Discussion:
NuttX: Initial mbed STL support added
(too old to reply)
Marcelo Barros marcelobarrosalmeida@gmail.com [nuttx]
2016-01-15 20:30:44 UTC
Permalink
Hello


Following the philosophy "release early, release frequently", I would like
to announce that I spent my last days integrating mbed TLS [1] in NuttX. My
aim is to use secure sockets and public/private keys.


What I did until now:


1) Very few changes in the original code base. In fact, only one line in .c
files (a small adaptation for supporting /dev/random instead of
/dev/urandom) and some lines in config.h (due to Kconfig and configuration
profiles - see next item).
2) As mbed STL configuration is based on .h files (features are enabled by
defines), I created some configuration profiles in Kconfig for loading
original .h configuration files. I am still creating a huge Kconfig for
supporting all mbed STL features, but this work is not completed yet (70%
done, I called it "custom profile" in Kconfig). I added a new profile also,
called Suite B FS (NSA Suite B profile [2] with support for file handling
and key writing). This is the profile that I am using and testing currently.
3) I am creating some examples for testing mbed STL features. A directory
mbedstl in apps was created and two applications are currently running:
ramdisk e genkey. The first only creates a ramdisk (based on fs examples)
and the second generates a key file in this ram disk (based on examples
provided by mbed stl). So, to test, it is necessary to type in nsh
something like below:
nsh> ramdisk
nsh> genkey type=ec filename=/mnt/keys/a.pem ec_curve=secp256r1
4) My test board is a stm32F4discovery. A configuration profile called
mbedstl was created as well. It is necessary to enable network,
/dev/random, ram disk and a larger buffer for nsh. Make.defs has a new
include directory added (maybe the final solution is to move mbed stl
includes into nuttx include directory). My host system is Linux
(arm-none-eabi compiler) and I did not test in any other host.


Only for reference, some stats from compilation without and with mbed STL
using Suite B + FS (with writing support):


text data bss dec hex filename
95805 261 9876 105942 19dd6 nuttx


text data bss dec hex filename
150093 301 27528 177922 2b702 nuttx


What I intend to do:


1) Create more examples (public/private key usage examples, secure sockets)
2) Finish custom kconfig


My overall impression is: mbed TLS library seems good to be used, it is
highly customizable, with nice code portability and with a good tradeoff
between features x size. However, examples provided require attention. For
instance, I have to change a variable of 16kb there was allocated in
function stack. So, take care when porting examples.


Yes, it is all available from my repositories :D


https://bitbucket.org/marcelobarrosalmeida/h6xa_nuttx.git
https://bitbucket.org/marcelobarrosalmeida/h6xa_configs.git
https://bitbucket.org/marcelobarrosalmeida/h6xa_apps.git


Finally, I would like to say that I am very new to NuttX. So, feel free to
suggest better organization and do not hesitate to move things around.


See you,
Marcelo Barros


[1] https://tls.mbed.org/
[2] https://www.nsa.gov/ia/programs/suiteb_cryptography/
spudarnia@yahoo.com [nuttx]
2016-01-16 00:56:07 UTC
Permalink
Good job, Marcelo. There have been several people in this forum asking about a port of the mbed TLS to NuttX. Thanks for contributing this. I hope that people can jump on board and help you wring out all of the integration issues.


Greg
Neilh NeilH20@biomonitors.com [nuttx]
2016-01-16 18:44:24 UTC
Permalink
Marcelo Barros marcelobarrosalmeida@gmail.com [nuttx]
2016-01-16 19:35:34 UTC
Permalink
Hi Neilh,

I cloned from official repositories, following wiki instruction, as stated
in readme.
I did some changes in the code, without creating a branch (my error).
After, I created my repositories at bitbucket and added them using "git
remote add myrepo http://...".
As I am not used to git (hg is my default tool), I typed git rebase master
and my changes were
left behind in a temporary branch (tmp). So, it was necessary to merge "git
merge tmp".
Finally I pushed my changes in myrepo (git push myrepo master) but I do not
merged with original master,
from nuttx official repository.

Just telling the history and mistakes. I believe you could use git
merge/rebase) but conflicts should be resolved manually.
All operation I did were done by module. Fist in submodules and after in
the main module.

Of course I can merge with latest nuttx, solving conflicts and making your
sync operation easier. Give me a moment...

Marcelo
Hello Marcelo
TLS Sounds excellent, and hugely desirable.
I was wondering though how you setup nuttx and configs and apps and manage
your workflow on the super and submodules?
I have done a similar setup to yours with nuttx\configs origin setback to
my bitbucket,
but I run into a submodule problem of making changes in the submodules OK,
but this messes with the super project pointing to thos subprojects, which
in turn causes conflicts when using bitbuckets sync with upstream button.
When pressing "Sync now" I get conflicts relating to the submodule updates
I've previously performed.
I would hope to do workflow along the lines of
http://nvie.com/posts/a-successful-git-branching-model
but still figuring the git methods.
thanks
Hello
Following the philosophy "release early, release frequently", I would like
to announce that I spent my last days integrating mbed TLS [1] in NuttX. My
aim is to use secure sockets and public/private keys.
1) Very few changes in the original code base. In fact, only one line in
.c files (a small adaptation for supporting /dev/random instead of
/dev/urandom) and some lines in config.h (due to Kconfig and configuration
profiles - see next item).
2) As mbed STL configuration is based on .h files (features are enabled by
defines), I created some configuration profiles in Kconfig for loading
original .h configuration files. I am still creating a huge Kconfig for
supporting all mbed STL features, but this work is not completed yet (70%
done, I called it "custom profile" in Kconfig). I added a new profile also,
called Suite B FS (NSA Suite B profile [2] with support for file handling
and key writing). This is the profile that I am using and testing currently.
3) I am creating some examples for testing mbed STL features. A directory
ramdisk e genkey. The first only creates a ramdisk (based on fs examples)
and the second generates a key file in this ram disk (based on examples
provided by mbed stl). So, to test, it is necessary to type in nsh
nsh> ramdisk
nsh> genkey type=ec filename=/mnt/keys/a.pem ec_curve=secp256r1
4) My test board is a stm32F4discovery. A configuration profile called
mbedstl was created as well. It is necessary to enable network,
/dev/random, ram disk and a larger buffer for nsh. Make.defs has a new
include directory added (maybe the final solution is to move mbed stl
includes into nuttx include directory). My host system is Linux
(arm-none-eabi compiler) and I did not test in any other host.
Only for reference, some stats from compilation without and with mbed STL
text data bss dec hex filename
95805 261 9876 105942 19dd6 nuttx
text data bss dec hex filename
150093 301 27528 177922 2b702 nuttx
1) Create more examples (public/private key usage examples, secure sockets)
2) Finish custom kconfig
My overall impression is: mbed TLS library seems good to be used, it is
highly customizable, with nice code portability and with a good tradeoff
between features x size. However, examples provided require attention. For
instance, I have to change a variable of 16kb there was allocated in
function stack. So, take care when porting examples.
Yes, it is all available from my repositories :D
https://bitbucket.org/marcelobarrosalmeida/h6xa_nuttx.git
https://bitbucket.org/marcelobarrosalmeida/h6xa_configs.git
https://bitbucket.org/marcelobarrosalmeida/h6xa_apps.git
Finally, I would like to say that I am very new to NuttX. So, feel free to
suggest better organization and do not hesitate to move things around.
See you,
Marcelo Barros
[1] https://tls.mbed.org/
[2] https://www.nsa.gov/ia/programs/suiteb_cryptography/
--
-----------------------------------------------
De perto ninguém é normal.
spudarnia@yahoo.com [nuttx]
2016-01-16 20:09:25 UTC
Permalink
This raises another question: How should this code be retained in the long run?


