Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ARDUINO_DISABLE_ECCX08 #45

Merged
merged 1 commit into from
Apr 12, 2021

Conversation

ffontaine
Copy link
Contributor

@ffontaine ffontaine commented Apr 7, 2021

This new compilation flag can be set through ArduinoBearSSLConfig.h and
will allow the user to use ArduinoBearSSL without ECCX08.

Indeed, the cryptographic operations could be done through the default
software implementation or offloaded to another secure element such as
an applet compliant with the GSMA IoT SAFE standard.

Signed-off-by: Fabrice Fontaine fabrice.fontaine@orange.com

@CLAassistant
Copy link

CLAassistant commented Apr 7, 2021

CLA assistant check
All committers have signed the CLA.

@github-actions
Copy link

github-actions bot commented Apr 7, 2021

Memory usage change @ 9e45af2

Board flash % RAM for global variables %
arduino:megaavr:uno2018 0 - 0 0.0 - 0.0 0 - 0 0.0 - 0.0
arduino:samd:mkr1000 0 - 0 0.0 - 0.0 0 - 0 0.0 - 0.0
arduino:samd:mkrgsm1400 0 - 0 0.0 - 0.0 0 - 0 0.0 - 0.0
Click for full report table
Board examples/SHA1
flash
% examples/SHA1
RAM for global variables
% examples/SHA256
flash
% examples/SHA256
RAM for global variables
% examples/WiFiSSLClient
flash
% examples/WiFiSSLClient
RAM for global variables
% examples/MKRGSMSSLClient
flash
% examples/MKRGSMSSLClient
RAM for global variables
%
arduino:megaavr:uno2018 0 0.0 0 0.0 0 0.0 0 0.0
arduino:samd:mkr1000 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0
arduino:samd:mkrgsm1400 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0
Click for full report CSV
Board,examples/SHA1<br>flash,%,examples/SHA1<br>RAM for global variables,%,examples/SHA256<br>flash,%,examples/SHA256<br>RAM for global variables,%,examples/WiFiSSLClient<br>flash,%,examples/WiFiSSLClient<br>RAM for global variables,%,examples/MKRGSMSSLClient<br>flash,%,examples/MKRGSMSSLClient<br>RAM for global variables,%
arduino:megaavr:uno2018,0,0.0,0,0.0,0,0.0,0,0.0
arduino:samd:mkr1000,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0
arduino:samd:mkrgsm1400,0,0.0,0,0.0,0,0.0,0,0.0,,,,,0,0.0,0,0.0

Copy link
Contributor

@aentinger aentinger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How would you feed that flag to the Arduino build system? Maybe it's a wrong impression but it looks very much like you'd only self-serve yourself with this change using a different build system from Arduino.

@ffontaine
Copy link
Contributor Author

Currently, I'm passing this flag by updating the compiler.cpp.flags parameter that is set in Arduino platform.txt files (e.g. packages/arduino/hardware/samd/1.8.9/platform.txt) as I didn't find a way to update this flag from the Arduino IDE (an issue is opened for more than 8 years: arduino/Arduino#421).

As I quickly explained in #41, I don't know what is the standard way to declare or manage optional dependency in the Arduino world (i.e. if Arduino was autotools/cmake/meson based, I would declare an option such as --disable-eccx08).

I would be happy to update this Pull Request following your feeback to find a solution that would make sense and be usable for other users. My point is that ArduinoBearSSL is a nice library that could be used to secure connections on a lot of Arduino devices and not only on Arduino MKR NB.

@aentinger
Copy link
Contributor

I thought as much. The problem here is that passing defines (although possible by modifying the core) has been intentionally disabled in the past, as they are not very beginner-friendly and lead to heavily ifdefd code. @per1234 Can you please shed some light on the current status on that discussion? Could very well be that we've "secretly" moved forward and this PR would be okay.

@per1234
Copy link
Contributor

per1234 commented Apr 7, 2021

It is still not possible to set arbitrary global defines via the GUI of the official Arduino development software and, as far as I know, there has not been an official change of policy on the subject of adding this capability.

