Drogue IoT - Public Room Timeline

	Drogue IoT	104 Members
	Rust based firmware for the device & IoT friendly APIs for the cloud	8 Servers

Load older messages

Sender	Message	Time
28 Feb 2024
@greengenie:matrix.org	yeah that fixed it!	23:09:34
@greengenie:matrix.org	Thanks so much!	23:11:08
@greengenie:matrix.org	Are there any examples of setting up a TLS connection using a X509 cert?	23:38:24
@greengenie:matrix.org	Using embedded-tls	23:38:44
29 Feb 2024
lulf	Adam Hott: On no-std you have to provide your own CertVerifier implementation (see https://docs.rs/embedded-tls/0.17.0/embedded_tls/trait.TlsVerifier.html) combined with passing the certificates you're going to use in the TlsConfig (https://docs.rs/embedded-tls/0.17.0/embedded_tls/struct.TlsConfig.html) using with_cert (also see https://docs.rs/embedded-tls/0.17.0/embedded_tls/blocking/enum.Certificate.html).	04:17:55
@greengenie:matrix.org	thanks lulf ! Here's what I've landed on so far, but I need a host url for the new() function in the implementation. Is there a service that can verify via the internet? Also I'm running into an error with CertificateVerify not existing in the embedded-tls crate. I tried to import it via the handshake module, but it says it's private and for internals only. struct MyCertVerifier; impl MyCertVerifier { pub fn new() -> Self { MyCertVerifier {} } } impl<'a, CipherSuite> TlsVerifier<'a, CipherSuite> for MyCertVerifier where CipherSuite: embedded_tls::TlsCipherSuite + 'a, // This bounds CipherSuite to the trait and the lifetime { `fn new (host: Option<&'a str>) -> Self { MyCertVerifier {} } fn verify_signature( &mut self, verify: CertificateVerify<'_> ) -> Result<(), TlsError> { Ok(()) } fn verify_certificate( &self, transcript: &CipherSuite::Hash, ca: &Option<Certificate<'_>>, cert: Certificate<'_> ) -> Result<(), TlsError> { // Need certificate verification logic here Ok(()) }` }	08:24:13
lulf	In reply to @greengenie:matrix.org thanks lulf ! Here's what I've landed on so far, but I need a host url for the new() function in the implementation. Is there a service that can verify via the internet? Also I'm running into an error with CertificateVerify not existing in the embedded-tls crate. I tried to import it via the handshake module, but it says it's private and for internals only. struct MyCertVerifier; impl MyCertVerifier { pub fn new() -> Self { MyCertVerifier {} } } impl<'a, CipherSuite> TlsVerifier<'a, CipherSuite> for MyCertVerifier where CipherSuite: embedded_tls::TlsCipherSuite + 'a, // This bounds CipherSuite to the trait and the lifetime { `fn new (host: Option<&'a str>) -> Self { MyCertVerifier {} } fn verify_signature( &mut self, verify: CertificateVerify<'_> ) -> Result<(), TlsError> { Ok(()) } fn verify_certificate( &self, transcript: &CipherSuite::Hash, ca: &Option<Certificate<'_>>, cert: Certificate<'_> ) -> Result<(), TlsError> { // Need certificate verification logic here Ok(()) }` } Ah, the handshake mod should be public, that's a bug. Not sure what you mean by 'verify via the internet'. You basically need to implement the verification yourself (or if you're just playing, you can use the embedded_tls::NoVerify 'verifier').	08:29:25
@greengenie:matrix.org	* thanks lulf ! Here's what I've landed on so far, but I need a host url for the new() function in the implementation. Is there a service that can verify via the internet? Also I'm running into an error with CertificateVerify not existing in the embedded-tls crate. I tried to import it via the handshake module, but it says it's private and for internals only. struct MyCertVerifier; impl MyCertVerifier { pub fn new() -> Self { MyCertVerifier {} } } impl<'a, CipherSuite> TlsVerifier<'a, CipherSuite> for MyCertVerifier where CipherSuite: embedded_tls::TlsCipherSuite + 'a, // This bounds CipherSuite to the trait and the lifetime { fn new (host: Option<&'a str>) -> Self { MyCertVerifier {} } fn verify_signature( &mut self, verify: CertificateVerify<'_> ) -> Result<(), TlsError> { Ok(()) } fn verify_certificate( &self, transcript: &CipherSuite::Hash, ca: &Option<Certificate<'_>>, cert: Certificate<'_> ) -> Result<(), TlsError> { // Need certificate verification logic here Ok(()) } }	08:36:12
@greengenie:matrix.org	Do you need me to open an issue on the bug?	08:36:51
lulf	Sure, either issue or PR if you want.	08:37:41
@greengenie:matrix.org	Ok! so I'm just playing around, HiveMQ requires a TLS connection to connect to their MQTT broker service.	08:38:25
lulf	Right... you can use the NoVerify then if you don't care about verifying :)	08:38:52
@greengenie:matrix.org	Ok thanks I'll look into it and I'm working on that PR	08:40:39
lulf	adding a pub use handshake::CertificateVerify in the config.rs should do it I think	08:41:23
@greengenie:matrix.org	thanks, this is my first PR ever	08:42:44
@greengenie:matrix.org	I really don't know what I'm doin	08:42:53
