diff --git a/cmake/Findmbedtls.cmake b/cmake/Findmbedtls.cmake index f243c924..85fe64b3 100644 --- a/cmake/Findmbedtls.cmake +++ b/cmake/Findmbedtls.cmake @@ -7,9 +7,16 @@ find_library(MBEDTLS_CRYPTO_LIBRARY mbedcrypto) set(MBEDTLS_LIBRARIES ${MBEDTLS_SSL_LIBRARY} ${MBEDTLS_X509_LIBRARY} ${MBEDTLS_CRYPTO_LIBRARY}) set(MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARIES} PARENT_SCOPE) -if (MBEDTLS_INCLUDE_DIR AND EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h") - file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" _MBEDTLS_VERSION_STRING REGEX "^#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[0-9]+.[0-9]+.[0-9]+\"") - string(REGEX REPLACE "^.*MBEDTLS_VERSION_STRING.*([0-9]+.[0-9]+.[0-9]+).*" "\\1" MBEDTLS_VERSION "${_MBEDTLS_VERSION_STRING}") +if (MBEDTLS_INCLUDE_DIR) + if (EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h") + file(STRINGS ${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h _MBEDTLS_VERSION_LINE REGEX "^#define[ \t]+MBEDTLS_VERSION_STRING[\t ].*") + string(REGEX REPLACE ".*MBEDTLS_VERSION_STRING[\t ]+\"(.*)\"" "\\1" MBEDTLS_VERSION ${_MBEDTLS_VERSION_LINE}) + set (MBEDTLS_VERSION ${MBEDTLS_VERSION} PARENT_SCOPE) + elseif(EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h") + file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" _MBEDTLS_VERSION_STRING REGEX "^#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[0-9]+.[0-9]+.[0-9]+\"") + string(REGEX REPLACE "^.*MBEDTLS_VERSION_STRING.*([0-9]+.[0-9]+.[0-9]+).*" "\\1" MBEDTLS_VERSION "${_MBEDTLS_VERSION_STRING}") + set (MBEDTLS_VERSION ${MBEDTLS_VERSION} PARENT_SCOPE) + endif() endif () if (MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARIES AND MBEDTLS_VERSION) @@ -20,10 +27,11 @@ if (MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARIES AND MBEDTLS_VERSION) REQUIRED_VARS MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARIES + VERSION_VAR MBEDTLS_VERSION ) - mark_as_advanced (MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARIES MBEDTLS_SSL_LIBRARY MBEDTLS_X509_LIBRARY MBEDTLS_CRYPTO_LIBRARY) + mark_as_advanced (MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARIES MBEDTLS_SSL_LIBRARY MBEDTLS_X509_LIBRARY MBEDTLS_CRYPTO_LIBRARY MBEDTLS_VERSION) endif (MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARIES AND MBEDTLS_VERSION) diff --git a/dependencies/CMakeLists-mbedtls.txt.in b/dependencies/CMakeLists-mbedtls.txt.in index d30bc08a..12888d5b 100644 --- a/dependencies/CMakeLists-mbedtls.txt.in +++ b/dependencies/CMakeLists-mbedtls.txt.in @@ -14,7 +14,7 @@ include(ExternalProject) ExternalProject_Add( mbedtls GIT_REPOSITORY "https://github.com/ARMmbed/mbedtls.git" - GIT_TAG "v2.27.0" # Latest 2.x Version + GIT_TAG origin/master BUILD_ALWAYS OFF DOWNLOAD_DIR "${DOWNLOAD_DIR}" SOURCE_DIR "${SOURCE_DIR}" diff --git a/dependencies/CMakeLists.txt b/dependencies/CMakeLists.txt index 44102ff7..bd7bdd21 100644 --- a/dependencies/CMakeLists.txt +++ b/dependencies/CMakeLists.txt @@ -241,7 +241,7 @@ if (NOT USE_SYSTEM_MBEDTLS_LIBS) FetchContent_Declare( mbedtls GIT_REPOSITORY https://github.com/ARMmbed/mbedtls.git - GIT_TAG "v2.27.0" # Latest 2.x Version + GIT_TAG origin/master BUILD_ALWAYS OFF GIT_PROGRESS 1 DOWNLOAD_DIR "${MBEDTLS_DOWNLOAD_DIR}" @@ -286,10 +286,18 @@ if (NOT USE_SYSTEM_MBEDTLS_LIBS) set (MBEDTLS_INCLUDE_DIR "${MBEDTLS_SOURCE_DIR}/include") set (MBEDTLS_INCLUDE_DIR ${MBEDTLS_INCLUDE_DIR} PARENT_SCOPE) - if (MBEDTLS_INCLUDE_DIR AND EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h") - file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" _MBEDTLS_VERSION_STRING REGEX "^#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[0-9]+.