espressif/ESP8266_RTOS_SDK
1
0
Fork 0
mirror of https://github.com/espressif/ESP8266_RTOS_SDK.git synced 2025-09-22 06:32:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(examples): Modify examples to make mbedtls and wolfssl compatible

Browse Source
This commit is contained in:
Zhang Jun Hao
2018-05-18 17:31:35 +08:00
parent ac5a210287
commit 271e2c7bfa
6 changed files with 144 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
examples/protocols/openssl_client/main/openssl_client_example_main.c
View File

@ -22,6 +22,10 @@
#include <sys/socket.h> #include <sys/socket.h>
#include <netdb.h> #include <netdb.h>
#if CONFIG_SSL_USING_WOLFSSL
#include "lwip/apps/sntp.h"
#endif
#include "openssl/ssl.h" #include "openssl/ssl.h"
#define OPENSSL_CLIENT_THREAD_NAME "openssl_client" #define OPENSSL_CLIENT_THREAD_NAME "openssl_client"
@ -59,6 +63,40 @@ static int send_bytes = sizeof(send_data);
static char recv_buf[OPENSSL_CLIENT_RECV_BUF_LEN]; static char recv_buf[OPENSSL_CLIENT_RECV_BUF_LEN];
#if CONFIG_SSL_USING_WOLFSSL
static void get_time()
{
struct timeval now;
int sntp_retry_cnt = 0;
int sntp_retry_time = 0;
sntp_setoperatingmode(0);
sntp_setservername(0, "pool.ntp.org");
sntp_init();
while (1) {
for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
vTaskDelay(100 / portTICK_RATE_MS);
gettimeofday(&now, NULL);
}
if (now.tv_sec < 1525952900) {
sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
sntp_retry_cnt ++;
}
printf("SNTP get time failed, retry after %d ms\n", sntp_retry_time);
vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
} else {
printf("SNTP get time success\n");
break;
}
}
}
#endif
static void openssl_client_thread(void* p) static void openssl_client_thread(void* p)
{ {
int ret; int ret;
@ -73,6 +111,11 @@ static void openssl_client_thread(void* p)
printf("OpenSSL client thread start...\n"); printf("OpenSSL client thread start...\n");
#if CONFIG_SSL_USING_WOLFSSL
/* CA date verification need system time */
get_time();
#endif
/*get addr info for hostname*/ /*get addr info for hostname*/
do { do {
entry = gethostbyname(CONFIG_TARGET_DOMAIN); entry = gethostbyname(CONFIG_TARGET_DOMAIN);
@ -90,10 +133,9 @@ static void openssl_client_thread(void* p)
printf("OK\n"); printf("OK\n");
printf("load ca crt ......"); printf("load ca crt ......");
X509* cacrt = d2i_X509(NULL, ca_pem_start, ca_pem_end - ca_pem_start); ret = SSL_CTX_load_verify_buffer(ctx, ca_pem_start, ca_pem_end - ca_pem_start);
if (cacrt) { if (ret) {
SSL_CTX_add_client_CA(ctx, cacrt);
printf("OK\n"); printf("OK\n");
} else { } else {
printf("failed\n"); printf("failed\n");
@ -123,17 +165,6 @@ static void openssl_client_thread(void* p)
printf("set verify mode verify peer\n"); printf("set verify mode verify peer\n");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
printf("set SSL context read buffer size ......");
SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_CLIENT_FRAGMENT_SIZE);
ret = 0;
if (ret) {
printf("failed, return %d\n", ret);
goto failed2;
}
printf("OK\n");
printf("create socket ......"); printf("create socket ......");
socket = socket(AF_INET, SOCK_STREAM, 0); socket = socket(AF_INET, SOCK_STREAM, 0);

