Skip to content

Commit

Permalink
Merge branch 'feature/wolfssl_tls13' into 'master'
Browse files Browse the repository at this point in the history
wolfSSL: Support for TLS 1.3

See merge request esp-components/esp-wolfssl!16
  • Loading branch information
mahavirj committed Jul 13, 2022
2 parents 30e5300 + 28c2fcd commit 470c02f
Show file tree
Hide file tree
Showing 12 changed files with 296 additions and 229 deletions.
42 changes: 42 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# gtags
GTAGS
GRTAGS
GPATH

# emacs
.dir-locals.el

# emacs temp file suffixes
*~
.#*
\#*#

# eclipse setting
.settings

# MacOS directory files
.DS_Store

# Components Unit Test Apps files
components/**/build
components/**/sdkconfig
components/**/sdkconfig.old

# Example project files
examples/**/sdkconfig
examples/**/sdkconfig.old
examples/**/build

# VS Code Settings
.vscode/

# VIM files
*.swp
*.swo

# Clion IDE CMake build & config
.idea/
cmake-build-*/

# ESP-IDF default build directory name
build
60 changes: 16 additions & 44 deletions .gitlab-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ variables:
BATCH_BUILD: "1"
V: "0"
MAKEFLAGS: "-j5 --no-keep-going"
GIT_SUBMODULE_STRATEGY: recursive

# before each job, we need to check if this job is filtered by bot stage/job filter
.apply_bot_filter: &apply_bot_filter
Expand All @@ -25,65 +26,36 @@ variables:
- git --version
- git submodule update --init --recursive

test_build_esp32:
when: always
.build_idf_template:
stage: build
image: "$CI_DOCKER_REGISTRY/esp-idf-doc-env:v4.4-1-v2"
image: espressif/idf:latest
tags:
- build
variables:
IDF_PATH: "$CI_PROJECT_DIR/idf/esp-idf"
before_script: *setup_env
PEDANTIC_FLAGS: "-Werror -Werror=unused-variable -Werror=unused-but-set-variable -Werror=unused-function"
EXTRA_CFLAGS: "${PEDANTIC_FLAGS}"
EXTRA_CXXFLAGS: "${PEDANTIC_FLAGS}"
script:
- export PATH="$IDF_PATH/tools:$PATH"
- mkdir idf
- cd idf
- export
- git clone --recursive --depth 1 $GITLAB_SSH_SERVER/idf/esp-idf.git
- pushd esp-idf
- echo "v4.1" > version.txt
- source tools/ci/setup_python.sh
- source tools/ci/configure_ci_environment.sh
- tools/idf_tools.py --non-interactive install && eval "$(tools/idf_tools.py --non-interactive export)" || exit 1
- popd
- cd ../tools/ci && ./build_exmaples.sh || exit 1
- cd $CI_PROJECT_DIR/tools/ci
- ./build_examples.sh || exit 1

test_build_esp8266:
when: always
stage: build
image: $CI_DOCKER_REGISTRY/esp8266-ci-env-new
tags:
- build
variables:
IDF_PATH: "$CI_PROJECT_DIR/idf/ESP8266_RTOS_SDK"
before_script: *setup_env
script:
- export PATH="$IDF_PATH/tools:$PATH"
- mkdir idf
- cd idf
- export
- git clone --recursive --depth 1 $GITLAB_SSH_SERVER/sdk/ESP8266_RTOS_SDK.git
- pushd ESP8266_RTOS_SDK
- echo "v3.3" > version.txt
- tools/idf_tools.py --non-interactive install && eval "$(tools/idf_tools.py --non-interactive export)" || exit 1
- source tools/ci/configure_ci_environment.sh
- popd
- cd ../tools/ci && ./build_exmaples.sh || exit 1
build_idf_master:
extends: .build_idf_template
image: espressif/idf:latest

build_idf_v4.4:
extends: .build_idf_template
image: espressif/idf:release-v4.4

push_master_to_github:
stage: deploy
image: "$CI_DOCKER_REGISTRY/esp-idf-doc-env:v4.4-1-v2"
image: espressif/idf:latest
tags:
- deploy
only:
- master
- /^release\/v/
- /^v\d+\.\d+(\.\d+)?($|-)/
when: on_success
dependencies:
- test_build_esp32
- test_build_esp8266
dependencies: []
variables:
GITHUB_PUSH_REFS: refs/remotes/origin/release refs/remotes/origin/master
before_script: *setup_env
Expand Down
4 changes: 3 additions & 1 deletion CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -31,5 +31,7 @@ idf_component_register(SRC_DIRS "${COMPONENT_SRCDIRS}"
EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE_1}"
)
target_compile_options(${COMPONENT_LIB} PRIVATE -Wno-cpp -Wno-maybe-uninitialized)
set_source_files_properties(wolfssl/src/ssl.c PROPERTIES COMPILE_FLAGS -Wno-format-truncation)
set_source_files_properties(wolfssl/src/ssl.c PROPERTIES COMPILE_FLAGS "-Wno-format-truncation -Wno-char-subscripts")
set_source_files_properties(wolfssl/wolfcrypt/src/random.c PROPERTIES COMPILE_FLAGS "-Wno-implicit-function-declaration")
set_source_files_properties(wolfssl/wolfcrypt/src/port/Espressif/esp32_aes.c PROPERTIES COMPILE_FLAGS "-Wno-incompatible-pointer-types")
target_compile_definitions(${COMPONENT_LIB} PUBLIC WOLFSSL_USER_SETTINGS)
9 changes: 4 additions & 5 deletions Kconfig
Original file line number Diff line number Diff line change
@@ -1,15 +1,14 @@
menu "wolfSSL"

