Move BearSSL from STACK_PROXY to a real, thunked 2nd stack (#5168)

* Update to BearSSL 0.6+ release, add AES_CCM modes

Pull in latest BearSSL head (0.6 + minor additions) release and add AES_CCM
modes to the encryption options.

* Enable the aes_ccm initialization in client/server

* Initial attempt

* Working code with second stack thunking

* Remove #ifdefs in .S file, not needed.

* Clean up thunks and remove separate stack flag

* Fix PIO assembler errors

* Remove #ifdef code changes, ensure same code as PC

Remove "#ifdef ESP8266;...;#else;...;#endif" brackets in BearSSL to
ensure the host-tested code is the same as the ESP8266-run code.

* Move to latest BearSSL w/EC progmem savings

* Merge with master

* Add br_thunk_* calls to do ref counting, painting

Add reference counting br_thunk_add/del_ref() to replace stack handling code
in the class.

Add in stack painting and max usage calculation.

* Add in postmortem stack dump hooks

When a crash occurs while in the second stack, dump the BSSL stack and
then also the stack that it was called from (either cont or sys).

* Update stack dump to match decoder expectations

* Move thunk to code core for linkiage

The thunk code needs to be visible to the core routines, so move it to the
cores/esp8266 directory.  Probably need to refactor the stack setup and the
bearssl portion to avoid dependency on bearssl libs in cores/esp8266

* Add 2nd stack dump utility routine

* Refactor once more, update stack size, add stress

Make stack_thunks generic, remove bearssl include inside of cores/esp8266.

Allocate the stack on a WiFiServerSecure object creation to avoid
fragmentation since we will need to allocate the stack to do any
connected work, anyway.

A stress test is now included which checks the total BearSSL second
stack usage for a variety of TLS handshake and certificate options
from badssl.org.

* Update to latest to-thunks branch

* Add BearSSL device test using stack stress

Run a series of SSL connection and transmission tests that stress
BearSSL and its stack usage to the device tests.

Modify device tests to include a possible SPIFFS generation and
upload when a make_spiffs.py file is present in a test directory.

* Use bearssl/master branch, not /to-thunks branch

Update to use the merged master branch of bearssl.  Should have no code
changes.

