feature: create a Trust on First Use example

[dirkx]

create a Trust on First Use example to quell the increasingly ommon copy & paste of the insecure approach making it to production

This addresses #9102

Description of Change

Add an example. No impact. Put a warning in the existing NonSecure example (little impact)

Tests scenarios

ESP32

Related links

Would close #9102

[github-actions]

	Warnings
⚠️	Some issues found for the commit messages in this PR: the commit message "Quell CI/CD runs on non-WiFi supporting hardare": summary looks empty type/action looks empty the commit message "Unitialized NVRAM/EEPROM is actual set to 0xFF; so adjust for this. And print the LF/CR for the header lines.": summary should not end with a period (full stop) summary looks empty type/action looks empty the commit message "Update libraries/WiFiClientSecure/examples/WiFiClientInsecure/WiFiClientInsecure.ino ": summary looks empty type/action looks empty the commit message "Update libraries/WiFiClientSecure/examples/WiFiClientTrustOnFirstUse/WiFiClientTrustOnFirstUse.ino ": summary looks empty type/action looks empty the commit message "Update libraries/WiFiClientSecure/examples/WiFiClientTrustOnFirstUse/WiFiClientTrustOnFirstUse.ino ": summary looks empty type/action looks empty the commit message "Update libraries/WiFiClientSecure/examples/WiFiClientTrustOnFirstUse/WiFiClientTrustOnFirstUse.ino ": summary looks empty type/action looks empty the commit message "Update libraries/WiFiClientSecure/examples/WiFiClientTrustOnFirstUse/WiFiClientTrustOnFirstUse.ino ": summary looks empty type/action looks empty the commit message "Update libraries/WiFiClientSecure/examples/WiFiClientTrustOnFirstUse/WiFiClientTrustOnFirstUse.ino ": summary looks empty type/action looks empty the commit message "Update libraries/WiFiClientSecure/examples/WiFiClientTrustOnFirstUse/WiFiClientTrustOnFirstUse.ino ": summary looks empty type/action looks empty the commit message "Update libraries/WiFiClientSecure/examples/WiFiClientTrustOnFirstUse/WiFiClientTrustOnFirstUse.ino ": summary looks empty type/action looks empty the commit message "Update libraries/WiFiClientSecure/examples/WiFiClientTrustOnFirstUse/WiFiClientTrustOnFirstUse.ino": summary looks empty type/action looks empty the commit message "Various things can all stop_ssl_socket() which sets the socket to -1; but the WiFiClientSecure checks for _connected. So we want to make sure the latter is always set. And thus have moved the state handling around *ssl_client down into the C code; below WiFiClientSecure.": summary should not end with a period (full stop) summary looks empty type/action looks empty the commit message "feature: create a Trust on First Use example the quell the increasingly common copy & paste of the insecure approach making it to production": summary appears to be too long type/action should be one of [change, ci, docs, feat, fix, refactor, remove, revert, test] Please fix these commit messages - here are some basic tips: follow Conventional Commits style correct format of commit message should be: <type/action>(<scope/component>): <summary>, for example fix(esp32): Fixed startup timeout issue allowed types are: change,ci,docs,feat,fix,refactor,remove,revert,test sufficiently descriptive message summary should be between 20 to 72 characters and start with upper case letter avoid Jira references in commit messages (unavailable/irrelevant for our customers) TIP: Install pre-commit hooks and run this check when committing (uses the Conventional Precommit Linter).
⚠️	Please consider squashing your 19 commits (simplifying branch history).

👋 Hello dirkx, we appreciate your contribution to this project!

---

Click to see more instructions ...

This automated output is generated by the PR linter DangerJS, which checks if your Pull Request meets the project's requirements and helps you fix potential issues.

DangerJS is triggered with each push event to a Pull Request and modify the contents of this comment.

Please consider the following:
- Danger mainly focuses on the PR structure and formatting and can't understand the meaning behind your code or changes.
- Danger is not a substitute for human code reviews; it's still important to request a code review from your colleagues.
- Resolve all warnings (⚠️ ) before requesting a review from human reviewers - they will appreciate it.
- To manually retry these Danger checks, please navigate to the Actions tab and re-run last Danger workflow.

Review and merge process you can expect ...

We do welcome contributions in the form of bug reports, feature requests and pull requests.

1. An internal issue has been created for the PR, we assign it to the relevant engineer.
2. They review the PR and either approve it or ask you for changes or clarifications.
3. Once the GitHub PR is approved we do the final review, collect approvals from core owners and make sure all the automated tests are passing.
- At this point we may do some adjustments to the proposed change, or extend it by adding tests or documentation.
4. If the change is approved and passes the tests it is merged into the default branch.

