feat(tls_cxx): Publish mbedtls component

Adds examples and tests.
Also supports DTLS now.

components/mbedtls_cxx/mbedtls_wrap.cpp

@@ -0,0 +1,268 @@
+/*
+ * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#include <mbedtls/timing.h>
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls_wrap.hpp"
+
+using namespace idf::mbedtls_cxx;
+
+bool Tls::init(is_server server, do_verify verify, TlsConfig *config)
+{
+    const char pers[] = "mbedtls_wrapper";
+    is_server_ = server == is_server{true};
+    is_dtls_ = config ? config->is_dtls : false;
+    uint32_t timeout = config ? config->timeout : 0;
+    mbedtls_entropy_init(&entropy_);
+    mbedtls_ctr_drbg_seed(&ctr_drbg_, mbedtls_entropy_func, &entropy_, (const unsigned char *)pers, sizeof(pers));
+    int endpoint = server == is_server{true} ? MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT;
+    int transport = is_dtls_ ? MBEDTLS_SSL_TRANSPORT_DATAGRAM : MBEDTLS_SSL_TRANSPORT_STREAM;
+    int ret = mbedtls_ssl_config_defaults(&conf_, endpoint, transport, MBEDTLS_SSL_PRESET_DEFAULT);
+    if (ret) {
+        print_error("mbedtls_ssl_config_defaults", ret);
+        return false;
+    }
+    mbedtls_ssl_conf_rng(&conf_, mbedtls_ctr_drbg_random, &ctr_drbg_);
+    if (timeout) {
+        mbedtls_ssl_conf_read_timeout(&conf_, timeout);
+    }
+    mbedtls_ssl_conf_authmode(&conf_, verify == do_verify{true} ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE);
+    ret = mbedtls_ssl_conf_own_cert(&conf_, &public_cert_, &pk_key_);
+    if (ret) {
+        print_error("mbedtls_ssl_conf_own_cert", ret);
+        return false;
+    }
+    if (verify == do_verify{true}) {
+        mbedtls_ssl_conf_ca_chain(&conf_, &ca_cert_, nullptr);
+    }
+
+#if CONFIG_MBEDTLS_SSL_PROTO_DTLS
+    if (is_server_ && is_dtls_) {
+        if (!init_dtls_cookies()) {
+            return false;
+        }
+    }
+#endif // MBEDTLS_SSL_PROTO_DTLS
+
+    ret = mbedtls_ssl_setup(&ssl_, &conf_);
+    if (ret) {
+        print_error("mbedtls_ssl_setup", ret);
+        return false;
+    }
+
+    if (timeout) {
+        mbedtls_ssl_set_timer_cb(&ssl_, &timer_, mbedtls_timing_set_delay, mbedtls_timing_get_delay);
+    }
+
+#if CONFIG_MBEDTLS_SSL_PROTO_DTLS
+    if (is_server_ && is_dtls_ && config && config->client_id != const_buf {}) {
+        client_id_ = config->client_id;
+        if (!set_client_id()) {
+            return false;
+        }
+    }
+#endif // MBEDTLS_SSL_PROTO_DTLS
+
+    return true;
+}
+
+bool Tls::deinit()
+{
+    ::mbedtls_ssl_config_free(&conf_);
+    ::mbedtls_ssl_free(&ssl_);
+    ::mbedtls_pk_free(&pk_key_);
+    ::mbedtls_x509_crt_free(&public_cert_);
+    ::mbedtls_x509_crt_free(&ca_cert_);
+    return true;
+}
+
+void Tls::print_error(const char *function, int error_code)
+{
+    static char error_buf[100];
+    mbedtls_strerror(error_code, error_buf, sizeof(error_buf));
+
+    printf("%s() returned -0x%04X\n", function, -error_code);
+    printf("-0x%04X: %s\n", -error_code, error_buf);
+}
+
+int Tls::handshake()
+{
+    int ret = 0;
+    mbedtls_ssl_set_bio(&ssl_, this, bio_write, bio_read, is_dtls_ ? bio_read_tout : nullptr);
+
+    while ( ( ret = mbedtls_ssl_handshake( &ssl_ ) ) != 0 ) {
+        if ( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) {
+#if CONFIG_MBEDTLS_SSL_PROTO_DTLS
+            if (is_server_ && is_dtls_ && ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
+                // hello verification requested -> restart the session with this client_id
+                if (!set_client_id()) {
+                    return -1;
+                }
+                continue;
+            }
+#endif // MBEDTLS_SSL_PROTO_DTLS
+            print_error( "mbedtls_ssl_handshake returned", ret );
+            return -1;
+        }
+        delay();
+    }
+    return ret;
+}
+
