CLAassistant
commented
3 years ago
All committers have signed the CLA.
Closed ffontaine closed 3 years ago
CLAassistant
commented
3 years ago
All committers have signed the CLA.
github-actions[bot]
commented
3 years ago Memory usage change @ 9e45af2b2614d561d6353f185de3bd95366d1d5c
| Board | flash | % | RAM for global variables | % |
|---|---|---|---|---|
| arduino:megaavr:uno2018 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkr1000 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrgsm1400 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
ffontaine
commented
3 years ago Currently, I'm passing this flag by updating the compiler.cpp.flags parameter that is set in Arduino platform.txt files (e.g. packages/arduino/hardware/samd/1.8.9/platform.txt) as I didn't find a way to update this flag from the Arduino IDE (an issue is opened for more than 8 years: https://github.com/arduino/Arduino/issues/421).
As I quickly explained in #41, I don't know what is the standard way to declare or manage optional dependency in the Arduino world (i.e. if Arduino was autotools/cmake/meson based, I would declare an option such as --disable-eccx08).
I would be happy to update this Pull Request following your feeback to find a solution that would make sense and be usable for other users. My point is that ArduinoBearSSL is a nice library that could be used to secure connections on a lot of Arduino devices and not only on Arduino MKR NB.
aentinger
commented
3 years ago I thought as much. The problem here is that passing defines (although possible by modifying the core) has been intentionally disabled in the past, as they are not very beginner-friendly and lead to heavily ifdefd code. @per1234 Can you please shed some light on the current status on that discussion? Could very well be that we've "secretly" moved forward and this PR would be okay.
per1234
commented
3 years ago It is still not possible to set arbitrary global defines via the GUI of the official Arduino development software and, as far as I know, there has not been an official change of policy on the subject of adding this capability.
For quite a few years now (since a CLI was added to Arduino IDE), it has been possible to do this via the command line, and the official boards platforms have even been configured in order to make this easy for the user (related discussion here). I think the evidence shows that this CLI-exclusive capability does not result in library developers creating unfriendly macro-based user interfaces. My hypothesis is that this is because it would not make sense for library developers to do so while it is only possible for command line users to use those interfaces because the majority of the users will always be GUI-only.
My opinion is that there are valid use cases for macro-based interfaces. Examples:
ARDUINO_SAMD_MKRWIFI1010, __AVR_ATmega328P__).but that it is not appropriate to expect normal users to define global macros in order to use a library.
aentinger
commented
3 years ago Thank you @per1234 for the clarification - this is very much as I remember.
@ffontaine - we had an internal discussion following up on you raising #41 but unfortunately that went nowhere and no external verdict was communicated. Sorry about that. I do, however, have a possible solution for what you want to achieve (copying from internal Slack):
Start Quote
The issue he's raising is unfortunately not so easy to answer, as we are lacking the ability to simply set library wide defines. One way around it would be to keep the whole implementation in the header and then configure it via defines before header inclusion, e.g.
#define ARDUINO_DISABLE_ECCX08
#include <ArduinoBearSSL.h>
...However, that's not really possible with a more complex library such as ArduinoBearSSL. The better option I'd see would be to check for existence of a config file and then include that config file which contains those defines, e.g.
#if defined __has_include
# if __has_include (<ArduinoBearSSLConfig.h>)
# include <ArduinoBearSSLConfig.h>
# endif
#endifIf you want to disable ECCX08 you create ArduinoBearSSLConfig.h and then define ARDUINO_DISABLE_ECCX08 there.
