Conversation
…om sunset for ssh-stamp...
…assumptions around mutexes and rename Fl/FlashCo fig struct names
…onfigure the UART's pins at runtime (possible?) and also pass the config object around (safely/mutex-ing) too
…t a CriticalSectionRawMutex for the SSHConfig. Next up: figure out non-unsafe() ways to steal() pins for the UART pins
…channel, needs more work/thought... also PeripheralRef is not present in 1.0.0-beta.1
Co-authored-by: Marko Malenic <mmalenic1@gmail.com>
… call is now required. The partition checking/handling functionalities might be relevant to @jubeormk1 too, btw
…with the UART operation, need to debug further
…X/TX/CTS/RTS... etc.. pin assignment and at-runtime validation et al Co-authored-by: Marko Malenic <mmalenic1@gmail.com>
…h into fix_passwd_auth
…erialization/deserialization "on the wire" of SSHConfig, unfortunately /cc @mmalenic
Introduced custom Errors Introduced env vars and started refactoring accordingly. Config and peripherals are borrow checker challenges. Co-authored-by: Marko Malenic <mmalenic1@gmail.com>
….. PinConfig no longer needs a new() method but OTOH resolve_pin() requires a bit more rework (or remove it altogether?)
Co-authored-by: Marko Malenic <mmalenic1@gmail.com>
… PinConfig::new()... Also channel cannot send at the end of uart_task() because there's an infinite loop right before. Co-authored-by: Marko Malenic <mmalenic1@gmail.com>
Use channels to send individual pins around... probably we should refactor to Signal instead since message size N=1. Co-authored-by: Marko Malenic <mmalenic1@gmail.com>
…ass SSH's env events
… lifetimes and futures. Co-authored-by: Marko Malenic <mmalenic1@gmail.com>
WARNING: use --release We *strongly* recommend using release profile when building esp-hal. The dev profile can potentially be one or more orders of magnitude slower than release, and may cause issues with timing-senstive peripherals and/or devices.
brainstorm
left a comment
brainstorm
left a comment
There was a problem hiding this comment.
Thanks for fixing the suggestions! 🚀
Over to you @jubeormk1 (and @mmalenic, but only if you feel like it ;))
…l warn us if and when something breaks. Helps with not having to bump minor versions continuously, see https://words.filippo.io/dependabot/ for a gist of the idea
|
@jubeormk1 @Autofix @mmalenic ☝🏻 As of commit 8fcdafd, we have no hardcoded hostkey, it gets generated on-device and stored on FlashConfig. Subsequent re-flashes of code-only do not overwrite that private key (but it's still possible to exfiltrate it via flash dump, of course). From now on you'll see the typical SSH prompt when testing on-device: This is expected/normal, we should not support private key generation off-device (and then shuttling it over env vars, as previously discussed). I've tested in on-hardware (esp32c6) and seems to work, but I need to setup the serial side test jig and/or I'll revisit Julio's remote testing jig as soon as this PR is merged. Still doesn't fix the pub auth itself (more work required), but at least we longer have hardcoded privkeys in code... |
|
HSM nit/design question: the device gets reset after 3 unsuccessful password auth attempts while using the following SSH client options to force password auth: See the events and reboot happening thereafter: I'll try to fix it myself as I'm implementing password auth logic now (issue #20), just raising the issue, we should just close the connection instead of rebooting the whole device. |
I agree. My next step on implementing the HSM is managing the return/fail cases rather than software resets, so I can have a look into that next. I'll write a follow up of the remaining HSM parts in issue #25 after this PR is merged. |
| @@ -0,0 +1,28 @@ | |||
| use esp_hal::hmac::Hmac; | |||
There was a problem hiding this comment.
Difficult to follow which Hmac is which, could we name esp_hal::hmac::Hmac as EspHmac to avoid the type confusion?
There was a problem hiding this comment.
I agree they should be changed but @brainstorm will need to answer this.
Probably it shouldn't be done with this PR.
| pub mod net; | ||
| pub mod rng; | ||
| // TODO: Specialise for Espressif, tricky since it seems to require burning eFuses?: | ||
| // https://github.com/esp-rs/esp-hal/blob/main/examples/src/bin/hmac.rs |
There was a problem hiding this comment.
There was a problem hiding this comment.
Probably shouldn't be done with this PR.
There was a problem hiding this comment.
I like it.
Thanks for taking your time to provide the default pins.
rust-toolchain.toml
Outdated
| # SPDX-License-Identifier: GPL-3.0-or-later | ||
|
|
||
| [toolchain] | ||
| #channel = "nightly" |
There was a problem hiding this comment.
I would remove this line
| [workspace.dependencies] | ||
|
|
||
| sunset = { git = "https://github.com/mkj/sunset", default-features = false, features = [ | ||
| sunset = { git = "https://github.com/jubeormk1/sunset", branch = "dev/sftp-start", default-features = false, features = [ |
There was a problem hiding this comment.
At this point, you do not need to point to my fork/branch I would keep it out but it is ot a big deal. Same for sunset-async and sunset-sshwire-derive
There was a problem hiding this comment.
Is this because you still have not merged your ssh-stamp sftp branch into main? We can leave it for now if you think it will still take some time to merge your sunset fork.
There was a problem hiding this comment.
Agree with @Autofix, I think it's important to have the OTA (even if it's on a personal fork for now) so that it's part the sec audit... hopefully on a not-so-distant future PR you can get the sunset OTA bits merged upstream before the beginning of March?
Cargo.toml
Outdated
|
|
||
| [features] | ||
| ipv6 = [] | ||
| default = ["esp32c6", "sftp-ota"] |
There was a problem hiding this comment.
The sftp-ota feature at this point is a placeholder. Maybe I left it there, but looking at it I don't think that it should be default
There was a problem hiding this comment.
I think calling --no-default-features with every build command disables this anyway. I'll remove the entire line.
jubeormk1
left a comment
jubeormk1
left a comment
There was a problem hiding this comment.
Hi!
It was fun reviewing this. Thanks for considering my comments and well done in general
3 participants
This PR is for the big refactor required by the HSM (Hierachical State Machine). Fixes #25
Summary of changes:
Additionally this PR is built upon: