Feature: ssl abstraction #1999
Feature: ssl abstraction #1999
Conversation
slaff
force-pushed
the
feature/ssl-abstraction
branch
from
68dde5f
to
530bdd9
Compare
|
Following on from slaff#40
Further, let's shift everything into the project. Get rid of The application then explicitly registers an SSL implementation: If no implementation is registered, or it's null, then no SSL is used.
With the above approach, we can add multiple SSL Components to a project and pick the one to use, whilst allowing access to the code from other libraries. That means there's no problem having Future work
|
Sming/Core/Network/Ssl/SslCrypto.h
Outdated
| extern "C" { | ||
| #endif | ||
|
|
||
| void hmac_md5(const uint8_t* msg, int length, const uint8_t* key, int key_len, uint8_t* digest); |
There was a problem hiding this comment.
Too many parameters for an interface function, not strongly typed, no length for digest parameter.
I'd lose the extern "C" as a minimum, can always use an inline or templated wrapper on top of the library implementation(s).
There was a problem hiding this comment.
All these MD5 functions are provided in the ESP ROM. This is a good place to bring them out, only need to use axtls for Host support. See also #1999.
|
Is there any accepted standard for C++ crypto/SSL library interfaces? I've found https://github.com/weidai11/cryptopp and there are likely boost libraries around. General question: What sort of SSL/crypto code might we want to run on Sming? What's it written for? How can we simplify porting? Also re. namespaces. A quick Sming search reveals ContentType, MallocCount, FSTR, NanoTime, PolledTimer, Json, RingTone, Profiling. So it seems logical that we'll pick If we end up namespacing everything in Sming (then using aliases for backward-compatibility) then it might even end up being |
|
@mikee47 if you want take this PR and develop it further. I like your suggestions a lot. With the speed and spare time that I have it will take me ages to finish it (or at least not before February, 2020). |
|
@slaff OK. If you want to push any outstanding stuff to your branch we can work from there? |
Just take it as it is. Create a clone in your own repository of this branch. After that close this PR and open a new PR with your branch. |
|
@slaff Could you rebase your PR? Made some progress. |
slaff
force-pushed
the
feature/ssl-abstraction
branch
from
705ea5c
to
bd24d6a
Compare
Yep, should be ready for you. |
Lwirax is the "glue" between LWIP raw (async) mode and axTLS. We still need it. |
I've integrated the necessary bits into |
|
@mikee47 Thanks a lot for the Session.cpp/h implementation! With your help the SSL abstraction might arrive earlier than expected :) |
slaff
force-pushed
the
feature/ssl-abstraction
branch
from
feb4966
to
2b38288
Compare
Done. |
We can just add |
|
@slaff Thanks! That would never have ocurred to me in a milllon years. LOL. I'm looking at BearSSL now using the esp8266-arduino directly seems best. |
|
Codacy warning: should have used delete[] instead of delete. Will fix it in next PR. |
|
@slaff Have you any pointers for an SSL server sample application? As far as I can see the samples are all client-focussed. |
Take one of the HttpServer samples and try to make the following changes: https://github.com/SmingHub/Sming/wiki/How-to-use-SSL-in-HttpServer |
|
We need a mechanism for applications to configure all the SSL session options. At present we have a few items stored within an HttpRequest:
Applications then set:
Or something similar. This gets called by the SSL layer before a connection is created. It's difficult to tell what additional options we might want to set in the future, so something like this means we only need to update Session to support those and expose them for application use. |
…ompile the complete network stack.
…at we might want to use axtls-8266 as crypto library without having to use it as a SSL implementation.
* Review changes 1.2 Omit `virtual` from overridden destructors Change `decrypted` parameter a `pbuf*&` (instead of pbuf**) Remove default parameter values from implementation Use enums in preference to #define * Rationalise header files, remove `Interface` sub-directory and `SslStructs.h`, delete `DummySsl` Component * Add Ssl namespace. * Add `Ssl::Session` to contain and manage session information Note: Must free tcp *after* context * Move all the SSL stuff into a separate Component, using a variant to select the implementation. * Add debug print support for Connection, simplify classes. Add `Ssl::Connection::printTo()` Move code into header Add `CipherSuite` definitions.