[0-9]+.[0-9]+\"") - string(REGEX REPLACE "^.*MBEDTLS_VERSION_STRING.*([0-9]+.[0-9]+.[0-9]+).*" "\\1" MBEDTLS_VERSION "${_MBEDTLS_VERSION_STRING}") - message(STATUS "Using static mbedtls libraries (build version \"${MBEDTLS_VERSION}\")") + if (MBEDTLS_INCLUDE_DIR) + if (EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h") + file(STRINGS ${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h _MBEDTLS_VERSION_LINE REGEX "^#define[ \t]+MBEDTLS_VERSION_STRING[\t ].*") + string(REGEX REPLACE ".*MBEDTLS_VERSION_STRING[\t ]+\"(.*)\"" "\\1" MBEDTLS_VERSION ${_MBEDTLS_VERSION_LINE}) + set (MBEDTLS_VERSION ${MBEDTLS_VERSION} PARENT_SCOPE) + message(STATUS "Using static mbedtls libraries (build version \"${MBEDTLS_VERSION}\")") + elseif(EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h") + file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" _MBEDTLS_VERSION_STRING REGEX "^#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[0-9]+.[0-9]+.[0-9]+\"") + string(REGEX REPLACE "^.*MBEDTLS_VERSION_STRING.*([0-9]+.[0-9]+.[0-9]+).*" "\\1" MBEDTLS_VERSION "${_MBEDTLS_VERSION_STRING}") + set (MBEDTLS_VERSION ${MBEDTLS_VERSION} PARENT_SCOPE) + message(STATUS "Using static mbedtls libraries (build version \"${MBEDTLS_VERSION}\")") + endif() endif () include_directories(${MBEDTLS_INCLUDE_DIR}) diff --git a/include/grabber/EncoderThread.h b/include/grabber/EncoderThread.h index be88dd82..d1f5ad5d 100644 --- a/include/grabber/EncoderThread.h +++ b/include/grabber/EncoderThread.h @@ -135,7 +135,7 @@ public: for (int i = 0; i < _threadCount; i++) { _threads[i] = new Thread(new EncoderThread, this); - _threads[i]->setObjectName("Encoder " + i); + _threads[i]->setObjectName("Encoder " + QString::number(i)); } } diff --git a/libsrc/leddevice/CMakeLists.txt b/libsrc/leddevice/CMakeLists.txt old mode 100755 new mode 100644 index c604a7e1..69a4db4c --- a/libsrc/leddevice/CMakeLists.txt +++ b/libsrc/leddevice/CMakeLists.txt @@ -70,6 +70,7 @@ SET( Leddevice_SOURCES FILE ( WRITE "${CMAKE_BINARY_DIR}/LedDevice_headers.h" "#pragma once\n\n//this file is autogenerated, don't touch it\n\n" ) FILE ( WRITE "${CMAKE_BINARY_DIR}/LedDevice_register.cpp" "//this file is autogenerated, don't touch it\n\n" ) FOREACH( f ${Leddevice_SOURCES} ) + # MESSAGE (STATUS "Add led device: ${f}") if ( "${f}" MATCHES "dev_.*/Led.evice.+h$" ) GET_FILENAME_COMPONENT(fname ${f} NAME) FILE ( APPEND "${CMAKE_BINARY_DIR}/LedDevice_headers.h" "#include \"${fname}\"\n" ) @@ -86,7 +87,7 @@ target_link_libraries(leddevice hyperion-utils ${CMAKE_THREAD_LIBS_INIT} Qt${QT_VERSION_MAJOR}::Network - Qt${QT_VERSION_MAJOR}::SerialPort + Qt${QT_VERSION_MAJOR}::SerialPort ssdp ) @@ -117,3 +118,8 @@ if (NOT DEFAULT_USE_SYSTEM_MBEDTLS_LIBS) target_include_directories(leddevice PRIVATE ${MBEDTLS_INCLUDE_DIR}) endif (MBEDTLS_LIBRARIES) endif () + +string(REGEX MATCH "[0-9]+|-([A-Za-z0-9_.]