Need to back-port "crypto/tls" package from upstream Go to here (or maybe another repo tinygo-org/crypto).
Currently, this "net" package for TinyGo supports TLS by offloading TLS to the wifi hw/fw. The wifi hw/fw use mbedTLS or similar to offload TLS to the device. There are two reasons to move away from this offload model and use Go's full crypto/tls package for TLS:
1) Raspberry Pico W driver/device (cyw43) does not have a TLS offload option. The driver/device exports an L2 eth interface, and a custom tcp/ip stack (ala lwip) exports an L3/L4 IP/TCP/UDP interface, but no TLS. The crypto/tls package would use "net"'s TCPConn, which in turn uses netdev/socket interface to the device driver.
2) Move away from mbed TLS and use Go's standard library TLS instead. The wifi drivers would retain the mbed support if someone wanted to interface directly with mbedTLS. But, by using crypto/tls, the normal app would use Go's standard library instead. This assumes Go's standard library provides the equivalent TLS functionality compared to mbed, which must surely be the case. I'm not a security expert by any means, so I'm not sure what hw support is need for the port, but I assume some strong RNG.
@soypat @deadprogram
Need to back-port "crypto/tls" package from upstream Go to here (or maybe another repo tinygo-org/crypto).
Currently, this "net" package for TinyGo supports TLS by offloading TLS to the wifi hw/fw. The wifi hw/fw use mbedTLS or similar to offload TLS to the device. There are two reasons to move away from this offload model and use Go's full crypto/tls package for TLS:
1) Raspberry Pico W driver/device (cyw43) does not have a TLS offload option. The driver/device exports an L2 eth interface, and a custom tcp/ip stack (ala lwip) exports an L3/L4 IP/TCP/UDP interface, but no TLS. The crypto/tls package would use "net"'s TCPConn, which in turn uses netdev/socket interface to the device driver.
2) Move away from mbed TLS and use Go's standard library TLS instead. The wifi drivers would retain the mbed support if someone wanted to interface directly with mbedTLS. But, by using crypto/tls, the normal app would use Go's standard library instead. This assumes Go's standard library provides the equivalent TLS functionality compared to mbed, which must surely be the case. I'm not a security expert by any means, so I'm not sure what hw support is need for the port, but I assume some strong RNG.
Here's a picture:
netdev progression.pdf