espressif/arduino-esp32
1
0
Fork 1
mirror of https://github.com/0xFEEDC0DE64/arduino-esp32.git synced 2025-07-02 21:41:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Esp32 s3 support (#6341)

Browse Source 
Co-authored-by: Jason2866 <24528715+Jason2866@users.noreply.github.com>
Co-authored-by: Unexpected Maker <seon@unexpectedmaker.com>
Co-authored-by: Rodrigo Garcia <rodrigo.garcia@espressif.com>
Co-authored-by: Tomáš Pilný <34927466+PilnyTomas@users.noreply.github.com>
Co-authored-by: Pedro Minatel <pedro.minatel@espressif.com>
Co-authored-by: Ivan Grokhotkov <ivan@espressif.com>
Co-authored-by: Jan Procházka <90197375+P-R-O-C-H-Y@users.noreply.github.com>
Co-authored-by: Limor "Ladyada" Fried <limor@ladyada.net>
This commit is contained in:
Me No Dev
2022-03-28 12:09:41 +03:00
committed by GitHub
parent 3f79097d5f
commit 8ee5f0a11e
3774 changed files with 685773 additions and 19284 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
tools/sdk/esp32s3/include/esp-tls/esp-tls-crypto/esp_tls_crypto.h Normal file
View File

@ -0,0 +1,60 @@
/*
* SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef _ESP_TLS_CRYPTO_H
#define _ESP_TLS_CRYPTO_H
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Calculate sha1 sum
* esp-tls abstraction for crypto sha1 API, calculates the sha1 sum(digest) of
* the data provided in input which is of ilen size and returns
* a 20 char sha1 sum
* @param[in] input Input array
* @param[in] ilen Length of Input array
* @param[out] output calculated sha1 sum
*
* @return
* mbedtls stack:-
* - MBEDTLS_ERR_SHA1_BAD_INPUT_DATA on BAD INPUT.
* - 0 on success.
* wolfssl stack:-
* - -1 on failure.
* - 0 on success.
*/
int esp_crypto_sha1(const unsigned char *input,
size_t ilen,
unsigned char output[20]);
/**
* @brief Do Base64 encode of the src data
*
* @param[in] dst destination buffer
* @param[in] dlen length of destination buffer
* @param[out] olen number of bytes written
* @param[in] src src buffer to be encoded
* @param[in] slen src buffer len
*
* @return
* mbedtls stack:-
* - MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if buffer is of insufficient size.
* - 0 if successful.
* wolfssl stack:-
* - <0 on failure.
* - 0 if succcessful.
*/
int esp_crypto_base64_encode(unsigned char *dst, size_t dlen,
size_t *olen, const unsigned char *src,
size_t slen);
#ifdef __cplusplus
}
#endif
#endif /* _ESP_TLS_CRYPTO_H */

696
tools/sdk/esp32s3/include/esp-tls/esp_tls.h Normal file
View File

@ -0,0 +1,696 @@
/*
* SPDX-FileCopyrightText: 2017-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef _ESP_TLS_H_
#define _ESP_TLS_H_
#include <stdbool.h>
#include <sys/socket.h>
#include <fcntl.h>
#include "esp_err.h"
#include "esp_tls_errors.h"
#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
#include "mbedtls/platform.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/esp_debug.h"
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h"
#include "mbedtls/certs.h"
#ifdef CONFIG_ESP_TLS_SERVER_SESSION_TICKETS
#include "mbedtls/ssl_ticket.h"
#endif
#elif CONFIG_ESP_TLS_USING_WOLFSSL
#include "wolfssl/wolfcrypt/settings.h"
#include "wolfssl/ssl.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief ESP-TLS Connection State
*/
typedef enum esp_tls_conn_state {
ESP_TLS_INIT = 0,
ESP_TLS_CONNECTING,
ESP_TLS_HANDSHAKE,
ESP_TLS_FAIL,
ESP_TLS_DONE,
} esp_tls_conn_state_t;
typedef enum esp_tls_role {
ESP_TLS_CLIENT = 0,
ESP_TLS_SERVER,
} esp_tls_role_t;
/**
* @brief ESP-TLS preshared key and hint structure
*/
typedef struct psk_key_hint {
const uint8_t* key; /*!< key in PSK authentication mode in binary format */
const size_t key_size; /*!< length of the key */
const char* hint; /*!< hint in PSK authentication mode in string format */
} psk_hint_key_t;
/**
* @brief esp-tls client session ticket ctx
*/
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
typedef struct esp_tls_client_session {
mbedtls_ssl_session saved_session;
} esp_tls_client_session_t;
#endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
/**
* @brief Keep alive parameters structure
*/
typedef struct tls_keep_alive_cfg {
bool keep_alive_enable; /*!< Enable keep-alive timeout */
int keep_alive_idle; /*!< Keep-alive idle time (second) */
int keep_alive_interval; /*!< Keep-alive interval time (second) */
int keep_alive_count; /*!< Keep-alive packet retry send count */
} tls_keep_alive_cfg_t;
/**
* @brief ESP-TLS configuration parameters
*
* @note Note about format of certificates:
* - This structure includes certificates of a Certificate Authority, of client or server as well
* as private keys, which may be of PEM or DER format. In case of PEM format, the buffer must be
* NULL terminated (with NULL character included in certificate size).
