Carglglz / mpy-mbedtls

MicroPython bindings for some MbedTLS EC and x509 cert/csr functions.
MIT License
3 stars 1 forks source link

unable to build ports #2

Closed radu022003 closed 1 year ago

radu022003 commented 1 year ago

Hello, i have tried to use the readme instructions, but all i get is: make: *** No targets specified and no makefile found. Stop.

for esp32: radu@homeserver:~/mpython_proj/mpy-mbedtls/ports/esp32$ make BOARD=GENERIC USER_C_MODULES=../../../../mpy-mbedtls FROZEN_MANIFEST=/home/radu/mpython_proj/mpy-mbedtls/ports/esp32/manifest.py -j4 make: *** No targets specified and no makefile found. Stop.

for unix: radu@homeserver:~/mpython_proj/mpy-mbedtls/ports/unix$ make USER_C_MODULES=../../../mpy-mbedtls FROZEN_MANIFEST=../../../mpy-mbedtls/ports/unix/manifest.py -j4 make: *** No targets specified and no makefile found. Stop.

Carglglz commented 1 year ago

Hi @radu022003 you should use that command in the micropython dir, e.g. $ ~/micropython/ports/esp32 make BOARD=GENERIC ... and

$ tree
├── micropython
│   ├── ACKNOWLEDGEMENTS
│   ├── CODECONVENTIONS.md
│   ├── CODEOFCONDUCT.md
│   ├── CONTRIBUTING.md
│   ├── LICENSE
│   ├── README.md
│   ├── docs
│   ├── drivers
│   ├── examples
│   ├── extmod
│   ├── lib
│   ├── logo
│   ├── mpy-cross
│   ├── ports
│   ├── py
│   ├── pyproject.toml
│   ├── shared
│   ├── ssl.patch
│   ├── tests
│   └── tools
└── user_modules
   └── mpy-mbedtls

If you haven't build the firmware before check MicroPython README.md and the port README.md i.e. unix and esp32  Also checkout MicroPython documentation about building USER_C_MODULES at https://docs.micropython.org/en/latest/develop/cmodules.html

