diff --git a/components/esp-tls/CMakeLists.txt b/components/esp-tls/CMakeLists.txt index d8a73c1451..a8ae11e097 100644 --- a/components/esp-tls/CMakeLists.txt +++ b/components/esp-tls/CMakeLists.txt @@ -1,4 +1,4 @@ -set(srcs esp_tls.c) +set(srcs esp_tls.c esp-tls-crypto/esp_tls_crypto.c) if(CONFIG_ESP_TLS_USING_MBEDTLS) list(APPEND srcs "esp_tls_mbedtls.c") @@ -10,7 +10,7 @@ if(CONFIG_ESP_TLS_USING_WOLFSSL) endif() idf_component_register(SRCS "${srcs}" - INCLUDE_DIRS "." + INCLUDE_DIRS . esp-tls-crypto PRIV_INCLUDE_DIRS "private_include" REQUIRES mbedtls PRIV_REQUIRES lwip nghttp) diff --git a/components/esp-tls/component.mk b/components/esp-tls/component.mk index 70f6f2fa72..59eb4a63a7 100644 --- a/components/esp-tls/component.mk +++ b/components/esp-tls/component.mk @@ -1,8 +1,8 @@ -COMPONENT_SRCDIRS := . -COMPONENT_OBJS := esp_tls.o +COMPONENT_SRCDIRS := . esp-tls-crypto +COMPONENT_OBJS := esp_tls.o esp-tls-crypto/esp_tls_crypto.o -COMPONENT_ADD_INCLUDEDIRS := . private_include +COMPONENT_ADD_INCLUDEDIRS := . esp-tls-crypto private_include ifneq ($(CONFIG_ESP_TLS_USING_MBEDTLS), ) diff --git a/components/esp-tls/esp-tls-crypto/esp_tls_crypto.c b/components/esp-tls/esp-tls-crypto/esp_tls_crypto.c new file mode 100644 index 0000000000..8dafa3419c --- /dev/null +++ b/components/esp-tls/esp-tls-crypto/esp_tls_crypto.c @@ -0,0 +1,85 @@ +// Copyright 2020 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "esp_tls_crypto.h" +#include "esp_log.h" +#include "esp_err.h" +static const char *TAG = "esp_crypto"; +#ifdef CONFIG_ESP_TLS_USING_MBEDTLS +#include "mbedtls/sha1.h" +#include "mbedtls/base64.h" +#define _esp_crypto_sha1 esp_crypto_sha1_mbedtls +#define _esp_crypto_base64_encode esp_crypto_bas64_encode_mbedtls +#elif CONFIG_ESP_TLS_USING_WOLFSSL +#include "wolfssl/ssl.h" /* SHA functions are listed in wolfssl/ssl.h */ +#include "wolfssl/wolfcrypt/coding.h" +#define _esp_crypto_sha1 esp_crypto_sha1_wolfSSL +#define _esp_crypto_base64_encode esp_crypto_base64_encode_woflSSL +#endif + +#ifdef CONFIG_ESP_TLS_USING_MBEDTLS +static int esp_crypto_sha1_mbedtls( const unsigned char *input, + size_t ilen, + unsigned char output[20]) +{ + int ret = mbedtls_sha1_ret(input, ilen, output); + if (ret != 0) { + ESP_LOGE(TAG, "Error in calculating sha1 sum , Returned 0x%02X", ret); + } + return ret; +} + +static int esp_crypto_bas64_encode_mbedtls( unsigned char *dst, size_t dlen, + size_t *olen, const unsigned char *src, + size_t slen) +{ + return mbedtls_base64_encode(dst, dlen, olen, src, slen); +} + +#elif CONFIG_ESP_TLS_USING_WOLFSSL +static int esp_crypto_sha1_wolfSSL( const unsigned char *input, + size_t ilen, + unsigned char output[20]) +{ + unsigned char *ret = wolfSSL_SHA1(input, ilen, output); + if (ret == NULL) { + ESP_LOGE(TAG, "Error in calculating sha1 sum"); + return -1; + } + return 0; +} + +static int esp_crypto_base64_encode_woflSSL(unsigned char *dst, size_t dlen, size_t *olen, + const unsigned char *src, size_t slen) +{ + *olen = dlen; + return Base64_Encode((const byte *) src, (word32) slen, (byte *) dst, (word32 *) olen); +} + +#else +#error "No TLS/SSL Stack selected" +#endif + +int esp_crypto_sha1( const unsigned char *input, + size_t ilen, + unsigned char