Merge pull request #8749 from jepler/mbedtls-hashlib

Share the implementation of hashlib across ports

Author: jepler

ports/raspberrypi/mbedtls/crt_bundle.c renamed to lib/mbedtls_config/crt_bundle.c

@@ -19,8 +19,8 @@
 
 #include "py/runtime.h"
 #include "py/mperrno.h"
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/crt_bundle.h"
+#include "lib/mbedtls/include/mbedtls/x509_crt.h"
+#include "lib/mbedtls_config/crt_bundle.h"
 
 #define BUNDLE_HEADER_OFFSET 2
 #define CRT_HEADER_OFFSET 4

ports/raspberrypi/mbedtls/crt_bundle.h renamed to lib/mbedtls_config/crt_bundle.h

@@ -3,7 +3,7 @@
  *
  * The MIT License (MIT)
  *
- * Copyright (c) 2022 Scott Shawcroft for Adafruit Industries
+ * Copyright (c) 2018-2019 Damien P. George
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -23,19 +23,37 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+#ifndef MICROPY_INCLUDED_MBEDTLS_CONFIG_H
+#define MICROPY_INCLUDED_MBEDTLS_CONFIG_H
 
-#ifndef MICROPY_INCLUDED_ESPRESSIF_COMMON_HAL_HASHLIB_HASH_H
-#define MICROPY_INCLUDED_ESPRESSIF_COMMON_HAL_HASHLIB_HASH_H
+// If you want to debug MBEDTLS uncomment the following and
+// Pass 3 to mbedtls_debug_set_threshold in socket_new
+// #define MBEDTLS_DEBUG_C
 
-#include "components/mbedtls/mbedtls/include/mbedtls/sha1.h"
+// Set mbedtls configuration
+#define MBEDTLS_PLATFORM_C
+#define MBEDTLS_PLATFORM_MEMORY
+#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+#define MBEDTLS_DEPRECATED_REMOVED
+#define MBEDTLS_ENTROPY_HARDWARE_ALT
 
-typedef struct {
-    mp_obj_base_t base;
-    union {
-        mbedtls_sha1_context sha1;
-    };
-    // Of MBEDTLS_SSL_HASH_*
-    uint8_t hash_type;
-} hashlib_hash_obj_t;
+// Enable mbedtls modules
+#define MBEDTLS_MD_C
+#define MBEDTLS_MD5_C
+#define MBEDTLS_SHA1_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SHA512_C
+#undef MBEDTLS_HAVE_TIME_DATE
 
-#endif // MICROPY_INCLUDED_ESPRESSIF_COMMON_HAL_HASHLIB_HASH_H
+// Memory allocation hooks
+#include <stdlib.h>
+#include <stdio.h>
+void *m_tracked_calloc(size_t nmemb, size_t size);
+void m_tracked_free(void *ptr);
+#define MBEDTLS_PLATFORM_STD_CALLOC m_tracked_calloc
+#define MBEDTLS_PLATFORM_STD_FREE m_tracked_free
+#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf
+
+#include "mbedtls/check_config.h"
+
+#endif /* MICROPY_INCLUDED_MBEDTLS_CONFIG_H */

ports/raspberrypi/mbedtls/mbedtls_config.h renamed to lib/mbedtls_config/mbedtls_config.h

@@ -99,6 +99,7 @@ CIRCUITPY_PARALLELDISPLAY = 0
 CIRCUITPY_RGBMATRIX = 0
 CIRCUITPY_TOUCHIO ?= 1
 CIRCUITPY_TOUCHIO_USE_NATIVE = 0
+CIRCUITPY_HASHLIB_MBEDTLS_ONLY = 0
 # Features
 CIRCUITPY_USB = 0
 CIRCUITPY_ESP_USB_SERIAL_JTAG ?= 1

ports/espressif/common-hal/hashlib/Hash.h renamed to lib/mbedtls_config/mbedtls_config_hashlib.h

@@ -354,10 +354,10 @@ SRC_MBEDTLS := $(addprefix lib/mbedtls/library/, \
         x509write_csr.c \
         xtea.c \
 	)
-SRC_C += $(SRC_MBEDTLS) mbedtls/mbedtls_port.c mbedtls/crt_bundle.c
+SRC_C += $(SRC_MBEDTLS) $(TOP)/lib/mbedtls_config/mbedtls_port.c $(TOP)/lib/mbedtls_config/crt_bundle.c
 CFLAGS += \
 	  -isystem $(TOP)/lib/mbedtls/include \
-	  -DMBEDTLS_CONFIG_FILE='"mbedtls/mbedtls_config.h"' \
+	  -DMBEDTLS_CONFIG_FILE='"$(TOP)/lib/mbedtls_config/mbedtls_config.h"' \
 
