-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ARDUINO_DISABLE_ECCX08 #45
Add ARDUINO_DISABLE_ECCX08 #45
Conversation
Memory usage change @ 9e45af2
Click for full report table
Click for full report CSV
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How would you feed that flag to the Arduino build system? Maybe it's a wrong impression but it looks very much like you'd only self-serve yourself with this change using a different build system from Arduino.
Currently, I'm passing this flag by updating the As I quickly explained in #41, I don't know what is the standard way to declare or manage optional dependency in the Arduino world (i.e. if Arduino was autotools/cmake/meson based, I would declare an option such as --disable-eccx08). I would be happy to update this Pull Request following your feeback to find a solution that would make sense and be usable for other users. My point is that ArduinoBearSSL is a nice library that could be used to secure connections on a lot of Arduino devices and not only on Arduino MKR NB. |
I thought as much. The problem here is that passing defines (although possible by modifying the core) has been intentionally disabled in the past, as they are not very beginner-friendly and lead to heavily |
It is still not possible to set arbitrary global defines via the GUI of the official Arduino development software and, as far as I know, there has not been an official change of policy on the subject of adding this capability. For quite a few years now (since a CLI was added to Arduino IDE), it has been possible to do this via the command line, and the official boards platforms have even been configured in order to make this easy for the user (related discussion here). I think the evidence shows that this CLI-exclusive capability does not result in library developers creating unfriendly macro-based user interfaces. My hypothesis is that this is because it would not make sense for library developers to do so while it is only possible for command line users to use those interfaces because the majority of the users will always be GUI-only. My opinion is that there are valid use cases for macro-based interfaces. Examples:
but that it is not appropriate to expect normal users to define global macros in order to use a library. |
Thank you @per1234 for the clarification - this is very much as I remember. @ffontaine - we had an internal discussion following up on you raising #41 but unfortunately that went nowhere and no external verdict was communicated. Sorry about that. I do, however, have a possible solution for what you want to achieve (copying from internal Slack): Start Quote The issue he's raising is unfortunately not so easy to answer, as we are lacking the ability to simply set library wide defines. One way around it would be to keep the whole implementation in the header and then configure it via defines before header inclusion, e.g. #define ARDUINO_DISABLE_ECCX08
#include <ArduinoBearSSL.h>
... However, that's not really possible with a more complex library such as ArduinoBearSSL. The better option I'd see would be to check for existence of a config file and then include that config file which contains those defines, e.g. #if defined __has_include
# if __has_include (<ArduinoBearSSLConfig.h>)
# include <ArduinoBearSSLConfig.h>
# endif
#endif If you want to disable ECCX08 you create ArduinoBearSSLConfig.h and then define ARDUINO_DISABLE_ECCX08 there. End Quote What do you think? Would option #2 suit you? |
Sure, I'll test it and update the PR with the call |
Memory usage change @ af67d41
Click for full report table
Click for full report CSV
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very well 👍 I would like to ask you for one small change: Please also provide a default ArduinoBearSSLConfig.h
, which has ARDUINO_DISABLE_ECCX08
disabled by default, e.g.
#ifndef ARDUINO_BEARSSL_CONFIG_H_
#define ARDUINO_BEARSSL_CONFIG_H_
/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
//#define ARDUINO_DISABLE_ECCX08
#endif /* ARDUINO_BEARSSL_CONFIG_H_ */
Sure, I can add a sample of |
That's a good point. It's not very clean but I think I prefer to add the configuration file to each example to avoid library pollution. Let's go with this. |
This new compilation flag can be set through ArduinoBearSSLConfig.h and will allow the user to use ArduinoBearSSL without ECCX08. Indeed, the cryptographic operations could be done through the default software implementation or offloaded to another secure element such as an applet compliant with the GSMA IoT SAFE standard. Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
Memory usage change @ c3748fd
Click for full report table
Click for full report CSV
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍 Thank you very much @ffontaine 🚀
Gentleman you are congratulating each other for good jobs, but ordinary users, whom is pointed to the arduino world, yet unable to get this toxic ESSX08 disabled. Explain please, in plain English, what to do, 1.2.3 |
I did library update a half hour ago, with big hope that everything will be fine. I was wrong on good faith. #ifndef ARDUINO_BEARSSL_CONFIG_H_
#define ARDUINO_BEARSSL_CONFIG_H_
#define ARDUINO_DISABLE_ECCX08
#endif placed in same directory with main code. The platform is ESP32. The code is the modified BearSSL example, as follows: /*
This example creates a client object that connects and transfers
data using always SSL.
