Skip to content

boards/esp32c3-devkit: add Dropbear SSH server configuration#19062

Draft
FelipeMdeO wants to merge 1 commit into
apache:masterfrom
FelipeMdeO:feature/dropbear-esp32c3-port
Draft

boards/esp32c3-devkit: add Dropbear SSH server configuration#19062
FelipeMdeO wants to merge 1 commit into
apache:masterfrom
FelipeMdeO:feature/dropbear-esp32c3-port

Conversation

@FelipeMdeO

@FelipeMdeO FelipeMdeO commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Summary

This PR adds two related changes that together bring up an SSH server
on the ESP32-C3 DevKit board using the Dropbear application:

boards/risc-v/esp32c3/esp32c3-devkit/configs/dropbear

A new dropbear defconfig is introduced for the ESP32-C3 DevKit board.
It wires up the Dropbear SSH server application together with:

  • Wi-Fi STA mode with DHCP client (WAPI tooling included for link
    bring-up at boot).
  • urandom device for key material.
  • SPIFFS on SPI flash (/data mountpoint) to persist the host key and
    the password database.
  • FSUTILS_PASSWD pointing to /data/passwd as the credential store,
    replacing a previous Dropbear-specific password-file path.
  • ECDSA host key stored at /data/dropbear_ecdsa_host_key.
  • NSH autostart of the dropbear task on every boot.
  • PTY support and Ctrl-C signal delivery enabled for interactive
    sessions.
  • CONFIG_NETUTILS_DROPBEAR_STACKSIZE pinned to 65536 bytes; the
    default 32 KiB overflows during key exchange on this RISC-V target.
  • CONFIG_NETUTILS_DROPBEAR_LISTEN_RETRY_MAX=120 so the daemon keeps
    retrying until the Wi-Fi link is fully up.

Wi-Fi credentials (myssid / mypasswd) - Please remember give some connectivity to board.

crypto: expose ChaCha20 stream helpers

Dropbear uses the chacha20-poly1305@openssh.com cipher, which requires
a stateful, multi-call ChaCha20 stream interface rather than the single-
block interface currently exposed by crypto/chachapoly.c. Three helpers
and a context struct are added:

  • struct chacha20_stream_ctx — opaque wrapper around chacha_ctx.
  • chacha20_stream_setkey() — initialise the key.
  • chacha20_stream_ivctr64() — set IV and 64-bit counter.
  • chacha20_stream_crypt() — encrypt/decrypt an arbitrary-length buffer.

All three functions are thin wrappers over the existing chacha_*
primitives; no new algorithm code is introduced.

Impact

  • New board configuration: the dropbear defconfig is additive and
    does not affect any existing configuration.
  • New public API: three functions and one struct are added to
    include/crypto/chachapoly.h. The change is purely additive; existing
    users of chacha20_setkey / chacha20_crypt are unaffected.
  • Build: no impact on boards or configurations that do not select
    CONFIG_NETUTILS_DROPBEAR.
  • Security: host keys and credentials live on a SPIFFS partition
    under /data; they are generated at first run and persist across
    reboots. Wi-Fi credentials must be provisioned by the user before
    flashing.

Testing

Host: Linux x86_64, GCC RISC-V toolchain
Board: ESP32-C3 DevKit (rev 0.4)

Build:

./tools/configure.sh esp32c3-devkit:dropbear
make -j$(nproc)
make flash ESPTOOL_PORT=/dev/ttyUSB0

Boot log shows Dropbear listening after Wi-Fi association:

NuttShell (NSH) NuttX-12.x
nsh> Starting Dropbear SSH server
Dropbear listening on port 22

SSH connection from the host:

$ ssh -o StrictHostKeyChecking=no user@<board-ip>
user@<board-ip>'s password: <passwd>
NuttShell (NSH) NuttX-12.x
nsh>

@FelipeMdeO
boards/esp32c3-devkit/crypto: add Dropbear SSH server support
a29c70d 
Add a new `dropbear` defconfig for the ESP32-C3 DevKit board that brings
up an SSH server over Wi-Fi using the Dropbear application, and expose
the ChaCha20 stream-cipher helpers required by Dropbear's
chacha20-poly1305@openssh.com cipher.

boards/risc-v/esp32c3/esp32c3-devkit/configs/dropbear:
- Enable Wi-Fi STA mode with DHCP client; include WAPI tooling so the
  link comes up at boot.
- Mount SPIFFS on SPI flash at /data to persist the ECDSA host key
  (/data/dropbear_ecdsa_host_key) and the password database
  (FSUTILS_PASSWD at /data/passwd).
- Autostart the dropbear task from NSH on every boot.
- Enable PTY support and Ctrl-C signal delivery for interactive
  sessions.
- Pin CONFIG_NETUTILS_DROPBEAR_STACKSIZE to 65536; the 32 KiB default
  overflows during key exchange on this RISC-V target.
- Set CONFIG_NETUTILS_DROPBEAR_LISTEN_RETRY_MAX=120 so the daemon
  retries until the Wi-Fi link is fully up.

crypto/chachapoly: add struct chacha20_stream_ctx and three helpers
(chacha20_stream_setkey, chacha20_stream_ivctr64, chacha20_stream_crypt)
that wrap the existing chacha_* primitives to provide a stateful,
multi-call stream interface. No new algorithm code is introduced.
@github-actions github-actions Bot added Size: M The size of the change in this PR is medium Area: Crypto Board: risc-v labels Jun 8, 2026
@fdcavalcanti

fdcavalcanti commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Very cool!
Please add documentation for this defconfig: Documentation/platforms/risc-v/esp32c3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jerpelea jerpelea Awaiting requested review from jerpelea jerpelea will be requested when the pull request is marked ready for review jerpelea is a code owner

@xiaoxiang781216 xiaoxiang781216 Awaiting requested review from xiaoxiang781216 xiaoxiang781216 will be requested when the pull request is marked ready for review xiaoxiang781216 is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

Area: Crypto Board: risc-v Size: M The size of the change in this PR is medium

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@FelipeMdeO @fdcavalcanti