radu022003 commented 1 year ago

Thanks for the hint, somehow I had the mindset that I will create a .mpy file out of it, not the whole mircopython. Using your hints, I could pass over that error, but got another one. I am trying to build it for raspberry pi pico, so I have tried to run it from ports/rp2. and i got these: /home/radu/mpython_proj/mpy-mbedtls/mbedtls/mod_mbedtls.c: In function 'mbedtls_ec_gen_key': /home/radu/mpython_proj/mpy-mbedtls/mbedtls/mod_mbedtls.c:168:18: error: implicit declaration of function 'mbedtls_pk_write_key_pem'; did you mean 'mbedtls_ecp_write_key'? [-Werror=implicit-function-declaration] if( ( ret = mbedtls_pk_write_key_pem( &key, output_buf, sizeof(output_buf) )) != 0 ){ ^~~~~~~~~~~~~~~~~~~~~~~~ mbedtls_ecp_write_key [ 57%] Building C object CMakeFiles/firmware.dir/home/radu/mpython_proj/mpy-mbedtls/x509/mod_x509.c.obj /home/radu/mpython_proj/mpy-mbedtls/mbedtls/mod_mbedtls.c:177:15: error: implicit declaration of function 'mbedtls_pk_write_key_der'; did you mean 'mbedtls_ecp_write_key'? [-Werror=implicit-function-declaration] if( ( ret = mbedtls_pk_write_key_der( &key, output_buf, sizeof(output_buf) )) < 0 ){ ^~~~~~~~~~~~~~~~~~~~~~~~ mbedtls_ecp_write_key /home/radu/mpython_proj/mpy-mbedtls/mbedtls/mod_mbedtls.c:194:18: error: implicit declaration of function 'mbedtls_pk_write_pubkey_pem'; did you mean 'mbedtls_pk_parse_public_key'? [-Werror=implicit-function-declaration] if( ( ret = mbedtls_pk_write_pubkey_pem( &key, output_buf, sizeof(output_buf) )) != 0 ){ ^~~~~~~~~~~~~~~~~~~~~~~~~~~ mbedtls_pk_parse_public_key /home/radu/mpython_proj/mpy-mbedtls/mbedtls/mod_mbedtls.c:207:15: error: implicit declaration of function 'mbedtls_pk_write_pubkey_der'; did you mean 'mbedtls_pk_parse_public_key'? [-Werror=implicit-function-declaration] if( ( ret = mbedtls_pk_write_pubkey_der( &key, output_der, sizeof(output_der) )) < 0 ){ ^~~~~~~~~~~~~~~~~~~~~~~~~~~ mbedtls_pk_parse_public_key /home/radu/mpython_proj/mpy-mbedtls/x509/mod_x509.c: In function 'x509_gen_csr': /home/radu/mpython_proj/mpy-mbedtls/x509/mod_x509.c:130:5: error: implicit declaration of function 'mbedtls_x509write_csr_init'; did you mean 'mbedtls_x509_crt_init'? [-Werror=implicit-function-declaration] mbedtls_x509write_csr_init( &req ); ^~~~~~~~~~~~~~~~~~~~~~~~~~ mbedtls_x509_crt_init /home/radu/mpython_proj/mpy-mbedtls/x509/mod_x509.c:135:5: error: implicit declaration of function 'mbedtls_x509write_csr_set_md_alg'; did you mean 'mbedtls_x509_crt_parse_der'? [-Werror=implicit-function-declaration] mbedtls_x509write_csr_set_md_alg( &req, MBEDTLS_MD_SHA256 ); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mbedtls_x509_crt_parse_der /home/radu/mpython_proj/mpy-mbedtls/x509/mod_x509.c:138:5: error: implicit declaration of function 'mbedtls_x509write_csr_set_key_usage'; did you mean 'mbedtls_x509_time_is_future'? [-Werror=implicit-function-declaration] mbedtls_x509write_csr_set_key_usage( &req, MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_ENCIPHERMENT | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mbedtls_x509_time_is_future /home/radu/mpython_proj/mpy-mbedtls/x509/mod_x509.c:155:12: error: implicit declaration of function 'mbedtls_x509write_csr_set_subject_name'; did you mean 'mbedtls_x509_parse_subject_alt_name'? [-Werror=implicit-function-declaration] ret = mbedtls_x509write_csr_set_subject_name( &req, subject); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mbedtls_x509_parse_subject_alt_name /home/radu/mpython_proj/mpy-mbedtls/x509/mod_x509.c:173:5: error: implicit declaration of function 'mbedtls_x509write_csr_set_key'; did you mean 'mbedtls_x509_crt_parse_der'? [-Werror=implicit-function-declaration] mbedtls_x509write_csr_set_key( &req, &key ); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mbedtls_x509_crt_parse_der /home/radu/mpython_proj/mpy-mbedtls/x509/mod_x509.c:179:11: error: implicit declaration of function 'mbedtls_x509write_csr_pem'; did you mean 'mbedtls_x509_write_sig'? [-Werror=implicit-function-declaration] ret = mbedtls_x509write_csr_pem( &req, output_buf, sizeof(output_buf) , mbedtls_ctr_drbg_random, &ctr_drbg ); ^~~~~~~~~~~~~~~~~~~~~~~~~ mbedtls_x509_write_sig /home/radu/mpython_proj/mpy-mbedtls/x509/mod_x509.c:188:5: error: implicit declaration of function 'mbedtls_x509write_csr_free'; did you mean 'mbedtls_x509_crt_free'? [-Werror=implicit-function-declaration] mbedtls_x509write_csr_free( &req ); ^~~~~~~~~~~~~~~~~~~~~~~~~~ mbedtls_x509_crt_free cc1: all warnings being treated as errors make[3]: *** [CMakeFiles/firmware.dir/build.make:4096: CMakeFiles/firmware.dir/home/radu/mpython_proj/mpy-mbedtls/mbedtls/mod_mbedtls.c.obj] Error 1 make[3]: *** Waiting for unfinished jobs.... cc1: all warnings being treated as errors make[3]: *** [CMakeFiles/firmware.dir/build.make:4109: CMakeFiles/firmware.dir/home/radu/mpython_proj/mpy-mbedtls/x509/mod_x509.c.obj] Error 1 make[2]: *** [CMakeFiles/Makefile2:1848: CMakeFiles/firmware.dir/all] Error 2 make[1]: *** [Makefile:103: all] Error 2

radu022003 commented 1 year ago

in between I have made some nasty changes to the mod_mbedtls.c, by copying out the functions with errors and I could successfully build the micropython uf2 image. I have copied it on a pico W. I could also import the mbedtls module. I tired to execute the already existing example from you and I got the following error:

%Run -c $EDITOR_CONTENT

====== Test encode ----------------------------------------- Temperature: 25.06 Humidity: 50.55

Preparing data for encryption 13 16 Traceback (most recent call last): File "", line 122, in File "", line 106, in main File "", line 76, in encrypt_payload ValueError: cipher not found

can you please advise?

