Add a CAN bus TLS example using ISO-TP transport#279
Conversation
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Great work! Just a few easy cleanups and this will be ready.
|
|
||
| #include "common.h" | ||
|
|
||
| #define ISOTP_BUFSIZE 65535 |
There was a problem hiding this comment.
Why not use the max TLS record size 16KB (16384)?
There was a problem hiding this comment.
It was arbitrary whilst I was getting things running, but a good point. I'll clean up this and the rest.
| ctx = wolfSSL_CTX_new(method); | ||
| if (!ctx) { | ||
| printf("Could not init wolfSSL context\n"); | ||
| return -1; |
| if (wolfSSL_CTX_load_verify_locations(ctx, "client.pem", NULL) | ||
| != SSL_SUCCESS) { | ||
| fprintf(stderr, "ERROR: failed to load cert, please check the file.\n"); | ||
| return -1; |
There was a problem hiding this comment.
Will leak ctx. Perhaps a goto with cleanup would be a good option for this example? I realize this may have been a copy paste from another example, but the example should not leak memory in error cases.
| } | ||
|
|
||
| /* Setup ISO-TP to ID 0x7 and set the buffers */ | ||
| isotp_init_link(&g_link, 0x7, g_isotpSendBuf, sizeof(g_isotpSendBuf), g_isotpRecvBuf, sizeof(g_isotpRecvBuf)); |
There was a problem hiding this comment.
Please limit line length to 80 chars.
| printf("Message sent\n"); | ||
| free(line); | ||
| } | ||
| can_close(); |
There was a problem hiding this comment.
I don't see any cleanup. wolfSSL_free(ssl) or wolfSSL_CTX_free(ctx).
| * buffer and just return what wolfSSL is asking for */ | ||
| int recv_ssl(WOLFSSL* ssl, char* buf, int sz, void* ctx) | ||
| { | ||
| uint8_t data[8]; |
There was a problem hiding this comment.
Can you make the magic 8 data size a macro or enum? I suspect this is the max CAN payload?
| int send_ssl(WOLFSSL *ssl, char *buf, int sz, void *ctx); | ||
| int recv_ssl(WOLFSSL* ssl, char* buf, int sz, void* ctx); | ||
|
|
||
| #endif // __CANCOMMON_H__ |
There was a problem hiding this comment.
Please use C style /* */ comment.
| } | ||
| } | ||
|
|
||
| can_close(); |
| return 1; | ||
| } | ||
| setsockopt(sock, SOL_CAN_RAW, CAN_RAW_FILTER, &rfilter, sizeof(rfilter)); | ||
| struct ifreq ifr; |
There was a problem hiding this comment.
Variables must all be declared at top of function or in brace section.
This provides a simple echo server / client that uses ISO-TP over CAN bus and wolfSSL for TLS.
|
New commit does the following:
|
Leak after Ctrl-C in CAN bus client.
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Great work here. A few review items have not been addressed.
Also with -Wall -Wextra get these warnings:
$ make clean && make
isotp-c/isotp.c: In function ‘isotp_receive_flow_control_frame’:
isotp-c/isotp.c:222:56: warning: unused parameter ‘link’ [-Wunused-parameter]
222 | static int isotp_receive_flow_control_frame(IsoTpLink *link, IsoTpCanMessage *message, uint8_t len) {
| ~~~~~~~~~~~^~~~
isotp-c/isotp.c:222:79: warning: unused parameter ‘message’ [-Wunused-parameter]
222 | static int isotp_receive_flow_control_frame(IsoTpLink *link, IsoTpCanMessage *message, uint8_t len) {
| ~~~~~~~~~~~~~~~~~^~~~~~~
common.c: In function ‘send_ssl’:
common.c:162:34: warning: pointer targets in passing argument 2 of ‘isotp_send’ differ in signedness [-Wpointer-sign]
162 | int ret = isotp_send(g_link, buf, sz);
| ^~~
| |
| char *
In file included from common.h:40,
from common.c:22:
isotp-c/isotp.h:106:47: note: expected ‘const uint8_t *’ {aka ‘const unsigned char *’} but argument is of type ‘char *’
106 | int isotp_send(IsoTpLink *link, const uint8_t payload[], uint16_t size);
| ~~~~~~~~~~~~~~^~~~~~~~~
common.c:157:23: warning: unused parameter ‘ssl’ [-Wunused-parameter]
157 | int send_ssl(WOLFSSL *ssl, char *buf, int sz, void *ctx)
| ~~~~~~~~~^~~
common.c: In function ‘recv_ssl’:
common.c:216:22: warning: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘int’ [-Wsign-compare]
216 | if (copy_buf_len >= sz) {
| ^~
common.c:192:9: warning: unused variable ‘ret’ [-Wunused-variable]
192 | int ret;
| ^~~
common.c:187:23: warning: unused parameter ‘ssl’ [-Wunused-parameter]
187 | int recv_ssl(WOLFSSL* ssl, char* buf, int sz, void* ctx)
| ~~~~~~~~~^~~
common.c: In function ‘sig_handle’:
common.c:252:21: warning: unused parameter ‘dummy’ [-Wunused-parameter]
252 | void sig_handle(int dummy)
| ~~~~^~~~~
client.c: In function ‘main’:
client.c:32:9: warning: unused variable ‘length’ [-Wunused-variable]
32 | int length;
| ^~~~~~
client.c:31:13: warning: unused variable ‘data’ [-Wunused-variable]
31 | uint8_t data[CAN_MSG_LEN];
| ^~~~
| WOLFSSL* ssl = NULL; | ||
|
|
||
| if (type == SERVICE_TYPE_CLIENT) { | ||
| method = wolfTLSv1_2_client_method(); |
There was a problem hiding this comment.
Why not use TLS v1.3? I think it is better suited for this example.
| SSL_FILETYPE_PEM); | ||
| } | ||
|
|
||
| if (ret != SSL_SUCCESS) { |
There was a problem hiding this comment.
Please use our WOLFSSL_SUCCESS. The shorter is the openssl compat version.
| } | ||
|
|
||
| while(keep_running) { | ||
| char reply[64]; |
There was a problem hiding this comment.
Consider adding memset on the reply to make sure it is null terminated. Not all printf's support the %.*s version.
| struct can_frame frame; | ||
| struct pollfd p[1]; | ||
|
|
||
| p[0].fd = sock; |
| p[0].events = POLLIN; | ||
|
|
||
| /* Poll for new data */ | ||
| int retval = poll(p, 1, 10); |
There was a problem hiding this comment.
All variable decorations need to be at top of function or within brace.
There was a problem hiding this comment.
Adding -Wdeclaration-after-statement in the next commit to detect these in future.
|
New commit does the following:
|
* Add warnings to CFLAGS (except for isotp) * Fix items found by warnings * Remove %.*s usage * Fix indentation issue * Use WOLFSSL_* instead of SSL_* constants * Switch to TLS v1.3 * Add missing wolfSSL_Cleanup()
* Init `sock` with -1 and make static * Brace style fix in `isotp_user_debug` * Use wolfCrypt `MEMORY_E` for memory allocation error
Add a CAN bus TLS example using ISO-TP transport
2 participants
This provides a simple echo server / client that uses ISO-TP over CAN
bus and wolfSSL for TLS.