wip: provide time support to mbedtls

Author: ericschaal

examples/esp/Cargo.toml

@@ -34,13 +34,13 @@ opt-level = "z"
 
 [features]
 default = ["esp32c6"]
-esp32 = ["esp-rtos/esp32", "esp-hal/esp32", "esp-backtrace/esp32", "esp-println/esp32", "esp-radio/esp32", "esp-bootloader-esp-idf/esp32", "esp-metadata-generated/esp32", "mbedtls-rs/accel-esp32"]
-esp32c2 = ["esp-rtos/esp32c2", "esp-hal/esp32c2", "esp-backtrace/esp32c2", "esp-println/esp32c2", "esp-radio/esp32c2", "esp-bootloader-esp-idf/esp32c2", "esp-metadata-generated/esp32c2", "mbedtls-rs/accel-esp32c2"]
-esp32c3 = ["esp-rtos/esp32c3", "esp-hal/esp32c3", "esp-backtrace/esp32c3", "esp-println/esp32c3", "esp-radio/esp32c3", "esp-bootloader-esp-idf/esp32c3", "esp-metadata-generated/esp32c3", "mbedtls-rs/accel-esp32c3"]
-esp32c6 = ["esp-rtos/esp32c6", "esp-hal/esp32c6", "esp-backtrace/esp32c6", "esp-println/esp32c6", "esp-radio/esp32c6", "esp-bootloader-esp-idf/esp32c6", "esp-metadata-generated/esp32c6", "mbedtls-rs/accel-esp32c6"]
-esp32h2 = ["esp-rtos/esp32h2", "esp-hal/esp32h2", "esp-backtrace/esp32h2", "esp-println/esp32h2", "esp-radio/esp32h2", "esp-bootloader-esp-idf/esp32h2", "esp-metadata-generated/esp32h2", "mbedtls-rs/accel-esp32h2"]
-esp32s2 = ["esp-rtos/esp32s2", "esp-hal/esp32s2", "esp-backtrace/esp32s2", "esp-println/esp32s2", "esp-radio/esp32s2", "esp-bootloader-esp-idf/esp32s2", "esp-metadata-generated/esp32s2", "mbedtls-rs/accel-esp32s2"]
-esp32s3 = ["esp-rtos/esp32s3", "esp-hal/esp32s3", "esp-backtrace/esp32s3", "esp-println/esp32s3", "esp-radio/esp32s3", "esp-bootloader-esp-idf/esp32s3", "esp-metadata-generated/esp32s3", "mbedtls-rs/accel-esp32s3"]
+esp32 = ["esp-rtos/esp32", "esp-hal/esp32", "esp-backtrace/esp32", "esp-println/esp32", "esp-radio/esp32", "esp-bootloader-esp-idf/esp32", "esp-metadata-generated/esp32", "mbedtls-rs/accel-esp32", "mbedtls-rs/timer-embassy", "mbedtls-rs/wall-clock-esp32"]
+esp32c2 = ["esp-rtos/esp32c2", "esp-hal/esp32c2", "esp-backtrace/esp32c2", "esp-println/esp32c2", "esp-radio/esp32c2", "esp-bootloader-esp-idf/esp32c2", "esp-metadata-generated/esp32c2", "mbedtls-rs/accel-esp32c2", "mbedtls-rs/timer-embassy", "mbedtls-rs/wall-clock-esp32c2"]
+esp32c3 = ["esp-rtos/esp32c3", "esp-hal/esp32c3", "esp-backtrace/esp32c3", "esp-println/esp32c3", "esp-radio/esp32c3", "esp-bootloader-esp-idf/esp32c3", "esp-metadata-generated/esp32c3", "mbedtls-rs/accel-esp32c3", "mbedtls-rs/timer-embassy", "mbedtls-rs/wall-clock-esp32c3"]
+esp32c6 = ["esp-rtos/esp32c6", "esp-hal/esp32c6", "esp-backtrace/esp32c6", "esp-println/esp32c6", "esp-radio/esp32c6", "esp-bootloader-esp-idf/esp32c6", "esp-metadata-generated/esp32c6", "mbedtls-rs/accel-esp32c6", "mbedtls-rs/timer-embassy", "mbedtls-rs/wall-clock-esp32c6"]
+esp32h2 = ["esp-rtos/esp32h2", "esp-hal/esp32h2", "esp-backtrace/esp32h2", "esp-println/esp32h2", "esp-radio/esp32h2", "esp-bootloader-esp-idf/esp32h2", "esp-metadata-generated/esp32h2", "mbedtls-rs/accel-esp32h2", "mbedtls-rs/timer-embassy", "mbedtls-rs/wall-clock-esp32h2"]
+esp32s2 = ["esp-rtos/esp32s2", "esp-hal/esp32s2", "esp-backtrace/esp32s2", "esp-println/esp32s2", "esp-radio/esp32s2", "esp-bootloader-esp-idf/esp32s2", "esp-metadata-generated/esp32s2", "mbedtls-rs/accel-esp32s2", "mbedtls-rs/timer-embassy", "mbedtls-rs/wall-clock-esp32s2"]
+esp32s3 = ["esp-rtos/esp32s3", "esp-hal/esp32s3", "esp-backtrace/esp32s3", "esp-println/esp32s3", "esp-radio/esp32s3", "esp-bootloader-esp-idf/esp32s3", "esp-metadata-generated/esp32s3", "mbedtls-rs/accel-esp32s3", "mbedtls-rs/timer-embassy", "mbedtls-rs/wall-clock-esp32s3"]
 