I think your work here is important and should not be lost. Rather, we need a way for others to contribute so that this can grow into something useful for all people.


The main problem is this: We cannot just put a copy of the mbed TLS into the NuttX source tree. That is an active project undergoing many changes. Any snapshot that we were to take would be obsolete in months.


Also, I cannot maintain large bodies of code like that in the NuttX repositories.


So, ideally, it would best if mbed could add support whatever support is necessary into mbed TLS repositories rather than a NuttX repository. That way going forward, the NuttX port would be fresh and maintained against other changes to the TLS baseline.


Since there is an mbed OS, they may not be responsive to such an idea, however.


What we have done for other projects is to modify the build system so that it downloads a tarball or clones a specific version of the code, they applies patches as necessary, and hooks the downloaded code into the NuttX build system. There are examples of this approach here:


apps/canutils/uavcan
apps/interpreters/micropython
and possibly others.


That is a little more difficult but solves some of the maintainability problems.


Greg
Neilh NeilH20@biomonitors.com [nuttx]
2016-01-16 20:26:55 UTC
Permalink
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
</head>







<body style="background-color: #fff;">
<span style="display:none">&nbsp;</span>

<!--~-|**|PrettyHtmlStartT|**|-~-->
<div id="ygrp-mlmsg" style="position:relative;">
<div id="ygrp-msg" style="z-index: 1;">
<!--~-|**|PrettyHtmlEndT|**|-~-->

<div id="ygrp-text" >


<p>


This sounds like a description of a submodule.<br>
"<span style="color: rgb(78, 68, 60);font-family: Georgia, 'Times
New Roman', serif;font-size: 14px;font-style: normal;font-variant: normal;font-weight: normal;letter-spacing: normal;text-align: start;text-indent:
0px;text-transform: none;"><span class="Apple-converted-space"> </span>The other repository has
its own history, which does not interfere with the history of the
current repository. This can be used to have external dependencies
such as third party libraries for example."<br>
<br>
</span>Probably dependent of how well the current structure maps
into Nuttx as to whether it can directly be pulled from mbed - and
they can change their architecture as they please.<br>
<br>
<div class="moz-cite-prefix">On 1/16/2016 12:09 PM,
<a class="moz-txt-link-abbreviated" href="mailto:***@yahoo.com">***@yahoo.com</a> [nuttx] wrote:<br>
</div>
<blockquote cite="mid:n7e81l+***@YahooGroups.com" type="cite"> <span> </span>

<div id="ygrp-text">
<div>This raises another question: How should this code be
retained in the long run?</div>
<div><br>
</div>
<div>I think your work here is important and should not be
lost.  Rather, we need a way for others to contribute so
that this can grow into something useful for all people.</div>
<div><br>
</div>
<div>The main problem is this:  We cannot just put a copy of
the mbed TLS into the NuttX source tree.  That is an
active project undergoing many changes.  Any snapshot that
we were to take would be obsolete in months.</div>
<div><br>
</div>
<div>Also, I cannot maintain large bodies of code like that
in the NuttX repositories.</div>
<div><br>
</div>
<div>So, ideally, it would best if mbed could add support
whatever support is necessary into mbed TLS repositories
rather than a NuttX repository.  That way going forward,
the NuttX port would be fresh and maintained against other
changes to the TLS baseline.</div>
<div><br>
</div>
<div>Since there is an mbed OS, ! they may not be responsive
to such an idea, however.</div>
<div><br>
</div>
<div>What we have done for other projects is to modify the
build system so that it downloads a tarball or clones a
specific version of the code, they applies patches as
necessary, and hooks the downloaded code into the NuttX
build system.  There are examples of this approach here:</div>
<div><br>
</div>
<div>apps/canutils/uavcan</div>
<div>apps/interpreters/micropython</div>
<div>and possibly others.</div>
<div><br>
</div>
<div>That is a little more difficult but solves some of the
maintainability problems.</div>
<div><br>
</div>
<div>Greg</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>


<!-- end group email -->
</blockquote>
<br>


</p>

</div>


<!--~-|**|PrettyHtmlStart|**|-~-->
<div style="color: #fff; height: 0;">__._,_.___</div>






<div style="clear:both"> </div>

<div id="fromDMARC" style="margin-top: 10px;">
<hr style="height:2px ; border-width:0; color:#E3E3E3; background-color:#E3E3E3;">
Posted by: Neilh &lt;***@biomonitors.com&gt; <hr style="height:2px ; border-width:0; color:#E3E3E3; background-color:#E3E3E3;">
</div>
<div style="clear:both"> </div>

