feat(examples): Add https-wolfssl example

components/ssl/Makefile.projbuild

@@ -4,3 +4,7 @@
 #ifdef CONFIG_SSL_USING_MBEDTLS
 CPPFLAGS += -DMBEDTLS_CONFIG_FILE='"esp_config.h"'
 #endif
+
+#ifdef CONFIG_SSL_USING_WOLFSSL
+CPPFLAGS += -DWOLFSSL_USER_SETTINGS
+#endif

examples/protocols/https_wolfssl/Makefile

@@ -0,0 +1,9 @@
+#
+# This is a project Makefile. It is assumed the directory this Makefile resides in is a
+# project subdirectory.
+#
+
+PROJECT_NAME := https-wolfSSL
+
+include $(IDF_PATH)/make/project.mk
+

examples/protocols/https_wolfssl/README.md

@@ -0,0 +1,37 @@
+WOLFSSL INTRODUCTION
+
+### WHAT ABOUT WOLFSSL
+
+The WOLFSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments – primarily because of its small size, speed, and feature set.  It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support.  wolfSSL supports industry standards up to the current TLS 1.2 and DTLS 1.2 levels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, Curve25519, NTRU, and Blake2b. User benchmarking and feedback reports dramatically better performance when using wolfSSL over OpenSSL.
+
+### BEFORE YOU GET STARTED
+- Requirements
+    - RTOS SDK
+- Optional
+    - Basic knowledge of server/client communication
+    - Basic knowledge of SSL/TLS
+
+The more you know, the easier it will be to get going. There are a number of links in the Helpful Links section to read up on SSL/TLS.
+
+### QUICK START
+
+- Example
+  - This project demonstrates a https client which connects to "www.howsmyssl.com" by default, you can connect to other https servers by modify WEB_SERVER and WEB_PORT.
+- Compile
+    - Clone ESP8266_RTOS_SDK, e.g., to ~/ESP8266_RTOS_SDK.
+      - $ git clone https://github.com/espressif/ESP8266_RTOS_SDK.git
+    - Add IDF_PATH:
+          - $export IDF_PATH=~/ESP8266_RTOS_SDK
+      - run `make menuconfig`
+          - Modify SSID and PASSWORD under menu "Example Configuration".
+      - run `make`
+- Download:
+    - run `make flash monitor`
+
+### HELPFUL LINKS
+
+In general, these are links which will be useful for using both wolfSSL, as well as networked and secure applications in general. Furthermore, there is a more comprehensive tutorial that can be found in Chapter 11 of the official wolfSSL manual. The examples in the wolfSSL package and Chapter 11 do appropriate error checking, which is worth taking a look at. For a more comprehensive API, check out chapter 17 of the official manual.
+
+- WOLFSSL Manual (https://www.wolfssl.com/docs/wolfssl-manual/)
+- WOLFSSL GitHub
+  (https://github.com/wolfssl/wolfssl)

examples/protocols/https_wolfssl/main/Kconfig.projbuild

@@ -0,0 +1,23 @@
+menu "Example Configuration"
+
+config WIFI_SSID
+    string "WiFi SSID"
+    default "myssid"
+    help
+        SSID (network name) for the example to connect to.
+
+config WIFI_PASSWORD
+    string "WiFi Password"
+    default "mypassword"
+    help
+        WiFi password (WPA or WPA2) for the example to use.
+
+        Can be left blank if the network has no security set.
+
+config CERT_AUTH
+    bool "enable certificate verification"
+    default y
+    help
+       Enable certificate verification.
+
+endmenu

examples/protocols/https_wolfssl/main/component.mk

@@ -0,0 +1,5 @@
+#
+# "main" pseudo-component makefile.
+#
+# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
+COMPONENT_EMBED_TXTFILES := server_root_cert.pem

