Merged WolfSSL patch.

git-svn-id: svn://svn.code.sf.net/p/chibios/svn/trunk@11143 35acf78f-673a-0410-8e92-d51de3d6d3f4

5 files changed, 582 insertions, 0 deletions

diff --git a/os/various/wolfssl_bindings/hwrng.c b/os/various/wolfssl_bindings/hwrng.c
new file mode 100644
index 000000000..f437b49ef
--- /dev/null
+++ b/os/various/wolfssl_bindings/hwrng.c
@@ -0,0 +1,80 @@
+/*
+    ChibiOS - Copyright (C) 2006..2016 Giovanni Di Sirio
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+*/
+/*
+ * **** This file incorporates work covered by the following copyright and ****
+ * **** permission notice:                                                 ****
+ *
+ * Copyright (C) 2006-2017 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ *
+ */
+#include <ch.h>
+#include <stdint.h>
+#include "wolfssl_chibios.h"
+#include "user_settings.h"
+
+unsigned int chibios_rand_generate(void)
+{
+  static unsigned int last_value=0;
+  static unsigned int new_value=0;
+  unsigned int error_bits = 0;
+  error_bits = RNG_SR_SEIS | RNG_SR_CEIS;
+  while (new_value==last_value) {
+    /* Check for error flags and if data is ready. */
+    if ( ((RNG->SR & error_bits) == 0) && ( (RNG->SR & RNG_SR_DRDY) == 1 ) )
+      new_value=RNG->DR;
+  }
+  last_value=new_value;
+  return new_value;
+}
+
+int custom_rand_generate_block(unsigned char* output, unsigned int sz)
+{
+    uint32_t i = 0;
+
+    while (i < sz)
+    {
+        /* If not aligned or there is odd/remainder */
+        if( (i + sizeof(CUSTOM_RAND_TYPE)) > sz ||
+            ((uint32_t)&output[i] % sizeof(CUSTOM_RAND_TYPE)) != 0
+        ) {
+            /* Single byte at a time */
+            output[i++] = (unsigned char)chibios_rand_generate();
+        }
+        else {
+            /* Use native 8, 16, 32 or 64 copy instruction */
+            *((CUSTOM_RAND_TYPE*)&output[i]) = chibios_rand_generate();
+            i += sizeof(CUSTOM_RAND_TYPE);
+        }
+    }
+    return 0;
+}
+
diff --git a/os/various/wolfssl_bindings/user_settings.h b/os/various/wolfssl_bindings/user_settings.h
new file mode 100644
index 000000000..4b491225e
--- /dev/null
+++ b/os/various/wolfssl_bindings/user_settings.h
@@ -0,0 +1,85 @@
+#include <stdint.h>
+
+/* Configuration */
+
+#define WOLFSSL_GENERAL_ALIGNMENT 4
+#define HAVE_TM_TYPE
+
+
+/* ChibiOS + Lwip */
+#define HAVE_LWIP_NATIVE 
+#define WOLFSSL_CHIBIOS 
+
+#define USER_TICKS 
+#define WOLFSSL_USER_CURRTIME 
+#define XMALLOC_OVERRIDE 
+#define USE_WOLF_TIME_T
+#define XTIME(tl)       (LowResTimer())
+
+
+/* ARM  */
+		
+#define RSA_LOW_MEM
+#define NO_OLD_RNGNAME  
+#define SMALL_SESSION_CACHE
+#define WOLFSSL_SMALL_STACK
+
+#define TFM_ARM
+#define SINGLE_THREADED
+#define NO_SIG_WRAPPER
+		
+/* Cipher features */
+//#define USE_FAST_MATH
+//#define ALT_ECC_SIZE
+
+#define HAVE_FFDHE_2048
+#define HAVE_CHACHA 
+#define HAVE_POLY1305 