 $(BUILD)/x509_crt_bundle.S: $(TOP)/lib/certificates/data/roots.pem $(TOP)/tools/gen_crt_bundle.py
 	$(Q)$(PYTHON) $(TOP)/tools/gen_crt_bundle.py -i $< -o $@ --asm

ports/raspberrypi/mbedtls/mbedtls_port.c renamed to lib/mbedtls_config/mbedtls_port.c

@@ -31,7 +31,7 @@
 #include "py/runtime.h"
 #include "py/stream.h"
 
-#include "mbedtls/crt_bundle.h"
+#include "lib/mbedtls_config/crt_bundle.h"
 
 void common_hal_ssl_sslcontext_construct(ssl_sslcontext_obj_t *self) {
     common_hal_ssl_sslcontext_set_default_verify_paths(self);

ports/espressif/common-hal/hashlib/Hash.c

@@ -28,7 +28,7 @@
 #include "common-hal/ssl/__init__.h"
 #include "shared-bindings/ssl/__init__.h"
 #include "shared-bindings/ssl/SSLContext.h"
-#include "mbedtls/crt_bundle.h"
+#include "lib/mbedtls_config/crt_bundle.h"
 
 void common_hal_ssl_create_default_context(ssl_sslcontext_obj_t *self) {
     common_hal_ssl_sslcontext_construct(self);

ports/espressif/mpconfigport.mk

@@ -6,14 +6,15 @@ CIRCUITPY_OPTIMIZE_PROPERTY_FLASH_SIZE ?= 1
 CIRCUITPY_WIFI_RADIO_SETTABLE_MAC_ADDRESS = 0
 
 CIRCUITPY_ALARM ?= 1
-
 CIRCUITPY_RP2PIO ?= 1
 CIRCUITPY_NEOPIXEL_WRITE ?= $(CIRCUITPY_RP2PIO)
 CIRCUITPY_FLOPPYIO ?= 1
 CIRCUITPY_FRAMEBUFFERIO ?= $(CIRCUITPY_DISPLAYIO)
 CIRCUITPY_FULL_BUILD ?= 1
 CIRCUITPY_AUDIOMP3 ?= 1
 CIRCUITPY_BITOPS ?= 1
+CIRCUITPY_HASHLIB ?= 1
+CIRCUITPY_HASHLIB_MBEDTLS ?= 1
 CIRCUITPY_IMAGECAPTURE ?= 1
 CIRCUITPY_MEMORYMAP ?= 1
 CIRCUITPY_PWMIO ?= 1
@@ -24,8 +25,9 @@ CIRCUITPY_SYNTHIO_MAX_CHANNELS = 12
 CIRCUITPY_USB_HOST ?= 1
 
 # Things that need to be implemented.
-# Use PWM internally
 CIRCUITPY_FREQUENCYIO = 0
+
+# Use PWM internally
 CIRCUITPY_I2CTARGET = 1
 CIRCUITPY_NVM = 1
 # Use PIO internally

ports/raspberrypi/Makefile

@@ -34,4 +34,6 @@ ifeq ($(MCU_SERIES),MG24)
         CIRCUITPY_USB = 0
 endif
 
+CIRCUITPY_HASHLIB_MBEDTLS_ONLY = 0
+
 CIRCUITPY_BUILD_EXTENSIONS ?= bin

ports/raspberrypi/common-hal/hashlib/__init__.h

@@ -477,8 +477,6 @@ SRC_COMMON_HAL_ALL = \
 	gnss/GNSS.c \
 	gnss/PositionFix.c \
 	gnss/SatelliteSystem.c \
-	hashlib/__init__.c \
-	hashlib/Hash.c \
 	i2ctarget/I2CTarget.c \
 	i2ctarget/__init__.c \
 	memorymap/__init__.c \
@@ -765,6 +763,29 @@ SRC_MOD += lib/tjpgd/src/tjpgd.c
 $(BUILD)/lib/tjpgd/src/tjpgd.o: CFLAGS += -Wno-shadow -Wno-cast-align
 endif
 
+ifeq ($(CIRCUITPY_HASHLIB_MBEDTLS_ONLY),1)
+SRC_MOD += $(addprefix lib/mbedtls/library/, \
+        sha1.c \
+        sha256.c \
+        sha512.c \
+        platform_util.c \
+	)
+CFLAGS += \
+	  -isystem $(TOP)/lib/mbedtls/include \
+	  -DMBEDTLS_CONFIG_FILE='"$(TOP)/lib/mbedtls_config/mbedtls_config_hashlib.h"' \
+
+endif
+
+ifeq ($(CIRCUITPY_HASHLIB_MBEDTLS),1)
+SRC_SHARED_MODULE_ALL += \
+	hashlib/Hash.c \
+	hashlib/__init__.c
+else
+SRC_COMMON_HAL_ALL += \
+	hashlib/Hash.c \
+	hashlib/__init__.c
+endif
+
 ifeq ($(CIRCUITPY_RGBMATRIX),1)
 SRC_MOD += $(addprefix lib/protomatter/src/, \
 	core.c \

ports/raspberrypi/common-hal/ssl/SSLContext.c

@@ -37,6 +37,12 @@
 enable-if-any=$(lastword $(sort $(1) 0))
 enable-if-all=$(firstword $(sort $(1) 1))
 
