Add material for generating yotta module

include/mbedtls/check_config.h

@@ -52,6 +52,11 @@
 #endif
 #endif /* _WIN32 */
 
+#if defined(TARGET_LIKE_MBED) && \
+    ( defined(MBEDTLS_NET_C) || defined(MBEDTLS_TIMING_C) )
+#error "The NET and TIMING modules are not available for mbed OS - please use the network and timing functions provided by mbed OS"
+#endif
+
 #if defined(MBEDTLS_DEPRECATED_WARNING) && \
     !defined(__GNUC__) && !defined(__clang__)
 #error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"

scripts/bump_version.sh

@@ -109,6 +109,10 @@ mv tmp include/mbedtls/version.h
 sed -e "s/version:\".\{1,\}/version:\"$VERSION\"/g" < tests/suites/test_suite_version.data > tmp
 mv tmp tests/suites/test_suite_version.data
 
+[ $VERBOSE ] && echo "Bumping version in yotta/data/module.json"
+sed -e "s/\"version\": \".\{1,\}\"/version: \"$VERSION\"/g" < yotta/data/module.json > tmp
+mv tmp yotta/data/module.json
+
 [ $VERBOSE ] && echo "Bumping PROJECT_NAME in doxygen/mbedtls.doxyfile and doxygen/input/doc_mainpage.h"
 for i in doxygen/mbedtls.doxyfile doxygen/input/doc_mainpage.h;
 do

yotta/.gitignore

@@ -0,0 +1 @@
+module

yotta/create-module.sh

@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -eu
+
+TREE=..
+
+# default values, can be overriden by the environment
+: ${DEST:=module}
+: ${BUILD:=1}
+
+# make sure we're running in our own directory
+if [ -f create-module.sh ]; then :; else
+    cd $( dirname $0 )
+    if [ -f create-module.sh ]; then :; else
+        echo "Please run the script from is directory." >&2
+        exit 1
+    fi
+fi
+
+# use a temporary directory to build the module, then rsync to DEST
+# this allows touching only new files, for more efficient re-builds
+TMP=$DEST-tmp
+rm -rf $TMP
+
+mkdir -p $TMP/mbedtls $TMP/source
+cp $TREE/include/mbedtls/*.h $TMP/mbedtls
+cp $TREE/library/*.c $TMP/source
+
+# temporary, should depend on external module later
+cp data/entropy_hardware_poll.c $TMP/source
+cp data/target_config.h $TMP/mbedtls
+
+data/adjust-config.sh $TREE/scripts/config.pl $TMP/mbedtls/config.h
+
+mkdir -p $TMP/test
+cp -r data/example-* $TMP/test
+# later we should have the generated test suites here too
+
+cp data/module.json $TMP
+cp data/README.md $TMP
+
+mkdir -p $DEST
+rsync -cr --delete --exclude build --exclude yotta_\* $TMP/ $DEST/
+rm -rf $TMP
+
+echo "mbed TLS yotta module created in '$DEST'."
+
+test_build()
+{
+    TARGET=$1
+    echo; echo "*** Doing a test build for $TARGET ***"
+    ( cd $DEST && yt target $TARGET && yt build )
+}
+
+if [ $BUILD -eq 1 ]; then
+    if uname -a | grep 'Linux.*x86' >/dev/null; then
+        test_build x86-linux-native
+    fi
+
+    if uname -a | grep 'Darwin.*x86' >/dev/null; then
+        test_build x86-osx-native
+    fi
+
+    # do that one last so that it remains the target
+    test_build frdm-k64f-gcc
+fi

