From 0065d9a0ddd5a0610b9719b1afd8a478ae77aaa5 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 2 Sep 2025 11:45:28 -0700 Subject: [PATCH] Improve Arduino Examples, add workflow testing --- .github/workflows/arduino.yml | 325 +++++++++++++++++++++++ .wolfssl_known_macro_extras | 16 +- IDE/ARDUINO/README.md | 16 +- IDE/ARDUINO/wolfssl-arduino.sh | 88 ++++-- examples/configs/user_settings_arduino.h | 164 +++++++++++- wolfssl/wolfcrypt/settings.h | 15 +- wolfssl/wolfio.h | 36 ++- 7 files changed, 608 insertions(+), 52 deletions(-) create mode 100644 .github/workflows/arduino.yml diff --git a/.github/workflows/arduino.yml b/.github/workflows/arduino.yml new file mode 100644 index 0000000000..4abe520614 --- /dev/null +++ b/.github/workflows/arduino.yml @@ -0,0 +1,325 @@ +name: Arduino CI Build (1 of 4) wolfssl + +# +# Test fetches wolfssl-examples/Arduino and uses local, latest github master branch wolfssl +# +# These 4 workflows across 3 repos are interdependent for the current $REPO_OWNER: +# +# THIS Arduino CI Build 1: https://github.com/$REPO_OWNER/wolfssl # /.github/workflows/arduino.yml +# - Builds Arduino library from local clone of wolfssl master branch +# - Fetches examples from https://github.com/$REPO_OWNER/wolfssl-examples +# +# Arduino CI Build 2: https://github.com/$REPO_OWNER/wolfssl-examples # /.github/workflows/arduino-release.yml +# - Tests examples based on latest published release of Arduino library, NOT latest on wolfssl github. +# - Should be identical to Arduino CI Build 3 in every way but wolfssl install. +# - Copies only compile script from wolfssl-examples +# - Builds local examples +# - No other repos used +# +# Arduino CI Build 3: https://github.com/$REPO_OWNER/wolfssl-examples # /.github/workflows/arduino.yml +# - Fetches current wolfSSL from https://github.com/$REPO_OWNER/wolfssl +# - Creates an updated Arduino library +# - Compiles local examples +# - Contains the source of `compile-all-examples.sh` and respective board-list.txt +# +# Arduino CI Build 4: https://github.com/$REPO_OWNER/Arduino-wolfssl # /.github/workflows/arduino.yml +# - Assembles and installs an updated Arduino wolfssl library from LOCAL wolfssl master source +# - Copies only compile script copied from wolfssl-examples +# - Builds local examples +# - No other repos used +# +# +# ** NOTE TO MAINTAINERS ** +# +# Consider using winmerge or similar tool to keep the 4 arduino[-release].yml files in relative sync. +# Although there are some specific differences, most of the contents are otherwise identical. +# +# See https://github.com/wolfSSL/Arduino-wolfSSL +# +# To test locally: +# cd [your WOLFSSL_ROOT], e.g. cd /mnt/c/workspace/wolfssl-$USER +# [optional checkout] e.g. git checkout tags/v5.8.2-stable +# pushd ./IDE/ARDUINO +# export ARDUINO_ROOT="$HOME/Arduino/libraries" +# ./wolfssl-arduino.sh INSTALL +# cd [your WOLFSSL_EXAMPLES_ROOT] e.g. /mnt/c/workspace/wolfssl-examples-$USER +# + +# START OF COMMON SECTION +on: + push: + branches: [ '**', 'master', 'main', 'release/**' ] + paths: + - '.github/workflows/arduino.yml' + - 'IDE/ARDUINO/**' + - 'src/**' + - 'wolfcrypt/**' + - 'wolfssl/**' + pull_request: + branches: [ '**' ] + paths: + - 'github/workflows/arduino.yml' + - 'IDE/ARDUINO/**' + - 'src/**' + - 'wolfcrypt/**' + - 'wolfssl/**' + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build: + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-latest + env: + REPO_OWNER: ${{ github.repository_owner }} + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + + - name: Install Arduino CLI + run: | + # Script to fetch and run install.sh from arduino/arduino-cli + + # The install script will test to see if the recently installed apps in in the path + # So set it up in advance: + mkdir -p "${PWD}/bin" + echo "${PWD}/bin" >> $GITHUB_PATH + + # Sets the install directory to a consistent path at the