+)" MBEDTLS_MAJOR ${MBEDTLS_VERSION}) +if (MBEDTLS_MAJOR EQUAL "3") + target_compile_definitions(leddevice PRIVATE USE_MBEDTLS3) +endif() diff --git a/libsrc/leddevice/dev_net/ProviderUdpSSL.cpp b/libsrc/leddevice/dev_net/ProviderUdpSSL.cpp index 507e4d0f..5de82f0a 100644 --- a/libsrc/leddevice/dev_net/ProviderUdpSSL.cpp +++ b/libsrc/leddevice/dev_net/ProviderUdpSSL.cpp @@ -2,6 +2,7 @@ // STL includes #include #include +#include // Linux includes #include @@ -11,7 +12,6 @@ // Local Hyperion includes #include "ProviderUdpSSL.h" -#include const int MAX_RETRY = 5; const ushort MAX_PORT_SSL = 65535; @@ -22,6 +22,7 @@ ProviderUdpSSL::ProviderUdpSSL(const QJsonObject &deviceConfig) , entropy() , ssl() , conf() + , cacert() , ctr_drbg() , timer() , _transport_type("DTLS") @@ -246,34 +247,32 @@ bool ProviderUdpSSL::initConnection() bool ProviderUdpSSL::seedingRNG() { - sslLog("Seeding the random number generator..."); + sslLog( "Seeding the random number generator..." ); mbedtls_entropy_init(&entropy); - sslLog("Set mbedtls_ctr_drbg_seed..."); + sslLog( "Set mbedtls_ctr_drbg_seed..." ); QByteArray customDataArray = _custom.toLocal8Bit(); const char* customData = customDataArray.constData(); int ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, reinterpret_cast(customData), - std::min(strlen(customData), (size_t)MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)); + &entropy, reinterpret_cast(customData), + std::min(strlen(customData), (size_t)MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)); if (ret != 0) { - sslLog(QString("mbedtls_ctr_drbg_seed FAILED %1").arg(errorMsg(ret)), "error"); + sslLog( QString("mbedtls_ctr_drbg_seed FAILED %1").arg( errorMsg( ret ) ), "error" ); return false; } - sslLog("Seeding the random number generator...ok"); + sslLog( "Seeding the random number generator...ok" ); return true; } bool ProviderUdpSSL::setupStructure() { - int ret = 0; - sslLog( QString( "Setting up the %1 structure").arg( _transport_type ) ); //TLS MBEDTLS_SSL_TRANSPORT_STREAM @@ -281,7 +280,9 @@ bool ProviderUdpSSL::setupStructure() int transport = ( _transport_type == "DTLS" ) ? MBEDTLS_SSL_TRANSPORT_DATAGRAM : MBEDTLS_SSL_TRANSPORT_STREAM; - if ((ret = mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, transport, MBEDTLS_SSL_PRESET_DEFAULT)) != 0) + int ret = mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, transport, MBEDTLS_SSL_PRESET_DEFAULT); + + if (ret != 0) { sslLog( QString("mbedtls_ssl_config_defaults FAILED %1").arg( errorMsg( ret ) ), "error" ); return false; @@ -291,12 +292,11 @@ bool ProviderUdpSSL::setupStructure() if( _debugStreamer ) { - int s = ( sizeof( ciphersuites ) ) / sizeof( int ); - QString cipher_values; - for(int i=0; i 0) cipher_values.append(", "); + if (i > 0) + cipher_values.append(", "); cipher_values.append(QString::number(ciphersuites[i])); } @@ -304,8 +304,6 @@ bool ProviderUdpSSL::setupStructure() } mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); - //mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); - //mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); mbedtls_ssl_conf_ciphersuites(&conf, ciphersuites); @@ -343,15 +341,15 @@ bool ProviderUdpSSL::startUPDConnection() { sslLog( "init SSL Network -> startUPDConnection" ); - int ret = 0; - mbedtls_ssl_session_reset(&ssl); if(!setupPSK()) return false; sslLog( QString("Connecting to udp %1:%2").arg( _address.toString() ).arg( _ssl_port ) ); - if ((ret = mbedtls_net_connect( &client_fd, _address.toString().toUtf8(), std::to_string(_ssl_port).c_str(), MBEDTLS_NET_PROTO_UDP)) != 