feat(examples): Modify examples to make mbedtls and wolfssl compatible

2025-05-21 17:16:29 +08:00 · 2018-05-18 17:31:35 +08:00
parent ac5a210287
commit 271e2c7bfa
6 changed files with 144 additions and 77 deletions
--- a/examples/protocols/openssl_client/main/openssl_client_example_main.c
+++ b/examples/protocols/openssl_client/main/openssl_client_example_main.c
@ -22,6 +22,10 @@
 #include <sys/socket.h>
 #include <netdb.h>

+#if CONFIG_SSL_USING_WOLFSSL
+#include "lwip/apps/sntp.h"
+#endif
+
 #include "openssl/ssl.h"

 #define OPENSSL_CLIENT_THREAD_NAME "openssl_client"
@ -59,6 +63,40 @@ static int send_bytes = sizeof(send_data);

 static char recv_buf[OPENSSL_CLIENT_RECV_BUF_LEN];

+#if CONFIG_SSL_USING_WOLFSSL
+static void get_time()
+{
+    struct timeval now;
+    int sntp_retry_cnt = 0;
+    int sntp_retry_time = 0;
+
+    sntp_setoperatingmode(0);
+    sntp_setservername(0, "pool.ntp.org");
+    sntp_init();
+
+    while (1) {
+        for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
+            vTaskDelay(100 / portTICK_RATE_MS);
+            gettimeofday(&now, NULL);
+        }
+
+        if (now.tv_sec < 1525952900) {
+            sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
+
+            if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
+                sntp_retry_cnt ++;
+            }
+
+            printf("SNTP get time failed, retry after %d ms\n", sntp_retry_time);
+            vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
+        } else {
+            printf("SNTP get time success\n");
+            break;
+        }
+    }
+}
+#endif
+
 static void openssl_client_thread(void* p)
 {
    int ret;
@ -73,6 +111,11 @@ static void openssl_client_thread(void* p)

    printf("OpenSSL client thread start...\n");

+#if CONFIG_SSL_USING_WOLFSSL
+    /* CA date verification need system time */
+    get_time();
+#endif
+
    /*get addr info for hostname*/
    do {
        entry = gethostbyname(CONFIG_TARGET_DOMAIN);
@ -90,10 +133,9 @@ static void openssl_client_thread(void* p)
    printf("OK\n");

    printf("load ca crt ......");
-    X509* cacrt = d2i_X509(NULL, ca_pem_start, ca_pem_end - ca_pem_start);
+    ret = SSL_CTX_load_verify_buffer(ctx, ca_pem_start, ca_pem_end - ca_pem_start);

-    if (cacrt) {
-        SSL_CTX_add_client_CA(ctx, cacrt);
+    if (ret) {
        printf("OK\n");
    } else {
        printf("failed\n");
@ -123,17 +165,6 @@ static void openssl_client_thread(void* p)
    printf("set verify mode verify peer\n");
    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);

-    printf("set SSL context read buffer size ......");
-    SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_CLIENT_FRAGMENT_SIZE);
-    ret = 0;
-
-    if (ret) {
-        printf("failed, return %d\n", ret);
-        goto failed2;
-    }
-
-    printf("OK\n");
-
    printf("create socket ......");
    socket = socket(AF_INET, SOCK_STREAM, 0);

--- a/examples/protocols/openssl_demo/main/Kconfig.projbuild
+++ b/examples/protocols/openssl_demo/main/Kconfig.projbuild
@ -0,0 +1,17 @@
+menu "Example Configuration"
+
+config WIFI_SSID
+    string "WiFi SSID"
+    default "myssid"
+    help
+        SSID (network name) for the example to connect to.
+
+config WIFI_PASSWORD
+    string "WiFi Password"
+    default "mypassword"
+    help
+        WiFi password (WPA or WPA2) for the example to use.
+
+        Can be left blank if the network has no security set.
+
+endmenu
--- a/examples/protocols/openssl_demo/main/openssl_demo_example_main.c
+++ b/examples/protocols/openssl_demo/main/openssl_demo_example_main.c
@ -11,32 +11,30 @@
 #include <string.h>
 #include <strings.h>

+#include "sdkconfig.h"
+
+#include "esp_misc.h"
 #include "esp_sta.h"
 #include "esp_system.h"
-#include "esp_wifi.h"
-
-#include "openssl/ssl.h"

 #include "freertos/FreeRTOS.h"
 #include "freertos/task.h"

-#include "lwip/sockets.h"
-#include "lwip/api.h"
+#include <sys/socket.h>
+#include <netdb.h>

-#include "user_config.h"
+#include "openssl/ssl.h"

 #define OPENSSL_DEMO_THREAD_NAME "ssl_demo"
 #define OPENSSL_DEMO_THREAD_STACK_WORDS 2048
 #define OPENSSL_DEMO_THREAD_PRORIOTY 6