repo root. + ROOT_BIN="$GITHUB_WORKSPACE/bin" + + # Ensures that BINDIR exists before the installer runs + mkdir -p "$ROOT_BIN" + + # Save as a lobal environment variable + echo "$ROOT_BIN" >> "$GITHUB_PATH" + + # Download and run install script from Arduino: + # -S show errors; -L follow redirects; -v Verbose + set +e # don't abort on error + set -o pipefail + + curl -vSL --retry 5 --retry-delay 10 \ + https://raw.githubusercontent.com/arduino/arduino-cli/master/install.sh \ + | sh -x + rc=$? + c_rc=${PIPESTATUS[0]} # curl's exit code + s_rc=${PIPESTATUS[1]} # sh's exit code + + set -e # restore default abort-on-error + + # If there was a curl error, we have our own local copy that is more reliable and can add our own debugging + if [ "$rc" -ne 0 ]; then + echo "Primary install failed: curl=$c_rc, sh=$s_rc. Falling back..." >&2 + echo "Using local copy of arduino_install.sh" + pushd ./Arduino/sketches + chmod +x ./arduino_install.sh + + # Mimic curl install, does not use current directory: + BINDIR="$ROOT_BIN" sh -x ./arduino_install.sh + popd + else + echo "Alternative install script not needed." + fi + + - name: Confirm Arduino CLI install + run: arduino-cli version + + - name: Setup Arduino CLI + run: | + arduino-cli config init + arduino-cli core update-index + arduino-cli config add board_manager.additional_urls https://www.pjrc.com/teensy/package_teensy_index.json + arduino-cli core update-index + arduino-cli config add board_manager.additional_urls https://arduino.esp8266.com/stable/package_esp8266com_index.json + arduino-cli core update-index + arduino-cli core install esp32:esp32 # ESP32 + arduino-cli core install arduino:avr # Arduino Uno, Mega, Nano + arduino-cli core install arduino:sam # Arduino Due + arduino-cli core install arduino:samd # Arduino Zero + arduino-cli core install teensy:avr # PJRC Teensy + arduino-cli core install esp8266:esp8266 # ESP8266 + arduino-cli core install arduino:mbed_nano # nanorp2040connect + arduino-cli core install arduino:mbed_portenta # portenta_h7_m7 + arduino-cli core install arduino:mbed_edge + # sudo "/home/$USER/.arduino15/packages/arduino/hardware/mbed_nano/4.2.4/post_install.sh" + arduino-cli core install arduino:renesas_uno + arduino-cli lib install "ArduinoJson" # Example dependency + arduino-cli lib install "WiFiNINA" # ARDUINO_SAMD_NANO_33_IOT + arduino-cli lib install "Ethernet" # Install Ethernet library + arduino-cli lib install "Bridge" # Pseudo-network for things like arduino:samd:tian + + - name: Set job environment variables + run: | + # Script to assign some common environment variables after everything is installed + + ICON_OK=$(printf "\xE2\x9C\x85") + ICON_FAIL=$(printf "\xE2\x9D\x8C") + + echo "GITHUB_WORK=$(realpath "$GITHUB_WORKSPACE/../..")" >> "$GITHUB_ENV" + echo "ARDUINO_ROOT=$(realpath "$HOME/Arduino/libraries")" >> "$GITHUB_ENV" + + # Show predefined summary: + echo "GITHUB_WORKSPACE = $GITHUB_WORKSPACE" + + # Show assigned build:env values (e.g. "wolfssl", "gojimmpi" or other owners): + echo "REPO_OWNER = $REPO_OWNER" + + echo "GITHUB_ENV=$GITHUB_ENV" + + # Show our custom values: + echo "GITHUB_WORK = $GITHUB_WORK" + echo "ARDUINO_ROOT = $ARDUINO_ROOT" + + # WOLFSSL_EXAMPLES_ROOT is the repo root, not example location + echo "WOLFSSL_EXAMPLES_ROOT = $WOLFSSL_EXAMPLES_ROOT" + + - name: Get wolfssl-examples + run: | + # Fetch Arduino examples from the wolfssl-examples repo + echo "Start pwd:" + pwd + # we're typically in $GITHUB_WORKSPACE=/home/runner/work/wolfssl/wolfssl + # goto /home/runner/work to fetch wolfssl-examples + + echo "Current pwd for wolfssl-examples clone fetch: $(pwd)" + GITHUB_WORK=$(realpath "$GITHUB_WORKSPACE/../..") + echo "GITHUB_WORKSPACE=$GITHUB_WORKSPACE" + + # Typically /home/runner/work + echo "GITHUB_WORK=$GITHUB_WORK" + + pushd "$GITHUB_WORK" + echo "Updated pwd for wolfssl-examples clone