* fix `make cs` - todo: how to make this pluggable? * Update axtls-8266 to head, and copy compat read/write functions * Integrate read/write routines from lwirax Rework and simplify read/write routines working directly with axTLS. lwirax not required - fd_client is cast to a ConnectionImpl* Don't need to create `extension` on heap, just make it a member of `Session` Create certificate object on demand * Rename Session methods and remove redundant tcp parameter
* Fix codacy warning - used `delete` instead of `delete[]`. * Fix whole-file patching to include sub-directories * Fix pgmspace.h flies Add __cplusplus guard to Core/pgmspace.h so it can be #included from C source Add missing #includes to sys/pgmspace.h * Remove superfluous Ssl:: qualifiers * Move validators into Session, add `beginHandshake()` and `endHandshake()` methods. * Remove `addSslValidator` and `pinCertificate` methods from TcpClient. HttpClientConnection uses Ssl::Session methods instead. * Add `Connection::freeCertificate()` and use `freeKeyCertAfterHandshake` setting to determine lifetime. For client applications this means the certificate remains available for the completion callback. * Simplify axtls port_read() - don't need intermediate buffer * Rename AXTLS files and classes using `Ax` prefix, remove Connection::calcWriteSize() method. * Move read method into Connection, add readTcpData(), writeTcpData() and encrypt() methods Using same algorithm for BR * Fix validator (wrong method called for PKI) * Move keyCert handling into AxContext, add Connection::getErrorString() method * Free tcp buf in Connection, prior to allocating return buffer * Add AxError strings Using FlashString Map with minor bugfix * Add Bear SSL implementation * Handle handshake completion and verification using callback to Session. Context contains session reference plus tcp. Don't use error return from decrypt() to detect handshake Session resumption handled within Session class * Working with Basic_SSL sample * Get rid of Extension class, move settings into Session. * Sort X509 callback * Simplify Context interface Don't need parameters or `setKeyCert` method, just pull required settings from session Define `Option` enum for session * Fixup `SSL_DEBUG` handling and add alert code string table * Fix 16K block handling - don't attempt to reassemble tcp data * Move Alert/CipherSuite stuff into separate modules, add comment headers * Dynamically allocate buffer according to fragmentSize setting * Fix AXTLS abnormal termination * Move error string stuff into separate module and incorporate AX alert codes * Add callback mechanism for configuring SSL session * Add overload for KeyCertPair::assign() to handle Strings * Copy `make_certs.sh` into ssl Component, keep generated certificates in `cert` directory * Add instance pointer to TCP connection debug messages Cannot debug server code because 2 connections get created (with or without SSL) * Refactor TcpConnection::write Simplify and get rid of inner loop * Increase host TCP_MSS to 1390 * Add `TcpConnection::trySend()` * Implement SSL server connections using HttpServer_ConfigNetwork sample Load certificate and private key as binary data from flash SSL Init handler moved into TcpConnection class Session initialised when TCP connection is accepted (not on listen) Don't cache connection state in Session, just complicates things * Add `getAlert` method for introspection getErrorString and getAlert methods should probably go into the factory (stateless) * Add BrServerConnection class Split out into separate modules with common base BrConnection class
* Don't generate certificate if SSL is disabled * Invoke `sslInitSession` from within `sslCreateSession`. * Enable information/debug messages only when SSL_DEBUG is defined * Further simplify TcpConnection::write * Add certificate DN parsing for BR implementation Revise interface to use standard DN and RDN values
* Fix codacy issues * Fix BRSSL server `BrConnection::write` may write less than the amount requested, but that's fine. Also require bi-directional buffer for server operation. * Don't fail if send buffer full * Don't bother calculating DN hash until requested * Re-instate `writeTcpData()` 'message, but as debug.
