[riot-notifications] [RIOT-OS/RIOT] wolfSSL pkg addition with examples (#10308)

MichelRottleuthner notifications at github.com
Tue Sep 3 19:32:35 CEST 2019


MichelRottleuthner requested changes on this pull request.

Almost there! Another round of testing confirmed most of the tests/examples working in general now, apart from `examples/tls-wolfssl-posix` - but judging by your comments and the new PR, I think you are already working on that, right?
Some things still needed small tweaks to work on all of the platforms I tested, see below for details. 
Merging before the summit won't happen anymore - but maybe we can make it there ;)

> +# Include packages that pull up and auto-init the link layer.
+# NOTE: 6LoWPAN will be included if IEEE802.15.4 devices are present
+USEMODULE += gnrc_netdev_default
+USEMODULE += auto_init_gnrc_netif
+# Specify the mandatory networking modules for IPv6 and UDP
+USEMODULE += gnrc_ipv6_default
+USEMODULE += gnrc_sock_udp
+
+# Add also the shell, some shell commands
+USEMODULE += shell
+USEMODULE += shell_commands
+
+USEPKG += wolfssl
+USEMODULE += wolfcrypt
+USEMODULE += wolfssl
+USEMODULE += wolfcrypt-test

wolfcrypt-test can be removed here to save some RAM as there is already the separate test/bench application

> +USEMODULE += gnrc_sock_udp
+
+# Add also the shell, some shell commands
+USEMODULE += shell
+USEMODULE += shell_commands
+
+USEPKG += wolfssl
+USEMODULE += wolfcrypt
+USEMODULE += wolfssl
+USEMODULE += wolfcrypt-test
+USEMODULE += wolfssl_dtls
+
+# Select public key algorithm (or PSK) support fot ciphersuite(s):
+USEMODULE += wolfcrypt_ecc
+#USEMODULE += wolfcrypt_rsa wolfcrypt_dh
+#USEMODULE += wolfssl_psk

I'd favor to use the wolfssl_psk configuration as default as it should be least problematic for running on very constrained nodes

> +        }
+
+        return 32;   /* length of key in octets or 0 for error */
+    }
+}
+#endif
+
+#define APP_DTLS_BUF_SIZE 64
+int dtls_client(int argc, char **argv)
+{
+    int ret = 0;
+    char buf[APP_DTLS_BUF_SIZE] = "Hello from DTLS client!";
+    int iface;
+    char *addr_str;
+    int connect_timeout = 0;
+    const int max_connect_timeouts = 5;

please increase this number. With five It didn't work for me on samr21-xpro / nucleo-l476rg, whereas 20 was working perfectly fine

> +    else {
+        int i;
+        int b = 0x01;
+
+        for (i = 0; i < 32; i++, b += 0x22) {
+            if (b >= 0x100)
+                b = 0x01;
+            key[i] = b;
+        }
+
+        return 32;   /* length of key in octets or 0 for error */
+    }
+}
+#endif
+
+#define APP_DTLS_BUF_SIZE 64

minor, but having all defines together somewhere at the top of the file feels cleaner

> + * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+/**
+ * @ingroup     examples
+ * @{
+ *
+ * @file
+ * @brief       wolfSSL server example
+ *
+ * @author      Kaleb J. Himes <kaleb at wolfssl.com>
+ *
+ * @}
+ */
+

please add the following here so that strnlen is provided on all platforms:
```c
/* Required for strnlen in string.h, when building with -std=c99 */
#define _DEFAULT_SOURCE 1 
```

> +                   arduino-uno chronos esp8266-esp-12x esp8266-olimex-mod \
+                   esp8266-sparkfun-thing jiminy-mega256rfr2 mega-xplained \
+                   msb-430 msb-430h telosb waspmote-pro \
+                   wsn430-v1_3b wsn430-v1_4 z1
+
+# This has to be the absolute path to the RIOT base directory:
+RIOTBASE ?= $(CURDIR)/../..
+
+# Comment this out to disable code in RIOT that does safety checking
+# which is not needed in a production environment but helps in the
+# development process:
+DEVELHELP ?= 1
+
+# Change this to 0 show compiler invocation lines by default:
+QUIET ?= 1
+

please add the following to avoid a hardfault on small platforms (e.g. amr21-xpro) after finishing the signature verification is complete:
```
CFLAGS += -DTHREAD_STACKSIZE_MAIN=THREAD_STACKSIZE_LARGE
```

> +#
+# BOARD_INSUFFICIENT_MEMORY :=
+
+# This has to be the absolute path to the RIOT base directory:
+RIOTBASE ?= $(CURDIR)/../..
+
+# Used for inserting debug symbols into library for portability
+# testing on Ubuntu 16.04 LTS w/ gcc v 5.4.0
+#CFLAGS += -g
+#LDFLAGS += -g
+
+# Necessary to set the stacksize on Ubuntu Native device when using
+# gcc v 5.4.0 on 16.04 LTS
+# This is an optimized stack value based on testing, if you observe
+# a segmentation fault please increase this stack size.
+CFLAGS += -DTHREAD_STACKSIZE_MAIN=35000

please change this to the following to have a big enough (but platform specific) stacksize to make it work on embedded targets:
`CFLAGS += -DTHREAD_STACKSIZE_MAIN=2*THREAD_STACKSIZE_LARGE`

> + *
+ * @}
+ */
+
+#include <stdio.h>
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfcrypt/test/test.h>
+#ifdef MODULE_WOLFCRYPT_BENCHMARK
+#include <wolfcrypt/benchmark/benchmark.h>
+#endif
+
+int main(void)
+{
+    puts("wolfSSL Crypto Test!");
+    wolfcrypt_test(NULL);

please add `xtimer_sleep(1);` before calling `wolfcrypt_test` (and the required `#include "xtimer.h"` to the top) to workaround a failing test on platforms that don't have a synced RTC, as I explained in [one of my previous comments](https://github.com/RIOT-OS/RIOT/pull/10308#issuecomment-519430658).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/RIOT-OS/RIOT/pull/10308#pullrequestreview-283115649
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20190903/12e29b2c/attachment.htm>


More information about the notifications mailing list