From 558d14f9a3057398145af1405af6264beb98560d Mon Sep 17 00:00:00 2001
From: Matthias Akstaller <63792403+matth-x@users.noreply.github.com>
Date: Thu, 23 May 2024 13:05:46 +0200
Subject: [PATCH] integrate MbedTLS (#22)

* use MbedTLS as the default TLS lib

* update MO, clean CMakeLists

* enable workflows

* fix compiler warnings

* update copyright notice

* update dependencies

* disable MbedTLS test suites

* fix WASM compilation errors
---
 .github/workflows/build_docker.yml |  3 +-
 .github/workflows/build_ubuntu.yml |  3 +-
 .github/workflows/build_wasm.yml   |  3 +-
 .gitmodules                        |  3 ++
 CMakeLists.txt                     | 68 ++++++++++++++++++++++++------
 lib/MicroOcpp                      |  2 +-
 lib/MicroOcppMongoose              |  2 +-
 lib/mbedtls                        |  1 +
 src/api.cpp                        |  4 ++
 src/api.h                          |  4 ++
 src/evse.cpp                       |  2 +-
 src/evse.h                         |  2 +-
 src/main.cpp                       |  2 +-
 src/net_mongoose.cpp               | 21 ++++-----
 src/net_mongoose.h                 |  4 ++
 src/net_wasm.cpp                   | 19 +++------
 src/net_wasm.h                     |  4 ++
 17 files changed, 100 insertions(+), 47 deletions(-)
 create mode 160000 lib/mbedtls

diff --git a/.github/workflows/build_docker.yml b/.github/workflows/build_docker.yml
index fe91653..5827bab 100644
--- a/.github/workflows/build_docker.yml
+++ b/.github/workflows/build_docker.yml
@@ -3,8 +3,7 @@ name: Docker
 on:
   push:
     branches:
-      - master
-      - develop
+      - main
 
   pull_request:
 
diff --git a/.github/workflows/build_ubuntu.yml b/.github/workflows/build_ubuntu.yml
index 6d23281..f7fa298 100644
--- a/.github/workflows/build_ubuntu.yml
+++ b/.github/workflows/build_ubuntu.yml
@@ -3,8 +3,7 @@ name: Ubuntu
 on:
   push:
     branches:
-      - master
-      - develop
+      - main
 
   pull_request:
 
diff --git a/.github/workflows/build_wasm.yml b/.github/workflows/build_wasm.yml
index ec04559..b66fa97 100644
--- a/.github/workflows/build_wasm.yml
+++ b/.github/workflows/build_wasm.yml
@@ -3,8 +3,7 @@ name: WebAssembly
 on:
   push:
     branches:
-      - master
-      - develop
+      - main
 
   pull_request:
 
diff --git a/.gitmodules b/.gitmodules
index 8d9990d..ceb826b 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -13,3 +13,6 @@
 [submodule "webapp-src"]
 	path = webapp-src
 	url = https://github.com/agruenb/arduino-ocpp-dashboard.git
+[submodule "lib/mbedtls"]
+	path = lib/mbedtls
+	url = https://github.com/Mbed-TLS/mbedtls
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2d2b5f4..a05245f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,9 +1,11 @@
-# matth-x/MicroOcpp
-# Copyright Matthias Akstaller 2019 - 2023
-# MIT License
+# matth-x/MicroOcppSimulator
+# Copyright Matthias Akstaller 2022 - 2024
+# GPL-3.0 License
 
 cmake_minimum_required(VERSION 3.13)
 
+set(CMAKE_CXX_STANDARD 11)
+
 set(MO_SIM_SRC
     src/evse.cpp
     src/main.cpp
@@ -32,34 +34,76 @@ add_compile_definitions(
     MO_DBG_LEVEL=MO_DL_INFO
     MO_FILENAME_PREFIX="./mo_store/"
     MO_ENABLE_V201=1
+    MO_ENABLE_MBEDTLS=1
 )
 
 add_executable(mo_simulator ${MO_SIM_SRC} ${MO_SIM_MG_SRC})
 
-# find OpenSSL (skip for WebAssembly)
-if (NOT ${CMAKE_SYSTEM_NAME} MATCHES "Emscripten")
-    find_package(OpenSSL REQUIRED)
-endif()
-
 target_include_directories(mo_simulator PUBLIC
     "${CMAKE_CURRENT_SOURCE_DIR}/lib/ArduinoJson/src"
     "${CMAKE_CURRENT_SOURCE_DIR}/lib/mongoose"
-    "${OPENSSL_INCLUDE_DIR}"
 )
 
 target_compile_definitions(mo_simulator PUBLIC
     MO_NETLIB=MO_NETLIB_MONGOOSE
-    MG_ENABLE_OPENSSL=1
 )
 
 add_subdirectory(lib/MicroOcpp)
 target_link_libraries(mo_simulator PUBLIC MicroOcpp)
 
+# disable some warnings for MbedTLS which cause compilation errors on WASM
+if (${CMAKE_SYSTEM_NAME} MATCHES "Emscripten")
+    add_compile_options(
+        -Wno-unused-but-set-variable
+        -Wno-documentation
+    )
+endif()
+
+# disable MbedTLS unit tests and test suites (not needed for the Simualtor)
+option(ENABLE_TESTING  "Build mbed TLS tests."    OFF)
+option(ENABLE_PROGRAMS "Build mbed TLS programs." OFF)
+
+add_subdirectory(lib/mbedtls)
+target_link_libraries(MicroOcpp PUBLIC 
+    mbedtls
+    mbedcrypto
+    mbedx509
+)
+
+if (MO_SIM_BUILD_USE_OPENSSL)
+
+    message("Using OpenSSL for WebSocket")
+
+    # find OpenSSL
+    find_package(OpenSSL REQUIRED)
+    target_include_directories(mo_simulator PUBLIC
+        "${OPENSSL_INCLUDE_DIR}"
+    )
+    target_link_libraries(mo_simulator PUBLIC
+        ${OPENSSL_LIBRARIES}
+    )
+    target_compile_definitions(mo_simulator PUBLIC
+        MG_ENABLE_OPENSSL=1
+    )
+
+else()
+
+    message("Using MbedTLS for WebSocket")
+
+    target_link_libraries(mo_simulator PUBLIC 
+        mbedtls
+        mbedcrypto
+        mbedx509
+    )
+    target_compile_definitions(mo_simulator PUBLIC
+        MG_ENABLE_MBEDTLS=1
+    )
+
+endif()
+
 add_subdirectory(lib/MicroOcppMongoose)
 target_link_libraries(mo_simulator PUBLIC MicroOcppMongoose)
 
-target_link_libraries(mo_simulator PUBLIC ${OPENSSL_LIBRARIES})
-
 # experimental WebAssembly port
 add_executable(mo_simulator_wasm ${MO_SIM_SRC} ${MO_SIM_WASM_SRC})
 
diff --git a/lib/MicroOcpp b/lib/MicroOcpp
index 80da31d..e879c0e 160000
--- a/lib/MicroOcpp
+++ b/lib/MicroOcpp
@@ -1 +1 @@
-Subproject commit 80da31d92f39e666193c14ffbe11d1a01b84d8bd
+Subproject commit e879c0e6988d7946959ce8cf18e05c4b623d21ba
diff --git a/lib/MicroOcppMongoose b/lib/MicroOcppMongoose
index 2e5aa6a..95f4748 160000
--- a/lib/MicroOcppMongoose
+++ b/lib/MicroOcppMongoose
@@ -1 +1 @@
-Subproject commit 2e5aa6a087f4af66077d4d10216583c7163051a2
+Subproject commit 95f4748f0863ab276f2b5481d29a3281a38a0a36
diff --git a/lib/mbedtls b/lib/mbedtls
new file mode 160000
index 0000000..dd79db1
--- /dev/null
+++ b/lib/mbedtls
@@ -0,0 +1 @@
+Subproject commit dd79db10014d85b26d11fe57218431f2e5ede6f2
diff --git a/src/api.cpp b/src/api.cpp
index 29b555d..f07d225 100644
--- a/src/api.cpp
+++ b/src/api.cpp
@@ -1,3 +1,7 @@
+// matth-x/MicroOcppSimulator
+// Copyright Matthias Akstaller 2022 - 2024
+// GPL-3.0 License
+
 #include "api.h"
 
 #include <MicroOcpp/Debug.h>
diff --git a/src/api.h b/src/api.h
index 9c42e5b..fd25663 100644
--- a/src/api.h
+++ b/src/api.h
@@ -1,3 +1,7 @@
+// matth-x/MicroOcppSimulator
+// Copyright Matthias Akstaller 2022 - 2024
+// GPL-3.0 License
+
 #ifndef MO_SIM_API_H
 #define MO_SIM_API_H
 
diff --git a/src/evse.cpp b/src/evse.cpp
index e331961..62c1a03 100644
--- a/src/evse.cpp
+++ b/src/evse.cpp
@@ -1,6 +1,6 @@
 // matth-x/MicroOcppSimulator
 // Copyright Matthias Akstaller 2022 - 2024
-// MIT License
+// GPL-3.0 License
 
 #include "evse.h"
 #include <MicroOcpp.h>
diff --git a/src/evse.h b/src/evse.h
index f0f3951..920ecc5 100644
--- a/src/evse.h
+++ b/src/evse.h
@@ -1,6 +1,6 @@
 // matth-x/MicroOcppSimulator
 // Copyright Matthias Akstaller 2022 - 2024
-// MIT License
+// GPL-3.0 License
 
 #ifndef EVSE_H
 #define EVSE_H
diff --git a/src/main.cpp b/src/main.cpp
index d501d20..8d8ee8d 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -1,6 +1,6 @@
 // matth-x/MicroOcppSimulator
 // Copyright Matthias Akstaller 2022 - 2024
-// MIT License
+// GPL-3.0 License
 
 #include <iostream>
 
diff --git a/src/net_mongoose.cpp b/src/net_mongoose.cpp
index a956675..544dfc0 100644
--- a/src/net_mongoose.cpp
+++ b/src/net_mongoose.cpp
@@ -1,3 +1,7 @@
+// matth-x/MicroOcppSimulator
+// Copyright Matthias Akstaller 2022 - 2024
+// GPL-3.0 License
+
 #include "net_mongoose.h"
 #include "evse.h"
 #include "api.h"
@@ -7,9 +11,6 @@
 #include <MicroOcpp/Debug.h>
 #include <MicroOcpp/Core/Configuration.h>
 
-static const char *s_http_addr = "http://localhost:8000";  // HTTP port
-static const char *s_root_dir = "web_root";
-
 //cors_headers allow the browser to make requests from any domain, allowing all headers and all methods
 #define DEFAULT_HEADER "Content-Type: application/json\r\n"
 #define CORS_HEADERS "Access-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers:Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Methods: GET,HEAD,OPTIONS,POST,PUT\r\n"
@@ -90,7 +91,7 @@ void http_serve(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
             serializeJson(doc, serialized);
             mg_http_reply(c, 200, final_headers, serialized.c_str());
             return;
-        } else if(strncmp(message_data->uri.ptr, "/api", strlen("api")) == 0) {
+        } else if (strncmp(message_data->uri.ptr, "/api", strlen("api")) == 0) {
             #define RESP_BUF_SIZE 1024
             char resp_buf [RESP_BUF_SIZE];
 
@@ -106,12 +107,12 @@ void http_serve(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
                 resp_buf, RESP_BUF_SIZE);
             
             mg_http_reply(c, status, final_headers, resp_buf);
-        }
-        //if no specific path is given serve dashboard application file
-        else if (mg_http_match_uri(message_data, "/")) {
-        struct mg_http_serve_opts opts = { .root_dir = "./public" };
-        opts.extra_headers = "Content-Type: text/html\r\nContent-Encoding: gzip\r\n";
-        mg_http_serve_file(c, message_data, "public/bundle.html.gz", &opts);
+        } else if (mg_http_match_uri(message_data, "/")) { //if no specific path is given serve dashboard application file
+            struct mg_http_serve_opts opts;
+            memset(&opts, 0, sizeof(opts));
+            opts.root_dir = "./public";
+            opts.extra_headers = "Content-Type: text/html\r\nContent-Encoding: gzip\r\n";
+            mg_http_serve_file(c, message_data, "public/bundle.html.gz", &opts);
         } else {
             mg_http_reply(c, 404, final_headers, "The required parameters are not given");
         }
diff --git a/src/net_mongoose.h b/src/net_mongoose.h
index 3a5f095..9ff3ff2 100644
--- a/src/net_mongoose.h
+++ b/src/net_mongoose.h
@@ -1,3 +1,7 @@
+// matth-x/MicroOcppSimulator
+// Copyright Matthias Akstaller 2022 - 2024
+// GPL-3.0 License
+
 #ifndef MO_NET_MONGOOSE_H
 #define MO_NET_MONGOOSE_H
 
diff --git a/src/net_wasm.cpp b/src/net_wasm.cpp
index 83a7507..99ac1f2 100644
--- a/src/net_wasm.cpp
+++ b/src/net_wasm.cpp
@@ -1,3 +1,7 @@
+// matth-x/MicroOcppSimulator
+// Copyright Matthias Akstaller 2022 - 2024
+// GPL-3.0 License
+
 #include "net_wasm.h"
 
 #include <string>
@@ -7,7 +11,6 @@
 #include <MicroOcpp/Core/Connection.h>
 #include <MicroOcpp/Core/Configuration.h>
 #include <MicroOcpp/Debug.h>
-#include "base64.hpp"
 
 #include "api.h"
 
@@ -304,19 +307,7 @@ class WasmOcppConnection : public Connection {
         }
 
         if (!auth_key.empty()) {
-            std::string token = cb_id + ":" + auth_key;
-
-            MO_DBG_DEBUG("auth Token=%s", token.c_str());
-
-            unsigned int base64_length = encode_base64_length(token.length());
-            std::vector<unsigned char> base64 (base64_length + 1);
-
-            // encode_base64() places a null terminator automatically, because the output is a string
-            base64_length = encode_base64((const unsigned char*) token.c_str(), token.length(), &base64[0]);
-
-            MO_DBG_DEBUG("auth64 len=%u, auth64 Token=%s", base64_length, &base64[0]);
-
-            basic_auth64 = (const char*) &base64[0];
+            MO_DBG_WARN("WASM app does not support Securiy Profile 2 yet");
         } else {
             MO_DBG_DEBUG("no authentication");
             (void) 0;
diff --git a/src/net_wasm.h b/src/net_wasm.h
index 4184359..bca1b5e 100644
--- a/src/net_wasm.h
+++ b/src/net_wasm.h
@@ -1,3 +1,7 @@
+// matth-x/MicroOcppSimulator
+// Copyright Matthias Akstaller 2022 - 2024
+// GPL-3.0 License
+
 #ifndef MO_NET_WASM_H
 #define MO_NET_WASM_H