feat: update mbedtls from v3.2.1 to v3.6.2

external/crypto/mbedtls/CMakeLists.txt

@@ -1,7 +1,7 @@
 FetchContent_Declare(
     mbedtls
-    GIT_REPOSITORY https://github.com/Mbed-TLS/mbedtls
-    GIT_TAG 869298bffeea13b205343361b7a7daf2b210e33d # v3.2.1
+    GIT_REPOSITORY https://github.com/ccrugoPhilips/mbedtls # Mbed-TLS fork
+    GIT_TAG e0b9fdf17e1d584ac3713fc7970fd9de530e7063 # v3.6.2 with patch
 )
 
 set_directory_properties(PROPERTIES EXCLUDE_FROM_ALL On)

external/crypto/mbedtls/mbedtls_emil_config.h

@@ -229,6 +229,10 @@
 //#define MBEDTLS_PLATFORM_NV_SEED_ALT
 //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
 
+#ifndef EMIL_HOST_BUILD
+#define MBEDTLS_PLATFORM_MS_TIME_ALT
+#endif
+
 /**
  * \def MBEDTLS_DEPRECATED_WARNING
  *

services/network/ConnectionMbedTls.cpp

@@ -1,6 +1,17 @@
 #include "services/network/ConnectionMbedTls.hpp"
 #include "infra/event/EventDispatcherWithWeakPtr.hpp"
 
+#ifndef EMIL_HOST_BUILD
+#include "mbedtls/platform_time.h"
+extern "C"
+{
+    mbedtls_ms_time_t mbedtls_ms_time(void)
+    {
+        return static_cast<mbedtls_ms_time_t>(std::chrono::duration_cast<std::chrono::milliseconds>(infra::Now(3).time_since_epoch()).count());
+    }
+}
+#endif
+
 namespace services
 {
     ConnectionMbedTls::ConnectionMbedTls(infra::AutoResetFunction<void(infra::SharedPtr<services::ConnectionObserver> connectionObserver)>&& createdObserver, CertificatesMbedTls& certificates,

services/network/MbedTlsSession.cpp

@@ -3,7 +3,6 @@
 #include "infra/util/BoundedString.hpp"
 #include "infra/util/BoundedVector.hpp"
 #include "infra/util/ByteRange.hpp"
-#include "infra/util/ReallyAssert.hpp"
 #include "services/network/Address.hpp"
 #include "services/util/Sha256.hpp"
 
@@ -34,7 +33,7 @@ namespace services
         , identifier(reference.identifier)
     {
         mbedtls_ssl_session_init(&session);
-        really_assert(mbedtls_ssl_session_load(&session, reference.serializedSession.begin(), reference.serializedSession.size()) == 0);
+        clientSessionDeserialized = mbedtls_ssl_session_load(&session, reference.serializedSession.begin(), reference.serializedSession.size()) == 0;
     }
 
     MbedTlsSession::~MbedTlsSession()
@@ -58,6 +57,11 @@ namespace services
         return clientSessionObtained;
     }
 
+    bool MbedTlsSession::IsDeserialized()
+    {
+        return clientSessionDeserialized;
+    }
+
     int MbedTlsSession::SetSession(mbedtls_ssl_context* context)
     {
         return mbedtls_ssl_set_session(context, &session);
@@ -249,12 +253,20 @@ namespace services
 
     void MbedTlsSessionStoragePersistent::LoadSessions()
     {
-        for (auto& persistedSession : *nvm)
+        for (auto persistedSession = nvm->begin(); persistedSession != nvm->end();)
         {
-            storage.emplace_back(persistedSession, [this](MbedTlsSession* session)
+            storage.emplace_back(*persistedSession, [this](MbedTlsSession* session)
                 {
                     SerializeSessionToFlash(session);
                 });
+
+            if (storage.back().IsDeserialized())
+                ++persistedSession;
+            else
+            {
+                persistedSession = nvm->erase(persistedSession);
+                storage.pop_back();
+            }
         }
     }
 

services/network/MbedTlsSession.hpp

@@ -27,13 +27,15 @@ namespace services
         virtual void Reinitialize();
         virtual void Obtained();
         virtual bool IsObtained();
+        virtual bool IsDeserialized();
         virtual int SetSession(mbedtls_ssl_context* context);
         virtual int GetSession(mbedtls_ssl_context* context);
         virtual const infra::BoundedVector<uint8_t>& Identifier() const;
 
