frodovdr/hyperion.ng
1
0
Fork 0
mirror of https://github.com/hyperion-project/hyperion.ng.git synced 2025-03-01 10:33:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Support MBEDTLS 3 (#1374)

Browse Source 
* Support MBEDTLS 3

* mbedTLS 2 & 3 support (incl. System libs)

Co-authored-by: Markus <16664240+Paulchen-Panther@users.noreply.github.com>
This commit is contained in:
LordGrey
2021-11-18 20:58:56 +00:00
committed by GitHub
parent f156f52123
commit 7311c3e424
7 changed files with 147 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
cmake/Findmbedtls.cmake
View File

@@ -7,9 +7,16 @@ find_library(MBEDTLS_CRYPTO_LIBRARY mbedcrypto)
set(MBEDTLS_LIBRARIES ${MBEDTLS_SSL_LIBRARY} ${MBEDTLS_X509_LIBRARY} ${MBEDTLS_CRYPTO_LIBRARY})
set(MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARIES} PARENT_SCOPE)
if (MBEDTLS_INCLUDE_DIR AND EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h")
file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" _MBEDTLS_VERSION_STRING REGEX "^#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[0-9]+.[0-9]+.[0-9]+\"")
string(REGEX REPLACE "^.*MBEDTLS_VERSION_STRING.*([0-9]+.[0-9]+.[0-9]+).*" "\\1" MBEDTLS_VERSION "${_MBEDTLS_VERSION_STRING}")
if (MBEDTLS_INCLUDE_DIR)
if (EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h")
file(STRINGS ${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h _MBEDTLS_VERSION_LINE REGEX "^#define[ \t]+MBEDTLS_VERSION_STRING[\t ].*")
string(REGEX REPLACE ".*MBEDTLS_VERSION_STRING[\t ]+\"(.*)\"" "\\1" MBEDTLS_VERSION ${_MBEDTLS_VERSION_LINE})
set (MBEDTLS_VERSION ${MBEDTLS_VERSION} PARENT_SCOPE)
elseif(EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h")
file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" _MBEDTLS_VERSION_STRING REGEX "^#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[0-9]+.[0-9]+.[0-9]+\"")
string(REGEX REPLACE "^.*MBEDTLS_VERSION_STRING.*([0-9]+.[0-9]+.[0-9]+).*" "\\1" MBEDTLS_VERSION "${_MBEDTLS_VERSION_STRING}")
set (MBEDTLS_VERSION ${MBEDTLS_VERSION} PARENT_SCOPE)
endif()
endif ()
if (MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARIES AND MBEDTLS_VERSION)
@@ -20,10 +27,11 @@ if (MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARIES AND MBEDTLS_VERSION)
REQUIRED_VARS
MBEDTLS_INCLUDE_DIR
MBEDTLS_LIBRARIES
VERSION_VAR
MBEDTLS_VERSION
)
mark_as_advanced (MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARIES MBEDTLS_SSL_LIBRARY MBEDTLS_X509_LIBRARY MBEDTLS_CRYPTO_LIBRARY)
mark_as_advanced (MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARIES MBEDTLS_SSL_LIBRARY MBEDTLS_X509_LIBRARY MBEDTLS_CRYPTO_LIBRARY MBEDTLS_VERSION)
endif (MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARIES AND MBEDTLS_VERSION)

2
dependencies/CMakeLists-mbedtls.txt.in vendored
View File

@@ -14,7 +14,7 @@ include(ExternalProject)
ExternalProject_Add(
mbedtls
GIT_REPOSITORY "https://github.com/ARMmbed/mbedtls.git"
GIT_TAG "v2.27.0" # Latest 2.x Version
GIT_TAG origin/master
BUILD_ALWAYS OFF
DOWNLOAD_DIR "${DOWNLOAD_DIR}"
SOURCE_DIR "${SOURCE_DIR}"

