Merge pull request SHA2017-badge#38 from SHA2017-badge/dialogs-and-more-emf-porting

annejan · web-flow · commit 0067b38dbbc5 · 2017-07-04T17:19:04.000+02:00
SSL validation for sha2017.org subdomains
diff --git a/esp32/Makefile b/esp32/Makefile
@@ -53,6 +53,7 @@ INC += -I../lib/timeutils
 INC += -I../../components/badge
 INC += -I../../components/ugfx
 INC += -I../../components/graph
+INC += -I../../components/sha2017
 INC += -I../../main
 INC += -I../../ugfx/src/gdisp/mcufont
 INC += -I../../ugfx
@@ -154,8 +155,7 @@ SRC_C = \
 	ugfx_styles.c \
 	$(SRC_MOD)
 
-### TODO remove hardcoded images when loader works ;)
-
+### TODO fix hardcoded images when we can't get image loader to work
 #BADGE_MAIN_SRC_C = $(addprefix ../../main/,\
 #	imgv2_menu.c \
 #	imgv2_nick.c \
@@ -590,7 +590,7 @@ OBJ_ESPIDF += $(addprefix $(BUILD)/, $(ESPIDF_WPA_SUPPLICANT_O))
 ####################
 # Badge magic
 
-$(BUILD)/components/%.o: CFLAGS += -Wno-strict-aliasing
+$(BUILD)/components/%.o:
 BADGE_COMPONENTS_O = $(addprefix $(BADGE)/components/,\
 	badge/badge_base.o \
 	badge/badge_eink.o \
@@ -613,6 +613,7 @@ BADGE_COMPONENTS_O = $(addprefix $(BADGE)/components/,\
 	ugfx/gdisp_lld_framebuffer.o \
 	ugfx/ginput_lld_toggle.o \
 	ugfx/gfx_mk.o \
+	sha2017/wildcard_sha2017_org.o \
 	)
 
