Skip to content

boards/esp32c3-devkit: add Dropbear SSH server configuration#19062

Open
FelipeMdeO wants to merge 2 commits into
apache:masterfrom
FelipeMdeO:feature/dropbear-esp32c3-port
Open

boards/esp32c3-devkit: add Dropbear SSH server configuration#19062
FelipeMdeO wants to merge 2 commits into
apache:masterfrom
FelipeMdeO:feature/dropbear-esp32c3-port

Conversation

@FelipeMdeO

@FelipeMdeO FelipeMdeO commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

This PR adds two related changes that together bring up an SSH server
on the ESP32-C3 DevKit board using the Dropbear application:

boards/risc-v/esp32c3/esp32c3-devkit/configs/dropbear

A new dropbear defconfig is introduced for the ESP32-C3 DevKit board.
It wires up the Dropbear SSH server application together with:

  • Wi-Fi STA mode with DHCP client (WAPI tooling included for link
    bring-up at boot).
  • urandom device for key material.
  • SPIFFS on SPI flash (/data mountpoint) to persist the host key and
    the password database.
  • FSUTILS_PASSWD pointing to /data/passwd as the credential store,
    replacing a previous Dropbear-specific password-file path.
  • ECDSA host key stored at /data/dropbear_ecdsa_host_key.
  • NSH autostart of the dropbear task on every boot.
  • PTY support and Ctrl-C signal delivery enabled for interactive
    sessions.
  • CONFIG_NETUTILS_DROPBEAR_STACKSIZE pinned to 65536 bytes; the
    default 32 KiB overflows during key exchange on this RISC-V target.
  • CONFIG_NETUTILS_DROPBEAR_LISTEN_RETRY_MAX=120 so the daemon keeps
    retrying until the Wi-Fi link is fully up.

Wi-Fi credentials (myssid / mypasswd) - Please remember give some connectivity to board.

crypto: expose ChaCha20 stream helpers

Dropbear uses the chacha20-poly1305@openssh.com cipher, which requires
a stateful, multi-call ChaCha20 stream interface rather than the single-
block interface currently exposed by crypto/chachapoly.c. Three helpers
and a context struct are added:

  • struct chacha20_stream_ctx — opaque wrapper around chacha_ctx.
  • chacha20_stream_setkey() — initialise the key.
  • chacha20_stream_ivctr64() — set IV and 64-bit counter.
  • chacha20_stream_crypt() — encrypt/decrypt an arbitrary-length buffer.

All three functions are thin wrappers over the existing chacha_*
primitives; no new algorithm code is introduced.

Impact

  • New board configuration: the dropbear defconfig is additive and
    does not affect any existing configuration.
  • New public API: three functions and one struct are added to
    include/crypto/chachapoly.h. The change is purely additive; existing
    users of chacha20_setkey / chacha20_crypt are unaffected.
  • Build: no impact on boards or configurations that do not select
    CONFIG_NETUTILS_DROPBEAR.
  • Security: host keys and credentials live on a SPIFFS partition
    under /data; they are generated at first run and persist across
    reboots. Wi-Fi credentials must be provisioned by the user before
    flashing.

Testing

Host: Linux x86_64, GCC RISC-V toolchain
Board: ESP32-C3 DevKit (rev 0.4)

This PR should be tested with source code available in apache/nuttx-apps#3532

Build:

./tools/configure.sh esp32c3-devkit:dropbear
make -j$(nproc)
make flash ESPTOOL_PORT=/dev/ttyUSB0

Boot log shows Dropbear listening after Wi-Fi association:

NuttShell (NSH) NuttX-12.x
nsh> Starting Dropbear SSH server
Dropbear listening on port 22

SSH connection from the host:

$ ssh -o StrictHostKeyChecking=no user@<board-ip>
user@<board-ip>'s password: <passwd>
NuttShell (NSH) NuttX-12.x
nsh>

@github-actions github-actions Bot added Size: M The size of the change in this PR is medium Area: Crypto Board: risc-v labels Jun 8, 2026
@fdcavalcanti

fdcavalcanti commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Very cool!
Please add documentation for this defconfig: Documentation/platforms/risc-v/esp32c3.

@FelipeMdeO FelipeMdeO marked this pull request as ready for review June 13, 2026 16:19
@FelipeMdeO FelipeMdeO force-pushed the feature/dropbear-esp32c3-port branch 3 times, most recently from 5b5478a to d43dfaa Compare June 13, 2026 20:25
@FelipeMdeO
boards/esp32c3-devkit: add Dropbear SSH server support
2f8647b 
Add the ESP32-C3 dropbear board defconfig and the ChaCha20-Poly1305
crypto helpers (crypto/chachapoly.c) used by the apps Dropbear port.

Signed-off-by: Felipe Moura <moura.fmo@gmail.com>
@FelipeMdeO
Documentation/esp32c3-devkit: document Dropbear SSH server setup
fc1e04d 
Describe how to enable and use the Dropbear SSH server on the ESP32-C3
DevKit, including Wi-Fi, host key, and login configuration.

Signed-off-by: Felipe Moura <moura.fmo@gmail.com>
@FelipeMdeO FelipeMdeO force-pushed the feature/dropbear-esp32c3-port branch from d43dfaa to fc1e04d Compare June 13, 2026 20:27
@FelipeMdeO

FelipeMdeO commented Jun 13, 2026
edited
Loading

Copy link
Copy Markdown
Contributor Author

Very cool! Please add documentation for this defconfig: Documentation/platforms/risc-v/esp32c3.

Hello, Documentation updated.

@fdcavalcanti

fdcavalcanti commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Please check CI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fdcavalcanti fdcavalcanti fdcavalcanti approved these changes

@eren-terzioglu eren-terzioglu eren-terzioglu approved these changes

@jerpelea jerpelea Awaiting requested review from jerpelea jerpelea is a code owner

@xiaoxiang781216 xiaoxiang781216 Awaiting requested review from xiaoxiang781216 xiaoxiang781216 is a code owner

@tmedicci tmedicci Awaiting requested review from tmedicci tmedicci is a code owner

Assignees

No one assigned

Labels

Area: Crypto Board: risc-v Size: M The size of the change in this PR is medium

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@FelipeMdeO @fdcavalcanti @eren-terzioglu