fetch: $(pwd)" + + git clone --depth 1 https://github.com/$REPO_OWNER/wolfssl-examples.git wolfssl-examples-publish + + cd ./wolfssl-examples-publish + echo "WOLFSSL_EXAMPLES_ROOT=$(pwd)" + + echo "Path for wolfssl-examples-publish: $(pwd)" + popd # GITHUB_WORK + + + # ** END ** Get wolfssl-examples + + - name: Install wolfSSL Arduino library + run: | + # Run the local wolfssl-arduino.sh install script to install wolfssl Arduino library. + + # Methods of installing Arduino library: + # 1) arduino-cli lib install "wolfSSL" + # 2) manual copy of files (typical of the Arduino-wolfssl repo) + # 3) run ./wolfssl-arduino.sh INSTALL (typical of the wolfssl repo) + + echo "Current pwd for wolfssl-examples clone fetch: $(pwd)" + GITHUB_WORK=$(realpath "$GITHUB_WORKSPACE/../..") + echo "GITHUB_WORKSPACE=$GITHUB_WORKSPACE" + + # Typically /home/runner/work + echo "GITHUB_WORK=$GITHUB_WORK" + pwd + pushd ./IDE/ARDUINO + + # Set default ARDUINO_ROOT to Arduino library. + export ARDUINO_ROOT="$HOME/Arduino/libraries" + export WOLFSSL_EXAMPLES_ROOT="$GITHUB_WORK/wolfssl-examples-publish" + + echo "ARDUINO_ROOT: $WOLFSSL_EXAMPLES_ROOT" + echo "WOLFSSL_EXAMPLES_ROOT: $WOLFSSL_EXAMPLES_ROOT" + + bash ./wolfssl-arduino.sh INSTALL # Install wolfSSL library + popd + + # ** END ** Install wolfSSL Arduino library + + - name: List installed Arduino libraries + run: arduino-cli lib list + + - name: Get compile-all-examples.sh + run: | + # Fetch compile script FROM THE CURRENT OWNER. + # This repo is Arduino-wolfssl; we'll fetch the script from the wolfssl-examples for the same repository owner. + echo "Repository owner: $REPO_OWNER" + echo "Current directory: $PWD" + echo "Current pwd for wolfssl-examples clone fetch: $PWD" + WOLFSSL_EXAMPLES_DIRECTORY="$ARDUINO_ROOT/wolfssl/examples" + THIS_BOARD_LIST="board_list.txt" + echo "WOLFSSL_EXAMPLES_DIRECTORY=$WOLFSSL_EXAMPLES_DIRECTORY" + + # Fetch script and board list into WOLFSSL_EXAMPLES_DIRECTORY + echo "Fetching board_list.txt from REPO_OWNER=$REPO_OWNER" + curl -L "https://raw.githubusercontent.com/$REPO_OWNER/wolfssl-examples/master/Arduino/sketches/board_list.txt" -o "$WOLFSSL_EXAMPLES_DIRECTORY/$THIS_BOARD_LIST" + + # Check if the first line is "404: Not Found" - which would indicate the curl path above is bad. + FILE="$WOLFSSL_EXAMPLES_DIRECTORY/board_list.txt" + + # Ensure the file exists + if [[ ! -f "$FILE" ]]; then + echo "File not found: $FILE" + exit 1 + fi + + # Check if the first line is "404: Not Found" + if [[ $(head -n 1 "$FILE") == "404: Not Found" ]]; then + echo "The first line is '404: Not Found'" + exit 1 + fi + + # Fetch the compile script from repo: https://github.com/[$USER]/wolfssl-examples/ + echo "Fetching compile-all-examples.sh from REPO_OWNER=$REPO_OWNER" + curl -L "https://raw.githubusercontent.com/$REPO_OWNER/wolfssl-examples/master/Arduino/sketches/compile-all-examples.sh" -o "$WOLFSSL_EXAMPLES_DIRECTORY/compile-all-examples.sh" + + # Check if the first line is "404: Not Found" - which would indicate the curl path above is bad. + FILE="$WOLFSSL_EXAMPLES_DIRECTORY/compile-all-examples.sh" + + # Ensure the file exists + if [[ ! -f "$FILE" ]]; then + echo "File not found: $FILE" + exit 1 + fi + + # Check if the first line is "404: Not Found" + if [[ $(head -n 1 "$FILE") == "404: Not Found" ]]; then + echo "The first line is '404: Not Found'" + exit 1 + fi + + pushd "$WOLFSSL_EXAMPLES_DIRECTORY" + echo "Current directory: $PWD" + + echo "Current directory $PWD" + echo "Contents:" + ls -al + find ./ -type f | sort + + # ensure we can execute the script here (permissions lost during curl fetch) + chmod +x ./compile-all-examples.sh + echo "Found compile script: $(ls -al ./compile-all-examples.sh ./$THIS_BOARD_LIST)" + popd + + # ** END ** Get compile-all-examples.sh + + # This will fail with Arduino published wolfSSL v5.7.6 and older + # as