EDIT: After some small debug I saw that at least my image does not contain the CCM mode for aes. the output of the mbedtls.aes_ciphers() function ['AES-128-ECB', 'AES-192-ECB', 'AES-256-ECB', 'AES-128-CBC', 'AES-192-CBC', 'AES-256-CBC', 'AES-128-GCM', 'AES-192-GCM', 'AES-256-GCM']

Carglglz commented 1 year ago

@radu022003 nice!, I haven't tested it on a pico so happy to see it kind of works 👀 , yes you need to use the config at https://github.com/Carglglz/mpy-mbedtls/blob/develop/mbedtls/mbedtls_config.h, and in rp2 port it should be in micropython/ports/rp2/mbedtls/mbedtls_config.h,

EDIT: After some small debug I saw that at least my image does not contain the CCM mode for aes. the output of the mbedtls.aes_ciphers() function ['AES-128-ECB', 'AES-192-ECB', 'AES-256-ECB', 'AES-128-CBC', 'AES-192-CBC', 'AES-256-CBC', 'AES-128-GCM', 'AES-192-GCM', 'AES-256-GCM']

I've just realised I didn't update mbedtls_config.h to enable the latest changes.

diff --git a/mbedtls/mbedtls_config.h b/mbedtls/mbedtls_config.h
index 7f8413b..05e4222 100644
--- a/mbedtls/mbedtls_config.h
+++ b/mbedtls/mbedtls_config.h
@@ -35,6 +35,7 @@
 #define MBEDTLS_AES_ROM_TABLES
 #define MBEDTLS_CIPHER_MODE_CBC
 #define MBEDTLS_CIPHER_MODE_CTR // needed for MICROPY_PY_UCRYPTOLIB_CTR
+#define MBEDTLS_CIPHER_MODE_AEAD
 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED
 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED
 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
@@ -65,6 +66,7 @@

 // Enable mbedtls modules
 #define MBEDTLS_AES_C
+#define MBEDTLS_CCM_C
 #define MBEDTLS_ASN1_PARSE_C
 #define MBEDTLS_ASN1_WRITE_C
 #define MBEDTLS_BIGNUM_C

So I've updated it in the latest commit, it should work now 👍🏼

radu022003 commented 1 year ago

Hi @Carglglz, I have encountered different errors and I had to remove the following defines in order to make it compilable. With these changes, i get no error, but also no output. CPU seems to crash when the function mbedtls.aes_encrypt is called. Perhaps i have removed too much.

diff --git a/mbedtls/mbedtls_config.h b/mbedtls/mbedtls_config.h
index 05e4222..2d6c045 100644
--- a/mbedtls/mbedtls_config.h
+++ b/mbedtls/mbedtls_config.h
@@ -48,16 +48,16 @@
 //#define MBEDTLS_ECP_DP_BP384R1_ENABLED
 //#define MBEDTLS_ECP_DP_BP512R1_ENABLED
 //#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 #define MBEDTLS_NO_PLATFORM_ENTROPY
 #define MBEDTLS_PKCS1_V15
 #define MBEDTLS_SHA256_SMALLER
-#define MBEDTLS_SSL_PROTO_TLS1
-#define MBEDTLS_SSL_PROTO_TLS1_1
-#define MBEDTLS_SSL_PROTO_TLS1_2
-#define MBEDTLS_SSL_SERVER_NAME_INDICATION
+//#define MBEDTLS_SSL_PROTO_TLS1
+//#define MBEDTLS_SSL_PROTO_TLS1_1
+//#define MBEDTLS_SSL_PROTO_TLS1_2
+//#define MBEDTLS_SSL_SERVER_NAME_INDICATION