output[20]) +{ + return _esp_crypto_sha1(input, ilen, output); +} + +int esp_crypto_base64_encode(unsigned char *dst, size_t dlen, size_t *olen, + const unsigned char *src, size_t slen ) +{ + return _esp_crypto_base64_encode(dst, dlen, olen, src, slen); +} diff --git a/components/esp-tls/esp-tls-crypto/esp_tls_crypto.h b/components/esp-tls/esp-tls-crypto/esp_tls_crypto.h new file mode 100644 index 0000000000..2336a9cebc --- /dev/null +++ b/components/esp-tls/esp-tls-crypto/esp_tls_crypto.h @@ -0,0 +1,68 @@ +// Copyright 2020 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +#ifndef _ESP_TLS_CRYPTO_H +#define _ESP_TLS_CRYPTO_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Calculate sha1 sum + * esp-tls abstraction for crypto sha1 API, calculates the sha1 sum(digest) of + * the data provided in input which is of ilen size and returns + * a 20 char sha1 sum + * @param[in] input Input array + * @param[in] ilen Length of Input array + * @param[out] output calculated sha1 sum + * + * @return + * mbedtls stack:- + * - MBEDTLS_ERR_SHA1_BAD_INPUT_DATA on BAD INPUT. + * - 0 on success. + * wolfssl stack:- + * - -1 on failure. + * - 0 on success. + */ +int esp_crypto_sha1(const unsigned char *input, + size_t ilen, + unsigned char output[20]); + +/** + * @brief Do Base64 encode of the src data + * + * @param[in] dst destination buffer + * @param[in] dlen length of destination buffer + * @param[out] olen number of bytes written + * @param[in] src src buffer to be encoded + * @param[in] slen src buffer len + * + * @return + * mbedtls stack:- + * - MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if buffer is of insufficient size. + * - 0 if successful. + * wolfssl stack:- + * - <0 on failure. + * - 0 if succcessful. + */ +int esp_crypto_base64_encode(unsigned char *dst, size_t dlen, + size_t *olen, const unsigned char *src, + size_t slen); + +#ifdef __cplusplus +} +#endif +#endif /* _ESP_TLS_CRYPTO_H */ diff --git a/components/esp_http_client/CMakeLists.txt b/components/esp_http_client/CMakeLists.txt index 327e90778a..4020133229 100644 --- a/components/esp_http_client/CMakeLists.txt +++ b/components/esp_http_client/CMakeLists.txt @@ -5,4 +5,4 @@ idf_component_register(SRCS "esp_http_client.c" INCLUDE_DIRS "include" PRIV_INCLUDE_DIRS "lib/include" REQUIRES nghttp - PRIV_REQUIRES mbedtls lwip esp-tls tcp_transport) + PRIV_REQUIRES lwip esp-tls tcp_transport) diff --git a/components/esp_http_client/Kconfig b/components/esp_http_client/Kconfig index 9cc8a68050..9833098cb1 100644 --- a/components/esp_http_client/Kconfig +++ b/components/esp_http_client/Kconfig @@ -5,7 +5,7 @@ menu "ESP HTTP client" bool "Enable https" default y help - This option will enable https protocol by linking mbedtls library and initializing SSL transport + This option will enable https protocol by linking esp-tls library and initializing SSL transport config ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH bool "Enable HTTP Basic Authentication" diff --git a/components/esp_http_client/lib/http_auth.c b/components/esp_http_client/lib/http_auth.c index d89ccfec8d..2ed724e16d 100644 --- a/components/esp_http_client/lib/http_auth.c +++ b/components/esp_http_client/lib/http_auth.c @@ -20,7 +20,7 @@ #include "esp_netif.h" #include "lwip/sockets.h" #include "esp_rom_md5.h" -#include "mbedtls/base64.h" +#include "esp_tls_crypto.h" #include "esp_system.h" #include "esp_log.h" @@ -140,11 +140,11 @@ char *http_auth_basic(const char *username, const char *password) size_t n = 0; asprintf(&user_info, "%s:%s", username, password); HTTP_MEM_CHECK(TAG, user_info, return NULL); - mbedtls_base64_encode(NULL, 0, &n, (const unsigned char *)user_info, strlen(user_info)); + esp_crypto_base64_encode(NULL, 0, &n, (const unsigned char *)user_info, strlen(user_info)); digest = calloc(1, 6 + n + 1); HTTP_MEM_CHECK(TAG, digest, goto _basic_exit); strcpy(digest, "Basic "); - mbedtls_base64_encode((unsigned char *)digest + 6, n, (size_t *)&out, (const unsigned char *)user_info, strlen(user_info)); + esp_crypto_base64_encode((unsigned char *)digest + 6, n, (size_t *)&out, (const unsigned char *)user_info, strlen(user_info)); _basic_exit: free(user_info); return digest; diff --git a/components/tcp_transport/transport_ws.c b/components/tcp_transport/transport_ws.c index d2ea9648ba..7a532857f1 100644 --- a/components/tcp_transport/transport_ws.c +++ b/components/tcp_transport/transport_ws.c @@ -8,10 +8,9 @@ #include "esp_transport_tcp.h" #include "esp_transport_ws.h" #include "esp_transport_utils.h" -#include "mbedtls/base64.h" -#include "mbedtls/sha1.h" #include "esp_transport_internal.h" #include "errno.h" +#include "esp_tls_crypto.h" static const char *TAG = "TRANSPORT_WS"; @@ -118,7 +117,7 @@ static int ws_connect(esp_transport_handle_t t, const char *host, int port, int const char *user_agent_ptr = (ws->user_agent)?(ws->user_agent):"ESP32 Websocket Client"; size_t outlen = 0; - mbedtls_base64_encode(client_key, sizeof(client_key), &outlen, random_key, sizeof(random_key)); + esp_crypto_base64_encode(client_key, sizeof(client_key), &outlen, random_key, sizeof(random_key)); int len = snprintf(ws->buffer, WS_BUFFER_SIZE, "GET %s HTTP/1.1\r\n" "Connection: Upgrade\r\n" @@ -183,7 +182,7 @@ static int ws_connect(esp_transport_handle_t t, const char *host, int port, int return -1; } - // See mbedtls_sha1_ret() arg size + // See esp_crypto_sha1() arg size unsigned char expected_server_sha1[20]; // Size of base64 coded string see above unsigned char expected_server_key[33] = {0}; @@ -194,8 +193,8 @@ static int ws_connect(esp_transport_handle_t t, const char *host, int port, int strcat((char*)expected_server_text, expected_server_magic); size_t key_len = strlen((char*)expected_server_text); - mbedtls_sha1_ret(expected_server_text, key_len, expected_server_sha1); - mbedtls_base64_encode(expected_server_key, sizeof(expected_server_key), &outlen, expected_server_sha1, sizeof(expected_server_sha1)); + esp_crypto_sha1(expected_server_text, key_len, expected_server_sha1); + esp_crypto_base64_encode(expected_server_key, sizeof(expected_server_key), &outlen, expected_server_sha1, sizeof(expected_server_sha1)); expected_server_key[ (outlen < sizeof(expected_server_key)) ? outlen : (sizeof(expected_server_key) - 1) ] = 0; ESP_LOGD(TAG, "server key=%s, send_key=%s, expected_server_key=%s", (char *)server_key, (char*)client_key, expected_server_key); if (strcmp((char*)expected_server_key, (char*)server_key) != 0) {