yotta/data/README.md

@@ -0,0 +1,39 @@
+# mbed TLS
+
+mbed TLS (formerly known as PolarSSL) makes it trivially easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) products, facilitating this functionality with a minimal coding footprint. It offers an SSL library with an intuitive API and readable source code.
+
+The Beta release of mbed TLS is an integration of TLS, mbed SDK and yotta. It is a testing preview only and **not suitable for deployment**: there is currently no source of random numbers, meaning no security at all for (D)TLS communication and other protocols that rely on random numbers.
+
+## Sample programs
+
+This release includes the following examples:
+
+1. [**TLS client:**](https://github.com/ARMmbed/mbedtls/tree/master/yotta/data/example-tls-client) downloads a file from an HTTPS server (mbed.org) and looks for a specific string in that file.
+
+2. [**Self test:**](https://github.com/ARMmbed/mbedtls/tree/master/yotta/data/example-selftest) tests different mbed TLS base functionalities.
+
+3. [**Benchmark:**](https://github.com/ARMmbed/mbedtls/tree/master/yotta/data/example-benchmark) tests the time required to perform TLS base crypto functions.
+
+These examples are integrated as yotta tests so that they are build automatically when you build mbed TLS. You'll find other examples in the various `tests/example-*` directories.
+
+## Running TLS
+
+Please follow the instructions in the [TLS client sample](https://github.com/ARMmbed/mbedtls/tree/master/yotta/data/example-tls-client). These include a list of prerequisites and an explanation of building mbed TLS with yotta.
+
+## Contributing
+
+We graciously accept bugs and contributions from the community. There are some requirements we need to fulfil in order to be able to integrate contributions in the main code:
+
+* Simple bug fixes to existing code do not contain copyright themselves and we can integrate those without any issue. The same goes for trivial contributions.
+
+* For larger contributions, e.g. a new feature, the code possibly falls under copyright law. We then need your consent to share in the ownership of the copyright. We have a form for that, which we will mail to you in case you submit a contribution or pull request that we deem this necessary for.
+
+To contribute, please:
+
+* [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
+
+* Fork the [mbed TLS repository on Github](https://github.com/ARMmbed/mbedtls) to start making your changes.
+
+* Write a test that shows that the bug was fixed or that the feature works as expected.
+
+* Send a pull request and bug us until it gets merged and published. We will include your name in the ChangeLog :)

yotta/data/adjust-config.sh

@@ -0,0 +1,72 @@
+#!/bin/sh
+
+set -eu
+
+if [ $# -ne 2 ]; then
+    echo "Usage: $0 path/to/config.pl path/to/config.h" >&2
+    exit 1
+fi
+
+SCRIPT=$1
+FILE=$2
+
+conf() {
+    $SCRIPT -f $FILE $@
+}
+
+conf unset MBEDTLS_NET_C
+conf unset MBEDTLS_TIMING_C
+
+conf unset MBEDTLS_CIPHER_MODE_CFB
+conf unset MBEDTLS_CIPHER_MODE_CTR
+conf unset MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+conf unset MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+conf unset MBEDTLS_CIPHER_PADDING_ZEROS
+conf unset MBEDTLS_ECP_DP_SECP192R1_ENABLED
+conf unset MBEDTLS_ECP_DP_SECP224R1_ENABLED
+conf unset MBEDTLS_ECP_DP_SECP521R1_ENABLED
+conf unset MBEDTLS_ECP_DP_SECP192K1_ENABLED
+conf unset MBEDTLS_ECP_DP_SECP224K1_ENABLED
+conf unset MBEDTLS_ECP_DP_SECP256K1_ENABLED
+conf unset MBEDTLS_ECP_DP_BP256R1_ENABLED
+conf unset MBEDTLS_ECP_DP_BP384R1_ENABLED
+conf unset MBEDTLS_ECP_DP_BP512R1_ENABLED
+conf unset MBEDTLS_PK_PARSE_EC_EXTENDED
+
+conf unset MBEDTLS_AESNI_C
+conf unset MBEDTLS_ARC4_C
+conf unset MBEDTLS_BLOWFISH_C
+conf unset MBEDTLS_CAMELLIA_C
+conf unset MBEDTLS_DES_C
+conf unset MBEDTLS_DHM_C
+conf unset MBEDTLS_GENPRIME
+conf unset MBEDTLS_MD5_C
+conf unset MBEDTLS_PADLOCK_C
+conf unset MBEDTLS_PEM_WRITE_C
+conf unset MBEDTLS_PKCS5_C
+conf unset MBEDTLS_PKCS12_C
+conf unset MBEDTLS_RIPEMD160_C
+#conf unset MBEDTLS_SHA1_C
+conf unset MBEDTLS_XTEA_C
+
+conf unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
+
+conf unset MBEDTLS_X509_CSR_PARSE_C
+conf unset MBEDTLS_X509_CREATE_C
+conf unset MBEDTLS_X509_CRT_WRITE_C
+conf unset MBEDTLS_X509_CSR_WRITE_C
+
+conf unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+conf unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+conf unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+conf unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+conf unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+conf unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+conf unset MBEDTLS_SSL_FALLBACK_SCSV
+conf unset MBEDTLS_SSL_CBC_RECORD_SPLITTING
+conf unset MBEDTLS_SSL_PROTO_SSL3
+conf unset MBEDTLS_SSL_PROTO_TLS1
+conf unset MBEDTLS_SSL_PROTO_TLS1_1
+conf unset MBEDTLS_SSL_TRUNCATED_HMAC
+
+perl -pi -e 's/#include "check_config.h"/#include "target_config.h"\n$&/' $FILE