 [dependencies]
 log = "0.4"

examples/esp/build.rs

@@ -0,0 +1,10 @@
+use std::time::{SystemTime, UNIX_EPOCH};
+
+fn main() {
+    let current_time_ms = SystemTime::now()
+        .duration_since(UNIX_EPOCH)
+        .expect("Time went backwards")
+        .as_millis();
+
+    println!("cargo:rustc-env=CURRENT_TIME_MS={}", current_time_ms);
+}

examples/esp/src/bootstrap.rs

@@ -18,6 +18,8 @@ use esp_hal::timer::timg::TimerGroup;
 
 use mbedtls_rs::sys::accel::esp::EspAccel;
 use mbedtls_rs::Tls;
+use mbedtls_rs::sys::clock::esp::EspRtcWallClock;
+use mbedtls_rs::sys::timer::embassy::EmbassyTimer;
 
 use esp_metadata_generated::memory_range;
 
@@ -51,6 +53,7 @@ esp_bootloader_esp_idf::esp_app_desc!();
 
 const WIFI_SSID: &str = env!("WIFI_SSID");
 const WIFI_PASS: &str = env!("WIFI_PASS");
+const CURRENT_TIME_MS: &str = env!("CURRENT_TIME_MS");
 
 pub async fn bootstrap_stack<const SOCKETS: usize>(
     spawner: Spawner,
@@ -72,6 +75,35 @@ pub async fn bootstrap_stack<const SOCKETS: usize>(
             .software_interrupt0,
     );
 
+    // TODO feature gate?
+    {
+        let timer = mk_static!(EmbassyTimer, EmbassyTimer::default());
+        unsafe {
+            mbedtls_rs::sys::hook::timer::hook_timer(Some(timer));
+        }
+    }
+
+    // TODO feature gate?
+    {
+        let rtc = mk_static!(
+            esp_hal::rtc_cntl::Rtc,
+            esp_hal::rtc_cntl::Rtc::new(peripherals.LPWR)
+        );
+
+        // In a real-life scenario NTP or equivalent should be used here to initialize the RTC
+        rtc.set_current_time_us(
+            CURRENT_TIME_MS
+                .parse::<u64>()
+                .expect("Failed to parse CURRENT_TIME_MS")
+                * 1000, // Convert milliseconds to microseconds
+        );
+
+        let clock = mk_static!(EspRtcWallClock, EspRtcWallClock::new(rtc));
+        unsafe {
+            mbedtls_rs::sys::hook::wall_clock::hook_wall_clock(Some(clock));
+        }
+    }
+
     #[cfg(not(any(feature = "esp32", feature = "esp32c2")))]
     let accel = EspAccel::new(peripherals.SHA, peripherals.RSA);
 