config TLS_STACK_WOLFSSL
bool "Include wolfSSL in esp-tls"
bool "Include wolfSSL in ESP-TLS"
default y
select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
help
Includes wolfSSL in the esp-tls so that , esp-tls can be compiled with wolfSSL as its SSL/TLS library.
Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.

config WOLFSSL_HAVE_ALPN
bool "Enable ALPN(Application Layer Protocol Negotiation) in wolfSSL"
bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
default y
help
Enables ALPN option in wolfSSL.

endmenu # wolfSSL
95 changes: 56 additions & 39 deletions examples/https_request/main/https_request_example_main.c
Original file line number Diff line number Diff line change
Expand Up @@ -43,21 +43,21 @@
#include "esp_tls.h"

/* Constants that aren't configurable in menuconfig */
#define WEB_SERVER "www.howsmyssl.com"
#define WEB_PORT "443"
#define WEB_URL "https://www.howsmyssl.com/a/check"
#define WEB_SERVER "api.github.com"
#define WEB_PORT (443)
#define WEB_URL "https://api.github.com/zen"

static const char *TAG = "example";

static const char *REQUEST = "GET " WEB_URL " HTTP/1.0\r\n"
"Host: "WEB_SERVER"\r\n"
"User-Agent: esp-idf/1.0 esp32\r\n"
"\r\n";
"Host: "WEB_SERVER"\r\n"
"User-Agent: esp-idf/1.0 esp32\r\n"
"\r\n";

/* Root cert for howsmyssl.com, taken from server_root_cert.pem
/* Root cert for api.github.com, taken from server_root_cert.pem
The PEM file was extracted from the output of this command:
openssl s_client -showcerts -connect www.howsmyssl.com:443 </dev/null
openssl s_client -showcerts -connect www.api.github.com:443 </dev/null
The CA root cert is the last cert given in the chain of certs.
Expand All @@ -67,80 +67,97 @@ static const char *REQUEST = "GET " WEB_URL " HTTP/1.0\r\n"
extern const uint8_t server_root_cert_pem_start[] asm("_binary_server_root_cert_pem_start");
extern const uint8_t server_root_cert_pem_end[] asm("_binary_server_root_cert_pem_end");

/*
* NOTE: To turn on debug logs for wolfSSL component and this example, uncomment
* #define DEBUF_WOLFSSL in file components/wolfssl/port/user_settings.h
*/
/*
* NOTE: To turn on TLS 1.3 only mode for wolfSSL component, uncomment
* #define WOLFSSL_TLS13 in file ../components/wolfssl/port/user_settings.h
*/

static void https_get_task(void *pvParameters)
{
char buf[512];
int ret, len;
esp_tls_t *tls = NULL;

while(1) {
while (1) {
esp_tls_cfg_t cfg = {
.cacert_buf = server_root_cert_pem_start,
.cacert_bytes = server_root_cert_pem_end - server_root_cert_pem_start,
};

struct esp_tls *tls = esp_tls_conn_http_new(WEB_URL, &cfg);

if(tls != NULL) {

#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(5, 0, 0)
tls = esp_tls_init();
if (!tls) {
ESP_LOGE(TAG, "Failed to allocate esp_tls handle!");
goto exit;
}

if (esp_tls_conn_http_new_sync(WEB_URL, &cfg, tls) == 1) {
ESP_LOGI(TAG, "Connection established...");
} else {
ESP_LOGE(TAG, "Connection failed...");
goto cleanup;
}
#else // ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(5, 0, 0)
tls = esp_tls_conn_http_new(WEB_URL, &cfg);
if (tls != NULL) {
ESP_LOGI(TAG, "Connection established...");
} else {
ESP_LOGE(TAG, "Connection failed...");
goto exit;
}

#endif //ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(5, 0, 0)

size_t written_bytes = 0;
do {
ret = esp_tls_conn_write(tls,
REQUEST + written_bytes,
ret = esp_tls_conn_write(tls,
REQUEST + written_bytes,
strlen(REQUEST) - written_bytes);
if (ret >= 0) {
ESP_LOGI(TAG, "%d bytes written", ret);
written_bytes += ret;
} else if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) {
ESP_LOGE(TAG, "esp_tls_conn_write returned 0x%x", ret);
goto exit;
goto cleanup;
}
} while(written_bytes < strlen(REQUEST));
} while (written_bytes < strlen(REQUEST));

ESP_LOGI(TAG, "Reading HTTP response...");

do
{
do {
len = sizeof(buf) - 1;
bzero(buf, sizeof(buf));
memset(buf, 0x00, sizeof(buf));

ret = esp_tls_conn_read(tls, (char *)buf, len);

if(ret == ESP_TLS_ERR_SSL_WANT_WRITE || ret == ESP_TLS_ERR_SSL_WANT_READ)
if (ret == ESP_TLS_ERR_SSL_WANT_WRITE || ret == ESP_TLS_ERR_SSL_WANT_READ) {
continue;

if(ret < 0)
{
} else if (ret < 0) {
ESP_LOGE(TAG, "esp_tls_conn_read returned -0x%x", -ret);
break;
}

if(ret == 0)
{
} else if (ret == 0) {
ESP_LOGI(TAG, "connection closed");
break;
}

len = ret;
ESP_LOGD(TAG, "%d bytes read", len);
/* Print response directly to stdout as it is read */
for(int i = 0; i < len; i++) {
for (int i = 0; i < len; i++) {
putchar(buf[i]);
}
} while(1);

exit:
esp_tls_conn_delete(tls);
putchar('\n'); // JSON output doesn't have a newline at end
putchar('\n'); // JSON output doesn't have a newline at end
} while (1);

static int request_count;
cleanup:
esp_tls_conn_destroy(tls);
exit:;
static int request_count = 0;
ESP_LOGI(TAG, "Completed %d requests", ++request_count);

for(int countdown = 10; countdown >= 0; countdown--) {
for (int countdown = 10; countdown >= 0; countdown--) {
ESP_LOGI(TAG, "%d...", countdown);
vTaskDelay(1000 / portTICK_PERIOD_MS);
}
Expand All @@ -150,7 +167,7 @@ static void https_get_task(void *pvParameters)

void app_main(void)
{
ESP_ERROR_CHECK( nvs_flash_init() );
ESP_ERROR_CHECK(nvs_flash_init());
ESP_ERROR_CHECK(esp_netif_init());
ESP_ERROR_CHECK(esp_event_loop_create_default());

Expand Down
46 changes: 22 additions & 24 deletions examples/https_request/main/server_root_cert.pem
Original file line number Diff line number Diff line change
@@ -1,26 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow
MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT
AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs
jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp
Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB
U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7
gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel
/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R
oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p
ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE
p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE
AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu
Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0
LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf
r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH
ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8
S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL
qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p
O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw
UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==
MIIEFzCCAv+gAwIBAgIQB/LzXIeod6967+lHmTUlvTANBgkqhkiG9w0BAQwFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0yMTA0MTQwMDAwMDBaFw0zMTA0MTMyMzU5NTlaMFYxCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxMDAuBgNVBAMTJ0RpZ2lDZXJ0IFRMUyBI
eWJyaWQgRUNDIFNIQTM4NCAyMDIwIENBMTB2MBAGByqGSM49AgEGBSuBBAAiA2IA
BMEbxppbmNmkKaDp1AS12+umsmxVwP/tmMZJLwYnUcu/cMEFesOxnYeJuq20ExfJ
qLSDyLiQ0cx0NTY8g3KwtdD3ImnI8YDEe0CPz2iHJlw5ifFNkU3aiYvkA8ND5b8v
c6OCAYIwggF+MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFAq8CCkXjKU5
bXoOzjPHLrPt+8N6MB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA4G
A1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdgYI
KwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j
b20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdp
Q2VydEdsb2JhbFJvb3RDQS5jcnQwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2Ny
bDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAE
NjA0MAsGCWCGSAGG/WwCATAHBgVngQwBATAIBgZngQwBAgEwCAYGZ4EMAQICMAgG
BmeBDAECAzANBgkqhkiG9w0BAQwFAAOCAQEAR1mBf9QbH7Bx9phdGLqYR5iwfnYr
6v8ai6wms0KNMeZK6BnQ79oU59cUkqGS8qcuLa/7Hfb7U7CKP/zYFgrpsC62pQsY
kDUmotr2qLcy/JUjS8ZFucTP5Hzu5sn4kL1y45nDHQsFfGqXbbKrAjbYwrwsAZI/
BKOLdRHHuSm8EdCGupK8JvllyDfNJvaGEwwEqonleLHBTnm8dqMLUeTF0J5q/hos
Vq4GNiejcxwIfZMy0MJEGdqN9A57HSgDKwmKdsp33Id6rHtSJlWncg+d0ohP/rEh
xRqhqjn1VtvChMQ1H3Dau0bwhr9kAMQ+959GG50jBbl9s08PqUU643QwmA==
-----END CERTIFICATE-----
10 changes: 5 additions & 5 deletions examples/wolfssl_client/main/Kconfig.projbuild
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
menu "wolfSSL_client_demo"
menu "Example Configuration"

config CERT_AUTH
bool "Enable_cert_authentication"
config EXAMPLE_SERVER_CERT_VERIFY
bool "Enable Server Certificate Verification"
default y
help
Enabling this flags authenticates the server certificate while establishing a tls connection
Enabling this option validates the server certificate while establishing a TLS connection.

endmenu # wolfSSL_client_demo
endmenu # Example Configuration
Loading

0 comments on commit 470c02f

Please sign in to comment.