This commit enables the implementation of alternative mbedTLS cryptography
functions, such as ECDSA sign and verify, in pure Python. Alternative
functions are implemented in Python callbacks, that get invoked from
wrapper functions when needed. The callback can return None to fall back
to the default mbedTLS function.
A common use case for this feature is with secure elements that have
drivers implemented in Python. Currently, only the ECDSA alternate sign
function wrapper is implemented.
Tested signing with a private EC key stored on an NXP SE05x secure element.
Signed-off-by: iabdalkader <i.abdalkader@gmail.com>
This is necessary for mbedTLS callbacks that do not carry any user state,
so those callbacks can be customised per SSL context.
Signed-off-by: iabdalkader <i.abdalkader@gmail.com>
The LwIP interface is removed in wiznet5k_deinit() which is called as part
of the init sequence. Therefore, if using mDNS, then the interface will
need to be re-added when bringing the interface up.
Additionally, this allows to set the hostname from MicroPython code prior
to bringing the interface up and mDNS responding to the (new) hostname.
This allows the hostname to be configured and saved on the flash or be
based on dynamic information such as the MAC or unique_id().
Signed-off-by: Jared Hancock <jared.hancock@centeredsolutions.com>
This is a fix for issue #15944, and handles corner cases in the FrameBuffer
code when using stride values where the last line's stride may extend past
the end of the underlying buffer. This commit includes extra tests for
these corner cases.
For example a GS8 format FrameBuffer with a width of 8, height of 2 and
stride of 10 should be able to fit into a buffer of size 18 (10 bytes for
the first horizontal line, and 8 bytes for the second -- the full 10 bytes
are not needed).
Similarly a 1 by 9 FrameBuffer in MONO_VLSB format with a stride of 10
should be able to fit into a buffer of length 11 (10 bytes for the first
8 lines, and then one byte for the 9th line.
Being able to do this is particularly important when cropping the corner of
an existing FrameBuffer, either to copy a sprite or to clip drawing.
Signed-off-by: Corran Webster <cwebster@unital.dev>
In MSVC debug builds with debug error reporting set to showing a dialog (to
allow attaching the debugger), any application which imports the logging
module and leaves the default handlers would result in this dialog because
logging.shutdown is called at exit and that flushes the default handler
which has stderr as its stream.
This commit fixes that by not fsync'ing stdin/out/err.
Also adds a comment related to checking whether a file is stdin/out/err,
which is difficult to fix properly.
Signed-off-by: stijn <stijn@ignitron.net>
- Code size saving as all of these functions are very similar.
- Resolves the "TODO" of the plain read and write functions not propagating
errors. An error in the underlying block device now causes VFatFs to
return EIO, for example.
This work was funded through GitHub Sponsors.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
A positive result here can result in eventual memory corruption
as littlefs expects the result of a cache read/write function to be
0 or a negative integer for an error.
Closes#13046
This work was funded through GitHub Sponsors.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
Fixes a compile error if STM32 port is compiled with:
make BOARD=(..) MICROPY_PY_LWIP=1 MICROPY_PY_LWIP_SLIP=1
`sio_send()` and `sio_tryread()` now use `mp_get_stream`.
Signed-off-by: Carl Treudler <cjt@users.sf.net>
This commit adds a new `network.PPP` interface which works on any port that
has bare-metal lwIP, eg rp2, stm32, mimxrt.
It has been tested on stm32. A board needs to enable
`MICROPY_PY_NETWORK_PPP_LWIP` and then it can use it as follows:
import network
ppp = network.PPP(uart)
ppp.connect()
while not ppp.isconnected():
pass
# use `socket` module as usual, etc
ppp.disconnect()
Usually the application must first configure the cellular/etc UART link to
get it connected and in to PPP mode first (eg ATD*99#), before handing over
control to `network.PPP`.
The PPP interface automatically configures the UART IRQ callback to call
PPP.poll() on incoming data.
Signed-off-by: Damien George <damien@micropython.org>
This adds support for the WIZNET5K nic to use IPv6 with the LWIP stack.
Additionally, if LWIP_IPV6 is disabled, the device is configured to drop
all IPv6 packets to reduce load on the MCU.
Signed-off-by: Jared Hancock <jared@greezybacon.me>
Small code size and binary size optimisation for the fix merged in
4d6d84983f370e48e81fb05fe31802e0a13fb369.
This work was funded through GitHub Sponsors.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
Currently the stack limit margin is hard-coded in each port's call to
`mp_stack_set_limit()`, but on threaded ports it's fiddlier and can lead to
bugs (such as incorrect thread stack margin on esp32).
This commit provides a new API to initialise the C Stack in one function
call, with a config macro to set the margin. Where possible the new call
is inlined to reduce code size in thread-free ports.