examples/protocols/https_wolfssl/main/https_wolfssl_example_main.c

@@ -0,0 +1,305 @@
+/* wolfSSL example
+
+   This example code is in the Public Domain (or CC0 licensed, at your option.)
+
+   Unless required by applicable law or agreed to in writing, this
+   software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+   CONDITIONS OF ANY KIND, either express or implied.
+*/
+
+#include "sdkconfig.h"
+
+#include "esp_misc.h"
+#include "esp_sta.h"
+#include "esp_system.h"
+
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+
+#include <sys/socket.h>
+#include <netdb.h>
+
+#include <wolfssl/ssl.h>
+
+#if CONFIG_CERT_AUTH
+extern const uint8_t server_root_cert_pem_start[] asm("_binary_server_root_cert_pem_start");
+extern const uint8_t server_root_cert_pem_end[]   asm("_binary_server_root_cert_pem_end");
+#endif
+
+/* Constants that aren't configurable in menuconfig */
+#define WEB_SERVER "www.howsmyssl.com"
+#define WEB_PORT 443
+#define WEB_URL "https://www.howsmyssl.com/a/check"
+
+#define REQUEST "GET " WEB_URL " HTTP/1.0\r\n" \
+    "Host: "WEB_SERVER"\r\n" \
+    "User-Agent: esp-idf/1.0 espressif\r\n" \
+    "\r\n"
+
+#define WOLFSSL_DEMO_THREAD_NAME        "wolfssl_client"
+#define WOLFSSL_DEMO_THREAD_STACK_WORDS 2048
+#define WOLFSSL_DEMO_THREAD_PRORIOTY    6
+
+#define WOLFSSL_DEMO_SNTP_SERVERS       "pool.ntp.org"
+
+const char send_data[] = REQUEST;
+const int32_t send_bytes = sizeof(send_data);
+char recv_data[1024] = {0};
+
+static void wolfssl_client(void* pv)
+{
+    int32_t ret = 0;
+
+    const portTickType xDelay = 500 / portTICK_RATE_MS;
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL* ssl = NULL;
+
+    int32_t socket = -1;
+    struct sockaddr_in sock_addr;
+    struct hostent* entry = NULL;
+
+#if CONFIG_CERT_AUTH
+    uint32_t current_timestamp = 0;
+    /*enable sntp for sync the time*/
+    sntp_setoperatingmode(0);
+    sntp_setservername(0, WOLFSSL_DEMO_SNTP_SERVERS);
+    sntp_init();
+
+    do {
+        current_timestamp = sntp_get_current_timestamp();
+        vTaskDelay(xDelay);
+    } while (current_timestamp == 0);
+
+#endif
+
+
+    while (1) {
+
+        printf("Setting hostname for TLS session...\n");
+
+        /*get addr info for hostname*/
+        do {
+            entry = gethostbyname(WEB_SERVER);
+            vTaskDelay(xDelay);
+        } while (entry == NULL);
+
+        printf("Init wolfSSL...\n");
+        ret = wolfSSL_Init();
+
+        if (ret != WOLFSSL_SUCCESS) {
+            printf("Init wolfSSL failed:%d...\n", ret);
+            goto failed1;
+        }
+
+        printf("Set wolfSSL ctx ...\n");
+        ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
+
+        if (!ctx) {
+            printf("Set wolfSSL ctx failed...\n");
+            goto failed1;
+        }
+
+        printf("Creat socket ...\n");
+        socket = socket(AF_INET, SOCK_STREAM, 0);
+
+        if (socket < 0) {
+            printf("Creat socket failed...\n");
+            goto failed2;
+        }
+
+#if CONFIG_CERT_AUTH
+        printf("Loading the CA root certificate...\n");
+        ret = wolfSSL_CTX_load_verify_buffer(ctx, server_root_cert_pem_start, server_root_cert_pem_end - server_root_cert_pem_start, WOLFSSL_FILETYPE_PEM);
+
+        if (WOLFSSL_SUCCESS != ret) {
+            printf("Loading the CA root certificate failed...\n");
+            goto failed3;
+        }
+
+        wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
+#else
+        wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
+        ctx->verifyDepth = 0;
+#endif
+
+        memset(&sock_addr, 0, sizeof(sock_addr));
+        sock_addr.sin_family = AF_INET;
+        sock_addr.sin_port = htons(WEB_PORT);
+        memcpy(&sock_addr.sin_addr.s_addr, entry->h_addr_list[0], entry->h_length);
+
+        printf("Connecting to %s:%d...\n", WEB_SERVER, WEB_PORT);
+        ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
+
+        if (ret) {
+            printf("Connecting to %s:%d failed: %d\n", WEB_SERVER, WEB_PORT, ret);
+            goto failed3;
+        }
+
+        printf("Create wolfSSL...\n");
+        ssl = wolfSSL_new(ctx);
+
+        if (!ssl) {
+            printf("Create wolfSSL failed...\n");
+            goto failed3;
+        }
+
+        wolfSSL_set_fd(ssl, socket);
+
+        printf("Performing the SSL/TLS handshake...\n");
+        ret = wolfSSL_connect(ssl);
+
+        if (WOLFSSL_SUCCESS != ret) {
+            printf("Performing the SSL/TLS handshake failed:%d\n", ret);