Generated by 🚫 dangerJS against bf16cd3

[me-no-dev]

you need to add .skip.esp32h2 files to both sketch folders, so they are not compiled for H2, which does not have WiFi

[dirkx]

Ah thanks - I was already wondering. Will fix.

[VojtechBartoska]

@lucasssvaz & @P-R-O-C-H-Y Please help with review when this is ready.

[lucasssvaz]

This is also causing a ton of setSocketOption(): fail on 0, errno: 9, "Bad file number" errors, could you please check it ?

[  1227][V][esp32-hal-uart.c:396] uartBegin(): UART0 baud(115200) Mode(800001c) rxPin(3) txPin(1)
[  1236][V][esp32-hal-uart.c:482] uartBegin(): UART0 not installed. Starting installation
[  1246][V][esp32-hal-uart.c:527] uartBegin(): UART0 initialization done.
[  1362][V][esp32-hal-periman.c:229] perimanSetBusDeinit(): Deinit function for type GPIO (1) successfully set to 0x4016b9d8
[  1374][V][esp32-hal-periman.c:154] perimanSetPinBus(): Pin 0 successfully set to type GPIO (1) with bus 0x1
TOFU pegged to fingerprint: SHA256=d8:d4:da:06:9f:44:48:53:f1:32:0c:8d:80:d0:94:9f:f6:38:f1:28:a4:63:a4:0e:df:ec:4b:3d:10:2b:9f:75
Note: You can check this fingerprint by going to the URL
<https://www.howsmyssl.com> and then click on the lock icon.

Attempting to connect to SSID: Vaz_2.4GHz
[  1421][D][WiFiGeneric.cpp:1055] _eventCallback(): Arduino Event: 0 - WIFI_READY
[  1492][V][WiFiGeneric.cpp:345] _arduino_event_cb(): STA Started
[  1494][V][WiFiGeneric.cpp:98] set_esp_interface_ip(): Configuring Station static IP: 0.0.0.0, MASK: 0.0.0.0, GW: 0.0.0.0
[  1511][D][WiFiGeneric.cpp:1055] _eventCallback(): Arduino Event: 2 - STA_START
.[  1689][V][WiFiGeneric.cpp:360] _arduino_event_cb(): STA Connected: SSID: Vaz_2.4GHz, BSSID: 84:0b:bb:29:c2:20, Channel: 1, Auth: WPA2_PSK
[  1702][D][WiFiGeneric.cpp:1055] _eventCallback(): Arduino Event: 4 - STA_CONNECTED
[  1750][V][WiFiGeneric.cpp:374] _arduino_event_cb(): STA Got New IP:192.168.15.39
[  1757][D][WiFiGeneric.cpp:1055] _eventCallback(): Arduino Event: 7 - STA_GOT_IP
[  1765][D][WiFiGeneric.cpp:1119] _eventCallback(): STA IP: 192.168.15.39, MASK: 255.255.255.0, GW: 192.168.15.1
Connected to Vaz_2.4GHz
Trying to connect to a server; using TOFU details from the eeprom
[  2561][V][ssl_client.cpp:61] start_ssl_client(): Free internal heap before TLS 252864
[  2569][V][ssl_client.cpp:67] start_ssl_client(): Starting socket
[  3925][V][ssl_client.cpp:145] start_ssl_client(): Seeding the random number generator
[  3934][V][ssl_client.cpp:154] start_ssl_client(): Setting up the SSL/TLS structure...
[  3942][D][ssl_client.cpp:175] start_ssl_client(): WARNING: Skipping SSL Verification. INSECURE!
[  3951][V][ssl_client.cpp:256] start_ssl_client(): Setting hostname for TLS session...
[  3959][V][ssl_client.cpp:271] start_ssl_client(): Performing the SSL/TLS handshake...
[  4744][V][ssl_client.cpp:292] start_ssl_client(): Verifying peer X.509 certificate...
[  4752][V][ssl_client.cpp:300] start_ssl_client(): Certificate verified.
[  4758][V][ssl_client.cpp:315] start_ssl_client(): Free internal heap after TLS 209024
All well - you are talking to the same server as
when you set up TOFU. So we can now do a GET.