18
dependencies/CMakeLists.txt vendored
View File

@@ -241,7 +241,7 @@ if (NOT USE_SYSTEM_MBEDTLS_LIBS)
FetchContent_Declare(
mbedtls
GIT_REPOSITORY https://github.com/ARMmbed/mbedtls.git
GIT_TAG "v2.27.0" # Latest 2.x Version
GIT_TAG origin/master
BUILD_ALWAYS OFF
GIT_PROGRESS 1
DOWNLOAD_DIR "${MBEDTLS_DOWNLOAD_DIR}"
@@ -286,10 +286,18 @@ if (NOT USE_SYSTEM_MBEDTLS_LIBS)
set (MBEDTLS_INCLUDE_DIR "${MBEDTLS_SOURCE_DIR}/include")
set (MBEDTLS_INCLUDE_DIR ${MBEDTLS_INCLUDE_DIR} PARENT_SCOPE)
if (MBEDTLS_INCLUDE_DIR AND EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h")
file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" _MBEDTLS_VERSION_STRING REGEX "^#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[0-9]+.[0-9]+.[0-9]+\"")
string(REGEX REPLACE "^.*MBEDTLS_VERSION_STRING.*([0-9]+.[0-9]+.[0-9]+).*" "\\1" MBEDTLS_VERSION "${_MBEDTLS_VERSION_STRING}")
message(STATUS "Using static mbedtls libraries (build version \"${MBEDTLS_VERSION}\")")
if (MBEDTLS_INCLUDE_DIR)
if (EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h")
file(STRINGS ${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h _MBEDTLS_VERSION_LINE REGEX "^#define[ \t]+MBEDTLS_VERSION_STRING[\t ].*")
string(REGEX REPLACE ".*MBEDTLS_VERSION_STRING[\t ]+\"(.*)\"" "\\1" MBEDTLS_VERSION ${_MBEDTLS_VERSION_LINE})
set (MBEDTLS_VERSION ${MBEDTLS_VERSION} PARENT_SCOPE)
message(STATUS "Using static mbedtls libraries (build version \"${MBEDTLS_VERSION}\")")
elseif(EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h")
file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" _MBEDTLS_VERSION_STRING REGEX "^#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[0-9]+.[0-9]+.[0-9]+\"")
string(REGEX REPLACE "^.*MBEDTLS_VERSION_STRING.*([0-9]+.[0-9]+.[0-9]+).*" "\\1" MBEDTLS_VERSION "${_MBEDTLS_VERSION_STRING}")
set (MBEDTLS_VERSION ${MBEDTLS_VERSION} PARENT_SCOPE)
message(STATUS "Using static mbedtls libraries (build version \"${MBEDTLS_VERSION}\")")
endif()
endif ()
include_directories(${MBEDTLS_INCLUDE_DIR})

2
include/grabber/EncoderThread.h
View File

@@ -135,7 +135,7 @@ public:
for (int i = 0; i < _threadCount; i++)
{
_threads[i] = new Thread<EncoderThread>(new EncoderThread, this);
_threads[i]->setObjectName("Encoder " + i);
_threads[i]->setObjectName("Encoder " + QString::number(i));
}
}

