diff --git a/micro-rdk/src/esp32/certificate.rs b/micro-rdk/src/esp32/certificate.rs index 9e8070a26..5240a7784 100644 --- a/micro-rdk/src/esp32/certificate.rs +++ b/micro-rdk/src/esp32/certificate.rs @@ -15,10 +15,10 @@ use esp_idf_svc::sys::{ mbedtls_pk_type_t_MBEDTLS_PK_ECKEY, mbedtls_pk_write_key_der, mbedtls_x509write_cert, mbedtls_x509write_crt_der, mbedtls_x509write_crt_free, mbedtls_x509write_crt_init, mbedtls_x509write_crt_set_issuer_key, mbedtls_x509write_crt_set_issuer_name, - mbedtls_x509write_crt_set_md_alg, mbedtls_x509write_crt_set_subject_key, - mbedtls_x509write_crt_set_subject_name, mbedtls_x509write_crt_set_validity, - mbedtls_x509write_crt_set_version, MBEDTLS_ERR_PK_BAD_INPUT_DATA, MBEDTLS_X509_CRT_VERSION_3, - SHA_TYPE_SHA2_256, + mbedtls_x509write_crt_set_md_alg, mbedtls_x509write_crt_set_serial_raw, + mbedtls_x509write_crt_set_subject_key, mbedtls_x509write_crt_set_subject_name, + mbedtls_x509write_crt_set_validity, mbedtls_x509write_crt_set_version, + MBEDTLS_ERR_PK_BAD_INPUT_DATA, MBEDTLS_X509_CRT_VERSION_3, SHA_TYPE_SHA2_256, }; use crate::common::webrtc::certificate::{Certificate, Fingerprint}; @@ -173,7 +173,9 @@ impl GeneratedWebRtcCertificateBuilder { }?; // TODO(RSDK-10196): The `pk_ctx` field doesn't exist in ESP-IDF 5. Maybe it should be `private_kp_ctx`? - let ecp_keypair = self.kp_context.pk_ctx; + // we should use the mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk) but it's defined as static inline + // to access it we would need to change bindgen invocation to export it + let ecp_keypair = self.kp_context.private_pk_ctx; unsafe { MbedTLSError::to_unit_result(mbedtls_ecp_gen_key( @@ -235,6 +237,15 @@ impl GeneratedWebRtcCertificateBuilder { )) }?; + let mut serial_number = [0x0_u8; 1]; + unsafe { + MbedTLSError::to_unit_result(mbedtls_x509write_crt_set_serial_raw( + &mut self.crt_context as *mut mbedtls_x509write_cert, + serial_number.as_mut_ptr(), + serial_number.len(), + )) + }?; + let mut work_buffer = vec![0_u8; 2048]; let ret = unsafe { diff --git a/micro-rdk/src/esp32/dtls.rs b/micro-rdk/src/esp32/dtls.rs index f360577dd..af0c114fd 100755 --- a/micro-rdk/src/esp32/dtls.rs +++ b/micro-rdk/src/esp32/dtls.rs @@ -4,6 +4,7 @@ use std::{ io::{self, Read, Write}, marker::PhantomData, pin::Pin, + ptr::NonNull, rc::Rc, task::{Context, Poll}, time::{Duration, Instant}, @@ -29,19 +30,24 @@ use crate::esp32::esp_idf_svc::sys::{ mbedtls_ssl_config_init, mbedtls_ssl_context, mbedtls_ssl_free, mbedtls_ssl_handshake, mbedtls_ssl_init, mbedtls_ssl_read, mbedtls_ssl_set_bio, mbedtls_ssl_set_timer_cb, mbedtls_ssl_setup, mbedtls_ssl_write, mbedtls_x509_crt, mbedtls_x509_crt_free, - mbedtls_x509_crt_init, mbedtls_x509_crt_parse_der, MBEDTLS_ERR_NET_RECV_FAILED, - MBEDTLS_ERR_NET_SEND_FAILED, MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY, MBEDTLS_ERR_SSL_TIMEOUT, - MBEDTLS_ERR_SSL_WANT_READ, MBEDTLS_ERR_SSL_WANT_WRITE, MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_PRESET_DEFAULT, MBEDTLS_SSL_TRANSPORT_DATAGRAM, + mbedtls_x509_crt_init, mbedtls_x509_crt_parse_der, MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY, + MBEDTLS_ERR_SSL_TIMEOUT, MBEDTLS_ERR_SSL_WANT_READ, MBEDTLS_ERR_SSL_WANT_WRITE, + MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_PRESET_DEFAULT, MBEDTLS_SSL_TRANSPORT_DATAGRAM, }; use async_io::Timer; use core::ffi::CStr; +use esp_idf_svc::sys::esp_tls_get_ssl_context; use futures_lite::{AsyncRead, AsyncWrite, Future}; use log::{log, Level}; use thiserror::Error; use super::tcp::Esp32TLSContext; +// these symbols use to be exported by bindgen but with the update to esp-idf v5 there aren't anymore +// see https://github.com/esp-rs/esp-idf-sys/issues/361 for context +const MBEDTLS_ERR_NET_SEND_FAILED: i32 = -0x4E; +const MBEDTLS_ERR_NET_RECV_FAILED: i32 = -0x4C; + extern "C" { fn mbedtls_debug_set_threshold(level: c_int); } @@ -62,7 +68,6 @@ unsafe extern "C" fn mbedtls_net_write( if state.error.as_ref().unwrap().kind() == std::io::ErrorKind::WouldBlock { return MBEDTLS_ERR_SSL_WANT_WRITE; } - // TODO(RSDK-10189): This constant is not exported in ESP-IDF 5 MBEDTLS_ERR_NET_SEND_FAILED } } @@ -87,7 +92,7 @@ unsafe extern "C" fn mbedtls_net_read( if state.error.as_ref().unwrap().kind() == std::io::ErrorKind::WouldBlock { return MBEDTLS_ERR_SSL_WANT_READ; } - // TODO(RSDK-10189): This constant is not exported in ESP-IDF 5 + MBEDTLS_ERR_NET_RECV_FAILED } } @@ -117,7 +122,6 @@ unsafe extern "C" fn mbedtls_net_read_with_timeout( match state.error.as_ref().unwrap().kind() { std::io::ErrorKind::WouldBlock => MBEDTLS_ERR_SSL_WANT_READ, std::io::ErrorKind::TimedOut => MBEDTLS_ERR_SSL_TIMEOUT, - // TODO(RSDK-10189): This constant is not exported in ESP-IDF 5 _ => MBEDTLS_ERR_NET_RECV_FAILED, } } @@ -227,8 +231,7 @@ extern "C" fn mbedtls_timing_dtls_set_delay( ctx.reset_delay(); } else if let Some(ssl_ctx) = ctx.ssl_ctx { let (_, cx) = unsafe { - // TODO(RSDK-10196): The `p_bio` field doesn't exist in ESP-IDF 5. Maybe it should be `private_p_bio`? - let state = SSLStreamInner::::from_raw((*ssl_ctx).p_bio); + let state = SSLStreamInner::::from_raw((*ssl_ctx).private_p_bio); state.as_parts() }; @@ -250,8 +253,7 @@ extern "C" fn mbedtls_timing_get_delay(data: *mut c_void) -> c_int { if let Some(ssl_ctx) = ctx.ssl_ctx { let (_, cx) = unsafe { - // TODO(RSDK-10196): The `p_bio` field doesn't exist in ESP-IDF 5. Maybe it should be `private_p_bio`? - let state = SSLStreamInner::::from_raw((*ssl_ctx).p_bio); + let state = SSLStreamInner::::from_raw((*ssl_ctx).private_p_bio); state.as_parts() }; ctx.poll_delay(cx); @@ -324,7 +326,6 @@ impl DtlsSSLContext { return Err(SSLError::SSLCertParseFail(ret)); } - // TODO(RSDK-10197): This is missing two arguments in ESP-IDF 5 let ret = unsafe { mbedtls_pk_parse_key( self.pk_ctx.as_mut(), @@ -332,6 +333,8 @@ impl DtlsSSLContext { certificate.get_der_keypair().len(), std::ptr::null(), 0, + Some(mbedtls_entropy_func), + self.dtls_entropy.as_mut() as *mut mbedtls_entropy_context as *mut _, ) }; if ret != 0 { @@ -420,7 +423,6 @@ impl DtlsSSLContext { if ret != 0 { return Err(SSLError::SSLConfigFailure(ret)); } - unsafe { self.timer_ctx.ssl_ctx = Some(self.ssl_ctx.as_mut()); mbedtls_ssl_set_timer_cb( @@ -510,8 +512,13 @@ impl SSLContext { fn get_ssl_ctx_ptr(&mut self) -> *mut mbedtls_ssl_context { match self { SSLContext::DtlsSSLContext(context) => context.ssl_ctx.as_mut(), - // TODO(RSDK-10198): The `ssl` field here no longer works in ESP-IDF 5 - SSLContext::Esp32TLSContext(context) => unsafe { &mut (*(**context)).ssl }, // potentially needs read_unaligned + SSLContext::Esp32TLSContext(context) => unsafe { + NonNull::::new( + esp_tls_get_ssl_context(**context) as *mut mbedtls_ssl_context + ) + .expect("ssl context pointer is null") + .as_ptr() + }, } } } diff --git a/micro-rdk/src/esp32/tcp.rs b/micro-rdk/src/esp32/tcp.rs index 305f8532e..df741066b 100644 --- a/micro-rdk/src/esp32/tcp.rs +++ b/micro-rdk/src/esp32/tcp.rs @@ -3,8 +3,8 @@ use async_io::Async; use esp_idf_svc::sys::{ esp, esp_crt_bundle_attach, esp_tls_cfg, esp_tls_cfg_server, esp_tls_conn_destroy, - esp_tls_init, esp_tls_role_ESP_TLS_CLIENT, esp_tls_role_ESP_TLS_SERVER, esp_tls_t, - mbedtls_ssl_conf_read_timeout, EspError, + esp_tls_get_ssl_context, esp_tls_init, esp_tls_server_session_create, esp_tls_t, + mbedtls_ssl_conf_read_timeout, mbedtls_ssl_config, mbedtls_ssl_context, EspError, }; use futures_lite::FutureExt; use futures_lite::{ready, AsyncRead, AsyncWrite, Future}; @@ -73,7 +73,6 @@ struct Esp32ServerConfig { impl Esp32ServerConfig { fn new(srv_cert: &[u8], srv_key: &[u8]) -> Self { let mut alpn_proto: Vec<_> = vec![ALPN_PROTOCOLS.as_ptr() as *const i8, std::ptr::null()]; - // TODO(RSDK-10200): Missing fields when using ESP-IDF 5 let cfg = Box::new(esp_tls_cfg_server { alpn_protos: alpn_proto.as_mut_ptr(), __bindgen_anon_1: crate::esp32::esp_idf_svc::sys::esp_tls_cfg_server__bindgen_ty_1 { @@ -98,11 +97,12 @@ impl Esp32ServerConfig { }, serverkey_password: std::ptr::null(), serverkey_password_len: 0_u32, + ..Default::default() }); Self { cfg, alpn_proto } } - fn get_cfg_ptr(&self) -> *const esp_tls_cfg_server { - &*self.cfg as *const _ + fn get_cfg_ptr_mut(&mut self) -> *mut esp_tls_cfg_server { + &mut *self.cfg as *mut _ } } @@ -115,7 +115,6 @@ struct Esp32ClientConfig { impl Esp32ClientConfig { fn new() -> Self { let mut alpn_proto = vec![ALPN_PROTOCOLS.as_ptr() as *const i8, std::ptr::null()]; - // TODO(RSDK-10200): Missing fields when using ESP-IDF 5 let cfg = Box::new(esp_tls_cfg { alpn_protos: alpn_proto.as_mut_ptr(), __bindgen_anon_1: crate::esp32::esp_idf_svc::sys::esp_tls_cfg__bindgen_ty_1 { @@ -143,13 +142,13 @@ impl Esp32ClientConfig { use_global_ca_store: false, skip_common_name: false, keep_alive_cfg: std::ptr::null_mut(), - psk_hint_key: std::ptr::null(), crt_bundle_attach: Some(esp_crt_bundle_attach), ds_data: std::ptr::null_mut(), if_name: std::ptr::null_mut(), is_plain_tcp: false, timeout_ms: 50000, common_name: std::ptr::null(), + ..Default::default() }); Self { cfg, alpn_proto } } @@ -204,26 +203,17 @@ impl Esp32Accept where IO: AsyncRead + AsyncWrite + Unpin + AsRawFd, { - fn new(stream: IO, cfg: Esp32ServerConfig) -> Result { + fn new(stream: IO, mut cfg: Esp32ServerConfig) -> Result { let tls_context = Esp32TLSContext::new()?; unsafe { - std::ptr::write_unaligned( - // TODO(RSDK-10201): The field `role` is not found when using ESP-IDF 5 - std::ptr::addr_of_mut!((*(*tls_context)).role), - esp_tls_role_ESP_TLS_SERVER, - ) - }; - // TODO(RSDK-10201): The field `sockfd` is not found when using ESP-IDF 5 - unsafe { std::ptr::write_unaligned(std::ptr::addr_of_mut!((*(*tls_context)).sockfd), -1) }; - unsafe { - esp!(esp_create_mbedtls_handle( - std::ptr::null_mut(), - 0, - cfg.get_cfg_ptr() as *const c_void, + esp!(esp_tls_server_session_create( + cfg.get_cfg_ptr_mut(), + stream.as_raw_fd(), *tls_context )) - .map_err(|err| std::io::Error::new(std::io::ErrorKind::Other, err))? - }; + } + .map_err(|err| std::io::Error::new(std::io::ErrorKind::Other, err))?; + let io = AsyncSSLStream::new(SSLContext::Esp32TLSContext(tls_context), stream).unwrap(); Ok(Self { cfg: Arc::new(cfg), @@ -330,15 +320,6 @@ where fn new(stream: IO, cfg: Esp32ClientConfig, addr: &Uri) -> Result { let tls_context = Esp32TLSContext::new()?; - unsafe { - std::ptr::write_unaligned( - // TODO(RSDK-10201): The field `role` is not found when using ESP-IDF 5 - std::ptr::addr_of_mut!((*(*tls_context)).role), - esp_tls_role_ESP_TLS_CLIENT, - ) - }; - // TODO(RSDK-10201): The field `sockfd` is not found when using ESP-IDF 5 - unsafe { std::ptr::write_unaligned(std::ptr::addr_of_mut!((*(*tls_context)).sockfd), -1) }; let host = CString::new(addr.host().unwrap()).unwrap(); unsafe { esp!(esp_create_mbedtls_handle( @@ -352,8 +333,8 @@ where unsafe { mbedtls_ssl_conf_read_timeout( - // TODO(RSDK-10201): The field `conf` is not found when using ESP-IDF 5 - std::ptr::addr_of_mut!((*(*tls_context)).conf), + (*(esp_tls_get_ssl_context(*tls_context) as *mut mbedtls_ssl_context)).private_conf + as *mut mbedtls_ssl_config, 30 * 1000, ); }