Skip to content

Commit

Permalink
Initial copy of wolfssl esp-tls from my_522 branch
Browse files Browse the repository at this point in the history
  • Loading branch information
gojimmypi committed Sep 26, 2024
1 parent a16ac9f commit 5c9494b
Show file tree
Hide file tree
Showing 11 changed files with 561 additions and 58 deletions.
41 changes: 41 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -108,3 +108,44 @@ XUNIT_RESULT*.xml

# Vale
.vale/styles/*

# Visual Studio and VisualGDB
**/.vs

# VisualGDB
**/.visualgdb

# Visual Studio Code Workspace Files
*.vscode
*.userprefs
*.exe
*.dll
Backup
UpgradeLog.htm
*.aps
*.VC.db
*.filters

# Local backup files
*.bak

# Espressif sdk config default should be saved in sdkconfig.defaults
# we won't track the actual working sdkconfig files
/IDE/Espressif/**/sdkconfig
/IDE/Espressif/**/sdkconfig.old

# ESP8266 RTOS SDK has a slightly different sdkconfig filename to exclude:
/IDE/Espressif/**/sdkconfig.debug
/IDE/Espressif/**/sdkconfig.release

# Always include Espressif makefiles (typically only used for ESP8266)
!/IDE/Espressif/**/Makefile
!/IDE/Espressif/**/component.mk

# PlatformIO
/**/.pio
/**/.vscode/.browse.c_cpp.db*
/**/.vscode/c_cpp_properties.json
/**/.vscode/launch.json
/**/.vscode/ipch
/**/sdkconfig.esp32dev
93 changes: 90 additions & 3 deletions components/esp-tls/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -5,26 +5,113 @@ if(CONFIG_ESP_TLS_USING_MBEDTLS)
endif()

if(CONFIG_ESP_TLS_USING_WOLFSSL)
message(STATUS "esp-tls configured for wolfssl")
list(APPEND srcs
"esp_tls_wolfssl.c")
set(wolfssl_esp_tls_lib "wolfssl")
else()
unset(wolfssl_esp_tls_lib)
endif()

set(priv_req http_parser esp_timer)
if(NOT ${IDF_TARGET} STREQUAL "linux")
list(APPEND priv_req lwip)
endif()

message(STATUS "idf_component_register wolfssl_esp_tls_lib: ${wolfssl_esp_tls_lib}")

idf_component_register(SRCS "${srcs}"
INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR} esp-tls-crypto
PRIV_INCLUDE_DIRS "private_include"
# mbedtls is public requirements because esp_tls.h
# includes mbedtls header files.
REQUIRES mbedtls
REQUIRES mbedtls ${wolfssl_esp_tls_lib}
PRIV_REQUIRES ${priv_req})

# When using wolfSSL for the ESP-TLS (see menuconfig),
# There are two options:
# 1) A specified source directory, typically a wolfssl git clone
# 2) The esp-wolfssl
# TODO this is duplicate code. See components/wap_supplicant
message(STATUS "esp-tls config begin")
if(CONFIG_ESP_TLS_USING_WOLFSSL)
idf_component_get_property(wolfssl esp-wolfssl COMPONENT_LIB)
target_link_libraries(${COMPONENT_LIB} PUBLIC ${wolfssl})
message(STATUS "found CONFIG_ESP_TLS_USING_WOLFSSL")
# See https://github.com/wolfSSL/wolfssl/
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")

# The published wolfSSL 5.7.0 user_settings.h does not include some features that
# might be enabled in Kconfig, so enable them here:
# set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DHAVE_ALPN")
# set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DHAVE_SNI")
# set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DOPENSSL_EXTRA_X509_SMALL")
# this only works for VisualGDB, not idf.py from command-line

message(STATUS "CMAKE_HOME_DIRECTORY = ${CMAKE_HOME_DIRECTORY}")
message(STATUS "CMAKE_PARENT_LIST_FILE = ${CMAKE_PARENT_LIST_FILE}")
message(STATUS "CMAKE_SOURCE_DIR = ${CMAKE_SOURCE_DIR}")
message(STATUS "COMPONENT_DIR = ${CMAKE_HOME_DIRECTORY}")
message(STATUS "COMPONENT_LIB = ${COMPONENT_LIB}")
message(STATUS "FOUND_WOLFSSL = ${FOUND_WOLFSSL}")
message(STATUS "PROJECT_DIR = ${PROJECT_DIR}")
message(STATUS "WOLFSSL_PROJECT_DIR = ${WOLFSSL_PROJECT_DIR}")
message(STATUS "CMAKE_HOME_DIRECTORY = ${CMAKE_HOME_DIRECTORY}")
message(STATUS "WOLFSSL_ROOT = ${WOLFSSL_ROOT}")