17
examples/protocols/openssl_demo/main/Kconfig.projbuild Normal file
View File

@ -0,0 +1,17 @@
menu "Example Configuration"
config WIFI_SSID
string "WiFi SSID"
default "myssid"
help
SSID (network name) for the example to connect to.
config WIFI_PASSWORD
string "WiFi Password"
default "mypassword"
help
WiFi password (WPA or WPA2) for the example to use.
Can be left blank if the network has no security set.
endmenu

73
examples/protocols/openssl_demo/main/openssl_demo.c → examples/protocols/openssl_demo/main/openssl_demo_example_main.c
View File

@ -11,32 +11,30 @@
#include <string.h> #include <string.h>
#include <strings.h> #include <strings.h>
#include "sdkconfig.h"
#include "esp_misc.h"
#include "esp_sta.h" #include "esp_sta.h"
#include "esp_system.h" #include "esp_system.h"
#include "esp_wifi.h"
#include "openssl/ssl.h"
#include "freertos/FreeRTOS.h" #include "freertos/FreeRTOS.h"
#include "freertos/task.h" #include "freertos/task.h"
#include "lwip/sockets.h" #include <sys/socket.h>
#include "lwip/api.h" #include <netdb.h>
#include "user_config.h" #include "openssl/ssl.h"
#define OPENSSL_DEMO_THREAD_NAME "ssl_demo" #define OPENSSL_DEMO_THREAD_NAME "ssl_demo"
#define OPENSSL_DEMO_THREAD_STACK_WORDS 2048 #define OPENSSL_DEMO_THREAD_STACK_WORDS 2048
#define OPENSSL_DEMO_THREAD_PRORIOTY 6 #define OPENSSL_DEMO_THREAD_PRORIOTY 6
#define OPENSSL_DEMO_FRAGMENT_SIZE 8192 #define OPENSSL_DEMO_LOCAL_TCP_PORT 9999
#define OPENSSL_DEMO_LOCAL_TCP_PORT 1000
#define OPENSSL_DEMO_TARGET_NAME "www.baidu.com" #define OPENSSL_DEMO_TARGET_NAME "www.baidu.com"
#define OPENSSL_DEMO_TARGET_TCP_PORT 443 #define OPENSSL_DEMO_TARGET_TCP_PORT 443
#define OPENSSL_DEMO_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n" #define OPENSSL_DEMO_REQUEST "GET / HTTP/1.1\r\n\r\n"
#define OPENSSL_DEMO_RECV_BUF_LEN 1024 #define OPENSSL_DEMO_RECV_BUF_LEN 1024
@ -56,21 +54,22 @@ static void openssl_demo_thread(void* p)
int socket; int socket;
struct sockaddr_in sock_addr; struct sockaddr_in sock_addr;
struct hostent* entry = NULL;
ip_addr_t target_ip;
int recv_bytes = 0; int recv_bytes = 0;
printf("OpenSSL demo thread start...\n"); printf("OpenSSL demo thread start...\n");
/*get addr info for hostname*/
do { do {
ret = netconn_gethostbyname(OPENSSL_DEMO_TARGET_NAME, &target_ip); entry = gethostbyname(OPENSSL_DEMO_TARGET_NAME);
} while (ret); vTaskDelay(500 / portTICK_RATE_MS);
} while (entry == NULL);
printf("get target IP is %d.%d.%d.%d\n", (unsigned char)((target_ip.u_addr.ip4.addr & 0x000000ff) >> 0), printf("get target IP is %d.%d.%d.%d\n", (unsigned char)((((struct in_addr*)(entry->h_addr))->s_addr & 0x000000ff) >> 0),
(unsigned char)((target_ip.u_addr.ip4.addr & 0x0000ff00) >> 8), (unsigned char)((((struct in_addr*)(entry->h_addr))->s_addr & 0x0000ff00) >> 8),
(unsigned char)((target_ip.u_addr.ip4.addr & 0x00ff0000) >> 16), (unsigned char)((((struct in_addr*)(entry->h_addr))->s_addr & 0x00ff0000) >> 16),
(unsigned char)((target_ip.u_addr.ip4.addr & 0xff000000) >> 24)); (unsigned char)((((struct in_addr*)(entry->h_addr))->s_addr & 0xff000000) >> 24));
printf("create SSL context ......"); printf("create SSL context ......");
ctx = SSL_CTX_new(TLSv1_1_client_method()); ctx = SSL_CTX_new(TLSv1_1_client_method());
@ -82,23 +81,16 @@ static void openssl_demo_thread(void* p)