the examples moved. See https://github.com/wolfSSL/wolfssl/pull/8514 + # + - name: Compile Arduino Sketches for Various Boards + run: | + # Call the compile-all-examples.sh script to compile all the examples for each of the fqbn names in the local copy of board_list.txt + + echo "Current directory: $PWD" + echo "ARDUINO_ROOT: $ARDUINO_ROOT" + WOLFSSL_EXAMPLES_DIRECTORY="$ARDUINO_ROOT/wolfssl/examples" + echo "WOLFSSL_EXAMPLES_DIRECTORY: $WOLFSSL_EXAMPLES_DIRECTORY" + + echo "Change directory to Arduino examples..." + pushd "$WOLFSSL_EXAMPLES_DIRECTORY" + echo "Current directory: $PWD" + echo "Calling ./compile-all-examples.sh" + bash ./compile-all-examples.sh + popd + # End Compile Arduino Sketches for Various Boards diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index a7995c151e..73fc4dbbb3 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -16,9 +16,14 @@ ARDUINO_ARCH_NRF52 ARDUINO_ARCH_RP2040 ARDUINO_ARCH_SAMD ARDUINO_ARCH_STM32 +ARDUINO_AVR_ETHERNET +ARDUINO_AVR_LEONARDO_ETH +ARDUINO_SAMD_MKR1000 ARDUINO_SAMD_NANO_33_IOT +ARDUINO_SAMD_ZERO ARDUINO_SAM_DUE ARDUINO_SEEED_XIAO +ARDUINO_TEENSY40 ARDUINO_TEENSY41 ASN_DUMP_OID ASN_TEMPLATE_SKIP_ISCA_CHECK @@ -212,12 +217,14 @@ ESP_IDF_VERSION_MINOR ESP_PLATFORM ESP_TASK_MAIN_STACK ETHERNET_AVAILABLE +ETHERNET_H EV_TRIGGER EXTERNAL_LOADER_APP FORCE_FAILURE_GETRANDOM FP_ECC_CONTROL FREERTOS_TCP_WINSIM FREESCALE +FREESCALE_MQX FREESCALE_RNGB FREESCALE_USE_MMCAU_CLASSIC FSL_FEATURE_HAS_L1CACHE @@ -560,6 +567,7 @@ USE_SECRET_CALLBACK USE_STSAFE_RNG_SEED USE_STSAFE_VERBOSE USE_TLSV13 +USE_WINDOWS_API USE_WOLF_STRNSTR USS_API WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING @@ -610,7 +618,10 @@ WC_SSIZE_TYPE WC_STRICT_SIG WC_WANT_FLAG_DONT_USE_AESNI WC_XMSS_FULL_HASH +WIFIESPAT +WIFI_101 WIFI_AVAILABLE +WIFI_NINA WIN_REUSE_CRYPT_HANDLE WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE WOLFSENTRY_H @@ -757,7 +768,6 @@ WOLFSSL_MULTICIRCULATE_ALTNAMELIST WOLFSSL_NONBLOCK_OCSP WOLFSSL_NOSHA3_384 WOLFSSL_NOT_WINDOWS_API -WOLFSSL_NO_ATOMIC WOLFSSL_NO_BIO_ADDR_IN WOLFSSL_NO_CLIENT WOLFSSL_NO_CLIENT_CERT_ERROR @@ -953,6 +963,7 @@ __ARM_ARCH_7M__ __ARM_FEATURE_CRYPTO __ASSEMBLER__ __ATOMIC_RELAXED +__AVR_ARCH__ __AVR__ __BCPLUSPLUS__ __BIG_ENDIAN__ @@ -985,6 +996,7 @@ __LINUX__ __LP64 __LP64__ __MACH__ +__MEGAAVR__ __MICROBLAZE__ __MINGW32__ __MINGW64_VERSION_MAJOR @@ -1007,6 +1019,8 @@ __SAM3X4C__ __SAM3X4E__ __SAM3X8C__ __SAM3X8E__ +__SAMD21__ +__SAMD51__ __SANITIZE_ADDRESS__ __SDCC_VERSION_MAJOR __SDCC_VERSION_MINOR diff --git a/IDE/ARDUINO/README.md b/IDE/ARDUINO/README.md index 8808b0e297..7aefeea46c 100644 --- a/IDE/ARDUINO/README.md +++ b/IDE/ARDUINO/README.md @@ -1,18 +1,18 @@ # wolfSSL with Arduino -See the [example sketches](./sketches/README.md): - -NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499 +See the [example sketches](https://github.com/wolfSSL/wolfssl-examples/tree/master/Arduino): Bare-bones templates: -- [sketches/wolfssl_version](./sketches/wolfssl_version/README.md) single file. -- [sketches/template](./sketches/template/README.md) multiple file example. +- [sketches/wolfssl_version](https://github.com/wolfSSL/wolfssl-examples/tree/master/Arduino/sketches/wolfssl_version/README.md) single file. +- [sketches/template](https://github.com/wolfSSL/wolfssl-examples/tree/master/Arduino/sketches/template/README.md) multiple file example. Functional examples: -- [sketches/wolfssl_AES_CTR](./sketches/wolfssl_AES_CTR/README.md) AES CTR Encrypt / decrypt. -- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md) TLS Client. -- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md) TLS Server. +- [sketches/wolfssl_AES_CTR](https://github.com/wolfSSL/wolfssl-examples/tree/master/Arduino/sketches/wolfssl_AES_CTR/README.md) AES CTR Encrypt / decrypt. +- [sketches/wolfssl_client](https://github.com/wolfSSL/wolfssl-examples/tree/master/Arduino/sketches/wolfssl_client/README.md) TLS