 // Use a smaller output buffer to reduce size of SSL context
 #define MBEDTLS_SSL_MAX_CONTENT_LEN (16384)
@@ -77,7 +77,7 @@
 #define MBEDTLS_ECP_C
 #define MBEDTLS_ENTROPY_C
 #define MBEDTLS_ERROR_C
-#define MBEDTLS_HAVEGE_C
+//#define MBEDTLS_HAVEGE_C
 #define MBEDTLS_MD_C
 #define MBEDTLS_MD5_C
 #define MBEDTLS_OID_C
@@ -90,19 +90,19 @@
 #define MBEDTLS_SHA1_C
 #define MBEDTLS_SHA256_C
 #define MBEDTLS_SHA512_C
-#define MBEDTLS_SSL_CLI_C
-#define MBEDTLS_SSL_SRV_C
-#define MBEDTLS_SSL_TLS_C
-#define MBEDTLS_TIMING_C
+//#define MBEDTLS_SSL_CLI_C
+//#define MBEDTLS_SSL_SRV_C
+//#define MBEDTLS_SSL_TLS_C
+//#define MBEDTLS_TIMING_C
 #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
-#define MBEDTLS_X509_CRT_PARSE_C
+//#define MBEDTLS_X509_CRT_PARSE_C
 //#define MBEDTLS_X509_CRL_PARSE_C
-#define MBEDTLS_X509_CSR_PARSE_C
-#define MBEDTLS_X509_CSR_WRITE_C
-#define MBEDTLS_X509_CREATE_C
-#define MBEDTLS_X509_USE_C
-#define MBEDTLS_PEM_PARSE_C
-#define MBEDTLS_PEM_WRITE_C
+//#define MBEDTLS_X509_CSR_PARSE_C
+//#define MBEDTLS_X509_CSR_WRITE_C
+//#define MBEDTLS_X509_CREATE_C
+//#define MBEDTLS_X509_USE_C
+//#define MBEDTLS_PEM_PARSE_C
+//#define MBEDTLS_PEM_WRITE_C
 #define MBEDTLS_BASE64_C
 #define MBEDTLS_HAVE_TIME
 #define MBEDTLS_HAVE_TIME_DATE
radu022003 commented 1 year ago

I have also tried with this config, but cpu is still crashing without any error

diff --git a/mbedtls/mbedtls_config.h b/mbedtls/mbedtls_config.h
index 05e4222..2b57160 100644
--- a/mbedtls/mbedtls_config.h
+++ b/mbedtls/mbedtls_config.h
@@ -77,7 +77,7 @@
 #define MBEDTLS_ECP_C
 #define MBEDTLS_ENTROPY_C
 #define MBEDTLS_ERROR_C
-#define MBEDTLS_HAVEGE_C
+//#define MBEDTLS_HAVEGE_C
 #define MBEDTLS_MD_C
 #define MBEDTLS_MD5_C
 #define MBEDTLS_OID_C
@@ -93,16 +93,16 @@
 #define MBEDTLS_SSL_CLI_C
 #define MBEDTLS_SSL_SRV_C
 #define MBEDTLS_SSL_TLS_C
-#define MBEDTLS_TIMING_C
+//#define MBEDTLS_TIMING_C
 #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
 #define MBEDTLS_X509_CRT_PARSE_C
-//#define MBEDTLS_X509_CRL_PARSE_C
-#define MBEDTLS_X509_CSR_PARSE_C
-#define MBEDTLS_X509_CSR_WRITE_C
+#define MBEDTLS_X509_CRL_PARSE_C
+//#define MBEDTLS_X509_CSR_PARSE_C
+//#define MBEDTLS_X509_CSR_WRITE_C
 #define MBEDTLS_X509_CREATE_C
 #define MBEDTLS_X509_USE_C
-#define MBEDTLS_PEM_PARSE_C
-#define MBEDTLS_PEM_WRITE_C
+//#define MBEDTLS_PEM_PARSE_C
+//#define MBEDTLS_PEM_WRITE_C
 #define MBEDTLS_BASE64_C
 #define MBEDTLS_HAVE_TIME
 #define MBEDTLS_HAVE_TIME_DATE
radu022003 commented 1 year ago

I tried to start it all over and reset the develop branch in order to have a better understanding, during the compilation I am getting this error:

/home/radu/mpython_proj/mpy-mbedtls/mbedtls/mod_mbedtls.c: In function 'mbedtls_aes_enc':
/home/radu/mpython_proj/mpy-mbedtls/mbedtls/mod_mbedtls.c:697:9: error: implicit declaration of function 'mbedtls_cipher_auth_encrypt_ext'; did you mean 'mbedtls_ccm_auth_decrypt'? [-Werror=implicit-function-declaration]
   ret = mbedtls_cipher_auth_encrypt_ext( &ctx, iv, iv_len, addata, addata_len, data,
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         mbedtls_ccm_auth_decrypt
/home/radu/mpython_proj/mpy-mbedtls/mbedtls/mod_mbedtls.c: In function 'mbedtls_aes_dec':
/home/radu/mpython_proj/mpy-mbedtls/mbedtls/mod_mbedtls.c:820:9: error: implicit declaration of function 'mbedtls_cipher_auth_decrypt_ext'; did you mean 'mbedtls_ccm_auth_decrypt'? [-Werror=implicit-function-declaration]
   ret = mbedtls_cipher_auth_decrypt_ext( &ctx, iv, iv_len, addata, addata_len, data,
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         mbedtls_ccm_auth_decrypt

I have double checked and in my micropython/lib/mbedtls/include/mbedtls/cipher.h i can find the declaration of these 2 functions.

Carglglz commented 1 year ago

@radu022003 did you replace or merged original config file at micropython/ports/rp2/mbedtls/mbedtls_config.h with https://github.com/Carglglz/mpy-mbedtls/blob/develop/mbedtls/mbedtls_config.h?, try combining both files and see if that works 👀 , also could you test the unix port?

Also try to use $ make clean BOARD=PICO_W before building the firmware, this sometime helps... 🤔

Carglglz commented 1 year ago

@radu022003

I have double checked and in my micropython/lib/mbedtls/include/mbedtls/cipher.h i can find the declaration of these 2 functions.

In micropython/lib/mbedtls, you should be at commit 981743de6 ($ git checkout 981743de6)

* (HEAD detached at 981743de6) 981743de6 Merge pull request #1009 from paul-elliott-arm/mbedtls-2.28.3rc0-pr

They should be there now

micropython/lib/mbedtls $ rg mbedtls_cipher_auth_encrypt_ext
tests/suites/test_suite_cipher.function
543:    /* mbedtls_cipher_auth_encrypt_ext */
546:        mbedtls_cipher_auth_encrypt_ext(NULL,
554:        mbedtls_cipher_auth_encrypt_ext(&valid_ctx,
562:        mbedtls_cipher_auth_encrypt_ext(&valid_ctx,
570:        mbedtls_cipher_auth_encrypt_ext(&valid_ctx,
578:        mbedtls_cipher_auth_encrypt_ext(&valid_ctx,
586:        mbedtls_cipher_auth_encrypt_ext(&valid_ctx,
1312:        ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len,
1326:        ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len,

library/cipher.c
1286: * mbedtls_cipher_auth_encrypt() and mbedtls_cipher_auth_encrypt_ext().
1363: * mbedtls_cipher_auth_encrypt() and mbedtls_cipher_auth_encrypt_ext().
1516:int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx,

library/ssl_msg.c
908:        if ((ret = mbedtls_cipher_auth_encrypt_ext(&transform->cipher_ctx_enc,

library/ssl_ticket.c
272:    if ((ret = mbedtls_cipher_auth_encrypt_ext(&key->ctx,

include/mbedtls/cipher.h
883: * \deprecated          Superseded by mbedtls_cipher_auth_encrypt_ext().
887: *                      mbedtls_cipher_auth_encrypt_ext().
1041:int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx,

ChangeLog
689:     Please use mbedtls_cipher_auth_encrypt_ext() and
702:     functions mbedtls_cipher_auth_encrypt_ext() and
radu022003 commented 1 year ago

The 2 functions were present before checkout too, but during the compilation, are not to be found. Checking out to that commit didn't improved it.

~/micropython/lib/mbedtls$ rg mbedtls_cipher_auth_encrypt_ext
include/mbedtls/cipher.h
883: * \deprecated          Superseded by mbedtls_cipher_auth_encrypt_ext().
887: *                      mbedtls_cipher_auth_encrypt_ext().
1041:int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx,

