,10 @@ extern "C" { #define NIMBLE_BLE_ATT_CLT_READ_MULT \ (MYNEWT_VAL(BLE_GATT_READ_MULT)) +#undef NIMBLE_BLE_ATT_CLT_READ_MULT_VAR +#define NIMBLE_BLE_ATT_CLT_READ_MULT_VAR \ + (MYNEWT_VAL(BLE_GATT_READ_MULT_VAR)) + #undef NIMBLE_BLE_ATT_CLT_READ_GROUP_TYPE #define NIMBLE_BLE_ATT_CLT_READ_GROUP_TYPE \ (MYNEWT_VAL(BLE_GATT_DISC_ALL_SVCS)) From d1ee48208f0dbb0d59c5d0f460e4cfdf87da4496 Mon Sep 17 00:00:00 2001 From: Roshan Bangar Date: Tue, 5 Mar 2024 10:42:12 +0530 Subject: [PATCH 08/10] fix(nimble): Exposed the baud rate for hci uart in menuconfig --- components/bt/host/nimble/Kconfig.in | 29 +++++++++++++++++++ .../host/nimble/port/include/esp_nimble_cfg.h | 4 +-- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/components/bt/host/nimble/Kconfig.in b/components/bt/host/nimble/Kconfig.in index 1163d4d7974c..a30b0f46fe49 100644 --- a/components/bt/host/nimble/Kconfig.in +++ b/components/bt/host/nimble/Kconfig.in @@ -942,9 +942,35 @@ menu "Host-controller Transport" help Uart port + choice BT_NIMBLE_HCI_USE_UART_BAUDRATE + prompt "Uart Hci Baud Rate" + default UART_BAUDRATE_921600 + depends on BT_CONTROLLER_DISABLED && BT_NIMBLE_TRANSPORT_UART + help + Uart Baud Rate + + config UART_BAUDRATE_115200 + bool "115200" + config UART_BAUDRATE_230400 + bool "230400" + config UART_BAUDRATE_460800 + bool "460800" + config UART_BAUDRATE_921600 + bool "921600" + endchoice + + config BT_NIMBLE_HCI_UART_BAUDRATE + depends on BT_CONTROLLER_DISABLED && BT_NIMBLE_TRANSPORT_UART + int + default 115200 if UART_BAUDRATE_115200 + default 230400 if UART_BAUDRATE_230400 + default 460800 if UART_BAUDRATE_460800 + default 921600 if UART_BAUDRATE_921600 + choice BT_NIMBLE_USE_HCI_UART_PARITY prompt "Uart PARITY" default UART_PARITY_NONE + depends on BT_CONTROLLER_DISABLED && BT_NIMBLE_TRANSPORT_UART help Uart Parity @@ -960,16 +986,19 @@ menu "Host-controller Transport" int default 0 if !UART_PARITY_NONE default 1 if UART_PARITY_NONE + depends on BT_CONTROLLER_DISABLED && BT_NIMBLE_TRANSPORT_UART config BT_NIMBLE_TRANSPORT_UART_PARITY_ODD int default 0 if !UART_PARITY_ODD default 1 if UART_PARITY_ODD + depends on BT_CONTROLLER_DISABLED && BT_NIMBLE_TRANSPORT_UART config BT_NIMBLE_TRANSPORT_UART_PARITY_EVEN int default 0 if !UART_PARITY_EVEN default 1 if UART_PARITY_EVEN + depends on BT_CONTROLLER_DISABLED && BT_NIMBLE_TRANSPORT_UART config BT_NIMBLE_UART_RX_PIN int "UART Rx pin" diff --git a/components/bt/host/nimble/port/include/esp_nimble_cfg.h b/components/bt/host/nimble/port/include/esp_nimble_cfg.h index d837d17ec144..90b38a43c256 100644 --- a/components/bt/host/nimble/port/include/esp_nimble_cfg.h +++ b/components/bt/host/nimble/port/include/esp_nimble_cfg.h @@ -1792,7 +1792,7 @@ #endif #endif -#if CONFIG_BT_CONTROLLER_DISABLED +#if CONFIG_BT_CONTROLLER_DISABLED && CONFIG_BT_NIMBLE_TRANSPORT_UART #ifndef MYNEWT_VAL_BLE_TRANSPORT_UART_PORT #define MYNEWT_VAL_BLE_TRANSPORT_UART_PORT CONFIG_BT_NIMBLE_TRANSPORT_UART_PORT #endif @@ -1814,7 +1814,7 @@ #endif #ifndef MYNEWT_VAL_BLE_TRANSPORT_UART_BAUDRATE -#define MYNEWT_VAL_BLE_TRANSPORT_UART_BAUDRATE (921600) +#define MYNEWT_VAL_BLE_TRANSPORT_UART_BAUDRATE CONFIG_BT_NIMBLE_HCI_UART_BAUDRATE #endif #ifndef MYNEWT_VAL_BLE_TRANSPORT_UART_DATA_BITS From e28a335ef6219bd3eb675b7dd389738ddde534e4 Mon Sep 17 00:00:00 2001 From: Roshan Bangar Date: Mon, 4 Mar 2024 14:53:20 +0530 Subject: [PATCH 09/10] docs(nimble): Improved documentation for uart host only example --- .../tutorial/bleprph_host_only_walkthrough.