cores/esp8266/StackThunk.c

@@ -0,0 +1,122 @@
+/*
+  StackThunk.c - Allow use second stack for BearSSL calls
+
+  BearSSL uses a significant amount of stack space, much larger than
+  the default Arduino core stack. These routines handle swapping
+  between a secondary, user-allocated stack on the heap and the real
+  stack.
+
+  Copyright (c) 2017 Earle F. Philhower, III. All rights reserved.
+
+  This library is free software; you can redistribute it and/or
+  modify it under the terms of the GNU Lesser General Public
+  License as published by the Free Software Foundation; either
+  version 2.1 of the License, or (at your option) any later version.
+
+  This library is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public
+  License along with this library; if not, write to the Free Software
+  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+  Modified 8 May 2015 by Hristo Gochkov (proper post and file upload handling)
+*/
+
+#include <stdint.h>
+#include <stdlib.h>
+#include "StackThunk.h"
+
+uint32_t *stack_thunk_ptr = NULL;
+uint32_t *stack_thunk_top = NULL;
+uint32_t *stack_thunk_save = NULL;  /* Saved A1 while in BearSSL */
+uint32_t stack_thunk_refcnt = 0;
+
+#define _stackSize (5600/4)
+#define _stackPaint 0xdeadbeef
+
+/* Add a reference, and allocate the stack if necessary */
+void stack_thunk_add_ref()
+{
+  stack_thunk_refcnt++;
+  if (stack_thunk_refcnt == 1) {
+    stack_thunk_ptr = (uint32_t *)malloc(_stackSize * sizeof(uint32_t));
+    stack_thunk_top = stack_thunk_ptr + _stackSize - 1;
+    stack_thunk_save = NULL;
+    stack_thunk_repaint();
+  }
+}
+
+/* Drop a reference, and free stack if no more in use */
+void stack_thunk_del_ref()
+{
+  if (stack_thunk_refcnt == 0) {
+    /* Error! */
+    return;
+  }
+  stack_thunk_refcnt--;
+  if (!stack_thunk_refcnt) {
+    free(stack_thunk_ptr);
+    stack_thunk_ptr = NULL;
+    stack_thunk_top = NULL;
+    stack_thunk_save = NULL;
+  }
+}
+
+void stack_thunk_repaint()
+{
+  for (int i=0; i < _stackSize; i++) {
+    stack_thunk_ptr[i] = _stackPaint;
+  }
+}
+
+/* Simple accessor functions used by postmortem */
+uint32_t stack_thunk_get_refcnt() {
+  return stack_thunk_refcnt;
+}
+
+uint32_t stack_thunk_get_stack_top() {
+  return (uint32_t)stack_thunk_top;
+}
+
+uint32_t stack_thunk_get_stack_bot() {
+  return (uint32_t)stack_thunk_ptr;
+}
+
+uint32_t stack_thunk_get_cont_sp() {
+  return (uint32_t)stack_thunk_save;
+}
+
+/* Return the number of bytes ever used since the stack was created */
+uint32_t stack_thunk_get_max_usage()
+{
+  uint32_t cnt = 0;
+
+  /* No stack == no usage by definition! */
+  if (!stack_thunk_ptr) {
+    return 0;
+  }
+
+  for (cnt=0; (cnt < _stackSize) && (stack_thunk_ptr[cnt] == _stackPaint); cnt++) {
+    /* Noop, all work done in for() */
+  }
+  return 4 * (_stackSize - cnt);
+}
+
+/* Print the stack from the first used 16-byte chunk to the top, decodable by the exception decoder */
+void stack_thunk_dump_stack()
+{
+  uint32_t *pos = stack_thunk_top;
+  while (pos < stack_thunk_ptr) {
+    if ((pos[0] != _stackPaint) || (pos[1] != _stackPaint) || (pos[2] != _stackPaint) || (pos[3] != _stackPaint))
+      break;
+    pos += 4;
+  }
+  ets_printf(">>>stack>>>\n");
+  while (pos < stack_thunk_ptr) {
+    ets_printf("%08x:  %08x %08x %08x %08x\n", pos, pos[0], pos[1], pos[2], pos[3]);
+    pos += 4;
+  }
+  ets_printf("<<<stack<<<\n");
+}

cores/esp8266/StackThunk.h

@@ -0,0 +1,82 @@
+/*
+  StackThunk.h - Allow use second stack for BearSSL calls
+
+  BearSSL uses a significant amount of stack space, much larger than
+  the default Arduino core stack. These routines handle swapping
+  between a secondary, user-allocated stack on the heap and the real
+  stack.
+
+  Copyright (c) 2017 Earle F. Philhower, III. All rights reserved.
+
+  This library is free software; you can redistribute it and/or
+  modify it under the terms of the GNU Lesser General Public
+  License as published by the Free Software Foundation; either
+  version 2.1 of the License, or (at your option) any later version.
+
+  This library is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public
+  License along with this library; if not, write to the Free Software
+  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+  Modified 8 May 2015 by Hristo Gochkov (proper post and file upload handling)
+*/
+
+#ifndef _STACKTHUNK_H
+#define _STACKTHUNK_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern void stack_thunk_add_ref();
+extern void stack_thunk_del_ref();
+extern void stack_thunk_repaint();
+
+extern uint32_t stack_thunk_get_refcnt();
+extern uint32_t stack_thunk_get_stack_top();
+extern uint32_t stack_thunk_get_stack_bot();
+extern uint32_t stack_thunk_get_cont_sp();
+extern uint32_t stack_thunk_get_max_usage();
+extern void stack_thunk_dump_stack();
+
+// Globals required for thunking operation
+extern uint32_t *stack_thunk_ptr;
+extern uint32_t *stack_thunk_top;
+extern uint32_t *stack_thunk_save;
+extern uint32_t stack_thunk_refcnt;
+
+// Thunking macro
+#define make_stack_thunk(fcnToThunk) \
+__asm("\n\
+.text\n\
+.literal_position\n\
+\n\
+.text\n\
+.global thunk_"#fcnToThunk"\n\
+.type thunk_"#fcnToThunk", @function\n\
+.align 4\n\
+thunk_"#fcnToThunk":\n\
+  addi a1, a1, -16      /* Allocate space for saved registers on stack */\n\
+  s32i a0, a1, 12       /* Store A0, trounced by calls */\n\
+  s32i a15, a1, 8       /* Store A15 (our temporary one) */\n\
+  movi a15, stack_thunk_save  /* Store A1(SP) in temp space */\n\
+  s32i a1, a15, 0\n\
+  movi a15, stack_thunk_top   /* Load A1(SP) with thunk stack */\n\
+  l32i.n a1, a15, 0\n\
+  call0 "#fcnToThunk"      /* Do the call */\n\
+  movi a15, stack_thunk_save  /* Restore A1(SP) */\n\
+  l32i.n a1, a15, 0\n\
+  l32i.n a15, a1, 8     /* Restore the saved registers */\n\
+  l32i.n a0, a1, 12\n\
+  addi a1, a1, 16       /* Free up stack and return to caller */\n\
+  ret\n\
+.size thunk_"#fcnToThunk", . - thunk_"#fcnToThunk"\n");
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif

cores/esp8266/core_esp8266_postmortem.c

@@ -29,6 +29,7 @@
 #include "cont.h"
 #include "pgmspace.h"
 #include "gdb_hooks.h"
+#include "StackThunk.h"
 
 extern void __real_system_restart_local();
 
@@ -147,6 +148,17 @@ void __wrap_system_restart_local() {
         offset = 0x10;
     }
 
+    ets_printf_P("\n>>>stack>>>\n");
+
+    if (sp > stack_thunk_get_stack_bot() && sp <= stack_thunk_get_stack_top()) {
+        // BearSSL we dump the BSSL second stack and then reset SP back to the main cont stack
+        ets_printf_P("\nctx: bearssl \n");
+        ets_printf_P("sp: %08x end: %08x offset: %04x\n", sp, stack_thunk_get_stack_top(), offset);
+        print_stack(sp + offset, stack_thunk_get_stack_top());
+        offset = 0; // No offset needed anymore, the exception info was stored in the bssl stack
+        sp = stack_thunk_get_cont_sp();
+    }
+
     if (sp > cont_stack_start && sp < cont_stack_end) {
         ets_printf_P("\nctx: cont \n");
         stack_end = cont_stack_end;
@@ -162,6 +174,8 @@ void __wrap_system_restart_local() {
 
     print_stack(sp + offset, stack_end);
 
+    ets_printf_P("<<<stack<<<\n");
+
     // Use cap-X formatting to ensure the standard EspExceptionDecoder doesn't match the address
     if (umm_last_fail_alloc_addr) {
       ets_printf_P("\nlast failed alloc call: %08X(%d)\n", (uint32_t)umm_last_fail_alloc_addr, umm_last_fail_alloc_size);
@@ -175,7 +189,6 @@ void __wrap_system_restart_local() {
 
 
 static void ICACHE_RAM_ATTR print_stack(uint32_t start, uint32_t end) {
-    ets_printf_P("\n>>>stack>>>\n");
     for (uint32_t pos = start; pos < end; pos += 0x10) {
         uint32_t* values = (uint32_t*)(pos);
 
@@ -185,7 +198,6 @@ static void ICACHE_RAM_ATTR print_stack(uint32_t start, uint32_t end) {
         ets_printf_P("%08x:  %08x %08x %08x %08x %c\n",
             pos, values[0], values[1], values[2], values[3], (looksLikeStackFrame)?'<':' ');
     }
-    ets_printf_P("<<<stack<<<\n");
 }
 
 static void uart_write_char_d(char c) {