mirror of
https://github.com/esp8266/Arduino.git
synced 2025-04-24 08:45:10 +03:00
961b558a91
* Fix device test environment variables
Device tests were not connecting properly to WiFi because the
environment variables were not set when WiFi.connect was called.
This would result in tests sometimes working *if* the prior sketch run
on the ESP saved WiFi connection information and auto-connect was
enabled. But, in most cases, the tests would simply never connect to
any WiFi and fail.
getenv() works only after BS_RUN is called (because BS_RUN handles the
actual parsing of environment variables sent from the host).
Add a "pretest" function to all tests which is called by the host test
controller only after all environment variables are set. Move all
WiFi/etc. operations that were in each separate test's setup() into it.
So the order of operations for tests now is:
ESP: setup()
-> Set serial baud
-> Call BS_RUN()
HOST: Send environment
Send "do pretest"
ESP: pretest()
-> Set Wifi using env. ariables, etc. return "true" on success
HOST: Send "run test 1"
ESP: Run 1st test, return result
HOST: Send "run test 2"
ESP: Run 2nd test, return result
<and so forth>
If nothing is needed to be set up, just return true from the pretest
function.
All tests now run and at least connect to WiFi. There still seem to be
some actual test errors, but not because of the WiFi/environment
variables anymore.
* Remove unneeded debug prints
* Silence esptool.py output when not in V=1 mode
Esptool-ck.exe had an option to be silent, but esptool.py doesn't so the
output is very chatty and makes looking a the run logs hard (60 lines
of esptool.py output, 3 lines of actual test reports).
Redirect esptool.py STDOUT to /dev/null unless V=1 to clear this up.
* Speed up builds massively by removing old JSON
arduino-builder checks the build.options.json file and then goes off and
pegs my CPU at 100% for over a minute on each test compile checking if
files have been modified.
Simply deleting any pre-existing options.json file causes this step to
be skipped and a quick, clean recompile is done in siginificantly less
time.
* Enable compile warnings, fix any that show up
Enable all GCC warnings when building the tests and fix any that came up
(mostly signed/unsigned, unused, and deprecated ones).
* Fix UMM_MALLOC printf crash, umm_test
Printf can now handle PROGMEM addresses, so simplify and correct the
debug printouts in umm_info and elsewhere.
177 lines
4.3 KiB
C++
177 lines
4.3 KiB
C++
// Stress test the BearSSL connection options to determine
|
|
// maximum memory use for different SSL connections and
|
|
// SPIFFS certstore usage. Before running you need to run
|
|
// certs-from-mozilla.py and upload the generated SPIFFS file.
|
|
//
|
|
// For more info on CertStores, see the BearSSL_CertStore example
|
|
//
|
|
// November 2018 by Earle F. Philhower, III
|
|
// Released to the public domain
|
|
|
|
#include <Arduino.h>
|
|
#include <BSTest.h>
|
|
#include <ESP8266WiFi.h>
|
|
#include <CertStoreBearSSL.h>
|
|
#include <FS.h>
|
|
#include <time.h>
|
|
#include <StackThunk.h>
|
|
|
|
extern "C" {
|
|
#include "user_interface.h"
|
|
}
|
|
|
|
BS_ENV_DECLARE();
|
|
|
|
void setClock();
|
|
|
|
// A single, global CertStore which can be used by all
|
|
// connections. Needs to stay live the entire time any of
|
|
// the WiFiClientBearSSLs are present.