For quite a few years now (since a CLI was added to Arduino IDE), it has been possible to do this via the command line, and the official boards platforms have even been configured in order to make this easy for the user (related discussion here). I think the evidence shows that this CLI-exclusive capability does not result in library developers creating unfriendly macro-based user interfaces. My hypothesis is that this is because it would not make sense for library developers to do so while it is only possible for command line users to use those interfaces because the majority of the users will always be GUI-only.

My opinion is that there are valid use cases for macro-based interfaces. Examples:

  • The macro will be set by the board's platform or toolchain (e.g., ARDUINO_SAMD_MKRWIFI1010, __AVR_ATmega328P__).
  • The functionality controlled by the macro is not intended to be used by normal users (e.g., enabling debug output for use during development work).

but that it is not appropriate to expect normal users to define global macros in order to use a library.

@aentinger
Copy link
Contributor

Thank you @per1234 for the clarification - this is very much as I remember.

@ffontaine - we had an internal discussion following up on you raising #41 but unfortunately that went nowhere and no external verdict was communicated. Sorry about that. I do, however, have a possible solution for what you want to achieve (copying from internal Slack):

Start Quote

The issue he's raising is unfortunately not so easy to answer, as we are lacking the ability to simply set library wide defines. One way around it would be to keep the whole implementation in the header and then configure it via defines before header inclusion, e.g.

#define ARDUINO_DISABLE_ECCX08
#include <ArduinoBearSSL.h>
...

However, that's not really possible with a more complex library such as ArduinoBearSSL. The better option I'd see would be to check for existence of a config file and then include that config file which contains those defines, e.g.

#if defined __has_include
#  if __has_include (<ArduinoBearSSLConfig.h>)
#    include <ArduinoBearSSLConfig.h>
#  endif
#endif

If you want to disable ECCX08 you create ArduinoBearSSLConfig.h and then define ARDUINO_DISABLE_ECCX08 there.

End Quote

What do you think? Would option #2 suit you?

@ffontaine
Copy link
Contributor Author

Sure, I'll test it and update the PR with the call ArduinoBearSSLConfig.h. It will always be better than defining this define in platform.txt.

@ffontaine ffontaine changed the title Add BEAR_SSL_DISABLE_ECCX08 Add ARDUINO_DISABLE_ECCX08 Apr 8, 2021
@github-actions
Copy link

github-actions bot commented Apr 8, 2021

Memory usage change @ af67d41

Board flash % RAM for global variables %
arduino:megaavr:uno2018 0 - 0 0.0 - 0.0 0 - 0 0.0 - 0.0
arduino:samd:mkr1000 0 - 0 0.0 - 0.0 0 - 0 0.0 - 0.0
arduino:samd:mkrgsm1400 0 - 0 0.0 - 0.0 0 - 0 0.0 - 0.0
Click for full report table
Board examples/SHA1
flash
% examples/SHA1
RAM for global variables
% examples/SHA256
flash
% examples/SHA256
RAM for global variables
% examples/WiFiSSLClient
flash
% examples/WiFiSSLClient
RAM for global variables
% examples/MKRGSMSSLClient
flash
% examples/MKRGSMSSLClient
RAM for global variables
%
arduino:megaavr:uno2018 0 0.0 0 0.0 0 0.0 0 0.0
arduino:samd:mkr1000 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0
arduino:samd:mkrgsm1400 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0
Click for full report CSV
Board,examples/SHA1<br>flash,%,examples/SHA1<br>RAM for global variables,%,examples/SHA256<br>flash,%,examples/SHA256<br>RAM for global variables,%,examples/WiFiSSLClient<br>flash,%,examples/WiFiSSLClient<br>RAM for global variables,%,examples/MKRGSMSSLClient<br>flash,%,examples/MKRGSMSSLClient<br>RAM for global variables,%
arduino:megaavr:uno2018,0,0.0,0,0.0,0,0.0,0,0.0
arduino:samd:mkr1000,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0
arduino:samd:mkrgsm1400,0,0.0,0,0.0,0,0.0,0,0.0,,,,,0,0.0,0,0.0

Copy link
Contributor

@aentinger aentinger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very well 👍 I would like to ask you for one small change: Please also provide a default ArduinoBearSSLConfig.h, which has ARDUINO_DISABLE_ECCX08 disabled by default, e.g.

