ESP32-S and Arduino

kaduhiさんからESP32-Sを米国から頂いて…中国〜米国〜そして日本へ遠路はるばるようこそ。ありがとうございます!!感謝です、実験&コードを作ったり遊んでみます。

p_20161121_213054_hdr

ESP32のスペックはざっくりだと。詳細はググると出てくるけど、本家のはこちら
CPU : Xtensa® 32-bit LX6 Dua-core processor
ROM/SRAM: 448 KByte ROM, 520 KByte SRAM
WiFi : 802.11 b/g/n/e/i
Bluetooth : Bluetooth v4.2 BR/EDR and BLE
他には、RTC、そして自分的に凄いと思うのが、ハードウェア暗号化アクセラレーション。TLSが(実装すれば)サクッとつかえるー!!AES-HASH(SHA-2) library-RSA-ECC-Random Number Generator。凄い、これ凄い。言ってしまえばNWにつながる小さいPCっすね。

手持ちの歴代ESPとのサイズ比較な感じだと。右下がESP32-S、左上がESP-WROOM-02、右上はESP8266、左下がESP12。
p_20161121_220216

基板に付けるとこんな感じに。
p_20161121_224414

img_0083

開封して基板にとりあえず付けるとこんな感じ。前のESP8266に比べて圧倒的にピン数が多いっすね。「これだけのだし、何でも面白いものを作れるだろ?」という暗黙のプレッシャーを感じるです…

ここで、この子にピンヘッダをおもむろに付けようと思ったけど、2列だからブレッドボードに指したりしようとすると何かと不都合が…
そういう時に活躍するのが、スルホール用テストワイヤとか。ただ、自分は後でピンの抜き差しを自由に出来るように、2列10ピンのピンソケットの1個を抜いて使うことに。

img_0086

完成

img_0095

Arduinoで使ってみる

すでにESP32 Arduinoが公開されている。ESP8266と一緒な感じでArduino IDEから使えると非常に便利で、開発者も一気に広まるというのもあるからね。ということで、このgitを使う。

記載の通り進める。自分の環境はMacOS 10.11.6でPythonは2.7というのもあって、pyserialを入れる必要があった。

cd /Applications/Arduino.app/Contents/Java
cd hardware
mkdir espressif
cd espressif
git clone https://github.com/espressif/arduino-esp32.git esp32
cd esp32/tools
python get.py
# pyserialを入れる。pyenvとかpipを使っている場合は、それに合わせて入れる
wget https://pypi.python.org/packages/1f/3b/ee6f354bcb1e28a7cd735be98f39ecf80554948284b41e9f7965951befa6/pyserial-3.2.1.tar.gz
tar -zxvf pyserial-3.2.1.tar.gz
cd pyserial-3.2.1
sudo python setup.py install 

次にArduinoの起動〜利用。Arduinoを起動してESP32を選択。
%e3%82%b9%e3%82%af%e3%83%aa%e3%83%bc%e3%83%b3%e3%82%b7%e3%83%a7%e3%83%83%e3%83%88-2016-11-24-1-37-13

次にESPとシリアルの結線。これはそのまんま。自分はFT232RL搭載小型USB-シリアルアダプタ 3.3Vをいつも使っているんだけど、3.3V/GND, TX<->RXをESP32側とつなげるとOK。

起動時のログはこんな感じでシリアルから見れる(既にArduino化されているのだけど)。
%e3%82%b9%e3%82%af%e3%83%aa%e3%83%bc%e3%83%b3%e3%82%b7%e3%83%a7%e3%83%83%e3%83%88-2016-11-24-1-22-31

そして問題の書き込み。これはムチャクチャ簡単。

1. RESET + IO0を同時押し
2. RESETを離す
3. Arduino IDE上からFlashをポチる

以上な感じ。この辺はムチャクチャ簡単に出来る。2の時点でシリアルを見るとこんな感じの表記が出ている。

%e3%82%b9%e3%82%af%e3%83%aa%e3%83%bc%e3%83%b3%e3%82%b7%e3%83%a7%e3%83%83%e3%83%88-2016-11-24-1-24-15

そして書き込みをすると、Arduino IDEではこんな表記が出る。

%e3%82%b9%e3%82%af%e3%83%aa%e3%83%bc%e3%83%b3%e3%82%b7%e3%83%a7%e3%83%83%e3%83%88-2016-11-24-1-24-21