[  4766][V][ssl_client.cpp:371] send_ssl_data(): Writing HTTP request with 21 bytes...
[  4784][V][ssl_client.cpp:371] send_ssl_data(): Writing HTTP request with 2 bytes...
[  4792][V][ssl_client.cpp:371] send_ssl_data(): Writing HTTP request with 6 bytes...
[  4800][V][ssl_client.cpp:371] send_ssl_data(): Writing HTTP request with 17 bytes...
[  4809][V][ssl_client.cpp:371] send_ssl_data(): Writing HTTP request with 2 bytes...
[  4817][V][ssl_client.cpp:371] send_ssl_data(): Writing HTTP request with 17 bytes...
[  4826][V][ssl_client.cpp:371] send_ssl_data(): Writing HTTP request with 2 bytes...
[  4834][V][ssl_client.cpp:371] send_ssl_data(): Writing HTTP request with 2 bytes...
HTTP/1.0 200 OK
Access-Control-Allow-Origin: *
Content-Length: 3501
Content-Type: application/json
Strict-Transport-Security: max-age=631138519; includeSubdomains; preload
Vary: Accept-Encoding
Date: Thu, 18 Jan 2024 15:17:16 GMT

-- headers received. Payload follows


[  5105][V][ssl_client.cpp:323] stop_ssl_socket(): Cleaning SSL connection.
[  5240][E][WiFiClient.cpp:329] setSocketOption(): fail on 0, errno: 9, "Bad file number"
[  5248][E][WiFiClient.cpp:329] setSocketOption(): fail on 0, errno: 9, "Bad file number"
[  5256][E][WiFiClient.cpp:329] setSocketOption(): fail on 0, errno: 9, "Bad file number"
[  5264][E][WiFiClient.cpp:329] setSocketOption(): fail on 0, errno: 9, "Bad file number"
...
[  6094][E][WiFiClient.cpp:329] setSocketOption(): fail on 0, errno: 9, "Bad file number"
[  6102][E][WiFiClient.cpp:329] setSocketOption(): fail on 0, errno: 9, "Bad file number"
{"given_cipher_suites":["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CCM","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8","TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CCM","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8","TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256","TLS_RSA_WITH_AES_256_GCM_SHA384","TLS_RSA_WITH_AES_256_CCM","TLS_RSA_WITH_AES_256_CBC_SHA256","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_256_CCM_8","TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA","TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384","TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384","TLS_RSA_WITH_ARIA_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384","TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384","TLS_RSA_WITH_ARIA_256_CBC_SHA384","TLS_RSA_WITH_AES_128_GCM_SHA256","TLS_RSA_WITH_AES_128_CCM","TLS_RSA_WITH_AES_128_CBC_SHA256","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_128_CCM_8","TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA","TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256","TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256","TLS_RSA_WITH_ARIA_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256","TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256","TLS_RSA_WITH_ARIA_128_CBC_SHA256","TLS_EMPTY_RENEGOTIATION_INFO_SCSV"],"ephemeral_keys_supported":true,"session_ticket_supported":true,"tls_compression_supported":false,"unknown_cipher_suite_supported":false,"beast_vuln":false,"able_to_detect_n_minus_one_splitting":false,"insecure_cipher_suites":{},"tls_version":"TLS 1.2","rating":"Probably Okay"}[  6407][E][WiFiClient.cpp:329] setSocketOption(): fail on 0, errno: 9, "Bad file number"


-- Payload ended.
[  6422][V][ssl_client.cpp:323] stop_ssl_socket(): Cleaning SSL connection.
ALL OK

[dirkx]

I am not quite seeing that on an ESP32-S2 and DEBUG set to VERBOSE. Anything extra I need to set ? My first guess is that the server closes the connection: 18:08:59.617 -> [ 2947][E][WiFiClientSecure.cpp:316] available(): Closing connection on failed avail check 18:08:59.617 -> [ 2949][V][ssl_client.cpp:337] stop_ssl_socket(): Cleaning SSL connection. And that 'we' then close the connection again: 18:09:00.913 -> [ 4232][V][ssl_client.cpp:337] stop_ssl_socket(): Cleaning SSL connection. That could be solved in void WiFiClientSecure::stop() { if (sslclient->socket >= 0) { close(sslclient->socket); _lastWriteTimeout = 0; ..... } stop_ssl_socket(sslclient, _CA_cert, _cert, _private_key); } by moving that stop_ssl_socket() into the IF statement. But then we're changing the API a little bit. Not sure if that is wise. Dw 8:08:58.506 -> Connected to Linate 18:08:58.506 -> Trying to connect to a server; using TOFU details from the eeprom 18:08:58.576 -> [ 1890][V][ssl_client.cpp:60] start_ssl_client(): Free internal heap before TLS 146408 18:08:58.576 -> [ 1890][V][ssl_client.cpp:66] start_ssl_client(): Starting socket 18:08:58.714 -> [ 2044][V][ssl_client.cpp:144] start_ssl_client(): Seeding the random number generator 18:08:58.714 -> [ 2046][V][ssl_client.cpp:153] start_ssl_client(): Setting up the SSL/TLS structure... 18:08:58.714 -> [ 2049][D][ssl_client.cpp:174] start_ssl_client(): WARNING: Skipping SSL Verification. INSECURE! 18:08:58.748 -> [ 2057][V][ssl_client.cpp:263] start_ssl_client(): Setting hostname for TLS session... 18:08:58.748 -> [ 2065][V][ssl_client.cpp:285] ssl_starttls_handshake(): Performing the SSL/TLS handshake... 18:08:59.380 -> [ 2713][V][ssl_client.cpp:306] ssl_starttls_handshake(): Verifying peer X.509 certificate... 18:08:59.380 -> [ 2713][V][ssl_client.cpp:314] ssl_starttls_handshake(): Certificate verified. 18:08:59.415 -> [ 2717][V][ssl_client.cpp:330] ssl_starttls_handshake(): Free internal heap after TLS 102744 18:08:59.415 -> All well - you are talking to the same server as 18:08:59.415 -> when you set up TOFU. So we can now do a GET. 18:08:59.415 -> 18:08:59.415 -> 18:08:59.583 -> HTTP/1.0 200 OK Access-Control-Allow-Origin: * Content-Length: 3299 Content-Type: application/json Strict-Transport-Security: max-age=631138519; includeSubdomains; preload Vary: Accept-Encoding Date: Thu, 18 Jan 2024 17:08:59 GMT

…

-- headers received. Payload follows 18:08:59.583 -> 18:08:59.583 -> 18:08:59.617 -> [ 2947][E][WiFiClientSecure.cpp:316] available(): Closing connection on failed avail check 18:08:59.617 -> [ 2949][V][ssl_client.cpp:337] stop_ssl_socket(): Cleaning SSL connection. 18:09:00.611 -> {"given_cipher_suites":["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CCM","TLS_DHE_RSA_WITH_AES_25....splitting":false,"insecure_cipher_suites":{},"tls_version":"TLS 1.2","rating":"Probably Okay"} 18:09:00.913 -> 18:09:00.913 -> -- Payload ended. 18:09:00.913 -> ALL OK

[lucasssvaz]

I tested on a ESP32 in the verbose mode. Idk if that should make a difference

[dirkx]

Ok - will try an ESP32 rather than an ESP32-S2. Meanwhile - I did observe that, with the exception of setting the value of ssl_client->socket; al other socket work is delegated to the ssl_client.c world. So below diff does make things a bit cleaner; and at least surpresses the double closing when a socket normally closes and the user does a stop later on (again). If we assume that nothing calls stuff in ssl_client - then the API is not changing. <code> diff --git a/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp b/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp index ff2dedf5..0339e642 100644 --- a/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp +++ b/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp @@ -20,8 +20,6 @@ #include "WiFiClientSecure.h" #include "esp_crt_bundle.h" -#include <lwip/sockets.h> -#include <lwip/netdb.h> #include <errno.h> #undef connect @@ -91,15 +89,11 @@ WiFiClientSecure &WiFiClientSecure::operator=(const WiFiClientSecure &other) void WiFiClientSecure::stop() { - if (sslclient->socket >= 0) { - close(sslclient->socket); - sslclient->socket = -1; - _connected = false; - _peek = -1; - _lastReadTimeout = 0; - _lastWriteTimeout = 0; - } stop_ssl_socket(sslclient, _CA_cert, _cert, _private_key); + _connected = false; + _peek = -1; + _lastReadTimeout = 0; + _lastWriteTimeout = 0; } int WiFiClientSecure::connect(IPAddress ip, uint16_t port) </code>

[dirkx]

Actually - looking at this a bit longer - I think you unearthed a much older bug due to that logic (I removed in above patch). If there is an error and ssl_client level class close the connection; they set ->socket to -1. But the WiFiSecureClient layer above it checks on _connected mostly (e.g. in read, write, etc). But _connected may not get unset - as WiFiSecureClient gate the set to false that on socket not being -1. Which can have happened in the layer below of ssl_client. So I guess my patch may actually solve that bug - unrelated to any of the TOFU / etc work. With kind regards, Dw.

[me-no-dev]

@lucasssvaz PTAL

[dirkx]

Apologies - will do - but paid customers intruding :)

[lucasssvaz]

Bug found is unrelated to the example added. I'll open a issue to track it