#ifndef ARDUINO_BEARSSL_CONFIG_H_
#define ARDUINO_BEARSSL_CONFIG_H_

/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
//#define ARDUINO_DISABLE_ECCX08

#endif /* ARDUINO_BEARSSL_CONFIG_H_ */

@ffontaine
Copy link
Contributor Author

Sure, I can add a sample of ArduinoBearSSLConfig.h but would it be ok if I add it in each examples (e.g. in examples/AES128) and not in the main src directory? Indeed, in my opinion, it would be nicer if the user doesn't have to update the main source code of ArduinoBearSSL but only its own code.

@aentinger
Copy link
Contributor

That's a good point. It's not very clean but I think I prefer to add the configuration file to each example to avoid library pollution. Let's go with this.

This new compilation flag can be set through ArduinoBearSSLConfig.h and
will allow the user to use ArduinoBearSSL without ECCX08.

Indeed, the cryptographic operations could be done through the default
software implementation or offloaded to another secure element such as
an applet compliant with the GSMA IoT SAFE standard.

Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
@github-actions
Copy link

github-actions bot commented Apr 9, 2021

Memory usage change @ c3748fd

Board flash % RAM for global variables %
arduino:megaavr:uno2018 0 - 0 0.0 - 0.0 0 - 0 0.0 - 0.0
arduino:samd:mkr1000 0 - 0 0.0 - 0.0 0 - 0 0.0 - 0.0
arduino:samd:mkrgsm1400 0 - 0 0.0 - 0.0 0 - 0 0.0 - 0.0
Click for full report table
Board examples/SHA1
flash
% examples/SHA1
RAM for global variables
% examples/SHA256
flash
% examples/SHA256
RAM for global variables
% examples/WiFiSSLClient
flash
% examples/WiFiSSLClient
RAM for global variables
% examples/MKRGSMSSLClient
flash
% examples/MKRGSMSSLClient
RAM for global variables
%
arduino:megaavr:uno2018 0 0.0 0 0.0 0 0.0 0 0.0
arduino:samd:mkr1000 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0
arduino:samd:mkrgsm1400 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0
Click for full report CSV
Board,examples/SHA1<br>flash,%,examples/SHA1<br>RAM for global variables,%,examples/SHA256<br>flash,%,examples/SHA256<br>RAM for global variables,%,examples/WiFiSSLClient<br>flash,%,examples/WiFiSSLClient<br>RAM for global variables,%,examples/MKRGSMSSLClient<br>flash,%,examples/MKRGSMSSLClient<br>RAM for global variables,%
arduino:megaavr:uno2018,0,0.0,0,0.0,0,0.0,0,0.0
arduino:samd:mkr1000,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0,0,0.0
arduino:samd:mkrgsm1400,0,0.0,0,0.0,0,0.0,0,0.0,,,,,0,0.0,0,0.0

Copy link
Contributor

@aentinger aentinger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍 Thank you very much @ffontaine 🚀

@aentinger aentinger merged commit 161b544 into arduino-libraries:master Apr 12, 2021
@woodlist
Copy link

woodlist commented Apr 12, 2021

Gentleman you are congratulating each other for good jobs, but ordinary users, whom is pointed to the arduino world, yet unable to get this toxic ESSX08 disabled. Explain please, in plain English, what to do, 1.2.3

@woodlist
Copy link

woodlist commented Apr 12, 2021

I did library update a half hour ago, with big hope that everything will be fine. I was wrong on good faith.
Have added the ArduinoBearSSLConfig.h with following content:

#ifndef ARDUINO_BEARSSL_CONFIG_H_
#define ARDUINO_BEARSSL_CONFIG_H_
#define ARDUINO_DISABLE_ECCX08
#endif

placed in same directory with main code. The platform is ESP32. The code is the modified BearSSL example, as follows:

/*
  This example creates a client object that connects and transfers
  data using always SSL.
  It is compatible with the methods normally related to plain
  connections, like client.connect(host, port).
  Written by Arturo Guadalupi
  last revision November 2015
*/

#define MODEM_TX             15
#define MODEM_RX             14
#define led                           4
#define TINY_GSM_MODEM_SIM800 // Modem is SIM800L
#include <TinyGsmClient.h>
#include <ArduinoBearSSL.h>
#include "ArduinoBearSSLConfig.h"
// Set serial for debug console (to the Serial Monitor, default speed 115200)
#define SerialMon Serial
// Set serial for AT commands
#define SerialAT Serial1
TinyGsm modem(SerialAT);
// Your GPRS credentials (leave empty, if not needed)
const char apn[]      = "internet"; // APN use https://wiki.apnchanger.org
const char gprsUser[] = "internet"; // GPRS User
const char gprsPass[] = "internet"; // GPRS Password

// SIM card PIN (leave empty, if not defined)
const char simPIN[]   = "";


// if you don't want to use DNS (and reduce your sketch size)
// use the numeric IP instead of the name for the server:
//IPAddress server(74,125,232,128);  // numeric IP for Google (no DNS)
char server[] = "www.google.com";    // name address for Google (using DNS)

//GPRS gprs;
//GSM gsmAccess;

// Initialize the Ethernet client library
// with the IP address and port of the server
// that you want to connect to (port 80 is default for HTTP):
TinyGsmClient client (modem);
BearSSLClient sslClient(client);

/*
unsigned long getTime() {
  return gsmAccess.getTime();
}
*/

void getconnectedtoGSM() {
  // Restart takes quite some time
  // To skip it, call init() instead of restart()
  SerialMon.println("Initializing modem...");
  delay(200);
  modem.restart();
  // modem.init();
  String modemInfo = modem.getModemInfo();
  SerialMon.print("Modem Info: ");
  SerialMon.println(modemInfo);
  SerialMon.print("Own number: ");
  // modem.sendAT("AT+CNUM");
  SerialAT.print("AT+CNUM\r\n");
  SerialMon.print(SerialAT.readString());
  // modem.sendAT("command")

  // Unlock your SIM card with a PIN if needed
  if (modem.getSimStatus() != 3 ) {
    modem.simUnlock(simPIN);
  }
  SerialMon.print("Connecting to APN: ");
  SerialMon.print(apn);
  if (!modem.gprsConnect(apn, gprsUser, gprsPass)) {
    SerialMon.println(" fail");
  }
  else {
    SerialMon.println(" OK");
  }
  bool res = modem.isGprsConnected();
  SerialMon.println("Waiting for network...");
  if (res && !modem.waitForNetwork(600000L)) {
    delay(10000);
    return;
  }
  if (res) {
    SerialMon.println("GPRS status: connected");
/*
    String ccid = modem.getSimCCID();
    SerialMon.println("CCID:", ccid);

    String imei = modem.getIMEI();
    SerialMon.println("IMEI:", imei);

    String imsi = modem.getIMSI();
    SerialMon.println("IMSI:", imsi);

    String cop = modem.getOperator();
    SerialMon.println("Operator:", cop);
*/
    String IP = modem.getLocalIP();
    SerialMon.println("Local IP:" + IP);
  }
  else SerialMon.println("GPRS status: fail");
}


void setup() {
  //Initialize serial and wait for port to open:
  SerialMon.begin(115200);
  SerialAT.begin(115200, SERIAL_8N1, MODEM_RX, MODEM_TX);
  pinMode(led, OUTPUT);
  getconnectedtoGSM();
  delay(3000);
  /*
  // connection state
  boolean notConnected = true;

