diff --git a/examples/protocols/openssl_client/README.md b/examples/protocols/openssl_client/README.md index cdfe8b6d..5927e828 100644 --- a/examples/protocols/openssl_client/README.md +++ b/examples/protocols/openssl_client/README.md @@ -1,43 +1,29 @@ -1. Run ./gencrt.sh or if you have your own certificate, move to the openssl_client directory, the name is ca.crt,server.crt, server.key, client.crt and client.key. +1. Run `./gencrt.sh` or if you have your own certifications, move them to the main directory, the name is ca.pem, server.pem, server.key, client.pem and client.key. - The server.crt and client.crt was generate by the same ca.crt in ./gencrt.sh. + The server.pem and client.pem was generated by the same ca.pem in gencrt.sh. - Server side needs ca.crt(to verify client.crt), server.crt, server.key + Server side needs ca.pem(to verify client.pem), server.pem, server.key - Client side needs ca.crt(to verify server.crt), client.crt, client.key + Client side needs ca.pem(to verify server.pem), client.pem, client.key - If you have two ca.crt to generate server.crt and client.crt respectively, client1.crt is generate by ca1.crt and client1.key, server2.crt is generate by ca2.crt and server2.key: + If you have two ca.pem to generate server.pem and client.pem respectively, client1.pem is generate by ca1.pem and client1.key, server2.pem is generate by ca2.pem and server2.key: - Client side needs ca2.crt, client1.crt, client1.key. + Client side needs ca2.pem, client1.pem, client1.key. - Server side needs ca1.crt, server2.crt, server2.key. + Server side needs ca1.pem, server2.pem, server2.key. - Rename ca2.crt client1.crt client1.key to ca.crt client.crt client.key and run ./genheader.sh. + Rename ca2.pem client1.pem client1.key to ca.pem client.pem client.key. - Use ca1.crt in openssl s_server -CAfile option. + Use ca1.pem in openssl s_server -CAfile option. -2. Run ./genheader.sh. +2. Run `openssl s_server -CAfile ca.pem -cert server.pem -key server.key -verify 1 -tls1_2 -accept 443` in ./main directory to start server on your PC and wait for ESP8266 client to connect it. -3. Modify this two lines in file openssl_demo.c to your computer server ip and port. - - ```#define OPENSSL_DEMO_TARGET_NAME "192.168.3.196"``` - - ```#define OPENSSL_DEMO_TARGET_TCP_PORT 443``` - - -4. Modify thease two lines in file user_config.h to your local Wi-Fi SSID and Password. - - ```#define SSID "HUAWEI001"``` - - ```#define PASSWORD ""``` - -5. Make sure that the computer and ESP8266 are in the same local area network. - -6. Run ./gen_misc.sh. - -7. Run openssl s_server -CAfile ca.crt -cert server.crt -key server.key -verify 1 -tls1_1 -accept 443. - -8. Download bin file to ESP8266. +3. Compile and download + - run `make menuconfig` + - Modify SSID and PASSWORD under menu "Example Configuration". + Make sure that the computer and ESP8266 are in the same local area network. + - Modify TARGET_NAME and TARGET_PORT under menu "Example Configuration". + - run `make flash monitor` **ATTENTION** @@ -45,4 +31,4 @@ **2. Make sure the private key length larger than 2048.** -**3. Make sure the fragment size range is between 2048 and 8192.** +**3. Make sure the fragment size range is between 2048 and 16384.** \ No newline at end of file diff --git a/examples/protocols/openssl_client/gencrt.sh b/examples/protocols/openssl_client/gencrt.sh index 22d8dc76..1ad4ed51 100755 --- a/examples/protocols/openssl_client/gencrt.sh +++ b/examples/protocols/openssl_client/gencrt.sh @@ -22,6 +22,13 @@ openssl req -new -key server.key -out server.csr -text -subj $LEVEL2_SUBJECT openssl req -new -key client.key -out client.csr -text -subj $LEVEL3_SUBJECT # generate the actual certs. -openssl x509 -req -in ca.csr -out ca.crt -sha1 -days 5000 -signkey ca.key -text -extensions v3_ca -openssl x509 -req -in server.csr -out server.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key -text -extensions v3_ca -openssl x509 -req -in client.csr -out client.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key -text -extensions v3_ca +openssl x509 -req -in ca.csr -out ca.pem -sha256 -days 5000 -signkey ca.key -text -extensions v3_ca +openssl x509 -req -in server.csr -out server.pem -sha256 -CAcreateserial -days 5000 -CA ca.pem -CAkey ca.key -text -extensions v3_ca +openssl x509 -req -in client.csr -out client.pem -sha256 -CAcreateserial -days 5000 -CA ca.pem -CAkey ca.key -text -extensions v3_ca + +rm *.csr +rm *.srl + +mv ca.* ./main +mv server.* ./main +mv client.* ./main diff --git a/examples/protocols/openssl_client/genheader.sh b/examples/protocols/openssl_client/genheader.sh deleted file mode 100755 index f4b705bb..00000000 --- a/examples/protocols/openssl_client/genheader.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -# set ca crt for use in the client -xxd -i ca.crt | sed -e "s/ca_crt/ca_crt/" > ssl_client_crt.h - -# set client crt for use in the client -xxd -i client.crt | sed -e "s/client_crt/client_crt/" >> ssl_client_crt.h - -# set private key for use in the client -xxd -i client.key | sed -e "s/client_key/client_key/" >> ssl_client_crt.h - -mv ssl_client_crt.h ./include diff --git a/examples/protocols/openssl_client/main/Kconfig.projbuild b/examples/protocols/openssl_client/main/Kconfig.projbuild new file mode 100644 index 00000000..13605964 --- /dev/null +++ b/examples/protocols/openssl_client/main/Kconfig.projbuild @@ -0,0 +1,30 @@ +menu "Example Configuration" + +config TARGET_DOMAIN + string "Target Domain" + default "192.168.4.1" + help + Target domain for the example to connect to. + +config TARGET_PORT_NUMBER + int "Target port number" + range 0 65535 + default 443 + help + Target port number for the example to connect to. + +config WIFI_SSID + string "WiFi SSID" + default "myssid" + help + SSID (network name) for the example to connect to. + +config WIFI_PASSWORD + string "WiFi Password" + default "mypassword" + help + WiFi password (WPA or WPA2) for the example to use. + + Can be left blank if the network has no security set. + +endmenu diff --git a/examples/protocols/openssl_client/main/ca.pem b/examples/protocols/openssl_client/main/ca.pem new file mode 100644 index 00000000..9a840c56 --- /dev/null +++ b/examples/protocols/openssl_client/main/ca.