printf("OK\n"); printf("OK\n");
printf("set SSL context read buffer size ......"); // The client will verify the certificate received from the server during the handshake.
SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_DEMO_FRAGMENT_SIZE); // This is turned on by default in wolfSSL.
ret = 0; SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
if (ret) {
printf("failed, return %d\n", ret);
goto failed2;
}
printf("OK\n");
printf("create socket ......"); printf("create socket ......");
socket = socket(AF_INET, SOCK_STREAM, 0); socket = socket(AF_INET, SOCK_STREAM, 0);
if (socket < 0) { if (socket < 0) {
printf("failed\n"); printf("failed\n");
goto failed3; goto failed2;
} }
printf("OK\n"); printf("OK\n");
@ -112,7 +104,7 @@ static void openssl_demo_thread(void* p)
if (ret) { if (ret) {
printf("failed\n"); printf("failed\n");
goto failed4; goto failed3;
} }
printf("OK\n"); printf("OK\n");
@ -120,13 +112,13 @@ static void openssl_demo_thread(void* p)
printf("socket connect to remote ......"); printf("socket connect to remote ......");
memset(&sock_addr, 0, sizeof(sock_addr)); memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin_family = AF_INET; sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = target_ip.u_addr.ip4.addr; sock_addr.sin_addr.s_addr = ((struct in_addr*)(entry->h_addr))->s_addr;
sock_addr.sin_port = htons(OPENSSL_DEMO_TARGET_TCP_PORT); sock_addr.sin_port = htons(OPENSSL_DEMO_TARGET_TCP_PORT);
ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
if (ret) { if (ret) {
printf("failed\n"); printf("failed\n");
goto failed5; goto failed4;
} }
printf("OK\n"); printf("OK\n");
@ -136,7 +128,7 @@ static void openssl_demo_thread(void* p)
if (!ssl) { if (!ssl) {
printf("failed\n"); printf("failed\n");
goto failed6; goto failed5;
} }
printf("OK\n"); printf("OK\n");
@ -148,7 +140,7 @@ static void openssl_demo_thread(void* p)
if (!ret) { if (!ret) {
printf("failed, return [-0x%x]\n", -ret); printf("failed, return [-0x%x]\n", -ret);
goto failed7; goto failed6;
} }
printf("OK\n"); printf("OK\n");
@ -158,7 +150,7 @@ static void openssl_demo_thread(void* p)
if (ret <= 0) { if (ret <= 0) {
printf("failed, return [-0x%x]\n", -ret); printf("failed, return [-0x%x]\n", -ret);
goto failed8; goto failed7;
} }
printf("OK\n\n"); printf("OK\n\n");
@ -176,15 +168,14 @@ static void openssl_demo_thread(void* p)
printf("read %d bytes data from %s ......\n", recv_bytes, OPENSSL_DEMO_TARGET_NAME); printf("read %d bytes data from %s ......\n", recv_bytes, OPENSSL_DEMO_TARGET_NAME);
failed8:
SSL_shutdown(ssl);
failed7: failed7:
SSL_free(ssl); SSL_shutdown(ssl);
failed6: failed6:
SSL_free(ssl);
failed5: failed5:
failed4: failed4:
close(socket);
failed3: failed3:
close(socket);
failed2: failed2:
SSL_CTX_free(ctx); SSL_CTX_free(ctx);
failed1: failed1:
@ -296,8 +287,8 @@ void user_init(void)
// set AP parameter // set AP parameter
struct station_config config; struct station_config config;
bzero(&config, sizeof(struct station_config)); bzero(&config, sizeof(struct station_config));
sprintf((char*)config.ssid, SSID); sprintf((char*)config.ssid, CONFIG_WIFI_SSID);
sprintf((char*)config.password, PASSWORD); sprintf((char*)config.password, CONFIG_WIFI_PASSWORD);
wifi_station_set_config(&config); wifi_station_set_config(&config);
} }