mbedtls-rs-sys/Cargo.toml

@@ -20,11 +20,13 @@ use-gcc = []
 # https://github.com/riscv-collab/riscv-gnu-toolchain
 force-esp-riscv-gcc = ["use-gcc"]
 # Disable all or some hooks; this would preclude hooking custom HW-accelerated algos
-nohook = ["nohook-sha1", "nohook-sha256", "nohook-sha512", "nohook-exp-mod"]
+nohook = ["nohook-sha1", "nohook-sha256", "nohook-sha512", "nohook-exp-mod", "nohook-timer", "nohook-wall-clock"]
 nohook-sha1 = []
 nohook-sha256 = []
 nohook-sha512 = []
 nohook-exp-mod = []
+nohook-timer = []
+nohook-wall-clock = []
 # Enable HW acceleration drivers for the ESP series of MCUs via `esp-hal`
 accel-esp32 = ["esp-hal/esp32", "crypto-bigint"]
 accel-esp32c2 = ["esp-hal/esp32c2"]
@@ -34,6 +36,15 @@ accel-esp32h2 = ["esp-hal/esp32h2", "crypto-bigint"]
 accel-esp32s2 = ["esp-hal/esp32s2", "crypto-bigint"]
 accel-esp32s3 = ["esp-hal/esp32s3", "crypto-bigint"]
 
+timer-embassy = ["embassy-time"]
+wall-clock-esp32 = ["esp-hal/esp32", "time"]
+wall-clock-esp32c2 = ["esp-hal/esp32c2", "time"]
+wall-clock-esp32c3 = ["esp-hal/esp32c3", "time"]
+wall-clock-esp32c6 = ["esp-hal/esp32c6", "time"]
+wall-clock-esp32h2 = ["esp-hal/esp32h2", "time"]
+wall-clock-esp32s2 = ["esp-hal/esp32s2", "time"]
+wall-clock-esp32s3 = ["esp-hal/esp32s3", "time"]
+
 [dependencies]
 defmt = { version = "1", optional = true }
 log = { version = "0.4", optional = true }
@@ -43,12 +54,16 @@ digest = { version = "0.10", default-features = false }
 sha1 = { version = "0.10", default-features = false }
 # For some reason, `soft` results in enormous slowdowns on xtensa and riscv32
 sha2 = { version = "0.10", default-features = false, features = ["force-soft-compact"] }
+time = { version = "0.3", default-features = false, optional = true }
 critical-section = "1"
 
 # For esp-hal accel
 esp-hal = { version = "1", features = ["unstable"], optional = true }
 crypto-bigint = { version = "0.5.3", default-features = false, features = ["extra-sizes"], optional = true }
 
+# For embassy timer support
+embassy-time = {version = "0.5.0", optional = true}
+
 # ESP-IDF: The mbedtls lib distributed with ESP-IDF is used
 # All other platforms: mbedtls libs and bindings are created on the fly
 [target.'cfg(target_os = "espidf")'.dependencies]

mbedtls-rs-sys/gen/builder.rs

@@ -17,6 +17,10 @@ pub enum Hook {
     Sha512,
     /// MPI modular exponentiation
     ExpMod,
+    /// Timer support
+    Timer,
+    /// Wall clock support
+    WallClock,
 }
 
 /// The MbedTLS builder
@@ -159,12 +163,14 @@ impl MbedtlsBuilder {
         }
 
         for hook in self.hooks {
-            let def = self.hook_def(hook);
+            let defs = self.hook_defs(hook);
 
