Skip to content

mbedtls: Enable time cert validation. #9089

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

mbedtls: Enable time cert validation. #9089

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions ports/mimxrt/mbedtls/mbedtls_config.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,8 @@
#define MBEDTLS_SSL_TLS_C
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_HAVE_TIME_DATE

// Memory allocation hooks
#include <stdlib.h>
Expand All @@ -94,6 +96,13 @@ void m_tracked_free(void *ptr);
#define MBEDTLS_PLATFORM_STD_FREE m_tracked_free
#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf

// Time hook
time_t platform_mbedtls_time(time_t *timer);
#define MBEDTLS_PLATFORM_TIME_MACRO platform_mbedtls_time
#define MBEDTLS_PLATFORM_GMTIME_R_ALT
typedef time_t mbedtls_time_t;
struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *timer, struct tm *tm_buf);

#include "mbedtls/check_config.h"

#endif /* MICROPY_INCLUDED_MBEDTLS_CONFIG_H */
56 changes: 56 additions & 0 deletions ports/mimxrt/mbedtls/mbedtls_port.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,23 @@

#ifdef MICROPY_SSL_MBEDTLS

#include "py/runtime.h"
#include "fsl_trng.h"
#include "mbedtls_config.h"
#include "shared/timeutils/timeutils.h"
#include "extmod/utime_mphal.h"
#include "fsl_snvs_lp.h"

struct tm {
uint16_t tm_year; // i.e. 2014
uint8_t tm_mon; // 1..12
uint8_t tm_mday; // 1..31
uint8_t tm_hour; // 0..23
uint8_t tm_min; // 0..59
uint8_t tm_sec; // 0..59
uint8_t tm_wday; // 0..6 0 = Monday
uint16_t tm_yday; // 1..366
};

int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen) {

Expand All @@ -38,4 +53,45 @@ int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t
return 0;
}


time_t platform_mbedtls_time(time_t *timer) {
// mbedtls_time requires time in seconds from EPOCH 1970
snvs_lp_srtc_datetime_t t;
SNVS_LP_SRTC_GetDatetime(SNVS, &t);
// EPOCH is 1970 for this port, which leads to the following trouble:
// timeutils_seconds_since_epoch() calls timeutils_seconds_since_2000(), and
// timeutils_seconds_since_2000() subtracts 2000 from year, but uses
// an unsigned number for seconds, That causes an underrun, which is not
// fixed by adding the TIMEUTILS_SECONDS_1970_TO_2000.
// Masking it to 32 bit for year < 2000 fixes it.
return timeutils_seconds_since_epoch(t.year, t.month, t.day, t.hour, t.minute, t.second)
& (t.year < 2000 ? 0xffffffff : 0xffffffffffff);
}


struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *tt, struct tm *tm_buf) {
/**
* \param tt Pointer to an object containing time (in seconds) since the
* epoch to be converted
* \param tm_buf Pointer to an object where the results will be stored
*
* \return Pointer to an object of type struct tm on success, otherwise
* NULL
*/
int seconds = *tt;
timeutils_struct_time_t tmd;
timeutils_seconds_since_epoch_to_struct_time(seconds, &tmd);
tm_buf->tm_year = tmd.tm_year;
tm_buf->tm_mon = tmd.tm_mon;
tm_buf->tm_mday = tmd.tm_mday;
tm_buf->tm_hour = tmd.tm_hour;
tm_buf->tm_min = tmd.tm_min;
tm_buf->tm_sec = tmd.tm_sec;
tm_buf->tm_wday = tmd.tm_wday;
tm_buf->tm_yday = tmd.tm_yday;


return tm_buf;
}

#endif
10 changes: 10 additions & 0 deletions ports/stm32/mbedtls/mbedtls_config.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,9 @@
#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_HAVE_TIME_DATE


// Memory allocation hooks
#include <stdlib.h>
Expand All @@ -95,6 +98,13 @@ void m_tracked_free(void *ptr);
#define MBEDTLS_PLATFORM_STD_FREE m_tracked_free
#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf

// Time hook
time_t platform_mbedtls_time(time_t *timer);
#define MBEDTLS_PLATFORM_TIME_MACRO platform_mbedtls_time
#define MBEDTLS_PLATFORM_GMTIME_R_ALT
typedef time_t mbedtls_time_t;
struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *timer, struct tm *tm_buf);

#include "mbedtls/check_config.h"

#endif /* MICROPY_INCLUDED_MBEDTLS_CONFIG_H */
49 changes: 49 additions & 0 deletions ports/stm32/mbedtls/mbedtls_port.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,19 @@

#include "rng.h"
#include "mbedtls_config.h"
#include "rtc.h"
#include "shared/timeutils/timeutils.h"

struct tm {
uint16_t tm_year; // i.e. 2014
uint8_t tm_mon; // 1..12
uint8_t tm_mday; // 1..31
uint8_t tm_hour; // 0..23
uint8_t tm_min; // 0..59
uint8_t tm_sec; // 0..59
uint8_t tm_wday; // 0..6 0 = Monday
uint16_t tm_yday; // 1..366
};

int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen) {
uint32_t val = 0;
Expand All @@ -42,3 +55,39 @@ int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t
}
return 0;
}

time_t platform_mbedtls_time(time_t *timer) {
// mbedtls_time requires time in seconds from EPOCH 1970
rtc_init_finalise();
RTC_DateTypeDef date;
RTC_TimeTypeDef time;
HAL_RTC_GetTime(&RTCHandle, &time, RTC_FORMAT_BIN);
HAL_RTC_GetDate(&RTCHandle, &date, RTC_FORMAT_BIN);
return timeutils_seconds_since_epoch(2000 + date.Year, date.Month, date.Date, time.Hours, time.Minutes, time.Seconds) + TIMEUTILS_SECONDS_1970_TO_2000;
}


struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *tt, struct tm *tm_buf) {
/**
* \param tt Pointer to an object containing time (in seconds) since the
* epoch to be converted
* \param tm_buf Pointer to an object where the results will be stored
*
* \return Pointer to an object of type struct tm on success, otherwise
* NULL
*/
int seconds = *tt;
timeutils_struct_time_t tmd;
timeutils_seconds_since_epoch_to_struct_time(seconds, &tmd);
tm_buf->tm_year = tmd.tm_year;
tm_buf->tm_mon = tmd.tm_mon;
tm_buf->tm_mday = tmd.tm_mday;
tm_buf->tm_hour = tmd.tm_hour;
tm_buf->tm_min = tmd.tm_min;
tm_buf->tm_sec = tmd.tm_sec;
tm_buf->tm_wday = tmd.tm_wday;
tm_buf->tm_yday = tmd.tm_yday;


return tm_buf;
}
2 changes: 2 additions & 0 deletions ports/unix/mbedtls/mbedtls_config.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,8 @@
#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_HAVE_TIME_DATE

#include "mbedtls/check_config.h"

Expand Down