8
libsrc/leddevice/CMakeLists.txt Executable file → Normal file
View File

@@ -70,6 +70,7 @@ SET( Leddevice_SOURCES
FILE ( WRITE "${CMAKE_BINARY_DIR}/LedDevice_headers.h" "#pragma once\n\n//this file is autogenerated, don't touch it\n\n" )
FILE ( WRITE "${CMAKE_BINARY_DIR}/LedDevice_register.cpp" "//this file is autogenerated, don't touch it\n\n" )
FOREACH( f ${Leddevice_SOURCES} )
# MESSAGE (STATUS "Add led device: ${f}")
if ( "${f}" MATCHES "dev_.*/Led.evice.+h$" )
GET_FILENAME_COMPONENT(fname ${f} NAME)
FILE ( APPEND "${CMAKE_BINARY_DIR}/LedDevice_headers.h" "#include \"${fname}\"\n" )
@@ -86,7 +87,7 @@ target_link_libraries(leddevice
hyperion-utils
${CMAKE_THREAD_LIBS_INIT}
Qt${QT_VERSION_MAJOR}::Network
Qt${QT_VERSION_MAJOR}::SerialPort
Qt${QT_VERSION_MAJOR}::SerialPort
ssdp
)
@@ -117,3 +118,8 @@ if (NOT DEFAULT_USE_SYSTEM_MBEDTLS_LIBS)
target_include_directories(leddevice PRIVATE ${MBEDTLS_INCLUDE_DIR})
endif (MBEDTLS_LIBRARIES)
endif ()
string(REGEX MATCH "[0-9]+|-([A-Za-z0-9_.]+)" MBEDTLS_MAJOR ${MBEDTLS_VERSION})
if (MBEDTLS_MAJOR EQUAL "3")
target_compile_definitions(leddevice PRIVATE USE_MBEDTLS3)
endif()

