feat(SHA): Borrow the SHA peripheral instead of unsafely stealing

AnthonyGrondin · AnthonyGrondin · commit 9df4d7b39370 · 2024-10-15T15:20:19.000-04:00
diff --git a/esp-mbedtls/src/compat/edge_nal_compat.rs b/esp-mbedtls/src/compat/edge_nal_compat.rs
@@ -4,9 +4,12 @@ use core::{
     cell::{Cell, RefCell, UnsafeCell},
     mem::MaybeUninit,
     net::{Ipv4Addr, SocketAddr, SocketAddrV4},
+    ops::DerefMut,
     ptr::NonNull,
 };
 
+use crate::{hal::peripheral::PeripheralRef, SHA};
+
 use edge_nal::TcpBind;
 use edge_nal_embassy::{Tcp, TcpAccept, TcpSocket};
 
@@ -23,6 +26,7 @@ pub struct TlsAcceptor<
     owns_rsa: bool,
     tls_buffers: &'d TlsBuffers<RX_SZ, TX_SZ>,
     tls_buffers_ptr: RefCell<NonNull<([u8; RX_SZ], [u8; TX_SZ])>>,
+    sha: RefCell<PeripheralRef<'d, SHA>>,
 }
 
 impl<'d, D, const N: usize, const RX_SZ: usize, const TX_SZ: usize> Drop
@@ -55,6 +59,7 @@ where
         port: u16,
         version: TlsVersion,
         certificates: Certificates<'d>,
+        sha: impl Peripheral<P = SHA> + 'd,
     ) -> Self {
         let acceptor = tcp
             .bind(SocketAddr::V4(SocketAddrV4::new(
@@ -73,6 +78,7 @@ where
             owns_rsa: false,
             tls_buffers,
             tls_buffers_ptr: RefCell::new(socket_buffers),
+            sha: sha.into_ref().into(),
         }
     }
 
@@ -127,6 +133,7 @@ where
             self.certificates,
             rx,
             tx,
+            self.sha.borrow_mut().reborrow().deref_mut(),
         )?;
 
         log::debug!("Establishing SSL connection");
diff --git a/esp-mbedtls/src/lib.rs b/esp-mbedtls/src/lib.rs
@@ -488,10 +488,13 @@ impl<T> Session<T> {
         mode: Mode,
         min_version: TlsVersion,
         certificates: Certificates,
+        sha: impl Peripheral<P = SHA>,
     ) -> Result<Self, TlsError> {
-        // TODO: Take peripheral from user
-        let sha = Sha::new(unsafe { SHA::steal() });
-        critical_section::with(|cs| SHARED_SHA.borrow_ref_mut(cs).replace(sha));
+        critical_section::with(|cs| {
+            SHARED_SHA
+                .borrow_ref_mut(cs)
+                .replace(unsafe { core::mem::transmute(Sha::new(sha)) })
+        });
 
         let (drbg_context, ssl_context, ssl_config, crt, client_crt, private_key) =
             certificates.init_ssl(servername, mode, min_version)?;
@@ -634,6 +637,7 @@ impl<T> Drop for Session<T> {
             if self.owns_rsa {
                 RSA_REF = core::mem::transmute(None::<RSA>);
             }
+            critical_section::with(|cs| SHARED_SHA.borrow_ref_mut(cs).take());
             mbedtls_ssl_close_notify(self.ssl_context);
             mbedtls_ctr_drbg_free(self.drbg_context);
             mbedtls_ssl_config_free(self.ssl_config);
@@ -744,10 +748,13 @@ pub mod asynch {
 
             rx_buffer: &'a mut [u8; RX_SIZE],
             tx_buffer: &'a mut [u8; TX_SIZE],
+            sha: impl Peripheral<P = SHA>,
         ) -> Result<Self, TlsError> {
-            // TODO: Take peripheral from user
-            let sha = Sha::new(unsafe { SHA::steal() });
-            critical_section::with(|cs| SHARED_SHA.borrow_ref_mut(cs).replace(sha));
+            critical_section::with(|cs| {
+                SHARED_SHA
+                    .borrow_ref_mut(cs)
+                    .replace(unsafe { core::mem::transmute(Sha::new(sha)) })
+            });
 
