V2

.github/workflows/ci.yml

@@ -2,13 +2,13 @@ name: CI
 
 on:
   push:
-    branches: [ main, master ]
+    branches: [ main, master, v2 ]
     tags: ['v*']
   pull_request:
   workflow_dispatch:
 
 jobs:
-  unit-tests:
+  host-portable-smoke:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -17,15 +17,33 @@ jobs:
       - name: Configure CMake
         run: cmake -S . -B build
 
-      - name: Build tests
+      - name: Build host smoke target
         run: cmake --build build
 
-      - name: Run tests
+      - name: Run host smoke target
         run: ctest --test-dir build --output-on-failure
 
-  build-examples:
+  esp-idf-core-smoke:
     runs-on: ubuntu-latest
-    needs: unit-tests
+    needs: host-portable-smoke
+    strategy:
+      fail-fast: false
+      matrix:
+        target: [esp32, esp32s3, esp32c3, esp32p4]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build ESP-IDF component smoke app
+        uses: espressif/esp-idf-ci-action@v1
+        with:
+          esp_idf_version: v5.4
+          target: ${{ matrix.target }}
+          path: examples/esp_idf_core_smoke
+
+  arduino-platformio:
+    runs-on: ubuntu-latest
+    needs: host-portable-smoke
     strategy:
       fail-fast: false
       matrix:
@@ -53,13 +71,12 @@ jobs:
       - name: Install PIOArduino ESP32 Platform
         run: pio platform install https://github.com/pioarduino/platform-espressif32.git
 
-      - name: Build library examples (ESP32 Arduino)
+      - name: Build Arduino examples with PlatformIO
         run: |
           set -e
           for d in examples/*; do
-            if [ -d "$d" ]; then
+            if [ -d "$d" ] && [ ! -f "$d/CMakeLists.txt" ]; then
               echo "Building $d on ${{ matrix.board }} via PlatformIO CI"
-              # Force C++17 for this project to satisfy library requirements
               pio ci "$d" \
                 --board ${{ matrix.board }} \
                 --lib="." \
@@ -72,7 +89,7 @@ jobs:
 
   arduino-cli:
     runs-on: ubuntu-latest
-    needs: unit-tests
+    needs: host-portable-smoke
     env:
       ESP32_CORE_VERSION: 3.3.3
       ESP32_ADDITIONAL_URL: https://espressif.github.io/arduino-esp32/package_esp32_index.json
@@ -112,7 +129,7 @@ jobs:
       - name: Install libraries
         run: |
           arduino-cli lib update-index
-          arduino-cli lib install "ArduinoJson" "StreamUtils"
+          arduino-cli lib install "ArduinoJson"
 
       - name: Add local library to sketchbook
         run: |
@@ -121,7 +138,7 @@ jobs:
           mkdir -p "$SKETCHBOOK_DIR/libraries/ESPCrypto"
           rsync -a --delete --exclude ".git" ./ "$SKETCHBOOK_DIR/libraries/ESPCrypto/"
 
-      - name: Build examples
+      - name: Build Arduino examples
         env:
           BOARDS: ${{ env.ARDUINO_BOARDS }}
         run: |
@@ -132,7 +149,7 @@ jobs:
             fi
             echo "::group::Compiling examples for ${board_name} (${fqbn})"
             for d in examples/*; do
-              if [ -d "$d" ]; then
+              if [ -d "$d" ] && [ ! -f "$d/CMakeLists.txt" ]; then
                 echo "Compiling $d"
                 arduino-cli compile --fqbn "$fqbn" "$d"
               fi

CHANGELOG.md

@@ -18,7 +18,7 @@ _No changes yet._
 - ChaCha20-Poly1305 encrypt/decrypt and X25519 shared-secret helper (capability-gated); XChaCha20-Poly1305 and Ed25519/EdDSA APIs are present but return `Unsupported` until a backend is available.
 - New examples: keystore/streaming demo, JWKS rotation, and micro-benchmarks for SHA/AES-GCM.
 - Planned curve25519 helpers once ESP-IDF exposes hardware accel hooks.
-- `SecureBuffer`/`SecureString` RAII containers that zeroize sensitive material, plus `CryptoStatus`/`CryptoResult` and span-based overloads for SHA, AES, JWT, signing, and password helpers.
+- `SecureBuffer`/secure text RAII containers that zeroize sensitive material, plus `CryptoStatus`/`CryptoResult` and span-based overloads for SHA, AES, JWT, signing, and password helpers.
 - AES-GCM safe helpers that auto-generate nonces, optional nonce-reuse debug guardrails, and capability reporting via `ESPCrypto::caps()`.
 - HMAC/HKDF/PBKDF2 APIs (SHA-256/384/512) with policy enforcement for PBKDF2 iteration counts and RSA/ECC key sizes.
 - Known-answer tests for SHA-2 variants, AES-GCM (NIST vectors), HKDF, PBKDF2, and AES-GCM auto-IV round-trips to keep regressions visible.

CMakeLists.txt

@@ -3,6 +3,25 @@
 # MIT License
 
 cmake_minimum_required(VERSION 3.12)
+
+set(ESPCRYPTO_SOURCES
+    src/esp_crypto/crypto_core.cpp
+    src/esp_crypto/crypto_hash_kdf.cpp
+    src/esp_crypto/crypto_symmetric.cpp
+    src/esp_crypto/crypto_asymmetric.cpp
+    src/esp_crypto/crypto_storage.cpp
+    src/esp_crypto/crypto_jwt.cpp
+)
+
+if(ESP_PLATFORM)
+    idf_component_register(
+        SRCS ${ESPCRYPTO_SOURCES}
+        INCLUDE_DIRS src
+        REQUIRES mbedtls nvs_flash esp_timer
+    )
+    return()
+endif()
+
 project(ESPCrypto)
 
 include(CTest)