<table cellspacing=4px style="margin-top: 10px; margin-bottom: 10px; color: #2D50FD;">
<tbody>
<tr>
<td style="font-size: 12px; font-family: arial; font-weight: bold; padding: 7px 5px 5px;" >
<a style="text-decoration: none; color: #2D50FD" href="https://groups.yahoo.com/neo/groups/nuttx/conversations/messages/10809;_ylc=X3oDMTJyaW02NjkxBF9TAzk3MzU5NzE0BGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRtc2dJZAMxMDgwOQRzZWMDZnRyBHNsawNycGx5BHN0aW1lAzE0NTI5NzYwMTg-?act=reply&messageNum=10809">Reply via web post</a>
</td>
<td>&bull;</td>
<td style="font-size: 12px; font-family: arial; padding: 7px 5px 5px;" >
<a href="mailto:***@biomonitors.com?subject=Re%3A%20%5Bnuttx%5D%20NuttX%3A%20Initial%20mbed%20STL%20support%20added" style="text-decoration: none; color: #2D50FD;">
Reply to sender </a>
</td>
<td>&bull;</td>
<td style="font-size: 12px; font-family: arial; padding: 7px 5px 5px;">
<a href="mailto:***@yahoogroups.com?subject=Re%3A%20%5Bnuttx%5D%20NuttX%3A%20Initial%20mbed%20STL%20support%20added" style="text-decoration: none; color: #2D50FD">
Reply to group </a>
</td>
<td>&bull;</td>
<td style="font-size: 12px; font-family: arial; padding: 7px 5px 5px;" >
<a href="https://groups.yahoo.com/neo/groups/nuttx/conversations/newtopic;_ylc=X3oDMTJmMWQ3OW1oBF9TAzk3MzU5NzE0BGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRzZWMDZnRyBHNsawNudHBjBHN0aW1lAzE0NTI5NzYwMTg-" style="text-decoration: none; color: #2D50FD">Start a New Topic</a>
</td>
<td>&bull;</td>
<td style="font-size: 12px; font-family: arial; padding: 7px 5px 5px;color: #2D50FD;" >
<a href="https://groups.yahoo.com/neo/groups/nuttx/conversations/topics/10799;_ylc=X3oDMTM3NjNzNzIxBF9TAzk3MzU5NzE0BGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRtc2dJZAMxMDgwOQRzZWMDZnRyBHNsawN2dHBjBHN0aW1lAzE0NTI5NzYwMTgEdHBjSWQDMTA3OTk-" style="text-decoration: none; color: #2D50FD;">Messages in this topic</a>
(7)
</td>
</tr>
</tbody>
</table>



<!------- Start Nav Bar ------>
<!-- |**|begin egp html banner|**| -->
<!-- |**|end egp html banner|**| -->






<!-- |**|begin egp html banner|**| -->
<div id="ygrp-vital" style="background-color: #f2f2f2; font-family: Verdana; font-size: 10px; margin-bottom: 10px; padding: 10px;">

<span id="vithd" style="font-weight: bold; color: #333; text-transform: uppercase; "><a href="https://groups.yahoo.com/neo/groups/nuttx/info;_ylc=X3oDMTJmbHRydHI4BF9TAzk3MzU5NzE0BGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRzZWMDdnRsBHNsawN2Z2hwBHN0aW1lAzE0NTI5NzYwMTg-" style="text-decoration: none;">Visit Your Group</a></span>

<ul style="list-style-type: none; margin: 0; padding: 0; display: inline;">
<li style="border-right: 1px solid #000; font-weight: 700; display: inline; padding: 0 5px; margin-left: 0;">
<span class="cat"><a href="https://groups.yahoo.com/neo/groups/nuttx/members/all;_ylc=X3oDMTJnaWY2ajUzBF9TAzk3MzU5NzE0BGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRzZWMDdnRsBHNsawN2bWJycwRzdGltZQMxNDUyOTc2MDE4" style="text-decoration: none;">New Members</a></span>
<span class="ct" style="color: #ff7900;">2</span>
</li>
</ul>
</div>


<div id="ft" style="font-family: Arial; font-size: 11px; margin-top: 5px; padding: 0 2px 0 0; clear: both;">
<a href="https://groups.yahoo.com/neo;_ylc=X3oDMTJlOHBobG5qBF9TAzk3NDc2NTkwBGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRzZWMDZnRyBHNsawNnZnAEc3RpbWUDMTQ1Mjk3NjAxOA--" style="float: left;"><img src="Loading Image..." height="15" width="137" alt="Yahoo! Groups" style="border: 0;"/></a>
<div style="color: #747575; float: right;"> &bull; <a href="https://info.yahoo.com/privacy/us/yahoo/groups/details.html" style="text-decoration: none;">Privacy</a> &bull; <a href="mailto:nuttx-***@yahoogroups.com?subject=Unsubscribe" style="text-decoration: none;">Unsubscribe</a> &bull; <a href="https://info.yahoo.com/legal/us/yahoo/utos/terms/" style="text-decoration: none;">Terms of Use</a> </div>
</div>
<br>

<!-- |**|end egp html banner|**| -->

</div> <!-- ygrp-msg -->


<!-- Sponsor -->
<!-- |**|begin egp html banner|**| -->
<div id="ygrp-sponsor" style="width:160px; float:right; clear:none; margin:0 0 25px 0; background: #fff;">

<!-- Start Recommendations -->
<div id="ygrp-reco">
</div>
<!-- End Recommendations -->



</div> <!-- |**|end egp html banner|**| -->

<div style="clear:both; color: #FFF; font-size:1px;">.</div>
</div>

<img src="http://geo.yahoo.com/serv?s=97359714/grpId=23389070/grpspId=1705006559/msgId=10809/stime=1452976018" width="1" height="1"> <br>

<img src="http://y.analytics.yahoo.com/fpc.pl?ywarid=515FB27823A7407E&a=10001310322279&js=no&resp=img" width="1" height="1">

<div style="color: #fff; height: 0;">__,_._,___</div>
<!--~-|**|PrettyHtmlEnd|**|-~-->

</body>

<!--~-|**|PrettyHtmlStart|**|-~-->
<head>
<style type="text/css">
<!--
#ygrp-mkp {
border: 1px solid #d8d8d8;
font-family: Arial;
margin: 10px 0;
padding: 0 10px;
}

#ygrp-mkp hr {
border: 1px solid #d8d8d8;
}

#ygrp-mkp #hd {
color: #628c2a;
font-size: 85%;
font-weight: 700;
line-height: 122%;
margin: 10px 0;
}

#ygrp-mkp #ads {
margin-bottom: 10px;
}

#ygrp-mkp .ad {
padding: 0 0;
}

#ygrp-mkp .ad p {
margin: 0;
}

#ygrp-mkp .ad a {
color: #0000ff;
text-decoration: none;
}
#ygrp-sponsor #ygrp-lc {
font-family: Arial;
}

#ygrp-sponsor #ygrp-lc #hd {
margin: 10px 0px;
font-weight: 700;
font-size: 78%;
line-height: 122%;
}