Client. +- [sketches/wolfssl_server](https://github.com/wolfSSL/wolfssl-examples/tree/master/Arduino/sketches/wolfssl_server/README.md) TLS Server. +- [sketches/wolfssl_client_dtls](https://github.com/wolfSSL/wolfssl-examples/tree/master/Arduino/sketches/wolfssl_client_dtls/README.md) DTLS Client. +- [sketches/wolfssl_server_dtls](https://github.com/wolfSSL/wolfssl-examples/tree/master/Arduino/sketches/wolfssl_server_dtls/README.md) DTLS Server. Both the `template` and `wolfssl_AES_CTR` examples include VisualGDB project files. diff --git a/IDE/ARDUINO/wolfssl-arduino.sh b/IDE/ARDUINO/wolfssl-arduino.sh index d05a84802f..a381a597ac 100755 --- a/IDE/ARDUINO/wolfssl-arduino.sh +++ b/IDE/ARDUINO/wolfssl-arduino.sh @@ -26,6 +26,9 @@ # The Arduino library include file is "wolfssl.h" (all lower case) # The Published wolfSSL Arduino Registry is at https://github.com/wolfSSL/Arduino-wolfSSL.git # See https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/ +# +echo "wolfssl-arduino.sh v5.8.2 rev B" + ROOT_DIR="/wolfssl" # The Arduino Version will initially have a suffix appended during fine tuning stage. @@ -70,18 +73,24 @@ if [ "$ROOT_DIR" = "" ]; then exit 1 fi - -ARDUINO_ROOT="$HOME/Arduino/libraries" - -# Check environment -if [ -n "$WSL_DISTRO_NAME" ]; then - # we found a non-blank WSL environment distro name - current_path="$(pwd)" - pattern="/mnt/?" - if echo "$current_path" | grep -Eq "^$pattern"; then - # if we are in WSL and shared Windows file system, 'ln' does not work. - ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries" +if [ "$ARDUINO_ROOT" = "" ]; then + echo "No ARDUINO_ROOT export... detecting..." + ARDUINO_ROOT="$HOME/Arduino/libraries" + + # Check environment + if [ -n "$WSL_DISTRO_NAME" ]; then + # we found a non-blank WSL environment distro name + echo "Found WSL: $WSL_DISTRO_NAME" + current_path="$(pwd)" + pattern="/mnt/?" + if echo "$current_path" | grep -Eq "^$pattern"; then + # if we are in WSL and shared Windows file system, 'ln' does not work. + ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries" + echo "ARDUINO_ROOT set to $ARDUINO_ROOT" + fi fi +else + echo "Using export ARDUINO_ROOT" fi echo "The Arduino library root is: $ARDUINO_ROOT" @@ -173,7 +182,7 @@ THIS_DIR=${PWD##*/} if [ "$THIS_DIR" = "ARDUINO" ]; then # mkdir ./wolfssl if [ -d ".${ROOT_DIR}" ]; then - echo "ERROR: $(realpath ".${ROOT_DIR}") is not empty" + echo "ERROR: $(realpath ".${ROOT_DIR}") is not empty; failed prior install? Please remove." exit 1 else echo "Step 01: mkdir .${ROOT_DIR}" @@ -267,6 +276,7 @@ if [ "$THIS_DIR" = "ARDUINO" ]; then echo "Destination EXAMPLES_DIR=.${EXAMPLES_DIR}" echo "EXAMPLES_DIR_REAL_PATH=${EXAMPLES_DIR_REAL_PATH}" + # Only explicit source code is copied to the Arduino library. Edit with caution, no automation: if [ -n "$WOLFSSL_EXAMPLES_ROOT" ]; then echo "Copy template example...." mkdir -p ".${EXAMPLES_DIR}"/template/wolfssl_library/src @@ -279,23 +289,33 @@ if [ "$THIS_DIR" = "ARDUINO" ]; then echo "Copy wolfssl_AES_CTR example...." mkdir -p ".${EXAMPLES_DIR}"/wolfssl_AES_CTR - $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/wolfssl_AES_CTR.ino ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/wolfssl_AES_CTR.ino || exit 1 - $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/README.md ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/README.md || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/wolfssl_AES_CTR.ino ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/wolfssl_AES_CTR.ino || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/README.md ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/README.md || exit 1 echo "Copy wolfssl_client example...." mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client - $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1 - $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/README.md ".