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/examples/bluetooth/nimble/bleprph_host_only/tutorial/bleprph_host_only_walkthrough.md b/examples/bluetooth/nimble/bleprph_host_only/tutorial/bleprph_host_only_walkthrough.md index 4bfba23bc445..89bcc3e0da31 100644 --- a/examples/bluetooth/nimble/bleprph_host_only/tutorial/bleprph_host_only_walkthrough.md +++ b/examples/bluetooth/nimble/bleprph_host_only/tutorial/bleprph_host_only_walkthrough.md @@ -7,11 +7,18 @@ The tutorial is focused on how to implement the custom transport in the applicat Note: This walkthrough only covers the transport used by the application, for detailed explanation see the [bleprph_walkthrough](../../bleprph/tutorial/bleprph_walkthrough.md) ## Hardware Setup -This example uses esp32 chip to run the example `bleprph_host_only` that runs the nimble-host and sends and receives the commands and events using uart. The another chip used is esp32c6 that runs the esp-hosted `esp-hosted/esp_hosted_fg/esp/esp_driver/network_adapter` example that runs the controller and receives commands and sends events using UART. Below is the setup of esp32 and esp32c6. +This example uses esp32 chip to run the example `bleprph_host_only` that runs the nimble-host and sends and receives the commands and events using uart. The another chip used is esp32c6 that runs the controller `esp-idf/examples/bluetooth/nimble/hci` example that runs the controller and receives commands and sends events using UART. Below is the setup of esp32 and esp32c6. ![Hardware Setup](hardware_setup.png) -Note that the esp32s gpio pins tx=4 and rx=5 are defined in [uart_driver.c](../main/uart_driver.c) file. The tx pin of one chip connectes to the rx pin of the other and vice versa. +Note that the esp32 gpio pins tx=4 and rx=5 are configurable using idf.py menuconfig -> example config -> Uart Configuration. The tx pin of one chip connectes to the rx pin of the other and vice versa. + +Below is the pin connection chart for Esp32 and esp32c6. + +| Esp32 (Signal) | Esp32 (GPIO Pin) | C6 (Signal) | C6 (GPIO Pin) | +|----------------|-------------------|-------------|---------------| +| Rx | 5 | Tx | 5 | +| Tx | 4 | Rx | 12 | ```c #define UART_TX_PIN (4) From 756efd4829f421b82716c4da492450e0f2135376 Mon Sep 17 00:00:00 2001 From: Abhinav Kudnar Date: Thu, 7 Mar 2024 14:35:43 +0530 Subject: [PATCH 10/10] fix(nimble): Revise the help section for the Kconfig macro BLE_RPA_TIMEOUT --- components/bt/host/nimble/Kconfig.in | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/components/bt/host/nimble/Kconfig.in b/components/bt/host/nimble/Kconfig.in index 1163d4d7974c..a89888400d3a 100644 --- a/components/bt/host/nimble/Kconfig.in +++ b/components/bt/host/nimble/Kconfig.in @@ -388,8 +388,7 @@ config BT_NIMBLE_RPA_TIMEOUT depends on BT_NIMBLE_ENABLED default 900 help - Time interval between RPA address change. This is applicable in case of - Host based RPA + Time interval between RPA address change. menuconfig BT_NIMBLE_MESH bool "Enable BLE mesh functionality"