#ygrp-sponsor #ygrp-lc .ad {
margin-bottom: 10px;
padding: 0 0;
}

#actions {
font-family: Verdana;
font-size: 11px;
padding: 10px 0;
}

#activity {
background-color: #e0ecee;
float: left;
font-family: Verdana;
font-size: 10px;
padding: 10px;
}

#activity span {
font-weight: 700;
}

#activity span:first-child {
text-transform: uppercase;
}

#activity span a {
color: #5085b6;
text-decoration: none;
}

#activity span span {
color: #ff7900;
}

#activity span .underline {
text-decoration: underline;
}

.attach {
clear: both;
display: table;
font-family: Arial;
font-size: 12px;
padding: 10px 0;
width: 400px;
}

.attach div a {
text-decoration: none;
}

.attach img {
border: none;
padding-right: 5px;
}

.attach label {
display: block;
margin-bottom: 5px;
}

.attach label a {
text-decoration: none;
}

blockquote {
margin: 0 0 0 4px;
}

.bold {
font-family: Arial;
font-size: 13px;
font-weight: 700;
}

.bold a {
text-decoration: none;
}

dd.last p a {
font-family: Verdana;
font-weight: 700;
}

dd.last p span {
margin-right: 10px;
font-family: Verdana;
font-weight: 700;
}

dd.last p span.yshortcuts {
margin-right: 0;
}

div.attach-table div div a {
text-decoration: none;
}

div.attach-table {
width: 400px;
}

div.file-title a, div.file-title a:active, div.file-title a:hover, div.file-title a:visited {
text-decoration: none;
}

div.photo-title a, div.photo-title a:active, div.photo-title a:hover, div.photo-title a:visited {
text-decoration: none;
}

div#ygrp-mlmsg #ygrp-msg p a span.yshortcuts {
font-family: Verdana;
font-size: 10px;
font-weight: normal;
}

.green {
color: #628c2a;
}

.MsoNormal {
margin: 0 0 0 0;
}

o {
font-size: 0;
}

#photos div {
float: left;
width: 72px;
}

#photos div div {
border: 1px solid #666666;
height: 62px;
overflow: hidden;
width: 62px;
}

#photos div label {
color: #666666;
font-size: 10px;
overflow: hidden;
text-align: center;
white-space: nowrap;
width: 64px;
}

#reco-category {
font-size: 77%;
}

#reco-desc {
font-size: 77%;
}

.replbq {
margin: 4px;
}

#ygrp-actbar div a:first-child {
/* border-right: 0px solid #000;*/
margin-right: 2px;
padding-right: 5px;
}

#ygrp-mlmsg {
font-size: 13px;
font-family: Arial, helvetica,clean, sans-serif;
*font-size: small;
*font: x-small;
}

#ygrp-mlmsg table {
font-size: inherit;
font: 100%;
}

#ygrp-mlmsg select, input, textarea {
font: 99% Arial, Helvetica, clean, sans-serif;
}

#ygrp-mlmsg pre, code {
font:115% monospace;
*font-size:100%;
}

#ygrp-mlmsg * {
line-height: 1.22em;
}

#ygrp-mlmsg #logo {
padding-bottom: 10px;
}


#ygrp-msg p a {
font-family: Verdana;
}

#ygrp-msg p#attach-count span {
color: #1E66AE;
font-weight: 700;
}

#ygrp-reco #reco-head {
color: #ff7900;
font-weight: 700;
}

#ygrp-reco {
margin-bottom: 20px;
padding: 0px;
}

#ygrp-sponsor #ov li a {
font-size: 130%;
text-decoration: none;
}

#ygrp-sponsor #ov li {
font-size: 77%;
list-style-type: square;
padding: 6px 0;
}

#ygrp-sponsor #ov ul {
margin: 0;
padding: 0 0 0 8px;
}

#ygrp-text {
font-family: Georgia;
}

#ygrp-text p {
margin: 0 0 1em 0;
}

#ygrp-text tt {
font-size: 120%;
}

#ygrp-vital ul li:last-child {
border-right: none !important;
}
-->
</style>
</head>

<!--~-|**|PrettyHtmlEnd|**|-~-->
</html>
<!-- end group email -->
spudarnia@yahoo.com [nuttx]
2016-01-16 20:33:36 UTC
Permalink
A versioned submodule could be used if there are no changes to the mbed TLS code. I suppose the submodule could be patched too, but that feels a little awkward.


My only requirements would be that (1) the submodule be versioned such that changes to TLS would not break the NuttX build and, (2) the submodule initialization is optional. I should not be necessary for everyone to clone a foreign repository if they are not using it.


Greg
spudarnia@yahoo.com [nuttx]
2016-01-16 20:45:13 UTC
Permalink
Another thought:


There is the beginning of a crypto subsystem in NuttX at nuttx/crypto/. There is not much there now; just some AES. But this idea is to provide a generic character driver for cryptography.


This is only important because many MCUs have builtin hardware support for encryption/decryption of various types. The idea is that the crypto/ driver would provide application access to these MCU hardware features.


So this would be a cool thing to expand and integrate into the mbed TLS if possible.


Greg
Marcelo Barros marcelobarrosalmeida@gmail.com [nuttx]
2016-01-17 16:28:20 UTC
Permalink
Greg

When I was involved to in OpenWSN I implemented some crypto blocks like
CBC, CTR, EBC, etc. The idea was to create a driver that could use
processor crypto engine or my implementation, depending on uC. The focus
were CCMS*, for 802.15.4e 2012 networks. I left a working implementation
for CCMS*.

https://github.com/marcelobarrosalmeida/ccms

This code was incorporated in OpenWSN and I believe it is working for some
platforms.
Just letting you know.

Marcelo Barros
Post by ***@yahoo.com [nuttx]
There is the beginning of a crypto subsystem in NuttX at nuttx/crypto/.
There is not much there now; just some AES. But this idea is to provide a
generic character driver for cryptography.
This is only important because many MCUs have builtin hardware support for
encryption/decryption of various types. The idea is that the crypto/
driver would provide application access to these MCU hardware features.
So this would be a cool thing to expand and integrate into the mbed TLS if possible.
Greg
--
-----------------------------------------------
De perto ninguém é normal.
Sebastien Lorquet sebastien@lorquet.fr [nuttx]
2016-01-18 15:08:05 UTC
Permalink
Hello,

I once had plans to improve this lib, to make it appear as something like
PKCS11, which is pretty generic. But more work came in the way and prevented my
progress.