16
examples/protocols/openssl_demo/main/user_config.h
View File

@ -1,16 +0,0 @@
/*
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#ifndef __USER_CONFIG_H__
#define __USER_CONFIG_H__
#define SSID "UTT-750"
#define PASSWORD "espressif"
#endif

5
examples/protocols/openssl_demo/sdkconfig.defaults Normal file
View File

@ -0,0 +1,5 @@
#
# Override some defaults so wolfSSL is enabled
# by default in this example
#
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=8192

51
examples/protocols/openssl_server/main/openssl_server_example_main.c
View File

@ -22,6 +22,10 @@
#include <sys/socket.h> #include <sys/socket.h>
#if CONFIG_SSL_USING_WOLFSSL
#include "lwip/apps/sntp.h"
#endif
#include "openssl/ssl.h" #include "openssl/ssl.h"
#define OPENSSL_SERVER_THREAD_NAME "openssl_server" #define OPENSSL_SERVER_THREAD_NAME "openssl_server"
@ -59,6 +63,40 @@ static int send_bytes = sizeof(send_data);
static char recv_buf[OPENSSL_SERVER_RECV_BUF_LEN]; static char recv_buf[OPENSSL_SERVER_RECV_BUF_LEN];
#if CONFIG_SSL_USING_WOLFSSL
static void get_time()
{
struct timeval now;
int sntp_retry_cnt = 0;
int sntp_retry_time = 0;
sntp_setoperatingmode(0);
sntp_setservername(0, "pool.ntp.org");
sntp_init();
while (1) {
for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
vTaskDelay(100 / portTICK_RATE_MS);
gettimeofday(&now, NULL);
}
if (now.tv_sec < 1525952900) {
sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
sntp_retry_cnt ++;
}
printf("SNTP get time failed, retry after %d ms\n", sntp_retry_time);
vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
} else {
printf("SNTP get time success\n");
break;
}
}
}
#endif
static void openssl_server_thread(void* p) static void openssl_server_thread(void* p)
{ {
int ret; int ret;
@ -73,6 +111,11 @@ static void openssl_server_thread(void* p)
printf("OpenSSL server thread start...\n"); printf("OpenSSL server thread start...\n");
#if CONFIG_SSL_USING_WOLFSSL
/* CA date verification need system time */
get_time();
#endif
printf("create SSL context ......"); printf("create SSL context ......");
ctx = SSL_CTX_new(TLSv1_2_server_method()); ctx = SSL_CTX_new(TLSv1_2_server_method());
@ -84,10 +127,9 @@ static void openssl_server_thread(void* p)
printf("OK\n"); printf("OK\n");
printf("load ca crt ......"); printf("load ca crt ......");
X509* cacrt = d2i_X509(NULL, ca_pem_start, ca_pem_end - ca_pem_start); ret = SSL_CTX_load_verify_buffer(ctx, ca_pem_start, ca_pem_end - ca_pem_start);
if (cacrt) { if (ret) {
SSL_CTX_add_client_CA(ctx, cacrt);
printf("OK\n"); printf("OK\n");
} else { } else {
printf("failed\n"); printf("failed\n");
@ -117,9 +159,6 @@ static void openssl_server_thread(void* p)
printf("set verify mode verify peer\n"); printf("set verify mode verify peer\n");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
printf("set SSL context read buffer size ......OK\n");
SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_SERVER_FRAGMENT_SIZE);
printf("create socket ......"); printf("create socket ......");
sockfd = socket(AF_INET, SOCK_STREAM, 0); sockfd = socket(AF_INET, SOCK_STREAM, 0);