if(CONFIG_ESP_TLS_USING_WOLFSSL_SPECIFIED)
get_filename_component(CUSTOM_SETTING_WOLFSSL_ROOT_PATH "${CUSTOM_SETTING_WOLFSSL_ROOT}" ABSOLUTE)
if(EXISTS "${CUSTOM_SETTING_WOLFSSL_ROOT_PATH}/wolfcrypt/src")
message(STATUS "ESP-TLS using wolfSSL in: ${CUSTOM_SETTING_WOLFSSL_ROOT_PATH}")
else()
message(STATUS "ESP-TLS specified directory does not contain wolfSSL: ${CUSTOM_SETTING_WOLFSSL_ROOT_PATH}")
endif()
idf_component_get_property(wolfssl wolfssl COMPONENT_LIB)
target_link_libraries(${COMPONENT_LIB} PUBLIC ${wolfssl})
else()
# Is wolfSSL installed in the local project as a Managed Component?
set(WOLFSSL_COMPONENT_SEARCH "${PROJECT_DIR}/managed_components/wolfssl__wolfssl")
message(STATUS "Searching for wolfSSL in ${WOLFSSL_COMPONENT_SEARCH}")
if(EXISTS "${WOLFSSL_COMPONENT_SEARCH}")
message(STATUS "Configuring ESP-IDF to use wolfssl in Managed Component: ${WOLFSSL_COMPONENT_SEARCH}")
idf_component_get_property(wolfssl wolfssl__wolfssl COMPONENT_LIB)
else()
# Is wolfSSL installed in the local project as a Managed Component
# converted to regular project component?
set(WOLFSSL_COMPONENT_SEARCH "${PROJECT_DIR}/components/wolfssl__wolfssl")
message(STATUS "Searching for wolfSSL in ${WOLFSSL_COMPONENT_SEARCH}")
if(EXISTS "${WOLFSSL_COMPONENT_SEARCH}")
message(STATUS
"Configuring ESP-IDF to use wolfssl in Converted Managed Component: ${WOLFSSL_COMPONENT_SEARCH}")
idf_component_get_property(wolfssl wolfssl__wolfssl COMPONENT_LIB)
else()
# Is wolfSSL installed in the local project as a non-maged, regular component?
set(WOLFSSL_COMPONENT_SEARCH "${PROJECT_DIR}/components/wolfssl")
message(STATUS "Searching for wolfSSL in ${WOLFSSL_COMPONENT_SEARCH}")
if(EXISTS "${WOLFSSL_COMPONENT_SEARCH}")
message(STATUS "Configuring ESP-IDF to use wolfssl in Component: ${WOLFSSL_COMPONENT_SEARCH}")
idf_component_get_property(wolfssl wolfssl COMPONENT_LIB)
else()
set(WOLFSSL_COMPONENT_SEARCH "${THIS_IDF_PATH}/components/esp-wolfssl")
message(STATUS "Searching for wolfSSL in ${WOLFSSL_COMPONENT_SEARCH}")
if(EXISTS "${WOLFSSL_COMPONENT_SEARCH}")
message(STATUS "Configuring ESP-IDF to use wolfssl from: ${WOLFSSL_COMPONENT_SEARCH}")
message(STATUS "Warning: Using legacy esp-wolfssl. Consider using a Managed Component")
# See https://github.com/espressif/esp-idf
message(STATUS "Configuring ESP-TLS to use esp-wolfssl")
idf_component_get_property(wolfssl esp-wolfssl COMPONENT_LIB)
else()
message(STATUS "Consider installing wolfSSL from "
"https://components.espressif.com/components/wolfssl/wolfssl")
message(FATAL_ERROR "Component ${component} not found")
endif() # esp-wolfssl
endif() # project wolfssl
endif() # project converted wolfssl__wolfssl
endif() # project managed component wolfssl__wolfssl
# idf_component_get_property(wolfssl wolfssl__wolfssl COMPONENT_LIB)
target_link_libraries(${COMPONENT_LIB} PUBLIC ${wolfssl})
endif()
else()
message(STATUS "ESP-TLS is not configured to use wolfSSL.")
endif()

if(NOT ${IDF_TARGET} STREQUAL "linux")
Expand Down
8 changes: 7 additions & 1 deletion components/esp-tls/Kconfig
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,17 @@ menu "ESP-TLS"
The ESP-TLS APIs support multiple backend TLS libraries. Currently mbedTLS and WolfSSL are
supported. Different TLS libraries may support different features and have different resource
usage. Consult the ESP-TLS documentation in ESP-IDF Programming guide for more details.