Intended replacement for `MP_TASK_STACK_LIMIT_MARGIN` on esp32.
The previous `stackctrl.h` API is still present and unmodified apart from a
deprecation comment. However it's not available when the
`MICROPY_PREVIEW_VERSION_2` macro is set.
This work was funded through GitHub Sponsors.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
`mbedtls_pk_parse_key()` expects `key_len` to include the NULL terminator
for PEM data but not for DER encoded data. This also applies to
`mbedtls_x509_crt_parse()` and `cert_len`.
Since all PEM data contains "-----BEGIN" this is used to check if the data
is PEM (as per mbedtls code).
This can be done for both v2 and v3 of mbedtls since the fundamental
behaviour/expectation did not change. What changed is that in v3 the
PKCS#8 DER parser now checks that the passed key buffer is fully utilized
and no bytes are remaining (all other DER formats still do not check this).
Signed-off-by: Peter Züger <zueger.peter@icloud.com>
The comparison between the given unmount string and existing mount strings
were made by the given string, which leads to buffer overflow.
Fixes issue #13006.
Signed-off-by: Junwha <qbit@unist.ac.kr>
Fixes various null dereferencing, out-of-bounds memory accesses and
`assert(0)` failures in the case of an invalid `uctypes` descriptor.
By design `uctypes` can crash because it accesses arbitrary memory, but at
least describing the descriptor layout should be forced to be correct and
not crash.
Fixes issue #12702.
Signed-off-by: stijn <stijn@ignitron.net>
Fixes use-after-free when accessing the database after it is closed with
`btree_close`. `btree_close` always succeeds when called with an
already-closed database.
The new test checks that operations that access the underlying database
(get, set, flush, seq) fail with a `ValueError` when the btree is already
closed. It also checks that closing and printing the btree succeed when
the btree is already closed.
Fixes issue #12543.
Signed-off-by: Michael Vornovitsky <michaelvornovitskiy@outlook.com>
This simplifies configuration by removing the `MICROPY_PY_OS_SEP` option
and instead including `os.sep` if `MICROPY_VFS` is enabled. That matches
the configuration of all existing ports that enabled `os.sep` (they also
had `MICROPY_VFS` enabled), and brings consistency to other ports.
Fixes issue #15116.
Signed-off-by: Damien George <damien@micropython.org>
The current situation with SystemExit and soft reset is the following:
- `sys.exit()` follows CPython and just raises `SystemExit`.
- On the unix port, raising `SystemExit` quits the application/MicroPython,
whether at the REPL or in code (this follows CPython behaviour).
- On bare-metal ports, raising `SystemExit` at the REPL does nothing,
raising it in code will stop the code and drop into the REPL.
- `machine.soft_reset()` raises `SystemExit` but with a special flag set,
and bare-metal targets check this flag when it propagates to the
top-level and do a soft reset when they receive it.
The original idea here was that a bare-metal target can't "quit" like the
unix port can, and so dropping to the REPL was considered the same as
"quit". But this bare-metal behaviour is arguably inconsistent with unix,
and "quit" should mean terminate everything, including REPL access.
This commit changes the behaviour to the following, which is more
consistent:
- Raising `SystemExit` on a bare-metal port will do a soft reset (unless
the exception is caught by the application).
- `machine.soft_reset()` is now equivalent to `sys.exit()`.
- unix port behaviour remains unchanged.
Tested running the test suite on an stm32 board and everything still
passes, in particular tests that skip by raising `SystemExit` still
correctly skip.
Signed-off-by: Damien George <damien@micropython.org>
The `re_exec` symbol is the name of a FreeBSD regex function, so needs to
be renamed to avoid a clash when building on FreeBSD. (This clash was
fixed once before but then accidentally reintroduced by the u-module
renaming in 7f5d5c72718af773db751269c6ae14037b9c0727.)
Fixes issue #15430.
clarify as helper function
Being able to send data out in LSB format can be useful, and having support
in the low-level driver is much better than requiring Python code to
reorder the bits before sending them / after receiving them. In particular
if the hardware does not support the LSB format (eg RP2040) then one needs
to use the SoftSPI in LSB mode.
For this change a default definition of `MICROPY_PY_MACHINE_SPI_MSB/_LSB`
was added to `py/mpconfig.h`, making them available to all ports. The
identical defines in `esp32/mpconfigport.h` were deleted.
Resolves issues #5340, #11404.
Signed-off-by: robert-hh <robert@hammelrath.com>
The only AP security mode supported is actually WPA/WPA2 not WEP. The
firmware command `0x19` starts the AP using `WIFI_AUTH_WPA_WPA2_PSK`
mode.
There are no functional changes in this commit, it just fixes the constant
names and removes the useless sanity checks for WEP.