I have plans to implement:
- key storage
- algorithm execution using keys
- key generation

in so-called crypto "modules", that could be optionnaly hardware-assisted for
increased security.

So a TLS library could *use* such a crypto device, but would not be part of it.

I have a written specification and API, and bits of implementation for an old
version of nuttx (repos were not separated yet). Not ready for a sumbission but
someone might like it and build on it. Then tell me, I can provide some docs.

Sebastien
Post by ***@yahoo.com [nuttx]
There is the beginning of a crypto subsystem in NuttX at nuttx/crypto/.
There is not much there now; just some AES. But this idea is to provide a
generic character driver for cryptography.
This is only important because many MCUs have builtin hardware support for
encryption/decryption of various types. The idea is that the crypto/ driver
would provide application access to these MCU hardware features.
So this would be a cool thing to expand and integrate into the mbed TLS if
possible.
Greg
Neilh NeilH20@biomonitors.com [nuttx]
2016-01-17 01:03:35 UTC
Permalink
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
</head>







<body style="background-color: #fff;">
<span style="display:none">&nbsp;</span>

<!--~-|**|PrettyHtmlStartT|**|-~-->
<div id="ygrp-mlmsg" style="position:relative;">
<div id="ygrp-msg" style="z-index: 1;">
<!--~-|**|PrettyHtmlEndT|**|-~-->

<div id="ygrp-text" >


<p>


Hi, I'm sharing this in case anybody has done it already/documented
it and I'm missing something. <br>
I'll plan on putting in the wiki if useful.<br>
<br>
So my objective, for my workflow is to be able to easily manage my
changes, do stability testing, and if they are of interest they can
be available for going upstream  into nuttx.<br>
Traditionally shaking out stability issues in embedded  environment
is a drawn out process, and need to handle multiple streams of
development and stability at the same time.<br>
<span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;"><a class="moz-txt-link-freetext" href="http://nvie.com/posts/a-successful-git-branching-model/">http://nvie.com/posts/a-successful-git-branching-model/</a>
</span><br>
So here is how I think this could work for Nuttx - this allows for
multiple forks and multiple build spaces for testing and merging.<br>
<br>
Sign into bitbucket.org , then clone the following into
bitbucket/&lt;userSpace&gt;<br>
(either setup SSH or use the https form instead of
<a class="moz-txt-link-abbreviated" href="mailto:***@bitbucket.org">***@bitbucket.org</a>:.... )<br>
bitbucket.org/patacongo/nuttx  to ZZ_NuttX   Description: &lt;your
plans for the fork&gt;<br>
bitbucket.org/nuttx/apps             ZZ_nuttapps Description:
&lt;your plans for an apps&gt;<br>
bitbucket.org/nuttx/arch              ZZ_nuttx-arch Description:
Required as part of nuttx<br>
bitbucket.org/nuttx/boards         ZZ_nuttx-config “Nuttx boards
definitions”<br>
<br>
Then on local machine (tested Ubuntu14.04)<br>
$cd git<br>
$mkdir nxYY    # - YY userdefined<br>
$cd nxYY<br>
<br>
$git clone <a class="moz-txt-link-abbreviated" href="mailto:***@bitbucket.org">***@bitbucket.org</a>:&lt;user&gt;/ZZ_nuttapps.git  apps<br>
$git clone <a class="moz-txt-link-abbreviated" href="mailto:***@bitbucket.org">***@bitbucket.org</a>:&lt;user&gt;/ZZ_nuttx.git nuttx<br>
$cd  nuttx<br>
git remote –v #(origin should be above)<br>
$ git config --file=.gitmodules --l  #or cat .gitmodules<br>
<br>
#first time through - change super-project submodules to  git
super-project ignored project directories<br>
echo "/configs/*" &gt;&gt; .gitignore<br>
echo "/arch/*" &gt;&gt; .gitignore<br>
<br>
git config --file=.gitmodules  --remove-section submodule.configs<br>
git config --file=.gitmodules  --remove-section submodule.arch<br>
<br>
# if "git subproject"  run there will be .git/modules/arch 
.git/modules/configs and need to delete<br>
# remove any possibility/traces of subproject<br>
rm -rf arch<br>
rm -rf configs<br>
<br>
#create buildable tree and store in bitbucket.or/user/ZZ_nuttX/<br>
git clone <a class="moz-txt-link-abbreviated" href="mailto:***@bitbucket.org">***@bitbucket.org</a>:&lt;user&gt;/ZZ_nuttx-configs.git 
configs <br>
git clone <a class="moz-txt-link-abbreviated" href="mailto:***@bitbucket.org">***@bitbucket.org</a>:&lt;user&gt;/ZZ_nuttx-arch.git  arch <br>
git status #shows arch and configs but git ignores any action on
them (I hope)<br>
git add  .gitignore <br>
git add .gitmodules<br>
git commit -m "changed submodule arch configs to directory" <br>
git push origin master<br>
#end-first time<br>
<br>
#optionally do this for submodule nutt/Documentation  first time
through<br>
git submodule update --init --recursive --remote #creates entries in
.git/config and update<br>
<br>
make distclean<br>
# Build target project and verify works<br>
cd  tools<br>
$ ./configure.sh stm32f429i-disco/usbmsc<br>
cd ..<br>
make menuconfig #save to latest format<br>
make #test build, verify Nuttx.bin  works before continuing<br>
<br>
# Do the following for changes to any one of three "projects" <br>
# superproject nuttx &amp; subprojects nuttx/arch and nuttx/config<br>
#eg for nuttx/arch (repeat for other projects as needed)<br>
cd arch<br>
git branch develop  #baseline for future: only first time through <br>
<br>
git checkout -b work-stm32-usbhwfi  #descriptive name for changes
everytime creating a new branch<br>
git branch #list branches<br>
git status # should be no changes<br>
&lt;&lt;make changes, build and test&gt;&gt;<br>
git status # list changes<br>
git add . <br>
git commit -m "myComments" <br>
git push origin work-stm32-usbhwfi<br>
# On Bitbucket check commit is as expected.<br>
<br>
#branchedWorkflow: Ideally private branch 'develop'  is aligned with
a Nuttx release number and <br>
# all updates are along branch develop and &lt;work-branches&gt; <br>
#until ready to offer a patch to the main branch, <br>
# in which case it will all have to be brought uptodate with a
defined Nuttx release number or tip<br>
<br>
#some commands to incorporate a finished work-item on the branch
develop<br>
$ git checkout develop  #Switched to branch 'develop'<br>
$ git merge --no-ff work-stm32-usbhwfi    #the real work merged to
branch develop, and I check it<br>
$ git branch -d myfeature # Delete branch at your own risk <br>
$ git push origin develop<br>
<br>
#To sync with nuttx tip, (any tip) could be challenging based on
number of updates and a number of methods to do it<br>
# a) Use the bitbucket.org sync button, if no conflicts then on
local machine "git checkout master, git pull, git merge -no-ff
develop, generate patch" if conflicts going to need to merge them<br>
# b) If other conflicts &lt;&lt;tbd&gt;&gt;<br>
<br>
If anybody sees a better way, be delighted to hear it.<br>
<pre class="moz-signature" cols="72">Neil</pre>
<br>


