espressif/arduino-esp32
1
0
Fork 1
mirror of https://github.com/0xFEEDC0DE64/arduino-esp32.git synced 2025-07-04 22:36:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

IDF release/v4.0 08219f3cf

Browse Source
This commit is contained in:
me-no-dev
2020-01-25 14:51:58 +00:00
parent 8c723be135
commit 41ba143063
858 changed files with 37940 additions and 49396 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
tools/sdk/include/esp-tls/esp_tls.h
View File

@ -32,6 +32,37 @@
extern "C" {
#endif
#define ESP_ERR_ESP_TLS_BASE 0x8000 /*!< Starting number of ESP-TLS error codes */
#define ESP_ERR_ESP_TLS_CANNOT_RESOLVE_HOSTNAME (ESP_ERR_ESP_TLS_BASE + 0x01) /*!< Error if hostname couldn't be resolved upon tls connection */
#define ESP_ERR_ESP_TLS_CANNOT_CREATE_SOCKET (ESP_ERR_ESP_TLS_BASE + 0x02) /*!< Failed to create socket */
#define ESP_ERR_ESP_TLS_UNSUPPORTED_PROTOCOL_FAMILY (ESP_ERR_ESP_TLS_BASE + 0x03) /*!< Unsupported protocol family */
#define ESP_ERR_ESP_TLS_FAILED_CONNECT_TO_HOST (ESP_ERR_ESP_TLS_BASE + 0x04) /*!< Failed to connect to host */
#define ESP_ERR_ESP_TLS_SOCKET_SETOPT_FAILED (ESP_ERR_ESP_TLS_BASE + 0x05) /*!< failed to set socket option */
#define ESP_ERR_MBEDTLS_CERT_PARTLY_OK (ESP_ERR_ESP_TLS_BASE + 0x06) /*!< mbedtls parse certificates was partly successful */
#define ESP_ERR_MBEDTLS_CTR_DRBG_SEED_FAILED (ESP_ERR_ESP_TLS_BASE + 0x07) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_SET_HOSTNAME_FAILED (ESP_ERR_ESP_TLS_BASE + 0x08) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_CONFIG_DEFAULTS_FAILED (ESP_ERR_ESP_TLS_BASE + 0x09) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_CONF_ALPN_PROTOCOLS_FAILED (ESP_ERR_ESP_TLS_BASE + 0x0A) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x0B) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_CONF_OWN_CERT_FAILED (ESP_ERR_ESP_TLS_BASE + 0x0C) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x0D) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_WRITE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x0E) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_PK_PARSE_KEY_FAILED (ESP_ERR_ESP_TLS_BASE + 0x0F) /*!< mbedtls api returned failed */
#define ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x10) /*!< mbedtls api returned failed */
#define ESP_ERR_MBEDTLS_SSL_CONF_PSK_FAILED (ESP_ERR_ESP_TLS_BASE + 0x11) /*!< mbedtls api returned failed */
#define ESP_ERR_ESP_TLS_CONNECTION_TIMEOUT (ESP_ERR_ESP_TLS_BASE + 0x12) /*!< new connection in esp_tls_low_level_conn connection timeouted */
typedef struct esp_tls_last_error* esp_tls_error_handle_t;
/**
* @brief Error structure containing relevant errors in case tls error occurred
*/
typedef struct esp_tls_last_error {
esp_err_t last_error; /*!< error code (based on ESP_ERR_ESP_TLS_BASE) of the last occurred error */
int mbedtls_error_code; /*!< mbedtls error code from last mbedtls failed api */
int mbedtls_flags; /*!< last certification verification flags */
} esp_tls_last_error_t;
/**
* @brief ESP-TLS Connection State
*/
@ -43,6 +74,11 @@ typedef enum esp_tls_conn_state {
ESP_TLS_DONE,
} esp_tls_conn_state_t;
typedef enum esp_tls_role {
ESP_TLS_CLIENT = 0,
ESP_TLS_SERVER,
} esp_tls_role_t;
/**
* @brief ESP-TLS configuration parameters
*/
@ -53,9 +89,8 @@ typedef struct esp_tls_cfg {
The format is length followed by protocol
name.
For the most common cases the following is ok:
"\x02h2"
- where the first '2' is the length of the protocol and
- the subsequent 'h2' is the protocol name */
const char **alpn_protos = { "h2", NULL };
