Fix SSH server for STM32H563 bare-metal operation

  Commit Body:
  Fix wolfSSH integration and optimize memory for embedded
  deployment.

  wolfSSH API updates:
  - Add wolfSSH_CTX_SetIO_wolfIP() for context-level I/O
  callbacks
  - Update field names: usernameLen->usernameSz,
  passwordLen->passwordSz
  - Wrap debug logging callback in #ifdef DEBUG_WOLFSSH

  Memory optimization for STM32H563 (640KB SRAM):
  - Reduce wolfSSH window size from 16KB to 4KB
  - Reduce wolfIP RX/TX buffers from 16x to 8x MTU
  - Reduce MAX_TCPSOCKETS to 6, MAX_ICMPSOCKETS to 1

  wolfSSL/wolfSSH configuration:
  - Add WOLFSSL_WOLFSSH for wc_SSH_KDF support
  - Add WOLFSSL_KEY_GEN for host key generation
  - Add WOLFSSH_NO_TERM for bare-metal operation

  Build system:
  - Add signature.c for SSH signature verification
  - Fix pattern rules for wolfSSH compilation

  Tested: SSH login (admin/wolfip), shell commands working

Author: aidangarske

src/port/stm32h563/Makefile

@@ -105,6 +105,12 @@ WOLFSSL_SRCS += \
 WOLFSSL_SRCS += \
     $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.c
 
+# Signature verification (required for wolfSSH)
+ifeq ($(ENABLE_SSH),1)
+WOLFSSL_SRCS += \
+    $(WOLFSSL_ROOT)/wolfcrypt/src/signature.c
+endif
+
 SRCS += $(WOLFSSL_SRCS)
 
 endif # ENABLE_TLS
@@ -143,9 +149,9 @@ WOLFSSH_SRCS := \
 
 SRCS += $(WOLFSSH_SRCS)
 
-# wolfSSH objects use relaxed warnings
+# wolfSSH objects use relaxed warnings + SSH/SSL include paths + user_settings.h
 $(WOLFSSH_ROOT)/%.o: $(WOLFSSH_ROOT)/%.c
-	$(CC) $(CFLAGS_WOLFSSL) -c $< -o $@
+	$(CC) $(CFLAGS_WOLFSSL) -DENABLE_SSH -DWOLFSSL_USER_SETTINGS -DWOLFSSH_USER_SETTINGS -I$(WOLFSSH_ROOT) -I$(WOLFSSL_ROOT) -c $< -o $@
 
 endif # ENABLE_SSH
 
@@ -172,9 +178,9 @@ app.bin: app.elf
 %.o: %.c
 	$(CC) $(CFLAGS) -c $< -o $@
 
-# wolfSSL objects use relaxed warnings
+# wolfSSL objects use relaxed warnings + user_settings.h + include paths
 $(WOLFSSL_ROOT)/%.o: $(WOLFSSL_ROOT)/%.c
-	$(CC) $(CFLAGS_WOLFSSL) -c $< -o $@
+	$(CC) $(CFLAGS_WOLFSSL) -DWOLFSSL_USER_SETTINGS $(if $(filter 1,$(ENABLE_SSH)),-DENABLE_SSH) -I$(WOLFSSL_ROOT) -c $< -o $@
 
 clean:
 	rm -f *.o app.elf app.bin

src/port/stm32h563/config.h

@@ -28,11 +28,11 @@
 #define ETHERNET
 #define LINK_MTU                1536
 
-#define MAX_TCPSOCKETS          8
+#define MAX_TCPSOCKETS          6    /* Need enough for listen + accepted sockets */
 #define MAX_UDPSOCKETS          2
-#define MAX_ICMPSOCKETS         2
-#define RXBUF_SIZE              (LINK_MTU * 16)
-#define TXBUF_SIZE              (LINK_MTU * 16)
+#define MAX_ICMPSOCKETS         1    /* Reduced from 2 */
+#define RXBUF_SIZE              (LINK_MTU * 8)   /* Reduced from 16 */
+#define TXBUF_SIZE              (LINK_MTU * 8)   /* Reduced from 16 */
 
 #define MAX_NEIGHBORS            16
 

src/port/stm32h563/ssh_server.c

@@ -62,8 +62,21 @@ static struct {
 } server;
 
 /* External functions from wolfssh_io.c */
+extern void wolfSSH_CTX_SetIO_wolfIP(WOLFSSH_CTX *ctx);
 extern int wolfSSH_SetIO_wolfIP(WOLFSSH *ssh, struct wolfIP *stack, int fd);
 
+#ifdef DEBUG_WOLFSSH
+/* wolfSSH logging callback */
+static void ssh_log_cb(enum wolfSSH_LogLevel level, const char *msg)
+{
+    (void)level;
+    if (server.debug_cb && msg) {
+        server.debug_cb(msg);
+        server.debug_cb("\n");
+    }
+}
+#endif
+
 /* Debug output helper */
 static void debug_print(const char *msg)
 {
@@ -82,16 +95,16 @@ static int ssh_userauth_cb(byte authType, WS_UserAuthData *authData, void *ctx)
     }
 
     /* Check username */
-    if (authData->usernameLen != strlen(SSH_USERNAME) ||
-        memcmp(authData->username, SSH_USERNAME, authData->usernameLen) != 0) {
+    if (authData->usernameSz != strlen(SSH_USERNAME) ||
+        memcmp(authData->username, SSH_USERNAME, authData->usernameSz) != 0) {
         debug_print("SSH: Invalid username\n");
         return WOLFSSH_USERAUTH_INVALID_USER;
     }
 