</p>

</div>


<!--~-|**|PrettyHtmlStart|**|-~-->
<div style="color: #fff; height: 0;">__._,_.___</div>






<div style="clear:both"> </div>

<div id="fromDMARC" style="margin-top: 10px;">
<hr style="height:2px ; border-width:0; color:#E3E3E3; background-color:#E3E3E3;">
Posted by: Neilh &lt;***@biomonitors.com&gt; <hr style="height:2px ; border-width:0; color:#E3E3E3; background-color:#E3E3E3;">
</div>
<div style="clear:both"> </div>

<table cellspacing=4px style="margin-top: 10px; margin-bottom: 10px; color: #2D50FD;">
<tbody>
<tr>
<td style="font-size: 12px; font-family: arial; font-weight: bold; padding: 7px 5px 5px;" >
<a style="text-decoration: none; color: #2D50FD" href="https://groups.yahoo.com/neo/groups/nuttx/conversations/messages/10814;_ylc=X3oDMTJyNmtuMmIwBF9TAzk3MzU5NzE0BGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRtc2dJZAMxMDgxNARzZWMDZnRyBHNsawNycGx5BHN0aW1lAzE0NTI5OTI2MTk-?act=reply&messageNum=10814">Reply via web post</a>
</td>
<td>&bull;</td>
<td style="font-size: 12px; font-family: arial; padding: 7px 5px 5px;" >
<a href="mailto:***@biomonitors.com?subject=Re%3A%20Using%20branched%20workflow%20on%20nuttx" style="text-decoration: none; color: #2D50FD;">
Reply to sender </a>
</td>
<td>&bull;</td>
<td style="font-size: 12px; font-family: arial; padding: 7px 5px 5px;">
<a href="mailto:***@yahoogroups.com?subject=Re%3A%20Using%20branched%20workflow%20on%20nuttx" style="text-decoration: none; color: #2D50FD">
Reply to group </a>
</td>
<td>&bull;</td>
<td style="font-size: 12px; font-family: arial; padding: 7px 5px 5px;" >
<a href="https://groups.yahoo.com/neo/groups/nuttx/conversations/newtopic;_ylc=X3oDMTJmcmdkYnFuBF9TAzk3MzU5NzE0BGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRzZWMDZnRyBHNsawNudHBjBHN0aW1lAzE0NTI5OTI2MTk-" style="text-decoration: none; color: #2D50FD">Start a New Topic</a>
</td>
<td>&bull;</td>
<td style="font-size: 12px; font-family: arial; padding: 7px 5px 5px;color: #2D50FD;" >
<a href="https://groups.yahoo.com/neo/groups/nuttx/conversations/topics/10799;_ylc=X3oDMTM3NmV2MGdiBF9TAzk3MzU5NzE0BGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRtc2dJZAMxMDgxNARzZWMDZnRyBHNsawN2dHBjBHN0aW1lAzE0NTI5OTI2MTkEdHBjSWQDMTA3OTk-" style="text-decoration: none; color: #2D50FD;">Messages in this topic</a>
(12)
</td>
</tr>
</tbody>
</table>



<!------- Start Nav Bar ------>
<!-- |**|begin egp html banner|**| -->
<!-- |**|end egp html banner|**| -->






<!-- |**|begin egp html banner|**| -->
<div id="ygrp-vital" style="background-color: #f2f2f2; font-family: Verdana; font-size: 10px; margin-bottom: 10px; padding: 10px;">

<span id="vithd" style="font-weight: bold; color: #333; text-transform: uppercase; "><a href="https://groups.yahoo.com/neo/groups/nuttx/info;_ylc=X3oDMTJma2VxcnFjBF9TAzk3MzU5NzE0BGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRzZWMDdnRsBHNsawN2Z2hwBHN0aW1lAzE0NTI5OTI2MTk-" style="text-decoration: none;">Visit Your Group</a></span>

<ul style="list-style-type: none; margin: 0; padding: 0; display: inline;">
<li style="border-right: 1px solid #000; font-weight: 700; display: inline; padding: 0 5px; margin-left: 0;">
<span class="cat"><a href="https://groups.yahoo.com/neo/groups/nuttx/members/all;_ylc=X3oDMTJnbGZjNGNmBF9TAzk3MzU5NzE0BGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRzZWMDdnRsBHNsawN2bWJycwRzdGltZQMxNDUyOTkyNjE5" style="text-decoration: none;">New Members</a></span>
<span class="ct" style="color: #ff7900;">1</span>
</li>
</ul>
</div>


<div id="ft" style="font-family: Arial; font-size: 11px; margin-top: 5px; padding: 0 2px 0 0; clear: both;">
<a href="https://groups.yahoo.com/neo;_ylc=X3oDMTJlMDNmbjk0BF9TAzk3NDc2NTkwBGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRzZWMDZnRyBHNsawNnZnAEc3RpbWUDMTQ1Mjk5MjYxOQ--" style="float: left;"><img src="http://l.yimg.com/ru/static/images/yg/img/email/new_logo/logo-groups-137x15.png" height="15" width="137" alt="Yahoo! Groups" style="border: 0;"/></a>
<div style="color: #747575; float: right;"> &bull; <a href="https://info.yahoo.com/privacy/us/yahoo/groups/details.html" style="text-decoration: none;">Privacy</a> &bull; <a href="mailto:nuttx-***@yahoogroups.com?subject=Unsubscribe" style="text-decoration: none;">Unsubscribe</a> &bull; <a href="https://info.yahoo.com/legal/us/yahoo/utos/terms/" style="text-decoration: none;">Terms of Use</a> </div>
</div>
<br>