${EXAMPLES_DIR}"/wolfssl_client/README.md || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/README.md ".${EXAMPLES_DIR}"/wolfssl_client/README.md || exit 1 + + echo "Copy wolfssl_client_dtls example...." + mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client_dtls + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client_dtls/wolfssl_client_dtls.ino ".${EXAMPLES_DIR}"/wolfssl_client_dtls/wolfssl_client_dtls.ino || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client_dtls/README.md ".${EXAMPLES_DIR}"/wolfssl_client_dtls/README.md || exit 1 echo "Copy wolfssl_server example...." mkdir -p .${EXAMPLES_DIR}/wolfssl_server - $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1 - $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/README.md ".${EXAMPLES_DIR}"/wolfssl_server/README.md || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/README.md ".${EXAMPLES_DIR}"/wolfssl_server/README.md || exit 1 + + echo "Copy wolfssl_server_dtls example...." + mkdir -p .${EXAMPLES_DIR}/wolfssl_server_dtls + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server_dtls/wolfssl_server_dtls.ino ".${EXAMPLES_DIR}"/wolfssl_server_dtls/wolfssl_server_dtls.ino || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server_dtls/README.md ".${EXAMPLES_DIR}"/wolfssl_server_dtls/README.md || exit 1 echo "Copy wolfssl_version example...." mkdir -p .${EXAMPLES_DIR}/wolfssl_version - $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1 - $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/README.md ".${EXAMPLES_DIR}"/wolfssl_version/README.md || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/README.md ".${EXAMPLES_DIR}"/wolfssl_version/README.md || exit 1 else NO_ARDUINO_EXAMPLES=1 fi @@ -364,27 +384,39 @@ if [ "$THIS_OPERATION" = "INSTALL" ]; then # Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments) grep -v '>>' ../../examples/configs/user_settings_arduino.h > ".${ROOT_SRC_DIR}"/user_settings.h || exit 1 - # Show the user_settings.h revision string: + echo "This user_settings.h revision string:" grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h" echo "" if [ "$THIS_INSTALL_IS_GITHUB" = "true" ]; then echo "Installing to GitHub directory: $THIS_INSTALL_DIR" - cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1 + cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1 echo "Removing workspace library directory: .$ROOT_DIR" - rm -rf ".$ROOT_DIR" + rm -rf ".$ROOT_DIR" || exit 1 else echo "Installing to local directory:" if [ "$THIS_INSTALL_DIR" = "" ]; then - echo "mv .$ROOT_DIR $ARDUINO_ROOT" - mv ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1 - + if [ -n "$WSL_DISTRO_NAME" ]; then + # setfattr not installed by default + # echo "Set system.wsl_case_sensitive .$ROOT_DIR" + # setfattr -x system.wsl_case_sensitive .$ROOT_DIR + # + # use copy instead of move to avoid possible system.wsl_case_sensitive warnings + echo "cp -r .\"$ROOT_DIR\" \"$ARDUINO_ROOT\"" + cp -r ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1 + + echo "rm -rf .\"$ROOT_DIR\"" + rm -rf ."$ROOT_DIR" || exit 1 + else + echo "mv .$ROOT_DIR $ARDUINO_ROOT" + mv ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1 + fi echo "Arduino wolfSSL Version: $WOLFSSL_VERSION$WOLFSSL_VERSION_ARUINO_SUFFIX" else echo "cp -r .