-#define OPENSSL_DEMO_FRAGMENT_SIZE 8192
-
-#define OPENSSL_DEMO_LOCAL_TCP_PORT 1000
+#define OPENSSL_DEMO_LOCAL_TCP_PORT 9999

 #define OPENSSL_DEMO_TARGET_NAME "www.baidu.com"
 #define OPENSSL_DEMO_TARGET_TCP_PORT 443

-#define OPENSSL_DEMO_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
+#define OPENSSL_DEMO_REQUEST "GET / HTTP/1.1\r\n\r\n"

 #define OPENSSL_DEMO_RECV_BUF_LEN 1024

@ -56,21 +54,22 @@ static void openssl_demo_thread(void* p)

    int socket;
    struct sockaddr_in sock_addr;
-
-    ip_addr_t target_ip;
+    struct hostent* entry = NULL;

    int recv_bytes = 0;

    printf("OpenSSL demo thread start...\n");

+    /*get addr info for hostname*/
    do {
-        ret = netconn_gethostbyname(OPENSSL_DEMO_TARGET_NAME, &target_ip);
-    } while (ret);
+        entry = gethostbyname(OPENSSL_DEMO_TARGET_NAME);
+        vTaskDelay(500 / portTICK_RATE_MS);
+    } while (entry == NULL);

-    printf("get target IP is %d.%d.%d.%d\n", (unsigned char)((target_ip.u_addr.ip4.addr & 0x000000ff) >> 0),
-           (unsigned char)((target_ip.u_addr.ip4.addr & 0x0000ff00) >> 8),
-           (unsigned char)((target_ip.u_addr.ip4.addr & 0x00ff0000) >> 16),
-           (unsigned char)((target_ip.u_addr.ip4.addr & 0xff000000) >> 24));
+    printf("get target IP is %d.%d.%d.%d\n", (unsigned char)((((struct in_addr*)(entry->h_addr))->s_addr & 0x000000ff) >> 0),
+           (unsigned char)((((struct in_addr*)(entry->h_addr))->s_addr & 0x0000ff00) >> 8),
+           (unsigned char)((((struct in_addr*)(entry->h_addr))->s_addr & 0x00ff0000) >> 16),
+           (unsigned char)((((struct in_addr*)(entry->h_addr))->s_addr & 0xff000000) >> 24));

    printf("create SSL context ......");
    ctx = SSL_CTX_new(TLSv1_1_client_method());
@ -82,23 +81,16 @@ static void openssl_demo_thread(void* p)

    printf("OK\n");

-    printf("set SSL context read buffer size ......");
-    SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_DEMO_FRAGMENT_SIZE);
-    ret = 0;
-
-    if (ret) {
-        printf("failed, return %d\n", ret);
-        goto failed2;
-    }
-
-    printf("OK\n");
+    // The client will verify the certificate received from the server during the handshake.
+    // This is turned on by default in wolfSSL.
+    SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);

    printf("create socket ......");
    socket = socket(AF_INET, SOCK_STREAM, 0);

    if (socket < 0) {
        printf("failed\n");
-        goto failed3;
+        goto failed2;
    }

    printf("OK\n");
@ -112,7 +104,7 @@ static void openssl_demo_thread(void* p)

    if (ret) {
        printf("failed\n");
-        goto failed4;
+        goto failed3;
    }

    printf("OK\n");
@ -120,13 +112,13 @@ static void openssl_demo_thread(void* p)
    printf("socket connect to remote ......");
    memset(&sock_addr, 0, sizeof(sock_addr));
    sock_addr.sin_family = AF_INET;
-    sock_addr.sin_addr.s_addr = target_ip.u_addr.ip4.addr;
+    sock_addr.sin_addr.s_addr = ((struct in_addr*)(entry->h_addr))->s_addr;
    sock_addr.sin_port = htons(OPENSSL_DEMO_TARGET_TCP_PORT);
    ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));

    if (ret) {
        printf("failed\n");
-        goto failed5;
+        goto failed4;
    }

    printf("OK\n");
@ -136,7 +128,7 @@ static void openssl_demo_thread(void* p)

    if (!ssl) {
        printf("failed\n");
-        goto failed6;
+        goto failed5;
    }

    printf("OK\n");
@ -148,7 +140,7 @@ static void openssl_demo_thread(void* p)

    if (!ret) {
        printf("failed, return [-0x%x]\n", -ret);
-        goto failed7;
+        goto failed6;
    }

    printf("OK\n");
@ -158,7 +150,7 @@ static void openssl_demo_thread(void* p)

    if (ret <= 0) {
        printf("failed, return [-0x%x]\n", -ret);
-        goto failed8;
+        goto failed7;
    }

    printf("OK\n\n");
@ -176,15 +168,14 @@ static void openssl_demo_thread(void* p)

    printf("read %d bytes data from %s ......\n", recv_bytes, OPENSSL_DEMO_TARGET_NAME);