そしてLEDピカー

img_0093

上向きにピンソケットを出せば良かったかな…と2秒くらい後悔したw FT232RLだけでサクサクっと動かして使えるのはめっちゃ良い。

あと不明な所はESP32 forumを見れば解決すると思われ。最後に、FCCは通っているけど現時点ではTELECは通って無いっすね。WiFiのlibとかは上記のgitに普通に入っている。ここではWiFiを出しているとは何も書いていないんでお察しでw

mbedTLSの組込で分かったこと

I implement mbedTLS to the Particle environment community library, TlsTcpClient and MQTT-TLS. This 2 library could connect to AWS/Azure…etc IoT cloud platform with certificate/private key.

Now cipher suite is here.
TLS_RSA_WITH_AES_128_GCM_SHA1
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA512
TLS_RSA_WITH_AES_256_GCM_SHA1
TLS_RSA_WITH_AES_256_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA512

Here is TLS 1.2 sequence.
%e3%82%b9%e3%82%af%e3%83%aa%e3%83%bc%e3%83%b3%e3%82%b7%e3%83%a7%e3%83%83%e3%83%88-2016-11-19-14-42-04

I test this library with Particle Photon on the several IoT Platform(AWS IoT/Azure/mosquitto/eclipse iot…etc), I would note the “How to implements mbedTLS to embedded IoT platform”.
Here is the Particle Cloud API and MQTT(TLS)/TlsTcpClient network communications image.


Particle Cloud API is official API from Particle very useful for developer, it is easy to use on the application with Cloud IoT Platform and low price(free Device Cloud access for first 100 devices). But if Particle cloud system will down, device could not pub/sub data with other Cloud IoT Platforms. MQTT(TLS)/TlsTcpClient area community library could connect to the AWS/Azure…etc directly, developer could use this for second choice.
And Particle provid firmware api TCPClient for the TCP network communication. If developer want secure TCP connection, TlsTcpClient could be used for it.

Next, my point of the implementation of the Photon and mbedTLS.

1) I want to use OpenSSL on the Particle but can’t

OpenSSL is powerful SSL/TLS library used on the several application, server, pc…etc.(SSLSocket is very useful for programmer). Maybe talking about the SSL, many developer think OpenSSL. But OpenSSL library size is very fat. I build openssl-1.1.0c on my Ubuntu x64 total library size is 9,227,602byte!!
Then I found the following open source TLS library for implementation.

wolfTLS(CyaSSL)
mbedTLS(polrSSL)
axTLS
matrixSSL

I choice the mbedTLS because of mbedTLS could use the Apache 2.0 license or the GPL 2.0 license, and I think the future possibilities with the this library.
mbedTLS could work on the several CPU(x86/64…etc) platform not only the ARM core. And Particle Photon have a STM32F205RGY6 120Mhz ARM Cortex M3, so maybe think “you could build/compile the mbedTLS on the Photon easily, hahaha…”. That’s fault. I did the following work.

1. There were very lot of compile error happen on the mbedTLS with Particle IDE, I modify source code and debug.
2. There are some libc function needed by mbedTLS did not found on the Particle environment, I added that functions to the mbedTLS source code.

2) embedded cpu power.

Particle Photon have a STM32F205RGY6 120Mhz ARM Cortex M3 cpu. This spec is powerful for embedded IoT platform, but I’m afraid TLS/RSA/some cipher alogorithm could not work on the this CPU spec. As a result, there is nothing to worry about that.

Photon with webserver TLS handshake total network time(see the this blog entry WireShark packet capture image) is under 20ms!! on the case of the TLS_RSA_AES_128_GCM_SHA256. And TLS data communication(AES128 cipher) encrypt/decrypt is high speed too. Photon cpu(Cortex-M3) is enough for TLS working!!

Next version Particle device ARGON(BT Mesh, WiFi) including ESP32 chip. ESP32 have a hardware acceleration AES/SHA-2/RSA/ECC/RNG maybe ARGON enable very fast TLS communication.

3) firmware size.

I think this firmware size limitation is really important. Here is MQTT-TLS a1-sample build result.