\"$ROOT_DIR\"/* \"$THIS_INSTALL_DIR\"" - mkdir -p "$THIS_INSTALL_DIR" || exit 1 - cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1 + mkdir -p "$THIS_INSTALL_DIR" || exit 1 + cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1 fi fi fi diff --git a/examples/configs/user_settings_arduino.h b/examples/configs/user_settings_arduino.h index 9efdb870eb..ae23745879 100644 --- a/examples/configs/user_settings_arduino.h +++ b/examples/configs/user_settings_arduino.h @@ -25,7 +25,7 @@ */ /* Define a macro to display user settings version in example code: */ -#define WOLFSSL_USER_SETTINGS_ID "Arduino user_settings.h v5.7.6" +#define WOLFSSL_USER_SETTINGS_ID "Arduino user_settings.h v5.8.2" /* Disable wolfcrypt cryptographic security hardening. Comment out to enable: */ /* #define WC_NO_HARDEN */ @@ -40,7 +40,6 @@ #define WOLFSSL_IGNORE_FILE_WARN #define NO_FILESYSTEM -#define USE_CERT_BUFFERS_2048 /* Make sure this is not an ESP-IDF file */ #undef WOLFSSL_ESPIDF @@ -58,13 +57,143 @@ #define RSA_LOW_MEM #define NO_OLD_TLS -/* TLS 1.3 */ -/* #define WOLFSSL_TLS13 */ -#if defined(WOLFSSL_TLS13) + +/* To see board properties & definitions: + * arduino-cli compile --fqbn [] --show-properties ./sketches/wolfssl_client */ + +#if defined(ARDUINO_AVR_ETHERNET) + /* TODO: optimize client / server to fit in 32K flash? + * currently 164K too big: */ + #define WOLFSSL_NO_TLS13 + #define WOLFSSL_MIN_CONFIG + #define WOLFSSL_USER_IO + #define WOLFSSL_NO_WRITEV + #define NO_FILESYSTEM + #define WOLFSSL_NO_CERTS + #define HAVE_TLS + #define NO_RC4 + #define NO_PSK + #define NO_SESSION_CACHE + #define NO_CERT_VERIFY + + #define NO_MAIN_DRIVER + #define WOLFSSL_NO_SP + #define WOLFSSL_NO_SIG_WRAPPER + #define TFM_TIMING_RESISTANT + + #undef WOLFSSL_DTLS + #undef WOLFSSL_DTLS13 +#endif + +#if defined(ARDUINO_AVR_LEONARDO_ETH) + /* No time available */ + /* Used only here in Arduino, WOLFSSL_NO_TLS13 is not a wolfssl macro */ + #undef WOLFSSL_NO_TLS13 + #define WOLFSSL_NO_TLS13 + + #define NO_TLS + #undef WOLFSSL_TLS13 + + #define WOLFSSL_NO_TLS12 +#endif + +#if defined(ESP8266) || defined(__SAM3X8E__) || \ + defined(ARDUINO_AVR_ETHERNET) || defined(ARDUINO_AVR_LEONARDO_ETH) + #define WOLFSSL_NO_SOCK + #define WOLFSSL_USER_IO + #define NO_WRITEV + + /* There's limited RAM on these devices */ + #define USE_CERT_BUFFERS_1024 + + /* SNI, Supported Groups (elliptic curves), ALPN: */ + #define HAVE_TLS_EXTENSIONS + + #define HAVE_SUPPORTED_CURVES + + #if defined(WOLFSSL_NO_TLS13) && defined(WOLFSSL_NO_TLS12) + /* NO TLS */ + #define NO_TLS + #elif defined(WOLFSSL_NO_TLS13) + /* Only TLS 1.2*/ + /* enabled by default, for clarity: */ + #undef WOLFSSL_NO_TLS12 + + /* Ensure TLS 1.3 is not enabled */ + #undef WOLFSSL_TLS13 + #elif defined(WOLFSSL_NO_TLS12) + /* Only TLS 1.3*/ + #define WOLFSSL_TLS13 + #if defined(WOLFSSL_TLS13) + #define WC_RSA_PSS + #define HAVE_HKDF + #define HAVE_AEAD + #endif + #else + /* Both TLS 1.2 and TLS 1.3 */ + + /* TLS 1.2 enabled by default, for clarity: */ + #undef WOLFSSL_NO_TLS12 + + /* Enable only TLS 1.3 on small memory devices */ + #define WOLFSSL_TLS13 + #if defined(WOLFSSL_TLS13) + #define WC_RSA_PSS + #define HAVE_HKDF + #define HAVE_AEAD + #endif + #endif + + #undef WOLFSSL_DTLS + #undef WOLFSSL_DTLS13 +#elif defined(ESP32) || \ + defined(WIFI_101) || defined(WIFI_NINA) || defined(WIFIESPAT) || \ + defined(ETHERNET_H) || defined(ARDUINO_TEENSY41) || \ + defined(ARDUINO_SAMD_MKR1000) + + #define USE_CERT_BUFFERS_2048 + + /* Only boards known to have networking will have TLS / DTLS enabled */ + #define HAVE_TLS_EXTENSIONS - #define WC_RSA_PSS - #define HAVE_HKDF - #define HAVE_AEAD + #define HAVE_SUPPORTED_CURVES + + /* Enable TLS 1.3 */ + #define WOLFSSL_TLS13 + #if defined(WOLFSSL_TLS13) + #define HAVE_TLS_EXTENSIONS + #define WC_RSA_PSS + #define HAVE_HKDF + #define HAVE_AEAD + #endif + + /* Enable DTLS */ + #define WOLFSSL_DTLS 1 + #if defined(WOLFSSL_DTLS) + #define WOLFSSL_DTLS13 + + /* WOLFSSL_DTLS13 requires WOLFSSL_TLS13 */ + #undef WOLFSSL_TLS13 + #define WOLFSSL_TLS13 + #define USE_WOLFSSL_IO + + /* WOLFSSL_SEND_HRR_COOKIE is needed to use DTLS 1.3 server */ + #define WOLFSSL_SEND_HRR_COOKIE + #endif +#elif defined (__AVR__) || defined(__AVR_ARCH__) || defined(__MEGAAVR__) + /* Do not enable TLS on platforms without networking */ + + /* We'll assume all AVR targets are small: 8 