     /* Check password */
-    if (authData->sf.password.passwordLen != strlen(SSH_PASSWORD) ||
+    if (authData->sf.password.passwordSz != strlen(SSH_PASSWORD) ||
         memcmp(authData->sf.password.password, SSH_PASSWORD,
-               authData->sf.password.passwordLen) != 0) {
+               authData->sf.password.passwordSz) != 0) {
         debug_print("SSH: Invalid password\n");
         return WOLFSSH_USERAUTH_INVALID_PASSWORD;
     }
@@ -212,13 +225,22 @@ int ssh_server_init(struct wolfIP *stack, uint16_t port, ssh_debug_cb debug)
         return -1;
     }
 
+#ifdef DEBUG_WOLFSSH
+    /* Enable wolfSSH debug logging */
+    wolfSSH_Debugging_ON();
+    wolfSSH_SetLoggingCb(ssh_log_cb);
+#endif
+
     /* Create SSH server context */
     server.ctx = wolfSSH_CTX_new(WOLFSSH_ENDPOINT_SERVER, NULL);
     if (server.ctx == NULL) {
         debug_print("SSH: CTX_new failed\n");
         return -1;
     }
 
+    /* Set I/O callbacks on context */
+    wolfSSH_CTX_SetIO_wolfIP(server.ctx);
+
     /* Set user authentication callback */
     wolfSSH_SetUserAuth(server.ctx, ssh_userauth_cb);
 
@@ -235,7 +257,6 @@ int ssh_server_init(struct wolfIP *stack, uint16_t port, ssh_debug_cb debug)
     }
 
     /* Create listen socket */
-    debug_print("SSH: Creating listen socket\n");
     server.listen_fd = wolfIP_sock_socket(stack, AF_INET, IPSTACK_SOCK_STREAM, 0);
     if (server.listen_fd < 0) {
         debug_print("SSH: socket() failed\n");

src/port/stm32h563/user_settings.h

@@ -153,24 +153,30 @@ int custom_rand_gen_block(unsigned char* output, unsigned int sz);
 /* ------------------------------------------------------------------------- */
 /* #define DEBUG_WOLFSSL */
 /* #define WOLFSSL_DEBUG_TLS */
+/* #define DEBUG_WOLFSSH */       /* Enable wolfSSH debug output */
 
 /* ------------------------------------------------------------------------- */
 /* wolfSSH Settings (when ENABLE_SSH=1) */
 /* ------------------------------------------------------------------------- */
 #ifdef ENABLE_SSH
+/* Enable wolfSSL features needed for wolfSSH */
+#define WOLFSSL_WOLFSSH           /* Enable wc_SSH_KDF function */
+#define WOLFSSL_KEY_GEN           /* Key generation for wolfSSH keygen */
+
 /* Disable features not needed for basic shell */
 #define WOLFSSH_NO_TIMESTAMP
 #define WOLFSSH_NO_AGENT
 #define WOLFSSH_NO_SFTP
 #define WOLFSSH_NO_SCP
 
-/* Memory optimization */
+/* Bare-metal: no termios/pty support */
+#define WOLFSSH_NO_TERM
+
+/* Memory optimization - reduced for embedded */
 #define WOLFSSH_SMALL_STACK
-#define DEFAULT_WINDOW_SZ (16 * 1024)
+#define DEFAULT_WINDOW_SZ (4 * 1024)   /* Reduced from 16KB to 4KB */
 #define DEFAULT_HIGHWATER_MARK ((DEFAULT_WINDOW_SZ * 3) / 4)
-
-/* Terminal support for shell */
-#define WOLFSSH_TERM
+#define MAX_PACKET_SZ (DEFAULT_WINDOW_SZ + 256)
 
 /* Custom I/O - we use wolfIP sockets */
 #define WOLFSSH_USER_IO

src/port/wolfssh_io.c

@@ -106,7 +106,16 @@ static int wolfssh_io_send(WOLFSSH *ssh, void *buf, word32 sz, void *ctx)
     return ret;
 }
 
-/* Set up wolfSSH I/O callbacks for a wolfIP socket */
+/* Set up wolfSSH I/O callbacks on the context (call once during init) */
+void wolfSSH_CTX_SetIO_wolfIP(WOLFSSH_CTX *ctx)
+{
+    if (ctx) {
+        wolfSSH_SetIORecv(ctx, wolfssh_io_recv);
+        wolfSSH_SetIOSend(ctx, wolfssh_io_send);
+    }
+}
+
+/* Set up wolfSSH I/O context for a wolfIP socket (call per-session) */
 int wolfSSH_SetIO_wolfIP(WOLFSSH *ssh, struct wolfIP *stack, int fd)
 {
     struct wolfssh_io_desc *desc;
@@ -123,8 +132,6 @@ int wolfSSH_SetIO_wolfIP(WOLFSSH *ssh, struct wolfIP *stack, int fd)
     desc->stack = stack;
     desc->fd = fd;
 
-    wolfSSH_SetIORecv(ssh, wolfssh_io_recv);
-    wolfSSH_SetIOSend(ssh, wolfssh_io_send);
     wolfSSH_SetIOReadCtx(ssh, desc);
     wolfSSH_SetIOWriteCtx(ssh, desc);