yotta/data/entropy_hardware_poll.c

@@ -0,0 +1,52 @@
+/*
+ *  Temporary "entropy" collector for Cortex-M4
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * WARNING: this is a temporary hack!
+ * 1. Currently does not provide strong entropy, should be replaced to use the
+ * on-board hardware RNG (see IOTSSL-303)
+ * 2. This should be in a separete yotta module which would be a target
+ * dependency of mbedtls (see IOTSSL-313)
+ */
+
+#if defined(TARGET_LIKE_CORTEX_M4)
+
+#include "MK64F12.h"
+#include "core_cm4.h"
+#include <string.h>
+
+unsigned long hardclock( void )
+{
+    static int dwt_started = 0;
+
+    if( dwt_started == 0 )
+    {
+        CoreDebug->DEMCR |= CoreDebug_DEMCR_TRCENA_Msk;
+        DWT->CTRL |= DWT_CTRL_CYCCNTENA_Msk;
+    }
+
+    return( DWT->CYCCNT );
+}
+
+int mbedtls_hardware_poll( void *data,
+                    unsigned char *output, size_t len, size_t *olen )
+{
+    unsigned long timer = hardclock();
+    ((void) data);
+    *olen = 0;
+
+    if( len < sizeof(unsigned long) )
+        return( 0 );
+
+    memcpy( output, &timer, sizeof(unsigned long) );
+    *olen = sizeof(unsigned long);
+
+    return( 0 );
+}
+
+#endif

yotta/data/example-authcrypt/README.md

@@ -0,0 +1,70 @@
+# Authenticated encryption example
+
+This application performs authenticated encryption and authenticated decryption of a buffer. It serves as a tutorial for the basic authenticated encryption functions of mbed TLS.
+
+## Pre-requisites
+
+To build and run this example the requirements below are necessary:
+
+* A computer with the following software installed:
+  * [CMake](http://www.cmake.org/download/).
+  * [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows).
+  * [Python](https://www.python.org/downloads/).
+  * [ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
+  * A serial terminal emulator (e.g. screen, pySerial, cu).
+* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in that case you'll have to substitute frdm-k64f-gcc with the appropriate target below).
+* A micro-USB cable.
+* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration).
+
+## Getting started
+
+1. Connect the FRDM-K64F to the computer with the micro-USB cable, being careful to use the micro-usb port labeled "OpenSDA".
+
+2. Navigate to the mbedtls directory supplied with your release and open a terminal.
+
+3. Set the yotta target:
+
+    ```
+    yotta target frdm-k64f-gcc
+    ```
+
+4. Check that there are no missing dependencies:
+
+    ```
+    $ yt ls
+    ```
+
+    If there are, yotta will list them in the terminal. Please install them before proceeding.
+
+5. Build mbedtls and the examples. This will take a long time if it is the first time:
+
+    ```
+    $ yt build
+    ```
+
+6. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-authcrypt.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
+
+7. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. For settings, use 9600 baud, 8N1, no flow control.
+
+8. Press the reset button on the board.
+
+9. The output in the terminal window should look like:
+
+    ```
+    {{timeout;10}}
+    {{host_test_name;default}}
+    {{description;mbed TLS example authcrypt}}
+    {{test_id;MBEDTLS_EX_AUTHCRYPT}}
+    {{start}}
+
+
+    plaintext message: 536f6d65207468696e67732061726520626574746572206c65667420756e7265616400
+    ciphertext: c57f7afb94f14c7977d785d08682a2596bd62ee9dcf216b8cccd997afee9b402f5de1739e8e6467aa363749ef39392e5c66622b01c7203ec0a3d14
+    decrypted: 536f6d65207468696e67732061726520626574746572206c65667420756e7265616400
+
+    DONE
+    {{success}}
+    {{end}}
+    ```
+
+The actual output  for the ciphertext line will vary on each run due to the use of a random nonce in the encryption process.