+            goto failed4;
+        }
+
+        printf("Writing HTTPS request...\n");
+        ret = wolfSSL_write(ssl, send_data, send_bytes);
+
+        if (ret <= 0) {
+            printf("Writing HTTPS request failed:%d\n", ret);
+            goto failed5;
+        }
+
+        printf("Reading HTTPS response...\n");
+
+        do {
+            ret = wolfSSL_read(ssl, recv_data, sizeof(recv_data));
+
+
+            if (ret <= 0) {
+                printf("\nConnection closed\n");
+                break;
+            }
+
+            /* Print response directly to stdout as it is read */
+            for (int i = 0; i < ret; i++) {
+                printf("%c", recv_data[i]);
+            }
+        } while (1);
+
+failed5:
+        wolfSSL_shutdown(ssl);
+failed4:
+        wolfSSL_free(ssl);
+failed3:
+        close(socket);
+failed2:
+        wolfSSL_CTX_free(ctx);
+failed1:
+        wolfSSL_Cleanup();
+
+        for (int countdown = 10; countdown >= 0; countdown--) {
+            printf("%d...\n", countdown);
+            vTaskDelay(1000 / portTICK_RATE_MS);
+        }
+
+        printf("Starting again!\n");
+    }
+}
+
+void user_conn_init(void)
+{
+    int32_t ret;
+
+    ret = xTaskCreate(wolfssl_client,
+                      WOLFSSL_DEMO_THREAD_NAME,
+                      WOLFSSL_DEMO_THREAD_STACK_WORDS,
+                      NULL,
+                      WOLFSSL_DEMO_THREAD_PRORIOTY,
+                      NULL);
+
+    if (ret != pdPASS)  {
+        printf("create thread %s failed\n", WOLFSSL_DEMO_THREAD_NAME);
+        return ;
+    }
+}
+
+/******************************************************************************
+ * FunctionName : user_rf_cal_sector_set
+ * Description  : SDK just reversed 4 sectors, used for rf init data and paramters.
+ *                We add this function to force users to set rf cal sector, since
+ *                we don't know which sector is free in user's application.
+ *                sector map for last several sectors : ABCCC
+ *                A : rf cal/* Websocket example
+ *                B : rf init data
+ *                C : sdk parameters
+ * Parameters   : none
+ * Returns      : rf cal sector
+*******************************************************************************/
+uint32_t user_rf_cal_sector_set(void)
+{
+    flash_size_map size_map = system_get_flash_size_map();
+    uint32_t rf_cal_sec = 0;
+
+    switch (size_map) {
+        case FLASH_SIZE_4M_MAP_256_256:
+            rf_cal_sec = 128 - 5;
+            break;
+
+        case FLASH_SIZE_8M_MAP_512_512:
+            rf_cal_sec = 256 - 5;
+            break;
+
+        case FLASH_SIZE_16M_MAP_512_512:
+        case FLASH_SIZE_16M_MAP_1024_1024:
+            rf_cal_sec = 512 - 5;
+            break;
+
+        case FLASH_SIZE_32M_MAP_512_512:
+        case FLASH_SIZE_32M_MAP_1024_1024:
+            rf_cal_sec = 1024 - 5;
+            break;
+
+        case FLASH_SIZE_64M_MAP_1024_1024:
+            rf_cal_sec = 2048 - 5;
+            break;
+
+        case FLASH_SIZE_128M_MAP_1024_1024:
+            rf_cal_sec = 4096 - 5;
+            break;
+
+        default:
+            rf_cal_sec = 0;
+            break;
+    }
+
+    return rf_cal_sec;
+}
+
+void wifi_event_handler_cb(System_Event_t* event)
+{
+    if (event == NULL) {
+        return;
+    }
+
+    switch (event->event_id) {
+        case EVENT_STAMODE_GOT_IP:
+            printf("sta got ip\n");
+            user_conn_init();
+            break;
+
+        default:
+            break;
+    }
+}
+
+/******************************************************************************
+ * FunctionName : user_init
+ * Description  : entry of user application, init user function here
+ * Parameters   : none
+ * Returns      : none
+*******************************************************************************/
+void user_init(void)
+{
+    wifi_set_opmode(STATION_MODE);
+
+    // set AP parameter
+    struct station_config config;
+    bzero(&config, sizeof(struct station_config));
+    sprintf(config.ssid, CONFIG_WIFI_SSID);
+    sprintf(config.password, CONFIG_WIFI_PASSWORD);
+    wifi_station_set_config(&config);
+
+    wifi_set_event_handler_cb(wifi_event_handler_cb);
+}

examples/protocols/https_wolfssl/main/server_root_cert.pem

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----

examples/protocols/https_wolfssl/sdkconfig.defaults

@@ -0,0 +1,5 @@
+#
+# Override some defaults so wolfSSL is enabled
+# by default in this example
+#
+CONFIG_SSL_USING_WOLFSSL=y