End Quote
What do you think? Would option #2 suit you?
ffontaine
commented
3 years ago Sure, I'll test it and update the PR with the call ArduinoBearSSLConfig.h. It will always be better than defining this define in platform.txt.
github-actions[bot]
commented
3 years ago Memory usage change @ af67d411d37d506ea9eb30c2640f109a1fd08835
| Board | flash | % | RAM for global variables | % |
|---|---|---|---|---|
| arduino:megaavr:uno2018 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkr1000 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrgsm1400 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
ffontaine
commented
3 years ago Sure, I can add a sample of ArduinoBearSSLConfig.h but would it be ok if I add it in each examples (e.g. in examples/AES128) and not in the main src directory? Indeed, in my opinion, it would be nicer if the user doesn't have to update the main source code of ArduinoBearSSL but only its own code.
aentinger
commented
3 years ago That's a good point. It's not very clean but I think I prefer to add the configuration file to each example to avoid library pollution. Let's go with this.
github-actions[bot]
commented
3 years ago Memory usage change @ c3748fd5c0668ef4848e4b83302e6b16fbc8b20c
| Board | flash | % | RAM for global variables | % |
|---|---|---|---|---|
| arduino:megaavr:uno2018 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkr1000 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrgsm1400 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
woodlist
commented
3 years ago Gentleman you are congratulating each other for good jobs, but ordinary users, whom is pointed to the arduino world, yet unable to get this toxic ESSX08 disabled. Explain please, in plain English, what to do, 1.2.3
woodlist
commented
3 years ago I did library update a half hour ago, with big hope that everything will be fine. I was wrong on good faith. Have added the ArduinoBearSSLConfig.h with following content:
#ifndef ARDUINO_BEARSSL_CONFIG_H_
#define ARDUINO_BEARSSL_CONFIG_H_
#define ARDUINO_DISABLE_ECCX08
#endifplaced in same directory with main code. The platform is ESP32. The code is the modified BearSSL example, as follows:
/*
This example creates a client object that connects and transfers
data using always SSL.
It is compatible with the methods normally related to plain
connections, like client.connect(host, port).
Written by Arturo Guadalupi
last revision November 2015
*/
#define MODEM_TX 15
#define MODEM_RX 14
#define led 4
#define TINY_GSM_MODEM_SIM800 // Modem is SIM800L
#include <TinyGsmClient.h>
#include <ArduinoBearSSL.h>
#include "ArduinoBearSSLConfig.h"
// Set serial for debug console (to the Serial Monitor, default speed 115200)
#define SerialMon Serial
// Set serial for AT commands
#define SerialAT Serial1
TinyGsm modem(SerialAT);
// Your GPRS credentials (leave empty, if not needed)
const char apn[] = "internet"; // APN use https://wiki.apnchanger.org
const char gprsUser[] = "internet"; // GPRS User
const char gprsPass[] = "internet"; // GPRS Password
// SIM card PIN (leave empty, if not defined)
const char simPIN[] = "";
// if you don't want to use DNS (and reduce your sketch size)
// use the numeric IP instead of the name for the server:
//IPAddress server(74,125,232,128); // numeric IP for Google (no DNS)
char server[] = "www.google.com"; // name address for Google (using DNS)
//GPRS gprs;
//GSM gsmAccess;
// Initialize the Ethernet client library
// with the IP address and port of the server
// that you want to connect to (port 80 is default for HTTP):
TinyGsmClient client (modem);
BearSSLClient sslClient(client);
/*
unsigned long getTime() {
return gsmAccess.getTime();
}
*/
void getconnectedtoGSM() {
// Restart takes quite some time
// To skip it, call init() instead of restart()
SerialMon.println("Initializing modem...");
delay(200);
modem.restart();
// modem.init();
String modemInfo = modem.getModemInfo();
SerialMon.print("Modem Info: ");
SerialMon.println(modemInfo);
SerialMon.print("Own number: ");
// modem.sendAT("AT+CNUM");
SerialAT.print("AT+CNUM\r\n");
SerialMon.print(SerialAT.readString());