* - Certificate Authority's certificate may be a chain of certificates in case of PEM format,
* but could be only one certificate in case of DER format
* - Variables names of certificates and private key buffers and sizes are defined as unions providing
* backward compatibility for legacy *_pem_buf and *_pem_bytes names which suggested only PEM format
* was supported. It is encouraged to use generic names such as cacert_buf and cacert_bytes.
*/
typedef struct esp_tls_cfg {
const char **alpn_protos; /*!< Application protocols required for HTTP2.
If HTTP2/ALPN support is required, a list
of protocols that should be negotiated.
The format is length followed by protocol
name.
For the most common cases the following is ok:
const char **alpn_protos = { "h2", NULL };
- where 'h2' is the protocol name */
union {
const unsigned char *cacert_buf; /*!< Certificate Authority's certificate in a buffer.
Format may be PEM or DER, depending on mbedtls-support
This buffer should be NULL terminated in case of PEM */
const unsigned char *cacert_pem_buf; /*!< CA certificate buffer legacy name */
};
union {
unsigned int cacert_bytes; /*!< Size of Certificate Authority certificate
pointed to by cacert_buf
(including NULL-terminator in case of PEM format) */
unsigned int cacert_pem_bytes; /*!< Size of Certificate Authority certificate legacy name */
};
union {
const unsigned char *clientcert_buf; /*!< Client certificate in a buffer
Format may be PEM or DER, depending on mbedtls-support
This buffer should be NULL terminated in case of PEM */
const unsigned char *clientcert_pem_buf; /*!< Client certificate legacy name */
};
union {
unsigned int clientcert_bytes; /*!< Size of client certificate pointed to by
clientcert_pem_buf
(including NULL-terminator in case of PEM format) */
unsigned int clientcert_pem_bytes; /*!< Size of client certificate legacy name */
};
union {
const unsigned char *clientkey_buf; /*!< Client key in a buffer
Format may be PEM or DER, depending on mbedtls-support
This buffer should be NULL terminated in case of PEM */
const unsigned char *clientkey_pem_buf; /*!< Client key legacy name */
};
union {
unsigned int clientkey_bytes; /*!< Size of client key pointed to by
clientkey_pem_buf
(including NULL-terminator in case of PEM format) */
unsigned int clientkey_pem_bytes; /*!< Size of client key legacy name */
};
const unsigned char *clientkey_password;/*!< Client key decryption password string */
unsigned int clientkey_password_len; /*!< String length of the password pointed to by
clientkey_password */
bool non_block; /*!< Configure non-blocking mode. If set to true the
underneath socket will be configured in non
blocking mode after tls session is established */
bool use_secure_element; /*!< Enable this option to use secure element or
atecc608a chip ( Integrated with ESP32-WROOM-32SE ) */
int timeout_ms; /*!< Network timeout in milliseconds */
bool use_global_ca_store; /*!< Use a global ca_store for all the connections in which
this bool is set. */
const char *common_name; /*!< If non-NULL, server certificate CN must match this name.
If NULL, server certificate CN must match hostname. */
bool skip_common_name; /*!< Skip any validation of server certificate CN field */
tls_keep_alive_cfg_t *keep_alive_cfg; /*!< Enable TCP keep-alive timeout for SSL connection */
const psk_hint_key_t* psk_hint_key; /*!< Pointer to PSK hint and key. if not NULL (and certificates are NULL)
then PSK authentication is enabled with configured setup.
Important note: the pointer must be valid for connection */
esp_err_t (*crt_bundle_attach)(void *conf);
/*!< Function pointer to esp_crt_bundle_attach. Enables the use of certification
bundle for server verification, must be enabled in menuconfig */
void *ds_data; /*!< Pointer for digital signature peripheral context */
bool is_plain_tcp; /*!< Use non-TLS connection: When set to true, the esp-tls uses
plain TCP transport rather then TLS/SSL connection.
Note, that it is possible to connect using a plain tcp transport
directly with esp_tls_plain_tcp_connect() API */
struct ifreq *if_name; /*!< The name of interface for data to go through. Use the default interface without setting */
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
esp_tls_client_session_t *client_session; /*! Pointer for the client session ticket context. */
#endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
} esp_tls_cfg_t;
#ifdef CONFIG_ESP_TLS_SERVER
#if defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
/**
* @brief Data structures necessary to support TLS session tickets according to RFC5077
*/
typedef struct esp_tls_server_session_ticket_ctx {
mbedtls_entropy_context entropy; /*!< mbedTLS entropy context structure */
mbedtls_ctr_drbg_context ctr_drbg; /*!< mbedTLS ctr drbg context structure.
CTR_DRBG is deterministic random
bit generation based on AES-256 */
mbedtls_ssl_ticket_context ticket_ctx; /*!< Session ticket generation context */
} esp_tls_server_session_ticket_ctx_t;
#endif
typedef struct esp_tls_cfg_server {
const char **alpn_protos; /*!< Application protocols required for HTTP2.
If HTTP2/ALPN support is required, a list
of protocols that should be negotiated.
The format is length followed by protocol
name.
For the most common cases the following is ok:
const char **alpn_protos = { "h2", NULL };
- where 'h2' is the protocol name */
union {
const unsigned char *cacert_buf; /*!< Client CA certificate in a buffer.