<!-- |**|end egp html banner|**| -->

</div> <!-- ygrp-msg -->


<!-- Sponsor -->
<!-- |**|begin egp html banner|**| -->
<div id="ygrp-sponsor" style="width:160px; float:right; clear:none; margin:0 0 25px 0; background: #fff;">

<!-- Start Recommendations -->
<div id="ygrp-reco">
</div>
<!-- End Recommendations -->



</div> <!-- |**|end egp html banner|**| -->

<div style="clear:both; color: #FFF; font-size:1px;">.</div>
</div>

<img src="http://geo.yahoo.com/serv?s=97359714/grpId=23389070/grpspId=1705006559/msgId=10814/stime=1452992619" width="1" height="1"> <br>

<img src="http://y.analytics.yahoo.com/fpc.pl?ywarid=515FB27823A7407E&a=10001310322279&js=no&resp=img" width="1" height="1">

<div style="color: #fff; height: 0;">__,_._,___</div>
<!--~-|**|PrettyHtmlEnd|**|-~-->

</body>

<!--~-|**|PrettyHtmlStart|**|-~-->
<head>
<style type="text/css">
<!--
#ygrp-mkp {
border: 1px solid #d8d8d8;
font-family: Arial;
margin: 10px 0;
padding: 0 10px;
}

#ygrp-mkp hr {
border: 1px solid #d8d8d8;
}

#ygrp-mkp #hd {
color: #628c2a;
font-size: 85%;
font-weight: 700;
line-height: 122%;
margin: 10px 0;
}

#ygrp-mkp #ads {
margin-bottom: 10px;
}

#ygrp-mkp .ad {
padding: 0 0;
}

#ygrp-mkp .ad p {
margin: 0;
}

#ygrp-mkp .ad a {
color: #0000ff;
text-decoration: none;
}
#ygrp-sponsor #ygrp-lc {
font-family: Arial;
}

#ygrp-sponsor #ygrp-lc #hd {
margin: 10px 0px;
font-weight: 700;
font-size: 78%;
line-height: 122%;
}

#ygrp-sponsor #ygrp-lc .ad {
margin-bottom: 10px;
padding: 0 0;
}

#actions {
font-family: Verdana;
font-size: 11px;
padding: 10px 0;
}

#activity {
background-color: #e0ecee;
float: left;
font-family: Verdana;
font-size: 10px;
padding: 10px;
}

#activity span {
font-weight: 700;
}

#activity span:first-child {
text-transform: uppercase;
}

#activity span a {
color: #5085b6;
text-decoration: none;
}

#activity span span {
color: #ff7900;
}

#activity span .underline {
text-decoration: underline;
}

.attach {
clear: both;
display: table;
font-family: Arial;
font-size: 12px;
padding: 10px 0;
width: 400px;
}

.attach div a {
text-decoration: none;
}

.attach img {
border: none;
padding-right: 5px;
}

.attach label {
display: block;
margin-bottom: 5px;
}

.attach label a {
text-decoration: none;
}

blockquote {
margin: 0 0 0 4px;
}

.bold {
font-family: Arial;
font-size: 13px;
font-weight: 700;
}

.bold a {
text-decoration: none;
}

dd.last p a {
font-family: Verdana;
font-weight: 700;
}

dd.last p span {
margin-right: 10px;
font-family: Verdana;
font-weight: 700;
}

dd.last p span.yshortcuts {
margin-right: 0;
}

div.attach-table div div a {
text-decoration: none;
}

div.attach-table {
width: 400px;
}

div.file-title a, div.file-title a:active, div.file-title a:hover, div.file-title a:visited {
text-decoration: none;
}

div.photo-title a, div.photo-title a:active, div.photo-title a:hover, div.photo-title a:visited {
text-decoration: none;
}

div#ygrp-mlmsg #ygrp-msg p a span.yshortcuts {
font-family: Verdana;
font-size: 10px;
font-weight: normal;
}

.green {
color: #628c2a;
}

.MsoNormal {
margin: 0 0 0 0;
}

o {
font-size: 0;
}

#photos div {
float: left;
width: 72px;
}

#photos div div {
border: 1px solid #666666;
height: 62px;
overflow: hidden;
width: 62px;
}

#photos div label {
color: #666666;
font-size: 10px;
overflow: hidden;
text-align: center;
white-space: nowrap;
width: 64px;
}

#reco-category {
font-size: 77%;
}

#reco-desc {
font-size: 77%;
}

.replbq {
margin: 4px;
}

#ygrp-actbar div a:first-child {
/* border-right: 0px solid #000;*/
margin-right: 2px;
padding-right: 5px;
}

#ygrp-mlmsg {
font-size: 13px;
font-family: Arial, helvetica,clean, sans-serif;
*font-size: small;
*font: x-small;
}

#ygrp-mlmsg table {
font-size: inherit;
font: 100%;
}

#ygrp-mlmsg select, input, textarea {
font: 99% Arial, Helvetica, clean, sans-serif;
}

#ygrp-mlmsg pre, code {
font:115% monospace;
*font-size:100%;
}

#ygrp-mlmsg * {
line-height: 1.22em;
}

#ygrp-mlmsg #logo {
padding-bottom: 10px;
}


#ygrp-msg p a {
font-family: Verdana;
}

#ygrp-msg p#attach-count span {
color: #1E66AE;
font-weight: 700;
}

#ygrp-reco #reco-head {
color: #ff7900;
font-weight: 700;
}

#ygrp-reco {
margin-bottom: 20px;
padding: 0px;
}

#ygrp-sponsor #ov li a {
font-size: 130%;
text-decoration: none;
}

#ygrp-sponsor #ov li {
font-size: 77%;
list-style-type: square;
padding: 6px 0;
}

#ygrp-sponsor #ov ul {
margin: 0;
padding: 0 0 0 8px;
}

#ygrp-text {
font-family: Georgia;
}

#ygrp-text p {
margin: 0 0 1em 0;
}

#ygrp-text tt {
font-size: 120%;
}

#ygrp-vital ul li:last-child {
border-right: none !important;
}
-->
</style>
</head>

<!--~-|**|PrettyHtmlEnd|**|-~-->
</html>
<!-- end group email -->
Marcelo Barros marcelobarrosalmeida@gmail.com [nuttx]
2016-01-16 20:23:06 UTC
Permalink
Greg

Also, I cannot maintain large bodies of code like that in the NuttX
Post by ***@yahoo.com [nuttx]
repositories.
Yes, no doubt. It was a first attempt and I was expecting this kind of
feedback for moving mbed TLS to a proper place.
Post by ***@yahoo.com [nuttx]
Since there is an mbed OS, they may not be responsive to such an idea, however.
Agree.
Post by ***@yahoo.com [nuttx]
What we have done for other projects is to modify the build system ....
mbed STL is essentially a library. We can move it to apps, following
upython rules.
As compilation result, the library could be stored in nuttx/lib dir ?

