Commit Graph

9157 Commits

Author SHA1 Message Date
Jeff Epler
1641a7c002
Pico W: ssl: Correctly handle errors in send/recv
The prefixed versions raise Python exceptions, the un-prefixed return
negative error values. We don't want to raise an exception from here,
it leaves the SSL stack in an undefined state.
2022-10-12 11:38:30 -05:00
Jeff Epler
7c849fdadb
Pico W: ssl: Raise MemoryError for allocation errors 2022-10-12 11:38:29 -05:00
Jeff Epler
b1f7940297
Pico W: Correctly treat empty cadata= as disabling host checking 2022-10-12 11:38:29 -05:00
Jeff Epler
ca9523b814
Pico w: socket: Correctly return negative error code from recv_into 2022-10-12 11:38:29 -05:00
Jeff Epler
62cbd3bcd8
Pico w: socket: correctly track sockets generated by accept() 2022-10-12 11:38:26 -05:00
MicroDev
ab22d5a8cd
Merge pull request #7024 from flom84/stm-include-headers-fixes
Remove redundant header files in STM port
2022-10-12 10:22:29 +05:30
Dan Halbert
822e806f03
Merge pull request #7031 from BPI-STEAM/CircuitPython-main-bpi-picow-dev
Add BananaPi BPI-PicoW-S3 .
2022-10-11 22:53:37 -04:00
Wind-stormger
376df8ec7e Add BananaPi BPI-PicoW-S3 .
Adds support for the BananaPi BPI-PicoW-S3 Boards.
Based on esp32s3 chip.
With one WS2812 LED, one monochrome LED, one ceramic antenna.
Support double-reset to tinyUF2.
2022-10-12 09:11:25 +08:00
Dan Halbert
e19abef57e forgot to add these! 2022-10-11 13:12:43 -04:00
Dan Halbert
851f8a188d Merge remote-tracking branch 'adafruit/main' into HEAD 2022-10-11 12:21:59 -04:00
Jeff Epler
0c8b261ec9
picow: Add support of self-signed certificates.
## Testing self-signed certificates and `load_verify_locations`

Obtain the badssl "self-signed" certificate in the correct form:

```sh
openssl s_client -servername self-signed.badssl.com -connect untrusted-root.badssl.com:443 < /dev/null | openssl x509 > self-signed.pem
```

Copy it and the script to CIRCUITPY:
```python
import os
import wifi
import socketpool
import ssl
import adafruit_requests

TEXT_URL = "https://self-signed.badssl.com/"
if not wifi.radio.ipv4_address:
    wifi.radio.connect(os.getenv('WIFI_SSID'), os.getenv('WIFI_PASSWORD'))

pool = socketpool.SocketPool(wifi.radio)
context = ssl.create_default_context()
requests = adafruit_requests.Session(pool, context)

print(f"Fetching from {TEXT_URL} without certificate (should fail)")
try:
    response = requests.get(TEXT_URL)
except Exception as e:
    print(f"Failed: {e}")
else:
    print(f"{response.status_code=}, should have failed with exception")

print("Loading server certificate")
with open("/self-signed.pem", "rb") as certfile:
    context.load_verify_locations(cadata=certfile.read())
requests = adafruit_requests.Session(pool, context)

print(f"Fetching from {TEXT_URL} with certificate (should succeed)")
try:
    response = requests.get(TEXT_URL)
except Exception as e:
    print(f"Unexpected exception: {e}")
else:
    print(f"{response.status_code=}, should be 200 OK")
```
2022-10-10 15:53:56 -05:00
Jeff Epler
c98174eea5
Add support for SSL client certificate (load_cert_chain)
Tested with badssl.com:

