Commit Graph

48 Commits

Author SHA1 Message Date
Sebastian Bøe c3f53911de mbedtls: Added support for using an externally built mbedtls
Kbuild supported CONFIG_MBEDTLS_LIBRARY and
CONFIG_MBEDTLS_INSTALL_PATH to allow users to link in an externally
built mbedtls. This was not ported over to CMake, causing build
failures when it was kconfig-enabled.

This patch implements this support. This support has been tested
as well as MBEDTLS_LIBRARY was tested in CI.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Signed-off-by: Ding Tao <miyatsu@qq.com>
2018-01-29 23:46:15 -05:00
Sebastian Bøe 61cf3b0573 mbedtls: Kconfig: Re-organize to enable choosing an mbedtls impl.
CONFIG_MBEDTLS means you are using MBEDTLS
CONFIG_MBEDTLS_BUILTIN means you are using a built-in MDEDTLS
CONFIG_MBEDTLS_LIBRARY means you are using an external MBEDTLS

This patch ensures that you must select one or the other
implementation when MBEDTLS is enabled.

Tested by opening xconfig and observing that when MBEDTLS was enabled,
BUILTIN was automatically enabled, and a radio-button interface
existed to change the implementation.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Signed-off-by: Ding Tao <miyatsu@qq.com>
2018-01-29 23:46:15 -05:00
Anas Nashif 5218b9ad0c ext: tinycrypt: Update README to reflect latest version
We forgot to update the version number in the README

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2018-01-08 08:08:45 -05:00
Sebastian Bøe 6f642a19fd cmake: Ported mbedTLS to use Zephyr interface libraries
mbedTLS include directories will now default to be in the 'app'
include path when mbedTLS has been enabled.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
2018-01-02 22:09:01 -05:00
Michael Scott 2fc554b8fc crypto: config: config-coap: add CONFIG for setting max content length
The CoAP samples use an MBEDTLS config "config-coap.h" which could be
re-used by the LwM2M sample, except that most servers use a larger
maximum content length setting of 1500 bytes.

Let's add a CONFIG to set this for users of the CoAP lib and set the
CONFIG value for the samples to the 256 size currently used.

Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
2017-12-15 17:52:13 -05:00
Anas Nashif 429c2a4d9d kconfig: fix help syntax and add spaces
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-12-13 17:43:28 -06:00
Kumar Gala 3a5ca91f28 crypto: Update TinyCrypt to 0.2.8
Version 0.2.8 of this library has been released on Aug 29, and this
patch updates the library from version 0.2.7.  A summary of changes
is available at the official repository at:

    https://github.com/01org/tinycrypt/releases/tag/v0.2.8

A number of the changes we already had in tree, so the import to sync
with v0.2.8 is pretty minor.

Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
2017-11-09 16:39:03 -06:00
Sebastian Bøe 0829ddfe9a kbuild: Removed KBuild
Signed-off-by: Sebastian Boe <sebastian.boe@nordicsemi.no>
2017-11-08 20:00:22 -05:00
Sebastian Bøe 12f8f76165 Introduce cmake-based rewrite of KBuild
Introducing CMake is an important step in a larger effort to make
Zephyr easy to use for application developers working on different
platforms with different development environment needs.

Simplified, this change retains Kconfig as-is, and replaces all
Makefiles with CMakeLists.txt. The DSL-like Make language that KBuild
offers is replaced by a set of CMake extentions. These extentions have
either provided simple one-to-one translations of KBuild features or
introduced new concepts that replace KBuild concepts.

This is a breaking change for existing test infrastructure and build
scripts that are maintained out-of-tree. But for FW itself, no porting
should be necessary.

For users that just want to continue their work with minimal
disruption the following should suffice:

Install CMake 3.8.2+

Port any out-of-tree Makefiles to CMake.

Learn the absolute minimum about the new command line interface:

$ cd samples/hello_world
$ mkdir build && cd build
$ cmake -DBOARD=nrf52_pca10040 ..