config ESP_TLS_USING_MBEDTLS
bool "mbedTLS"

config ESP_TLS_USING_WOLFSSL
depends on TLS_STACK_WOLFSSL
bool "wolfSSL (License info in wolfSSL directory README)"
select TLS_STACK_WOLFSSL
help
This option enables wolfSSL for ESP-TLS.
Note: Ensure TLS_STACK_WOLFSSL is enabled to use this option.

endchoice

config ESP_TLS_USE_SECURE_ELEMENT
Expand Down
11 changes: 7 additions & 4 deletions components/esp-tls/esp-tls-crypto/esp_tls_crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,13 @@ static const char *TAG = "esp_crypto";
#define _esp_crypto_sha1 esp_crypto_sha1_mbedtls
#define _esp_crypto_base64_encode esp_crypto_bas64_encode_mbedtls
#elif CONFIG_ESP_TLS_USING_WOLFSSL
#include "wolfssl/ssl.h" /* SHA functions are listed in wolfssl/ssl.h */
#include "wolfssl/wolfcrypt/coding.h"
#define _esp_crypto_sha1 esp_crypto_sha1_wolfSSL
#define _esp_crypto_base64_encode esp_crypto_base64_encode_woflSSL
#define OPENSSL_EXTRA
#include "wolfssl/wolfcrypt/settings.h"
#include "wolfssl/ssl.h" /* some SHA functions are listed in wolfssl/ssl.h */
#include "wolfssl/openssl/sha.h" /* old SHA functions only available with OpenSSL */
#include "wolfssl/wolfcrypt/coding.h"
#define _esp_crypto_sha1 esp_crypto_sha1_wolfSSL
#define _esp_crypto_base64_encode esp_crypto_base64_encode_woflSSL
#endif

#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
Expand Down
13 changes: 11 additions & 2 deletions components/esp-tls/esp_tls.c
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,12 @@ static const char *TAG = "esp-tls";

static esp_err_t create_ssl_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls)
{
/* TODO is the version wolfSSL or ESP-IDF ? */
#if defined(ESP_IDF_VERSION) && (ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(5, 3, 0))
return _esp_create_ssl_handle(hostname, hostlen, cfg, tls, NULL);
#else
return _esp_create_ssl_handle(hostname, hostlen, cfg, tls);
#endif
}

static esp_err_t esp_tls_handshake(esp_tls_t *tls, const esp_tls_cfg_t *cfg)
Expand Down Expand Up @@ -442,7 +447,10 @@ static inline esp_err_t tcp_connect(const char *host, int hostlen, int port, con

static int esp_tls_low_level_conn(const char *hostname, int hostlen, int port, const esp_tls_cfg_t *cfg, esp_tls_t *tls)
{

if (!tls) {
ESP_LOGE(TAG, "empty esp_tls parameter");
return -1;
}
esp_err_t esp_ret;
/* These states are used to keep a tab on connection progress in case of non-blocking connect,
and in case of blocking connect these cases will get executed one after the other */
Expand Down Expand Up @@ -497,6 +505,7 @@ static int esp_tls_low_level_conn(const char *hostname, int hostlen, int port, c
}
}
/* By now, the connection has been established */
ESP_LOGI(TAG, "\ncreate_ssl_handle for host: %s:%d\n", hostname, port);
esp_ret = create_ssl_handle(hostname, hostlen, cfg, tls);
if (esp_ret != ESP_OK) {
ESP_LOGE(TAG, "create_ssl_handle failed");
Expand Down Expand Up @@ -706,7 +715,7 @@ int esp_tls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls
/**
* @brief Close the server side TLS/SSL connection and free any allocated resources.
*/
void esp_tls_server_session_delete(esp_tls_t *tls)
int esp_tls_server_session_delete(esp_tls_t *tls)
{
return _esp_tls_server_session_delete(tls);
}
Expand Down
2 changes: 1 addition & 1 deletion components/esp-tls/esp_tls.h
Original file line number Diff line number Diff line change
Expand Up @@ -711,7 +711,7 @@ int esp_tls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls
*
* @param[in] tls pointer to esp_tls_t
*/
void esp_tls_server_session_delete(esp_tls_t *tls);
int esp_tls_server_session_delete(esp_tls_t *tls);

/**
* @brief Creates a plain TCP connection, returning a valid socket fd on success or an error handle
Expand Down
Loading

0 comments on commit 5c9494b

Please sign in to comment.