// modem.sendAT("command")
// Unlock your SIM card with a PIN if needed
if (modem.getSimStatus() != 3 ) {
modem.simUnlock(simPIN);
}
SerialMon.print("Connecting to APN: ");
SerialMon.print(apn);
if (!modem.gprsConnect(apn, gprsUser, gprsPass)) {
SerialMon.println(" fail");
}
else {
SerialMon.println(" OK");
}
bool res = modem.isGprsConnected();
SerialMon.println("Waiting for network...");
if (res && !modem.waitForNetwork(600000L)) {
delay(10000);
return;
}
if (res) {
SerialMon.println("GPRS status: connected");
/*
String ccid = modem.getSimCCID();
SerialMon.println("CCID:", ccid);
String imei = modem.getIMEI();
SerialMon.println("IMEI:", imei);
String imsi = modem.getIMSI();
SerialMon.println("IMSI:", imsi);
String cop = modem.getOperator();
SerialMon.println("Operator:", cop);
*/
String IP = modem.getLocalIP();
SerialMon.println("Local IP:" + IP);
}
else SerialMon.println("GPRS status: fail");
}
void setup() {
//Initialize serial and wait for port to open:
SerialMon.begin(115200);
SerialAT.begin(115200, SERIAL_8N1, MODEM_RX, MODEM_TX);
pinMode(led, OUTPUT);
getconnectedtoGSM();
delay(3000);
/*
// connection state
boolean notConnected = true;
// After starting the modem with GSM.begin()
// attach the shield to the GPRS network with the APN, login and password
while (notConnected) {
if ((gsmAccess.begin(pin) == GSM_READY) &
(gprs.attachGPRS(apn, login, password) == GPRS_READY)) {
notConnected = false;
} else {
Serial.println("Not connected");
delay(1000);
}
}
*/
SerialMon.println("Connected to GPRS");
// ArduinoBearSSL.onGetTime(getTime);
SerialMon.println("\nStarting connection to server...");
// if you get a connection, report back via serial:
if (sslClient.connect(server, 443)) {
SerialMon.println("connected to server");
// Make a HTTP request:
sslClient.println("GET /search?q=arduino HTTP/1.1");
sslClient.println("Host: www.google.com");
sslClient.println("Connection: close");
sslClient.println();
}
}
void loop() {
// if there are incoming bytes available
// from the server, read them and print them:
while (sslClient.available()) {
char c = sslClient.read();
SerialMon.write(c);
}
// if the server's disconnected, stop the client:
if (!sslClient.connected()) {
SerialMon.println();
SerialMon.println("disconnecting from server.");
sslClient.stop();
// do nothing forevermore:
while (true);
}
}The compilation error log is following:
C:\Users\User\Documents\Arduino\libraries\ArduinoECCX08\src\ECCX08.cpp: In member function 'int ECCX08Class::receiveResponse(void*, size_t)':
C:\Users\User\Documents\Arduino\libraries\ArduinoECCX08\src\ECCX08.cpp:724:80: error: call of overloaded 'requestFrom(uint8_t, size_t, bool)' is ambiguous
while (_wire->requestFrom((uint8_t)_address, (size_t)responseSize, (bool)true) != responseSize && retries--);
^
In file included from C:\Users\User\Documents\Arduino\libraries\ArduinoECCX08\src\ECCX08.h:24:0,
from C:\Users\User\Documents\Arduino\libraries\ArduinoECCX08\src\ECCX08.cpp:22:
C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\libraries\Wire\src/Wire.h:97:13: note: candidate: uint8_t TwoWire::requestFrom(uint16_t, uint8_t, bool)
uint8_t requestFrom(uint16_t address, uint8_t size, bool sendStop);
^
C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\libraries\Wire\src/Wire.h:98:13: note: candidate: uint8_t TwoWire::requestFrom(uint16_t, uint8_t, uint8_t)
uint8_t requestFrom(uint16_t address, uint8_t size, uint8_t sendStop);
^
C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\libraries\Wire\src/Wire.h:100:13: note: candidate: uint8_t TwoWire::requestFrom(uint8_t, uint8_t, uint8_t)
uint8_t requestFrom(uint8_t address, uint8_t size, uint8_t sendStop);
^
C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\libraries\Wire\src/Wire.h:102:13: note: candidate: uint8_t TwoWire::requestFrom(int, int, int)
uint8_t requestFrom(int address, int size, int sendStop);Looks like it's still pulling in ArduinoECCX08 somewhere, @ffontaine can you check by compiling for ESP32?
ffontaine
commented
3 years ago #include "ArduinoBearSSLConfig.h" should be removed from your example, it is not needed.