$ cd build
$ make

PR: zephyrproject-rtos#4692
docs: http://docs.zephyrproject.org/getting_started/getting_started.html

Signed-off-by: Sebastian Boe <sebastian.boe@nordicsemi.no>
2017-11-08 20:00:22 -05:00
Jukka Rissanen ae0f3d7224 net: https: mbedtls buffer length needs to be bigger for https
Mysterious TLS errors are printed if we try to work with too
small crypto buffer when https is enabled.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2017-11-06 09:33:00 -05:00
Ramakrishna Pallala 26c1bd545f ext: lib: crypto: mbedtls: Set default MBEDTLS_HEAP_SIZE to 512
Set default MBEDTLS_HEAP_SIZE to 512 which fixes the driver Kconfig
dependency issues.

Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
2017-11-03 14:27:41 -04:00
Ramakrishna Pallala 34113f0869 ext: lib: crypto: tinycrypt: Fix Kconfig prompt message
Fix TinyCrypt Kconfig prompt message.

Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
2017-11-03 14:27:41 -04:00
Leandro Pereira da9b0ddf5b drivers: Rename `random` to `entropy`
This should clear up some of the confusion with random number
generators and drivers that obtain entropy from the hardware.  Also,
many hardware number generators have limited bandwidth, so it's natural
for their output to be only used for seeding a random number generator.

Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2017-11-01 08:26:29 -04:00
Michael Scott afd5442521 ext: mbedtls: change MBEDTLS_DEBUG config from string to bool
When default "n" is selected (as it is by default) this sets:
CONFIG_MBEDTLS_DEBUG="n"

When checked by the existing logic (example shown below) will always
be true and debug will be enabled all the time:
//#if defined(CONFIG_MBEDTLS_DEBUG)

Instead, let's change the config type to "bool" which will be
undefined when set to "n" (by default).  The existing #if defined()
checks will work correctly.

NOTE: This fix saves a lot of binary space when MBEDTLS is enabled
due to the amount debug output being compiled in.

Signed-off-by: Michael Scott <michael.scott@linaro.org>
2017-10-01 17:34:09 -04:00
Leandro Pereira b9bc24c8dd crypto: mbedtls: Update mbedTLS to 2.6.0
Due to a security advisory released on August 28th 2017[1], it's
advisable to update mbedTLS to 2.6.0.

The vulnerability, identified as CVE-2017-14032, allows bypassing the
authentication of a peer when the authentication mode is configured as
optional (the default is secure, but applications might change the
setting.)

tests/crypto/mbedtls is passing.

[1] https://goo.gl/s4imN6

Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2017-08-30 21:42:02 -04:00
Ramakrishna Pallala f468b23f68 tinycrypt/sha256: Array compared to NULL has no effect
This commit fixes the issue reported by Coverity: an array compared
against NULL is always false.

Coverity-CID: 143715
Coverity-CID: 143730

THis patch is ported from below patch:
https://gerrit.zephyrproject.org/r/#/c/7419/

Jira : ZEP-2468
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
2017-08-29 16:31:53 -04:00
Ramakrishna Pallala c472b97c50 tinycrypt/hmac: Array compared to NULL has no effect
This commit fixes the issue reported by Coverity: an array compared
against NULL is always false.

Coverity-CID: 143687
Coverity-CID: 143737
Coverity-CID: 143740

This patch is ported from the below patch:
https://gerrit.zephyrproject.org/r/#/c/7418/

Jira: ZEP-2468
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
2017-08-29 16:31:53 -04:00
Leandro Pereira eb0dccdb94 tinycrypt: ecc_dh: Properly clear out temporary secret buffers
Zeroing out 2*NUM_ECC_WORDS bytes starting from the `p2` pointer would
not only write 16 bytes to an 8-byte array allocated on the stack, but
also not clear out important arrays such as `_private` and `tmp`.
Moreover, no memory was cleared out before returning from the function,
and there are two exit points.

Properly memset() all private data and use an empty assembly block
referencing the memory region to avoid the memset() calls to be elided
by the compiler.

Ideally, in the future, all stack-allocated variables that contains
sensitive information should be marked with __attribute__((cleanup)), a
GCC extension that calls a function when the variable exits the scope.
This will not only reduce code size, but for other functions with
multiple exit points, also ensure that sensitive data is always
cleared.

Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
2017-08-19 07:48:07 -04:00
Anas Nashif c287d0f60e crypto: Update to mbedTLS 2.5.1
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-08-03 11:15:25 -05:00
Jukka Rissanen 7c5002c409 ext: lib: mbedtls: Add example config for DTLS support
This mbedtls configuration creates support for DTLS. The values
are not optimized for RAM usage, but can be used for various
networking sample applications.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2017-08-01 10:38:22 -04:00
Leandro Pereira 14c56691c7 crypto: Update TinyCrypt to 0.2.7
Version 0.2.7 of this library has been released on June 30th, and this
patch updates the library from version 0.2.6.  A summary of changes
is available at the official repository at:

    https://github.com/01org/tinycrypt/releases/tag/v0.2.7

There were some API changes in this version, so some tests are not
building: ccm_mode, ecc_dh, and ecc_dsa.  Fixes to these tests and
subsystems affected by the changes will be provided.

Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-08-01 10:35:06 -04:00
Aska Wu 3e2b6dbd5d ext: lib: mbedtls: Increase max content len if MQTT TLS is enabled
Increase MBEDTLS_SSL_MAX_CONTENT_LEN to 2500 to avoid TLS handshake
failure with mosquitto.

Signed-off-by: Aska Wu <aska.wu@linaro.org>
2017-07-28 11:25:43 +03:00
Jukka Rissanen a5898da7f5 ext: lib: mbedtls: Optimize example config for Zephyr
This changes increases content buffer length
MBEDTLS_SSL_MAX_CONTENT_LEN to 1500 bytes so that we can use
this config for echo-client and echo-server network sample
applications which need to send bigger data than 1024 bytes.

Removing MBEDTLS_PEM_PARSE_C as we do not have any cert in PEM
format.

Place various MBEDTLS debug options behind CONFIG_MBEDTLS_DEBUG
Kconfig option which was introduced in previous commit.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2017-06-30 06:13:09 -04:00
Jukka Rissanen 65b9656707 ext: lib: mbedtls: Add Kconfig option to enable mbedtls debugging
Add Kconfig option that can be used to enable various debug
options in mbedtls config file.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2017-06-30 06:13:09 -04:00
Jukka Rissanen a9c0a3f9eb ext: lib: mbedtls: Enable and set heap size at device startup
As the mbedtls heap is global for the whole device, enable it
during device startup if configured so. The heap size can be
set in config file. There is no default value for the heap as
that depends very much on application needs.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2017-06-27 16:42:59 +03:00
Anas Nashif 501734cbc2 ext: tinycrypt: update README to reflect correct version and hash
Change-Id: Ifd009f3ee048e17d97be4691763aa38ed4d20937
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-04-20 12:30:42 +00:00
Kumar Gala a20b249549 ext: lib: mbedtls: Upgrading mbedTLS library
Upgrading mbedTLS to version 2.4.2 from 2.4

Origin: https://tls.mbed.org/download/start/mbedtls-2.4.2-apache.tgz

Jira: ZEP-1800

Change-Id: I16a7eaeb4c2e47d11f0594fe1bd865be3eef37b6
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
2017-03-29 22:08:08 +00:00
Flavio Santes c2cc5f90e2 ext/lib/crypto: Update TinyCrypt to version 0.2.6
Update TinyCrypt to version 0.2.6.

Origin: https://github.com/01org/tinycrypt/releases/tag/v0.2.6

Jira: ZEP-749

Change-Id: I62be0c134236d4a5dcae14bee86692c0fd6dc381
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
2017-03-10 20:08:21 -06:00
Flavio Santes d599af40c8 ext/lib/mbedtls: Add the TLS configuration file
This patch adds the TLS configuration file required by mbed.

Change-Id: I8d99f27e028775de153a69cdd6706b8e2d0a3d9b
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
2017-02-14 08:30:35 +02:00
Sergio Rodriguez 3818af4a7b samples/coaps_server CoAP over DTLS server example app using mbedTLS
Jira: ZEP-942

Change-Id: I810fccfed912d9de62073a9a4e943b7924aa6392
Signed-off-by: Sergio Rodriguez <sergio.sf.rodriguez@intel.com>
2017-01-27 12:35:53 +02:00
Anas Nashif 594992f7b2 license: use SPDX identifier for files in ext/
Change-Id: I32cb4211056046ca28a81aa97aca5d3c0b9b8303
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-01-20 20:22:57 -05:00
Sergio Rodriguez 47b7b6bd31 ext: lib: mbedtls : Upgrading mbedTLS library
Upgrading mbedTLS to version 2.4 from 2.3

