search

cfriedt / greybus-for-zephyr

Greybus Module for the Zephyr Real-Time Operating System
BSD 3-Clause "New" or "Revised" License
5 stars 3 forks source link

subsys: greybus: authentication and encryption #34

Closed cfriedt closed 3 years ago

cfriedt commented 3 years ago

This chnage adds TLS support to Greybus as well as a default method of storing certificates (building them into the application).

Fixes #25 Fixes #28

cfriedt commented 3 years ago

The solution is to use standard TLS. However, there are some issues with Zephyr's use of mbedTLS in the implementation of the TLS extensions to the sockets API (see below). Specifically, when communication is happening bidirectionally on a TLS socket, there is a chance that it puts the socket into an error state (E: send: 5, where 5 is EIO).

The additional tests I contributed to zephyr in zephyrproject-rtos/zephyr#30942 also showed a similar level of fragility.

Since the implementation of TLS for Greybus is correct according to the provided API, additional work will on the topic will be considered out of the scope of this ticket.

[265/271] Linking C executable zephyr/zephyr_prebuilt.elf
Memory region         Used Size  Region Size  %age Used
           FLASH:      169912 B         4 MB      4.05%
            SRAM:      217504 B         4 MB      5.19%
        IDT_LIST:         200 B         2 KB      9.77%
[270/271] To exit from QEMU enter: 'CTRL+a, x'[QEMU] CPU: cortex-m3
qemu-system-arm: warning: nic lan9118.0 has no peer
D: probed greybus: 0 major: 0 minor: 1
*** Booting Zephyr OS build zephyr-v2.4.0-2547-gacc1cee0358c  ***
W: No entropy device on the system, TLS communication may be insecure!
I: Initializing network
I: IPv4 address: 192.0.2.1
D: Greybus initializing..
I: Initializing built-in certificates
D: Adding Server Certificate (Public Key) (693 bytes)
D: Adding Server Certificate (Private Key) (1219 bytes)
D: probed greybus bundle 1: class: 10
D: probed greybus bundle 0: class: 0
D: probed cport 0: bundle: 0 protocol: 0
D: probed greybus interface 0
D: probed greybus string 2: Greybus Service Sample Application
D: probed greybus string 1: Zephyr Project RTOS
D: added mapping between cport 1 and device GPIO_42
D: probed cport 1: bundle: 1 protocol: 2
D: cport_id = 0
D: cport_id = 1
D: Greybus TCP/IP Transport initializing..
D: (main): Allocated TLS context, 0x20001f2c
D: (main): socket: ctx=0x20006e54, fd=1
I: CPort 0 mapped to TCP/IP port 4242
D: (main): Allocated TLS context, 0x20002304
D: (main): socket: ctx=0x20006edc, fd=3
I: CPort 1 mapped to TCP/IP port 4243
I: Greybus TCP/IP Transport initialized
I: Registering CONTROL greybus driver.
D: Registering Greybus driver on CP0
I: Registering GPIO greybus driver.
D: Registering Greybus driver on CP1
I: Greybus is active
D: opening GPIO_42
D: (main): Allocated TLS context, 0x200026dc
D: (main): socket: ctx=0x20006f64, fd=5
D: Adding CA Certificate (4 bytes)
D: (rx_q[0]): parent=0x20006edc, ctx=0x20006fec, st=0
D: (rx_q[0]): ctx=0x20006fec, pkt=0x2002ea98, st=0, user_data=(nil)
D: (greybus): accept: ctx=0x20006fec, fd=7
D: (greybus): Allocated TLS context, 0x20002ab4
D: (rx_q[0]): ctx=0x20006f64, pkt=0x2002eae0, st=0, user_data=(nil)
D: (rx_q[0]): ctx=0x20006f64, pkt=0x2002eae0, st=0, user_data=(nil)
D: (rx_q[0]): ctx=0x20006f64, pkt=0x2002eae0, st=0, user_data=(nil)
D: (rx_q[0]): ctx=0x20006f64, pkt=0x2002eae0, st=0, user_data=(nil)
D: (rx_q[0]): ctx=0x20006fec, pkt=0x2002ea98, st=0, user_data=(nil)
D: (rx_q[0]): ctx=0x20006fec, pkt=0x2002e9c0, st=0, user_data=(nil)
D: (rx_q[0]): ctx=0x20006fec, pkt=0x2002eb70, st=0, user_data=(nil)
D: (rx_q[0]): ctx=0x20006f64, pkt=0x2002eae0, st=0, user_data=(nil)
D: (rx_q[0]): ctx=0x20006f64, pkt=0x2002eae0, st=0, user_data=(nil)