 OBJ_ESPIDF += $(addprefix $(BUILD)/, $(BADGE_COMPONENTS_O))
diff --git a/esp32/modules/dialogs.py b/esp32/modules/dialogs.py
@@ -0,0 +1,185 @@
+### Author: EMF Badge team
+### Author: SHA2017Badge team
+### Description: Some basic UGFX powered dialogs
+### License: MIT
+
+import ugfx, badge, utime as time
+
+def notice(text, title="SHA2017", close_text="Close", width = 296, height = 128, font="Roboto_Regular12"):
+	prompt_boolean(text, title = title, true_text = close_text, false_text = None, width = width, height = height, font=font)
+
+def prompt_boolean(text, title="SHA2017", true_text="Yes", false_text="No", width = 296, height = 128, font="Roboto_Regular12"):
+	"""A simple one and two-options dialog
+
+	if 'false_text' is set to None only one button is displayed.
+	If both 'true_text' and 'false_text' are given a boolean is returned
+	"""
+	window = ugfx.Container((ugfx.width() - width) // 2, (ugfx.height() - height) // 2,  width, height)
+	window.show()
+	ugfx.set_default_font(font)
+	window.text(5, 10, title, TILDA_COLOR)
+	window.line(0, 30, width, 30, ugfx.BLACK)
+
+	if false_text:
+		true_text = "A: " + true_text
+		false_text = "B: " + false_text
+
+	label = ugfx.Label(5, 30, width - 10, height - 80, text = text, parent=window)
+	button_yes = ugfx.Button(5, height - 40, width // 2 - 15 if false_text else width - 15, 30 , true_text, parent=window)
+	button_no = ugfx.Button(width // 2 + 5, height - 40, width // 2 - 15, 30 , false_text, parent=window) if false_text else None
+
+	try:
+		ugfx.input_init()
+
+		# button_yes.attach_input(ugfx.BTN_A,0)
+		# if button_no: button_no.attach_input(ugfx.BTN_B,0)
+
+		window.show()
+
+		# while True:
+		# 	pyb.wfi() # TODO make this!!
+		# 	if buttons.is_triggered("BTN_A"): return True
+		# 	if buttons.is_triggered("BTN_B"): return False
+
+	finally:
+		window.hide()
+		window.destroy()
+		button_yes.destroy()
+		if button_no: button_no.destroy()
+		label.destroy()
+
+def prompt_text(description, init_text = "", true_text="OK", false_text="Back", width = 300, height = 200, font="Roboto_BlackItalic24"):
+	"""Shows a dialog and keyboard that allows the user to input/change a string
+
+	Returns None if user aborts with button B
+	"""
+
+	window = ugfx.Container(int((ugfx.width()-width)/2), int((ugfx.height()-height)/2), width, height)
+
+	if false_text:
+		true_text = "M: " + true_text
+		false_text = "B: " + false_text
+
+	# if buttons.has_interrupt("BTN_MENU"):
+	# 	buttons.disable_interrupt("BTN_MENU")
+
+	ugfx.set_default_font("Roboto_Regular18")
+	kb = ugfx.Keyboard(0, int(height/2), width, int(height/2), parent=window)
+	edit = ugfx.Textbox(5, int(height/2)-30, int(width*4/5)-10, 25, text = init_text, parent=window)
+	ugfx.set_default_font("Roboto_Regular12")
+	button_yes = ugfx.Button(int(width*4/5), int(height/2)-30, int(width*1/5)-3, 25 , true_text, parent=window)
+	button_no = ugfx.Button(int(width*4/5), int(height/2)-30-30, int(width/5)-3, 25 , false_text, parent=window) if false_text else None
+	ugfx.set_default_font(font)
+	label = ugfx.Label(int(width/10), int(height/10), int(width*4/5), int(height*2/5)-60, description, parent=window)
+
+	try:
+		ugfx.input_init()
+
+		# button_yes.attach_input(ugfx.BTN_MENU,0)
+		# if button_no: button_no.attach_input(ugfx.BTN_B,0)
+		# TODO ^^
+
+		window.show()
+		edit.set_focus()
+		# while True:
+			# pyb.wfi()
+			# ugfx.poll()
+			# #if buttons.is_triggered("BTN_A"): return edit.text()
+			# if buttons.is_triggered("BTN_B"): return None
+			# if buttons.is_triggered("BTN_MENU"): return edit.text()
+
+	finally:
+		window.hide()
+		window.destroy()
+		button_yes.destroy()
+		if button_no: button_no.destroy()
+		label.destroy()
+		kb.destroy()
+		edit.destroy();
+	return
+
+def prompt_option(options, index=0, text = "Please select one of the following:", title=None, select_text="OK", none_text=None):
+	"""Shows a dialog prompting for one of multiple options
+
+	If none_text is specified the user can use the B or Menu button to skip the selection
+	if title is specified a blue title will be displayed about the text
+	"""
+	ugfx.set_default_font("Roboto_Regular12")
+	window = ugfx.Container(5, 5, ugfx.width() - 10, ugfx.height() - 10)
+	window.show()
+
+	list_y = 30
+	if title:
+		window.text(5, 10, title, ugfxBLACK)
+		window.line(0, 25, ugfx.width() - 10, 25, ugfx.BLACK)
+		window.text(5, 30, text, ugfx.BLACK)
+		list_y = 50
+	else:
+		window.text(5, 10, text, ugfx.BLACK)
+
+	options_list = ugfx.List(5, list_y, ugfx.width() - 25, 180 - list_y, parent = window)
+
+	for option in options:
+		if isinstance(option, dict) and option["title"]:
+			options_list.add_item(option["title"])
+		else:
+			options_list.add_item(str(option))
+	options_list.selected_index(index)
+
+	select_text = "A: " + select_text
+	if none_text:
+		none_text = "B: " + none_text
+
+	button_select = ugfx.Button(5, ugfx.height() - 50, 140 if none_text else ugfx.width() - 25, 30 , select_text, parent=window)
+	button_none = ugfx.Button(ugfx.width() - 160, ugfx.height() - 50, 140, 30 , none_text, parent=window) if none_text else None
+
+	try:
+		ugfx.input_init()
+
+		# while True:
+		# 	pyb.wfi()  # BLABLA TODO
+		# 	ugfx.poll()
+		# 	if buttons.is_triggered("BTN_A"): return options[options_list.selected_index()]
+		# 	if button_none and buttons.is_triggered("BTN_B"): return None
+		# 	if button_none and buttons.is_triggered("BTN_MENU"): return None
+
+	finally:
+		window.hide()
+		window.destroy()
+		options_list.destroy()
+		button_select.destroy()
+		if button_none: button_none.destroy()
+		ugfx.poll()
+
+class WaitingMessage:
+	"""Shows a dialog with a certain message that can not be dismissed by the user"""
+	def __init__(self, text = "Please Wait...", title="TiLDA"):
+		self.window = ugfx.Container(30, 30, ugfx.width() - 60, ugfx.height() - 60)
+		self.window.show()
+		self.window.text(5, 10, title, TILDA_COLOR)
+		self.window.line(0, 30, ugfx.width() - 60, 30, ugfx.BLACK)
+		self.label = ugfx.Label(5, 40, self.window.width() - 10, ugfx.height() - 40, text = text, parent=self.window)
+
+		# Indicator to show something is going on
+		self.indicator = ugfx.Label(ugfx.width() - 100, 0, 20, 20, text = "...", parent=self.window)
+		self.timer = pyb.Timer(3)
+		self.timer.init(freq=3)
+		self.timer.callback(lambda t: self.indicator.visible(not self.indicator.visible()))
+
+	def destroy(self):
+		self.timer.deinit()
+		self.label.destroy()
+		self.indicator.destroy()
+		self.window.destroy()
+
+	def text(self):
+		return self.label.text()
+
+	def text(self, value):
+		self.label.text(value)
+
+	def __enter__(self):
+		return self
+
+	def __exit__(self, exc_type, exc_value, traceback):
+		self.destroy()
diff --git a/esp32/modules/woezel.py b/esp32/modules/woezel.py
@@ -104,10 +104,7 @@ def expandhome(s):
 
 import ussl
 import usocket
-warn_ussl = True
 def url_open(url):
-    global warn_ussl
-
     if debug:
         print(url)
 
@@ -128,9 +125,6 @@ def url_open(url):
 
         if proto == "https:":
             s = ussl.wrap_socket(s, server_hostname=host)
-            if warn_ussl:
-                print("Warning: %s SSL certificate is not validated" % host)
-                warn_ussl = False
 
         # MicroPython rawsocket module supports file interface directly
         s.write("GET /%s HTTP/1.0\r\nHost: %s\r\n\r\n" % (urlpath, host))
diff --git a/extmod/modussl_mbedtls.c b/extmod/modussl_mbedtls.c
@@ -23,13 +23,15 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+#define _GNU_SOURCE
 
 #include "py/mpconfig.h"
 #if MICROPY_PY_USSL && MICROPY_SSL_MBEDTLS
 
 #include <stdio.h>
 #include <string.h>
 #include <errno.h>
+#include <string.h>
 
 #include "py/nlr.h"
 #include "py/runtime.h"
@@ -45,6 +47,8 @@
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/debug.h"
 
+#include "wildcard_sha2017_org.h"
+
 typedef struct _mp_obj_ssl_socket_t {
     mp_obj_base_t base;
     mp_obj_t sock;
@@ -136,7 +140,7 @@ STATIC mp_obj_ssl_socket_t *socket_new(mp_obj_t sock, struct ssl_args *args) {
     mbedtls_pk_init(&o->pkey);
     mbedtls_ctr_drbg_init(&o->ctr_drbg);
     // Debug level (0-4)
-    mbedtls_debug_set_threshold(0);
+    mbedtls_debug_set_threshold(4);
 
     mbedtls_entropy_init(&o->entropy);
     const byte seed[] = "upy";
@@ -146,6 +150,26 @@ STATIC mp_obj_ssl_socket_t *socket_new(mp_obj_t sock, struct ssl_args *args) {
         assert(0);
     }
 
+    bool sha2017_subdomain = false;
+    if (args->server_hostname.u_obj != mp_const_none) {
+      const char *sni = mp_obj_str_get_str(args->server_hostname.u_obj);
+      char *ptr;
+      sha2017_subdomain = ((ptr = strcasestr(sni, ".sha2017.org")) != NULL && ptr[12] == 0);
+      if (sha2017_subdomain) {
+        printf("Validating certificate for: %s\n", sni);
+      } else {
+        printf("Warning: %s SSL certificate is not validated\n", sni);
+      }
+    }
+
+    if (sha2017_subdomain) {
+        ret = mbedtls_x509_crt_parse_der(&o->cacert, wildcard_sha2017_org, 856);
+        if(ret < 0) {
+            printf("mbedtls_x509_crt_parse returned -0x%x\n\n", -ret);
+            assert(0);
+        }
+    }
+
     ret = mbedtls_ssl_config_defaults(&o->conf,
                     MBEDTLS_SSL_IS_CLIENT,
                     MBEDTLS_SSL_TRANSPORT_STREAM,
@@ -154,7 +178,12 @@ STATIC mp_obj_ssl_socket_t *socket_new(mp_obj_t sock, struct ssl_args *args) {
         assert(0);
     }
 
-    mbedtls_ssl_conf_authmode(&o->conf, MBEDTLS_SSL_VERIFY_NONE);
+    if (sha2017_subdomain) {
+      mbedtls_ssl_conf_authmode(&o->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+      mbedtls_ssl_conf_ca_chain(&o->conf, &o->cacert, NULL);
+    } else {
+      mbedtls_ssl_conf_authmode(&o->conf, MBEDTLS_SSL_VERIFY_NONE);
+    }
     mbedtls_ssl_conf_rng(&o->conf, mbedtls_ctr_drbg_random, &o->ctr_drbg);
     mbedtls_ssl_conf_dbg(&o->conf, mbedtls_debug, NULL);
 
@@ -223,7 +252,7 @@ STATIC mp_uint_t socket_read(mp_obj_t o_in, void *buf, mp_uint_t size, int *errc
         return 0;
     }
 
-    if (ret == MBEDTLS_ERR_SSL_WANT_READ) { 
+    if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
         *errcode = EWOULDBLOCK;
         return 0;
     }
@@ -243,7 +272,7 @@ STATIC mp_uint_t socket_write(mp_obj_t o_in, const void *buf, mp_uint_t size, in
         return ret;
     }
 
-    if (ret == MBEDTLS_ERR_SSL_WANT_WRITE) { 
+    if (ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
         *errcode = EWOULDBLOCK;
         return 0;
     }