-            builder = builder.clang_arg(format!("-D{def}"));
+            for def in defs {
+                builder = builder.clang_arg(format!("-D{def}"));
 
-            if let Some(size_def) = self.hook_work_area_size_def(hook) {
-                builder = builder.clang_arg(format!("-D{def}_WORK_AREA_SIZE={size_def}"));
+                if let Some(size_def) = self.hook_work_area_size_def(hook) {
+                    builder = builder.clang_arg(format!("-D{def}_WORK_AREA_SIZE={size_def}"));
+                }
             }
         }
 
@@ -237,14 +243,16 @@ impl MbedtlsBuilder {
             .out_dir(&target_dir);
 
         for hook in self.hooks {
-            let def = self.hook_def(hook);
+            let defs = self.hook_defs(hook);
 
-            config.cflag(format!("-D{def}")).cxxflag(format!("-D{def}"));
+            for def in defs {
+                config.cflag(format!("-D{def}")).cxxflag(format!("-D{def}"));
 
-            if let Some(size_def) = self.hook_work_area_size_def(hook) {
-                config
-                    .cflag(format!("-D{def}_WORK_AREA_SIZE={size_def}"))
-                    .cxxflag(format!("-D{def}_WORK_AREA_SIZE={size_def}"));
+                if let Some(size_def) = self.hook_work_area_size_def(hook) {
+                    config
+                        .cflag(format!("-D{def}_WORK_AREA_SIZE={size_def}"))
+                        .cxxflag(format!("-D{def}_WORK_AREA_SIZE={size_def}"));
+                }
             }
         }
 
@@ -259,12 +267,18 @@ impl MbedtlsBuilder {
         println!("cargo:rerun-if-changed={}", file_or_dir.display())
     }
 
-    fn hook_def(&self, hook: Hook) -> &'static str {
+    fn hook_defs(&self, hook: Hook) -> &'static [&'static str] {
         match hook {
-            Hook::Sha1 => "MBEDTLS_SHA1_ALT",
-            Hook::Sha256 => "MBEDTLS_SHA256_ALT",
-            Hook::Sha512 => "MBEDTLS_SHA512_ALT",
-            Hook::ExpMod => "MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK",
+            Hook::Sha1 => &["MBEDTLS_SHA1_ALT"],
+            Hook::Sha256 => &["MBEDTLS_SHA256_ALT"],
+            Hook::Sha512 => &["MBEDTLS_SHA512_ALT"],
+            Hook::ExpMod => &["MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK"],
+            Hook::Timer => &[
+                "MBEDTLS_HAVE_TIME",
+                "MBEDTLS_PLATFORM_TIME_ALT",
+                "MBEDTLS_PLATFORM_MS_TIME_ALT",
+            ],
+            Hook::WallClock => &["MBEDTLS_HAVE_TIME_DATE", "MBEDTLS_PLATFORM_GMTIME_R_ALT"],
         }
     }
 

mbedtls-rs-sys/gen/sysroot/include/time.h

@@ -0,0 +1,22 @@
+#ifndef __TIME_H__
+#define __TIME_H__
+
+#include <stdint.h>
+
+typedef int64_t time_t;
+
+struct tm {
+    int tm_sec;    // seconds after the minute - [0, 60]
+    int tm_min;    // minutes after the hour - [0, 59]
+    int tm_hour;   // hours since midnight - [0, 23]
+    int tm_mday;   // day of the month - [1, 31]
+    int tm_mon;    // months since January - [0, 11]
+    int tm_year;   // years since 1900
+    int tm_wday;   // days since Sunday - [0, 6]
+    int tm_yday;   // days since January 1 - [0, 365]
+    int tm_isdst;  // Daylight Saving Time flag
+};
+
+time_t time(time_t* timer);
+
+#endif