  // After starting the modem with GSM.begin()
  // attach the shield to the GPRS network with the APN, login and password
  while (notConnected) {
    if ((gsmAccess.begin(pin) == GSM_READY) &
        (gprs.attachGPRS(apn, login, password) == GPRS_READY)) {
      notConnected = false;
    } else {
      Serial.println("Not connected");
      delay(1000);
    }
  }
*/
  SerialMon.println("Connected to GPRS");

 // ArduinoBearSSL.onGetTime(getTime);

  SerialMon.println("\nStarting connection to server...");
  // if you get a connection, report back via serial:
  if (sslClient.connect(server, 443)) {
    SerialMon.println("connected to server");
    // Make a HTTP request:
    sslClient.println("GET /search?q=arduino HTTP/1.1");
    sslClient.println("Host: www.google.com");
    sslClient.println("Connection: close");
    sslClient.println();
  }
}

void loop() {
  // if there are incoming bytes available
  // from the server, read them and print them:
  while (sslClient.available()) {
    char c = sslClient.read();
    SerialMon.write(c);
  }

  // if the server's disconnected, stop the client:
  if (!sslClient.connected()) {
    SerialMon.println();
    SerialMon.println("disconnecting from server.");
    sslClient.stop();

    // do nothing forevermore:
    while (true);
  }
}

The compilation error log is following:

C:\Users\User\Documents\Arduino\libraries\ArduinoECCX08\src\ECCX08.cpp: In member function 'int ECCX08Class::receiveResponse(void*, size_t)':
C:\Users\User\Documents\Arduino\libraries\ArduinoECCX08\src\ECCX08.cpp:724:80: error: call of overloaded 'requestFrom(uint8_t, size_t, bool)' is ambiguous
   while (_wire->requestFrom((uint8_t)_address, (size_t)responseSize, (bool)true) != responseSize && retries--);
                                                                                ^
In file included from C:\Users\User\Documents\Arduino\libraries\ArduinoECCX08\src\ECCX08.h:24:0,
                 from C:\Users\User\Documents\Arduino\libraries\ArduinoECCX08\src\ECCX08.cpp:22:
C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\libraries\Wire\src/Wire.h:97:13: note: candidate: uint8_t TwoWire::requestFrom(uint16_t, uint8_t, bool)
     uint8_t requestFrom(uint16_t address, uint8_t size, bool sendStop);
             ^
C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\libraries\Wire\src/Wire.h:98:13: note: candidate: uint8_t TwoWire::requestFrom(uint16_t, uint8_t, uint8_t)
     uint8_t requestFrom(uint16_t address, uint8_t size, uint8_t sendStop);
             ^
C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\libraries\Wire\src/Wire.h:100:13: note: candidate: uint8_t TwoWire::requestFrom(uint8_t, uint8_t, uint8_t)
     uint8_t requestFrom(uint8_t address, uint8_t size, uint8_t sendStop);
             ^
C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\libraries\Wire\src/Wire.h:102:13: note: candidate: uint8_t TwoWire::requestFrom(int, int, int)
     uint8_t requestFrom(int address, int size, int sendStop);

@ffontaine ffontaine deleted the no-eccx08 branch April 12, 2021 09:12
@aentinger
Copy link
Contributor

Looks like it's still pulling in ArduinoECCX08 somewhere, @ffontaine can you check by compiling for ESP32?

@ffontaine
Copy link
Contributor Author

#include "ArduinoBearSSLConfig.h" should be removed from your example, it is not needed.

The only thing that you have to do is to load one of the example (e.g. https://github.com/arduino-libraries/ArduinoBearSSL/blob/master/examples/AES128/AES128.ino) and uncomment #define ARDUINO_DISABLE_ECCX08 in ArduinoBearSSLConfig.h (i.e. https://github.com/arduino-libraries/ArduinoBearSSL/blob/master/examples/AES128/ArduinoBearSSLConfig.h).