0) + int ret = mbedtls_net_connect(&client_fd, _address.toString().toUtf8(), std::to_string(_ssl_port).c_str(), MBEDTLS_NET_PROTO_UDP); + + if (ret != 0) { sslLog( QString("mbedtls_net_connect FAILED %1").arg( errorMsg( ret ) ), "error" ); return false; @@ -367,15 +365,19 @@ bool ProviderUdpSSL::startUPDConnection() bool ProviderUdpSSL::setupPSK() { - int ret; - QByteArray pskArray = _psk.toUtf8(); QByteArray pskRawArray = QByteArray::fromHex(pskArray); QByteArray pskIdArray = _psk_identity.toUtf8(); QByteArray pskIdRawArray = pskIdArray; - if (0 != (ret = mbedtls_ssl_conf_psk( &conf, ( const unsigned char* ) pskRawArray.data(), pskRawArray.length() * sizeof(char), reinterpret_cast ( pskIdRawArray.data() ), pskIdRawArray.length() * sizeof(char) ) ) ) + int ret = mbedtls_ssl_conf_psk( &conf, + reinterpret_cast (pskRawArray.constData()), + pskRawArray.length() * sizeof(char), + reinterpret_cast (pskIdRawArray.constData()), + pskIdRawArray.length() * sizeof(char)); + + if (ret != 0) { sslLog( QString("mbedtls_ssl_conf_psk FAILED %1").arg( errorMsg( ret ) ), "error" ); return false; @@ -460,9 +462,12 @@ void ProviderUdpSSL::freeSSLConnection() } } -void ProviderUdpSSL::writeBytes(unsigned size, const unsigned char * data) +void ProviderUdpSSL::writeBytes(unsigned int size, const uint8_t* data) { - if( _stopConnection ) return; + if ( _stopConnection ) + { + return; + } QMutexLocker locker(&_hueMutex); @@ -526,6 +531,46 @@ QString ProviderUdpSSL::errorMsg(int ret) { #else switch (ret) { +#if defined(MBEDTLS_ERR_SSL_DECODE_ERROR) + case MBEDTLS_ERR_SSL_DECODE_ERROR: + msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_DECODE_ERROR -0x7300"; + break; +#endif +#if defined(MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER) + case MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER: + msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER -0x6600"; + break; +#endif +#if defined(MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE) + case MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE: + msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE -0x6E00"; + break; +#endif +#if defined(MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION) + case MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION: + msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION -0x6E80"; + break; +#endif +#if defined(MBEDTLS_ERR_SSL_BAD_CERTIFICATE) + case MBEDTLS_ERR_SSL_BAD_CERTIFICATE: + msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00"; + break; +#endif +#if defined(MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME) + case MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME: + msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME -0x7800"; + break; +#endif +#if defined(MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION) + case MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION: + msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION -0x7500"; + break; +#endif +#if defined(MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL) + case MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL: + msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL -0x7580"; + break; +#endif #if defined(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE: msg = "The requested feature is not available. - MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080"; @@ -822,3 +867,40 @@ void ProviderUdpSSL::closeSSLNotify() sslLog( "SSL Connection successful closed" ); } + +void ProviderUdpSSL::ProviderUdpSSLDebug(void* ctx, int level, const char* file, int line, const char* str) +{ + const char* p, * basename; + (void)ctx; + /* Extract basename from file */ + for (p = basename = file; *p != '\0'; p++) + { + if (*p == '/' || *p == '\\') + { + basename = p + 1; + } + } + mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str); +} + +int ProviderUdpSSL::ProviderUdpSSLVerify(void* data, mbedtls_x509_crt* crt, int depth, uint32_t* flags) +{ + const uint32_t buf_size = 1024; + char* buf = new char[buf_size]; + (void)data; + + mbedtls_printf("\nVerifying certificate at depth %d:\n", depth); + mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt); + mbedtls_printf("%s", buf); + + if (*flags == 0) + mbedtls_printf("No verification issue for this certificate\n"); + else + { + mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags); + mbedtls_printf("%s\n", buf); + } + + delete[] buf; + return 0; +} diff --git a/libsrc/leddevice/dev_net/ProviderUdpSSL.h b/libsrc/leddevice/dev_net/ProviderUdpSSL.h index f4b58593..704f115a 100644 --- a/libsrc/leddevice/dev_net/ProviderUdpSSL.h +++ b/libsrc/leddevice/dev_net/ProviderUdpSSL.h @@ -11,12 +11,15 @@ #include //----------- mbedtls - +#if defined(USE_MBEDTLS3) +#include +#else #if !defined(MBEDTLS_CONFIG_FILE) #include #else #include MBEDTLS_CONFIG_FILE #endif +#endif #if defined(MBEDTLS_PLATFORM_C) #include @@ -106,7 +109,7 @@ protected: /// @param[in] size The length of the data /// @param[in] data The data /// - void writeBytes(unsigned size, const uint8_t *data); + void writeBytes(unsigned int size, const uint8_t *data); /// /// get ciphersuites list from mbedtls_ssl_list_ciphersuites @@ -123,46 +126,13 @@ protected: * Debug callback for mbed TLS * Just prints on the USB serial port */ - static void ProviderUdpSSLDebug(void *ctx, int level, const char *file, int line, const char *str) - { - const char *p, *basename; - (void) ctx; - /* Extract basename from file */ - for(p = basename = file; *p != '\0'; p++) - { - if(*p == '/' || *p == '\\') - { - basename = p + 1; - } - } - mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str); - } + static void ProviderUdpSSLDebug(void* ctx, int level, const char* file, int line, const char* str); /** * Certificate verification callback for mbed TLS * Here we only use it to display information on each cert in the chain */ - static int ProviderUdpSSLVerify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags) - { - const uint32_t buf_size = 1024; - char *buf = new char[buf_size]; - (void) data; - - mbedtls_printf("\nVerifying certificate at depth %d:\n", depth); - mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt); - mbedtls_printf("%s", buf); - - if (*flags == 0) - mbedtls_printf("No verification issue for this certificate\n"); - else - { - mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags); - mbedtls_printf("%s\n", buf); - } - - delete[] buf; - return 0; - } + static int ProviderUdpSSLVerify(void* data, mbedtls_x509_crt* crt, int depth, uint32_t* flags); /// /// closeSSLNotify and freeSSLConnection @@ -171,7 +141,6 @@ protected: private: - bool buildConnection(); bool initConnection(); bool seedingRNG(); bool setupStructure();