 1. Get client certificates from https://badssl.com/download/
 2. Convert public portion with `openssl x509 -in badssl.com-client.pem -out CIRCUITPY/cert.pem`
 3. Convert private portion with `openssl rsa -in badssl.com-client.pem -out CIRCUITPY/privkey.pem` and the password `badssl.com`
 4. Put wifi settings in CIRCUITPY/.env
 5. Run the below Python script:

```py
import os
import wifi
import socketpool
import ssl
import adafruit_requests

TEXT_URL = "https://client.badssl.com/"
wifi.radio.connect(os.getenv('WIFI_SSID'), os.getenv('WIFI_PASSWORD'))

pool = socketpool.SocketPool(wifi.radio)
context = ssl.create_default_context()
requests = adafruit_requests.Session(pool, context)

print(f"Fetching from {TEXT_URL} without certificate (should fail)")
response = requests.get(TEXT_URL)
print(f"{response.status_code=}, should be 400 Bad Request")
input("hit enter to continue\r")

print("Loading client certificate")
context.load_cert_chain("/cert.pem", "privkey.pem")
requests = adafruit_requests.Session(pool, context)

print(f"Fetching from {TEXT_URL} with certificate (should succeed)")
response = requests.get(TEXT_URL)
print(f"{response.status_code=}, should be 200 OK")
```
2022-10-10 15:10:53 -05:00
flom84
81d227de73 Use types from circuitpython. 2022-10-10 20:55:44 +02:00
Florin Maticu
ab1de66dd3 Remove redundant header files. 2022-10-10 20:37:31 +02:00
Dan Halbert
14c9028c1f
Merge pull request #7026 from dhalbert/minor-space-savings
save about 112 bytes
2022-10-10 13:55:56 -04:00
Dan Halbert
de95463deb
Merge pull request #7023 from dhalbert/wifi-scanning-fixes
update esp-idf; allow start/stop channels in wifi scanning
2022-10-10 13:54:54 -04:00
Dan Halbert
8d344459cd
Merge pull request #7021 from jepler/pico-w-vbus-sense
pico w: pins improvements
2022-10-10 11:56:30 -04:00
Dan Halbert
86a0f9a861 save about 112 bytes 2022-10-09 19:22:39 -04:00
Dan Halbert
747dc7746d handle scan channel bounds but note they do nothing for RP2040 CYW43 2022-10-07 16:22:17 -04:00
Dan Halbert
21c0c4c1a6 update esp-idf; allow start/stop channels in wifi scanning 2022-10-07 15:29:09 -04:00
MicroDev
fc549fe345
Merge pull request #7014 from jepler/restore-nvm-module
restore nvm module
2022-10-08 00:12:41 +05:30
Dan Halbert
78b278e091 disable rainbowio on arduino_zero 2022-10-07 10:39:30 -04:00
Jeff Epler
f882571366
pico w: pins improvements
Closes: #7017

 * Remove the 'GP23' alias for CYW1
 * Remove the 'CYW0' alias for CYW0
 * Switch VBUS_SENSE to CYW2, remove 'GP24' alias

Code that wants to use SMPS_MODE, VBUS_SENSE and LED while being
portable to the W and non-W variants should use those names, not alias
names.

 * Remove A3 / VOLTAGE_MONITOR

Right now this cannot be used. The ability to check the voltage monitor
should be added back in some fashion in the future.
2022-10-07 08:48:36 -05:00
Dan Halbert
041885da1b
Merge pull request #7011 from jepler/pico-w-resize-circuitpy-again
switch flash split to leave 512kB for CIRCUITPY
2022-10-07 08:32:18 -04:00
Neradoc
3a6382d1ea cyw43.CywPin should be the class, not a string 2022-10-07 02:11:05 +02:00
Jeff Epler
644d293641
Fix CIRCUITPY drive offset in flash correctly, accounting for NVM
.. and fix nvm to read/right the correct area.

.. putting a comment in link.ld to explain it all

Closes #7012
2022-10-06 12:39:46 -05:00
Jeff Epler
07cd2ff065
restore 4kB gap pending resolution of #7011 2022-10-06 11:20:48 -05:00
Dan Halbert
8d82e4ba5f
Merge pull request #7008 from MicroDev1/patch
Cleanup `mpconfigboard.mk` of espressif boards
2022-10-06 11:20:11 -04:00
Jeff Epler
6e2c24083a
switch flash split to leave 512kB for CIRCUITPY 2022-10-06 10:12:22 -05:00
Dan Halbert
e0517c7379
Merge pull request #6999 from jepler/picow-ssl
pico_w: implement ssl with caveats
2022-10-06 10:51:36 -04:00
microDev
4f753251db
cleanup mpconfigboard.mk of espressif boards
- move `INTERNAL_FLASH_FILESYSTEM` to `mpconfigport.mk`
- move `LONGINT_IMPL` to `mpconfigport.mk`
- move `CFG_TUD_TASK_QUEUE_SZ` to `Makefile`
2022-10-06 16:15:01 +05:30
Dan Halbert
296960dd89 shorten board.c 2022-10-05 20:23:19 -04:00
Neradoc
d31acdef6c
we don't use AUTORESET_DELAY_MS 2022-10-06 02:19:48 +02:00
Jeff Epler
2dc283f578
close underlying socket object when closing ssl socket 2022-10-05 15:10:14 -05:00
Jeff Epler
4a9389d347
remove debug message 2022-10-05 14:57:04 -05:00
Jeff Epler
14f2309b6f
Enable more key exchange methods
This is intended (but not entirely verified) to match our esp32 builds.
It does fix accessing https://circuitpython.org, which failed before with
"MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE".