This buffer should be NULL terminated */
const unsigned char *cacert_pem_buf; /*!< Client CA certificate legacy name */
};
union {
unsigned int cacert_bytes; /*!< Size of client CA certificate
pointed to by cacert_pem_buf */
unsigned int cacert_pem_bytes; /*!< Size of client CA certificate legacy name */
};
union {
const unsigned char *servercert_buf; /*!< Server certificate in a buffer
This buffer should be NULL terminated */
const unsigned char *servercert_pem_buf; /*!< Server certificate legacy name */
};
union {
unsigned int servercert_bytes; /*!< Size of server certificate pointed to by
servercert_pem_buf */
unsigned int servercert_pem_bytes; /*!< Size of server certificate legacy name */
};
union {
const unsigned char *serverkey_buf; /*!< Server key in a buffer
This buffer should be NULL terminated */
const unsigned char *serverkey_pem_buf; /*!< Server key legacy name */
};
union {
unsigned int serverkey_bytes; /*!< Size of server key pointed to by
serverkey_pem_buf */
unsigned int serverkey_pem_bytes; /*!< Size of server key legacy name */
};
const unsigned char *serverkey_password; /*!< Server key decryption password string */
unsigned int serverkey_password_len; /*!< String length of the password pointed to by
serverkey_password */
#if defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
esp_tls_server_session_ticket_ctx_t * ticket_ctx; /*!< Session ticket generation context.
You have to call esp_tls_cfg_server_session_tickets_init
to use it.
Call esp_tls_cfg_server_session_tickets_free
to free the data associated with this context. */
#endif
} esp_tls_cfg_server_t;
/**
* @brief Initialize the server side TLS session ticket context
*
* This function initializes the server side tls session ticket context
* which holds all necessary data structures to enable tls session tickets
* according to RFC5077.
* Use esp_tls_cfg_server_session_tickets_free to free the data.
*
* @param[in] cfg server configuration as esp_tls_cfg_server_t
* @return
* ESP_OK if setup succeeded
* ESP_ERR_INVALID_ARG if context is already initialized
* ESP_ERR_NO_MEM if memory allocation failed
* ESP_ERR_NOT_SUPPORTED if session tickets are not available due to build configuration
* ESP_FAIL if setup failed
*/
esp_err_t esp_tls_cfg_server_session_tickets_init(esp_tls_cfg_server_t *cfg);
/**
* @brief Free the server side TLS session ticket context
*
* @param cfg server configuration as esp_tls_cfg_server_t
*/
void esp_tls_cfg_server_session_tickets_free(esp_tls_cfg_server_t *cfg);
#endif /* ! CONFIG_ESP_TLS_SERVER */
/**
* @brief ESP-TLS Connection Handle
*/
typedef struct esp_tls {
#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
mbedtls_ssl_context ssl; /*!< TLS/SSL context */
mbedtls_entropy_context entropy; /*!< mbedTLS entropy context structure */
mbedtls_ctr_drbg_context ctr_drbg; /*!< mbedTLS ctr drbg context structure.
CTR_DRBG is deterministic random
bit generation based on AES-256 */
mbedtls_ssl_config conf; /*!< TLS/SSL configuration to be shared
between mbedtls_ssl_context
structures */
mbedtls_net_context server_fd; /*!< mbedTLS wrapper type for sockets */
mbedtls_x509_crt cacert; /*!< Container for the X.509 CA certificate */
mbedtls_x509_crt *cacert_ptr; /*!< Pointer to the cacert being used. */
mbedtls_x509_crt clientcert; /*!< Container for the X.509 client certificate */
mbedtls_pk_context clientkey; /*!< Container for the private key of the client
certificate */
#ifdef CONFIG_ESP_TLS_SERVER
mbedtls_x509_crt servercert; /*!< Container for the X.509 server certificate */
mbedtls_pk_context serverkey; /*!< Container for the private key of the server
certificate */
#endif
#elif CONFIG_ESP_TLS_USING_WOLFSSL
void *priv_ctx;
void *priv_ssl;
#endif
int sockfd; /*!< Underlying socket file descriptor. */
ssize_t (*read)(struct esp_tls *tls, char *data, size_t datalen); /*!< Callback function for reading data from TLS/SSL
connection. */
ssize_t (*write)(struct esp_tls *tls, const char *data, size_t datalen); /*!< Callback function for writing data to TLS/SSL
connection. */
esp_tls_conn_state_t conn_state; /*!< ESP-TLS Connection state */
fd_set rset; /*!< read file descriptors */
fd_set wset; /*!< write file descriptors */
bool is_tls; /*!< indicates connection type (TLS or NON-TLS) */
esp_tls_role_t role; /*!< esp-tls role
- ESP_TLS_CLIENT
- ESP_TLS_SERVER */
esp_tls_error_handle_t error_handle; /*!< handle to error descriptor */
} esp_tls_t;
/**
* @brief Create TLS connection
*
* This function allocates and initializes esp-tls structure handle.
*
* @return tls Pointer to esp-tls as esp-tls handle if successfully initialized,
* NULL if allocation error
*/
esp_tls_t *esp_tls_init(void);
/**
* @brief Create a new blocking TLS/SSL connection
*
* This function establishes a TLS/SSL connection with the specified host in blocking manner.
*
* Note: This API is present for backward compatibility reasons. Alternative function
* with the same functionality is `esp_tls_conn_new_sync` (and its asynchronous version
* `esp_tls_conn_new_async`)
*
* @param[in] hostname Hostname of the host.
* @param[in] hostlen Length of hostname.
* @param[in] port Port number of the host.
* @param[in] cfg TLS configuration as esp_tls_cfg_t. If you wish to open
* non-TLS connection, keep this NULL. For TLS connection,
* a pass pointer to esp_tls_cfg_t. At a minimum, this
* structure should be zero-initialized.