-failed8:
-    SSL_shutdown(ssl);
 failed7:
-    SSL_free(ssl);
+    SSL_shutdown(ssl);
 failed6:
+    SSL_free(ssl);
 failed5:
 failed4:
-    close(socket);
 failed3:
+    close(socket);
 failed2:
    SSL_CTX_free(ctx);
 failed1:
@ -296,8 +287,8 @@ void user_init(void)
        // set AP parameter
        struct station_config config;
        bzero(&config, sizeof(struct station_config));
-        sprintf((char*)config.ssid, SSID);
-        sprintf((char*)config.password, PASSWORD);
+        sprintf((char*)config.ssid, CONFIG_WIFI_SSID);
+        sprintf((char*)config.password, CONFIG_WIFI_PASSWORD);
        wifi_station_set_config(&config);
    }

--- a/examples/protocols/openssl_demo/main/user_config.h
+++ b/examples/protocols/openssl_demo/main/user_config.h
@ -1,16 +0,0 @@
-/*
-   This example code is in the Public Domain (or CC0 licensed, at your option.)
-
-   Unless required by applicable law or agreed to in writing, this
-   software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-   CONDITIONS OF ANY KIND, either express or implied.
-*/
-
-#ifndef __USER_CONFIG_H__
-#define __USER_CONFIG_H__
-
-#define SSID "UTT-750"
-#define PASSWORD "espressif"
-
-#endif
-
--- a/examples/protocols/openssl_demo/sdkconfig.defaults
+++ b/examples/protocols/openssl_demo/sdkconfig.defaults
@ -0,0 +1,5 @@
+#
+# Override some defaults so wolfSSL is enabled
+# by default in this example
+#
+CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=8192
--- a/examples/protocols/openssl_server/main/openssl_server_example_main.c
+++ b/examples/protocols/openssl_server/main/openssl_server_example_main.c
@ -22,6 +22,10 @@

 #include <sys/socket.h>

+#if CONFIG_SSL_USING_WOLFSSL
+#include "lwip/apps/sntp.h"
+#endif
+
 #include "openssl/ssl.h"

 #define OPENSSL_SERVER_THREAD_NAME "openssl_server"
@ -59,6 +63,40 @@ static int send_bytes = sizeof(send_data);

 static char recv_buf[OPENSSL_SERVER_RECV_BUF_LEN];

+#if CONFIG_SSL_USING_WOLFSSL
+static void get_time()
+{
+    struct timeval now;
+    int sntp_retry_cnt = 0;
+    int sntp_retry_time = 0;
+
+    sntp_setoperatingmode(0);
+    sntp_setservername(0, "pool.ntp.org");
+    sntp_init();
+
+    while (1) {
+        for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
+            vTaskDelay(100 / portTICK_RATE_MS);
+            gettimeofday(&now, NULL);
+        }
+
+        if (now.tv_sec < 1525952900) {
+            sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
+
+            if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
+                sntp_retry_cnt ++;
+            }
+
+            printf("SNTP get time failed, retry after %d ms\n", sntp_retry_time);
+            vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
+        } else {
+            printf("SNTP get time success\n");
+            break;
+        }
+    }
+}
+#endif
+
 static void openssl_server_thread(void* p)
 {
    int ret;
@ -73,6 +111,11 @@ static void openssl_server_thread(void* p)

    printf("OpenSSL server thread start...\n");

+#if CONFIG_SSL_USING_WOLFSSL
+    /* CA date verification need system time */
+    get_time();
+#endif
+
    printf("create SSL context ......");
    ctx = SSL_CTX_new(TLSv1_2_server_method());

@ -84,10 +127,9 @@ static void openssl_server_thread(void* p)
    printf("OK\n");

    printf("load ca crt ......");
-    X509* cacrt = d2i_X509(NULL, ca_pem_start, ca_pem_end - ca_pem_start);
+    ret = SSL_CTX_load_verify_buffer(ctx, ca_pem_start, ca_pem_end - ca_pem_start);

-    if (cacrt) {
-        SSL_CTX_add_client_CA(ctx, cacrt);
+    if (ret) {
        printf("OK\n");
    } else {
        printf("failed\n");
@ -117,9 +159,6 @@ static void openssl_server_thread(void* p)
    printf("set verify mode verify peer\n");
    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);

-    printf("set SSL context read buffer size ......OK\n");
-    SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_SERVER_FRAGMENT_SIZE);
-
    printf("create socket ......");
    sockfd = socket(AF_INET, SOCK_STREAM, 0);