From 734c1dd954a37cc859962f567b2d4b9c148b7657 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Mon, 14 Nov 2016 09:40:12 +0800 Subject: [PATCH 1/8] components/openssl: sync the code form esp8266 sdk --- components/openssl/include/internal/ssl_dbg.h | 7 ++-- components/openssl/platform/ssl_pm.c | 35 ++++++++++++++++++- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/components/openssl/include/internal/ssl_dbg.h b/components/openssl/include/internal/ssl_dbg.h index 887fe2e82b..b4c0754637 100644 --- a/components/openssl/include/internal/ssl_dbg.h +++ b/components/openssl/include/internal/ssl_dbg.h @@ -55,16 +55,17 @@ #else #ifdef SSL_PRINT_LOG #undef SSL_PRINT_LOG - #define SSL_PRINT_LOG(...) #endif + #define SSL_PRINT_LOG(...) + #ifdef SSL_ERROR_LOG #undef SSL_ERROR_LOG - #define SSL_ERROR_LOG(...) #endif + #define SSL_ERROR_LOG(...) #ifdef SSL_LOCAL_LOG #undef SSL_LOCAL_LOG - #define SSL_LOCAL_LOG(...) #endif + #define SSL_LOCAL_LOG(...) #endif #if SSL_DEBUG_LOCATION_ENABLE diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 92e72bfdb8..091402cda4 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -215,6 +215,31 @@ static int ssl_pm_reload_crt(SSL *ssl) return 0; } +/* + * Perform the mbedtls SSL handshake instead of mbedtls_ssl_handshake. + * We can add debug here. + */ +LOCAL int mbedtls_handshake( mbedtls_ssl_context *ssl ) +{ + int ret = 0; + + if (ssl == NULL || ssl->conf == NULL) + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + + while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) + { + ret = mbedtls_ssl_handshake_step(ssl); + + SSL_DEBUG(1, "ssl ret %d state %d heap %d\n", + ret, ssl->state, system_get_free_heap_size()); + + if (ret != 0) + break; + } + + return ret; +} + int ssl_pm_handshake(SSL *ssl) { int ret, mbed_ret; @@ -224,13 +249,19 @@ int ssl_pm_handshake(SSL *ssl) if (mbed_ret) return 0; + SSL_DEBUG(1, "ssl_speed_up_enter "); ssl_speed_up_enter(); - while((mbed_ret = mbedtls_ssl_handshake(&ssl_pm->ssl)) != 0) { + SSL_DEBUG(1, "OK\n"); + + while((mbed_ret = mbedtls_handshake(&ssl_pm->ssl)) != 0) { if (mbed_ret != MBEDTLS_ERR_SSL_WANT_READ && mbed_ret != MBEDTLS_ERR_SSL_WANT_WRITE) { break; } } + + SSL_DEBUG(1, "ssl_speed_up_exit "); ssl_speed_up_exit(); + SSL_DEBUG(1, "OK\n"); if (!mbed_ret) { struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm; @@ -492,6 +523,7 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len) return 0; failed2: + mbedtls_x509_crt_free(x509_pm->x509_crt); ssl_mem_free(x509_pm->x509_crt); x509_pm->x509_crt = NULL; failed1: @@ -567,6 +599,7 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len) return 0; failed2: + mbedtls_pk_free(pkey_pm->pkey); ssl_mem_free(pkey_pm->pkey); pkey_pm->pkey = NULL; failed1: From 794b4ff578c6c79416d616659250299d6eab087b Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Mon, 14 Nov 2016 15:11:22 +0800 Subject: [PATCH 2/8] components/openssl: add client and server demo --- examples/09_openssl/Makefile | 9 + examples/09_openssl/README.md | 21 + examples/09_openssl/main/Kconfig.projbuild | 27 ++ examples/09_openssl/main/component.mk | 10 + examples/09_openssl/main/openssl_demo.c | 430 +++++++++++++++++++++ examples/09_openssl/main/openssl_demo.h | 66 ++++ 6 files changed, 563 insertions(+) create mode 100644 examples/09_openssl/Makefile create mode 100644 examples/09_openssl/README.md create mode 100644 examples/09_openssl/main/Kconfig.projbuild create mode 100644 examples/09_openssl/main/component.mk create mode 100644 examples/09_openssl/main/openssl_demo.c create mode 100644 examples/09_openssl/main/openssl_demo.h diff --git a/examples/09_openssl/Makefile b/examples/09_openssl/Makefile new file mode 100644 index 0000000000..8987be554c --- /dev/null +++ b/examples/09_openssl/Makefile @@ -0,0 +1,9 @@ +# +# This is a project Makefile. It is assumed the directory this Makefile resides in is a +# project subdirectory. +# + +PROJECT_NAME := openssl + +include $(IDF_PATH)/make/project.mk + diff --git a/examples/09_openssl/README.md b/examples/09_openssl/README.md new file mode 100644 index 0000000000..54b0133420 --- /dev/null +++ b/examples/09_openssl/README.md @@ -0,0 +1,21 @@ +# Openssl Example + +The Example contains of OpenSSL client and server demo. + +First you should config the project by "menuconfig": + Example Configuration -> + 1. Openssl demo: select your demo (client or server) + 2. WiFi SSID: you own wifi, which you pc is connected to alse. + 3. WiFi Password: wifi password + +If you want to test the OpenSSL client demo: + 1. compile the code and load the firmware + 2. you can see it will download the "www.baidu.com" main page and print the context + +IF you want to test the openSSL client demo: + 1. compile the code and load the firmware + 2. You should input the context of "https://192.168.17.128", the IP of your module may not be 192.168.17.128, you should input your module's IP + 3. You may see that it shows the website is not able to be trusted, but you should select that "go on to visit it" + 4. You should wait for a moment until your see the "OpenSSL server demo!" in your IE page + +See the README.md file in the upper level 'examples' directory for more information about examples. diff --git a/examples/09_openssl/main/Kconfig.projbuild b/examples/09_openssl/main/Kconfig.projbuild new file mode 100644 index 0000000000..b42529ca19 --- /dev/null +++ b/examples/09_openssl/main/Kconfig.projbuild @@ -0,0 +1,27 @@ +menu "Example Configuration" + +choice OPENSSL_DEMO + prompt "Openssl demo" + default OPENSSL_CLIENT_DEMO + help + Openssl test demo mode, client or server. + +config OPENSSL_CLIENT_DEMO + bool "client demo" +config OPENSSL_SERVER_DEMO + bool "server demon" +endchoice + +config WIFI_SSID + string "WiFi SSID" + default "myssid" + help + SSID (network name) for the example to connect to. + +config WIFI_PASSWORD + string "WiFi Password" + default "myssid" + help + WiFi password (WPA or WPA2) for the example to use. + +endmenu \ No newline at end of file diff --git a/examples/09_openssl/main/component.mk b/examples/09_openssl/main/component.mk new file mode 100644 index 0000000000..24356f23ed --- /dev/null +++ b/examples/09_openssl/main/component.mk @@ -0,0 +1,10 @@ +# +# Main Makefile. This is basically the same as a component makefile. +# +# This Makefile should, at the very least, just include $(SDK_PATH)/make/component_common.mk. By default, +# this will take the sources in the src/ directory, compile them and link them into +# lib(subdirectory_name).a in the build directory. This behaviour is entirely configurable, +# please read the ESP-IDF documents if you need to do this. +# + +include $(IDF_PATH)/make/component_common.mk diff --git a/examples/09_openssl/main/openssl_demo.c b/examples/09_openssl/main/openssl_demo.c new file mode 100644 index 0000000000..d541b26253 --- /dev/null +++ b/examples/09_openssl/main/openssl_demo.c @@ -0,0 +1,430 @@ +#include +#include + +#include "openssl_demo.h" +#include "openssl/ssl.h" + +#include "freertos/FreeRTOS.h" +#include "freertos/task.h" +#include "freertos/event_groups.h" + +#include "esp_types.h" +#include "esp_system.h" +#include "esp_wifi.h" +#include "esp_event_loop.h" +#include "esp_log.h" + +#include "lwip/sockets.h" +#include "lwip/api.h" + +#include "nvs_flash.h" + + +#define os_printf(fmt, ...) ESP_LOGI("openssl_demo", fmt, ##__VA_ARGS__) + +#define IP_ADDR(ip) ip.u_addr.ip4.addr + +/* The examples use simple WiFi configuration that you can set via + 'make menuconfig'. + + If you'd rather not, just change the below entries to strings with + the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid" +*/ +#define EXAMPLE_WIFI_SSID CONFIG_WIFI_SSID +#define EXAMPLE_WIFI_PASS CONFIG_WIFI_PASSWORD + +#define OPENSSL_DEMO_THREAD_STACK_WORDS 8192 +#define OPENSSL_DEMO_THREAD_PRORIOTY 6 + +#define OPENSSL_DEMO_FRAGMENT_SIZE 8192 + +#define OPENSSL_DEMO_RECV_BUF_LEN 1024 + +#define OPENSSL_DEMO_LOCAL_TCP_PORT 443 + +#ifdef CONFIG_OPENSSL_CLIENT_DEMO + +#define OPENSSL_DEMO_THREAD_NAME "ssl_client" + +#define OPENSSL_DEMO_TARGET_NAME "www.baidu.com" +#define OPENSSL_DEMO_TARGET_TCP_PORT 443 + +#define OPENSSL_DEMO_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n" + +LOCAL void openssl_demo_thread(void *p) +{ + int ret; + + SSL_CTX *ctx; + SSL *ssl; + + int socket; + struct sockaddr_in sock_addr; + + ip_addr_t target_ip; + + int recv_bytes = 0; + + LOCAL char send_data[] = OPENSSL_DEMO_REQUEST; + LOCAL int send_bytes = sizeof(send_data); + + LOCAL char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN]; + + os_printf("OpenSSL demo thread start\n"); + + do { + ret = netconn_gethostbyname(OPENSSL_DEMO_TARGET_NAME, &target_ip); + } while(ret); + os_printf("get target IP is %d.%d.%d.%d\n", + (unsigned char)((IP_ADDR(target_ip) & 0x000000ff) >> 0), + (unsigned char)((IP_ADDR(target_ip) & 0x0000ff00) >> 8), + (unsigned char)((IP_ADDR(target_ip) & 0x00ff0000) >> 16), + (unsigned char)((IP_ADDR(target_ip) & 0xff000000) >> 24)); + + os_printf("create SSL context ......"); + ctx = SSL_CTX_new(TLSv1_1_client_method()); + if (!ctx) { + os_printf("failed\n"); + goto failed1; + } + os_printf("OK\n"); + + /** + * The openssl does not support "SSL_CTX_set_default_read_buffer_len" + * at the platform of ESP32 esp_idf now. + * + * So you should not care it now. And We my let it work later. + */ + os_printf("set SSL context read buffer size ......"); + SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_DEMO_FRAGMENT_SIZE); + ret = 0; + if (ret) { + os_printf("failed, return %d\n", ret); + goto failed2; + } + os_printf("OK\n"); + + os_printf("create socket ......"); + socket = socket(AF_INET, SOCK_STREAM, 0); + if (socket < 0) { + os_printf("failed\n"); + goto failed3; + } + os_printf("OK\n"); + + os_printf("bind socket ......"); + memset(&sock_addr, 0, sizeof(sock_addr)); + sock_addr.sin_family = AF_INET; + sock_addr.sin_addr.s_addr = 0; + sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT); + ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); + if (ret) { + os_printf("failed\n"); + goto failed4; + } + os_printf("OK\n"); + + os_printf("socket connect to remote %s ......", OPENSSL_DEMO_TARGET_NAME); + memset(&sock_addr, 0, sizeof(sock_addr)); + sock_addr.sin_family = AF_INET; + sock_addr.sin_addr.s_addr = IP_ADDR(target_ip); + sock_addr.sin_port = htons(OPENSSL_DEMO_TARGET_TCP_PORT); + ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); + if (ret) { + os_printf("failed\n"); + goto failed5; + } + os_printf("OK\n"); + + os_printf("create SSL ......"); + ssl = SSL_new(ctx); + if (!ssl) { + os_printf("failed\n"); + goto failed6; + } + os_printf("OK\n"); + + SSL_set_fd(ssl, socket); + + os_printf("SSL connected to %s port %d ......", + OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT); + ret = SSL_connect(ssl); + if (!ret) { + os_printf("failed, return [-0x%x]\n", -ret); + goto failed7; + } + os_printf("OK\n"); + + os_printf("send https request to %s port %d ......", + OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT); + ret = SSL_write(ssl, send_data, send_bytes); + if (ret <= 0) { + os_printf("failed\n"); + goto failed8; + } + os_printf("OK\n\n"); + + do { + ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1); + if (ret <= 0) { + break; + } + recv_bytes += ret; + os_printf("%s", recv_buf); + } while (1); + + os_printf("\r\ntotaly read %d bytes data from %s ......\n", recv_bytes, OPENSSL_DEMO_TARGET_NAME); + +failed8: + SSL_shutdown(ssl); +failed7: + SSL_free(ssl); + ssl = NULL; +failed6: +failed5: +failed4: + close(socket); + socket = -1; +failed3: +failed2: + SSL_CTX_free(ctx); + ctx = NULL; +failed1: + vTaskDelete(NULL); + + os_printf("task exit\n"); + + return ; +} + +#elif defined(CONFIG_OPENSSL_SERVER_DEMO) + +#define OPENSSL_DEMO_THREAD_NAME "openssl_server" + +#define OPENSSL_DEMO_CLIENT_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n" + +#define OPENSSL_DEMO_SERVER_ACK "HTTP/1.1 200 OK\r\n" \ + "Content-Type: text/html\r\n" \ + "Content-Length: 98\r\n" \ + "\r\n" \ + "\r\n" \ + "openSSL demo\r\n" \ + "OpenSSL server demo!