130
libsrc/leddevice/dev_net/ProviderUdpSSL.cpp
View File

@@ -2,6 +2,7 @@
// STL includes
#include <cstdio>
#include <exception>
#include <algorithm>
// Linux includes
#include <fcntl.h>
@@ -11,7 +12,6 @@
// Local Hyperion includes
#include "ProviderUdpSSL.h"
#include <utils/QStringUtils.h>
const int MAX_RETRY = 5;
const ushort MAX_PORT_SSL = 65535;
@@ -22,6 +22,7 @@ ProviderUdpSSL::ProviderUdpSSL(const QJsonObject &deviceConfig)
, entropy()
, ssl()
, conf()
, cacert()
, ctr_drbg()
, timer()
, _transport_type("DTLS")
@@ -246,34 +247,32 @@ bool ProviderUdpSSL::initConnection()
bool ProviderUdpSSL::seedingRNG()
{
sslLog("Seeding the random number generator...");
sslLog( "Seeding the random number generator..." );
mbedtls_entropy_init(&entropy);
sslLog("Set mbedtls_ctr_drbg_seed...");
sslLog( "Set mbedtls_ctr_drbg_seed..." );
QByteArray customDataArray = _custom.toLocal8Bit();
const char* customData = customDataArray.constData();
int ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
&entropy, reinterpret_cast<const unsigned char*>(customData),
std::min(strlen(customData), (size_t)MBEDTLS_CTR_DRBG_MAX_SEED_INPUT));
&entropy, reinterpret_cast<const unsigned char*>(customData),
std::min(strlen(customData), (size_t)MBEDTLS_CTR_DRBG_MAX_SEED_INPUT));
if (ret != 0)
{
sslLog(QString("mbedtls_ctr_drbg_seed FAILED %1").arg(errorMsg(ret)), "error");
sslLog( QString("mbedtls_ctr_drbg_seed FAILED %1").arg( errorMsg( ret ) ), "error" );
return false;
}
sslLog("Seeding the random number generator...ok");
sslLog( "Seeding the random number generator...ok" );
return true;
}
bool ProviderUdpSSL::setupStructure()
{
int ret = 0;
sslLog( QString( "Setting up the %1 structure").arg( _transport_type ) );
//TLS MBEDTLS_SSL_TRANSPORT_STREAM
@@ -281,7 +280,9 @@ bool ProviderUdpSSL::setupStructure()
int transport = ( _transport_type == "DTLS" ) ? MBEDTLS_SSL_TRANSPORT_DATAGRAM : MBEDTLS_SSL_TRANSPORT_STREAM;
if ((ret = mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, transport, MBEDTLS_SSL_PRESET_DEFAULT)) != 0)
int ret = mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, transport, MBEDTLS_SSL_PRESET_DEFAULT);
if (ret != 0)
{
sslLog( QString("mbedtls_ssl_config_defaults FAILED %1").arg( errorMsg( ret ) ), "error" );
return false;
@@ -291,12 +292,11 @@ bool ProviderUdpSSL::setupStructure()
if( _debugStreamer )
{
int s = ( sizeof( ciphersuites ) ) / sizeof( int );
QString cipher_values;
for(int i=0; i<s; i++)
for(int i=0; ciphersuites != nullptr && ciphersuites[i] != 0; i++)
{
if(i > 0) cipher_values.append(", ");
if (i > 0)
cipher_values.append(", ");
cipher_values.append(QString::number(ciphersuites[i]));
}
@@ -304,8 +304,6 @@ bool ProviderUdpSSL::setupStructure()
}
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
//mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
//mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
mbedtls_ssl_conf_ciphersuites(&conf, ciphersuites);
@@ -343,15 +341,15 @@ bool ProviderUdpSSL::startUPDConnection()
{
sslLog( "init SSL Network -> startUPDConnection" );
int ret = 0;
mbedtls_ssl_session_reset(&ssl);
if(!setupPSK()) return false;
sslLog( QString("Connecting to udp %1:%2").arg( _address.toString() ).arg( _ssl_port ) );
if ((ret = mbedtls_net_connect( &client_fd, _address.toString().toUtf8(), std::to_string(_ssl_port).c_str(), MBEDTLS_NET_PROTO_UDP)) != 0)
int ret = mbedtls_net_connect(&client_fd, _address.toString().toUtf8(), std::to_string(_ssl_port).c_str(), MBEDTLS_NET_PROTO_UDP);
if (ret != 0)
{
sslLog( QString("mbedtls_net_connect FAILED %1").arg( errorMsg( ret ) ), "error" );
return false;
@@ -367,15 +365,19 @@ bool ProviderUdpSSL::startUPDConnection()
bool ProviderUdpSSL::setupPSK()
{
int ret;
QByteArray pskArray = _psk.toUtf8();
QByteArray pskRawArray = QByteArray::fromHex(pskArray);
QByteArray pskIdArray = _psk_identity.toUtf8();
QByteArray pskIdRawArray = pskIdArray;
if (0 != (ret = mbedtls_ssl_conf_psk( &conf, ( const unsigned char* ) pskRawArray.data(), pskRawArray.length() * sizeof(char), reinterpret_cast<const unsigned char *> ( pskIdRawArray.data() ), pskIdRawArray.length() * sizeof(char) ) ) )
int ret = mbedtls_ssl_conf_psk( &conf,
reinterpret_cast<const unsigned char*> (pskRawArray.constData()),
pskRawArray.length() * sizeof(char),
reinterpret_cast<const unsigned char*> (pskIdRawArray.constData()),
pskIdRawArray.length() * sizeof(char));
if (ret != 0)
{
sslLog( QString("mbedtls_ssl_conf_psk FAILED %1").arg( errorMsg( ret ) ), "error" );
return false;
@@ -460,9 +462,12 @@ void ProviderUdpSSL::freeSSLConnection()
}
}
void ProviderUdpSSL::writeBytes(unsigned size, const unsigned char * data)
void ProviderUdpSSL::writeBytes(unsigned int size, const uint8_t* data)
{
if( _stopConnection ) return;
if ( _stopConnection )
{
return;
}
QMutexLocker locker(&_hueMutex);
@@ -526,6 +531,46 @@ QString ProviderUdpSSL::errorMsg(int ret) {
#else
switch (ret)
{
#if defined(MBEDTLS_ERR_SSL_DECODE_ERROR)
case MBEDTLS_ERR_SSL_DECODE_ERROR:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_DECODE_ERROR -0x7300";
break;
#endif
#if defined(MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER)
case MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER -0x6600";
break;
#endif
#if defined(MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE)
case MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE -0x6E00";
break;
#endif
#if defined(MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION)
case MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION -0x6E80";
break;
#endif
#if defined(MBEDTLS_ERR_SSL_BAD_CERTIFICATE)
case MBEDTLS_ERR_SSL_BAD_CERTIFICATE:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00";
break;
#endif
#if defined(MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME)
case MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME -0x7800";
break;
#endif
#if defined(MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION)
case MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION -0x7500";
break;
#endif
#if defined(MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL)
case MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL -0x7580";
break;
#endif
#if defined(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE)
case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE:
msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080";
@@ -822,3 +867,40 @@ void ProviderUdpSSL::closeSSLNotify()
sslLog( "SSL Connection successful closed" );
}
void ProviderUdpSSL::ProviderUdpSSLDebug(void* ctx, int level, const char* file, int line, const char* str)
{
const char* p, * basename;
(void)ctx;
/* Extract basename from file */
for (p = basename = file; *p != '\0'; p++)
{
if (*p == '/' || *p == '\\')
{
basename = p + 1;
}
}
mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str);
}
int ProviderUdpSSL::ProviderUdpSSLVerify(void* data, mbedtls_x509_crt* crt, int depth, uint32_t* flags)
{
const uint32_t buf_size = 1024;
char* buf = new char[buf_size];
(void)data;
mbedtls_printf("\nVerifying certificate at depth %d:\n", depth);
mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt);
mbedtls_printf("%s", buf);
if (*flags == 0)
mbedtls_printf("No verification issue for this certificate\n");
else
{
mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags);
mbedtls_printf("%s\n", buf);
}
delete[] buf;
return 0;
}