slaff
force-pushed
the
feature/ssl-abstraction
branch
from
e916c6f
to
54525a7
Compare
|
OK, I've pushed some changes to your repo. Checked the documentation build and made some changes to that so it's all in the SSL component. |
* Revert changes to FlashString * Documentation/comment updates/fixes * Trying to be consistent with deprecated types * Remove redundant code * Proposed simplification to `state` check in `TcpClient::close()` * Get rid of `sslSessionCacheSize` in HttpServerSettings, and associated `sslInitSession` override If necessary, this value can be changed in application's sslInit callback. * Move trivial methods into header
The purpose of this value is allow applications to limit the buffer size and provide some control over RAM usage. It is up to the SSL implementation/adapter how this is used. At present we have max_fragment_length https://tools.ietf.org/html/rfc6066 but this will change to record_size_limit https://tools.ietf.org/html/rfc8449
New features ------------------ - No-WiFi build option SmingHub#2004 - get more resources if your application is not using WIFI. - Multiple SSL adapters based on axTLS and BearSSL. SmingHub#1999 - Added basic Crypto support library SmingHub#2014 - Updates framework to build using GCC 9.2.0 toolchain for C++17. SmingHub#1825 - Modbus master SmingHub#1992 - Implemented Small String Optimisation (SSO). SmingHub#1951 - Webcam stream and sample webcam web server. SmingHub#1981 - Allow HTTP connections to ignore rejected body content SmingHub#1928 Improvements ------------------- - Some improvements to multipart parser SmingHub#2007 - Update ArduinoJson to 6.13.0 SmingHub#1979 - Added precaching from Arduino for ESP8266. SmingHub#1965 - Add support for 'Expect: 100-continue' in HTTP server. SmingHub#1931 - Upgrade to FlashString Library SmingHub#1974, SmingHub#2013 Bug fixes ------------- - Updated mqtt-codec to allow publish messages without payload. SmingHub#1976 - HttpConnection freed twice. SmingHub#1938 - Hangs at startup when custom heap enabled. SmingHub#1996 - Fix issues reported by valgrind SmingHub#2017 Breaking changes and Migration ------------------------------------------- - See our [dedicated page](https://sming.readthedocs.io/en/latest/upgrading/4.0-4.1.html) for migration from 4.0.0 to 4.1.0. All PRs scheduled for this release can be seen from [here](https://github.com/SmingHub/Sming/milestone/23)
New features ------------------ - No-WiFi build option SmingHub#2004 - get more resources if your application is not using WIFI. - Multiple SSL adapters based on axTLS and BearSSL. SmingHub#1999 - Added basic Crypto support library SmingHub#2014 - Updates framework to build using GCC 9.2.0 toolchain for C++17. SmingHub#1825 - Modbus master SmingHub#1992 - Implemented Small String Optimisation (SSO). SmingHub#1951 - Webcam stream and sample webcam web server. SmingHub#1981 - Allow HTTP connections to ignore rejected body content SmingHub#1928 Improvements ------------------- - Some improvements to multipart parser SmingHub#2007 - Update ArduinoJson to 6.13.0 SmingHub#1979 - Added precaching from Arduino for ESP8266. SmingHub#1965 - Add support for 'Expect: 100-continue' in HTTP server. SmingHub#1931 - Upgrade to FlashString Library SmingHub#1974, SmingHub#2013 Bug fixes ------------- - Updated mqtt-codec to allow publish messages without payload. SmingHub#1976 - HttpConnection freed twice. SmingHub#1938 - Hangs at startup when custom heap enabled. SmingHub#1996 - Fix issues reported by valgrind SmingHub#2017 Breaking changes and Migration ------------------------------------------- - See our [dedicated page](https://sming.readthedocs.io/en/latest/upgrading/4.0-4.1.html) for migration from 4.0.0 to 4.1.0. All PRs scheduled for this release can be seen from [here](https://github.com/SmingHub/Sming/milestone/23)
This is the initial draft for a SSL abstraction that will allow Sming users to change seamlessly between different SSL implementations and without the need to recompile the whole framework.
This PR is still Work-In-Progress(WIP).
Related to #1993 and #1713.
We now have a single
sslComponent which contains code to use the selected implementation. It generates a library variant as required, including when SSL is disabled. As the public interface is fixed, no recompilation of the framework is required when switching between implementations.sslComponent. Does it make sense? Is should be logical and easy to follow - if not, fix it.Ssl::Session. Change this into a class with methods.lwiraxcompatibility layer is now probably surplus to requirements - we don't need two levels of abstraction - so remove this and work withaxtls-8266directly.onDownloaddoesn't print certificate details. This is because axTLS disposes of them on handshake completion. We can (a) tell axTLS to keep hold of the certificates by settingssl->can_free_certificates = false, or (b) constructCertificateImplat that point and take a copy of the certificate data, (c) add anonSslHandshakeCompletecallback for application use. Probably do (a) with an option flag.