+#define HAVE_ECC 
+#define HAVE_CURVE25519
+#define CURVED25519_SMALL
+#define HAVE_ONE_TIME_AUTH
+#define WOLFSSL_DH_CONST
+		
+/* HW RNG support */
+
+unsigned int chibios_rand_generate(void);
+int custom_rand_generate_block(unsigned char* output, unsigned int sz);
+
+#define CUSTOM_RAND_GENERATE chibios_rand_generate
+#define CUSTOM_RAND_TYPE uint32_t
+
+#define HAVE_ED25519
+#define HAVE_POLY1305
+#define HAVE_SHA512
+#define WOLFSSL_SHA512
+
+
+/* Size/speed config */
+//#define USE_SLOW_SHA2
+
+/* Robustness */
+#define TFM_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+#define WC_RSA_BLINDING
+
+/* Remove Features */
+#define NO_WRITEV
+#define NO_DEV_RANDOM
+#define NO_FILESYSTEM
+#define NO_MAIN_DRIVER
+#define NO_MD4
+#define NO_RABBIT
+#define NO_HC128
+#define NO_DSA
+#define NO_PWDBASED
+#define NO_PSK
+#define NO_64BIT
+#define NO_DES3
+#define NO_RC4
+
+
+/* Realloc (to use without USE_FAST_MATH) */
+
+void *chHeapRealloc (void *addr, uint32_t size);
+#define XREALLOC(p,n,h,t) chHeapRealloc( (p) , (n) )
diff --git a/os/various/wolfssl_bindings/wolfssl.mk b/os/various/wolfssl_bindings/wolfssl.mk
new file mode 100644
index 000000000..00ef082ff
--- /dev/null
+++ b/os/various/wolfssl_bindings/wolfssl.mk
@@ -0,0 +1,98 @@
+# List of the required lwIP files.
+WOLFSSL = 	$(CHIBIOS)/ext/wolfssl
+
+WOLFBINDSRC = \
+        $(CHIBIOS)/os/various/wolfssl_bindings/wolfssl_chibios.c \
+        $(CHIBIOS)/os/various/wolfssl_bindings/hwrng.c
+
+WOLFCRYPTSRC = \
+	$(WOLFSSL)/wolfcrypt/src/sha.c \
+	$(WOLFSSL)/wolfcrypt/src/ge_low_mem.c \
+	$(WOLFSSL)/wolfcrypt/src/compress.c \
+	$(WOLFSSL)/wolfcrypt/src/chacha20_poly1305.c \
+	$(WOLFSSL)/wolfcrypt/src/des3.c \
+	$(WOLFSSL)/wolfcrypt/src/fe_low_mem.c \
+	$(WOLFSSL)/wolfcrypt/src/hmac.c \
+	$(WOLFSSL)/wolfcrypt/src/asm.c \
+	$(WOLFSSL)/wolfcrypt/src/camellia.c \
+	$(WOLFSSL)/wolfcrypt/src/ecc.c \
+	$(WOLFSSL)/wolfcrypt/src/ecc_fp.c \
+	$(WOLFSSL)/wolfcrypt/src/ripemd.c \
+	$(WOLFSSL)/wolfcrypt/src/rsa.c \
+	$(WOLFSSL)/wolfcrypt/src/wc_port.c \
+	$(WOLFSSL)/wolfcrypt/src/arc4.c \
+	$(WOLFSSL)/wolfcrypt/src/srp.c \
+	$(WOLFSSL)/wolfcrypt/src/random.c \
+	$(WOLFSSL)/wolfcrypt/src/idea.c \
+	$(WOLFSSL)/wolfcrypt/src/blake2b.c \
+	$(WOLFSSL)/wolfcrypt/src/error.c \
+	$(WOLFSSL)/wolfcrypt/src/dh.c \
+	$(WOLFSSL)/wolfcrypt/src/asn.c \
+	$(WOLFSSL)/wolfcrypt/src/cmac.c \
+	$(WOLFSSL)/wolfcrypt/src/signature.c \
+	$(WOLFSSL)/wolfcrypt/src/pwdbased.c \
+	$(WOLFSSL)/wolfcrypt/src/chacha.c \
+	$(WOLFSSL)/wolfcrypt/src/md5.c \
+	$(WOLFSSL)/wolfcrypt/src/aes.c \
+	$(WOLFSSL)/wolfcrypt/src/wolfmath.c \
+	$(WOLFSSL)/wolfcrypt/src/memory.c \
+	$(WOLFSSL)/wolfcrypt/src/logging.c \
+	$(WOLFSSL)/wolfcrypt/src/tfm.c \
+	$(WOLFSSL)/wolfcrypt/src/coding.c \
+	$(WOLFSSL)/wolfcrypt/src/rabbit.c \
+	$(WOLFSSL)/wolfcrypt/src/pkcs12.c \
+	$(WOLFSSL)/wolfcrypt/src/md2.c \