             let (drbg_context, ssl_context, ssl_config, crt, client_crt, private_key) =
                 certificates.init_ssl(servername, mode, min_version)?;
@@ -790,6 +797,7 @@ pub mod asynch {
                 if self.owns_rsa {
                     RSA_REF = core::mem::transmute(None::<RSA>);
                 }
+                critical_section::with(|cs| SHARED_SHA.borrow_ref_mut(cs).take());
                 mbedtls_ssl_close_notify(self.ssl_context);
                 mbedtls_ctr_drbg_free(self.drbg_context);
                 mbedtls_ssl_config_free(self.ssl_config);
diff --git a/esp-mbedtls/src/sha/sha1.rs b/esp-mbedtls/src/sha/sha1.rs
@@ -10,8 +10,6 @@ pub struct mbedtls_sha1_context {
 
 #[no_mangle]
 pub unsafe extern "C" fn mbedtls_sha1_init(ctx: *mut mbedtls_sha1_context) {
-    let sha = crate::Sha::new(unsafe { crate::SHA::steal() });
-    critical_section::with(|cs| SHARED_SHA.borrow_ref_mut(cs).replace(sha));
     let hasher_mem =
         crate::calloc(1, core::mem::size_of::<Context<Sha1>>() as u32) as *mut Context<Sha1>;
     core::ptr::write(hasher_mem, Context::<Sha1>::new());
diff --git a/examples/async_client.rs b/examples/async_client.rs
@@ -140,6 +140,7 @@ async fn main(spawner: Spawner) -> ! {
         },
         mk_static!([u8; 4096], [0; 4096]),
         mk_static!([u8; 4096], [0; 4096]),
+        peripherals.SHA,
     )
     .unwrap()
     .with_hardware_rsa(peripherals.RSA);
diff --git a/examples/async_client_mTLS.rs b/examples/async_client_mTLS.rs
@@ -146,6 +146,7 @@ async fn main(spawner: Spawner) -> ! {
         certificates,
         mk_static!([u8; 4096], [0; 4096]),
         mk_static!([u8; 4096], [0; 4096]),
+        peripherals.SHA,
     )
     .unwrap()
     .with_hardware_rsa(peripherals.RSA);
diff --git a/examples/async_server.rs b/examples/async_server.rs
@@ -164,6 +164,7 @@ async fn main(spawner: Spawner) -> ! {
             },
             tls_rx_buffer,
             tls_tx_buffer,
+            &mut peripherals.SHA,
         )
         .unwrap()
         .with_hardware_rsa(&mut peripherals.RSA);
diff --git a/examples/async_server_mTLS.rs b/examples/async_server_mTLS.rs
@@ -182,6 +182,7 @@ async fn main(spawner: Spawner) -> ! {
             },
             tls_rx_buffer,
             tls_tx_buffer,
+            &mut peripherals.SHA,
         )
         .unwrap()
         .with_hardware_rsa(&mut peripherals.RSA);
diff --git a/examples/edge_server.rs b/examples/edge_server.rs
@@ -34,7 +34,7 @@ use esp_wifi::wifi::{
     WifiState,
 };
 use esp_wifi::{init, EspWifiInitFor};
-use hal::{prelude::*, rng::Rng, timer::timg::TimerGroup};
+use hal::{peripherals::SHA, prelude::*, rng::Rng, timer::timg::TimerGroup};
 
 // Patch until https://github.com/embassy-rs/static-cell/issues/16 is fixed
 macro_rules! mk_static {
@@ -161,13 +161,16 @@ async fn main(spawner: Spawner) -> ! {
         ..Default::default()
     };
 