You could also check https://github.com/Orange-OpenSource/IoT-SAFE-APDU-library/tree/master/examples/LiveObjects_Arduino_TinyGSM for an example using TinyGSM that is working on STM32.

@ffontaine
Copy link
Contributor Author

If you still have build failure, I'll check with ESP32.

@woodlist
Copy link

woodlist commented Apr 12, 2021

It is so pity...AES128 exmple falls.

C:\Users\User\Documents\Arduino\libraries\ArduinoECCX08\src\ECCX08.cpp: In member function 'int ECCX08Class::receiveResponse(void*, size_t)':
C:\Users\User\Documents\Arduino\libraries\ArduinoECCX08\src\ECCX08.cpp:724:80: error: call of overloaded 'requestFrom(uint8_t, size_t, bool)' is ambiguous
   while (_wire->requestFrom((uint8_t)_address, (size_t)responseSize, (bool)true) != responseSize && retries--);
                                                                                ^
In file included from C:\Users\User\Documents\Arduino\libraries\ArduinoECCX08\src\ECCX08.h:24:0,
                 from C:\Users\User\Documents\Arduino\libraries\ArduinoECCX08\src\ECCX08.cpp:22:
C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\libraries\Wire\src/Wire.h:97:13: note: candidate: uint8_t TwoWire::requestFrom(uint16_t, uint8_t, bool)
     uint8_t requestFrom(uint16_t address, uint8_t size, bool sendStop);
             ^
C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\libraries\Wire\src/Wire.h:98:13: note: candidate: uint8_t TwoWire::requestFrom(uint16_t, uint8_t, uint8_t)
     uint8_t requestFrom(uint16_t address, uint8_t size, uint8_t sendStop);
             ^
C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\libraries\Wire\src/Wire.h:100:13: note: candidate: uint8_t TwoWire::requestFrom(uint8_t, uint8_t, uint8_t)
     uint8_t requestFrom(uint8_t address, uint8_t size, uint8_t sendStop);
             ^
C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\libraries\Wire\src/Wire.h:102:13: note: candidate: uint8_t TwoWire::requestFrom(int, int, int)
     uint8_t requestFrom(int address, int size, int sendStop);

Please, try to compile on ESP32 yourself.

@woodlist
Copy link

#include "ArduinoBearSSLConfig.h" should be removed from your example, it is not needed.

The only thing that you have to do is to load one of the example (e.g. https://github.com/arduino-libraries/ArduinoBearSSL/blob/master/examples/AES128/AES128.ino) and uncomment #define ARDUINO_DISABLE_ECCX08 in ArduinoBearSSLConfig.h (i.e. https://github.com/arduino-libraries/ArduinoBearSSL/blob/master/examples/AES128/ArduinoBearSSLConfig.h).

You could also check https://github.com/Orange-OpenSource/IoT-SAFE-APDU-library/tree/master/examples/LiveObjects_Arduino_TinyGSM for an example using TinyGSM that is working on STM32

Of course, I will try use on STM32 too, but for the moment I have to send a photo, from Al-thinker32, over SSL connection, having not used the Wifi.

@woodlist

This comment was marked as resolved.

@ffontaine
Copy link
Contributor Author

I'm able to reproduce it on "AI Thinker ESP32-CAM", I'll try to understand what is the issue.

@woodlist

This comment was marked as duplicate.

@ffontaine
Copy link
Contributor Author

I found the issue.

# if __has_include (<ArduinoBearSSLConfig.h>) does not work with the ESP32 toolchain when ArduinoBearSSLConfig.h is put in the examples directory.

You can fix this build failure by moving ArduinoBearSSLConfig.h to the main src directory (i.e. in https://github.com/arduino-libraries/ArduinoBearSSL/tree/master/src).