It still doesn't work on a personal website of mine with valid letsencrypt
certificate but I haven't verified whether it works on esp32s2 with CP.
That site only allows TLS 1.3, while this mbedtls only supports up to
1.2.
The version of mbedtls we adopted based on micropython's use has no
TLS 1.3 support, but the one in espressif esp-idf does.
2022-10-05 14:56:27 -05:00
Jeff Epler
fabfdcf6fe
More ssl work 2022-10-05 14:56:26 -05:00
Jeff Epler
944d388158
copy esp_crt_bundle.c from esp-idf@d51f7d8821 2022-10-05 14:56:26 -05:00
Jeff Epler
a64c1a11c5
move nina-fw certificates so it can be shared with other ports 2022-10-05 14:56:25 -05:00
Jeff Epler
09023abcd2
Update espressif function prototype to match 2022-10-05 14:56:25 -05:00
Kyle Mohr
dd5f9411c8
Merge branch 'adafruit:main' into main 2022-10-05 13:44:12 -05:00
Jeff Epler
dcb650c513 pico w: add ssl module
Note: at this time, the ssl module on pico_w never verifies the server
certificate. This means it does not actually provide a higher security
level than regular socket / http protocols.
2022-10-05 13:12:43 -04:00
Jeff Epler
2bd50673b6
Finish adapting flash storage size
Before this, CIRCUITPY would start at 1MB anyway. This appeared to work
only because I hadn't checked the actual size of the CIRCUITPY drive,
and because until now the flash hadn't actually crossed that 1MB
boundary into CIRCUITPY storage.

WARNING: on pico_w, upgrading/downgrading CircuitPython across this commit
boundary will erase the CIRCUITPY filesystem. After this commit,
switching between pico and pico_w firmware will erase the CIRCUITPY
filesystem
2022-10-05 10:02:38 -05:00
Jeff Epler
52bca95208
Refactor dotenv module so that it can be tested on host
.. it needs to operate on a FILE* rather than FIL depending on
the build.

Note that this is comparing output to expected, not to cpython dotenv
package. Because run-tests.py starts the CPython interpreter with the
'-S' (skip site initialization) flag, pip-installed packages are
not available for import inside a test file. Instead, the exp
file is generated manually:
```
circuitpython/tests$ python3 circuitpython/dotenv_test.py > circuitpython/dotenv_test.py.exp
```

Unfortunately, the test fails on test e15:
```diff
FAILURE /home/jepler/src/circuitpython/tests/results/circuitpython_dotenv_test.py
--- /home/jepler/src/circuitpython/tests/results/circuitpython_dotenv_test.py.exp	2022-10-04 09:48:16.307703128 -0500
+++ /home/jepler/src/circuitpython/tests/results/circuitpython_dotenv_test.py.out	2022-10-04 09:48:16.307703128 -0500
@@ -14,7 +14,7 @@
 line
 e13 e13value
 e14 None
-e15 e15value
+e15 None
 e16 #
 e17 def
 e18 #has a hash
```
2022-10-04 09:51:27 -05:00
Kyle Mohr
02e115cbc2
Update mpconfigboard.mk 2022-10-04 00:03:59 -05:00
Kyle Mohr
330b96726a add newlines to end of files 2022-10-04 04:56:31 +00:00
Kyle Mohr
5268ef01c9
Utilize VID/PID from native USB port 2022-10-03 23:45:28 -05:00
Kyle Mohr
cffc1bfcab
sdkconfig didn't get committed for some reason... 2022-10-03 22:54:31 -05:00
Kyle Mohr
a948dc399b add esp32-s2-devkitc-1-n8r2 variant 2022-10-04 03:51:51 +00:00
Dan Halbert
90f6096955 fix ai-thinker creation ids; fix some typos elsewhere 2022-10-03 15:29:03 -04:00