+    let sha = mk_static!(SHA, peripherals.SHA);
+
     loop {
         let tls_acceptor = esp_mbedtls::asynch::TlsAcceptor::new(
             tcp,
             tls_buffers,
             443,
             TlsVersion::Tls1_2,
             certificates,
+            &mut *sha,
         )
         .await
         .with_hardware_rsa(&mut peripherals.RSA);
diff --git a/examples/sync_client.rs b/examples/sync_client.rs
@@ -116,6 +116,7 @@ fn main() -> ! {
             .ok(),
             ..Default::default()
         },
+        peripherals.SHA,
     )
     .unwrap()
     .with_hardware_rsa(peripherals.RSA);
diff --git a/examples/sync_client_mTLS.rs b/examples/sync_client_mTLS.rs
@@ -123,6 +123,7 @@ fn main() -> ! {
         Mode::Client,
         TlsVersion::Tls1_3,
         certificates,
+        peripherals.SHA,
     )
     .unwrap()
     .with_hardware_rsa(peripherals.RSA);
diff --git a/examples/sync_server.rs b/examples/sync_server.rs
@@ -137,6 +137,7 @@ fn main() -> ! {
                     .ok(),
                     ..Default::default()
                 },
+                &mut peripherals.SHA,
             )
             .unwrap()
             .with_hardware_rsa(&mut peripherals.RSA);
diff --git a/examples/sync_server_mTLS.rs b/examples/sync_server_mTLS.rs
@@ -158,6 +158,7 @@ fn main() -> ! {
                     .ok(),
                     ..Default::default()
                 },
+                &mut peripherals.SHA,
             )
             .unwrap()
             .with_hardware_rsa(&mut peripherals.RSA);

Original file line number	Diff line number	Diff line change
`@@ -140,6 +140,7 @@ async fn main(spawner: Spawner) -> ! {`
`140`	`140`	`},`
`141`	`141`	`mk_static!([u8; 4096], [0; 4096]),`
`142`	`142`	`mk_static!([u8; 4096], [0; 4096]),`
	`143`	`+ peripherals.SHA,`
`143`	`144`	`)`
`144`	`145`	`.unwrap()`
`145`	`146`	`.with_hardware_rsa(peripherals.RSA);`
Original file line number	Diff line number	Diff line change
`@@ -146,6 +146,7 @@ async fn main(spawner: Spawner) -> ! {`
`146`	`146`	`certificates,`
`147`	`147`	`mk_static!([u8; 4096], [0; 4096]),`
`148`	`148`	`mk_static!([u8; 4096], [0; 4096]),`
	`149`	`+ peripherals.SHA,`
`149`	`150`	`)`
`150`	`151`	`.unwrap()`
`151`	`152`	`.with_hardware_rsa(peripherals.RSA);`
Original file line number	Diff line number	Diff line change
`@@ -164,6 +164,7 @@ async fn main(spawner: Spawner) -> ! {`
`164`	`164`	`},`
`165`	`165`	`tls_rx_buffer,`
`166`	`166`	`tls_tx_buffer,`
	`167`	`+ &mut peripherals.SHA,`
`167`	`168`	`)`
`168`	`169`	`.unwrap()`
`169`	`170`	`.with_hardware_rsa(&mut peripherals.RSA);`
Original file line number	Diff line number	Diff line change
`@@ -182,6 +182,7 @@ async fn main(spawner: Spawner) -> ! {`
`182`	`182`	`},`
`183`	`183`	`tls_rx_buffer,`
`184`	`184`	`tls_tx_buffer,`
	`185`	`+ &mut peripherals.SHA,`
`185`	`186`	`)`
`186`	`187`	`.unwrap()`
`187`	`188`	`.with_hardware_rsa(&mut peripherals.RSA);`
Original file line number	Diff line number	Diff line change
`@@ -116,6 +116,7 @@ fn main() -> ! {`
`116`	`116`	`.ok(),`
`117`	`117`	`..Default::default()`
`118`	`118`	`},`
	`119`	`+ peripherals.SHA,`
`119`	`120`	`)`
`120`	`121`	`.unwrap()`
`121`	`122`	`.with_hardware_rsa(peripherals.RSA);`
Original file line number	Diff line number	Diff line change
`@@ -123,6 +123,7 @@ fn main() -> ! {`
`123`	`123`	`Mode::Client,`
`124`	`124`	`TlsVersion::Tls1_3,`
`125`	`125`	`certificates,`
	`126`	`+ peripherals.SHA,`
`126`	`127`	`)`
`127`	`128`	`.unwrap()`
`128`	`129`	`.with_hardware_rsa(peripherals.RSA);`