pico w: add ssl module

Note: at this time, the ssl module on pico_w never verifies the server
certificate. This means it does not actually provide a higher security
level than regular socket / http protocols.

Author: jepler

locale/circuitpython.pot

@@ -152,14 +152,6 @@ msgstr ""
 msgid "%q must be >= %d"
 msgstr ""
 
-#: py/argcheck.c
-msgid "%q must be >= 0"
-msgstr ""
-
-#: shared-bindings/vectorio/Circle.c shared-bindings/vectorio/Rectangle.c
-msgid "%q must be >= 1"
-msgstr ""
-
 #: shared-bindings/analogbufio/BufferedIn.c
 #: shared-bindings/audiocore/RawSample.c
 msgid "%q must be a bytearray or array of type 'h', 'H', 'b', or 'B'"
@@ -910,8 +902,7 @@ msgstr ""
 msgid "Error: Failure to bind"
 msgstr ""
 
-#: ports/raspberrypi/bindings/rp2pio/StateMachine.c py/enum.c
-#: shared-bindings/_bleio/__init__.c shared-bindings/aesio/aes.c
+#: py/enum.c shared-bindings/_bleio/__init__.c shared-bindings/aesio/aes.c
 #: shared-bindings/alarm/__init__.c shared-bindings/busio/SPI.c
 #: shared-bindings/microcontroller/Pin.c
 #: shared-bindings/neopixel_write/__init__.c
@@ -1243,6 +1234,7 @@ msgid "Invalid size"
 msgstr ""
 
 #: ports/espressif/common-hal/ssl/SSLContext.c
+#: ports/raspberrypi/common-hal/ssl/SSLSocket.c
 msgid "Invalid socket for TLS"
 msgstr ""
 
@@ -1569,10 +1561,12 @@ msgid "Only 8 or 16 bit mono with "
 msgstr ""
 
 #: ports/espressif/common-hal/wifi/__init__.c
+#: ports/raspberrypi/common-hal/wifi/__init__.c
 msgid "Only IPv4 addresses supported"
 msgstr ""
 
 #: ports/espressif/common-hal/socketpool/Socket.c
+#: ports/raspberrypi/common-hal/socketpool/Socket.c
 msgid "Only IPv4 sockets supported"
 msgstr ""
 
@@ -1642,6 +1636,7 @@ msgid "Out of memory"
 msgstr ""
 
 #: ports/espressif/common-hal/socketpool/Socket.c
+#: ports/raspberrypi/common-hal/socketpool/Socket.c
 msgid "Out of sockets"
 msgstr ""
 
@@ -1696,7 +1691,6 @@ msgid "Pin interrupt already in use"
 msgstr ""
 
 #: shared-bindings/adafruit_bus_device/spi_device/SPIDevice.c
-#: shared-bindings/digitalio/DigitalInOut.c
 msgid "Pin is input only"
 msgstr ""
 
@@ -1916,6 +1910,7 @@ msgid "Slices not supported"
 msgstr ""
 
 #: ports/espressif/common-hal/socketpool/SocketPool.c
+#: ports/raspberrypi/common-hal/socketpool/SocketPool.c
 msgid "SocketPool can only be used with wifi.radio"
 msgstr ""
 
@@ -2341,10 +2336,6 @@ msgstr ""
 msgid "a bytes-like object is required"
 msgstr ""
 
-#: shared-bindings/i2ctarget/I2CTarget.c
-msgid "address out of bounds"
-msgstr ""
-
 #: shared-bindings/i2ctarget/I2CTarget.c
 msgid "addresses is empty"
 msgstr ""
@@ -2814,10 +2805,6 @@ msgstr ""
 msgid "destination buffer must be an array of type 'H' for bit_depth = 16"
 msgstr ""
 
-#: shared-bindings/audiobusio/PDMIn.c
-msgid "destination_length must be an int >= 0"
-msgstr ""
-
 #: py/objdict.c
 msgid "dict update sequence has wrong length"
 msgstr ""
@@ -3241,6 +3228,10 @@ msgstr ""
 msgid "invalid bits_per_pixel %d, must be, 1, 2, 4, 8, 16, 24, or 32"
 msgstr ""
 
+#: ports/raspberrypi/common-hal/ssl/SSLSocket.c
+msgid "invalid cert"
+msgstr ""
+
 #: shared-bindings/bitmaptools/__init__.c
 #, c-format
 msgid "invalid element size %d for bits_per_pixel %d\n"
@@ -3267,6 +3258,10 @@ msgstr ""
 msgid "invalid hostname"
 msgstr ""
 
+#: ports/raspberrypi/common-hal/ssl/SSLSocket.c
+msgid "invalid key"
+msgstr ""
+
 #: py/compile.c
 msgid "invalid micropython decorator"
 msgstr ""

ports/espressif/common-hal/ssl/SSLSocket.c

@@ -158,7 +158,7 @@ mp_uint_t common_hal_ssl_sslsocket_send(ssl_sslsocket_obj_t *self, const uint8_t
 
         if (err == ESP_ERR_MBEDTLS_SSL_SETUP_FAILED) {
             mp_raise_espidf_MemoryError();
-        } else if (ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED) {
+        } else if (err == ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED) {
             mp_raise_OSError_msg_varg(translate("Failed SSL handshake"));
         } else {
             mp_raise_OSError_msg_varg(translate("Unhandled ESP TLS error %d %d %x %d"), esp_tls_code, flags, err, sent);

