Skip to content

Commit

Permalink
Merge pull request #7731 from ColtonWilley/zephyr_tls_support
Browse files Browse the repository at this point in the history
Changes needed for default TLS support in zephyr kernel
  • Loading branch information
JacobBarthelmeh authored Jul 11, 2024
2 parents e0494b5 + 978456e commit baec0ce
Show file tree
Hide file tree
Showing 8 changed files with 97 additions and 20 deletions.
2 changes: 1 addition & 1 deletion src/internal.c
Original file line number Diff line number Diff line change
Expand Up @@ -9914,7 +9914,7 @@ ProtocolVersion MakeDTLSv1_3(void)
word32 LowResTimer(void)
{
int64_t t;
#if defined(CONFIG_ARCH_POSIX)
#if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_BOARD_NATIVE_POSIX)
k_cpu_idle();
#endif
t = k_uptime_get(); /* returns current uptime in milliseconds */
Expand Down
36 changes: 18 additions & 18 deletions tests/api.c
Original file line number Diff line number Diff line change
Expand Up @@ -1546,24 +1546,24 @@ static int test_wolfSSL_CTX_set_cipher_list_bytes(void)

const byte cipherList[] =
{
/* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x16,
/* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x39,
/* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x33,
/* TLS_DH_anon_WITH_AES_128_CBC_SHA */ 0xC0, 0x34,
/* TLS_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x35,
/* TLS_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x2F,
/* TLS_RSA_WITH_NULL_MD5 */ 0xC0, 0x01,
/* TLS_RSA_WITH_NULL_SHA */ 0xC0, 0x02,
/* TLS_PSK_WITH_AES_256_CBC_SHA */ 0xC0, 0x8d,
/* TLS_PSK_WITH_AES_128_CBC_SHA256 */ 0xC0, 0xae,
/* TLS_PSK_WITH_AES_256_CBC_SHA384 */ 0xC0, 0xaf,
/* TLS_PSK_WITH_AES_128_CBC_SHA */ 0xC0, 0x8c,
/* TLS_PSK_WITH_NULL_SHA256 */ 0xC0, 0xb0,
/* TLS_PSK_WITH_NULL_SHA384 */ 0xC0, 0xb1,
/* TLS_PSK_WITH_NULL_SHA */ 0xC0, 0x2c,
/* SSL_RSA_WITH_RC4_128_SHA */ 0xC0, 0x05,
/* SSL_RSA_WITH_RC4_128_MD5 */ 0xC0, 0x04,
/* SSL_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x0A,
/* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0x00, 0x16,
/* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ 0x00, 0x39,
/* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ 0x00, 0x33,
/* TLS_DH_anon_WITH_AES_128_CBC_SHA */ 0x00, 0x34,
/* TLS_RSA_WITH_AES_256_CBC_SHA */ 0x00, 0x35,
/* TLS_RSA_WITH_AES_128_CBC_SHA */ 0x00, 0x2F,
/* TLS_RSA_WITH_NULL_MD5 */ 0x00, 0x01,
/* TLS_RSA_WITH_NULL_SHA */ 0x00, 0x02,
/* TLS_PSK_WITH_AES_256_CBC_SHA */ 0x00, 0x8d,
/* TLS_PSK_WITH_AES_128_CBC_SHA256 */ 0x00, 0xae,
/* TLS_PSK_WITH_AES_256_CBC_SHA384 */ 0x00, 0xaf,
/* TLS_PSK_WITH_AES_128_CBC_SHA */ 0x00, 0x8c,
/* TLS_PSK_WITH_NULL_SHA256 */ 0x00, 0xb0,
/* TLS_PSK_WITH_NULL_SHA384 */ 0x00, 0xb1,
/* TLS_PSK_WITH_NULL_SHA */ 0x00, 0x2c,
/* SSL_RSA_WITH_RC4_128_SHA */ 0x00, 0x05,
/* SSL_RSA_WITH_RC4_128_MD5 */ 0x00, 0x04,
/* SSL_RSA_WITH_3DES_EDE_CBC_SHA */ 0x00, 0x0A,

/* ECC suites, first byte is 0xC0 (ECC_BYTE) */
/* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x14,
Expand Down
3 changes: 3 additions & 0 deletions wolfcrypt/src/memory.c
Original file line number Diff line number Diff line change
Expand Up @@ -1211,6 +1211,9 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
#else
free(ptr);
#endif
#ifdef WOLFSSL_DEBUG_MEMORY
fprintf(stderr, "Free: %p at %s:%d\n", ptr, func, line);
#endif
#else
WOLFSSL_MSG("Error trying to call free when turned off");
#endif /* WOLFSSL_NO_MALLOC */
Expand Down
23 changes: 23 additions & 0 deletions wolfcrypt/src/wc_port.c
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,13 @@
#include <pthread.h>
#endif