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDXjCCAkYCCQCVKSVPdESWTzANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJD +MTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDExDTAL +BgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0BCQEW +BEVTUDEwHhcNMTgwNTExMDIzNzQ0WhcNMzIwMTE4MDIzNzQ0WjBxMQswCQYDVQQG +EwJDMTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDEx +DTALBgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0B +CQEWBEVTUDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCKJT+2qiM ++sKBwFyb0fFwm8OmFMXhYM9bx44/zw/MNy8PU9/0FbjB4V74KpUwgwtcdV7kb6S8 +gXLJ/St483QeV2P9SZNfqmBIZR1jEdzv2S8aiqH2jNQD25QP0URtzF+z2H9j5d8g +wLbDa7m/JhpD6JYNpoA/ZvMCxNoOh7tkAS7sTkPwTpswlyIEL52zs7njjptSPeAs +dlmFTdzUf7pplZrl0bEqUKxZftgiUeQ73/yBp52yX1IML/wgu9Vcvg7y8NCunX3O +gzn6fAsM4HBITCUi4noPsCGoyRZ9mNofrI6ddbYp8PmzkkS2Ox5s5R/MAKBPrjco +UmAcCXYRZd7RAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAC53zBJxhyfB5ZAEDaVm +tWB3Y5M8gA3I+6UcHiVQEOWm5kapJrMYQYCcLSQLt95FdaJkhEqZRfg2hxCRBGwk +9ochIvHH3KkK+eXPj0iBwz1hNhBE2ajvdZieOaf4zLwm6NwVS2emlvE2djhv1U1D +gmEvW+D47qPGU4QlEspOVXRmWZl0slx93xkDrL4l9FHJEOAbyaaAtVI7OCvlkrcr +egvbVyhV+/m7bkzcZq3GrElT8cQYNGEvoDJ4bELQci2lEh+e8+ShJE7msoRkLAan +Qhawblxq9MFnlcgqhtq8vJtNX6J+jHqjncVoaZMHsunslIsTBhLjolhSghr3GIo3 +nHg= +-----END CERTIFICATE----- diff --git a/examples/protocols/openssl_client/main/client.key b/examples/protocols/openssl_client/main/client.key new file mode 100644 index 00000000..d7863eae --- /dev/null +++ b/examples/protocols/openssl_client/main/client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAo+moW4Z6AqNIjwArqrZ1a6poUg0j7Y51jqC3rFmFV3i2+VIC +KalEIzJFCsD0mzU13NOcbsxD6cNnpSCqFX0Y1rfGy9eH9wkcm25gkUROd3NKgtKC +jCPolEdPqBKcIutV/J/qyfLkpAkqN53BF+zhC1Hx8agZMPlnvYYqEV9gOpnZES/p +YnKmUhMZNjRKDtjcQwQSin6VX8onx1ZKxsTMrDrTCE0c5lerS0zdw/Y+P7gb3hYk +8UvXaTp885DDtzd0Lk6KS06Z1+Eso3JlKdZL9i1gMeOjS0s+5G/OMp5e0evL8OSt +SuZTorJPjseVSy39GiNXfb8Jx/NHH1OO0SeB5QIDAQABAoIBAFQC0G2IsURk2C2j +Er5+ohQ61Rko7v81Av/FVB6cC4HXt0B2TfF4dhnsDAME/toGHcM/GnCXdT99DcRO +x54X7gEvVE7p+yAcpXLs0cXi0qzahJgkuRCG3xAQtL0aPLiREhNXC4nSWmnQ4Lh8 +vJk8qeOZbn5DgBXf3tH+z9Tzo2ik29cw5/IPkqXO2j8nd8Rt4wUdDdD5RiGTv7zh +1frLEi9Qchg03iq4E0QTZufcdgdzZYqmLw+S/rTH8Y2WnZ8hqdOneT6TCRewfbo5 +3dYJ23fOQXbycI0OvilcQV7bFIAKB2qiAJAp8z7HfsrEwo4nSC8lXJafgivedXgb +RQoZ1YECgYEA0ddfBMxQDPbwwxvLKaiQn+7bTBOgiqlYr2ITtVFTDlj99OcnV7qN +6d/whfnrRFgsqsmgK1uNPAJMGmyG+l8TKFEZosZYTQEpVVLSGOjsZ8Gb3oK6YynB +lHKlIn/ISy7F7HBQWfRF3Y0nk1s7A3P2QaH/GQ0BtjBgqz5dAJqanNUCgYEAx/fy +Zx3zXzmuK/zbfCk1JA4K6GjSEWXPhcYVpFiU/gGEZ+cUvcgRp7gaLrNhxMEL0qXN +Kj3Df279Vdlkk+AFIhLxOGGU8rA0AxIyCD3eESDBTDwA99LkIwNPVkU5GQZP/hq7 +iSTDpVDE54DweZz6EsK2RTVOy9DCHCgMkogTmNECgYB2B92TdlTEphXQuQ5ylTUc +MJ87UILp281dgR4yy9aa6GWYXnjbuLxgQ60nvuadn7coLZchLDLqASTLbCYUKGw/ +LjbsPwKl9bRJIPe6OTHYPqes5f1vD6qqFD5chGGmIF4F2zrnDiZKMz6CfTtZet2W +F0fE0HMZBmcpiz+Gum+jLQKBgGmWfdN/GBvnDBXD/W0RITM5iv7vIkT3el2Lm6/c +6kc5K93lQal4NAJYjtKr+2r1+DUxQSUV2d23EGO9V4NRncRBNkfsFscSzVP1zp9V +c6WdoxOK94PkQnxOah0GjkCteZ2WJgIjfH8VJ/OJvPCqN82iLLZckI/EWkqdxw20 +doyRAoGAQ7DnBPe8Jdtj2PU7tUqPbg1EUTuQHr1EH6scCLtGqKFskIYZt5zHtGpF +wwpmSun2D9X3OTHP4oIlraDnjsQlasHZ1yaghLXKNd7hpe2e5uSB6mEqbfuZoWuy +jh6hsr5xVfwADf76wGU9JaDXyU6ItgqpniuQd7pkrK1ubST3DLs= +-----END RSA PRIVATE KEY----- diff --git a/examples/protocols/openssl_client/main/client.pem b/examples/protocols/openssl_client/main/client.pem new file mode 100644 index 00000000..675860b0 --- /dev/null +++ b/examples/protocols/openssl_client/main/client.