     private:
         mbedtls_ssl_session session;
         bool clientSessionObtained = false;
+        bool clientSessionDeserialized = false;
         infra::BoundedVector<uint8_t>::WithMaxSize<32> identifier;
     };
 

services/network/test/TestConnectionMbedTls.cpp

@@ -13,6 +13,7 @@
 #include "services/util/Sha256MbedTls.hpp"
 #include "services/util/test_doubles/ConfigurationStoreMock.hpp"
 #include "gmock/gmock.h"
+#include <algorithm>
 
 class ConnectionMbedTlsTest
     : public testing::Test
@@ -237,6 +238,63 @@ TEST_F(ConnectionMbedTlsTest, persistent_session_reopen_connection)
     }
 }
 
+TEST_F(ConnectionMbedTlsTest, persistent_session_fails_deserialize)
+{
+    infra::BoundedVector<network::MbedTlsPersistedSession>::WithMaxSize<1> stores;
+    testing::StrictMock<services::ConfigurationStoreInterfaceMock> configInterface;
+    services::ConfigurationStoreAccess<infra::BoundedVector<network::MbedTlsPersistedSession>> configStore{ configInterface, stores };
+    services::Sha256MbedTls sha256;
+    services::MbedTlsSessionHasher mbedTlsHasher{ sha256 };
+    services::MbedTlsSessionStoragePersistent::WithMaxSize<1> persistentStorage{ configStore, mbedTlsHasher };
+
+    infra::BoundedVector<network::MbedTlsPersistedSession>::WithMaxSize<2> newStores;
+    services::ConfigurationStoreAccess<infra::BoundedVector<network::MbedTlsPersistedSession>> newConfigStore{ configInterface, newStores };
+
+    services::ConnectionFactoryMbedTls::WithMaxConnectionsListenersAndConnectors<2, 1, 0> tlsNetworkServer(loopBackNetwork, serverCertificates, randomDataGenerator);
+    services::ConnectionFactoryMbedTls::CustomSessionStorageWithMaxConnectionsListenersAndConnectors<2, 0, 1> tlsNetworkClient(persistentStorage, loopBackNetwork, clientCertificates, randomDataGenerator);
+    infra::SharedPtr<void> listener = tlsNetworkServer.Listen(1234, serverObserverFactory);
+
+    {
+        EXPECT_CALL(clientObserverFactory, Port()).WillOnce(testing::Return(1234));
+        tlsNetworkClient.Connect(clientObserverFactory);
+
+        infra::SharedOptional<services::ConnectionObserverStub> observer1;
+        infra::SharedOptional<services::ConnectionObserverStub> observer2;
+
+        EXPECT_CALL(serverObserverFactory, ConnectionAccepted(testing::_, testing::_))
+            .WillOnce(testing::Invoke([&](infra::AutoResetFunction<void(infra::SharedPtr<services::ConnectionObserver> connectionObserver)> createdObserver, services::IPAddress address)
+                {
+                    createdObserver(observer1.Emplace());
+                }));
+        EXPECT_CALL(clientObserverFactory, Address());
+        EXPECT_CALL(configInterface, Write());
+        EXPECT_CALL(clientObserverFactory, ConnectionEstablished(testing::_))
+            .WillOnce(testing::Invoke([&](infra::AutoResetFunction<void(infra::SharedPtr<services::ConnectionObserver> connectionObserver)> createdObserver)
+                {
+                    createdObserver(observer2.Emplace());
+                }));
+        ExecuteAllActions();
+
+        observer1->Subject().AbortAndDestroy();
+    }
+
+    {
+        newConfigStore->emplace_back();
+        std::copy(stores.back().serializedSession.begin(), stores.back().serializedSession.end(), std::back_inserter(newConfigStore->back().serializedSession));
+        newConfigStore->emplace_back();
+        EXPECT_EQ(newConfigStore->size(), 2);
+        services::MbedTlsSessionStoragePersistent::WithMaxSize<2> newPersistentStorage{ newConfigStore, mbedTlsHasher };
+        EXPECT_EQ(newConfigStore->size(), 1);
+    }
+}
+
+TEST_F(ConnectionMbedTlsTest, mbedtls_session_fails_deserialize)
+{
+    network::MbedTlsPersistedSession persistedSession;
+    auto sessionDeserialize = services::MbedTlsSession(persistedSession);
+    EXPECT_FALSE(sessionDeserialize.IsDeserialized());
+}
+
 class ConnectionWithNameResolverMbedTlsTest
     : public testing::Test
     , public infra::ClockFixture