*
* @return pointer to esp_tls_t, or NULL if connection couldn't be opened.
*/
esp_tls_t *esp_tls_conn_new(const char *hostname, int hostlen, int port, const esp_tls_cfg_t *cfg) __attribute__ ((deprecated));
/**
* @brief Create a new blocking TLS/SSL connection
*
* This function establishes a TLS/SSL connection with the specified host in blocking manner.
*
* @param[in] hostname Hostname of the host.
* @param[in] hostlen Length of hostname.
* @param[in] port Port number of the host.
* @param[in] cfg TLS configuration as esp_tls_cfg_t. If you wish to open
* non-TLS connection, keep this NULL. For TLS connection,
* a pass pointer to esp_tls_cfg_t. At a minimum, this
* structure should be zero-initialized.
* @param[in] tls Pointer to esp-tls as esp-tls handle.
*
* @return
* - -1 If connection establishment fails.
* - 1 If connection establishment is successful.
* - 0 If connection state is in progress.
*/
int esp_tls_conn_new_sync(const char *hostname, int hostlen, int port, const esp_tls_cfg_t *cfg, esp_tls_t *tls);
/**
* @brief Create a new blocking TLS/SSL connection with a given "HTTP" url
*
* The behaviour is same as esp_tls_conn_new() API. However this API accepts host's url.
*
* @param[in] url url of host.
* @param[in] cfg TLS configuration as esp_tls_cfg_t. If you wish to open
* non-TLS connection, keep this NULL. For TLS connection,
* a pass pointer to 'esp_tls_cfg_t'. At a minimum, this
* structure should be zero-initialized.
* @return pointer to esp_tls_t, or NULL if connection couldn't be opened.
*/
esp_tls_t *esp_tls_conn_http_new(const char *url, const esp_tls_cfg_t *cfg);
/**
* @brief Create a new non-blocking TLS/SSL connection
*
* This function initiates a non-blocking TLS/SSL connection with the specified host, but due to
* its non-blocking nature, it doesn't wait for the connection to get established.
*
* @param[in] hostname Hostname of the host.
* @param[in] hostlen Length of hostname.
* @param[in] port Port number of the host.
* @param[in] cfg TLS configuration as esp_tls_cfg_t. `non_block` member of
* this structure should be set to be true.
* @param[in] tls pointer to esp-tls as esp-tls handle.
*
* @return
* - -1 If connection establishment fails.
* - 0 If connection establishment is in progress.
* - 1 If connection establishment is successful.
*/
int esp_tls_conn_new_async(const char *hostname, int hostlen, int port, const esp_tls_cfg_t *cfg, esp_tls_t *tls);
/**
* @brief Create a new non-blocking TLS/SSL connection with a given "HTTP" url
*
* The behaviour is same as esp_tls_conn_new() API. However this API accepts host's url.
*
* @param[in] url url of host.
* @param[in] cfg TLS configuration as esp_tls_cfg_t.
* @param[in] tls pointer to esp-tls as esp-tls handle.
*
* @return
* - -1 If connection establishment fails.
* - 0 If connection establishment is in progress.
* - 1 If connection establishment is successful.
*/
int esp_tls_conn_http_new_async(const char *url, const esp_tls_cfg_t *cfg, esp_tls_t *tls);
/**
* @brief Write from buffer 'data' into specified tls connection.
*
* @param[in] tls pointer to esp-tls as esp-tls handle.
* @param[in] data Buffer from which data will be written.
* @param[in] datalen Length of data buffer.
*
* @return
* - >=0 if write operation was successful, the return value is the number
* of bytes actually written to the TLS/SSL connection.
* - <0 if write operation was not successful, because either an
* error occured or an action must be taken by the calling process.
* - ESP_TLS_ERR_SSL_WANT_READ/
* ESP_TLS_ERR_SSL_WANT_WRITE.
* if the handshake is incomplete and waiting for data to be available for reading.
* In this case this functions needs to be called again when the underlying transport is ready for operation.
*/
static inline ssize_t esp_tls_conn_write(esp_tls_t *tls, const void *data, size_t datalen)
{
return tls->write(tls, (char *)data, datalen);
}
/**
* @brief Read from specified tls connection into the buffer 'data'.
*
* @param[in] tls pointer to esp-tls as esp-tls handle.
* @param[in] data Buffer to hold read data.
* @param[in] datalen Length of data buffer.
*
* @return
* - >0 if read operation was successful, the return value is the number
* of bytes actually read from the TLS/SSL connection.
* - 0 if read operation was not successful. The underlying
* connection was closed.
* - <0 if read operation was not successful, because either an
* error occured or an action must be taken by the calling process.
*/
static inline ssize_t esp_tls_conn_read(esp_tls_t *tls, void *data, size_t datalen)
{
return tls->read(tls, (char *)data, datalen);
}
/**
* @brief Compatible version of esp_tls_conn_destroy() to close the TLS/SSL connection
*
* @note This API will be removed in IDFv5.0
*
* @param[in] tls pointer to esp-tls as esp-tls handle.
*/
void esp_tls_conn_delete(esp_tls_t *tls);
/**
* @brief Close the TLS/SSL connection and free any allocated resources.
*
* This function should be called to close each tls connection opened with esp_tls_conn_new() or
* esp_tls_conn_http_new() APIs.
*
* @param[in] tls pointer to esp-tls as esp-tls handle.