ChangeLog
689:     Please use mbedtls_cipher_auth_encrypt_ext() and
702:     functions mbedtls_cipher_auth_encrypt_ext() and

library/cipher.c
1286: * mbedtls_cipher_auth_encrypt() and mbedtls_cipher_auth_encrypt_ext().
1363: * mbedtls_cipher_auth_encrypt() and mbedtls_cipher_auth_encrypt_ext().
1516:int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx,

library/ssl_ticket.c
272:    if ((ret = mbedtls_cipher_auth_encrypt_ext(&key->ctx,

library/ssl_msg.c
908:        if ((ret = mbedtls_cipher_auth_encrypt_ext(&transform->cipher_ctx_enc,

tests/suites/test_suite_cipher.function
543:    /* mbedtls_cipher_auth_encrypt_ext */
546:        mbedtls_cipher_auth_encrypt_ext(NULL,
554:        mbedtls_cipher_auth_encrypt_ext(&valid_ctx,
562:        mbedtls_cipher_auth_encrypt_ext(&valid_ctx,
570:        mbedtls_cipher_auth_encrypt_ext(&valid_ctx,
578:        mbedtls_cipher_auth_encrypt_ext(&valid_ctx,
586:        mbedtls_cipher_auth_encrypt_ext(&valid_ctx,
1312:        ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len,
1326:        ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len,
Carglglz commented 1 year ago

then the problem is in the config file, use the original file at micropython/ports/rp2/mbedtls/mbedtls_config.h and add the following

#define MBEDTLS_X509_CSR_PARSE_C
#define MBEDTLS_X509_CSR_WRITE_C
#define MBEDTLS_X509_CREATE_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_PEM_WRITE_C
#define MBEDTLS_BASE64_C
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_HAVE_TIME_DATE
#define MBEDTLS_CCM_C
#define MBEDTLS_CIPHER_MODE_AEAD
radu022003 commented 1 year ago

original file, from this repo?

Carglglz commented 1 year ago

I meant from micropython repo, with the changes I mentioned above should be something like this:

/*
 * This file is part of the MicroPython project, http://micropython.org/
 *
 * The MIT License (MIT)
 *
 * Copyright (c) 2018-2019 Damien P. George
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */
#ifndef MICROPY_INCLUDED_MBEDTLS_CONFIG_H
#define MICROPY_INCLUDED_MBEDTLS_CONFIG_H

// Set mbedtls configuration
#define MBEDTLS_ECP_NIST_OPTIM
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED

// Enable mbedtls modules
#define MBEDTLS_GCM_C
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_HAVE_TIME_DATE
#define MBEDTLS_X509_CSR_PARSE_C
#define MBEDTLS_X509_CSR_WRITE_C
#define MBEDTLS_X509_CREATE_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_PEM_WRITE_C
#define MBEDTLS_BASE64_C
#define MBEDTLS_CCM_C
#define MBEDTLS_CIPHER_MODE_AEAD

// Time hook
#include <time.h>
time_t rp2_rtctime_seconds(time_t *timer);
#define MBEDTLS_PLATFORM_TIME_MACRO rp2_rtctime_seconds

// Set MicroPython-specific options.
#define MICROPY_MBEDTLS_CONFIG_BARE_METAL (1)

// Include common mbedtls configuration.
#include "extmod/mbedtls/mbedtls_config_common.h"

#endif /* MICROPY_INCLUDED_MBEDTLS_CONFIG_H */
radu022003 commented 1 year ago

understood, did as you said, compiled successfully, but it is still crashing when running the example

radu022003 commented 1 year ago

finally managed to make it work! for some reasons, the config file was missing the last part,

time_t rp2_rtctime_seconds(time_t *timer);
#define MBEDTLS_PLATFORM_TIME_MACRO rp2_rtctime_seconds

// Set MicroPython-specific options.
#define MICROPY_MBEDTLS_CONFIG_BARE_METAL (1)

// Include common mbedtls configuration.
#include "extmod/mbedtls/mbedtls_config_common.h"

after adding it, compilation went successful and example correctly executed

radu022003 commented 1 year ago

Thank you very much for your help, couldn't have done it without you. I feel that we should bring these changes/experiences into your repo, so other can benefit out of it. The main thing was the mbedtls_config.h that had to be changed. Perhaps you can add another port in your repo for rp2?

Carglglz commented 1 year ago

yes, as you can see mbedtls config is split in micropython repo between extmod/mbedtls/mbedtls_config_common.h and ports/<...>/mbedtls/mbedtls_config.h and the key part I think was #define MICROPY_MBEDTLS_CONFIG_BARE_METAL (1) this option which was missing from the config file in my repo. Thank you for testing 🥇

Perhaps you can add another port in your repo for rp2?

Yes I will do it now that you confirmed it is working.