\r\n" \ + "\r\n" \ + "\r\n" + +LOCAL void openssl_demo_thread(void *p) +{ + int ret; + + SSL_CTX *ctx; + SSL *ssl; + + int socket, new_socket; + socklen_t addr_len; + struct sockaddr_in sock_addr; + + LOCAL char send_data[] = OPENSSL_DEMO_SERVER_ACK; + LOCAL int send_bytes = sizeof(send_data); + + LOCAL char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN]; + + os_printf("server SSL context create ......"); + ctx = SSL_CTX_new(SSLv3_server_method()); + if (!ctx) { + os_printf("failed\n"); + goto failed1; + } + os_printf("OK\n"); + + /** + * The openssl does not support "SSL_CTX_set_default_read_buffer_len" + * at the platform of ESP32 esp_idf now. + * + * So you should not care it now. And We my let it work later. + */ + os_printf("server SSL context set fragment ......"); + SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_DEMO_FRAGMENT_SIZE); + ret = 0; + if (ret) { + os_printf("failed, return %d\n", ret); + goto failed2; + } + os_printf("OK\n"); + + os_printf("server SSL context set own certification......"); + ret = SSL_CTX_use_certificate_ASN1(ctx, cert_bytes, cert_ctx); + if (!ret) { + os_printf("failed, return %d\n", ret); + goto failed2; + } + os_printf("OK\n"); + + os_printf("server SSL context set private key......"); + ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, key_ctx, key_bytes); + if (!ret) { + os_printf("failed, return %d\n", ret); + goto failed2; + } + os_printf("OK\n"); + + os_printf("server create socket ......"); + socket = socket(AF_INET, SOCK_STREAM, 0); + if (socket < 0) { + os_printf("failed\n"); + goto failed2; + } + os_printf("OK\n"); + + os_printf("server socket bind ......"); + memset(&sock_addr, 0, sizeof(sock_addr)); + sock_addr.sin_family = AF_INET; + sock_addr.sin_addr.s_addr = 0; + sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT); + ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); + if (ret) { + os_printf("failed\n"); + goto failed3; + } + os_printf("OK\n"); + + os_printf("server socket listen ......"); + ret = listen(socket, 32); + if (ret) { + os_printf("failed\n"); + goto failed3; + } + os_printf("OK\n"); + +reconnect: + os_printf("server SSL create ......"); + ssl = SSL_new(ctx); + if (!ssl) { + os_printf("failed\n"); + goto failed3; + } + os_printf("OK\n"); + + os_printf("server socket accept client ......"); + new_socket = accept(socket, (struct sockaddr *)&sock_addr, &addr_len); + if (new_socket < 0) { + os_printf("failed, return [-0x%x]\n", -new_socket); + goto failed4; + } + os_printf("OK\n"); + + SSL_set_fd(ssl, new_socket); + + os_printf("server SSL accept client ......"); + ret = SSL_accept(ssl); + if (!ret) { + os_printf("failed\n"); + goto failed5; + } + os_printf("OK\n"); + + os_printf("server SSL read message ......"); + do { + memset(recv_buf, 0, OPENSSL_DEMO_RECV_BUF_LEN); + ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1); + if (ret <= 0) { + break; + } + if (strstr(recv_buf, "GET / HTTP/1.1")) { + SSL_write(ssl, send_data, send_bytes); + break; + } + } while (1); + + os_printf("result %d\n", ret); + + SSL_shutdown(ssl); +failed5: + close(new_socket); + new_socket = -1; +failed4: + SSL_free(ssl); + ssl = NULL; + goto reconnect; +failed3: + close(socket); + socket = -1; +failed2: + SSL_CTX_free(ctx); + ctx = NULL; +failed1: + vTaskDelete(NULL); + + return ; +} + +#else + #error "you must choose the right demo type" +#endif + +LOCAL void demo_init(void) +{ + int ret = pdFALSE; + +#if defined(CONFIG_OPENSSL_CLIENT_DEMO) || defined(CONFIG_OPENSSL_SERVER_DEMO) + xTaskHandle openssl_handle; + + ret = xTaskCreate(openssl_demo_thread, + OPENSSL_DEMO_THREAD_NAME, + OPENSSL_DEMO_THREAD_STACK_WORDS, + NULL, + OPENSSL_DEMO_THREAD_PRORIOTY, + &openssl_handle); +#endif + + if (ret != pdPASS) { + os_printf("create thread %s failed\n", OPENSSL_DEMO_THREAD_NAME); + return ; + } +} + +LOCAL esp_err_t wifi_event_handler(void *ctx, system_event_t *event) +{ + switch(event->event_id) { + case SYSTEM_EVENT_STA_START: + esp_wifi_connect(); + break; + case SYSTEM_EVENT_STA_GOT_IP: + demo_init(); + break; + case SYSTEM_EVENT_STA_DISCONNECTED: + /* This is a workaround as ESP32 WiFi libs don't currently + auto-reassociate. */ + esp_wifi_connect(); + break; + default: + break; + } + return ESP_OK; +} + +LOCAL void wifi_conn_init(void) +{ + tcpip_adapter_init(); + ESP_ERROR_CHECK( esp_event_loop_init(wifi_event_handler, NULL) ); + wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); + ESP_ERROR_CHECK( esp_wifi_init(&cfg) ); + ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) ); + wifi_config_t wifi_config = { + .sta = { + .ssid = EXAMPLE_WIFI_SSID, + .password = EXAMPLE_WIFI_PASS, + }, + }; + ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) ); + ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); + os_printf("start the WIFI SSID:[%s] password:[%s]\n", EXAMPLE_WIFI_SSID, EXAMPLE_WIFI_PASS); + ESP_ERROR_CHECK( esp_wifi_start() ); +} + +void app_main(void) +{ + nvs_flash_init(); + wifi_conn_init(); +} + diff --git a/examples/09_openssl/main/openssl_demo.h b/examples/09_openssl/main/openssl_demo.h new file mode 100644 index 0000000000..89cd264b46 --- /dev/null +++ b/examples/09_openssl/main/openssl_demo.h @@ -0,0 +1,66 @@ +#ifndef _OPENSSL_DEMO_H_ +#define _OPENSSL_DEMO_H_ + +const static unsigned char key_ctx[] = + "-----BEGIN PRIVATE KEY-----\r\n" + "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDQyyF0WBb2XbkL\r\n" + "wYFgyoPOanYvbb/qwbAkGf1zSPX35xruZmjszjcverMoyF6x2MBxD3gP1ijBR0Rr\r\n" + "0J0CfluABDLkzqpF5smOVX9k8W7ePClm91NhcASuF+CaZOe6B+6vOYShYjhe6eFG\r\n" + "AGk8SP4zSrG2XHNKXlR3w8duK9fyOOZLWRjL3T6+++HEaly1p4ujKZhrm5wHzywA\r\n" + "DvjDdvIWBCW1Z+8j7Q9qUITjlsDWHjrXCpyEfclE1WQxTP/W7rBLxNVxTfwbrdcD\r\n" + "HNrKTOXtN+oDmCruvmBnTkz9x4Te6wJuvtFd0fBtW1kWsMzomvOlKmvHo0gmpqfh\r\n" + "CwEPoKCNAgMBAAECggEBAIVr+LHXBL1kQLZhbiKC5t1FrMY8FLKYGM3JCevciMlk\r\n" + "lhIXwR7p29vsRYZfHBv7zWWyI9/C04JG31MiGOMaCbBxfnA2HBrVEqFwwxqnKVi8\r\n" + "CxzwGQkfwu3Y9j7TEj0PipfQYo+aKzmDrN/FrXnHjyEJryxAQbAZPVLW+Z7OR41R\r\n" + "ZOwtZLeVqmbeARGpu2Xd9SKAhbjdLSz96IdUcNrwbP/lzUgrKaiUioBMVFfIG5ce\r\n" + "4Mm2seCwaWxI8k24q0keSjsjV+5IxatVUNtJ9vYv6Tzo+3oqGvPeUBO7w9xhbLKf\r\n" + "jw1uEykcs0wcftWb1iB7r78bMPZ/KYhnSFsjT+vnIOECgYEA9LM5p63sn6OWrULd\r\n" + "doBBLaIw1ZK9rDUFLLRwv0e6+7tuuB08ok6D7PSfOpx0bb10lIx7epOE8ogGSmLS\r\n" + "w0rMbmcKAlTLAJ/0nX1ierZkb+Ay21F398tKL3igEfnaB9CzuOHF8XhbsTqeGFDJ\r\n" + "HFBMXxTbo4kfkUmZNYxwTombzkkCgYEA2m9teqjEOVZItqghOicWZ68JhWxBJFme\r\n" + "oSfzJKLd8atfUOnBLqAhPzvg1PvdIxjLWBqy28tEJf+jdSQCNe9BmhlptOwbFrJy\r\n" + "IyCXj6QTApSKTxyzIjMvzQkv1m8CxeCq5T64hvJ2++i7dlhumh21c7oL8aLeTnoe\r\n" + "AG1dBLJ9UCUCgYAhSlDJsyvB/Ct/nt0qRgCYCLzEEZakWwI9Nr8wBr41iSZi/fdF\r\n" + "zZC9J/qRqr9cPq4hl4sk/fTUWhUhAZjS4NY3HuWJs6d6ikhpNKm1MCMx5TqGA+ti\r\n" + "VtHc63g7edZjwczxliWr2EgBMIxZmoQByhrZxKis8vbMeUrSsiyFQstjoQKBgD3k\r\n" + "2Paqn39Hra7kERYzQSv78wy1UfgE1OgBM+orpAv4bTe2JKEbipAqXVi8TTrGqce7\r\n" + "OPcCr7q8pwpoO6AgvUv263byd/KEecbuU0PGUASpJk+oaDHGo0LL2Zw/NF/xezsd\r\n" + "/JdwWLqkhYnRIPXWeTXjf8LmTWubOqkQVA0irlNpAoGAJ+9N/NF3XAW0BroiVYLZ\r\n" + "p0Btcgt+b4LWrBlm0XqHhzKUlqhfibAr3OtUkFjo/509ncYPiuOzVSNosyjXFJ86\r\n" + "2kQ88fB3eeLnBAcbBXQKiOBPU2y6bCCfgdo+JEOK/cxVslaxMAyKSnFi9gdgzScd\r\n" + "k+hOlkflXQVkic3W358kFto=\r\n" + "-----END PRIVATE KEY-----\r\n" + ; +static int key_bytes = sizeof(key_ctx); + +const static unsigned char cert_ctx[] = + "-----BEGIN CERTIFICATE-----\r\n" + "MIID7jCCAtYCAQEwDQYJKoZIhvcNAQELBQAwgbwxCzAJBgNVBAYTAkNOMRAwDgYD\r\n" + "VQQIDAdKaWFuZ3N1MQ0wCwYDVQQHDARXdXhpMSYwJAYDVQQKDB1Fc3ByZXNzaWYg\r\n" + "Um9vdCBSU0EyMDQ4IHNoYTI1NjEcMBoGA1UECwwTUm9vdCBSU0EyMDQ4IHNoYTI1\r\n" + "NjEfMB0GA1UEAwwWcm9vdGNlcnQuZXNwcmVzc2lmLmNvbTElMCMGCSqGSIb3DQEJ\r\n" + "ARYWcm9vdGNlcnRAZXNwcmVzc2lmLmNvbTAeFw0xNjA2MjgwMjMxMjlaFw0yNjA2\r\n" + "MjYwMjMxMjlaMIG8MQswCQYDVQQGEwJDTjEQMA4GA1UECAwHSmlhbmdzdTENMAsG\r\n" + "A1UEBwwEV3V4aTEmMCQGA1UECgwdRXNwcmVzc2lmIFJvb3QgUlNBMjA0OCBzaGEy\r\n" + "NTYxHDAaBgNVBAsME1Jvb3QgUlNBMjA0OCBzaGEyNTYxHzAdBgNVBAMMFnJvb3Rj\r\n" + "ZXJ0LmVzcHJlc3NpZi5jb20xJTAjBgkqhkiG9w0BCQEWFnJvb3RjZXJ0QGVzcHJl\r\n" + "c3NpZi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQyyF0WBb2\r\n" + "XbkLwYFgyoPOanYvbb/qwbAkGf1zSPX35xruZmjszjcverMoyF6x2MBxD3gP1ijB\r\n" + "R0Rr0J0CfluABDLkzqpF5smOVX9k8W7ePClm91NhcASuF+CaZOe6B+6vOYShYjhe\r\n" + "6eFGAGk8SP4zSrG2XHNKXlR3w8duK9fyOOZLWRjL3T6+++HEaly1p4ujKZhrm5wH\r\n" + "zywADvjDdvIWBCW1Z+8j7Q9qUITjlsDWHjrXCpyEfclE1WQxTP/W7rBLxNVxTfwb\r\n" + "rdcDHNrKTOXtN+oDmCruvmBnTkz9x4Te6wJuvtFd0fBtW1kWsMzomvOlKmvHo0gm\r\n" + "pqfhCwEPoKCNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBABTYZLiFHq51lqaa0nHI\r\n" + "aDMAb29DfO93fqp+oHZYO4xKyEeLr8EhD39GjnQmhz710wO0TBCYV7nD+xnJ1h5F\r\n" + "IbQUAQZO9NIy3ns4mYVRUWjnWYAo+evGeKgRrxvh7sjNLPBPzs9tg/u7XjBp/nor\r\n" + "8JnnFFT0wXPyi/qg8J3QutqJvWRQGRRx2AP93F44+Zcj7ReFMVSmOXyzT4aNJL0+\r\n" + "Ls+baKwA4pnyVRoAaKbs/JYDgd0/DunuktVKuhyvK/qOGjJSRLPhdrXbvSAegpiM\r\n" + "4xIm6ZWKtTv8VvkGgXUVQ7RpruP6nV6506gDcUgecbEq7H2VDhEzUYcMmGCUQZlG\r\n" + "sJ8=\r\n" + "-----END CERTIFICATE-----\r\n" + ; +static int cert_bytes = sizeof(cert_ctx); + + + +#endif From 858fe9815b37068bef9abd8b99e534876d7e3caa Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Tue, 15 Nov 2016 11:12:58 +0800 Subject: [PATCH 3/8] feature/openssl: add openssl client demo --- examples/09_openssl/README.md | 21 - examples/09_openssl/main/Kconfig.projbuild | 27 -- examples/09_openssl/main/openssl_demo.c | 430 ------------------ examples/09_openssl/main/openssl_demo.h | 66 --- .../Makefile | 2 +- examples/09_openssl_client/README.md | 16 + .../09_openssl_client/main/Kconfig.projbuild | 28 ++ .../main/component.mk | 2 +- .../09_openssl_client/main/openssl_client.c | 235 ++++++++++ .../09_openssl_client/main/openssl_client.h | 34 ++ 10 files changed, 315 insertions(+), 546 deletions(-) delete mode 100644 examples/09_openssl/README.md delete mode 100644 examples/09_openssl/main/Kconfig.projbuild delete mode 100644 examples/09_openssl/main/openssl_demo.c delete mode 100644 examples/09_openssl/main/openssl_demo.h rename examples/{09_openssl => 09_openssl_client}/Makefile (83%) create mode 100644 examples/09_openssl_client/README.md create mode 100644 examples/09_openssl_client/main/Kconfig.projbuild rename examples/{09_openssl => 09_openssl_client}/main/component.mk (86%) create mode 100644 examples/09_openssl_client/main/openssl_client.c create mode 100644 examples/09_openssl_client/main/openssl_client.h diff --git a/examples/09_openssl/README.md b/examples/09_openssl/README.md deleted file mode 100644 index 54b0133420..0000000000 --- a/examples/09_openssl/README.md +++ /dev/null @@ -1,21 +0,0 @@ -# Openssl Example - -The Example contains of OpenSSL client and server demo. - -First you should config the project by "menuconfig": - Example Configuration -> - 1. Openssl demo: select your demo (client or server) - 2. WiFi SSID: you own wifi, which you pc is connected to alse. - 3. WiFi Password: wifi password - -If you want to test the OpenSSL client demo: - 1. compile the code and load the firmware - 2. you can see it will download the "www.baidu.com" main page and print the context - -IF you want to test the openSSL client demo: - 1. compile the code and load the firmware - 2. You should input the context of "https://192.168.17.128", the IP of your module may not be 192.168.17.128, you should input your module's IP - 3. You may see that it shows the website is not able to be trusted, but you should select that "go on to visit it" - 4. You should wait for a moment until your see the "OpenSSL server demo!" in your IE page - -See the README.md file in the upper level 'examples' directory for more information about examples. diff --git a/examples/09_openssl/main/Kconfig.projbuild b/examples/09_openssl/main/Kconfig.projbuild deleted file mode 100644 index b42529ca19..0000000000 --- a/examples/09_openssl/main/Kconfig.projbuild +++ /dev/null @@ -1,27 +0,0 @@ -menu "Example Configuration" - -choice OPENSSL_DEMO - prompt "Openssl demo" - default OPENSSL_CLIENT_DEMO - help - Openssl test demo mode, client or server. - -config OPENSSL_CLIENT_DEMO - bool "client demo" -config OPENSSL_SERVER_DEMO - bool "server demon" -endchoice - -config WIFI_SSID - string "WiFi SSID" - default "myssid" - help - SSID (network name) for the example to connect to. - -config WIFI_PASSWORD - string "WiFi Password" - default "myssid" - help - WiFi password (WPA or WPA2) for the example to use. - -endmenu \ No newline at end of file diff --git a/examples/09_openssl/main/openssl_demo.c b/examples/09_openssl/main/openssl_demo.c deleted file mode 100644 index d541b26253..0000000000 --- a/examples/09_openssl/main/openssl_demo.c +++ /dev/null @@ -1,430 +0,0 @@ -#include -#include - -#include "openssl_demo.h" -#include "openssl/ssl.h" - -#include "freertos/FreeRTOS.h" -#include "freertos/task.h" -#include "freertos/event_groups.h" - -#include "esp_types.h" -#include "esp_system.h" -#include "esp_wifi.h" -#include "esp_event_loop.h" -#include "esp_log.h" - -#include "lwip/sockets.h" -#include "lwip/api.h" - -#include "nvs_flash.h" - - -#define os_printf(fmt, ...) ESP_LOGI("openssl_demo", fmt, ##__VA_ARGS__) - -#define IP_ADDR(ip) ip.u_addr.ip4.addr - -/* The examples use simple WiFi configuration that you can set via - 'make menuconfig'. - - If you'd rather not, just change the below entries to strings with - the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid" -*/ -#define EXAMPLE_WIFI_SSID CONFIG_WIFI_SSID -#define EXAMPLE_WIFI_PASS CONFIG_WIFI_PASSWORD - -#define OPENSSL_DEMO_THREAD_STACK_WORDS 8192 -#define OPENSSL_DEMO_THREAD_PRORIOTY 6 - -#define OPENSSL_DEMO_FRAGMENT_SIZE 8192 - -#define OPENSSL_DEMO_RECV_BUF_LEN 1024 - -#define OPENSSL_DEMO_LOCAL_TCP_PORT 443 - -#ifdef CONFIG_OPENSSL_CLIENT_DEMO - -#define OPENSSL_DEMO_THREAD_NAME "ssl_client" - -#define OPENSSL_DEMO_TARGET_NAME "www.baidu.com" -#define OPENSSL_DEMO_TARGET_TCP_PORT 443 - -#define OPENSSL_DEMO_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n" - -LOCAL void openssl_demo_thread(void *p) -{ - int ret; - - SSL_CTX *ctx; - SSL *ssl; - - int socket; - struct sockaddr_in sock_addr; - - ip_addr_t target_ip; - - int recv_bytes = 0; - - LOCAL char send_data[] = OPENSSL_DEMO_REQUEST; - LOCAL int send_bytes = sizeof(send_data); - - LOCAL char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN]; - - os_printf("OpenSSL demo thread start\n"); - - do { - ret = netconn_gethostbyname(OPENSSL_DEMO_TARGET_NAME, &target_ip); - } while(ret); - os_printf("get target IP is %d.%d.%d.%d\n", - (unsigned char)((IP_ADDR(target_ip) & 0x000000ff) >> 0), - (unsigned char)((IP_ADDR(target_ip) & 0x0000ff00) >> 8), - (unsigned char)((IP_ADDR(target_ip) & 0x00ff0000) >> 16), - (unsigned char)((IP_ADDR(target_ip) & 0xff000000) >> 24)); - - os_printf("create SSL context ......"); - ctx = SSL_CTX_new(TLSv1_1_client_method()); - if (!ctx) { - os_printf("failed\n"); - goto failed1; - } - os_printf("OK\n"); - - /** - * The openssl does not support "SSL_CTX_set_default_read_buffer_len" - * at the platform of ESP32 esp_idf now. - * - * So you should not care it now. And We my let it work later. - */ - os_printf("set SSL context read buffer size ......"); - SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_DEMO_FRAGMENT_SIZE); - ret = 0; - if (ret) { - os_printf("failed, return %d\n", ret); - goto failed2; - } - os_printf("OK\n"); - - os_printf("create socket ......"); - socket = socket(AF_INET, SOCK_STREAM, 0); - if (socket < 0) { - os_printf("failed\n"); - goto failed3; - } - os_printf("OK\n"); - - os_printf("bind socket ......"); - memset(&sock_addr, 0, sizeof(sock_addr)); - sock_addr.sin_family = AF_INET; - sock_addr.sin_addr.s_addr = 0; - sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT); - ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); - if (ret) { - os_printf("failed\n"); - goto failed4; - } - os_printf("OK\n"); - - os_printf("socket connect to remote %s ......", OPENSSL_DEMO_TARGET_NAME); - memset(&sock_addr, 0, sizeof(sock_addr)); - sock_addr.sin_family = AF_INET; - sock_addr.sin_addr.s_addr = IP_ADDR(target_ip); - sock_addr.sin_port = htons(OPENSSL_DEMO_TARGET_TCP_PORT); - ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); - if (ret) { - os_printf("failed\n"); - goto failed5; - } - os_printf("OK\n"); - - os_printf("create SSL ......"); - ssl = SSL_new(ctx); - if (!ssl) { - os_printf("failed\n"); - goto failed6; - } - os_printf("OK\n"); - - SSL_set_fd(ssl, socket); - - os_printf("SSL connected to %s port %d ......", - OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT); - ret = SSL_connect(ssl); - if (!ret) { - os_printf("failed, return [-0x%x]\n", -ret); - goto failed7; - } - os_printf("OK\n"); - - os_printf("send https request to %s port %d ......", - OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT); - ret = SSL_write(ssl, send_data, send_bytes); - if (ret <= 0) { - os_printf("failed\n"); - goto failed8; - } - os_printf("OK\n\n"); - - do { - ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1); - if (ret <= 0) { - break; - } - recv_bytes += ret; - os_printf("%s", recv_buf); - } while (1); - - os_printf("\r\ntotaly read %d bytes data from %s ......\n", recv_bytes, OPENSSL_DEMO_TARGET_NAME); - -failed8: - SSL_shutdown(ssl); -failed7: - SSL_free(ssl); - ssl = NULL; -failed6: -failed5: -failed4: - close(socket); - socket = -1; -failed3: -failed2: - SSL_CTX_free(ctx); - ctx = NULL; -failed1: - vTaskDelete(NULL); - - os_printf("task exit\n"); - - return ; -} - -#elif defined(CONFIG_OPENSSL_SERVER_DEMO) - -#define OPENSSL_DEMO_THREAD_NAME "openssl_server" - -#define OPENSSL_DEMO_CLIENT_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n" - -#define OPENSSL_DEMO_SERVER_ACK "HTTP/1.1 200 OK\r\n" \ - "Content-Type: text/html\r\n" \ - "Content-Length: 98\r\n" \ - "\r\n" \ - "\r\n" \ - "openSSL demo\r\n" \ - "OpenSSL server demo!\r\n" \ - "\r\n" \ - "\r\n" - -LOCAL void openssl_demo_thread(void *p) -{ - int ret; - - SSL_CTX *ctx; - SSL *ssl; - - int socket, new_socket; - socklen_t addr_len; - struct sockaddr_in sock_addr; - - LOCAL char send_data[] = OPENSSL_DEMO_SERVER_ACK; - LOCAL int send_bytes = sizeof(send_data); - - LOCAL char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN]; - - os_printf("server SSL context create ......"); - ctx = SSL_CTX_new(SSLv3_server_method()); - if (!ctx) { - os_printf("failed\n"); - goto failed1; - } - os_printf("OK\n"); - - /** - * The openssl does not support "SSL_CTX_set_default_read_buffer_len" - * at the platform of ESP32 esp_idf now. - * - * So you should not care it now. And We my let it work later. - */ - os_printf("server SSL context set fragment ......"); - SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_DEMO_FRAGMENT_SIZE); - ret = 0; - if (ret) { - os_printf("failed, return %d\n", ret); - goto failed2; - } - os_printf("OK\n"); - - os_printf("server SSL context set own certification......"); - ret = SSL_CTX_use_certificate_ASN1(ctx, cert_bytes, cert_ctx); - if (!ret) { - os_printf("failed, return %d\n", ret); - goto failed2; - } - os_printf("OK\n"); - - os_printf("server SSL context set private key......"); - ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, key_ctx, key_bytes); - if (!ret) { - os_printf("failed, return %d\n", ret); - goto failed2; - } - os_printf("OK\n"); - - os_printf("server create socket ......"); - socket = socket(AF_INET, SOCK_STREAM, 0); - if (socket < 0) { - os_printf("failed\n"); - goto failed2; - } - os_printf("OK\n"); - - os_printf("server socket bind ......"); - memset(&sock_addr, 0, sizeof(sock_addr)); - sock_addr.sin_family = AF_INET; - sock_addr.sin_addr.s_addr = 0; - sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT); - ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); - if (ret) { - os_printf("failed\n"); - goto failed3; - } - os_printf("OK\n"); - - os_printf("server socket listen ......"); - ret = listen(socket, 32); - if (ret) { - os_printf("failed\n"); - goto failed3; - } - os_printf("OK\n"); - -reconnect: - os_printf("server SSL create ......"); - ssl = SSL_new(ctx); - if (!ssl) { - os_printf("failed\n"); - goto failed3; - } - os_printf("OK\n"); - - os_printf("server socket accept client ......"); - new_socket = accept(socket, (struct sockaddr *)&sock_addr, &addr_len); - if (new_socket < 0) { - os_printf("failed, return [-0x%x]\n", -new_socket); - goto failed4; - } - os_printf("OK\n"); - - SSL_set_fd(ssl, new_socket); - - os_printf("server SSL accept client ......"); - ret = SSL_accept(ssl); - if (!ret) { - os_printf("failed\n"); - goto failed5; - } - os_printf("OK\n"); - - os_printf("server SSL read message ......"); - do { - memset(recv_buf, 0, OPENSSL_DEMO_RECV_BUF_LEN); - ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1); - if (ret <= 0) { - break; - } - if (strstr(recv_buf, "GET / HTTP/1.1")) { - SSL_write(ssl, send_data, send_bytes); - break; - } - } while (1); - - os_printf("result %d\n", ret); - - SSL_shutdown(ssl); -failed5: - close(new_socket); - new_socket = -1; -failed4: - SSL_free(ssl); - ssl = NULL; - goto reconnect; -failed3: - close(socket); - socket = -1; -failed2: - SSL_CTX_free(ctx); - ctx = NULL; -failed1: - vTaskDelete(NULL); - - return ; -} - -#else - #error "you must choose the right demo type" -#endif - -LOCAL void demo_init(void) -{ - int ret = pdFALSE; - -#if defined(CONFIG_OPENSSL_CLIENT_DEMO) || defined(CONFIG_OPENSSL_SERVER_DEMO) - xTaskHandle openssl_handle; - - ret = xTaskCreate(openssl_demo_thread, - OPENSSL_DEMO_THREAD_NAME, - OPENSSL_DEMO_THREAD_STACK_WORDS, - NULL, - OPENSSL_DEMO_THREAD_PRORIOTY, - &openssl_handle); -#endif - - if (ret != pdPASS) { - os_printf("create thread %s failed\n", OPENSSL_DEMO_THREAD_NAME); - return ; - } -} - -LOCAL esp_err_t wifi_event_handler(void *ctx, system_event_t *event) -{ - switch(event->event_id) { - case SYSTEM_EVENT_STA_START: - esp_wifi_connect(); - break; - case SYSTEM_EVENT_STA_GOT_IP: - demo_init(); - break; - case SYSTEM_EVENT_STA_DISCONNECTED: - /* This is a workaround as ESP32 WiFi libs don't currently - auto-reassociate. */ - esp_wifi_connect(); - break; - default: - break; - } - return ESP_OK; -} - -LOCAL void wifi_conn_init(void) -{ - tcpip_adapter_init(); - ESP_ERROR_CHECK( esp_event_loop_init(wifi_event_handler, NULL) ); - wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); - ESP_ERROR_CHECK( esp_wifi_init(&cfg) ); - ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) ); - wifi_config_t wifi_config = { - .sta = { - .ssid = EXAMPLE_WIFI_SSID, - .password = EXAMPLE_WIFI_PASS, - }, - }; - ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) ); - ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); - os_printf("start the WIFI SSID:[%s] password:[%s]\n", EXAMPLE_WIFI_SSID, EXAMPLE_WIFI_PASS); - ESP_ERROR_CHECK( esp_wifi_start() ); -} - -void app_main(void) -{ - nvs_flash_init(); - wifi_conn_init(); -} - diff --git a/examples/09_openssl/main/openssl_demo.h b/examples/09_openssl/main/openssl_demo.h deleted file mode 100644 index 89cd264b46..0000000000 --- a/examples/09_openssl/main/openssl_demo.h +++ /dev/null @@ -1,66 +0,0 @@ -#ifndef _OPENSSL_DEMO_H_ -#define _OPENSSL_DEMO_H_ - -const static unsigned char key_ctx[] = - "-----BEGIN PRIVATE KEY-----\r\n" - "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDQyyF0WBb2XbkL\r\n" - "wYFgyoPOanYvbb/qwbAkGf1zSPX35xruZmjszjcverMoyF6x2MBxD3gP1ijBR0Rr\r\n" - "0J0CfluABDLkzqpF5smOVX9k8W7ePClm91NhcASuF+CaZOe6B+6vOYShYjhe6eFG\r\n" - "AGk8SP4zSrG2XHNKXlR3w8duK9fyOOZLWRjL3T6+++HEaly1p4ujKZhrm5wHzywA\r\n" - "DvjDdvIWBCW1Z+8j7Q9qUITjlsDWHjrXCpyEfclE1WQxTP/W7rBLxNVxTfwbrdcD\r\n" - "HNrKTOXtN+oDmCruvmBnTkz9x4Te6wJuvtFd0fBtW1kWsMzomvOlKmvHo0gmpqfh\r\n" - "CwEPoKCNAgMBAAECggEBAIVr+LHXBL1kQLZhbiKC5t1FrMY8FLKYGM3JCevciMlk\r\n" - "lhIXwR7p29vsRYZfHBv7zWWyI9/C04JG31MiGOMaCbBxfnA2HBrVEqFwwxqnKVi8\r\n" - "CxzwGQkfwu3Y9j7TEj0PipfQYo+aKzmDrN/FrXnHjyEJryxAQbAZPVLW+Z7OR41R\r\n" - "ZOwtZLeVqmbeARGpu2Xd9SKAhbjdLSz96IdUcNrwbP/lzUgrKaiUioBMVFfIG5ce\r\n" - "4Mm2seCwaWxI8k24q0keSjsjV+5IxatVUNtJ9vYv6Tzo+3oqGvPeUBO7w9xhbLKf\r\n" - "jw1uEykcs0wcftWb1iB7r78bMPZ/KYhnSFsjT+vnIOECgYEA9LM5p63sn6OWrULd\r\n" - "doBBLaIw1ZK9rDUFLLRwv0e6+7tuuB08ok6D7PSfOpx0bb10lIx7epOE8ogGSmLS\r\n" - "w0rMbmcKAlTLAJ/0nX1ierZkb+Ay21F398tKL3igEfnaB9CzuOHF8XhbsTqeGFDJ\r\n" - "HFBMXxTbo4kfkUmZNYxwTombzkkCgYEA2m9teqjEOVZItqghOicWZ68JhWxBJFme\r\n" - "oSfzJKLd8atfUOnBLqAhPzvg1PvdIxjLWBqy28tEJf+jdSQCNe9BmhlptOwbFrJy\r\n" - "IyCXj6QTApSKTxyzIjMvzQkv1m8CxeCq5T64hvJ2++i7dlhumh21c7oL8aLeTnoe\r\n" - "AG1dBLJ9UCUCgYAhSlDJsyvB/Ct/nt0qRgCYCLzEEZakWwI9Nr8wBr41iSZi/fdF\r\n" - "zZC9J/qRqr9cPq4hl4sk/fTUWhUhAZjS4NY3HuWJs6d6ikhpNKm1MCMx5TqGA+ti\r\n" - "VtHc63g7edZjwczxliWr2EgBMIxZmoQByhrZxKis8vbMeUrSsiyFQstjoQKBgD3k\r\n" - "2Paqn39Hra7kERYzQSv78wy1UfgE1OgBM+orpAv4bTe2JKEbipAqXVi8TTrGqce7\r\n" - "OPcCr7q8pwpoO6AgvUv263byd/KEecbuU0PGUASpJk+oaDHGo0LL2Zw/NF/xezsd\r\n" - "/JdwWLqkhYnRIPXWeTXjf8LmTWubOqkQVA0irlNpAoGAJ+9N/NF3XAW0BroiVYLZ\r\n" - "p0Btcgt+b4LWrBlm0XqHhzKUlqhfibAr3OtUkFjo/509ncYPiuOzVSNosyjXFJ86\r\n" - "2kQ88fB3eeLnBAcbBXQKiOBPU2y6bCCfgdo+JEOK/cxVslaxMAyKSnFi9gdgzScd\r\n" - "k+hOlkflXQVkic3W358kFto=\r\n" - "-----END PRIVATE KEY-----\r\n" - ; -static int key_bytes = sizeof(key_ctx); - -const static unsigned char cert_ctx[] = - "-----BEGIN CERTIFICATE-----\r\n" - "MIID7jCCAtYCAQEwDQYJKoZIhvcNAQELBQAwgbwxCzAJBgNVBAYTAkNOMRAwDgYD\r\n" - "VQQIDAdKaWFuZ3N1MQ0wCwYDVQQHDARXdXhpMSYwJAYDVQQKDB1Fc3ByZXNzaWYg\r\n" - "Um9vdCBSU0EyMDQ4IHNoYTI1NjEcMBoGA1UECwwTUm9vdCBSU0EyMDQ4IHNoYTI1\r\n" - "NjEfMB0GA1UEAwwWcm9vdGNlcnQuZXNwcmVzc2lmLmNvbTElMCMGCSqGSIb3DQEJ\r\n" - "ARYWcm9vdGNlcnRAZXNwcmVzc2lmLmNvbTAeFw0xNjA2MjgwMjMxMjlaFw0yNjA2\r\n" - "MjYwMjMxMjlaMIG8MQswCQYDVQQGEwJDTjEQMA4GA1UECAwHSmlhbmdzdTENMAsG\r\n" - "A1UEBwwEV3V4aTEmMCQGA1UECgwdRXNwcmVzc2lmIFJvb3QgUlNBMjA0OCBzaGEy\r\n" - "NTYxHDAaBgNVBAsME1Jvb3QgUlNBMjA0OCBzaGEyNTYxHzAdBgNVBAMMFnJvb3Rj\r\n" - "ZXJ0LmVzcHJlc3NpZi5jb20xJTAjBgkqhkiG9w0BCQEWFnJvb3RjZXJ0QGVzcHJl\r\n" - "c3NpZi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQyyF0WBb2\r\n" - "XbkLwYFgyoPOanYvbb/qwbAkGf1zSPX35xruZmjszjcverMoyF6x2MBxD3gP1ijB\r\n" - "R0Rr0J0CfluABDLkzqpF5smOVX9k8W7ePClm91NhcASuF+CaZOe6B+6vOYShYjhe\r\n" - "6eFGAGk8SP4zSrG2XHNKXlR3w8duK9fyOOZLWRjL3T6+++HEaly1p4ujKZhrm5wH\r\n" - "zywADvjDdvIWBCW1Z+8j7Q9qUITjlsDWHjrXCpyEfclE1WQxTP/W7rBLxNVxTfwb\r\n" - "rdcDHNrKTOXtN+oDmCruvmBnTkz9x4Te6wJuvtFd0fBtW1kWsMzomvOlKmvHo0gm\r\n" - "pqfhCwEPoKCNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBABTYZLiFHq51lqaa0nHI\r\n" - "aDMAb29DfO93fqp+oHZYO4xKyEeLr8EhD39GjnQmhz710wO0TBCYV7nD+xnJ1h5F\r\n" - "IbQUAQZO9NIy3ns4mYVRUWjnWYAo+evGeKgRrxvh7sjNLPBPzs9tg/u7XjBp/nor\r\n" - "8JnnFFT0wXPyi/qg8J3QutqJvWRQGRRx2AP93F44+Zcj7ReFMVSmOXyzT4aNJL0+\r\n" - "Ls+baKwA4pnyVRoAaKbs/JYDgd0/DunuktVKuhyvK/qOGjJSRLPhdrXbvSAegpiM\r\n" - "4xIm6ZWKtTv8VvkGgXUVQ7RpruP6nV6506gDcUgecbEq7H2VDhEzUYcMmGCUQZlG\r\n" - "sJ8=\r\n" - "-----END CERTIFICATE-----\r\n" - ; -static int cert_bytes = sizeof(cert_ctx); - - - -#endif diff --git a/examples/09_openssl/Makefile b/examples/09_openssl_client/Makefile similarity index 83% rename from examples/09_openssl/Makefile rename to examples/09_openssl_client/Makefile index 8987be554c..7e2f4fe7f8 100644 --- a/examples/09_openssl/Makefile +++ b/examples/09_openssl_client/Makefile @@ -3,7 +3,7 @@ # project subdirectory. # -PROJECT_NAME := openssl +PROJECT_NAME := openssl_client include $(IDF_PATH)/make/project.mk diff --git a/examples/09_openssl_client/README.md b/examples/09_openssl_client/README.md new file mode 100644 index 0000000000..85d9575d6e --- /dev/null +++ b/examples/09_openssl_client/README.md @@ -0,0 +1,16 @@ +# Openssl Example + +The Example contains of OpenSSL client demo. + +First you should config the project by "make menuconfig": + Example Configuration -> + 1. Target Domain : the domain that you want to connect to, and default is "www.baidu.com". + 2. Target port number : the port number of the target domain, and default is 443. + 3. WiFi SSID : you own wifi, which you pc is connected to alse, and default is "myssid". + 4. WiFi Password : wifi password, and default is "mypassword" + +If you want to test the OpenSSL client demo: + 1. compile the code and load the firmware + 2. open the UART TTY, then you can see it print the context of target domain + +See the README.md file in the upper level 'examples' directory for more information about examples. diff --git a/examples/09_openssl_client/main/Kconfig.projbuild b/examples/09_openssl_client/main/Kconfig.projbuild new file mode 100644 index 0000000000..1767923ad1 --- /dev/null +++ b/examples/09_openssl_client/main/Kconfig.projbuild @@ -0,0 +1,28 @@ +menu "Example Configuration" + +config TARGET_DOMAIN + string "Target Domain" + default "www.baidu.com" + help + Target domain for the example to connect to. + +config TARGET_PORT_NUMBER + int "Target port number" + range 0 65535 + default 433 + help + Target port number for the example to connect to. + +config WIFI_SSID + string "WiFi SSID" + default "myssid" + help + SSID (network name) for the example to connect to. + +config WIFI_PASSWORD + string "WiFi Password" + default "mypassword" + help + WiFi password (WPA or WPA2) for the example to use. + +endmenu \ No newline at end of file diff --git a/examples/09_openssl/main/component.mk b/examples/09_openssl_client/main/component.mk similarity index 86% rename from examples/09_openssl/main/component.mk rename to examples/09_openssl_client/main/component.mk index 24356f23ed..973de1d6f0 100644 --- a/examples/09_openssl/main/component.mk +++ b/examples/09_openssl_client/main/component.mk @@ -1,7 +1,7 @@ # # Main Makefile. This is basically the same as a component makefile. # -# This Makefile should, at the very least, just include $(SDK_PATH)/make/component_common.mk. By default, +# This Makefile should, at the very least, just include $(IDF_PATH)/make/component_common.mk. By default, # this will take the sources in the src/ directory, compile them and link them into # lib(subdirectory_name).a in the build directory. This behaviour is entirely configurable, # please read the ESP-IDF documents if you need to do this. diff --git a/examples/09_openssl_client/main/openssl_client.c b/examples/09_openssl_client/main/openssl_client.c new file mode 100644 index 0000000000..9d4b8b395d --- /dev/null +++ b/examples/09_openssl_client/main/openssl_client.c @@ -0,0 +1,235 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "openssl_client.h" + +#include + +#include "openssl/ssl.h" + +#include "freertos/FreeRTOS.h" +#include "freertos/task.h" +#include "freertos/event_groups.h" + +#include "esp_types.h" +#include "esp_log.h" +#include "esp_system.h" +#include "esp_wifi.h" +#include "esp_event_loop.h" +#include "esp_log.h" + +#include "nvs_flash.h" +#include "tcpip_adapter.h" + +#include "lwip/sockets.h" +#include "lwip/netdb.h" + +static EventGroupHandle_t wifi_event_group; + +/* The event group allows multiple bits for each event, + but we only care about one event - are we connected + to the AP with an IP? */ +const static int CONNECTED_BIT = BIT0; + +const static char *TAG = "Openssl_demo"; + +void openssl_demo_thread(void *p) +{ + int ret; + SSL_CTX *ctx; + SSL *ssl; + int socket; + struct sockaddr_in sock_addr; + struct hostent *hp; + struct ip4_addr *ip4_addr; + + int recv_bytes = 0; + char send_data[] = OPENSSL_DEMO_REQUEST; + int send_bytes = sizeof(send_data); + char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN]; + + ESP_LOGI(TAG, "OpenSSL demo thread start OK"); + + ESP_LOGI(TAG, "get target IP address"); + hp = gethostbyname(OPENSSL_DEMO_TARGET_NAME); + if (!hp) { + ESP_LOGI(TAG, "failed"); + goto failed1; + } + ESP_LOGI(TAG, "OK"); + + ip4_addr = (struct ip4_addr *)hp->h_addr; + ESP_LOGI(TAG, IPSTR, IP2STR(ip4_addr)); + + ESP_LOGI(TAG, "create SSL context ......"); + ctx = SSL_CTX_new(TLSv1_1_client_method()); + if (!ctx) { + ESP_LOGI(TAG, "failed"); + goto failed1; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "create socket ......"); + socket = socket(AF_INET, SOCK_STREAM, 0); + if (socket < 0) { + ESP_LOGI(TAG, "failed"); + goto failed2; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "bind socket ......"); + memset(&sock_addr, 0, sizeof(sock_addr)); + sock_addr.sin_family = AF_INET; + sock_addr.sin_addr.s_addr = 0; + sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT); + ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); + if (ret) { + ESP_LOGI(TAG, "failed"); + goto failed3; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "socket connect to remote %s ......", OPENSSL_DEMO_TARGET_NAME); + memset(&sock_addr, 0, sizeof(sock_addr)); + sock_addr.sin_family = AF_INET; + sock_addr.sin_addr.s_addr = ip4_addr->addr; + sock_addr.sin_port = htons(OPENSSL_DEMO_TARGET_TCP_PORT); + ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); + if (ret) { + ESP_LOGI(TAG, "failed"); + goto failed3; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "create SSL ......"); + ssl = SSL_new(ctx); + if (!ssl) { + ESP_LOGI(TAG, "failed"); + goto failed3; + } + ESP_LOGI(TAG, "OK"); + + SSL_set_fd(ssl, socket); + + ESP_LOGI(TAG, "SSL connected to %s port %d ......", + OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT); + ret = SSL_connect(ssl); + if (!ret) { + ESP_LOGI(TAG, "failed " ); + goto failed4; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "send https request to %s port %d ......", + OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT); + ret = SSL_write(ssl, send_data, send_bytes); + if (ret <= 0) { + ESP_LOGI(TAG, "failed"); + goto failed5; + } + ESP_LOGI(TAG, "OK"); + + do { + ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1); + if (ret <= 0) { + break; + } + recv_bytes += ret; + ESP_LOGI(TAG, "%s", recv_buf); + } while (1); + + ESP_LOGI(TAG, "totaly read %d bytes data from %s ......", recv_bytes, OPENSSL_DEMO_TARGET_NAME); + +failed5: + SSL_shutdown(ssl); +failed4: + SSL_free(ssl); + ssl = NULL; +failed3: + close(socket); + socket = -1; +failed2: + SSL_CTX_free(ctx); + ctx = NULL; +failed1: + vTaskDelete(NULL); + return ; +} + +static void openssl_client_init(void) +{ + int ret; + xTaskHandle openssl_handle; + extern void openssl_demo_thread(void *p); + + ret = xTaskCreate(openssl_demo_thread, + OPENSSL_DEMO_THREAD_NAME, + OPENSSL_DEMO_THREAD_STACK_WORDS, + NULL, + OPENSSL_DEMO_THREAD_PRORIOTY, + &openssl_handle); + + if (ret != pdPASS) { + ESP_LOGI(TAG, "create thread %s failed", OPENSSL_DEMO_THREAD_NAME); + return ; + } +} + +static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) +{ + switch(event->event_id) { + case SYSTEM_EVENT_STA_START: + esp_wifi_connect(); + break; + case SYSTEM_EVENT_STA_GOT_IP: + xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); + openssl_client_init(); + break; + case SYSTEM_EVENT_STA_DISCONNECTED: + /* This is a workaround as ESP32 WiFi libs don't currently + auto-reassociate. */ + esp_wifi_connect(); + xEventGroupClearBits(wifi_event_group, CONNECTED_BIT); + break; + default: + break; + } + return ESP_OK; +} + +static void wifi_conn_init(void) +{ + tcpip_adapter_init(); + wifi_event_group = xEventGroupCreate(); + ESP_ERROR_CHECK( esp_event_loop_init(wifi_event_handler, NULL) ); + wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); + ESP_ERROR_CHECK( esp_wifi_init(&cfg) ); + ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) ); + wifi_config_t wifi_config = { + .sta = { + .ssid = EXAMPLE_WIFI_SSID, + .password = EXAMPLE_WIFI_PASS, + }, + }; + ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) ); + ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); + ESP_LOGI(TAG, "start the WIFI SSID:[%s] password:[%s]\n", EXAMPLE_WIFI_SSID, EXAMPLE_WIFI_PASS); + ESP_ERROR_CHECK( esp_wifi_start() ); +} + +void app_main(void) +{ + nvs_flash_init(); + wifi_conn_init(); +} diff --git a/examples/09_openssl_client/main/openssl_client.h b/examples/09_openssl_client/main/openssl_client.h new file mode 100644 index 0000000000..5bc69a0aca --- /dev/null +++ b/examples/09_openssl_client/main/openssl_client.h @@ -0,0 +1,34 @@ +#ifndef _OPENSSL_DEMO_H_ +#define _OPENSSL_DEMO_H_ + +/* The examples use simple WiFi configuration that you can set via + 'make menuconfig'. + + If you'd rather not, just change the below entries to strings with + the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid" +*/ +#define EXAMPLE_WIFI_SSID CONFIG_WIFI_SSID +#define EXAMPLE_WIFI_PASS CONFIG_WIFI_PASSWORD + +/* The examples use domain of "www.baidu.com" and port number of 433 that + you can set via 'make menuconfig'. + + If you'd rather not, just change the below entries to strings with + the config you want - ie #define OPENSSL_DEMO_TARGET_NAME "www.baidu.com" + and ie #define OPENSSL_DEMO_TARGET_TCP_PORT 433 +*/ +#define OPENSSL_DEMO_TARGET_NAME CONFIG_TARGET_DOMAIN +#define OPENSSL_DEMO_TARGET_TCP_PORT CONFIG_TARGET_PORT_NUMBER + +#define OPENSSL_DEMO_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n" + +#define OPENSSL_DEMO_THREAD_NAME "OpenSSL_demo" +#define OPENSSL_DEMO_THREAD_STACK_WORDS 10240 +#define OPENSSL_DEMO_THREAD_PRORIOTY 8 + +#define OPENSSL_DEMO_RECV_BUF_LEN 1024 + +#define OPENSSL_DEMO_LOCAL_TCP_PORT 443 + +#endif + From dfaac25a37340a37ae808d2c12c9a37d268cbc48 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Tue, 15 Nov 2016 15:04:21 +0800 Subject: [PATCH 4/8] feature/openssl: add openssl server demo and remove some check function --- components/openssl/platform/ssl_pm.c | 4 ---- examples/09_openssl_client/main/component.mk | 2 -- 2 files changed, 6 deletions(-) diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 091402cda4..a5986dc3ee 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -90,10 +90,6 @@ int ssl_pm_new(SSL *ssl) if (!ssl_pm) SSL_ERR(ret, failed1, "ssl_mem_zalloc\n"); - if (ssl->ctx->read_buffer_len < 2048 || - ssl->ctx->read_buffer_len > 8192) - return -1; - max_content_len = ssl->ctx->read_buffer_len; mbedtls_net_init(&ssl_pm->fd); diff --git a/examples/09_openssl_client/main/component.mk b/examples/09_openssl_client/main/component.mk index 973de1d6f0..9c21f4a8d4 100644 --- a/examples/09_openssl_client/main/component.mk +++ b/examples/09_openssl_client/main/component.mk @@ -6,5 +6,3 @@ # lib(subdirectory_name).a in the build directory. This behaviour is entirely configurable, # please read the ESP-IDF documents if you need to do this. # - -include $(IDF_PATH)/make/component_common.mk From a2b1f4221b39e61d0ad41c55f523b08d4a6a2605 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Tue, 15 Nov 2016 15:08:51 +0800 Subject: [PATCH 5/8] feature/openssl: add the openssl server demo --- examples/10_openssl_server/Makefile | 9 + examples/10_openssl_server/README.md | 20 ++ .../10_openssl_server/main/Kconfig.projbuild | 15 + examples/10_openssl_server/main/cacert.pem | 21 ++ examples/10_openssl_server/main/component.mk | 11 + .../10_openssl_server/main/openssl_server.c | 258 ++++++++++++++++++ .../10_openssl_server/main/openssl_server.h | 22 ++ examples/10_openssl_server/main/prvtkey.pem | 27 ++ 8 files changed, 383 insertions(+) create mode 100644 examples/10_openssl_server/Makefile create mode 100644 examples/10_openssl_server/README.md create mode 100644 examples/10_openssl_server/main/Kconfig.projbuild create mode 100644 examples/10_openssl_server/main/cacert.pem create mode 100644 examples/10_openssl_server/main/component.mk create mode 100644 examples/10_openssl_server/main/openssl_server.c create mode 100644 examples/10_openssl_server/main/openssl_server.h create mode 100644 examples/10_openssl_server/main/prvtkey.pem diff --git a/examples/10_openssl_server/Makefile b/examples/10_openssl_server/Makefile new file mode 100644 index 0000000000..f65f11a562 --- /dev/null +++ b/examples/10_openssl_server/Makefile @@ -0,0 +1,9 @@ +# +# This is a project Makefile. It is assumed the directory this Makefile resides in is a +# project subdirectory. +# + +PROJECT_NAME := openssl_server + +include $(IDF_PATH)/make/project.mk + diff --git a/examples/10_openssl_server/README.md b/examples/10_openssl_server/README.md new file mode 100644 index 0000000000..ae5c8da0c7 --- /dev/null +++ b/examples/10_openssl_server/README.md @@ -0,0 +1,20 @@ +# Openssl Example + +The Example contains of OpenSSL server demo. + +First you should configure the project by "make menuconfig": + Example Configuration -> + 1. WiFi SSID: you own wifi that you pc is connected to alse. + 1. WiFi Password: wifi password + +IF you want to test the OpenSSL server demo: + 1. compile the code and load the firmware + 2. input the context of "https://192.168.17.128" into your web browser, the IP of your module may not be 192.168.17.128, you should input your module's IP + 3. You may see that it shows the website is not able to be trusted, but you should select that "go on to visit it" + 4. You should wait for a moment until your see the "OpenSSL server demo!" in your web browser + +Note: + The private key and certification at the example are not trusted by web browser, because they are not created by CA official, just by ourselves. + You can alse create your own private key and ceritification by "openssl at ubuntu or others". + +See the README.md file in the upper level 'examples' directory for more information about examples. diff --git a/examples/10_openssl_server/main/Kconfig.projbuild b/examples/10_openssl_server/main/Kconfig.projbuild new file mode 100644 index 0000000000..7a9cb97a0e --- /dev/null +++ b/examples/10_openssl_server/main/Kconfig.projbuild @@ -0,0 +1,15 @@ +menu "Example Configuration" + +config WIFI_SSID + string "WiFi SSID" + default "myssid" + help + SSID (network name) for the example to connect to. + +config WIFI_PASSWORD + string "WiFi Password" + default "mypassword" + help + WiFi password (WPA or WPA2) for the example to use. + +endmenu \ No newline at end of file diff --git a/examples/10_openssl_server/main/cacert.pem b/examples/10_openssl_server/main/cacert.pem new file mode 100644 index 0000000000..e09c3989cd --- /dev/null +++ b/examples/10_openssl_server/main/cacert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIJAPMMNobNczaUMA0GCSqGSIb3DQEBBAUAMHQxEzARBgNV +BAMTCk15IFRlc3QgQ0ExCzAJBgNVBAgTAkhaMQswCQYDVQQGEwJDTjEcMBoGCSqG +SIb3DQEJARYNdGVzdEBjZXJ0LmNvbTElMCMGA1UEChMcUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eTAeFw0xNjExMTUwNTA0MThaFw0xOTExMTUwNTA0MThaMHQx +EzARBgNVBAMTCk15IFRlc3QgQ0ExCzAJBgNVBAgTAkhaMQswCQYDVQQGEwJDTjEc +MBoGCSqGSIb3DQEJARYNdGVzdEBjZXJ0LmNvbTElMCMGA1UEChMcUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALDjSPDlomepHCzbw4MUrquQAU0xTV4/Npb27k9I5TRVTjIoOs/5hNI2LPFW +e4CREx09ZrT8K3NFOBoSy7bhPAsjGaFxCYYWc9tiX1m5gq3ToVRSmbZ65fE3kvnI +8E/d5VyzA0OMmWbfaolBSTMoWgqRynEaT+z1Eh2yDTzVFy9eov1DdQFUqGDqbH5b +QYvTY5Fyem7UcKWAe2yS0j3H4dVtVBKNY7qV3Px08yGAs5fQFgUwhyB5+qwhvkeL +JdgapGaSTwLgoQKWHbe/lA3NiBIB9hznFUGKo3hmniAvYZbrQcn3tc0l/J4I39v2 +Pm29FAyjWvQyBkGktz2q4elOZYkCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkq +hkiG9w0BAQQFAAOCAQEAJCJ+97oae/FcOLbPpjCpUQnWqYydgSChgalkZNvr4fVp +TnuNg471l0Y2oTJLoWn2YcbPSFVOEeKkU47mpjMzucHHp0zGaW9SdzhZalWwmbgK +q2ijecIbuFHFNedYTk/03K7eaAcjVhD8e0oOJImeLOL6DAFivA1LUnSgXsdGPDtD +zhISsCPTu+cL1j0yP6HBvLeAyb8kaCWJ05RtiVLRANNHQn/keHajJYpMwnEEbJdG +cqN3whfJoGVbZ6isEf2RQJ0pYRnP7uGLW3wGkLWxfdto8uER8HVDx7fZpevLIqGd +1OoSEi3cIJXWBAjx0TLzzhtb6aeIxBJWQqHThtkKdg== +-----END CERTIFICATE----- diff --git a/examples/10_openssl_server/main/component.mk b/examples/10_openssl_server/main/component.mk new file mode 100644 index 0000000000..4a891d52f7 --- /dev/null +++ b/examples/10_openssl_server/main/component.mk @@ -0,0 +1,11 @@ +# +# Main Makefile. This is basically the same as a component makefile. +# +# This Makefile should, at the very least, just include $(IDF_PATH)/make/component_common.mk. By default, +# this will take the sources in the src/ directory, compile them and link them into +# lib(subdirectory_name).a in the build directory. This behaviour is entirely configurable, +# please read the ESP-IDF documents if you need to do this. +# + +COMPONENT_EMBED_TXTFILES := cacert.pem +COMPONENT_EMBED_TXTFILES += prvtkey.pem diff --git a/examples/10_openssl_server/main/openssl_server.c b/examples/10_openssl_server/main/openssl_server.c new file mode 100644 index 0000000000..4fc841ac79 --- /dev/null +++ b/examples/10_openssl_server/main/openssl_server.c @@ -0,0 +1,258 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "openssl_server.h" + +#include + +#include "openssl/ssl.h" + +#include "freertos/FreeRTOS.h" +#include "freertos/task.h" +#include "freertos/event_groups.h" + +#include "esp_types.h" +#include "esp_log.h" +#include "esp_system.h" +#include "esp_wifi.h" +#include "esp_event_loop.h" +#include "esp_log.h" + +#include "nvs_flash.h" +#include "tcpip_adapter.h" + +#include "lwip/sockets.h" +#include "lwip/netdb.h" + +static EventGroupHandle_t wifi_event_group; + +/* The event group allows multiple bits for each event, + but we only care about one event - are we connected + to the AP with an IP? */ +const static int CONNECTED_BIT = BIT0; + +const static char *TAG = "Openssl_demo"; + +#define OPENSSL_DEMO_SERVER_ACK "HTTP/1.1 200 OK\r\n" \ + "Content-Type: text/html\r\n" \ + "Content-Length: 98\r\n" \ + "\r\n" \ + "\r\n" \ + "OpenSSL demo\r\n" \ + "OpenSSL server demo!\r\n" \ + "\r\n" \ + "\r\n" + +static void openssl_demo_thread(void *p) +{ + int ret; + + SSL_CTX *ctx; + SSL *ssl; + + int socket, new_socket; + socklen_t addr_len; + struct sockaddr_in sock_addr; + + char send_data[] = OPENSSL_DEMO_SERVER_ACK; + int send_bytes = sizeof(send_data); + char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN]; + + extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start"); + extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end"); + const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start; + + extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start"); + extern const unsigned char prvtkey_pem_end[] asm("_binary_prvtkey_pem_end"); + const unsigned int prvtkey_pem_bytes = prvtkey_pem_end - prvtkey_pem_start; + + ESP_LOGI(TAG, "SSL server context create ......"); + ctx = SSL_CTX_new(SSLv3_server_method()); + if (!ctx) { + ESP_LOGI(TAG, "failed"); + goto failed1; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "SSL server context set own certification......"); + ret = SSL_CTX_use_certificate_ASN1(ctx, cacert_pem_bytes, cacert_pem_start); + if (!ret) { + ESP_LOGI(TAG, "failed"); + goto failed2; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "SSL server context set private key......"); + ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, prvtkey_pem_start, prvtkey_pem_bytes); + if (!ret) { + ESP_LOGI(TAG, "failed"); + goto failed2; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "SSL server create socket ......"); + socket = socket(AF_INET, SOCK_STREAM, 0); + if (socket < 0) { + ESP_LOGI(TAG, "failed"); + goto failed2; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "SSL server socket bind ......"); + memset(&sock_addr, 0, sizeof(sock_addr)); + sock_addr.sin_family = AF_INET; + sock_addr.sin_addr.s_addr = 0; + sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT); + ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); + if (ret) { + ESP_LOGI(TAG, "failed"); + goto failed3; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "SSL server socket listen ......"); + ret = listen(socket, 32); + if (ret) { + ESP_LOGI(TAG, "failed"); + goto failed3; + } + ESP_LOGI(TAG, "OK"); + +reconnect: + ESP_LOGI(TAG, "SSL server create ......"); + ssl = SSL_new(ctx); + if (!ssl) { + ESP_LOGI(TAG, "failed"); + goto failed3; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "SSL server socket accept client ......"); + new_socket = accept(socket, (struct sockaddr *)&sock_addr, &addr_len); + if (new_socket < 0) { + ESP_LOGI(TAG, "failed" ); + goto failed4; + } + ESP_LOGI(TAG, "OK"); + + SSL_set_fd(ssl, new_socket); + + ESP_LOGI(TAG, "SSL server accept client ......"); + ret = SSL_accept(ssl); + if (!ret) { + ESP_LOGI(TAG, "failed"); + goto failed5; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "SSL server read message ......"); + do { + memset(recv_buf, 0, OPENSSL_DEMO_RECV_BUF_LEN); + ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1); + if (ret <= 0) { + break; + } + if (strstr(recv_buf, "GET / HTTP/1.1")) { + SSL_write(ssl, send_data, send_bytes); + break; + } + } while (1); + + ESP_LOGI(TAG, "result %d", ret); + + SSL_shutdown(ssl); +failed5: + close(new_socket); + new_socket = -1; +failed4: + SSL_free(ssl); + ssl = NULL; + goto reconnect; +failed3: + close(socket); + socket = -1; +failed2: + SSL_CTX_free(ctx); + ctx = NULL; +failed1: + vTaskDelete(NULL); + return ; +} + +static void openssl_client_init(void) +{ + int ret; + xTaskHandle openssl_handle; + extern void openssl_demo_thread(void *p); + + ret = xTaskCreate(openssl_demo_thread, + OPENSSL_DEMO_THREAD_NAME, + OPENSSL_DEMO_THREAD_STACK_WORDS, + NULL, + OPENSSL_DEMO_THREAD_PRORIOTY, + &openssl_handle); + + if (ret != pdPASS) { + ESP_LOGI(TAG, "create thread %s failed", OPENSSL_DEMO_THREAD_NAME); + return ; + } +} + +static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) +{ + switch(event->event_id) { + case SYSTEM_EVENT_STA_START: + esp_wifi_connect(); + break; + case SYSTEM_EVENT_STA_GOT_IP: + xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); + openssl_client_init(); + break; + case SYSTEM_EVENT_STA_DISCONNECTED: + /* This is a workaround as ESP32 WiFi libs don't currently + auto-reassociate. */ + esp_wifi_connect(); + xEventGroupClearBits(wifi_event_group, CONNECTED_BIT); + break; + default: + break; + } + return ESP_OK; +} + +static void wifi_conn_init(void) +{ + tcpip_adapter_init(); + wifi_event_group = xEventGroupCreate(); + ESP_ERROR_CHECK( esp_event_loop_init(wifi_event_handler, NULL) ); + wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); + ESP_ERROR_CHECK( esp_wifi_init(&cfg) ); + ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) ); + wifi_config_t wifi_config = { + .sta = { + .ssid = EXAMPLE_WIFI_SSID, + .password = EXAMPLE_WIFI_PASS, + }, + }; + ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) ); + ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); + ESP_LOGI(TAG, "start the WIFI SSID:[%s] password:[%s]\n", EXAMPLE_WIFI_SSID, EXAMPLE_WIFI_PASS); + ESP_ERROR_CHECK( esp_wifi_start() ); +} + +void app_main(void) +{ + nvs_flash_init(); + wifi_conn_init(); +} diff --git a/examples/10_openssl_server/main/openssl_server.h b/examples/10_openssl_server/main/openssl_server.h new file mode 100644 index 0000000000..e87f5e482e --- /dev/null +++ b/examples/10_openssl_server/main/openssl_server.h @@ -0,0 +1,22 @@ +#ifndef _OPENSSL_DEMO_H_ +#define _OPENSSL_DEMO_H_ + +/* The examples use simple WiFi configuration that you can set via + 'make menuconfig'. + + If you'd rather not, just change the below entries to strings with + the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid" +*/ +#define EXAMPLE_WIFI_SSID CONFIG_WIFI_SSID +#define EXAMPLE_WIFI_PASS CONFIG_WIFI_PASSWORD + +#define OPENSSL_DEMO_THREAD_NAME "OpenSSL_demo" +#define OPENSSL_DEMO_THREAD_STACK_WORDS 10240 +#define OPENSSL_DEMO_THREAD_PRORIOTY 8 + +#define OPENSSL_DEMO_RECV_BUF_LEN 1024 + +#define OPENSSL_DEMO_LOCAL_TCP_PORT 443 + +#endif + diff --git a/examples/10_openssl_server/main/prvtkey.pem b/examples/10_openssl_server/main/prvtkey.pem new file mode 100644 index 0000000000..4ead61f6ff --- /dev/null +++ b/examples/10_openssl_server/main/prvtkey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAsONI8OWiZ6kcLNvDgxSuq5ABTTFNXj82lvbuT0jlNFVOMig6 +z/mE0jYs8VZ7gJETHT1mtPwrc0U4GhLLtuE8CyMZoXEJhhZz22JfWbmCrdOhVFKZ +tnrl8TeS+cjwT93lXLMDQ4yZZt9qiUFJMyhaCpHKcRpP7PUSHbINPNUXL16i/UN1 +AVSoYOpsfltBi9NjkXJ6btRwpYB7bJLSPcfh1W1UEo1jupXc/HTzIYCzl9AWBTCH +IHn6rCG+R4sl2BqkZpJPAuChApYdt7+UDc2IEgH2HOcVQYqjeGaeIC9hlutByfe1 +zSX8ngjf2/Y+bb0UDKNa9DIGQaS3Parh6U5liQIDAQABAoIBAB9K9jp3xXVlO3DM +KBhmbkg3n6NSV4eW00d9w8cO9E1/0eeZql3knJS7tNO1IwApqiIAHM1j1yP7WONz +88oUqpSlzwD6iF7KVhC3pHqxEOdDi0Tpn/viXg+Ab2X1IF5guRTfLnKiyviiCazi +edqtBtDb3d6Icx9Oc7gBKcpbQFDGt++wSOb5L+xhRm9B5B4l/6byikiPeKqIK5tC +SoP9Zr1mvpNoGm1P4LvEunFJcRBqVI010VNwfO9P98oVyzJu9/FZZrQxXoY9JdXF +OM6nbl+hMDM3TkEOda9NvBhImozEAvuc97CaaXyR3XivxMqNqNIb4+syUPa2PCS3 +ZztI5qECgYEA1gbVG6ifpvpbBkDPi3Im8fM3F7FLLrQc48FdFjdMvDhHD9lVKucD +Uaa8PF9dbbvlu2cwMyfBOKSuWaXxRxRsiqiPmTunS1MvPzQcSrGwUrL2AogGucn6 ++NrLQf5P4H5IpkDQ9ih3zwjO6xKFK1WeYnYpHM8qUBtl6q0YFyVBPu0CgYEA05Pn +StWA4D7VSbNnVi6lvFyEOUsTrK3v419598TFiq4eXLq6aV8/CQYzKsSzoG+aOZhX +Li+0uyT5cNzUcXYhTsW1hA/pNhMfxMrYiB1x14zlLp2WRGg4vd/+SxX6d9Yd3acX +7QzPKgdDicXs9QN8ozJOICKvNbUI53AJdATVEY0CgYEAwvpGeoQLrdq1weSZLrg3 +soOX1QW3MDz1dKdbXjnStkWut0mOxR7fbysuoPFf8/ARQcCnsHKvHCMqkpESVWbN +2yPkbfxiU8Tcbf/TJljqAOz4ISY6ula/RKZONTixHBrvpEW4GAiV3Q5xMsYUe33s +ZFaw7YXtTj0ng7tdDvjpj6ECgYEApHdUU9ejVq2BHslWiqe4LbO9FMxHfvO2hgix +xugupp6y+2Irhb2EQn+PRq+g8hXOzPaezkhHNTKItDL08T3iplkJwJ6dqmszRsZn +i2dYFzZu8M2PAZ4CfZahFbz/9id7D9HTx3EtmH4NAgvZJpyPRkzUbiaIDDettDpj +Hsyi1AECgYAPLvjBzQj4kPF8Zo9pQEUcz4pmupRVfv3aRfjnahDK4qZHEePDRj+J +W7pzayrs1dyN9QLB8pTc424z7f8MB3llCICN+ohs8CR/eW0NEobE9ldDOeoCr1Vh +NhNSbrN1iZ8U4oLkRTMaDKkVngGffvjGi/q0tOU7hJdZOqNlk2Iahg== +-----END RSA PRIVATE KEY----- From 656543c5ca9838497da76673ebd408e22d3d3baf Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Wed, 16 Nov 2016 10:46:03 +0800 Subject: [PATCH 6/8] feature/openssl: fixup some insufficient --- examples/09_openssl_client/README.md | 2 +- examples/09_openssl_client/main/component.mk | 5 ----- examples/09_openssl_client/main/openssl_client.c | 7 +++---- examples/10_openssl_server/README.md | 2 +- examples/10_openssl_server/main/component.mk | 5 ----- examples/10_openssl_server/main/openssl_server.c | 7 +++---- 6 files changed, 8 insertions(+), 20 deletions(-) diff --git a/examples/09_openssl_client/README.md b/examples/09_openssl_client/README.md index 85d9575d6e..a131cb2472 100644 --- a/examples/09_openssl_client/README.md +++ b/examples/09_openssl_client/README.md @@ -6,7 +6,7 @@ First you should config the project by "make menuconfig": Example Configuration -> 1. Target Domain : the domain that you want to connect to, and default is "www.baidu.com". 2. Target port number : the port number of the target domain, and default is 443. - 3. WiFi SSID : you own wifi, which you pc is connected to alse, and default is "myssid". + 3. WiFi SSID : you own wifi, which is connected to the Internet, and default is "myssid". 4. WiFi Password : wifi password, and default is "mypassword" If you want to test the OpenSSL client demo: diff --git a/examples/09_openssl_client/main/component.mk b/examples/09_openssl_client/main/component.mk index 9c21f4a8d4..44bd2b5273 100644 --- a/examples/09_openssl_client/main/component.mk +++ b/examples/09_openssl_client/main/component.mk @@ -1,8 +1,3 @@ # # Main Makefile. This is basically the same as a component makefile. # -# This Makefile should, at the very least, just include $(IDF_PATH)/make/component_common.mk. By default, -# this will take the sources in the src/ directory, compile them and link them into -# lib(subdirectory_name).a in the build directory. This behaviour is entirely configurable, -# please read the ESP-IDF documents if you need to do this. -# diff --git a/examples/09_openssl_client/main/openssl_client.c b/examples/09_openssl_client/main/openssl_client.c index 9d4b8b395d..890962f5d9 100644 --- a/examples/09_openssl_client/main/openssl_client.c +++ b/examples/09_openssl_client/main/openssl_client.c @@ -55,9 +55,10 @@ void openssl_demo_thread(void *p) struct ip4_addr *ip4_addr; int recv_bytes = 0; - char send_data[] = OPENSSL_DEMO_REQUEST; - int send_bytes = sizeof(send_data); char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN]; + + const char send_data[] = OPENSSL_DEMO_REQUEST; + const int send_bytes = sizeof(send_data); ESP_LOGI(TAG, "OpenSSL demo thread start OK"); @@ -171,7 +172,6 @@ static void openssl_client_init(void) { int ret; xTaskHandle openssl_handle; - extern void openssl_demo_thread(void *p); ret = xTaskCreate(openssl_demo_thread, OPENSSL_DEMO_THREAD_NAME, @@ -182,7 +182,6 @@ static void openssl_client_init(void) if (ret != pdPASS) { ESP_LOGI(TAG, "create thread %s failed", OPENSSL_DEMO_THREAD_NAME); - return ; } } diff --git a/examples/10_openssl_server/README.md b/examples/10_openssl_server/README.md index ae5c8da0c7..a8c16d4ed0 100644 --- a/examples/10_openssl_server/README.md +++ b/examples/10_openssl_server/README.md @@ -4,7 +4,7 @@ The Example contains of OpenSSL server demo. First you should configure the project by "make menuconfig": Example Configuration -> - 1. WiFi SSID: you own wifi that you pc is connected to alse. + 1. WiFi SSID: WiFi network to which your PC is also connected to. 1. WiFi Password: wifi password IF you want to test the OpenSSL server demo: diff --git a/examples/10_openssl_server/main/component.mk b/examples/10_openssl_server/main/component.mk index 4a891d52f7..80af01cb53 100644 --- a/examples/10_openssl_server/main/component.mk +++ b/examples/10_openssl_server/main/component.mk @@ -1,11 +1,6 @@ # # Main Makefile. This is basically the same as a component makefile. # -# This Makefile should, at the very least, just include $(IDF_PATH)/make/component_common.mk. By default, -# this will take the sources in the src/ directory, compile them and link them into -# lib(subdirectory_name).a in the build directory. This behaviour is entirely configurable, -# please read the ESP-IDF documents if you need to do this. -# COMPONENT_EMBED_TXTFILES := cacert.pem COMPONENT_EMBED_TXTFILES += prvtkey.pem diff --git a/examples/10_openssl_server/main/openssl_server.c b/examples/10_openssl_server/main/openssl_server.c index 4fc841ac79..6dc28182d7 100644 --- a/examples/10_openssl_server/main/openssl_server.c +++ b/examples/10_openssl_server/main/openssl_server.c @@ -65,10 +65,11 @@ static void openssl_demo_thread(void *p) socklen_t addr_len; struct sockaddr_in sock_addr; - char send_data[] = OPENSSL_DEMO_SERVER_ACK; - int send_bytes = sizeof(send_data); char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN]; + const char send_data[] = OPENSSL_DEMO_SERVER_ACK; + const int send_bytes = sizeof(send_data); + extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start"); extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end"); const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start; @@ -194,7 +195,6 @@ static void openssl_client_init(void) { int ret; xTaskHandle openssl_handle; - extern void openssl_demo_thread(void *p); ret = xTaskCreate(openssl_demo_thread, OPENSSL_DEMO_THREAD_NAME, @@ -205,7 +205,6 @@ static void openssl_client_init(void) if (ret != pdPASS) { ESP_LOGI(TAG, "create thread %s failed", OPENSSL_DEMO_THREAD_NAME); - return ; } } From 2ed9e2d9a8712df9bf8f00d9d23d6f3522fe6e50 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Wed, 16 Nov 2016 11:11:01 +0800 Subject: [PATCH 7/8] feature/openssl: fixup the file and code style --- examples/09_openssl_client/README.md | 4 +- .../09_openssl_client/main/openssl_client.c | 464 ++++++++-------- examples/10_openssl_server/README.md | 7 +- .../10_openssl_server/main/openssl_server.c | 510 +++++++++--------- 4 files changed, 489 insertions(+), 496 deletions(-) diff --git a/examples/09_openssl_client/README.md b/examples/09_openssl_client/README.md index a131cb2472..2a6ac19881 100644 --- a/examples/09_openssl_client/README.md +++ b/examples/09_openssl_client/README.md @@ -6,8 +6,8 @@ First you should config the project by "make menuconfig": Example Configuration -> 1. Target Domain : the domain that you want to connect to, and default is "www.baidu.com". 2. Target port number : the port number of the target domain, and default is 443. - 3. WiFi SSID : you own wifi, which is connected to the Internet, and default is "myssid". - 4. WiFi Password : wifi password, and default is "mypassword" + 3. WIFI SSID : your own WIFI, which is connected to the Internet, and default is "myssid". + 4. WIFI Password : WIFI password, and default is "mypassword" If you want to test the OpenSSL client demo: 1. compile the code and load the firmware diff --git a/examples/09_openssl_client/main/openssl_client.c b/examples/09_openssl_client/main/openssl_client.c index 890962f5d9..c804b6c4fd 100644 --- a/examples/09_openssl_client/main/openssl_client.c +++ b/examples/09_openssl_client/main/openssl_client.c @@ -1,234 +1,230 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "openssl_client.h" - -#include - -#include "openssl/ssl.h" - -#include "freertos/FreeRTOS.h" -#include "freertos/task.h" -#include "freertos/event_groups.h" - -#include "esp_types.h" -#include "esp_log.h" -#include "esp_system.h" -#include "esp_wifi.h" -#include "esp_event_loop.h" -#include "esp_log.h" - -#include "nvs_flash.h" -#include "tcpip_adapter.h" - -#include "lwip/sockets.h" -#include "lwip/netdb.h" - -static EventGroupHandle_t wifi_event_group; - -/* The event group allows multiple bits for each event, - but we only care about one event - are we connected - to the AP with an IP? */ -const static int CONNECTED_BIT = BIT0; - -const static char *TAG = "Openssl_demo"; - -void openssl_demo_thread(void *p) -{ - int ret; - SSL_CTX *ctx; - SSL *ssl; - int socket; - struct sockaddr_in sock_addr; - struct hostent *hp; - struct ip4_addr *ip4_addr; - - int recv_bytes = 0; - char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN]; - - const char send_data[] = OPENSSL_DEMO_REQUEST; - const int send_bytes = sizeof(send_data); - - ESP_LOGI(TAG, "OpenSSL demo thread start OK"); - - ESP_LOGI(TAG, "get target IP address"); - hp = gethostbyname(OPENSSL_DEMO_TARGET_NAME); - if (!hp) { - ESP_LOGI(TAG, "failed"); - goto failed1; - } - ESP_LOGI(TAG, "OK"); - - ip4_addr = (struct ip4_addr *)hp->h_addr; - ESP_LOGI(TAG, IPSTR, IP2STR(ip4_addr)); - - ESP_LOGI(TAG, "create SSL context ......"); - ctx = SSL_CTX_new(TLSv1_1_client_method()); - if (!ctx) { - ESP_LOGI(TAG, "failed"); - goto failed1; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "create socket ......"); - socket = socket(AF_INET, SOCK_STREAM, 0); - if (socket < 0) { - ESP_LOGI(TAG, "failed"); - goto failed2; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "bind socket ......"); - memset(&sock_addr, 0, sizeof(sock_addr)); - sock_addr.sin_family = AF_INET; - sock_addr.sin_addr.s_addr = 0; - sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT); - ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); - if (ret) { - ESP_LOGI(TAG, "failed"); - goto failed3; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "socket connect to remote %s ......", OPENSSL_DEMO_TARGET_NAME); - memset(&sock_addr, 0, sizeof(sock_addr)); - sock_addr.sin_family = AF_INET; - sock_addr.sin_addr.s_addr = ip4_addr->addr; - sock_addr.sin_port = htons(OPENSSL_DEMO_TARGET_TCP_PORT); - ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); - if (ret) { - ESP_LOGI(TAG, "failed"); - goto