+	$(WOLFSSL)/wolfcrypt/src/ge_operations.c \
+	$(WOLFSSL)/wolfcrypt/src/sha512.c \
+	$(WOLFSSL)/wolfcrypt/src/sha3.c \
+	$(WOLFSSL)/wolfcrypt/src/port/nrf51.c \
+	$(WOLFSSL)/wolfcrypt/src/port/pic32/pic32mz-crypt.c \
+	$(WOLFSSL)/wolfcrypt/src/port/atmel/atmel.c \
+	$(WOLFSSL)/wolfcrypt/src/port/nxp/ksdk_port.c \
+	$(WOLFSSL)/wolfcrypt/src/port/ti/ti-des3.c \
+	$(WOLFSSL)/wolfcrypt/src/port/ti/ti-ccm.c \
+	$(WOLFSSL)/wolfcrypt/src/port/ti/ti-hash.c \
+	$(WOLFSSL)/wolfcrypt/src/port/ti/ti-aes.c \
+	$(WOLFSSL)/wolfcrypt/src/port/arm/armv8-aes.c \
+	$(WOLFSSL)/wolfcrypt/src/port/arm/armv8-sha256.c \
+	$(WOLFSSL)/wolfcrypt/src/port/xilinx/xil-aesgcm.c \
+	$(WOLFSSL)/wolfcrypt/src/port/xilinx/xil-sha3.c \
+	$(WOLFSSL)/wolfcrypt/src/hash.c \
+	$(WOLFSSL)/wolfcrypt/src/curve25519.c \
+	$(WOLFSSL)/wolfcrypt/src/integer.c \
+	$(WOLFSSL)/wolfcrypt/src/wolfevent.c \
+	$(WOLFSSL)/wolfcrypt/src/dsa.c \
+	$(WOLFSSL)/wolfcrypt/src/pkcs7.c \
+	$(WOLFSSL)/wolfcrypt/src/wc_encrypt.c \
+	$(WOLFSSL)/wolfcrypt/src/cpuid.c \
+	$(WOLFSSL)/wolfcrypt/src/sha256.c \
+	$(WOLFSSL)/wolfcrypt/src/md4.c \
+	$(WOLFSSL)/wolfcrypt/src/fe_operations.c \
+	$(WOLFSSL)/wolfcrypt/src/ed25519.c \
+	$(WOLFSSL)/wolfcrypt/src/poly1305.c \
+	$(WOLFSSL)/wolfcrypt/src/hc128.c \
+
+WOLFSSLSRC = \
+	$(WOLFSSL)/src/internal.c \
+	$(WOLFSSL)/src/tls.c \
+	$(WOLFSSL)/src/keys.c \
+	$(WOLFSSL)/src/crl.c \
+	$(WOLFSSL)/src/ssl.c \
+	$(WOLFSSL)/src/wolfio.c \
+	$(WOLFSSL)/src/sniffer.c \
+	$(WOLFSSL)/src/ocsp.c \
+	$(WOLFSSL)/src/tls13.c
+
+
+WOLFSRC = $(WOLFBINDSRC) $(WOLFCRYPTSRC) $(WOLFSSLSRC)
+
+WOLFINC = \
+        $(CHIBIOS)/os/various/wolfssl_bindings \
+        $(WOLFSSL)/wolfcrypt/include \
+        $(WOLFSSL)/wolfssl/include \
+		$(WOLFSSL)
+
+# Shared variables
+ALLCSRC += $(WOLFSRC)
+ALLINC  += $(WOLFINC)
+
diff --git a/os/various/wolfssl_bindings/wolfssl_chibios.c b/os/various/wolfssl_bindings/wolfssl_chibios.c
new file mode 100644
index 000000000..2c0594517
--- /dev/null
+++ b/os/various/wolfssl_bindings/wolfssl_chibios.c
@@ -0,0 +1,252 @@
+/*
+    ChibiOS - Copyright (C) 2006..2016 Giovanni Di Sirio
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+*/
+/*
+ * **** This file incorporates work covered by the following copyright and ****
+ * **** permission notice:                                                 ****
+ *
+ * Copyright (C) 2006-2017 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ *
+ */
+
+#include "ch.h"
+#include "wolfssl_chibios.h"
+#include "lwip/opt.h"
+#include "lwip/arch.h"
+#include "lwip/api.h"
+#include "lwip/mem.h"
+#include "lwip/sockets.h"
+#include "lwip/tcp.h"
+#include <string.h>
+static int wolfssl_is_initialized = 0;
+
+sslconn *sslconn_accept(sslconn *sk)
+{
+  sslconn *new;
+  struct netconn *newconn = NULL;
+  err_t err;
+  err = netconn_accept(sk->conn, &newconn);
+  if (err != ERR_OK) {