ports/raspberrypi/Makefile

@@ -276,6 +276,88 @@ SRC_C += \
 	$(SRC_CYW43) \
 	$(SRC_LWIP) \
 
+ifeq ($(CIRCUITPY_SSL),1)
+CFLAGS += -isystem $(TOP)/mbedtls/include
+SRC_MBEDTLS := $(addprefix lib/mbedtls/library/, \
+        aes.c \
+        aesni.c \
+        arc4.c \
+        asn1parse.c \
+        asn1write.c \
+        base64.c \
+        bignum.c \
+        blowfish.c \
+        camellia.c \
+        ccm.c \
+        certs.c \
+        chacha20.c \
+        chachapoly.c \
+        cipher.c \
+        cipher_wrap.c \
+        cmac.c \
+        ctr_drbg.c \
+        debug.c \
+        des.c \
+        dhm.c \
+        ecdh.c \
+        ecdsa.c \
+        ecjpake.c \
+        ecp.c \
+        ecp_curves.c \
+        entropy.c \
+        entropy_poll.c \
+        gcm.c \
+        havege.c \
+        hmac_drbg.c \
+        md2.c \
+        md4.c \
+        md5.c \
+        md.c \
+        md_wrap.c \
+        oid.c \
+        padlock.c \
+        pem.c \
+        pk.c \
+        pkcs11.c \
+        pkcs12.c \
+        pkcs5.c \
+        pkparse.c \
+        pk_wrap.c \
+        pkwrite.c \
+        platform.c \
+        platform_util.c \
+        poly1305.c \
+        ripemd160.c \
+        rsa.c \
+        rsa_internal.c \
+        sha1.c \
+        sha256.c \
+        sha512.c \
+        ssl_cache.c \
+        ssl_ciphersuites.c \
+        ssl_cli.c \
+        ssl_cookie.c \
+        ssl_srv.c \
+        ssl_ticket.c \
+        ssl_tls.c \
+        timing.c \
+        x509.c \
+        x509_create.c \
+        x509_crl.c \
+        x509_crt.c \
+        x509_csr.c \
+        x509write_crt.c \
+        x509write_csr.c \
+        xtea.c \
+	)
+SRC_C += $(SRC_MBEDTLS) mbedtls/mbedtls_port.c
+CFLAGS += \
+	  -isystem $(TOP)/lib/mbedtls/include \
+	  -DMBEDTLS_CONFIG_FILE='"mbedtls/mbedtls_config.h"' \
+
+$(patsubst %.c,$(BUILD)/%.o,$(SRC_MBEDTLS))): CFLAGS += -Wno-suggest-attribute=format
+endif
+
 SRC_COMMON_HAL_EXPANDED = $(addprefix shared-bindings/, $(SRC_COMMON_HAL)) \
                           $(addprefix shared-bindings/, $(SRC_BINDINGS_ENUMS)) \
                           $(addprefix common-hal/, $(SRC_COMMON_HAL))

ports/raspberrypi/boards/raspberry_pi_pico_w/mpconfigboard.mk

@@ -11,7 +11,8 @@ EXTERNAL_FLASH_DEVICES = "W25Q16JVxQ"
 CIRCUITPY__EVE = 1
 
 CIRCUITPY_CYW43 = 1
-CIRCUITPY_SSL = 0
+CIRCUITPY_SSL = 1
+CIRCUITPY_SSL_MBEDTLS = 1
 CIRCUITPY_HASHLIB = 0
 CIRCUITPY_WEB_WORKFLOW = 0
 CIRCUITPY_MDNS = 0

ports/raspberrypi/common-hal/ssl/SSLContext.c

@@ -0,0 +1,52 @@
+/*
+ * This file is part of the MicroPython project, http://micropython.org/
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2020 Scott Shawcroft for Adafruit Industries
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "shared-bindings/ssl/SSLContext.h"
+#include "shared-bindings/ssl/SSLSocket.h"
+#include "shared-bindings/socketpool/SocketPool.h"
+
+#include "py/runtime.h"
+#include "py/stream.h"
+
+void common_hal_ssl_sslcontext_construct(ssl_sslcontext_obj_t *self) {
+}
+
+void common_hal_ssl_sslcontext_load_verify_locations(ssl_sslcontext_obj_t *self,
+    const char *cadata) {
+    mp_raise_NotImplementedError(NULL);
+}
+
+void common_hal_ssl_sslcontext_set_default_verify_paths(ssl_sslcontext_obj_t *self) {
+    mp_raise_NotImplementedError(NULL);
+}
+
+bool common_hal_ssl_sslcontext_get_check_hostname(ssl_sslcontext_obj_t *self) {
+    return self->check_name;
+}
+
+void common_hal_ssl_sslcontext_set_check_hostname(ssl_sslcontext_obj_t *self, bool value) {
+    self->check_name = value;
+}

ports/raspberrypi/common-hal/ssl/SSLContext.h

@@ -0,0 +1,35 @@
+/*
+ * This file is part of the MicroPython project, http://micropython.org/
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2020 Scott Shawcroft for Adafruit Industries
+ * Copyright (c) 2022 Jeff Epler for Adafruit Industries
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#pragma once
+
+#include "py/obj.h"
+
+typedef struct {
+    mp_obj_base_t base;
+    bool check_name;
+} ssl_sslcontext_obj_t;