D: cport 1 accepted connection from [192.0.2.1]:49990 as fd 6
D: connected socket 4
Running test suite greybus_gpio
===================================================================
START - test_greybus_gpio_protocol_version
D: test_greybus_gpio_protocol_version()
D: send(4, 0x2002a8d4, 8, 0)
D: wrote 8 bytes
D: returning 8
D: (rx_q[0]): ctx=0x20006fec, pkt=0x2002ec00, st=0, user_data=(nil)
D: gb_gpio_protocol_version: 0
D: gb: send(6, 0x200368a0, 10, 0)
D: (rx_q[0]): ctx=0x20006f64, pkt=0x2002eae0, st=0, user_data=(nil)
 PASS - test_greybus_gpio_protocol_version
===================================================================
START - test_greybus_gpio_cport_shutdown
D: test_greybus_gpio_cport_shutdown()
 PASS - test_greybus_gpio_cport_shutdown
===================================================================
START - test_greybus_gpio_line_count
D: test_greybus_gpio_line_count()
D: send(4, 0x2002a8dc, 8, 0)
D: wrote 8 bytes
D: returning 8
D: (rx_q[0]): ctx=0x20006fec, pkt=0x2002eae0, st=0, user_data=(nil)
D: gb_gpio_line_count: 0
D: gb: send(6, 0x200368a0, 9, 0)
D: (rx_q[0]): ctx=0x20006f64, pkt=0x2002eb70, st=0, user_data=(nil)
 PASS - test_greybus_gpio_line_count
===================================================================
START - test_greybus_gpio_activate
D: test_greybus_gpio_activate()
D: send(4, 0x2002a8ec, 9, 0)
D: wrote 9 bytes
D: returning 9
D: (rx_q[0]): ctx=0x20006fec, pkt=0x2002eb70, st=0, user_data=(nil)
D: gb_gpio_activate: 0
D: gb: send(6, 0x200368a0, 8, 0)
D: (rx_q[0]): ctx=0x20006f64, pkt=0x2002e978, st=0, user_data=(nil)
 PASS - test_greybus_gpio_activate
===================================================================
START - test_greybus_gpio_deactivate
D: test_greybus_gpio_deactivate()
D: send(4, 0x2002a8ec, 9, 0)
D: wrote 9 bytes
D: returning 9
D: (rx_q[0]): ctx=0x20006fec, pkt=0x2002e978, st=0, user_data=(nil)
D: gb_gpio_deactivate: 0
D: gb: send(6, 0x200368a0, 8, 0)
D: (rx_q[0]): ctx=0x20006f64, pkt=0x2002ebb8, st=0, user_data=(nil)
 PASS - test_greybus_gpio_deactivate
===================================================================
START - test_greybus_gpio_get_direction
D: test_greybus_gpio_get_direction()
D: send(4, 0x2002a8d8, 9, 0)
D: wrote 9 bytes
D: returning 9
D: (rx_q[0]): ctx=0x20006fec, pkt=0x2002ebb8, st=0, user_data=(nil)
D: gb_gpio_get_direction: 0
D: gb: send(6, 0x20036898, 9, 0)
D: (rx_q[0]): ctx=0x20006f64, pkt=0x2002ea98, st=0, user_data=(nil)
 PASS - test_greybus_gpio_get_direction
===================================================================
START - test_greybus_gpio_direction_input
D: test_greybus_gpio_direction_input()
D: send(4, 0x2002a8ec, 9, 0)
D: wrote 9 bytes
D: returning 9
D: (rx_q[0]): ctx=0x20006fec, pkt=0x2002ea98, st=0, user_data=(nil)
D: gb: send(6, 0x2000da0c, 9, 0)
D: (rx_q[0]): ctx=0x20006f64, pkt=0x2002ec00, st=0, user_data=(nil)
D: gb_gpio_direction_in: 0
D: gb: send(6, 0x200368a0, 8, 0)
D: (rx_q[0]): ctx=0x20006f64, pkt=0x2002eb70, st=0, user_data=(nil)
 PASS - test_greybus_gpio_direction_input
===================================================================
START - test_greybus_gpio_direction_output
D: gb: send(6, 0x2002a84c, 9, 0)
D: send(4, 0x2002a8cc, 10, 0)
D: wrote 10 bytes
D: returning 10
D: (rx_q[0]): ctx=0x20006f64, pkt=0x2002ec00, st=0, user_data=(nil)
D: (rx_q[0]): ctx=0x20006fec, pkt=0x2002ea98, st=0, user_data=(nil)
E: send: 5
D: (greybus[1]): close: ctx=0x20002ab4, fd=6
D: (rx_q[0]): ctx=0x20006f64, pkt=0x2002eae0, st=0, user_data=(nil)

    Assertion failed at CMAKE_SOURCE_DIR/src/gpio.c:257: tx_rx: (hdr_size not equal to r)
recv: expected: 8 actual: 0
 FAIL - test_greybus_gpio_direction_output
 ...
 ===================================================================
PROJECT EXECUTION FAILED