Marcelo

Reply via web post
Post by ***@yahoo.com [nuttx]
<https://groups.yahoo.com/neo/groups/nuttx/conversations/messages/10808;_ylc=X3oDMTJyZTdjcDV1BF9TAzk3MzU5NzE0BGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRtc2dJZAMxMDgwOARzZWMDZnRyBHNsawNycGx5BHN0aW1lAzE0NTI5NzQ5NjY-?act=reply&messageNum=10808>
• Reply to sender
• Reply to group
• Start a New Topic
<https://groups.yahoo.com/neo/groups/nuttx/conversations/newtopic;_ylc=X3oDMTJmN3Jyam04BF9TAzk3MzU5NzE0BGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRzZWMDZnRyBHNsawNudHBjBHN0aW1lAzE0NTI5NzQ5NjY->
• Messages in this topic
<https://groups.yahoo.com/neo/groups/nuttx/conversations/topics/10799;_ylc=X3oDMTM3MTlya2JzBF9TAzk3MzU5NzE0BGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRtc2dJZAMxMDgwOARzZWMDZnRyBHNsawN2dHBjBHN0aW1lAzE0NTI5NzQ5NjYEdHBjSWQDMTA3OTk->
(6)
Visit Your Group
<https://groups.yahoo.com/neo/groups/nuttx/info;_ylc=X3oDMTJmcG03Z2V2BF9TAzk3MzU5NzE0BGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRzZWMDdnRsBHNsawN2Z2hwBHN0aW1lAzE0NTI5NzQ5NjY->
- New Members
<https://groups.yahoo.com/neo/groups/nuttx/members/all;_ylc=X3oDMTJnMTQycGFkBF9TAzk3MzU5NzE0BGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRzZWMDdnRsBHNsawN2bWJycwRzdGltZQMxNDUyOTc0OTY2>
2
[image: Yahoo! Groups]
<https://groups.yahoo.com/neo;_ylc=X3oDMTJldmIxM2kyBF9TAzk3NDc2NTkwBGdycElkAzIzMzg5MDcwBGdycHNwSWQDMTcwNTAwNjU1OQRzZWMDZnRyBHNsawNnZnAEc3RpbWUDMTQ1Mjk3NDk2Ng-->
• Privacy <https://info.yahoo.com/privacy/us/yahoo/groups/details.html> •
of Use <https://info.yahoo.com/legal/us/yahoo/utos/terms/>
.
--
-----------------------------------------------
De perto ninguém é normal.
Neilh NeilH20@biomonitors.com [nuttx]
2016-01-16 23:50:11 UTC
Permalink
Marcelo Barros marcelobarrosalmeida@gmail.com [nuttx]
2016-01-16 20:03:19 UTC
Permalink
Neilh, I finish the merge (using official repositories). Please, try again.

Marcelo
Hello Marcelo
TLS Sounds excellent, and hugely desirable.
I was wondering though how you setup nuttx and configs and apps and manage
your workflow on the super and submodules?
I have done a similar setup to yours with nuttx\configs origin setback to
my bitbucket,
but I run into a submodule problem of making changes in the submodules OK,
but this messes with the super project pointing to thos subprojects, which
in turn causes conflicts when using bitbuckets sync with upstream button.
When pressing "Sync now" I get conflicts relating to the submodule updates
I've previously performed.
I would hope to do workflow along the lines of
http://nvie.com/posts/a-successful-git-branching-model
but still figuring the git methods.
thanks
Hello
Following the philosophy "release early, release frequently", I would like
to announce that I spent my last days integrating mbed TLS [1] in NuttX. My
aim is to use secure sockets and public/private keys.
1) Very few changes in the original code base. In fact, only one line in
.c files (a small adaptation for supporting /dev/random instead of
/dev/urandom) and some lines in config.h (due to Kconfig and configuration
profiles - see next item).
2) As mbed STL configuration is based on .h files (features are enabled by
defines), I created some configuration profiles in Kconfig for loading
original .h configuration files. I am still creating a huge Kconfig for
supporting all mbed STL features, but this work is not completed yet (70%
done, I called it "custom profile" in Kconfig). I added a new profile also,
called Suite B FS (NSA Suite B profile [2] with support for file handling
and key writing). This is the profile that I am using and testing currently.
3) I am creating some examples for testing mbed STL features. A directory
ramdisk e genkey. The first only creates a ramdisk (based on fs examples)
and the second generates a key file in this ram disk (based on examples
provided by mbed stl). So, to test, it is necessary to type in nsh
nsh> ramdisk
nsh> genkey type=ec filename=/mnt/keys/a.pem ec_curve=secp256r1
4) My test board is a stm32F4discovery. A configuration profile called
mbedstl was created as well. It is necessary to enable network,
/dev/random, ram disk and a larger buffer for nsh. Make.defs has a new
include directory added (maybe the final solution is to move mbed stl
includes into nuttx include directory). My host system is Linux
(arm-none-eabi compiler) and I did not test in any other host.
Only for reference, some stats from compilation without and with mbed STL
text data bss dec hex filename
95805 261 9876 105942 19dd6 nuttx
text data bss dec hex filename
150093 301 27528 177922 2b702 nuttx
1) Create more examples (public/private key usage examples, secure sockets)
2) Finish custom kconfig
My overall impression is: mbed TLS library seems good to be used, it is
highly customizable, with nice code portability and with a good tradeoff
between features x size. However, examples provided require attention. For
instance, I have to change a variable of 16kb there was allocated in
function stack. So, take care when porting examples.
Yes, it is all available from my repositories :D
https://bitbucket.org/marcelobarrosalmeida/h6xa_nuttx.git
https://bitbucket.org/marcelobarrosalmeida/h6xa_configs.git
https://bitbucket.org/marcelobarrosalmeida/h6xa_apps.git
Finally, I would like to say that I am very new to NuttX. So, feel free to
suggest better organization and do not hesitate to move things around.
See you,
Marcelo Barros
[1] https://tls.mbed.org/
[2] https://www.nsa.gov/ia/programs/suiteb_cryptography/
--
-----------------------------------------------
De perto ninguém é normal.
Loading...