ESP32 Demo
NoxTLS integrates with ESP-IDF as an extra component. On ESP32 targets the library can use on-chip accelerators for AES, SHA-256, ECC, and ECDSA when enabled in your build.
Prerequisites
- ESP-IDF installed (v5.x recommended; v5.5.1 used in internal benchmarks)
- USB serial port for
idf.py flash monitor - Target chip selected with
idf.py set-target(e.g.esp32,esp32s3)
Add NoxTLS to your ESP-IDF project
Point ESP-IDF at the NoxTLS ESP-IDF component directory:
# In your project CMakeLists.txt
list(APPEND EXTRA_COMPONENT_DIRS "${CMAKE_CURRENT_LIST_DIR}/path/to/noxtls/ports/esp-idf")
Your application component then depends on the NoxTLS component (same pattern as the in-tree examples below). The component pulls sources from noxtls-lib/ and links ESP32-specific acceleration under ports/esp-idf/target/esp32/.
Provide a project-local noxtls_config.h (or use Kconfig-generated settings) to trim features for flash and RAM — see Configuration Guide.
Example: ESP-IDF benchmark app (in-tree)
When present in your NoxTLS checkout:
noxtls/ports/esp-idf/examples/benchmark
This image reports SHA-256, AES-GCM, ChaCha20-Poly1305, HMAC, DRBG, and ECDSA throughput on the device. Typical workflow:
cd noxtls/ports/esp-idf/examples/benchmark
idf.py set-target esp32s3
idf.py build flash monitor
ESP32 acceleration (optional)
When building for ESP-IDF, PKC and AES paths can link:
noxtls_esp32_aes_accel.c— hardware GCM/AES where supportednoxtls_esp32_sha256_accel.c— hardware SHA with size thresholdsnoxtls_esp32_ecc_accel.c/noxtls_esp32_ecdsa_accel.c— MPI and ECDSA helpersnoxtls_esp32_bignum_mpi.c— big-number acceleration
These are selected automatically when the ESP-IDF build defines the appropriate SoC capabilities. Portable fallbacks remain if a primitive is unavailable.
TLS / network on ESP32
Use ESP-IDF lwIP sockets (or your network stack) to send and receive TLS records. NoxTLS does not replace lwIP; wire send/recv (or the TLS transport callbacks) to your socket handles after connect or accept.
For development:
- Prove crypto with the in-tree benchmark firmware.
- Add TLS client or server logic using the same APIs as on the host (TLS component).
- Trim
noxtls_config.hto the cipher suites and protocol versions you ship.
Troubleshooting
| Symptom | Suggestion |
|---|---|
| Component not found | Verify EXTRA_COMPONENT_DIRS path to noxtls/ports/esp-idf |
| Flash size warning | Align sdkconfig flash size with your module (see benchmark notes in internal perf logs) |
| Task watchdog during long AES loops | Expected on heavy benchmarks; increase WDT timeout or yield in test loops |
Related guides
- Port NoxTLS to Your Platform
- Run DTLS on Embedded Devices
- Host Computer — validate algorithms before flashing