- where 'h2' is the protocol name */
const unsigned char *cacert_pem_buf; /*!< Certificate Authority's certificate in a buffer.
This buffer should be NULL terminated */
@ -65,7 +100,7 @@ typedef struct esp_tls_cfg {
const unsigned char *clientcert_pem_buf;/*!< Client certificate in a buffer
This buffer should be NULL terminated */
unsigned int clientcert_pem_bytes; /*!< Size of client certificate pointed to by
clientcert_pem_buf */
@ -95,6 +130,43 @@ typedef struct esp_tls_cfg {
bool skip_common_name; /*!< Skip any validation of server certificate CN field */
} esp_tls_cfg_t;
#ifdef CONFIG_ESP_TLS_SERVER
typedef struct esp_tls_cfg_server {
const char **alpn_protos; /*!< Application protocols required for HTTP2.
If HTTP2/ALPN support is required, a list
of protocols that should be negotiated.
The format is length followed by protocol
name.
For the most common cases the following is ok:
const char **alpn_protos = { "h2", NULL };
- where 'h2' is the protocol name */
const unsigned char *cacert_pem_buf; /*!< Client CA certificate in a buffer.
This buffer should be NULL terminated */
unsigned int cacert_pem_bytes; /*!< Size of client CA certificate
pointed to by cacert_pem_buf */
const unsigned char *servercert_pem_buf; /*!< Server certificate in a buffer
This buffer should be NULL terminated */
unsigned int servercert_pem_bytes; /*!< Size of server certificate pointed to by
servercert_pem_buf */
const unsigned char *serverkey_pem_buf; /*!< Server key in a buffer
This buffer should be NULL terminated */
unsigned int serverkey_pem_bytes; /*!< Size of server key pointed to by
serverkey_pem_buf */
const unsigned char *serverkey_password; /*!< Server key decryption password string */
unsigned int serverkey_password_len; /*!< String length of the password pointed to by
serverkey_password */
} esp_tls_cfg_server_t;
#endif /* ! CONFIG_ESP_TLS_SERVER */
/**
* @brief ESP-TLS Connection Handle
*/
@ -121,7 +193,12 @@ typedef struct esp_tls {
mbedtls_pk_context clientkey; /*!< Container for the private key of the client
certificate */
#ifdef CONFIG_ESP_TLS_SERVER
mbedtls_x509_crt servercert; /*!< Container for the X.509 server certificate */
mbedtls_pk_context serverkey; /*!< Container for the private key of the server
certificate */
#endif
int sockfd; /*!< Underlying socket file descriptor. */
ssize_t (*read)(struct esp_tls *tls, char *data, size_t datalen); /*!< Callback function for reading data from TLS/SSL
@ -135,23 +212,72 @@ typedef struct esp_tls {
fd_set rset; /*!< read file descriptors */
fd_set wset; /*!< write file descriptors */
bool is_tls; /*!< indicates connection type (TLS or NON-TLS) */
esp_tls_role_t role; /*!< esp-tls role
- ESP_TLS_CLIENT
- ESP_TLS_SERVER */
esp_tls_error_handle_t error_handle; /*!< handle to error descriptor */
} esp_tls_t;
/**
* @brief Create TLS connection
*
* This function allocates and initializes esp-tls structure handle.
*
* @return tls Pointer to esp-tls as esp-tls handle if successfully initialized,
* NULL if allocation error
*/
esp_tls_t *esp_tls_init();
/**
* @brief Create a new blocking TLS/SSL connection
*
* This function establishes a TLS/SSL connection with the specified host in blocking manner.
*
*
* Note: This API is present for backward compatibility reasons. Alternative function
* with the same functionality is `esp_tls_conn_new_sync` (and its asynchronous version
* `esp_tls_conn_new_async`)
*
* @param[in] hostname Hostname of the host.
* @param[in] hostlen Length of hostname.
* @param[in] port Port number of the host.