*
* @return - 0 on success
* - -1 if socket error or an invalid argument
*/
int esp_tls_conn_destroy(esp_tls_t *tls);
/**
* @brief Return the number of application data bytes remaining to be
* read from the current record
*
* This API is a wrapper over mbedtls's mbedtls_ssl_get_bytes_avail() API.
*
* @param[in] tls pointer to esp-tls as esp-tls handle.
*
* @return
* - -1 in case of invalid arg
* - bytes available in the application data
* record read buffer
*/
ssize_t esp_tls_get_bytes_avail(esp_tls_t *tls);
/**
* @brief Returns the connection socket file descriptor from esp_tls session
*
* @param[in] tls handle to esp_tls context
*
* @param[out] sockfd int pointer to sockfd value.
*
* @return - ESP_OK on success and value of sockfd will be updated with socket file descriptor for connection
* - ESP_ERR_INVALID_ARG if (tls == NULL || sockfd == NULL)
*/
esp_err_t esp_tls_get_conn_sockfd(esp_tls_t *tls, int *sockfd);
/**
* @brief Create a global CA store, initially empty.
*
* This function should be called if the application wants to use the same CA store for multiple connections.
* This function initialises the global CA store which can be then set by calling esp_tls_set_global_ca_store().
* To be effective, this function must be called before any call to esp_tls_set_global_ca_store().
*
* @return
* - ESP_OK if creating global CA store was successful.
* - ESP_ERR_NO_MEM if an error occured when allocating the mbedTLS resources.
*/
esp_err_t esp_tls_init_global_ca_store(void);
/**
* @brief Set the global CA store with the buffer provided in pem format.
*
* This function should be called if the application wants to set the global CA store for
* multiple connections i.e. to add the certificates in the provided buffer to the certificate chain.
* This function implicitly calls esp_tls_init_global_ca_store() if it has not already been called.
* The application must call this function before calling esp_tls_conn_new().
*
* @param[in] cacert_pem_buf Buffer which has certificates in pem format. This buffer
* is used for creating a global CA store, which can be used
* by other tls connections.
* @param[in] cacert_pem_bytes Length of the buffer.
*
* @return
* - ESP_OK if adding certificates was successful.
* - Other if an error occured or an action must be taken by the calling process.
*/
esp_err_t esp_tls_set_global_ca_store(const unsigned char *cacert_pem_buf, const unsigned int cacert_pem_bytes);
/**
* @brief Free the global CA store currently being used.
*
* The memory being used by the global CA store to store all the parsed certificates is
* freed up. The application can call this API if it no longer needs the global CA store.
*/
void esp_tls_free_global_ca_store(void);
/**
* @brief Returns last error in esp_tls with detailed mbedtls related error codes.
* The error information is cleared internally upon return
*
* @param[in] h esp-tls error handle.
* @param[out] esp_tls_code last error code returned from mbedtls api (set to zero if none)
* This pointer could be NULL if caller does not care about esp_tls_code
* @param[out] esp_tls_flags last certification verification flags (set to zero if none)
* This pointer could be NULL if caller does not care about esp_tls_code
*
* @return
* - ESP_ERR_INVALID_STATE if invalid parameters
* - ESP_OK (0) if no error occurred
* - specific error code (based on ESP_ERR_ESP_TLS_BASE) otherwise
*/
esp_err_t esp_tls_get_and_clear_last_error(esp_tls_error_handle_t h, int *esp_tls_code, int *esp_tls_flags);
/**
* @brief Returns the last error captured in esp_tls of a specific type
* The error information is cleared internally upon return
*
* @param[in] h esp-tls error handle.
* @param[in] err_type specific error type
* @param[out] error_code last error code returned from mbedtls api (set to zero if none)
* This pointer could be NULL if caller does not care about esp_tls_code
* @return
* - ESP_ERR_INVALID_STATE if invalid parameters
* - ESP_OK if a valid error returned and was cleared
*/
esp_err_t esp_tls_get_and_clear_error_type(esp_tls_error_handle_t h, esp_tls_error_type_t err_type, int *error_code);
#if CONFIG_ESP_TLS_USING_MBEDTLS
/**
* @brief Get the pointer to the global CA store currently being used.
*
* The application must first call esp_tls_set_global_ca_store(). Then the same
* CA store could be used by the application for APIs other than esp_tls.
*
* @note Modifying the pointer might cause a failure in verifying the certificates.
*
* @return
* - Pointer to the global CA store currently being used if successful.
* - NULL if there is no global CA store set.
*/
mbedtls_x509_crt *esp_tls_get_global_ca_store(void);
#endif /* CONFIG_ESP_TLS_USING_MBEDTLS */
#ifdef CONFIG_ESP_TLS_SERVER
/**
* @brief Create TLS/SSL server session
*
* This function creates a TLS/SSL server context for already accepted client connection
* and performs TLS/SSL handshake with the client
*
* @param[in] cfg Pointer to esp_tls_cfg_server_t
* @param[in] sockfd FD of accepted connection
* @param[out] tls Pointer to allocated esp_tls_t
*
* @return
* - 0 if successful
* - <0 in case of error
*
*/
int esp_tls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls);
/**
* @brief Close the server side TLS/SSL connection and free any allocated resources.
*
* This function should be called to close each tls connection opened with esp_tls_server_session_create()
*
* @param[in] tls pointer to esp_tls_t
*/
void esp_tls_server_session_delete(esp_tls_t *tls);
#endif /* ! CONFIG_ESP_TLS_SERVER */
/**
* @brief Creates a plain TCP connection, returning a valid socket fd on success or an error handle
*
* @param[in] host Hostname of the host.