Application firmware size limit is about the 128Kbyte with library, so it’s hard to use a lot of library even if developer want to use. If library use 96Kbyte size in the application, developer could use only 32kbyte for own application. Because of that, library have to shape the size as far as possible for developer application.

mbedTLS library have a several Cipher Suites, option algorithm, which one be used is important for the size and security. Of course all cipher suite could include to the library, but library would be size over the flash size. On the other hand, if it use the weak cipher(DES/MD5) only for the flash size, that’s security would be vulnerable. Balance of the security and flash size would be very important.

Thne here is latest library size with sample application.

MQTT-TLS 0.2.13, Photon firmware 0.8.0-rc2 : 71200byte
TlsTcpClient 0.2.11,Photon firmware 0.8.0-rc2 : 72768byte

Now cipher is TLS_RSA_WITH_AES_[128|256]_GCM_SHA[1|256|512], if remove SHA1/512 size will be about 50Kbyte. I choice this cipher suite because of certification compatibility/security strength.

4) etc.

1st version TlsTcpClient/MQTT-TLS programing with mbedTLS is about 2-3 days. mbedTLS is very useful and having possibilities in IoT environments.
I think TLS would be more needed in IoT/embedded platforms. A lot of IoT/embedded platforms use non ciphered TCP communication now because of low power MCU/firmware size limitation, but mbedTLS works well like a this MQTT-TLS/TlcTcpClient library.

TLS client library for Particle Photon

TlsTcpClient for Particle Photn, Now release version 0.1.0.

TLS TCP client library cloud not use on Particle Photon WebIDE, but NOW we can use TLS TCP simple client library based by mbedTLS. Here is sample source code. Developer can connect to every TLS web/server using that Root CA pem file.

#include "application.h"

#include "TlsTcpClient/TlsTcpClient.h"

// Photon connect Let's Encrypt Website in this example.
#define LET_ENCRYPT_CA_PEM                                              \
"-----BEGIN CERTIFICATE----- \r\n"                                      \
"MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw\r\n"  \
"TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\r\n"  \
"cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4\r\n"  \
"WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu\r\n"  \
"ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY\r\n"  \
"MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc\r\n"  \
"h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+\r\n"  \
"0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U\r\n"  \
"A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW\r\n"  \
"T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH\r\n"  \
"B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC\r\n"  \
"B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv\r\n"  \
"KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn\r\n"  \
"OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn\r\n"  \
"jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw\r\n"  \
"qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI\r\n"  \
"rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV\r\n"  \
"HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq\r\n"  \
"hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL\r\n"  \
"ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ\r\n"  \
"3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK\r\n"  \
"NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5\r\n"  \
"ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur\r\n"  \
"TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC\r\n"  \
"jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc\r\n"  \
"oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq\r\n"  \
"4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA\r\n"  \
"mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d\r\n"  \
"emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=\r\n"  \
"-----END CERTIFICATE----- \r\n"
const char letencryptCaPem[] = LET_ENCRYPT_CA_PEM;

void setup() {
    Serial.begin(9600);
}

void loop() {
    unsigned char buff[256];

    TlsTcpClient client;

    // setup Root CA pem.
    client.init(letencryptCaPem, sizeof(letencryptCaPem));
    
    // connect HTTPS server.
    client.connect("www.hirotakaster.com", 443);
    
    // send to HTTPS request.
    int len = sprintf((char *)buff, "GET /robots.txt HTTP/1.0\r\nHost: www.hirotakaster.com\r\nContent-Length: 0\r\n\r\n");
    client.write(buff, len );

    // GET HTTPS request.
    memset(buff, 0, sizeof(buff));
    while(1) {
        if (!client.available()) {
            delay(100);
        } else {
            int ret = client.read(buff, sizeof(buff) - 1);
            if (ret > 0) {
                Serial.println((char *)buff);
                break;
            }
        }
    };
    delay(5000);
}

This library already add to Particle WebIDE contribute library, it can use very easy.
%e3%82%b9%e3%82%af%e3%83%aa%e3%83%bc%e3%83%b3%e3%82%b7%e3%83%a7%e3%83%83%e3%83%88-2016-11-16-21-18-10

This is my web server(this blog) and Photon TLS sequence and cipher spec captured with Wireshark. Cipher suites are AES128/256 based.
%e3%82%b9%e3%82%af%e3%83%aa%e3%83%bc%e3%83%b3%e3%82%b7%e3%83%a7%e3%83%83%e3%83%88-2016-11-16-21-00-33