+      return NULL;
+  }
+  new = chHeapAlloc(NULL, sizeof(sslconn));
+  if (!new)
+      return NULL;
+  new->conn = newconn;
+  new->ctx = sk->ctx;
+  new->ssl = wolfSSL_new(new->ctx);
+  wolfSSL_SetIOReadCtx(new->ssl, new);
+  wolfSSL_SetIOWriteCtx(new->ssl, new);
+
+  if (wolfSSL_accept(new->ssl) == SSL_SUCCESS) {
+    wolfSSL_set_using_nonblock(new->ssl, 1);
+    newconn->pcb.tcp->mss = 1480;
+    return new;
+  } else {
+    wolfSSL_free(new->ssl);
+    chHeapFree(new);
+    return NULL;
+  }
+}
+
+sslconn *sslconn_new(enum netconn_type t, WOLFSSL_METHOD* method)
+{
+    sslconn *sk;
+    if (!wolfssl_is_initialized) {
+        wolfSSL_Init();
+        wolfssl_is_initialized++;
+    }
+
+    sk = chHeapAlloc(NULL, sizeof(sslconn));
+    if (!sk)
+        return NULL;
+    memset(sk, 0, sizeof(sslconn));
+    sk->ctx = wolfSSL_CTX_new(method);
+    if (!sk->ctx)
+        goto error;
+    sk->conn = netconn_new(t);
+    if (!sk->conn)
+        goto error;
+    wolfSSL_SetIORecv(sk->ctx, wolfssl_recv_cb);
+    wolfSSL_SetIOSend(sk->ctx, wolfssl_send_cb);
+    return sk;
+
+error:
+    if (sk->ctx)
+        wolfSSL_CTX_free(sk->ctx);
+    chHeapFree(sk);
+    return NULL;
+}
+
+void sslconn_close(sslconn *sk)
+{
+    netconn_delete(sk->conn);
+    wolfSSL_free(sk->ssl);
+    chHeapFree(sk);
+}
+
+
+/* IO Callbacks */
+int wolfssl_send_cb(WOLFSSL* ssl, char *buf, int sz, void *ctx)
+{
+  sslconn *sk = (sslconn *)ctx;
+  int err;
+  (void)ssl;
+  err = netconn_write(sk->conn, buf, sz, NETCONN_COPY);
+  if (err == ERR_OK)
+    return sz;
+  else
+    return -2;
+}
+
+
+#define MAX_SSL_BUF 1460
+static uint8_t ssl_recv_buffer[MAX_SSL_BUF];
+static int ssl_rb_len = 0;
+static int ssl_rb_off = 0;
+
+int wolfssl_recv_cb(WOLFSSL *ssl, char *buf, int sz, void *ctx)
+{
+    sslconn *sk = (sslconn *)ctx;
+    struct netbuf *inbuf = NULL;
+    uint8_t *net_buf;
+    uint16_t buflen;
+    (void)ssl;
+    err_t err;
+
+    if (ssl_rb_len > 0) {
+        if (sz > ssl_rb_len - ssl_rb_off)
+            sz = ssl_rb_len - ssl_rb_off;
+        memcpy(buf, ssl_recv_buffer + ssl_rb_off, sz);
+        ssl_rb_off += sz;
+        if (ssl_rb_off >= ssl_rb_len) {
+            ssl_rb_len = 0;
+            ssl_rb_off = 0;
+        }
+        return sz;
+    }
+
+
+    err = netconn_recv(sk->conn, &inbuf);
+    if (err == ERR_OK) {
+        netbuf_data(inbuf, (void **)&net_buf, &buflen);
+        ssl_rb_len = buflen;
+        if (ssl_rb_len > MAX_SSL_BUF)
+            ssl_rb_len = MAX_SSL_BUF;
+        memcpy(ssl_recv_buffer, net_buf, ssl_rb_len);
+        ssl_rb_off = 0;
+        if (sz > ssl_rb_len)
+            sz = ssl_rb_len;
+        memcpy(buf, ssl_recv_buffer, sz);
+        ssl_rb_off += sz;
+        if (ssl_rb_off >= ssl_rb_len) {
+            ssl_rb_len = 0;
+            ssl_rb_off = 0;
+        }
+        netbuf_delete(inbuf);