|
|
BearSSL::CertStore certStore;
|
|
|
|
void setup()
|
|
{
|
|
Serial.begin(115200);
|
|
Serial.setDebugOutput(true);
|
|
BS_RUN(Serial);
|
|
}
|
|
|
|
bool pretest()
|
|
{
|
|
WiFi.persistent(false);
|
|
WiFi.mode(WIFI_STA);
|
|
WiFi.begin(getenv("STA_SSID"), getenv("STA_PASS"));
|
|
while (WiFi.status() != WL_CONNECTED) {
|
|
delay(500);
|
|
}
|
|
setClock();
|
|
SPIFFS.begin();
|
|
int numCerts = certStore.initCertStore(SPIFFS, "/certs.idx", "/certs.ar");
|
|
Serial.printf("Number of CA certs read: %d\n", numCerts);
|
|
if (numCerts == 0) {
|
|
Serial.printf("No certs found. Did you run certs-from-mozill.py and upload the SPIFFS directory before running?\n");
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
// Set time via NTP, as required for x.509 validation
|
|
void setClock() {
|
|
configTime(3 * 3600, 0, "pool.ntp.org", "time.nist.gov");
|
|
|
|
Serial.print("Waiting for NTP time sync: ");
|
|
time_t now = time(nullptr);
|
|
while (now < 8 * 3600 * 2) {
|
|
delay(500);
|
|
Serial.print(".");
|
|
now = time(nullptr);
|
|
}
|
|
Serial.println("");
|
|
struct tm timeinfo;
|
|
gmtime_r(&now, &timeinfo);
|
|
Serial.print("Current time: ");
|
|
Serial.print(asctime(&timeinfo));
|
|
}
|
|
|
|
// Try and connect using a WiFiClientBearSSL to specified host:port and dump URL
|
|
void fetchURL(BearSSL::WiFiClientSecure *client, const char *host, const uint16_t port, const char *path) {
|
|
if (!path) {
|
|
path = "/";
|
|
}
|
|
|
|
Serial.printf("Trying: %s:443...", host);
|
|
client->connect(host, port);
|
|
if (!client->connected()) {
|
|
Serial.printf("*** Can't connect. ***\n-------\n");
|
|
return;
|
|
}
|
|
Serial.printf("Connected!\n-------\n");
|
|
client->write("GET ");
|
|
client->write(path);
|
|
client->write(" HTTP/1.0\r\nHost: ");
|
|
client->write(host);
|
|
client->write("\r\nUser-Agent: ESP8266\r\n");
|
|
client->write("\r\n");
|
|
uint32_t to = millis() + 5000;
|
|
if (client->connected()) {
|
|
do {
|
|
char tmp[32];
|
|
memset(tmp, 0, 32);
|
|
int rlen = client->read((uint8_t*)tmp, sizeof(tmp) - 1);
|
|
yield();
|
|
if (rlen < 0) {
|
|
break;
|
|
}
|
|
// Only print out first line up to \r, then abort connection
|
|
char *nl = strchr(tmp, '\r');
|
|
if (nl) {
|
|
*nl = 0;
|
|
Serial.print(tmp);
|
|
break;
|
|
}
|
|
Serial.print(tmp);
|
|
} while (millis() < to);
|
|
}
|
|
client->stop();
|
|
Serial.printf("\n-------\n");
|
|
}
|
|
|
|
|
|
int run(const char *str)
|
|
{
|
|
BearSSL::WiFiClientSecure *bear = new BearSSL::WiFiClientSecure();
|
|
// Integrate the cert store with this connection
|
|
bear->setCertStore(&certStore);
|
|
|
|
char buff[100];
|
|
uint32_t maxUsage = 0;
|
|
stack_thunk_repaint();
|
|
sprintf(buff, "%s.badssl.com", str);
|
|
Serial.printf("%s: ", buff);
|
|
fetchURL(bear, buff, 443, "/");
|
|
Serial.printf("Stack: %d\n", stack_thunk_get_max_usage());
|
|
maxUsage = std::max(maxUsage, stack_thunk_get_max_usage());
|
|
delete bear;
|
|
|
|
printf("\n\n\nMAX THUNK STACK USAGE: %d\n", maxUsage);
|
|
return maxUsage;
|
|
}
|
|
|
|
#define TC(x) TEST_CASE("BearSSL - Maximum stack usage < 5600 bytes @ " x ".badssl.org", "[bearssl]") { REQUIRE(run(x) < 5600); }
|
|
|
|
TC("expired")
|
|
TC("wrong.host")
|
|
TC("self-signed")
|
|
TC("untrusted-root")
|
|
TC("revoked")
|
|
TC("pinning-test")
|
|
TC("no-common-name")
|
|
TC("no-subject")
|
|
TC("incomplete-chain")
|
|
TC("sha1-intermediate")
|
|
TC("sha256")
|
|
TC("sha384")
|
|
TC("sha512")
|
|
TC("1000-sans")
|
|
// TC("10000-sans") // Runs for >10 seconds, so causes false failure. Covered by the 1000 SAN anyway
|
|
TC("ecc256")
|
|
TC("ecc384")
|
|
TC("rsa2048")
|
|
TC("rsa4096")
|
|
TC("extended-validation")
|
|
TC("dh480")
|
|
TC("dh512")
|
|
TC("dh1024")
|
|
TC("dh2048")
|
|
TC("dh-small-subgroup")
|
|
TC("dh-composite")
|
|
TC("static-rsa")
|
|
TC("tls-v1-0")
|
|
TC("tls-v1-1")
|
|
TC("tls-v1-2")
|
|
TC("invalid-expected-sct")
|
|
|
|
void loop() {
|
|
}
|
|
|