* @param[in] hostlen Length of hostname.
* @param[in] port Port number of the host.
* @param[in] cfg ESP-TLS configuration as esp_tls_cfg_t.
* @param[out] error_handle ESP-TLS error handle holding potential errors occurred during connection
* @param[out] sockfd Socket descriptor if successfully connected on TCP layer
* @return ESP_OK on success
* ESP_ERR_INVALID_ARG if invalid output parameters
* ESP-TLS based error codes on failure
*/
esp_err_t esp_tls_plain_tcp_connect(const char *host, int hostlen, int port, const esp_tls_cfg_t *cfg, esp_tls_error_handle_t error_handle, int *sockfd);
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
/**
* @brief Obtain the client session ticket
*
* This function should be called when the TLS connection is already established.
* This can be passed again in the esp_tls_cfg_t structure, to appropriate tls session create (e.g. esp_tls_conn_http_new) API for session resumption.
*
* @param[in] esp_tls context as esp_tls_t
* @return
* Pointer to the saved client session.
* NULL on Failure
*/
esp_tls_client_session_t *esp_tls_get_client_session(esp_tls_t *tls);
#endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
#ifdef __cplusplus
}
#endif
#endif /* ! _ESP_TLS_H_ */

99
tools/sdk/esp32s3/include/esp-tls/esp_tls_errors.h Normal file
View File

@ -0,0 +1,99 @@
/*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef _ESP_TLS_ERRORS_H_
#define _ESP_TLS_ERRORS_H_
#include "esp_err.h"
#ifdef __cplusplus
extern "C" {
#endif
#define ESP_ERR_ESP_TLS_BASE 0x8000 /*!< Starting number of ESP-TLS error codes */
/* generic esp-tls error codes */
#define ESP_ERR_ESP_TLS_CANNOT_RESOLVE_HOSTNAME (ESP_ERR_ESP_TLS_BASE + 0x01) /*!< Error if hostname couldn't be resolved upon tls connection */
#define ESP_ERR_ESP_TLS_CANNOT_CREATE_SOCKET (ESP_ERR_ESP_TLS_BASE + 0x02) /*!< Failed to create socket */
#define ESP_ERR_ESP_TLS_UNSUPPORTED_PROTOCOL_FAMILY (ESP_ERR_ESP_TLS_BASE + 0x03) /*!< Unsupported protocol family */
#define ESP_ERR_ESP_TLS_FAILED_CONNECT_TO_HOST (ESP_ERR_ESP_TLS_BASE + 0x04) /*!< Failed to connect to host */
#define ESP_ERR_ESP_TLS_SOCKET_SETOPT_FAILED (ESP_ERR_ESP_TLS_BASE + 0x05) /*!< failed to set/get socket option */
#define ESP_ERR_ESP_TLS_CONNECTION_TIMEOUT (ESP_ERR_ESP_TLS_BASE + 0x06) /*!< new connection in esp_tls_low_level_conn connection timeouted */
#define ESP_ERR_ESP_TLS_SE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x07) /*< esp-tls use Secure Element returned failed */
#define ESP_ERR_ESP_TLS_TCP_CLOSED_FIN (ESP_ERR_ESP_TLS_BASE + 0x08) /*< esp-tls's TPC transport connection has benn closed (in a clean way) */
/* mbedtls specific error codes */
#define ESP_ERR_MBEDTLS_CERT_PARTLY_OK (ESP_ERR_ESP_TLS_BASE + 0x10) /*!< mbedtls parse certificates was partly successful */
#define ESP_ERR_MBEDTLS_CTR_DRBG_SEED_FAILED (ESP_ERR_ESP_TLS_BASE + 0x11) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_SET_HOSTNAME_FAILED (ESP_ERR_ESP_TLS_BASE + 0x12) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_CONFIG_DEFAULTS_FAILED (ESP_ERR_ESP_TLS_BASE + 0x13) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_CONF_ALPN_PROTOCOLS_FAILED (ESP_ERR_ESP_TLS_BASE + 0x14) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x15) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_CONF_OWN_CERT_FAILED (ESP_ERR_ESP_TLS_BASE + 0x16) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x17) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_WRITE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x18) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_PK_PARSE_KEY_FAILED (ESP_ERR_ESP_TLS_BASE + 0x19) /*!< mbedtls api returned failed */
#define ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x1A) /*!< mbedtls api returned failed */
#define ESP_ERR_MBEDTLS_SSL_CONF_PSK_FAILED (ESP_ERR_ESP_TLS_BASE + 0x1B) /*!< mbedtls api returned failed */
#define ESP_ERR_MBEDTLS_SSL_TICKET_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x1C) /*!< mbedtls api returned failed */
/* wolfssl specific error codes */
#define ESP_ERR_WOLFSSL_SSL_SET_HOSTNAME_FAILED (ESP_ERR_ESP_TLS_BASE + 0x31) /*!< wolfSSL api returned error */
#define ESP_ERR_WOLFSSL_SSL_CONF_ALPN_PROTOCOLS_FAILED (ESP_ERR_ESP_TLS_BASE + 0x32) /*!< wolfSSL api returned error */
#define ESP_ERR_WOLFSSL_CERT_VERIFY_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x33) /*!< wolfSSL api returned error */
#define ESP_ERR_WOLFSSL_KEY_VERIFY_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x34) /*!< wolfSSL api returned error */