failed3; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "create SSL ......"); - ssl = SSL_new(ctx); - if (!ssl) { - ESP_LOGI(TAG, "failed"); - goto failed3; - } - ESP_LOGI(TAG, "OK"); - - SSL_set_fd(ssl, socket); - - ESP_LOGI(TAG, "SSL connected to %s port %d ......", - OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT); - ret = SSL_connect(ssl); - if (!ret) { - ESP_LOGI(TAG, "failed " ); - goto failed4; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "send https request to %s port %d ......", - OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT); - ret = SSL_write(ssl, send_data, send_bytes); - if (ret <= 0) { - ESP_LOGI(TAG, "failed"); - goto failed5; - } - ESP_LOGI(TAG, "OK"); - - do { - ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1); - if (ret <= 0) { - break; - } - recv_bytes += ret; - ESP_LOGI(TAG, "%s", recv_buf); - } while (1); - - ESP_LOGI(TAG, "totaly read %d bytes data from %s ......", recv_bytes, OPENSSL_DEMO_TARGET_NAME); - -failed5: - SSL_shutdown(ssl); -failed4: - SSL_free(ssl); - ssl = NULL; -failed3: - close(socket); - socket = -1; -failed2: - SSL_CTX_free(ctx); - ctx = NULL; -failed1: - vTaskDelete(NULL); - return ; -} - -static void openssl_client_init(void) -{ - int ret; - xTaskHandle openssl_handle; - - ret = xTaskCreate(openssl_demo_thread, - OPENSSL_DEMO_THREAD_NAME, - OPENSSL_DEMO_THREAD_STACK_WORDS, - NULL, - OPENSSL_DEMO_THREAD_PRORIOTY, - &openssl_handle); - - if (ret != pdPASS) { - ESP_LOGI(TAG, "create thread %s failed", OPENSSL_DEMO_THREAD_NAME); - } -} - -static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) -{ - switch(event->event_id) { - case SYSTEM_EVENT_STA_START: - esp_wifi_connect(); - break; - case SYSTEM_EVENT_STA_GOT_IP: - xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); - openssl_client_init(); - break; - case SYSTEM_EVENT_STA_DISCONNECTED: - /* This is a workaround as ESP32 WiFi libs don't currently - auto-reassociate. */ - esp_wifi_connect(); - xEventGroupClearBits(wifi_event_group, CONNECTED_BIT); - break; - default: - break; - } - return ESP_OK; -} - -static void wifi_conn_init(void) -{ - tcpip_adapter_init(); - wifi_event_group = xEventGroupCreate(); - ESP_ERROR_CHECK( esp_event_loop_init(wifi_event_handler, NULL) ); - wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); - ESP_ERROR_CHECK( esp_wifi_init(&cfg) ); - ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) ); - wifi_config_t wifi_config = { - .sta = { - .ssid = EXAMPLE_WIFI_SSID, - .password = EXAMPLE_WIFI_PASS, - }, - }; - ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) ); - ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); - ESP_LOGI(TAG, "start the WIFI SSID:[%s] password:[%s]\n", EXAMPLE_WIFI_SSID, EXAMPLE_WIFI_PASS); - ESP_ERROR_CHECK( esp_wifi_start() ); -} - -void app_main(void) -{ - nvs_flash_init(); - wifi_conn_init(); -} +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "openssl_client.h" + +#include + +#include "openssl/ssl.h" + +#include "freertos/FreeRTOS.h" +#include "freertos/task.h" +#include "freertos/event_groups.h" + +#include "esp_log.h" +#include "esp_wifi.h" +#include "esp_event_loop.h" + +#include "nvs_flash.h" + +#include "lwip/sockets.h" +#include "lwip/netdb.h" + +static EventGroupHandle_t wifi_event_group; + +/* The event group allows multiple bits for each event, + but we only care about one event - are we connected + to the AP with an IP? */ +const static int CONNECTED_BIT = BIT0; + +const static char *TAG = "Openssl_demo"; + +void openssl_demo_thread(void *p) +{ + int ret; + SSL_CTX *ctx; + SSL *ssl; + int socket; + struct sockaddr_in sock_addr; + struct hostent *hp; + struct ip4_addr *ip4_addr; + + int recv_bytes = 0; + char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN]; + + const char send_data[] = OPENSSL_DEMO_REQUEST; + const int send_bytes = sizeof(send_data); + + ESP_LOGI(TAG, "OpenSSL demo thread start OK"); + + ESP_LOGI(TAG, "get target IP address"); + hp = gethostbyname(OPENSSL_DEMO_TARGET_NAME); + if (!hp) { + ESP_LOGI(TAG, "failed"); + goto failed1; + } + ESP_LOGI(TAG, "OK"); + + ip4_addr = (struct ip4_addr *)hp->h_addr; + ESP_LOGI(TAG, IPSTR, IP2STR(ip4_addr)); + + ESP_LOGI(TAG, "create SSL context ......"); + ctx = SSL_CTX_new(TLSv1_1_client_method()); + if (!ctx) { + ESP_LOGI(TAG, "failed"); + goto failed1; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "create socket ......"); + socket = socket(AF_INET, SOCK_STREAM, 0); + if (socket < 0) { + ESP_LOGI(TAG, "failed"); + goto failed2; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "bind socket ......"); + memset(&sock_addr, 0, sizeof(sock_addr)); + sock_addr.sin_family = AF_INET; + sock_addr.sin_addr.s_addr = 0; + sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT); + ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); + if (ret) { + ESP_LOGI(TAG, "failed"); + goto failed3; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "socket connect to remote %s ......", OPENSSL_DEMO_TARGET_NAME); + memset(&sock_addr, 0, sizeof(sock_addr)); + sock_addr.sin_family = AF_INET; + sock_addr.sin_addr.s_addr = ip4_addr->addr; + sock_addr.sin_port = htons(OPENSSL_DEMO_TARGET_TCP_PORT); + ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); + if (ret) { + ESP_LOGI(TAG, "failed"); + goto failed3; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "create SSL ......"); + ssl = SSL_new(ctx); + if (!ssl) { + ESP_LOGI(TAG, "failed"); + goto failed3; + } + ESP_LOGI(TAG, "OK"); + + SSL_set_fd(ssl, socket); + + ESP_LOGI(TAG, "SSL connected to %s port %d ......", + OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT); + ret = SSL_connect(ssl); + if (!ret) { + ESP_LOGI(TAG, "failed " ); + goto failed4; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "send https request to %s port %d ......", + OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT); + ret = SSL_write(ssl, send_data, send_bytes); + if (ret <= 0) { + ESP_LOGI(TAG, "failed"); + goto failed5; + } + ESP_LOGI(TAG, "OK"); + + do { + ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1); + if (ret <= 0) { + break; + } + recv_bytes += ret; + ESP_LOGI(TAG, "%s", recv_buf); + } while (1); + + ESP_LOGI(TAG, "totaly read %d bytes data from %s ......", recv_bytes, OPENSSL_DEMO_TARGET_NAME); + +failed5: + SSL_shutdown(ssl); +failed4: + SSL_free(ssl); + ssl = NULL; +failed3: + close(socket); + socket = -1; +failed2: + SSL_CTX_free(ctx); + ctx = NULL; +failed1: + vTaskDelete(NULL); + return ; +} + +static void openssl_client_init(void) +{ + int ret; + xTaskHandle openssl_handle; + + ret = xTaskCreate(openssl_demo_thread, + OPENSSL_DEMO_THREAD_NAME, + OPENSSL_DEMO_THREAD_STACK_WORDS, + NULL, + OPENSSL_DEMO_THREAD_PRORIOTY, + &openssl_handle); + + if (ret != pdPASS) { + ESP_LOGI(TAG, "create thread %s failed", OPENSSL_DEMO_THREAD_NAME); + } +} + +static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) +{ + switch(event->event_id) { + case SYSTEM_EVENT_STA_START: + esp_wifi_connect(); + break; + case SYSTEM_EVENT_STA_GOT_IP: + xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); + openssl_client_init(); + break; + case SYSTEM_EVENT_STA_DISCONNECTED: + /* This is a workaround as ESP32 WiFi libs don't currently + auto-reassociate. */ + esp_wifi_connect(); + xEventGroupClearBits(wifi_event_group, CONNECTED_BIT); + break; + default: + break; + } + return ESP_OK; +} + +static void wifi_conn_init(void) +{ + tcpip_adapter_init(); + wifi_event_group = xEventGroupCreate(); + ESP_ERROR_CHECK( esp_event_loop_init(wifi_event_handler, NULL) ); + wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); + ESP_ERROR_CHECK( esp_wifi_init(&cfg) ); + ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) ); + wifi_config_t wifi_config = { + .sta = { + .ssid = EXAMPLE_WIFI_SSID, + .password = EXAMPLE_WIFI_PASS, + }, + }; + ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) ); + ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); + ESP_LOGI(TAG, "start the WIFI SSID:[%s] password:[%s]\n", EXAMPLE_WIFI_SSID, EXAMPLE_WIFI_PASS); + ESP_ERROR_CHECK( esp_wifi_start() ); +} + +void app_main(void) +{ + nvs_flash_init(); + wifi_conn_init(); +} diff --git a/examples/10_openssl_server/README.md b/examples/10_openssl_server/README.md index a8c16d4ed0..333cb3d6a6 100644 --- a/examples/10_openssl_server/README.md +++ b/examples/10_openssl_server/README.md @@ -4,8 +4,8 @@ The Example contains of OpenSSL server demo. First you should configure the project by "make menuconfig": Example Configuration -> - 1. WiFi SSID: WiFi network to which your PC is also connected to. - 1. WiFi Password: wifi password + 1. WIFI SSID: WIFI network to which your PC is also connected to. + 1. WIFI Password: WIFI password IF you want to test the OpenSSL server demo: 1. compile the code and load the firmware @@ -15,6 +15,7 @@ IF you want to test the OpenSSL server demo: Note: The private key and certification at the example are not trusted by web browser, because they are not created by CA official, just by ourselves. - You can alse create your own private key and ceritification by "openssl at ubuntu or others". + You can alse create your own private key and ceritification by "openssl at ubuntu or others". + We have the document of "ESP8266_SDKSSL_User_Manual_EN_v1.4.pdf" at "http://www.espressif.com/en/support/download/documents". By it you can gernerate the private key and certification with the fomate of ".pem" See the README.md file in the upper level 'examples' directory for more information about examples. diff --git a/examples/10_openssl_server/main/openssl_server.c b/examples/10_openssl_server/main/openssl_server.c index 6dc28182d7..7f4b7d6b6e 100644 --- a/examples/10_openssl_server/main/openssl_server.c +++ b/examples/10_openssl_server/main/openssl_server.c @@ -1,257 +1,253 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "openssl_server.h" - -#include - -#include "openssl/ssl.h" - -#include "freertos/FreeRTOS.h" -#include "freertos/task.h" -#include "freertos/event_groups.h" - -#include "esp_types.h" -#include "esp_log.h" -#include "esp_system.h" -#include "esp_wifi.h" -#include "esp_event_loop.h" -#include "esp_log.h" - -#include "nvs_flash.h" -#include "tcpip_adapter.h" - -#include "lwip/sockets.h" -#include "lwip/netdb.h" - -static EventGroupHandle_t wifi_event_group; - -/* The event group allows multiple bits for each event, - but we only care about one event - are we connected - to the AP with an IP? */ -const static int CONNECTED_BIT = BIT0; - -const static char *TAG = "Openssl_demo"; - -#define OPENSSL_DEMO_SERVER_ACK "HTTP/1.1 200 OK\r\n" \ - "Content-Type: text/html\r\n" \ - "Content-Length: 98\r\n" \ - "\r\n" \ - "\r\n" \ - "OpenSSL demo\r\n" \ - "OpenSSL server demo!