From 59e3b0285abd3349904a97848b0478c7df6e9b26 Mon Sep 17 00:00:00 2001 From: cpq Date: Thu, 1 Jun 2023 13:48:20 +0100 Subject: [PATCH] Add TLS=mbedtls option --- examples/device-dashboard/Makefile | 12 ++-- examples/device-dashboard/mbedtls_config.h | 63 +++++++++++++++++++ examples/device-dashboard/net.c | 9 +++ .../stm32/nucleo-f746zg-baremetal/Makefile | 12 +++- .../nucleo-f746zg-baremetal/mbedtls_config.h | 1 + 5 files changed, 90 insertions(+), 7 deletions(-) create mode 100644 examples/device-dashboard/mbedtls_config.h create mode 120000 examples/stm32/nucleo-f746zg-baremetal/mbedtls_config.h diff --git a/examples/device-dashboard/Makefile b/examples/device-dashboard/Makefile index 81b54568..f33b88c0 100644 --- a/examples/device-dashboard/Makefile +++ b/examples/device-dashboard/Makefile @@ -9,13 +9,11 @@ CFLAGS = -W -Wall -Wextra -g -I. # Build options CFLAGS_MONGOOSE += ifeq ($(OS),Windows_NT) # Windows settings. Assume MinGW compiler. To use VC: make CC=cl CFLAGS=/MD OUT=/Feprog.exe - PROG ?= example.exe # Use .exe suffix for the binary + PROG = example.exe # Use .exe suffix for the binary PACK = pack.exe # Packing executable CC = gcc # Use MinGW gcc compiler CFLAGS += -lws2_32 # Link against Winsock library DELETE = cmd /C del /Q /F /S # Command prompt command to delete files - OUT ?= -o $(PROG) # Build output - MAKE += WINDOWS=1 CC=$(CC) endif # Default target. Build and run program @@ -39,10 +37,14 @@ packed_fs.c: $(wildcard web_root/*) Makefile web_root/main.css web_root/bundle.j $(CC) ../../test/pack.c -o $(PACK) $(PACK) $(wildcard web_root/*) > $@ -# Pull and build mbedTLS library. See https://mongoose.ws/tutorials/tls/#how-to-build for TLS build options mbedtls: git clone --depth 1 -b v2.28.2 https://github.com/mbed-tls/mbedtls $@ - $(MAKE) -C mbedtls/library + +ifeq ($(TLS), mbedtls) +CFLAGS += -DMG_ENABLE_MBEDTLS=1 -Wno-conversion -Imbedtls/include +CFLAGS += -DMBEDTLS_CONFIG_FILE=\"mbedtls_config.h\" mbedtls/library/*.c +$(PROG): mbedtls +endif # Cleanup. Delete built program and all build artifacts clean: diff --git a/examples/device-dashboard/mbedtls_config.h b/examples/device-dashboard/mbedtls_config.h new file mode 100644 index 00000000..0103ace3 --- /dev/null +++ b/examples/device-dashboard/mbedtls_config.h @@ -0,0 +1,63 @@ +/* Workaround for some mbedtls source files using INT_MAX without including limits.h */ +#include + +#define MBEDTLS_NO_PLATFORM_ENTROPY +//#define MBEDTLS_ENTROPY_HARDWARE_ALT +#define MBEDTLS_SSL_OUT_CONTENT_LEN 2048 +#define MBEDTLS_ALLOW_PRIVATE_ACCESS +#define MBEDTLS_HAVE_TIME + +#define MBEDTLS_CIPHER_MODE_CBC +#define MBEDTLS_ECP_DP_SECP192R1_ENABLED +#define MBEDTLS_ECP_DP_SECP224R1_ENABLED +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +#define MBEDTLS_ECP_DP_SECP521R1_ENABLED +#define MBEDTLS_ECP_DP_SECP192K1_ENABLED +#define MBEDTLS_ECP_DP_SECP224K1_ENABLED +#define MBEDTLS_ECP_DP_SECP256K1_ENABLED +#define MBEDTLS_ECP_DP_BP256R1_ENABLED +#define MBEDTLS_ECP_DP_BP384R1_ENABLED +#define MBEDTLS_ECP_DP_BP512R1_ENABLED +#define MBEDTLS_ECP_DP_CURVE25519_ENABLED +#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +#define MBEDTLS_PKCS1_V15 +#define MBEDTLS_SHA256_SMALLER +#define MBEDTLS_SSL_SERVER_NAME_INDICATION +#define MBEDTLS_AES_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_ENTROPY_C +#define MBEDTLS_ERROR_C +#define MBEDTLS_MD_C +#define MBEDTLS_MD5_C +#define MBEDTLS_OID_C +#define MBEDTLS_PKCS5_C +#define