It is compatible with the methods normally related to plain
connections, like client.connect(host, port).
Written by Arturo Guadalupi
last revision November 2015
*/
#define MODEM_TX 15
#define MODEM_RX 14
#define led 4
#define TINY_GSM_MODEM_SIM800 // Modem is SIM800L
#include <TinyGsmClient.h>
#include <ArduinoBearSSL.h>
#include "ArduinoBearSSLConfig.h"
// Set serial for debug console (to the Serial Monitor, default speed 115200)
#define SerialMon Serial
// Set serial for AT commands
#define SerialAT Serial1
TinyGsm modem(SerialAT);
// Your GPRS credentials (leave empty, if not needed)
const char apn[] = "internet"; // APN use https://wiki.apnchanger.org
const char gprsUser[] = "internet"; // GPRS User
const char gprsPass[] = "internet"; // GPRS Password
// SIM card PIN (leave empty, if not defined)
const char simPIN[] = "";
// if you don't want to use DNS (and reduce your sketch size)
// use the numeric IP instead of the name for the server:
//IPAddress server(74,125,232,128); // numeric IP for Google (no DNS)
char server[] = "www.google.com"; // name address for Google (using DNS)
//GPRS gprs;
//GSM gsmAccess;
// Initialize the Ethernet client library
// with the IP address and port of the server
// that you want to connect to (port 80 is default for HTTP):
TinyGsmClient client (modem);
BearSSLClient sslClient(client);
/*
unsigned long getTime() {
return gsmAccess.getTime();
}
*/
void getconnectedtoGSM() {
// Restart takes quite some time
// To skip it, call init() instead of restart()
SerialMon.println("Initializing modem...");
delay(200);
modem.restart();
// modem.init();
String modemInfo = modem.getModemInfo();
SerialMon.print("Modem Info: ");
SerialMon.println(modemInfo);
SerialMon.print("Own number: ");
// modem.sendAT("AT+CNUM");
SerialAT.print("AT+CNUM\r\n");
SerialMon.print(SerialAT.readString());
// modem.sendAT("command")
// Unlock your SIM card with a PIN if needed
if (modem.getSimStatus() != 3 ) {
modem.simUnlock(simPIN);
}
SerialMon.print("Connecting to APN: ");
SerialMon.print(apn);
if (!modem.gprsConnect(apn, gprsUser, gprsPass)) {
SerialMon.println(" fail");
}
else {
SerialMon.println(" OK");
}
bool res = modem.isGprsConnected();
SerialMon.println("Waiting for network...");
if (res && !modem.waitForNetwork(600000L)) {
delay(10000);
return;
}
if (res) {
SerialMon.println("GPRS status: connected");
/*
String ccid = modem.getSimCCID();
SerialMon.println("CCID:", ccid);
String imei = modem.getIMEI();
SerialMon.println("IMEI:", imei);
String imsi = modem.getIMSI();
SerialMon.println("IMSI:", imsi);
String cop = modem.getOperator();
SerialMon.println("Operator:", cop);
*/
String IP = modem.getLocalIP();
SerialMon.println("Local IP:" + IP);
}
else SerialMon.println("GPRS status: fail");
}
void setup() {
//Initialize serial and wait for port to open:
SerialMon.begin(115200);
SerialAT.begin(115200, SERIAL_8N1, MODEM_RX, MODEM_TX);
pinMode(led, OUTPUT);
getconnectedtoGSM();
delay(3000);
/*
// connection state
boolean notConnected = true;
// After starting the modem with GSM.begin()
// attach the shield to the GPRS network with the APN, login and password
while (notConnected) {
if ((gsmAccess.begin(pin) == GSM_READY) &
(gprs.attachGPRS(apn, login, password) == GPRS_READY)) {
notConnected = false;
} else {
Serial.println("Not connected");
delay(1000);
}
}
*/
SerialMon.println("Connected to GPRS");
// ArduinoBearSSL.onGetTime(getTime);
SerialMon.println("\nStarting connection to server...");
// if you get a connection, report back via serial:
if (sslClient.connect(server, 443)) {
