diff --git a/components/asio/CMakeLists.txt b/components/asio/CMakeLists.txt index f2038278d..b55dc56ab 100644 --- a/components/asio/CMakeLists.txt +++ b/components/asio/CMakeLists.txt @@ -1,3 +1,5 @@ idf_component_register(SRCS "asio/asio/src/asio.cpp" + "asio/asio/src/asio_ssl.cpp" + "port/src/esp_asio_openssl_stubs.c" INCLUDE_DIRS "asio/asio/include" "port/include" - REQUIRES lwip) + REQUIRES lwip openssl) diff --git a/components/asio/asio b/components/asio/asio index 3b66e5b05..61702cd13 160000 --- a/components/asio/asio +++ b/components/asio/asio @@ -1 +1 @@ -Subproject commit 3b66e5b051381fb70de9c2791df70a06181c64e3 +Subproject commit 61702cd13be0b8c9800a9793daae72768ede26af diff --git a/components/asio/component.mk b/components/asio/component.mk index e024df3f3..0c2919e24 100644 --- a/components/asio/component.mk +++ b/components/asio/component.mk @@ -1,6 +1,5 @@ COMPONENT_ADD_INCLUDEDIRS := asio/asio/include port/include COMPONENT_PRIV_INCLUDEDIRS := private_include -COMPONENT_SRCDIRS := asio/asio/src -COMPONENT_OBJEXCLUDE := asio/asio/src/asio_ssl.o +COMPONENT_SRCDIRS := asio/asio/src port/src COMPONENT_SUBMODULES += asio diff --git a/components/asio/port/include/openssl/conf.h b/components/asio/port/include/openssl/conf.h new file mode 100644 index 000000000..9c46bd14a --- /dev/null +++ b/components/asio/port/include/openssl/conf.h @@ -0,0 +1,20 @@ +// Copyright 2020 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef _ESP_ASIO_OPENSSL_CONF_H +#define _ESP_ASIO_OPENSSL_CONF_H + +#include "openssl/esp_asio_openssl_stubs.h" + +#endif // _ESP_ASIO_OPENSSL_CONF_H diff --git a/components/asio/port/include/openssl/esp_asio_openssl_stubs.h b/components/asio/port/include/openssl/esp_asio_openssl_stubs.h new file mode 100644 index 000000000..611b4e784 --- /dev/null +++ b/components/asio/port/include/openssl/esp_asio_openssl_stubs.h @@ -0,0 +1,185 @@ +// Copyright 2020 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef _ESP_ASIO_OPENSSL_STUBS_H +#define _ESP_ASIO_OPENSSL_STUBS_H + +#include "internal/ssl_x509.h" +#include "internal/ssl_pkey.h" +#include "mbedtls/pem.h" +#include + +/** + * @note This header contains openssl API which are NOT implemented, and are only provided + * as stubs or no-operations to get the ASIO library compiled and working with most + * practical use cases as an embedded application on ESP platform + */ + +#ifdef __cplusplus +extern "C" { +#endif + +// The most applicable OpenSSL version wrtt ASIO usage +#define OPENSSL_VERSION_NUMBER 0x10100001L +// SSLv2 methods not supported +// OpenSSL port supports: TLS_ANY, TLS_1, TLS_1_1, TLS_1_2, SSL_3 +#define OPENSSL_NO_SSL2 +#define SSL2_VERSION 0x0002 + +#define SSL_R_SHORT_READ 219 +#define SSL_OP_ALL 0 +#define SSL_OP_SINGLE_DH_USE 0 +//#define OPENSSL_VERSION_NUMBER 0x10001000L +#define SSL_OP_NO_COMPRESSION 0 +//#define LIBRESSL_VERSION_NUMBER 1 +//#define PEM_R_NO_START_LINE 110 +// Translates mbedTLS PEM parse error, used by ASIO +#define PEM_R_NO_START_LINE -MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT + +#define SSL_OP_NO_SSLv2 0x01000000L +#define SSL_OP_NO_SSLv3 0x02000000L +#define SSL_OP_NO_TLSv1 0x04000000L + +#define X509_FILETYPE_PEM 1 +#define X509_FILETYPE_ASN1 2 +#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +#define SSL_FILETYPE_PEM X509_FILETYPE_PEM + +#define NID_subject_alt_name 85 + +#define SSL_MODE_RELEASE_BUFFERS 0x00000000L +#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L +#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L + +#define GEN_DNS 2 +#define GEN_IPADD 7 +#define V_ASN1_OCTET_STRING 4 +#define V_ASN1_IA5STRING 22 +#define NID_commonName 13 + +#define SSL_CTX_get_app_data(ctx) ((void*)SSL_CTX_get_ex_data(ctx, 0)) + +/** +* @brief Frees DH object -- not implemented +* +* Current implementation calls SSL_ASSERT +* +* @param r DH object +*/ +void DH_free(DH *r); + +/** + * @brief Frees GENERAL_NAMES -- not implemented + * + * Current implementation calls SSL_ASSERT + * + * @param r GENERAL_NAMES object + */ +void GENERAL_NAMES_free(GENERAL_NAMES * gens); + +/** + * @brief Returns subject name from X509 -- not implemented + * + * Current implementation calls SSL_ASSERT + * + * @param r X509 object + */ +X509_NAME *X509_get_subject_name(X509 *a); + +/** + * @brief API provaded as declaration only + * + */ +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); + +/** + * @brief API provaded as declaration only + * + */ +int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); + +/** + * @brief API provaded as declaration only + * + */ +X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); + +/** + * @brief API provaded as declaration only + * + */ +ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); + +/** + * @brief API provaded as declaration only + * + */ +void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); + +/** + * @brief API provaded as declaration only + * + */ +X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); + +/** + * @brief Reads DH params from a bio object -- not implemented + * + * Current implementation calls SSL_ASSERT + */ +DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u); + +/** + * @brief API provaded as declaration only + * + */ +void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx); + +/** + * @brief Sets DH params to ssl ctx -- not implemented + * + * Current implementation calls SSL_ASSERT + */ +int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh); + +/** + * @brief Sets SSL mode -- not implemented + * + * Current implementation is no-op + */ +uint32_t SSL_set_mode(SSL *ssl, uint32_t mode); + +/** + * @brief API provaded as declaration only + * + */ +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *data); + +/** + * @brief API provaded as declaration only + * + */ +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); + +/** + * @brief Clears any existing chain associated with the current certificate of ctx. + * + */ +int SSL_CTX_clear_chain_certs(SSL_CTX *ctx); + +#if defined(__cplusplus) +} /* extern C */ +#endif + +#endif /* _ESP_ASIO_OPENSSL_STUBS_H */ diff --git a/components/asio/port/src/esp_asio_openssl_stubs.c b/components/asio/port/src/esp_asio_openssl_stubs.c new file mode 100644 index 000000000..9fdf53d0d --- /dev/null +++ b/components/asio/port/src/esp_asio_openssl_stubs.c @@ -0,0 +1,60 @@ +// Copyright 2020 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +#include "esp_asio_config.h" +#include "internal/ssl_dbg.h" +#include "openssl/esp_asio_openssl_stubs.h" + +// Unsupported features as macros to make the assertions more readable +#define ESP_OPENSSL_DH_IS_SUPPORTED 0 +#define ESP_OPENSSL_GENERAL_NAMES_IS_SUPPORTED 0 + +void DH_free (DH *r) +{ + SSL_ASSERT3(ESP_OPENSSL_DH_IS_SUPPORTED); +} + +DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) +{ + SSL_ASSERT2(ESP_OPENSSL_DH_IS_SUPPORTED); + return NULL; +} + +int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh) +{ + SSL_ASSERT1(ESP_OPENSSL_DH_IS_SUPPORTED); + return -1; +} + +void GENERAL_NAMES_free(GENERAL_NAMES * gens) +{ + SSL_ASSERT3(ESP_OPENSSL_GENERAL_NAMES_IS_SUPPORTED); +} + +X509_NAME *X509_get_subject_name(X509 *a) +{ + SSL_ASSERT2(ESP_OPENSSL_GENERAL_NAMES_IS_SUPPORTED); + return NULL; +} + +uint32_t SSL_set_mode(SSL *ssl, uint32_t mode) +{ + return 0; +} + +int SSL_CTX_clear_chain_certs(SSL_CTX *ctx) +{ + return 1; +} diff --git a/docs/en/api-reference/protocols/asio.rst b/docs/en/api-reference/protocols/asio.rst index 14f39ae48..cd6a40ec3 100644 --- a/docs/en/api-reference/protocols/asio.rst +++ b/docs/en/api-reference/protocols/asio.rst @@ -13,7 +13,18 @@ Asio also comes with a number of examples which could be find under Documentatio Supported features ^^^^^^^^^^^^^^^^^^ -ESP platform port currently supports only network asynchronous socket operations; does not support serial port and ssl. +ESP platform port currently supports only network asynchronous socket operations; does not support serial port. +SSL/TLS support if disabled by default and could be enabled in component configuration menu and choosing TLS library from + +- mbedTLS with OpenSSL translation layer (default option) +- wolfSSL + +SSL support is very basic at this stage, not including + +- Verification callbacks +- DH property files +- Certificates/private keys file APIs + Internal asio settings for ESP include - EXCEPTIONS are enabled in ASIO if enabled in menuconfig @@ -27,5 +38,6 @@ ESP examples are based on standard asio :example:`protocols/asio`: - :example:`protocols/asio/tcp_echo_server` - :example:`protocols/asio/chat_client` - :example:`protocols/asio/chat_server` +- :example:`protocols/asio/ssl_client_server` Please refer to the specific example README.md for details