+# Implement the 'not' function; When first argument argument of $(if) is non-empty,
+# the result is the 2nd arg, else it's the third arg. So if the value of $(1)
+# is exactly 1, the result of $(filter) is empty, and the result is 0. Otherwise,
+# the result is 1. You use this by $(call)ing it.
+enable-if-not=$(if $(filter 1,$(1)),0,1)
+
 # To use any/all, you "$(call)" it, with the values to test after a comma.
 # Usually the values are other $(CIRCUITPY_foo) variables. The definition
 # of CIRCUITPY_AUDIOCORE and CIRCUITPY_AUDIOMP3 below are typical of how
@@ -292,6 +298,13 @@ CFLAGS += -DCIRCUITPY_GNSS=$(CIRCUITPY_GNSS)
 CIRCUITPY_HASHLIB ?= $(CIRCUITPY_WEB_WORKFLOW)
 CFLAGS += -DCIRCUITPY_HASHLIB=$(CIRCUITPY_HASHLIB)
 
+CIRCUITPY_HASHLIB_MBEDTLS ?= $(CIRCUITPY_HASHLIB)
+CFLAGS += -DCIRCUITPY_HASHLIB_MBEDTLS=$(CIRCUITPY_HASHLIB_MBEDTLS)
+
+# i.e., we need to include a subset of mbedtls only for hashlib's own needs
+CIRCUITPY_HASHLIB_MBEDTLS_ONLY ?= $(call enable-if-all,$(CIRCUITPY_HASHLIB_MBEDTLS) $(call enable-if-not,$(CIRCUITPY_SSL)))
+CFLAGS += -DCIRCUITPY_HASHLIB_MBEDTLS_ONLY=$(CIRCUITPY_HASHLIB_MBEDTLS_ONLY)
+
 CIRCUITPY_I2CTARGET ?= $(CIRCUITPY_FULL_BUILD)
 CFLAGS += -DCIRCUITPY_I2CTARGET=$(CIRCUITPY_I2CTARGET)
 

ports/raspberrypi/common-hal/ssl/__init__.c

@@ -29,7 +29,11 @@
 
 #include "py/obj.h"
 
+#if CIRCUITPY_HASHLIB_MBEDTLS
+#include "shared-module/hashlib/Hash.h"
+#else
 #include "common-hal/hashlib/Hash.h"
+#endif
 
 extern const mp_obj_type_t hashlib_hash_type;
 

ports/raspberrypi/mpconfigport.mk

@@ -25,6 +25,7 @@
  */
 
 #include "shared-bindings/hashlib/Hash.h"
+#include "shared-module/hashlib/__init__.h"
 
 #include "mbedtls/ssl.h"
 

ports/silabs/mpconfigport.mk

@@ -25,6 +25,7 @@
  */
 
 #include "shared-bindings/hashlib/__init__.h"
+#include "shared-module/hashlib/__init__.h"
 
 #include "mbedtls/ssl.h"
 

py/circuitpy_defns.mk

@@ -4,6 +4,7 @@
  * The MIT License (MIT)
  *
  * Copyright (c) 2022 Scott Shawcroft for Adafruit Industries
+ * Copyright (c) 2014 Paul Sokolovsky
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -24,17 +25,12 @@
  * THE SOFTWARE.
  */
 
-#include "shared-bindings/hashlib/__init__.h"
+#pragma once
 
-#include "components/mbedtls/mbedtls/include/mbedtls/ssl.h"
+#include "mbedtls/version.h"
 
-
-bool common_hal_hashlib_new(hashlib_hash_obj_t *self, const char *algorithm) {
-    if (strcmp(algorithm, "sha1") == 0) {
-        self->hash_type = MBEDTLS_SSL_HASH_SHA1;
-        mbedtls_sha1_init(&self->sha1);
-        mbedtls_sha1_starts(&self->sha1);
-        return true;
-    }
-    return false;
-}
+#if MBEDTLS_VERSION_NUMBER < 0x02070000 || MBEDTLS_VERSION_NUMBER >= 0x03000000
+#define mbedtls_sha1_starts_ret mbedtls_sha1_starts
+#define mbedtls_sha1_update_ret mbedtls_sha1_update
+#define mbedtls_sha1_finish_ret mbedtls_sha1_finish
+#endif