I assume that the ESP32 toolchain is configured in a way that avoids (or prevents) the inclusion of header from the examples directory when building the main library. This could also be linked to the gcc version as ESP32 toolchain uses a very old gcc (5.2.0) whereas STM32 toolchain uses a more recent one (9.2.1).

@woodlist
Copy link

woodlist commented Apr 12, 2021

I did what is recommended above and again the compilation hangs with same errors. I had tried a code, not from examples direction loaded.

@woodlist

This comment was marked as outdated.

@woodlist
Copy link

woodlist commented Apr 15, 2021

Sir ffontaine, I used your latest release of lib and got error free compilation on ESP32. Thanks for your efforts.

@woodlist
Copy link

My joy was not long lasting, The bearSSL example did not worked (connection to google.com)

@woodlist
Copy link

woodlist commented Apr 15, 2021

When used the www.google.com the code just falls to connect. The sketch is here: https://github.com/arduino-libraries/ArduinoBearSSL/pull/45#issuecomment-817628871
When it's IP used, the code crashes. I have decoded the backtrace:

PC: 0x400dd5e3: br_ssl_engine_current_state at C:\Users\User\Documents\Arduino\libraries\ArduinoBearSSL-1.7.0\src\bearssl\ssl_engine.c line 1258
EXCVADDR: 0x00000030

Decoding stack results
0x400dd5e3: br_ssl_engine_current_state at C:\Users\User\Documents\Arduino\libraries\ArduinoBearSSL-1.7.0\src\bearssl\ssl_engine.c line 1258
0x400dee02: br_sslio_read_available at C:\Users\User\Documents\Arduino\libraries\ArduinoBearSSL-1.7.0\src\bearssl\ssl_io.c line 191
0x400d2ce5: BearSSLClient::available() at C:\Users\User\Documents\Arduino\libraries\ArduinoBearSSL-1.7.0\src\BearSSLClient.cpp line 127
0x400d2b3d: loop() at C:\Users\User\Documents\Arduino\ESP\ESPCAM\bearSSL_example/bearSSL_example.ino line 148
0x400e18bd: loopTask(void*) at C:\Users\User\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.6\cores\esp32\main.cpp line 23
0x4008a0be: vPortTaskWrapper at /home/runner/work/esp32-arduino-lib-builder/esp32-arduino-lib-builder/esp-idf/components/freertos/port.c line 143

@ffontaine
Copy link
Contributor Author

ffontaine commented Apr 15, 2021

I don't know if this is related to your crash but I was able to run your example with a Sequans module and STM32.
To do so, I had to fix a mistake in your sketch: you can't comment the call of
ArduinoBearSSL.onGetTime(getTime);

Indeed, without it, the STM32 (or ESP32) running ArduinoBearSSL won't have the correct time and so won't be able to validate the server certificate.
You have to use TimeLib.h or any other libraries to implement getTime (see https://github.com/Orange-OpenSource/IoT-SAFE-APDU-library/blob/master/examples/LiveObjects_Arduino_TinyGSM/LiveObjects_Arduino_TinyGSM.ino)

@aentinger
Copy link
Contributor

@woodlist ... since this is an ESP32 board altogether you might want to take a look at the support channels available for that platform. Afaik ESP32 already comes with an SSL stack so there's no need to use ArduinoBearSSL.
@ffontaine ... feel free to continue the support here, I personally don't feel you have any obligation in this particular case (in case you feel indebted due to your last contribution).

@woodlist
Copy link

woodlist commented Apr 15, 2021

Mr. Fontaine
I did everything as you kindly pointed to. Namely, I put the getTime function from your own repository's example. The timeLib is implemented by source as here https://github.com/PaulStoffregen/Time
The compilation has been passed, but the code crashes with same backtrace.
For debugging purpose I have added an signalization print to terminal on 206 line in your own example code for STM32. That printout did not happened, while I have uncommented the "ArduinoBearSSL.onGetTime(getTime);"
Regardless from result that I got, I appreciate your volunteer work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
topic: code Related to content of the project itself type: enhancement Proposed improvement
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants