Added LwIP.

.gitmodules

@@ -7,3 +7,6 @@
 [submodule "lib/LwIP"]
 	path = lib/LwIP/lwip
 	url = https://git.savannah.nongnu.org/git/lwip.git
+[submodule "lib/MbedTLS"]
+	path = lib/MbedTLS/mbedtls
+	url = https://github.com/Mbed-TLS/mbedtls.git

CMakeLists.txt

@@ -90,6 +90,7 @@ set(TARGET_C_INCLUDES
 set(TARGET_LIBS
     "freertos_kernel"
     "lwip"
+    "mbedtls"
 )
 
 # Shared library and linker script search paths
@@ -126,6 +127,8 @@ add_subdirectory(lib/FreeRTOS)
 set(LWIP_CONFIG_FILE_DIRECTORY "${CMAKE_SOURCE_DIR}/lib/LwIP/port/include" CACHE STRING "")
 add_subdirectory(lib/LwIP)
 
+add_subdirectory(lib/MbedTLS)
+
 # Shared sources, includes and definitions
 add_compile_definitions(${TARGET_C_DEFINES})
 include_directories(${TARGET_C_INCLUDES})

lib/MbedTLS/CMakeLists.txt

@@ -0,0 +1,6 @@
+cmake_minimum_required(VERSION 3.10)
+
+project(kinetis_mbedtls)
+
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DMBEDTLS_CONFIG_FILE='\"kinetis_mbedtls_config.h\"' -I${CMAKE_CURRENT_LIST_DIR}/include")
+add_subdirectory(mbedtls)

lib/MbedTLS/include/kinetis_mbedtls_config.h

@@ -0,0 +1,86 @@
+/**
+ * \file config-no-entropy.h
+ *
+ * \brief Minimal configuration of features that do not require an entropy source
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+/*
+ * Minimal configuration of features that do not require an entropy source
+ * Distinguishing reatures:
+ * - no entropy module
+ * - no TLS protocol implementation available due to absence of an entropy
+ *   source
+ *
+ * See README.txt for usage instructions.
+ */
+
+/* System support */
+#define MBEDTLS_HAVE_ASM
+#define MBEDTLS_HAVE_TIME
+
+/* mbed TLS feature support */
+#define MBEDTLS_CIPHER_MODE_CBC
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#define MBEDTLS_ECP_NIST_OPTIM
+#define MBEDTLS_ECDSA_DETERMINISTIC
+#define MBEDTLS_PK_RSA_ALT_SUPPORT
+#define MBEDTLS_PKCS1_V15
+#define MBEDTLS_PKCS1_V21
+#define MBEDTLS_SELF_TEST
+#define MBEDTLS_VERSION_FEATURES
+
+/* mbed TLS modules */
+#define MBEDTLS_AES_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_CCM_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ERROR_C
+#define MBEDTLS_GCM_C
+#define MBEDTLS_HMAC_DRBG_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PEM_PARSE_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
+#define MBEDTLS_PLATFORM_C
+#define MBEDTLS_RSA_C
+/* The library does not currently support enabling SHA-224 without SHA-256.
+ * A future version of the library will have this option disabled
+ * by default. */
+#define MBEDTLS_SHA1_C
+#define MBEDTLS_SHA224_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SHA384_C
+#define MBEDTLS_SHA512_C
+#define MBEDTLS_VERSION_C
+#define MBEDTLS_X509_USE_C
+#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_CRL_PARSE_C
+//#define MBEDTLS_CMAC_C
+
+/* Miscellaneous options */
+#define MBEDTLS_AES_ROM_TABLES

lib/MbedTLS/mbedtls

@@ -0,0 +1 @@
+Subproject commit d65aeb37349ad1a50e0f6c9b694d4b5290d60e49

src/main.c

@@ -18,7 +18,15 @@
 #include "FreeRTOS.h"
 #include "task.h"
 
+/* MbedTLS */
+#include "mbedtls/aes.h"
+#include "mbedtls/gcm.h"
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/sha512.h"
+
 static void vTaskHello(void *pvParameters);
+static void mtls_selftests(int verbose);
 
 int main(void) {
     BOARD_InitBootPins();
@@ -31,6 +39,8 @@ int main(void) {
     print_hardware();
     sram_test();
 
+    mtls_selftests(1);
+
     xTaskCreate(vTaskHello, "HELLO", 256, NULL, 32, NULL);
 
     vTaskStartScheduler();
@@ -54,3 +64,14 @@ static void vTaskHello(void *pvParameters) {
                cur_tm->tm_mday, cur_tm->tm_hour, cur_tm->tm_min, cur_tm->tm_sec);
     }
 }
+
+static void mtls_selftests(int verbose) {
+    uint8_t failed_cases = 0;
+    if (mbedtls_aes_self_test(verbose) != 0) failed_cases++;
+    if (mbedtls_gcm_self_test(verbose) != 0) failed_cases++;
+    if (mbedtls_sha1_self_test(verbose) != 0) failed_cases++;
+    if (mbedtls_sha256_self_test(verbose) != 0) failed_cases++;
+    if (mbedtls_sha512_self_test(verbose) != 0) failed_cases++;
+
+    printf("MbedTLS selftests completed, %d case(s) failed.\r\n", failed_cases);
+}