* @param[in] cfg TLS configuration as esp_tls_cfg_t. If you wish to open
* @param[in] cfg TLS configuration as esp_tls_cfg_t. If you wish to open
* non-TLS connection, keep this NULL. For TLS connection,
* a pass pointer to esp_tls_cfg_t. At a minimum, this
* structure should be zero-initialized.
*
* @return pointer to esp_tls_t, or NULL if connection couldn't be opened.
*/
esp_tls_t *esp_tls_conn_new(const char *hostname, int hostlen, int port, const esp_tls_cfg_t *cfg);
esp_tls_t *esp_tls_conn_new(const char *hostname, int hostlen, int port, const esp_tls_cfg_t *cfg) __attribute__ ((deprecated));
/**
* @brief Create a new blocking TLS/SSL connection
*
* This function establishes a TLS/SSL connection with the specified host in blocking manner.
*
* @param[in] hostname Hostname of the host.
* @param[in] hostlen Length of hostname.
* @param[in] port Port number of the host.
* @param[in] cfg TLS configuration as esp_tls_cfg_t. If you wish to open
* non-TLS connection, keep this NULL. For TLS connection,
* a pass pointer to esp_tls_cfg_t. At a minimum, this
* structure should be zero-initialized.
* @param[in] tls Pointer to esp-tls as esp-tls handle.
*
* @return
* - -1 If connection establishment fails.
* - 1 If connection establishment is successful.
* - 0 If connection state is in progress.
*/
int esp_tls_conn_new_sync(const char *hostname, int hostlen, int port, const esp_tls_cfg_t *cfg, esp_tls_t *tls);
/**
* @brief Create a new blocking TLS/SSL connection with a given "HTTP" url
@ -266,7 +392,7 @@ void esp_tls_conn_delete(esp_tls_t *tls);
* - bytes available in the application data
* record read buffer
*/
size_t esp_tls_get_bytes_avail(esp_tls_t *tls);
ssize_t esp_tls_get_bytes_avail(esp_tls_t *tls);
/**
* @brief Create a global CA store, initially empty.
@ -322,6 +448,50 @@ mbedtls_x509_crt *esp_tls_get_global_ca_store();
*/
void esp_tls_free_global_ca_store();
/**
* @brief Returns last error in esp_tls with detailed mbedtls related error codes.
* The error information is cleared internally upon return
*
* @param[in] h esp-tls error handle.
* @param[out] mbedtls_code last error code returned from mbedtls api (set to zero if none)
* This pointer could be NULL if caller does not care about mbedtls_code
* @param[out] mbedtls_flags last certification verification flags (set to zero if none)
* This pointer could be NULL if caller does not care about mbedtls_flags
*
* @return
* - ESP_ERR_INVALID_STATE if invalid parameters
* - ESP_OK (0) if no error occurred
* - specific error code (based on ESP_ERR_ESP_TLS_BASE) otherwise
*/
esp_err_t esp_tls_get_and_clear_last_error(esp_tls_error_handle_t h, int *mbedtls_code, int *mbedtls_flags);
#ifdef CONFIG_ESP_TLS_SERVER
/**
* @brief Create TLS/SSL server session
*
* This function creates a TLS/SSL server context for already accepted client connection
* and performs TLS/SSL handshake with the client
*
* @param[in] cfg Pointer to esp_tls_cfg_server_t
* @param[in] sockfd FD of accepted connection
* @param[out] tls Pointer to allocated esp_tls_t
*
* @return
* - 0 if successful
* - <0 in case of error
*
*/
int esp_tls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls);
/**
* @brief Close the server side TLS/SSL connection and free any allocated resources.
*
* This function should be called to close each tls connection opened with esp_tls_server_session_create()
*
* @param[in] tls pointer to esp_tls_t
*/
void esp_tls_server_session_delete(esp_tls_t *tls);
#endif /* ! CONFIG_ESP_TLS_SERVER */
#ifdef __cplusplus
}