The only thing that you have to do is to load one of the example (e.g. https://github.com/arduino-libraries/ArduinoBearSSL/blob/master/examples/AES128/AES128.ino) and uncomment #define ARDUINO_DISABLE_ECCX08 in ArduinoBearSSLConfig.h (i.e. https://github.com/arduino-libraries/ArduinoBearSSL/blob/master/examples/AES128/ArduinoBearSSLConfig.h).
You could also check https://github.com/Orange-OpenSource/IoT-SAFE-APDU-library/tree/master/examples/LiveObjects_Arduino_TinyGSM for an example using TinyGSM that is working on STM32.
ffontaine
commented
3 years ago If you still have build failure, I'll check with ESP32.
woodlist
commented
3 years ago It is so pity...AES128 exmple falls.
C:\Users\User\Documents\Arduino\libraries\ArduinoECCX08\src\ECCX08.cpp: In member function 'int ECCX08Class::receiveResponse(void*, size_t)':
C:\Users\User\Documents\Arduino\libraries\ArduinoECCX08\src\ECCX08.cpp:724:80: error: call of overloaded 'requestFrom(uint8_t, size_t, bool)' is ambiguous
while (_wire->requestFrom((uint8_t)_address, (size_t)responseSize, (bool)true) != responseSize && retries--);
^
In file included from C:\Users\User\Documents\Arduino\libraries\ArduinoECCX08\src\ECCX08.h:24:0,
from C:\Users\User\Documents\Arduino\libraries\ArduinoECCX08\src\ECCX08.cpp:22:
C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\libraries\Wire\src/Wire.h:97:13: note: candidate: uint8_t TwoWire::requestFrom(uint16_t, uint8_t, bool)
uint8_t requestFrom(uint16_t address, uint8_t size, bool sendStop);
^
C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\libraries\Wire\src/Wire.h:98:13: note: candidate: uint8_t TwoWire::requestFrom(uint16_t, uint8_t, uint8_t)
uint8_t requestFrom(uint16_t address, uint8_t size, uint8_t sendStop);
^
C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\libraries\Wire\src/Wire.h:100:13: note: candidate: uint8_t TwoWire::requestFrom(uint8_t, uint8_t, uint8_t)
uint8_t requestFrom(uint8_t address, uint8_t size, uint8_t sendStop);
^
C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\libraries\Wire\src/Wire.h:102:13: note: candidate: uint8_t TwoWire::requestFrom(int, int, int)
uint8_t requestFrom(int address, int size, int sendStop);Please, try to compile on ESP32 yourself.
woodlist
commented
3 years ago
#include "ArduinoBearSSLConfig.h"should be removed from your example, it is not needed.The only thing that you have to do is to load one of the example (e.g. https://github.com/arduino-libraries/ArduinoBearSSL/blob/master/examples/AES128/AES128.ino) and uncomment
#define ARDUINO_DISABLE_ECCX08in ArduinoBearSSLConfig.h (i.e. https://github.com/arduino-libraries/ArduinoBearSSL/blob/master/examples/AES128/ArduinoBearSSLConfig.h).You could also check https://github.com/Orange-OpenSource/IoT-SAFE-APDU-library/tree/master/examples/LiveObjects_Arduino_TinyGSM for an example using TinyGSM that is working on STM32
Of course, I will try use on STM32 too, but for the moment I have to send a photo, from Al-thinker32, over SSL connection, having not used the Wifi.
woodlist
commented
3 years ago Special thanks to Mr. per1234 for inserting correction tags to my uploaded reports. I'm not much familiar to github's lagoon.
ffontaine
commented
3 years ago I'm able to reproduce it on "AI Thinker ESP32-CAM", I'll try to understand what is the issue.
woodlist
commented
3 years ago Please, do that.
ffontaine
commented
3 years ago I found the issue.
# if __has_include (<ArduinoBearSSLConfig.h>) does not work with the ESP32 toolchain when ArduinoBearSSLConfig.h is put in the examples directory.
You can fix this build failure by moving ArduinoBearSSLConfig.h to the main src directory (i.e. in https://github.com/arduino-libraries/ArduinoBearSSL/tree/master/src).