Signed-off-by: iabdalkader <i.abdalkader@gmail.com>
The limit is set by a `MICROPY_PY_MACHINE_FREQ_NUM_ARGS_MAX` define, which
defaults to 1 and is set for stm32 to 4.
For stm32 this fixes a regression introduced in commit
e1ec6af654b1c5c4a973b6c6b029ee68bb92eb89 where the maximum number of
arguments was changed from 4 to 1.
Signed-off-by: robert-hh <robert@hammelrath.com>
Use new function mp_obj_new_str_from_cstr() where appropriate. It
simplifies the code, and makes it smaller too.
Signed-off-by: Jon Foster <jon@jon-foster.co.uk>
Enable support for cipher suites like
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, as suggested in
https://github.com/micropython/micropython/issues/14204#issuecomment-2024366349
and https://github.com/micropython/micropython/issues/10485#issuecomment-1396426824
Tests have been run on the top 500 domains from moz.com. Without this
patch, 155 out of 500 fail to connect because of TLS issues. This patch
fixes them all. And it seems all existing mbedtls flags are needed to get
good coverage of those top 500 domains.
The `ssl_poll.py` test has the cipher bits increased from 512 to 1024 in
its test key/cert so that it can work with ECDHE-RSA which is now the
chosen cipher.
Signed-off-by: Sylvain Zimmer <sylvain@sylvainzimmer.com>
Signed-off-by: Damien George <damien@micropython.org>
Allows passing in a callback to `TaskQueue()` that is called when something
is pushed on to the queue.
Signed-off-by: Damien George <damien@micropython.org>
This makes the code a bit simpler to understand for the three cases of
timeout behaviour (-1, 0, non-zero), and eliminates a dependency on the
(slow) `mp_hal_delay_ms(100)` call.
Signed-off-by: Damien George <damien@micropython.org>
If the socket timeout is 0 then a failed socket.connect() raises
EINPROGRESS (which is what the lwIP bindings already did), but if the
socket timeout is non-zero then a failed socket.connect() should raise
ETIMEDOUT. The latter is fixed in this commit.
A test is added for these timeout cases.
Signed-off-by: Damien George <damien@micropython.org>
This implements network.ipconfig() and network.WLAN.ipconfig() when the
ninaw10 driver is used for WLAN.
Due to a omission in the ninaw10 driver stack, setting the DNS address has
no effect. But the interface is kept here just in case it's fixed
eventually.
dhcp4 and has_dhcp4 are dummy arguments. Ninaw10 seems to always use DHCP.
Signed-off-by: robert-hh <robert@hammelrath.com>
Eventually this needs to be made a generic call to the underlying VFS. But
for now this prevents `disk_ioctl()` crashing on non-FAT filesystems.
Signed-off-by: Damien George <damien@micropython.org>
This adds support to use the Nagle algorithm implemented already in lwIP to
determine when TCP data should be sent.
As currently written, MicroPython will only create packets if there is <25%
remaining in the send buffer. Using it, sending a small message of ~50
bytes will not trigger output of the message on the network. So it will
remained queued until the TCP interval timer expires, which can be up to
500ms.
Using Nagle's algorithm, the first write, no matter how small, will
generate a packet on the network. And sending lots of data still makes
efficient use of the link.
In addition to this, an application designer may choose to always create
packets for every write by setting the TCP_NODELAY socket option. That's
also implemented in this commit.
The W5100 and W5100S only have 4 available sockets and 16kB of socket
buffer. Allocating 16kB to either the receive or transmit buffer of a
single socket is not allowed, so the current setup does not change the
allocation for socket 0 from the reset default. ctlwizchip is returning -1
to indicate the error, but the response isn't being inspected and probably
doesn't need to be.
Signed-off-by: Jared Hancock <jared@greezybacon.me>
Use the existing metal log handling mechanism instead of overriding the
metal_log, which causes build issues when logging is enabled.
Signed-off-by: iabdalkader <i.abdalkader@gmail.com>
Supporting `verify_mode` and `CERT_NONE` is required for the new `ssl.py`
code, as well as `requests` to work.
Signed-off-by: Damien George <damien@micropython.org>
Other constants such as `machine.Pin.OUT` are defined on the class that
uses them, rather than at the module level. This commit makes that the
case for WLAN network interfaces, adding IF_xxx and SEC_xxx constants.
The SEC_xxx constants are named as such to match the `security` keyword
that they are used with. And the IF_xxx constants have IF as a prefix so
they are grouped together as names.
This scheme of putting constants on the class means that only the available
features (eg security configurations) are made available as constants. It
also means that different network interfaces (eg WLAN vs LAN) can keep
their own specific constants within their class, such as PHY_xxx for LAN.
Signed-off-by: iabdalkader <i.abdalkader@gmail.com>