@greengenie:matrix.org	you mean: pub use crate::handshake::certificate_verify::CertificateVerify;	08:43:55
@greengenie:matrix.org	?	08:44:04
@greengenie:matrix.org	ok so I forked the repo, cloned it to my local computer, created a "bug-fix" branch. Now what should I do?	08:47:34
lulf	push it to your fork, use the github UI to create a pull request against the embedded-tls main branch	08:48:05
@greengenie:matrix.org	ok thanks!	08:48:14
@greengenie:matrix.org	Is this an appropriate comment for the PR? When trying to implement CertificateVerify, the compiler notified me that it is not a public. This should be a public Trait lulf.	08:59:42
@greengenie:matrix.org	* Is this an appropriate comment for the PR? When trying to implement CertificateVerify, the compiler notified me that it is not a public. This should be a public Trait lulf.	08:59:51
@greengenie:matrix.org	ok I did it, cool!	09:00:21
@greengenie:matrix.org	thanks for approving, now I can use it!	09:01:33
@greengenie:matrix.org	I'm getting some errors that I don't understand: the trait`RngCore` is not implemented for `Rng` the trait `CryptoRng` is not implemented for `Rng` this is how I'm generating my hardware rng: //Generate RNG for TLS Encryption let rng_peripherals = Peripherals::take(); let mut rng_system = rng_peripherals.SYSTEM.split(); let rng_clocks = ClockControl::boot_defaults(rng_system.clock_control).freeze(); let mut rng_rtc = Rtc::new(rng_peripherals.LPWR); let rng_timer_group0 = TimerGroup::new( rng_peripherals.TIMG0, &rng_clocks, ); let mut wdt0 = rng_timer_group0.wdt; let rng_timer_group1 = TimerGroup::new( rng_peripherals.TIMG1, &rng_clocks, ); let mut wdt1 = rng_timer_group1.wdt; rng_rtc.swd.disable(); rng_rtc.rwdt.disable(); wdt0.disable(); wdt1.disable(); let mut rng = Rng::new(rng_peripherals.RNG); and this is my implementation of the ring: let tls_context = TlsContext::new(&tls_config, &mut rng);	09:23:05
@greengenie:matrix.org	* I'm getting some errors that I don't understand: the trait`RngCore` is not implemented for `Rng` the trait `CryptoRng` is not implemented for `Rng` this is how I'm generating my hardware rng: //Generate RNG for TLS Encryption let rng_peripherals = Peripherals::take(); let mut rng_system = rng_peripherals.SYSTEM.split(); let rng_clocks = ClockControl::boot_defaults(rng_system.clock_control).freeze(); let mut rng_rtc = Rtc::new(rng_peripherals.LPWR); let rng_timer_group0 = TimerGroup::new( rng_peripherals.TIMG0, &rng_clocks, ); let mut wdt0 = rng_timer_group0.wdt; let rng_timer_group1 = TimerGroup::new( rng_peripherals.TIMG1, &rng_clocks, ); let mut wdt1 = rng_timer_group1.wdt; rng_rtc.swd.disable(); rng_rtc.rwdt.disable(); wdt0.disable(); wdt1.disable(); let mut rng = Rng::new(rng_peripherals.RNG); and this is my implementation of the ring: `let tls\_context = TlsContext::new(&tls\_config, &mut rng);`	09:23:26
@greengenie:matrix.org	* I'm getting some errors that I don't understand: the trait`RngCore` is not implemented for `Rng` the trait `CryptoRng` is not implemented for `Rng` this is how I'm generating my hardware rng: //Generate RNG for TLS Encryption let rng_peripherals = Peripherals::take(); let mut rng_system = rng_peripherals.SYSTEM.split(); let rng_clocks = ClockControl::boot_defaults(rng_system.clock_control).freeze(); let mut rng_rtc = Rtc::new(rng_peripherals.LPWR); let rng_timer_group0 = TimerGroup::new( rng_peripherals.TIMG0, &rng_clocks, ); let mut wdt0 = rng_timer_group0.wdt; let rng_timer_group1 = TimerGroup::new( rng_peripherals.TIMG1, &rng_clocks, ); let mut wdt1 = rng_timer_group1.wdt; rng_rtc.swd.disable(); rng_rtc.rwdt.disable(); wdt0.disable(); wdt1.disable(); let mut rng = Rng::new(rng_peripherals.RNG); and this is my implementation of the ring: `let tls_context = TlsContext::new(&tls_config, &mut rng);`	09:23:49
@greengenie:matrix.org	the full code is here: https://github.com/CodingInGreen/esp32c3-robot-wifi-mqtt-tls/blob/master/bin/robotwifi.rs	09:24:07
@greengenie:matrix.org	* I'm getting some errors that I don't understand: the trait`RngCore` is not implemented for `Rng` the trait `CryptoRng` is not implemented for `Rng` this is how I'm generating my hardware rng: //Generate RNG for TLS Encryption let rng_peripherals = Peripherals::take(); let mut rng_system = rng_peripherals.SYSTEM.split(); let rng_clocks = ClockControl::boot_defaults(rng_system.clock_control).freeze(); let mut rng_rtc = Rtc::new(rng_peripherals.LPWR); let rng_timer_group0 = TimerGroup::new( rng_peripherals.TIMG0, &rng_clocks, ); let mut wdt0 = rng_timer_group0.wdt; let rng_timer_group1 = TimerGroup::new( rng_peripherals.TIMG1, &rng_clocks, ); let mut wdt1 = rng_timer_group1.wdt; rng_rtc.swd.disable(); rng_rtc.rwdt.disable(); wdt0.disable(); wdt1.disable(); let mut rng = Rng::new(rng_peripherals.RNG); and this is my implementation of the rng: `let tls_context = TlsContext::new(&tls_config, &mut rng);`	09:24:46

Show newer messages

Back to Room ListRoom Version: 5