61
tools/sdk/include/esp-tls/esp_tls_error_capture_internal.h Normal file
View File

@ -0,0 +1,61 @@
// Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef __ESP_TLS_ERROR_CAPTURE_INTERNAL_H__
#define __ESP_TLS_ERROR_CAPTURE_INTERNAL_H__
/**
* Note: this is an implementation placeholder for error logger.
* This version is internal to esp-tls component and only saves single esp_err of last occurred error
*/
#ifdef __cplusplus
extern "C" {
#endif
/**
* Definition of different types/sources of error codes reported
* from different components
*/
typedef enum {
ERR_TYPE_UNKNOWN = 0,
ERR_TYPE_SYSTEM,
ERR_TYPE_MBEDTLS,
ERR_TYPE_MBEDTLS_CERT_FLAGS,
ERR_TYPE_ESP,
} err_type_t;
/**
* Error tracker logging macro, this implementation saves latest errors of
* ERR_TYPE_ESP, ERR_TYPE_MBEDTLS and ERR_TYPE_MBEDTLS_CERT_FLAGS types
*/
#define ESP_INT_EVENT_TRACKER_CAPTURE(h, type, code) esp_int_event_tracker_capture(h, type, code)
static inline void esp_int_event_tracker_capture(esp_tls_error_handle_t h, uint32_t type, int code)
{
if (h) {
if (type == ERR_TYPE_ESP) {
h->last_error = code;
} else if (type == ERR_TYPE_MBEDTLS) {
h->mbedtls_error_code = code;
} else if (type == ERR_TYPE_MBEDTLS_CERT_FLAGS) {
h->mbedtls_flags = code;
}
}
}
#ifdef __cplusplus
}
#endif
#endif //__ESP_TLS_ERROR_CAPTURE_INTERNAL_H__

61
tools/sdk/include/esp-tls/private_include/esp_tls_error_capture_internal.h Normal file
View File

@ -0,0 +1,61 @@
// Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef __ESP_TLS_ERROR_CAPTURE_INTERNAL_H__
#define __ESP_TLS_ERROR_CAPTURE_INTERNAL_H__
/**
* Note: this is an implementation placeholder for error logger.
* This version is internal to esp-tls component and only saves single esp_err of last occurred error
*/
#ifdef __cplusplus
extern "C" {
#endif
/**
* Definition of different types/sources of error codes reported
* from different components
*/
typedef enum {
ERR_TYPE_UNKNOWN = 0,
ERR_TYPE_SYSTEM,
ERR_TYPE_MBEDTLS,
ERR_TYPE_MBEDTLS_CERT_FLAGS,
ERR_TYPE_ESP,
} err_type_t;
/**
* Error tracker logging macro, this implementation saves latest errors of
* ERR_TYPE_ESP, ERR_TYPE_MBEDTLS and ERR_TYPE_MBEDTLS_CERT_FLAGS types
*/
#define ESP_INT_EVENT_TRACKER_CAPTURE(h, type, code) esp_int_event_tracker_capture(h, type, code)
static inline void esp_int_event_tracker_capture(esp_tls_error_handle_t h, uint32_t type, int code)
{
if (h) {
if (type == ERR_TYPE_ESP) {
h->last_error = code;
} else if (type == ERR_TYPE_MBEDTLS) {
h->mbedtls_error_code = code;
} else if (type == ERR_TYPE_MBEDTLS_CERT_FLAGS) {
h->mbedtls_flags = code;
}
}
}
#ifdef __cplusplus
}
#endif
#endif //__ESP_TLS_ERROR_CAPTURE_INTERNAL_H__