[EDIT]

Done, now it should be in ports/rp2/mbedtls_config.h 👍🏼

radu022003 commented 1 year ago

It is me again :) I have built the micropython (with the mbedtls module) with the flagh BOARD=PICO_W. This would give me the bluetooth module. The problem is that as soon as I run the command ble.activate(True), pico is crashing. I know that the hardware is ok because I tested the same with the official micropython version.

Can you please advise me?

Carglglz commented 1 year ago

mmm try disabling

#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_PEM_WRITE_C
#define MBEDTLS_BASE64_C

it may be a memory problem, but I cannot tell for sure 😕

radu022003 commented 1 year ago

I did as you suggested and I am now able to use the ble module and the aes_ccm (not yet successful with BTHOME). I had to comment these lines out in order to make the compilation successful:

diff --git a/mbedtls/mod_mbedtls.c b/mbedtls/mod_mbedtls.c
index acc18e1..1ef825b 100644
--- a/mbedtls/mod_mbedtls.c
+++ b/mbedtls/mod_mbedtls.c
@@ -165,10 +165,10 @@ STATIC mp_obj_t mbedtls_ec_gen_key(size_t n_args, const mp_obj_t *pos_args, mp_m
        mp_obj_t pkey;
     memset(output_buf, 0, bits);
        if (format == FORMAT_PEM){
-       if( ( ret = mbedtls_pk_write_key_pem( &key, output_buf, sizeof(output_buf) )) != 0 ){
-               goto cleanup;
+       //if( ( ret = mbedtls_pk_write_key_pem( &key, output_buf, sizeof(output_buf) )) != 0 ){
+       //      goto cleanup;

-       }
+       //}
                len = strlen( (char *) output_buf );
                pkey = mp_obj_new_bytes(output_buf, len);
        }
@@ -191,10 +191,10 @@ STATIC mp_obj_t mbedtls_ec_gen_key(size_t n_args, const mp_obj_t *pos_args, mp_m
        mp_obj_t pubkey;
     memset(output_buf, 0, bits);
        if (format == FORMAT_PEM){
-       if( ( ret = mbedtls_pk_write_pubkey_pem( &key, output_buf, sizeof(output_buf) )) != 0 ){
-               goto cleanup;
+       //if( ( ret = mbedtls_pk_write_pubkey_pem( &key, output_buf, sizeof(output_buf) )) != 0 ){
+       //      goto cleanup;

-       }
+       //}
                len = strlen( (char *) output_buf );
                pubkey = mp_obj_new_bytes(output_buf, len);
        }
@@ -277,10 +277,10 @@ STATIC mp_obj_t mbedtls_ec_get_pubkey(const mp_obj_t key_in, const mp_obj_t form
     size_t len = 0;
     memset(output_buf, 0, key_len);
        if (fmt == FORMAT_PEM){
-       if( ( ret = mbedtls_pk_write_pubkey_pem( &key, output_buf, sizeof(output_buf) )) != 0 ){
-               goto cleanup;
+       //if( ( ret = mbedtls_pk_write_pubkey_pem( &key, output_buf, sizeof(output_buf) )) != 0 ){
+       //      goto cleanup;

-       }
+       //}
                len = strlen( (char *) output_buf );
                pubkey = mp_obj_new_bytes(output_buf, len);
        }
diff --git a/x509/mod_x509.c b/x509/mod_x509.c
index 277ccfb..7f7eec5 100644
--- a/x509/mod_x509.c
+++ b/x509/mod_x509.c
@@ -176,7 +176,7 @@ STATIC mp_obj_t x509_gen_csr(const mp_obj_t sub_in, const mp_obj_t key_in){
     unsigned char output_buf[512];
     memset( output_buf, 0, 512 );
     size_t len = 0;
-    ret = mbedtls_x509write_csr_pem( &req, output_buf, sizeof(output_buf) , mbedtls_ctr_drbg_random, &ctr_drbg );
+    //ret = mbedtls_x509write_csr_pem( &req, output_buf, sizeof(output_buf) , mbedtls_ctr_drbg_random, &ctr_drbg );
     if (ret < 0){
        goto cleanup;
     }
radu022003 commented 1 year ago

I have successfully connected the raspberry pi W with home assistant using the BTHome protocol. Here can be found the example that works for me.

Carglglz commented 1 year ago

I had to comment these lines out in order to make the compilation successful

I may be able to add a macro so commenting won't be necessary, I will look into it.

In any case I'm happy to see this is finally working 🚀