Origin: https://tls.mbed.org/download/start/mbedtls-2.4.0-apache.tgz

Jira: ZEP-1292
Jira: ZEP-734

Change-Id: I32d81304f5d568810e271b8e9fc2135def1dda0a
Signed-off-by: Sergio Rodriguez <sergio.sf.rodriguez@intel.com>
2017-01-05 17:58:06 +00:00
Flavio Santes c7979f0fc4 tinycrypt: Update TinyCrypt to version 0.2.5
TinyCrypt 0.2.5 was released a few hours ago:

https://github.com/01org/tinycrypt/releases/tag/v0.2.5

This patch updates some TinyCrypt files, solving the following issues:

- Decryptions using ccm mode can incorrectly fail
- Minor style issues in code documentation

Change-Id: I606cde179888aad7a52fd277d73973f2347d8882
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
2016-12-19 19:05:42 +00:00
Sergio Rodriguez 05aded096e samples/mbedtls_dtlsclient: mbedTLS sample DTLS client app.
This is a sample app using ECJPAKE crypto algorithm on DTLS, using
mbedTLS, and native IP stack

Jira: ZEP-900
Jira: ZEP-943

Change-Id: Ica17b047aab11b989d3e8c8f6ac1b79e3041053a
Signed-off-by: Sergio Rodriguez <sergio.sf.rodriguez@intel.com>
2016-12-02 12:40:51 +02:00
Flavio Santes c9e10f8dfe tinycrypt/sha256: Array compared to NULL has no effect
This commit fixes the issue reported by Coverity: an array compared
against NULL is always false.

Coverity-CID: 143715
Coverity-CID: 143730

Change-Id: Ie3c87f892c2b2a337981125e2a92c37c579d4b38
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
2016-11-22 01:59:10 +00:00
Flavio Santes ad2fccb871 tinycrypt/hmac: Array compared to NULL has no effect
This commit fixes the issue reported by Coverity: an array compared
against NULL is always false.

Coverity-CID: 143687
Coverity-CID: 143737
Coverity-CID: 143740

Change-Id: Id94a144c47b3377876695e86da8c0c33a989ec99
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
2016-11-22 01:59:10 +00:00
Flavio Santes 1a19e14d97 tinycrypt: Fix bug in CTR PRNG reseed function
This commit fixes a bug found in CTR PRNG reseed function to correctly
use the seed material.

See: https://github.com/01org/tinycrypt
Commit: 601f6a26ab4505ac82a2fb13ae4757c2b8d3eba8

Change-Id: I01216484bd1ee980b0e2da7fdc752a952f217ef0
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
2016-11-16 16:51:53 +00:00
Flavio Santes 5bf8679719 crypto/tinycrypt: Update README file
This commit updates the tinycrypt README file.

Change-Id: I7350b3bb18de106d79347fab7f89345250b580c1
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
2016-08-08 21:23:43 +00:00
Sergio Rodriguez 259c24397d samples/net : Adding mbedTLS sample client
This is a client that uses shared keys to execute a TLS handshake and read
info from the server, information on how to run the test is in the README
file.

Jira: ZEP-327
Jira: ZEP-340
Jira: ZEP-495

Origin: https://tls.mbed.org/download/start/mbedtls-2.3.0-apache.tgz

Change-Id: I10f31f3635f346936807b7c8470b3d6ffb3af283
Signed-off-by: Sergio Rodriguez <sergio.sf.rodriguez@intel.com>
2016-07-31 17:00:45 +00:00
Sergio Rodriguez 950f45b532 samples/net : Adding mbedTLS self test routine
This contain the run of the self test for the ciphers, crypto
algorithms and utilities of mbedTLS.

Jira: ZEP-327
Jira: ZEP-340
Jira: ZEP-495

Origin: https://tls.mbed.org/download/start/mbedtls-2.3.0-apache.tgz

Change-Id: Ic1bb30b7ed691f17421510cd914ec5096e4e70ea
Signed-off-by: Sergio Rodriguez <sergio.sf.rodriguez@intel.com>
Signed-off-by: Kuo-Lang Tseng <kuo-lang.tseng@intel.com>
2016-07-27 22:19:06 +00:00
Flavio Santes e0d46124df build/crypto: Update build system for tinycrypt 2.0
Modify tinycrypt/Kconfig and tinycrypt/Makefile to include new CTR_PRNG
algorithm.