+        return sz;
+    }
+    else
+        return 0;
+    //return WOLFSSL_CBIO_ERR_WANT_READ;
+}
+
+#ifndef ST2S
+#   define ST2S(n) (((n) + CH_CFG_ST_FREQUENCY - 1UL) / CH_CFG_ST_FREQUENCY)
+#endif
+
+#ifndef ST2MS
+#define ST2MS(n) (((n) * 1000UL + CH_CFG_ST_FREQUENCY - 1UL) / CH_CFG_ST_FREQUENCY)
+#endif
+
+
+uint32_t LowResTimer(void)
+{
+    systime_t t = chVTGetSystemTimeX();
+    return ST2S(t);
+}
+
+uint32_t TimeNowInMilliseconds(void)
+{
+    systime_t t = chVTGetSystemTimeX();
+    return ST2MS(t);
+}
+
+void *chHeapRealloc (void *addr, uint32_t size)
+{
+    union heap_header *hp;
+    uint32_t prev_size, new_size;
+
+    void *ptr;
+
+    if(addr == NULL) {
+        return chHeapAlloc(NULL, size);
+    }
+
+    /* previous allocated segment is preceded by an heap_header */
+    hp = addr - sizeof(union heap_header);
+    prev_size = hp->used.size; /* size is always multiple of 8 */
+
+    /* check new size memory alignment */
+    if(size % 8 == 0) {
+        new_size = size;
+    }
+    else {
+        new_size = ((int) (size / 8)) * 8 + 8;
+    }
+
+    if(prev_size >= new_size) {
+        return addr;
+    }
+
+    ptr = chHeapAlloc(NULL, size);
+    if(ptr == NULL) {
+        return NULL;
+    }
+
+    memcpy(ptr, addr, prev_size);
+
+    chHeapFree(addr);
+
+    return ptr;
+}
+
+void *chibios_alloc(void *heap, int size)
+{
+    return chHeapAlloc(heap, size);
+}
+
+void chibios_free(void *ptr)
+{
+    if (ptr)
+        chHeapFree(ptr);
+}
+
diff --git a/os/various/wolfssl_bindings/wolfssl_chibios.h b/os/various/wolfssl_bindings/wolfssl_chibios.h
new file mode 100644
index 000000000..ae150af09
--- /dev/null
+++ b/os/various/wolfssl_bindings/wolfssl_chibios.h
@@ -0,0 +1,67 @@
+/*
+    ChibiOS - Copyright (C) 2006..2016 Giovanni Di Sirio
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+*/
+/*
+ * **** This file incorporates work covered by the following copyright and ****
+ * **** permission notice:                                                 ****
+ *
+ * Copyright (C) 2006-2017 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ *
+ */
+#ifndef WOLFSSL_SK_H
+#define WOLFSSL_SK_H
+#include "wolfssl/ssl.h"
+#include "lwip/opt.h"
+#include "lwip/arch.h"
+#include "lwip/api.h"
+#include "user_settings.h"
+#define XMALLOC(s,h,t) chibios_alloc(h,s)
+#define XFREE(p,h,t)   chibios_free(p)
+
+struct sslconn {
+    WOLFSSL_CTX *ctx;
+    WOLFSSL *ssl;
+    struct netconn *conn;
+};
+
+typedef struct sslconn sslconn;
+
+sslconn *sslconn_accept(struct sslconn *sk);
+sslconn *sslconn_new(enum netconn_type t, WOLFSSL_METHOD *method);
+void sslconn_close(sslconn *sk);
+
+int wolfssl_send_cb(WOLFSSL* ssl, char *buf, int sz, void *ctx);
+int wolfssl_recv_cb(WOLFSSL *ssl, char *buf, int sz, void *ctx);
+
+void *chibios_alloc(void *heap, int size);
+void chibios_free(void *ptr);
+
+#endif