MBEDTLS_PK_C +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PLATFORM_C +#define MBEDTLS_RSA_C +#define MBEDTLS_SHA1_C +#define MBEDTLS_SHA224_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SHA512_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_SRV_C +#define MBEDTLS_SSL_TLS_C +#define MBEDTLS_X509_CRT_PARSE_C +#define MBEDTLS_X509_USE_C +#define MBEDTLS_AES_FEWER_TABLES +#define MBEDTLS_PEM_PARSE_C +#define MBEDTLS_BASE64_C + +// TLS 1.2 +#define MBEDTLS_SSL_PROTO_TLS1_2 +#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +#define MBEDTLS_GCM_C +#define MBEDTLS_ECDH_C +#define MBEDTLS_ECP_C +#define MBEDTLS_ECDSA_C +#define MBEDTLS_ASN1_WRITE_C + diff --git a/examples/device-dashboard/net.c b/examples/device-dashboard/net.c index 968e0f1a..371bb6b1 100644 --- a/examples/device-dashboard/net.c +++ b/examples/device-dashboard/net.c @@ -72,6 +72,15 @@ static int event_next(int no, struct event *e) { return no + 1; } +// This is for newlib and TLS (mbedTLS) +int _gettimeofday(struct timeval *tv, void *tz) { + uint64_t now = mg_millis() + s_boot_timestamp; + (void) tz; + tv->tv_sec = (time_t) (now / 1000); + tv->tv_usec = (unsigned long) ((now % 1000) * 1000); + return 0; +} + // SNTP connection event handler. When we get a response from an SNTP server, // adjust s_boot_timestamp. We'll get a valid time from that point on static void sfn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) { diff --git a/examples/stm32/nucleo-f746zg-baremetal/Makefile b/examples/stm32/nucleo-f746zg-baremetal/Makefile index e483a850..36726779 100644 --- a/examples/stm32/nucleo-f746zg-baremetal/Makefile +++ b/examples/stm32/nucleo-f746zg-baremetal/Makefile @@ -14,7 +14,7 @@ CFLAGS += -DMG_ENABLE_TCPIP=1 -DMG_ARCH=MG_ARCH_NEWLIB -DMG_ENABLE_CUSTOM_MILLIS CFLAGS += -DMG_ENABLE_CUSTOM_RANDOM=1 -DMG_ENABLE_PACKED_FS=1 $(CFLAGS_EXTRA) # Example specific build options. See README.md -CFLAGS += -DHTTP_URL=\"http://0.0.0.0/\" +CFLAGS += -DHTTP_URL=\"http://0.0.0.0/\" -DHTTPS_URL=\"https://0.0.0.0/\" ifeq ($(OS),Windows_NT) RM = cmd /C del /Q /F /S @@ -27,7 +27,7 @@ all build example: firmware.bin firmware.bin: firmware.elf arm-none-eabi-objcopy -O binary $< $@ -firmware.elf: cmsis_core cmsis_f7 $(SOURCES) hal.h link.ld +firmware.elf: cmsis_core cmsis_f7 $(SOURCES) hal.h link.ld Makefile arm-none-eabi-gcc $(SOURCES) $(CFLAGS) $(LDFLAGS) -o $@ flash: firmware.bin @@ -37,6 +37,14 @@ cmsis_core: # ARM CMSIS core headers git clone --depth 1 -b 5.9.0 https://github.com/ARM-software/CMSIS_5 $@ cmsis_f7: # ST CMSIS headers for STM32F7 series git clone --depth 1 -b v1.2.8 https://github.com/STMicroelectronics/cmsis_device_f7 $@ +mbedtls: # mbedTLS library + git clone --depth 1 -b v2.28.2 https://github.com/mbed-tls/mbedtls $@ + +ifeq ($(TLS), mbedtls) +CFLAGS += -DMG_ENABLE_MBEDTLS=1 -Wno-conversion -Imbedtls/include +CFLAGS += -DMBEDTLS_CONFIG_FILE=\"mbedtls_config.h\" mbedtls/library/*.c +firmware.elf: mbedtls +endif # Automated remote test. Requires env variable VCON_API_KEY set. See https://vcon.io/automated-firmware-tests/ DEVICE_URL ?= https://dash.vcon.io/api/v3/devices/5 diff --git a/examples/stm32/nucleo-f746zg-baremetal/mbedtls_config.h b/examples/stm32/nucleo-f746zg-baremetal/mbedtls_config.h new file mode 120000 index 00000000..263cf044 --- /dev/null +++ b/examples/stm32/nucleo-f746zg-baremetal/mbedtls_config.h @@ -0,0 +1 @@ +../../device-dashboard/mbedtls_config.h \ No newline at end of file