#if defined(WOLFSSL_ZEPHYR)
#if defined(CONFIG_BOARD_NATIVE_POSIX)
#include "native_rtc.h"
#define CONFIG_RTC
#endif
#endif

/* prevent multiple mutex initializations */
static volatile int initRefCount = 0;

Expand Down Expand Up @@ -3173,6 +3180,21 @@ time_t z_time(time_t * timer)

#if defined(CONFIG_RTC) && \
(defined(CONFIG_PICOLIBC) || defined(CONFIG_NEWLIB_LIBC))

#if defined(CONFIG_BOARD_NATIVE_POSIX)

/* When using native sim, get time from simulator rtc */
uint32_t nsec = 0;
uint64_t sec = 0;
native_rtc_gettime(RTC_CLOCK_PSEUDOHOSTREALTIME, &nsec, &sec);

if (timer != NULL)
*timer = sec;

return sec;

#else

/* Try to obtain the actual time from an RTC */
static const struct device *rtc = DEVICE_DT_GET(DT_NODELABEL(rtc));

Expand All @@ -3191,6 +3213,7 @@ time_t z_time(time_t * timer)
return epochTime;
}
}
#endif /* defined(CONFIG_BOARD_NATIVE_POSIX) */
#endif

/* Fallback to uptime since boot. This works for relative times, but
Expand Down
1 change: 1 addition & 0 deletions wolfssl/wolfcrypt/settings.h
Original file line number Diff line number Diff line change
Expand Up @@ -2115,6 +2115,7 @@ extern void uITRON4_free(void *p) ;

void *z_realloc(void *ptr, size_t size);
#define realloc z_realloc
#define max MAX

#if !defined(CONFIG_NET_SOCKETS_POSIX_NAMES) && !defined(CONFIG_POSIX_API)
#define CONFIG_NET_SOCKETS_POSIX_NAMES
Expand Down
1 change: 1 addition & 0 deletions zephyr/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ if(CONFIG_WOLFSSL)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/zephyr/zephyr_init.c)

zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/crl.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/dtls.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/dtls13.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/internal.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/keys.c)
Expand Down
23 changes: 23 additions & 0 deletions zephyr/Kconfig
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,29 @@ config WOLFCRYPT_FIPS
Enables FIPS support in wolfCrypt. Requires the wolfSSL FIPS ready
download that includes fips.c/fips_test.c.

config WOLFSSL_DTLS
bool "wolfSSL DTLS support"
help
Enable DTLS support

config WOLFSSL_ALPN
bool "wolfSSL ALPN support"
help
Enable ALPN support

config WOLFSSL_PSK
bool "wolfSSL PSK support"
help
Enable PSK support

config WOLFSSL_MAX_FRAGMENT_LEN
int
default 3
range 1 6
help
Sets the maximum fragment length wolfSSL will use, values 1-6 correspond to enum values
WOLFSSL_MFL_* in ssl.h

config WOLFCRYPT_ARMASM
bool "wolfCrypt ARM Assembly support"
depends on WOLFSSL_BUILTIN
Expand Down
28 changes: 27 additions & 1 deletion zephyr/user_settings.h
Original file line number Diff line number Diff line change
Expand Up @@ -133,16 +133,42 @@ extern "C" {
#define NO_SESSION_CACHE /* disable session resumption */
#endif

/* DTLS */
#if defined(CONFIG_WOLFSSL_DTLS)
#define WOLFSSL_DTLS
#define HAVE_SOCKADDR
#endif

/* PSK */
#define NO_PSK /* disable pre-shared-key support */
#if defined(CONFIG_WOLFSSL_PSK)
#undef NO_PSK
#define WOLFSSL_STATIC_PSK
#else
#define NO_PSK /* disable pre-shared-key support */
#endif

/* ALPN */
#if defined(CONFIG_WOLFSSL_ALPN)
#define HAVE_ALPN
#endif

#if defined(CONFIG_WOLFSSL_MAX_FRAGMENT_LEN)
#define HAVE_MAX_FRAGMENT
#endif

#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
#define WOLFSSL_SET_CIPHER_BYTES
#endif

/* ------------------------------------------------------------------------- */
/* Algorithms */
/* ------------------------------------------------------------------------- */
/* RNG */
#ifndef WC_NO_HASHDRBG
#define HAVE_HASHDRBG /* Use DRBG SHA2-256 and seed */
#ifdef CONFIG_CSPRNG_ENABLED
#define WC_RNG_SEED_CB
#endif
#endif

/* ECC */
Expand Down

0 comments on commit baec0ce

Please sign in to comment.