#define ESP_ERR_WOLFSSL_SSL_HANDSHAKE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x35) /*!< wolfSSL api returned failed */
#define ESP_ERR_WOLFSSL_CTX_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x36) /*!< wolfSSL api returned failed */
#define ESP_ERR_WOLFSSL_SSL_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x37) /*!< wolfSSL api returned failed */
#define ESP_ERR_WOLFSSL_SSL_WRITE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x38) /*!< wolfSSL api returned failed */
/**
* Definition of errors reported from IO API (potentially non-blocking) in case of error:
* - esp_tls_conn_read()
* - esp_tls_conn_write()
*/
#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
#define ESP_TLS_ERR_SSL_WANT_READ MBEDTLS_ERR_SSL_WANT_READ
#define ESP_TLS_ERR_SSL_WANT_WRITE MBEDTLS_ERR_SSL_WANT_WRITE
#define ESP_TLS_ERR_SSL_TIMEOUT MBEDTLS_ERR_SSL_TIMEOUT
#elif CONFIG_ESP_TLS_USING_WOLFSSL /* CONFIG_ESP_TLS_USING_MBEDTLS */
#define ESP_TLS_ERR_SSL_WANT_READ -0x6900
#define ESP_TLS_ERR_SSL_WANT_WRITE -0x6880
#define ESP_TLS_ERR_SSL_TIMEOUT WOLFSSL_CBIO_ERR_TIMEOUT
#endif /*CONFIG_ESP_TLS_USING_WOLFSSL */
/**
* Definition of different types/sources of error codes reported
* from different components
*/
typedef enum {
ESP_TLS_ERR_TYPE_UNKNOWN = 0,
ESP_TLS_ERR_TYPE_SYSTEM, /*!< System error -- errno */
ESP_TLS_ERR_TYPE_MBEDTLS, /*!< Error code from mbedTLS library */
ESP_TLS_ERR_TYPE_MBEDTLS_CERT_FLAGS, /*!< Certificate flags defined in mbedTLS */
ESP_TLS_ERR_TYPE_ESP, /*!< ESP-IDF error type -- esp_err_t */
ESP_TLS_ERR_TYPE_WOLFSSL, /*!< Error code from wolfSSL library */
ESP_TLS_ERR_TYPE_WOLFSSL_CERT_FLAGS, /*!< Certificate flags defined in wolfSSL */
ESP_TLS_ERR_TYPE_MAX, /*!< Last err type -- invalid entry */
} esp_tls_error_type_t;
typedef struct esp_tls_last_error* esp_tls_error_handle_t;
/**
* @brief Error structure containing relevant errors in case tls error occurred
*/
typedef struct esp_tls_last_error {
esp_err_t last_error; /*!< error code (based on ESP_ERR_ESP_TLS_BASE) of the last occurred error */
int esp_tls_error_code; /*!< esp_tls error code from last esp_tls failed api */
int esp_tls_flags; /*!< last certification verification flags */
} esp_tls_last_error_t;
#ifdef __cplusplus
}
#endif
#endif //_ESP_TLS_ERRORS_H_

54
tools/sdk/esp32s3/include/esp-tls/private_include/esp_tls_error_capture_internal.h Normal file
View File

@ -0,0 +1,54 @@
/*
* SPDX-FileCopyrightText: 2017-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef __ESP_TLS_ERROR_CAPTURE_INTERNAL_H__
#define __ESP_TLS_ERROR_CAPTURE_INTERNAL_H__
/**
* Note: this is an implementation placeholder for error logger.
* This version is internal to esp-tls component and only saves single esp_err of last occurred error
*/
#ifdef __cplusplus
extern "C" {
#endif
/**
* Error tracker logging macro to enable mapping tracking errors internally
* or using an external/global implementation
*/
#define ESP_INT_EVENT_TRACKER_CAPTURE(h, type, code) esp_tls_internal_event_tracker_capture(h, type, code)
/**
* @brief Internal tracker capture error
*
* This implementation saves latest errors of available types
*
* @param[in] h esp-tls error handle
* @param[in] err_type Specific error type
* @param[int] code Error code to capture
*
*/
void esp_tls_internal_event_tracker_capture(esp_tls_error_handle_t h, uint32_t type, int code);
/**
* @brief Create internal tracker storage
*
* @return Error tracker handle if success or NULL if allocation error
*/
esp_tls_error_handle_t esp_tls_internal_event_tracker_create(void);
/**
* @brief Destroy internal tracker storage
*
* @param[in] h esp-tls error handle
*/
void esp_tls_internal_event_tracker_destroy(esp_tls_error_handle_t h);
#ifdef __cplusplus
}
#endif
#endif //__ESP_TLS_ERROR_CAPTURE_INTERNAL_H__

127
tools/sdk/esp32s3/include/esp-tls/private_include/esp_tls_mbedtls.h Normal file
View File

@ -0,0 +1,127 @@
/*
* SPDX-FileCopyrightText: 2019-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
#include "esp_tls.h"
/**
* Internal Callback API for mbedtls_ssl_read
*/
ssize_t esp_mbedtls_read(esp_tls_t *tls, char *data, size_t datalen);
/**
* Internal callback API for mbedtls_ssl_write
*/
ssize_t esp_mbedtls_write(esp_tls_t *tls, const char *data, size_t datalen);
/**
* Internal Callback for mbedtls_handshake
*/
int esp_mbedtls_handshake(esp_tls_t *tls, const esp_tls_cfg_t *cfg);
/**
* Internal Callback for mbedtls_cleanup , frees up all the memory used by mbedtls
*/
void esp_mbedtls_cleanup(esp_tls_t *tls);
/**
* Internal Callback for Certificate verification for mbedtls
*/
void esp_mbedtls_verify_certificate(esp_tls_t *tls);