or 16 bit */ + #define WC_16BIT_CPU + #define NO_TLS +#elif (defined(__SAMD21__) || defined(__SAMD51__)) && defined(ARDUINO_SAMD_ZERO) + /* No networking on ARDUINO_SAMD_ZERO */ +#elif defined(ARDUINO_TEENSY40) + /* No networking on TEENSY boards */ + +#else + /* other / unknown board */ + #define USE_CERT_BUFFERS_1024 #endif /* #define HAVE_SUPPORTED_CURVES */ @@ -72,9 +201,6 @@ /* Cannot use WOLFSSL_NO_MALLOC with small stack */ /* #define WOLFSSL_NO_MALLOC */ -#define HAVE_TLS_EXTENSIONS -#define HAVE_SUPPORTED_CURVES - /* To further reduce size, client or server functionality can be disabled. * Here, we check if the example code gave us a hint. * @@ -503,6 +629,20 @@ #define CTX_SERVER_KEY_SIZE sizeof_server_key_der_1024 #define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #else - #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" + #define USE_CERT_BUFFERS_256 #endif #endif + +/* Final checks */ + +/* This should already be done in settings.h for newer versions of wolfSSL: + * + * There's currently no 100% reliable "smaller than 32 bit" detection. + * The user can specify: WC_16BIT_CPU + * Lower 16 bits of new OID values may collide on some 16 bit platforms. + * e.g Arduino Mega, fqbn=arduino:avr:mega */ +#if defined(WC_16BIT_CPU) + /* Force the old, 16 bit OIDs to be used in wolfcrypt/oid_sum.h */ + #undef WOLFSSL_OLD_OID_SUM + #define WOLFSSL_OLD_OID_SUM +#endif diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 8264393b0c..0513c1ac80 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -319,11 +319,24 @@ #define WOLFSSL_USER_IO #define WOLFSSL_NO_SOCK #define NO_WRITEV + + /* boards less than 32 bit int get tripped up on long OID values */ + #define WC_16BIT_CPU + #define WOLFSSL_OLD_OID_SUM + #elif defined(__SAM3X8E__) + #define WOLFSSL_NO_ATOMIC + #define WOLFSSL_NO_SOCK + #define WOLFSSL_USER_IO + #define NO_WRITEV #elif defined(__arm__) #define WOLFSSL_NO_SOCK #define NO_WRITEV - #elif defined(ESP32) || defined(ESP8266) + #elif defined(ESP32) /* assume sockets available */ + #elif defined(ESP8266) + #define WOLFSSL_NO_SOCK + #define WOLFSSL_USER_IO + #define NO_WRITEV #else #define WOLFSSL_NO_SOCK #endif diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index 74862018d4..acd6676f85 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -93,7 +93,25 @@ #define LWIP_PROVIDE_ERRNO 1 #endif #elif defined(ARDUINO) - /* TODO Add specific boards */ + /* board-specific */ + #if defined(__AVR__) + /* No AVR specifics at this time */ + #elif defined(__arm__) + /* No ARM specifics at this time */ + #elif defined(ESP8266) + #define WOLFSSL_NO_SOCK + #define WOLFSSL_USER_IO + #define NO_WRITEV + /* No Sockets on ESP8266, thus no DTLS */ + #elif defined(ESP32) + #if defined(WOLFSSL_DTLS) || defined(WOLFSSL_DTLS13) + #include + #include + #include + #endif + #else + /* Add new boards here */ + #endif #elif defined(FREESCALE_MQX) #include #include @@ -262,6 +280,20 @@ #define SOCKET_ECONNREFUSED ECONNREFUSED #define SOCKET_ECONNABORTED ECONNABORTED #endif +#elif defined(ARDUINO) + #if defined(WOLFSSL_DTLS) || defined(WOLFSSL_DTLS13) + #define SOCKADDR_S struct sockaddr_storage + #define SOCKADDR struct sockaddr + #define SOCKADDR_IN struct sockaddr_in + #endif + #define SOCKET_EWOULDBLOCK EWOULDBLOCK + #define SOCKET_EAGAIN EAGAIN + #define SOCKET_ETIMEDOUT ETIMEDOUT + #define SOCKET_ECONNRESET ECONNRESET + #define SOCKET_EINTR EINTR + #define SOCKET_EPIPE EPIPE + #define SOCKET_ECONNREFUSED ECONNREFUSED + #define SOCKET_ECONNABORTED ECONNABORTED #elif defined(USE_WINDOWS_API) /* no epipe yet */ #ifndef WSAEPIPE @@ -402,7 +434,7 @@ #define SOCKET_EPIPE EPIPE #define SOCKET_ECONNREFUSED ECONNREFUSED #define SOCKET_ECONNABORTED ECONNABORTED -#endif /* USE_WINDOWS_API */ +#endif /* __WATCOMC__ || ARDUINO || USE_WINDOWS_API || __PPU || .. etc */ #ifdef DEVKITPRO /* from network.h */