I assume that the ESP32 toolchain is configured in a way that avoids (or prevents) the inclusion of header from the examples directory when building the main library. This could also be linked to the gcc version as ESP32 toolchain uses a very old gcc (5.2.0) whereas STM32 toolchain uses a more recent one (9.2.1).
woodlist
commented
3 years ago I did what is recommended above and again the compilation hangs with same errors. I had tried a code, not from examples direction loaded.
woodlist
commented
3 years ago Please, if you use Anydesk, I can grant you access to my PC at 146 024 291 to see what happens under hood.
woodlist
commented
3 years ago Sir ffontaine, I used your latest release of lib and got error free compilation on ESP32. Thanks for your efforts.
woodlist
commented
3 years ago My joy was not long lasting, The bearSSL example did not worked (connection to google.com)
woodlist
commented
3 years ago When used the www.google.com the code just falls to connect. The sketch is here: https://github.com/arduino-libraries/ArduinoBearSSL/pull/45#issuecomment-817628871 When it's IP used, the code crashes. I have decoded the backtrace:
PC: 0x400dd5e3: br_ssl_engine_current_state at C:\Users\User\Documents\Arduino\libraries\ArduinoBearSSL-1.7.0\src\bearssl\ssl_engine.c line 1258
EXCVADDR: 0x00000030
Decoding stack results
0x400dd5e3: br_ssl_engine_current_state at C:\Users\User\Documents\Arduino\libraries\ArduinoBearSSL-1.7.0\src\bearssl\ssl_engine.c line 1258
0x400dee02: br_sslio_read_available at C:\Users\User\Documents\Arduino\libraries\ArduinoBearSSL-1.7.0\src\bearssl\ssl_io.c line 191
0x400d2ce5: BearSSLClient::available() at C:\Users\User\Documents\Arduino\libraries\ArduinoBearSSL-1.7.0\src\BearSSLClient.cpp line 127
0x400d2b3d: loop() at C:\Users\User\Documents\Arduino\ESP\ESPCAM\bearSSL_example/bearSSL_example.ino line 148
0x400e18bd: loopTask(void*) at C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\cores\esp32\main.cpp line 23
0x4008a0be: vPortTaskWrapper at /home/runner/work/esp32-arduino-lib-builder/esp32-arduino-lib-builder/esp-idf/components/freertos/port.c line 143I don't know if this is related to your crash but I was able to run your example with a Sequans module and STM32.
To do so, I had to fix a mistake in your sketch: you can't comment the call of
ArduinoBearSSL.onGetTime(getTime);
Indeed, without it, the STM32 (or ESP32) running ArduinoBearSSL won't have the correct time and so won't be able to validate the server certificate. You have to use TimeLib.h or any other libraries to implement getTime (see https://github.com/Orange-OpenSource/IoT-SAFE-APDU-library/blob/master/examples/LiveObjects_Arduino_TinyGSM/LiveObjects_Arduino_TinyGSM.ino)
aentinger
commented
3 years ago @woodlist ... since this is an ESP32 board altogether you might want to take a look at the support channels available for that platform. Afaik ESP32 already comes with an SSL stack so there's no need to use ArduinoBearSSL. @ffontaine ... feel free to continue the support here, I personally don't feel you have any obligation in this particular case (in case you feel indebted due to your last contribution).
woodlist
commented
3 years ago Mr. Fontaine I did everything as you kindly pointed to. Namely, I put the getTime function from your own repository's example. The timeLib is implemented by source as here https://github.com/PaulStoffregen/Time The compilation has been passed, but the code crashes with same backtrace. For debugging purpose I have added an signalization print to terminal on 206 line in your own example code for STM32. That printout did not happened, while I have uncommented the "ArduinoBearSSL.onGetTime(getTime);" Regardless from result that I got, I appreciate your volunteer work.
This new compilation flag can be set through ArduinoBearSSLConfig.h and will allow the user to use ArduinoBearSSL without ECCX08.
Indeed, the cryptographic operations could be done through the default software implementation or offloaded to another secure element such as an applet compliant with the GSMA IoT SAFE standard.
Signed-off-by: Fabrice Fontaine fabrice.fontaine@orange.com