SerialMon.println("connected to server");
// Make a HTTP request:
sslClient.println("GET /search?q=arduino HTTP/1.1");
sslClient.println("Host: www.google.com");
sslClient.println("Connection: close");
sslClient.println();
}
}
void loop() {
// if there are incoming bytes available
// from the server, read them and print them:
while (sslClient.available()) {
char c = sslClient.read();
SerialMon.write(c);
}
// if the server's disconnected, stop the client:
if (!sslClient.connected()) {
SerialMon.println();
SerialMon.println("disconnecting from server.");
sslClient.stop();
// do nothing forevermore:
while (true);
}
} The compilation error log is following:
|
Looks like it's still pulling in ArduinoECCX08 somewhere, @ffontaine can you check by compiling for ESP32? |
The only thing that you have to do is to load one of the example (e.g. https://github.com/arduino-libraries/ArduinoBearSSL/blob/master/examples/AES128/AES128.ino) and uncomment You could also check https://github.com/Orange-OpenSource/IoT-SAFE-APDU-library/tree/master/examples/LiveObjects_Arduino_TinyGSM for an example using TinyGSM that is working on STM32. |
If you still have build failure, I'll check with ESP32. |
It is so pity...AES128 exmple falls.
Please, try to compile on ESP32 yourself. |
Of course, I will try use on STM32 too, but for the moment I have to send a photo, from Al-thinker32, over SSL connection, having not used the Wifi. |
This comment was marked as resolved.
This comment was marked as resolved.
I'm able to reproduce it on "AI Thinker ESP32-CAM", I'll try to understand what is the issue. |
This comment was marked as duplicate.
This comment was marked as duplicate.
I found the issue.
You can fix this build failure by moving I assume that the ESP32 toolchain is configured in a way that avoids (or prevents) the inclusion of header from the examples directory when building the main library. This could also be linked to the gcc version as ESP32 toolchain uses a very old gcc (5.2.0) whereas STM32 toolchain uses a more recent one (9.2.1). |
I did what is recommended above and again the compilation hangs with same errors. I had tried a code, not from examples direction loaded. |
This comment was marked as outdated.
This comment was marked as outdated.
Sir ffontaine, I used your latest release of lib and got error free compilation on ESP32. Thanks for your efforts. |
My joy was not long lasting, The bearSSL example did not worked (connection to google.com) |
When used the www.google.com the code just falls to connect. The sketch is here: https://github.com/arduino-libraries/ArduinoBearSSL/pull/45#issuecomment-817628871
|
I don't know if this is related to your crash but I was able to run your example with a Sequans module and STM32. Indeed, without it, the STM32 (or ESP32) running ArduinoBearSSL won't have the correct time and so won't be able to validate the server certificate. |
@woodlist ... since this is an ESP32 board altogether you might want to take a look at the support channels available for that platform. Afaik ESP32 already comes with an SSL stack so there's no need to use ArduinoBearSSL. |
Mr. Fontaine |
This new compilation flag can be set through ArduinoBearSSLConfig.h and
will allow the user to use ArduinoBearSSL without ECCX08.
Indeed, the cryptographic operations could be done through the default
software implementation or offloaded to another secure element such as
an applet compliant with the GSMA IoT SAFE standard.
Signed-off-by: Fabrice Fontaine fabrice.fontaine@orange.com