+int Tls::bio_write(void *ctx, const unsigned char *buf, size_t len)
+{
+    auto s = static_cast<Tls *>(ctx);
+    return s->send(buf, len);
+}
+
+int Tls::bio_read(void *ctx, unsigned char *buf, size_t len)
+{
+    auto s = static_cast<Tls *>(ctx);
+    return s->recv(buf, len);
+}
+
+int Tls::bio_read_tout(void *ctx, unsigned char *buf, size_t len, uint32_t timeout)
+{
+    auto s = static_cast<Tls *>(ctx);
+    return s->recv_timeout(buf, len, timeout);
+}
+
+int Tls::write(const unsigned char *buf, size_t len)
+{
+    return mbedtls_ssl_write( &ssl_, buf, len );
+}
+
+int Tls::read(unsigned char *buf, size_t len)
+{
+    return mbedtls_ssl_read( &ssl_, buf, len );
+}
+
+bool Tls::set_own_cert(const_buf crt, const_buf key)
+{
+    int ret = mbedtls_x509_crt_parse(&public_cert_, crt.first, crt.second);
+    if (ret < 0) {
+        print_error("mbedtls_x509_crt_parse", ret);
+        return false;
+    }
+    ret = mbedtls_pk_parse_key(&pk_key_, key.first, key.second, nullptr, 0);
+    if (ret < 0) {
+        print_error("mbedtls_pk_parse_keyfile", ret);
+        return false;
+    }
+    return true;
+}
+
+bool Tls::set_ca_cert(const_buf crt)
+{
+    int ret = mbedtls_x509_crt_parse(&ca_cert_, crt.first, crt.second);
+    if (ret < 0) {
+        print_error("mbedtls_x509_crt_parse", ret);
+        return false;
+    }
+    return true;
+}
+
+bool Tls::set_hostname(const char *name)
+{
+    int ret = mbedtls_ssl_set_hostname(&ssl_, name);
+    if (ret < 0) {
+        print_error("mbedtls_ssl_set_hostname", ret);
+        return false;
+    }
+    return true;
+}
+
+Tls::Tls()
+{
+    mbedtls_x509_crt_init(&public_cert_);
+    mbedtls_pk_init(&pk_key_);
+    mbedtls_x509_crt_init(&ca_cert_);
+}
+
+int Tls::mbedtls_pk_parse_key(mbedtls_pk_context *ctx, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen)
+{
+
+    return ::mbedtls_pk_parse_key(ctx, key, keylen, pwd, pwdlen, nullptr, nullptr);
+}
+
+size_t Tls::get_available_bytes()
+{
+    return ::mbedtls_ssl_get_bytes_avail(&ssl_);
+}
+
+Tls::~Tls()
+{
+    ::mbedtls_ssl_config_free(&conf_);
+    ::mbedtls_ssl_free(&ssl_);
+    ::mbedtls_pk_free(&pk_key_);
+    ::mbedtls_x509_crt_free(&public_cert_);
+    ::mbedtls_x509_crt_free(&ca_cert_);
+}
+
+bool Tls::get_session()
+{
+    if (session_ == nullptr) {
+        session_ = std::make_unique<unique_session>();
+    }
+    int ret = ::mbedtls_ssl_get_session(&ssl_, session_->ptr());
+    if (ret != 0) {
+        print_error("mbedtls_ssl_get_session() failed", ret);
+        return false;
+    }
+    return true;
+}
+
+bool Tls::set_session()
+{
+    if (session_ == nullptr) {
+        printf("session hasn't been initialized");
+        return false;
+    }
+    int ret = mbedtls_ssl_set_session(&ssl_, session_->ptr());
+    if (ret != 0) {
+        print_error("mbedtls_ssl_set_session() failed", ret);
+        return false;
+    }
+    return true;
+}
+
+void Tls::reset_session()
+{
+    session_.reset(nullptr);
+}
+bool Tls::is_session_loaded()
+{
+    return session_ != nullptr;
+}
+
+#if CONFIG_MBEDTLS_SSL_PROTO_DTLS
+bool Tls::init_dtls_cookies()
+{
+    int ret = mbedtls_ssl_cookie_setup(&cookie_, mbedtls_ctr_drbg_random, &ctr_drbg_);
+    if (ret != 0) {
+        print_error("mbedtls_ssl_cookie_setup() failed", ret);
+        return false;
+    }
+    mbedtls_ssl_conf_dtls_cookies(&conf_, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &cookie_);
+
+    return true;
+}
+
+bool Tls::set_client_id()
+{
+    int ret;
+    if (client_id_ == const_buf{}) {
+        printf("client_id is not set");
+        return false;
+    }
+    mbedtls_ssl_session_reset(&ssl_);
+    if ((ret = mbedtls_ssl_set_client_transport_id(&ssl_, client_id_.first, client_id_.second)) != 0) {
+        print_error("mbedtls_ssl_set_client_transport_id()", ret);
+        return false;
+    }
+    return true;
+}
+#endif