Jira: ZEP-590

Change-Id: Ied0288126c326d229508c05df4a256dea29cf740
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
2016-07-27 21:34:14 +00:00
Flavio Santes e6ffc0ed28 crypto: Update tinycrypt source files
Update Zephyr's tinycrypt to version 2.0. This new version adds support
for ECC_DH, ECC_DSA, CMAC, & CTR_PRNG.

The following doxygen documentation typos were detected and fixed:

- ctr_prng.h:84 change plen by pLen,
- ctr_prng.h:109 change entropylen by entropyLen,
- sha256.h:110 change Sha256 by s.

ecc_dh.h is also modified to fix the discrepancy of ecc_make_key
definition and declaration.
See https://gerrit.zephyrproject.org/r/#/c/1982/

TC_FAIL and TC_SUCCESS defines are renamed in this new version of
tinycrypt, so net/bluetooth/hci_core.c, net/bluetooth/hci_ecc.c and
net/bluetooth/smp.c are also updated to reflect those changes.

Origin: https://github.com/01org/tinycrypt/archive/v0.2.0.tar.gz

Jira: ZEP-590

Change-Id: I85f4f0ab61d9b0be6a60897e2b96f245dd8c51a8
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
2016-07-27 21:33:42 +00:00
Sergio Rodriguez 312def2c78 ext/lib : Integrating mbedTLS to build process
Integrating the mbedTLS to the the build proccess with the minimal
Thread configuration.

Change-Id: I0ae191434d26890537a29a247c409228180410f3
Jira: ZEP-327
Jira: ZEP-340
Signed-off-by: Sergio Rodriguez <sergio.sf.rodriguez@intel.com>
2016-07-26 16:00:04 -07:00
Sergio Rodriguez 96c69cc29f ext/lib : mbedTLS Configuration modifications
Adding the mbedTLS configuration neede for Thread Network Protocol
support, this shows the modifications needed to be able to compile
on Zephyr

Jira: ZEP-327
Jira: ZEP-340

Change-Id: I80a8f44bc302905b7aa4568a40a6ca66dcaf42f8
Signed-off-by: Sergio Rodriguez <sergio.sf.rodriguez@intel.com>
2016-07-26 22:48:18 +00:00
Sergio Rodriguez aca6e99106 ext/lib : mbedTLS library modifications
Porting the mbedTLS library with the minimal Thread supported
configuration, this is a TLS/SSL library highly customizable.
This show the modifications needed to be able to compile on
Zephyr build enviroment which does not have a time.h header file,
so we avoid compilation errors.

Jira: ZEP-327
Jira: ZEP-340

Change-Id: I197ea96d33748c986c71fe5a0608225aee69c8b3
Signed-off-by: Sergio Rodriguez <sergio.sf.rodriguez@intel.com>
2016-07-26 22:47:59 +00:00
Sergio Rodriguez 8485f601cb ext/lib : Adding mbedTLS library
Adding the pristine version of mbed TLS to the zephyr source tree
as the initial step of porting the mbed TLS library to Zephyr

Jira: ZEP-327
Jira: ZEP-340

Origin: https://tls.mbed.org/download/start/mbedtls-2.3.0-apache.tgz

Change-Id: Iae814560310ebd00af52c7b1fb9d03195388fa0c
Signed-off-by: Sergio Rodriguez <sergio.sf.rodriguez@intel.com>
Signed-off-by: Kuo-Lang Tseng <kuo-lang.tseng@intel.com>
2016-07-26 11:17:58 -07:00
Inaky Perez-Gonzalez 4867500ce8 doc: fix typos in doc argument names, removing doxygen warnings
Change-Id: I9319fcb8fadd375b6bbec861636c196defcf7def
Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
2016-06-16 13:11:06 -07:00
Anas Nashif 7d76e9619b ext: move tinycrypt to ext/lib
Tinycrypt is maintained at github and thus should be treated as an
external library and hosted under ext/.

Change-Id: I4c4a3bcdacf01d4922919e5ea1f9dec21a19cd37
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2016-06-01 14:27:41 -04:00