/**
* Internal Callback for deleting the mbedtls connection
*/
void esp_mbedtls_conn_delete(esp_tls_t *tls);
/**
* Internal Callback for mbedtls_get_bytes_avail
*/
ssize_t esp_mbedtls_get_bytes_avail(esp_tls_t *tls);
/**
* Internal Callback for creating ssl handle for mbedtls
*/
esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls);
/**
* mbedTLS function for Initializing socket wrappers
*/
static inline void esp_mbedtls_net_init(esp_tls_t *tls)
{
mbedtls_net_init(&tls->server_fd);
}
#ifdef CONFIG_ESP_TLS_SERVER
/**
* Internal Callback for set_server_config
*
* /note :- can only be used with mbedtls ssl library
*/
esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls);
/**
* Internal Callback for mbedtls_server_session_create
*
* /note :- The function can only be used with mbedtls ssl library
*/
int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls);
/**
* Internal Callback for mbedtls_server_session_delete
*
* /note :- The function can only be used with mbedtls ssl library
*/
void esp_mbedtls_server_session_delete(esp_tls_t *tls);
#ifdef CONFIG_ESP_TLS_SERVER_SESSION_TICKETS
/**
* Internal function to setup server side session ticket context
*
* /note :- The function can only be used with mbedtls ssl library
*/
esp_err_t esp_mbedtls_server_session_ticket_ctx_init(esp_tls_server_session_ticket_ctx_t *cfg);
/**
* Internal function to free server side session ticket context
*
* /note :- The function can only be used with mbedtls ssl library
*/
void esp_mbedtls_server_session_ticket_ctx_free(esp_tls_server_session_ticket_ctx_t *cfg);
#endif
#endif
/**
* Internal Callback for set_client_config_function
*/
esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t *cfg, esp_tls_t *tls);
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
/**
* Internal Callback for mbedtls_get_client_session
*/
esp_tls_client_session_t *esp_mbedtls_get_client_session(esp_tls_t *tls);
#endif
/**
* Internal Callback for mbedtls_init_global_ca_store
*/
esp_err_t esp_mbedtls_init_global_ca_store(void);
/**
* Callback function for setting global CA store data for TLS/SSL using mbedtls
*/
esp_err_t esp_mbedtls_set_global_ca_store(const unsigned char *cacert_pem_buf, const unsigned int cacert_pem_bytes);
/**
* Internal Callback for esp_tls_global_ca_store
*/
mbedtls_x509_crt *esp_mbedtls_get_global_ca_store(void);
/**
* Callback function for freeing global ca store for TLS/SSL using mbedtls
*/
void esp_mbedtls_free_global_ca_store(void);

85
tools/sdk/esp32s3/include/esp-tls/private_include/esp_tls_wolfssl.h Normal file
View File

@ -0,0 +1,85 @@
/*
* SPDX-FileCopyrightText: 2019-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
#include "esp_tls.h"
/**
* Internal Callback for creating ssl handle for wolfssl
*/
int esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls);
/**
* Internal Callback for wolfssl_handshake
*/
int esp_wolfssl_handshake(esp_tls_t *tls, const esp_tls_cfg_t *cfg);
/**
* Internal Callback API for wolfssl_ssl_read
*/
ssize_t esp_wolfssl_read(esp_tls_t *tls, char *data, size_t datalen);
/**
* Internal callback API for wolfssl_ssl_write
*/
ssize_t esp_wolfssl_write(esp_tls_t *tls, const char *data, size_t datalen);
/**
* Internal Callback for wolfssl_cleanup , frees up all the memory used by wolfssl
*/
void esp_wolfssl_cleanup(esp_tls_t *tls);
/**
* Internal Callback for Certificate verification for wolfssl
*/
void esp_wolfssl_verify_certificate(esp_tls_t *tls);
/**
* Internal Callback for deleting the wolfssl connection
*/
void esp_wolfssl_conn_delete(esp_tls_t *tls);
/**
* Internal Callback for wolfssl_get_bytes_avail
*/
ssize_t esp_wolfssl_get_bytes_avail(esp_tls_t *tls);
/**
* Callback function for setting global CA store data for TLS/SSL using wolfssl
*/
esp_err_t esp_wolfssl_set_global_ca_store(const unsigned char *cacert_pem_buf, const unsigned int cacert_pem_bytes);
/**
* Callback function for freeing global ca store for TLS/SSL using wolfssl
*/
void esp_wolfssl_free_global_ca_store(void);
/**
*
* Callback function for Initializing the global ca store for TLS?SSL using wolfssl
*/
esp_err_t esp_wolfssl_init_global_ca_store(void);
/**
* wolfSSL function for Initializing socket wrappers (no-operation for wolfSSL)
*/
static inline void esp_wolfssl_net_init(esp_tls_t *tls)
{
}
#ifdef CONFIG_ESP_TLS_SERVER
/**
* Function to Create ESP-TLS Server session with wolfssl Stack
*/
int esp_wolfssl_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls);
/*
* Delete Server Session
*/
void esp_wolfssl_server_session_delete(esp_tls_t *tls);
#endif