45
libsrc/leddevice/dev_net/ProviderUdpSSL.h
View File

@@ -11,12 +11,15 @@
#include <QThread>
//----------- mbedtls
#if defined(USE_MBEDTLS3)
#include <mbedtls/build_info.h>
#else
#if !defined(MBEDTLS_CONFIG_FILE)
#include <mbedtls/config.h>
#else
#include MBEDTLS_CONFIG_FILE
#endif
#endif
#if defined(MBEDTLS_PLATFORM_C)
#include <mbedtls/platform.h>
@@ -106,7 +109,7 @@ protected:
/// @param[in] size The length of the data
/// @param[in] data The data
///
void writeBytes(unsigned size, const uint8_t *data);
void writeBytes(unsigned int size, const uint8_t *data);
///
/// get ciphersuites list from mbedtls_ssl_list_ciphersuites
@@ -123,46 +126,13 @@ protected:
* Debug callback for mbed TLS
* Just prints on the USB serial port
*/
static void ProviderUdpSSLDebug(void *ctx, int level, const char *file, int line, const char *str)
{
const char *p, *basename;
(void) ctx;
/* Extract basename from file */
for(p = basename = file; *p != '\0'; p++)
{
if(*p == '/' || *p == '\\')
{
basename = p + 1;
}
}
mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str);
}
static void ProviderUdpSSLDebug(void* ctx, int level, const char* file, int line, const char* str);
/**
* Certificate verification callback for mbed TLS
* Here we only use it to display information on each cert in the chain
*/
static int ProviderUdpSSLVerify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags)
{
const uint32_t buf_size = 1024;
char *buf = new char[buf_size];
(void) data;
mbedtls_printf("\nVerifying certificate at depth %d:\n", depth);
mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt);
mbedtls_printf("%s", buf);
if (*flags == 0)
mbedtls_printf("No verification issue for this certificate\n");
else
{
mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags);
mbedtls_printf("%s\n", buf);
}
delete[] buf;
return 0;
}
static int ProviderUdpSSLVerify(void* data, mbedtls_x509_crt* crt, int depth, uint32_t* flags);
///
/// closeSSLNotify and freeSSLConnection
@@ -171,7 +141,6 @@ protected:
private:
bool buildConnection();
bool initConnection();
bool seedingRNG();
bool setupStructure();