\r\n" \ - "\r\n" \ - "\r\n" - -static void openssl_demo_thread(void *p) -{ - int ret; - - SSL_CTX *ctx; - SSL *ssl; - - int socket, new_socket; - socklen_t addr_len; - struct sockaddr_in sock_addr; - - char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN]; - - const char send_data[] = OPENSSL_DEMO_SERVER_ACK; - const int send_bytes = sizeof(send_data); - - extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start"); - extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end"); - const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start; - - extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start"); - extern const unsigned char prvtkey_pem_end[] asm("_binary_prvtkey_pem_end"); - const unsigned int prvtkey_pem_bytes = prvtkey_pem_end - prvtkey_pem_start; - - ESP_LOGI(TAG, "SSL server context create ......"); - ctx = SSL_CTX_new(SSLv3_server_method()); - if (!ctx) { - ESP_LOGI(TAG, "failed"); - goto failed1; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "SSL server context set own certification......"); - ret = SSL_CTX_use_certificate_ASN1(ctx, cacert_pem_bytes, cacert_pem_start); - if (!ret) { - ESP_LOGI(TAG, "failed"); - goto failed2; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "SSL server context set private key......"); - ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, prvtkey_pem_start, prvtkey_pem_bytes); - if (!ret) { - ESP_LOGI(TAG, "failed"); - goto failed2; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "SSL server create socket ......"); - socket = socket(AF_INET, SOCK_STREAM, 0); - if (socket < 0) { - ESP_LOGI(TAG, "failed"); - goto failed2; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "SSL server socket bind ......"); - memset(&sock_addr, 0, sizeof(sock_addr)); - sock_addr.sin_family = AF_INET; - sock_addr.sin_addr.s_addr = 0; - sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT); - ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); - if (ret) { - ESP_LOGI(TAG, "failed"); - goto failed3; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "SSL server socket listen ......"); - ret = listen(socket, 32); - if (ret) { - ESP_LOGI(TAG, "failed"); - goto failed3; - } - ESP_LOGI(TAG, "OK"); - -reconnect: - ESP_LOGI(TAG, "SSL server create ......"); - ssl = SSL_new(ctx); - if (!ssl) { - ESP_LOGI(TAG, "failed"); - goto failed3; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "SSL server socket accept client ......"); - new_socket = accept(socket, (struct sockaddr *)&sock_addr, &addr_len); - if (new_socket < 0) { - ESP_LOGI(TAG, "failed" ); - goto failed4; - } - ESP_LOGI(TAG, "OK"); - - SSL_set_fd(ssl, new_socket); - - ESP_LOGI(TAG, "SSL server accept client ......"); - ret = SSL_accept(ssl); - if (!ret) { - ESP_LOGI(TAG, "failed"); - goto failed5; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "SSL server read message ......"); - do { - memset(recv_buf, 0, OPENSSL_DEMO_RECV_BUF_LEN); - ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1); - if (ret <= 0) { - break; - } - if (strstr(recv_buf, "GET / HTTP/1.1")) { - SSL_write(ssl, send_data, send_bytes); - break; - } - } while (1); - - ESP_LOGI(TAG, "result %d", ret); - - SSL_shutdown(ssl); -failed5: - close(new_socket); - new_socket = -1; -failed4: - SSL_free(ssl); - ssl = NULL; - goto reconnect; -failed3: - close(socket); - socket = -1; -failed2: - SSL_CTX_free(ctx); - ctx = NULL; -failed1: - vTaskDelete(NULL); - return ; -} - -static void openssl_client_init(void) -{ - int ret; - xTaskHandle openssl_handle; - - ret = xTaskCreate(openssl_demo_thread, - OPENSSL_DEMO_THREAD_NAME, - OPENSSL_DEMO_THREAD_STACK_WORDS, - NULL, - OPENSSL_DEMO_THREAD_PRORIOTY, - &openssl_handle); - - if (ret != pdPASS) { - ESP_LOGI(TAG, "create thread %s failed", OPENSSL_DEMO_THREAD_NAME); - } -} - -static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) -{ - switch(event->event_id) { - case SYSTEM_EVENT_STA_START: - esp_wifi_connect(); - break; - case SYSTEM_EVENT_STA_GOT_IP: - xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); - openssl_client_init(); - break; - case SYSTEM_EVENT_STA_DISCONNECTED: - /* This is a workaround as ESP32 WiFi libs don't currently - auto-reassociate. */ - esp_wifi_connect(); - xEventGroupClearBits(wifi_event_group, CONNECTED_BIT); - break; - default: - break; - } - return ESP_OK; -} - -static void wifi_conn_init(void) -{ - tcpip_adapter_init(); - wifi_event_group = xEventGroupCreate(); - ESP_ERROR_CHECK( esp_event_loop_init(wifi_event_handler, NULL) ); - wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); - ESP_ERROR_CHECK( esp_wifi_init(&cfg) ); - ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) ); - wifi_config_t wifi_config = { - .sta = { - .ssid = EXAMPLE_WIFI_SSID, - .password = EXAMPLE_WIFI_PASS, - }, - }; - ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) ); - ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); - ESP_LOGI(TAG, "start the WIFI SSID:[%s] password:[%s]\n", EXAMPLE_WIFI_SSID, EXAMPLE_WIFI_PASS); - ESP_ERROR_CHECK( esp_wifi_start() ); -} - -void app_main(void) -{ - nvs_flash_init(); - wifi_conn_init(); -} +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "openssl_server.h" + +#include + +#include "openssl/ssl.h" + +#include "freertos/FreeRTOS.h" +#include "freertos/task.h" +#include "freertos/event_groups.h" + +#include "esp_log.h" +#include "esp_wifi.h" +#include "esp_event_loop.h" + +#include "nvs_flash.h" + +#include "lwip/sockets.h" +#include "lwip/netdb.h" + +static EventGroupHandle_t wifi_event_group; + +/* The event group allows multiple bits for each event, + but we only care about one event - are we connected + to the AP with an IP? */ +const static int CONNECTED_BIT = BIT0; + +const static char *TAG = "Openssl_demo"; + +#define OPENSSL_DEMO_SERVER_ACK "HTTP/1.1 200 OK\r\n" \ + "Content-Type: text/html\r\n" \ + "Content-Length: 98\r\n" \ + "\r\n" \ + "\r\n" \ + "OpenSSL demo\r\n" \ + "OpenSSL server demo!\r\n" \ + "\r\n" \ + "\r\n" + +static void openssl_demo_thread(void *p) +{ + int ret; + + SSL_CTX *ctx; + SSL *ssl; + + int socket, new_socket; + socklen_t addr_len; + struct sockaddr_in sock_addr; + + char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN]; + + const char send_data[] = OPENSSL_DEMO_SERVER_ACK; + const int send_bytes = sizeof(send_data); + + extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start"); + extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end"); + const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start; + + extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start"); + extern const unsigned char prvtkey_pem_end[] asm("_binary_prvtkey_pem_end"); + const unsigned int prvtkey_pem_bytes = prvtkey_pem_end - prvtkey_pem_start; + + ESP_LOGI(TAG, "SSL server context create ......"); + ctx = SSL_CTX_new(SSLv3_server_method()); + if (!ctx) { + ESP_LOGI(TAG, "failed"); + goto failed1; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "SSL server context set own certification......"); + ret = SSL_CTX_use_certificate_ASN1(ctx, cacert_pem_bytes, cacert_pem_start); + if (!ret) { + ESP_LOGI(TAG, "failed"); + goto failed2; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "SSL server context set private key......"); + ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, prvtkey_pem_start, prvtkey_pem_bytes); + if (!ret) { + ESP_LOGI(TAG, "failed"); + goto failed2; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "SSL server create socket ......"); + socket = socket(AF_INET, SOCK_STREAM, 0); + if (socket < 0) { + ESP_LOGI(TAG, "failed"); + goto failed2; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "SSL server socket bind ......"); + memset(&sock_addr, 0, sizeof(sock_addr)); + sock_addr.sin_family = AF_INET; + sock_addr.sin_addr.s_addr = 0; + sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT); + ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); + if (ret) { + ESP_LOGI(TAG, "failed"); + goto failed3; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "SSL server socket listen ......"); + ret = listen(socket, 32); + if (ret) { + ESP_LOGI(TAG, "failed"); + goto failed3; + } + ESP_LOGI(TAG, "OK"); + +reconnect: + ESP_LOGI(TAG, "SSL server create ......"); + ssl = SSL_new(ctx); + if (!ssl) { + ESP_LOGI(TAG, "failed"); + goto failed3; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "SSL server socket accept client ......"); + new_socket = accept(socket, (struct sockaddr *)&sock_addr, &addr_len); + if (new_socket < 0) { + ESP_LOGI(TAG, "failed" ); + goto failed4; + } + ESP_LOGI(TAG, "OK"); + + SSL_set_fd(ssl, new_socket); + + ESP_LOGI(TAG, "SSL server accept client ......"); + ret = SSL_accept(ssl); + if (!ret) { + ESP_LOGI(TAG, "failed"); + goto failed5; + } + ESP_LOGI(TAG, "OK"); + + ESP_LOGI(TAG, "SSL server read message ......"); + do { + memset(recv_buf, 0, OPENSSL_DEMO_RECV_BUF_LEN); + ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1); + if (ret <= 0) { + break; + } + if (strstr(recv_buf, "GET / HTTP/1.1")) { + SSL_write(ssl, send_data, send_bytes); + break; + } + } while (1); + + ESP_LOGI(TAG, "result %d", ret); + + SSL_shutdown(ssl); +failed5: + close(new_socket); + new_socket = -1; +failed4: + SSL_free(ssl); + ssl = NULL; + goto reconnect; +failed3: + close(socket); + socket = -1; +failed2: + SSL_CTX_free(ctx); + ctx = NULL; +failed1: + vTaskDelete(NULL); + return ; +} + +static void openssl_client_init(void) +{ + int ret; + xTaskHandle openssl_handle; + + ret = xTaskCreate(openssl_demo_thread, + OPENSSL_DEMO_THREAD_NAME, + OPENSSL_DEMO_THREAD_STACK_WORDS, + NULL, + OPENSSL_DEMO_THREAD_PRORIOTY, + &openssl_handle); + + if (ret != pdPASS) { + ESP_LOGI(TAG, "create thread %s failed", OPENSSL_DEMO_THREAD_NAME); + } +} + +static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) +{ + switch(event->event_id) { + case SYSTEM_EVENT_STA_START: + esp_wifi_connect(); + break; + case SYSTEM_EVENT_STA_GOT_IP: + xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); + openssl_client_init(); + break; + case SYSTEM_EVENT_STA_DISCONNECTED: + /* This is a workaround as ESP32 WiFi libs don't currently + auto-reassociate. */ + esp_wifi_connect(); + xEventGroupClearBits(wifi_event_group, CONNECTED_BIT); + break; + default: + break; + } + return ESP_OK; +} + +static void wifi_conn_init(void) +{ + tcpip_adapter_init(); + wifi_event_group = xEventGroupCreate(); + ESP_ERROR_CHECK( esp_event_loop_init(wifi_event_handler, NULL) ); + wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); + ESP_ERROR_CHECK( esp_wifi_init(&cfg) ); + ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) ); + wifi_config_t wifi_config = { + .sta = { + .ssid = EXAMPLE_WIFI_SSID, + .password = EXAMPLE_WIFI_PASS, + }, + }; + ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) ); + ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); + ESP_LOGI(TAG, "start the WIFI SSID:[%s] password:[%s]\n", EXAMPLE_WIFI_SSID, EXAMPLE_WIFI_PASS); + ESP_ERROR_CHECK( esp_wifi_start() ); +} + +void app_main(void) +{ + nvs_flash_init(); + wifi_conn_init(); +} From 2b196b4f3e2a7f23fd2a15a690207cea8794ad36 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Fri, 18 Nov 2016 10:07:34 +0800 Subject: [PATCH 8/8] components/openssl_demo: remove the apache license header and add cc license head --- .../09_openssl_client/main/openssl_client.c | 19 +++++++------------ .../09_openssl_client/main/openssl_client.h | 9 +++++++++ .../10_openssl_server/main/openssl_server.c | 19 +++++++------------ .../10_openssl_server/main/openssl_server.h | 9 +++++++++ 4 files changed, 32 insertions(+), 24 deletions(-) diff --git a/examples/09_openssl_client/main/openssl_client.c b/examples/09_openssl_client/main/openssl_client.c index c804b6c4fd..c6b0e449ac 100644 --- a/examples/09_openssl_client/main/openssl_client.c +++ b/examples/09_openssl_client/main/openssl_client.c @@ -1,16 +1,11 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at +/* OpenSSL client Example -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. + This example code is in the Public Domain (or CC0 licensed, at your option.) + + Unless required by applicable law or agreed to in writing, this + software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + CONDITIONS OF ANY KIND, either express or implied. +*/ #include "openssl_client.h" diff --git a/examples/09_openssl_client/main/openssl_client.h b/examples/09_openssl_client/main/openssl_client.h index 5bc69a0aca..f5ab887ad4 100644 --- a/examples/09_openssl_client/main/openssl_client.h +++ b/examples/09_openssl_client/main/openssl_client.h @@ -1,3 +1,12 @@ +/* OpenSSL client Example + + This example code is in the Public Domain (or CC0 licensed, at your option.) + + Unless required by applicable law or agreed to in writing, this + software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + CONDITIONS OF ANY KIND, either express or implied. +*/ + #ifndef _OPENSSL_DEMO_H_ #define _OPENSSL_DEMO_H_ diff --git a/examples/10_openssl_server/main/openssl_server.c b/examples/10_openssl_server/main/openssl_server.c index 7f4b7d6b6e..53b6050d57 100644 --- a/examples/10_openssl_server/main/openssl_server.c +++ b/examples/10_openssl_server/main/openssl_server.c @@ -1,16 +1,11 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at +/* OpenSSL server Example -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. + This example code is in the Public Domain (or CC0 licensed, at your option.) + + Unless required by applicable law or agreed to in writing, this + software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + CONDITIONS OF ANY KIND, either express or implied. +*/ #include "openssl_server.h" diff --git a/examples/10_openssl_server/main/openssl_server.h b/examples/10_openssl_server/main/openssl_server.h index e87f5e482e..5f49de35f2 100644 --- a/examples/10_openssl_server/main/openssl_server.h +++ b/examples/10_openssl_server/main/openssl_server.h @@ -1,3 +1,12 @@ +/* OpenSSL server Example + + This example code is in the Public Domain (or CC0 licensed, at your option.) + + Unless required by applicable law or agreed to in writing, this + software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + CONDITIONS OF ANY KIND, either express or implied. +*/ + #ifndef _OPENSSL_DEMO_H_ #define _OPENSSL_DEMO_H_