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDajCCAlICCQCSgOJ0ov23EjANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJD +MTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDExDTAL +BgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0BCQEW +BEVTUDEwHhcNMTgwNTExMDIzNzQ0WhcNMzIwMTE4MDIzNzQ0WjB9MQswCQYDVQQG +EwJDMzEOMAwGA1UECAwFSlMzMzMxDjAMBgNVBAcMBVdYMzMzMQ8wDQYDVQQKDAZF +U1AzMzMxDzANBgNVBAsMBkVTUDMzMzEVMBMGA1UEAwwMU2VydmVyMzMzIENBMRUw +EwYJKoZIhvcNAQkBFgZFU1AzMzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCj6ahbhnoCo0iPACuqtnVrqmhSDSPtjnWOoLesWYVXeLb5UgIpqUQjMkUK +wPSbNTXc05xuzEPpw2elIKoVfRjWt8bL14f3CRybbmCRRE53c0qC0oKMI+iUR0+o +Epwi61X8n+rJ8uSkCSo3ncEX7OELUfHxqBkw+We9hioRX2A6mdkRL+licqZSExk2 +NEoO2NxDBBKKfpVfyifHVkrGxMysOtMITRzmV6tLTN3D9j4/uBveFiTxS9dpOnzz +kMO3N3QuTopLTpnX4SyjcmUp1kv2LWAx46NLSz7kb84ynl7R68vw5K1K5lOisk+O +x5VLLf0aI1d9vwnH80cfU47RJ4HlAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEB8 +SMViLcLx2H4jKnUxbeEcfudNi22In6EcV+s9s+1zLv0CedCgmo7Fj0in4YkmZu8f +SWTfllcwpH3ZThr3W+1nORjUMJMjAWgfjovJTooiJrWrJpC9wQE0DtSGfpvzUN0X +PP3VInyBc92QH9eCmoM0kT1ODK1/fBsIKCm9y9mmFpBt+D32EQJrLM+LvjQD3FZX +d/hr+7sTIlpONW/mMTLybBtRV0x/JPoVWRb/bfvZhRXpiMeGRUd1igotf6WVf4sf +Qh9MmfBDuhjSMlqFqYjlrVjFmG7U84v78AR0J6gDh85xZz5Hd/IE+dxssfSULgGr +cgNhnGg2dL4o2kysUF8= +-----END CERTIFICATE----- diff --git a/examples/protocols/openssl_client/main/component.mk b/examples/protocols/openssl_client/main/component.mk index 0b9d7585..78c1331e 100644 --- a/examples/protocols/openssl_client/main/component.mk +++ b/examples/protocols/openssl_client/main/component.mk @@ -2,4 +2,6 @@ # "main" pseudo-component makefile. # # (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.) - +COMPONENT_EMBED_TXTFILES := ca.pem +COMPONENT_EMBED_TXTFILES += client.pem +COMPONENT_EMBED_TXTFILES += client.key \ No newline at end of file diff --git a/examples/protocols/openssl_client/main/openssl_client_example_main.c b/examples/protocols/openssl_client/main/openssl_client_example_main.c new file mode 100644 index 00000000..866f9e0d --- /dev/null +++ b/examples/protocols/openssl_client/main/openssl_client_example_main.c @@ -0,0 +1,341 @@ +/* openSSL client example + + This example code is in the Public Domain (or CC0 licensed, at your option.) + + Unless required by applicable law or agreed to in writing, this + software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + CONDITIONS OF ANY KIND, either express or implied. +*/ + +#include "sdkconfig.h" + +#include "esp_misc.h" +#include "esp_sta.h" +#include "esp_system.h" + +#include "freertos/FreeRTOS.h" +#include "freertos/task.h" + +#include +#include + +#include "openssl/ssl.h" + +#define OPENSSL_CLIENT_THREAD_NAME "openssl_client" +#define OPENSSL_CLIENT_THREAD_STACK_WORDS 2048 +#define OPENSSL_CLIENT_THREAD_PRORIOTY 6 + +extern const uint8_t ca_pem_start[] asm("_binary_ca_pem_start"); +extern const uint8_t ca_pem_end[] asm("_binary_ca_pem_end"); +extern const uint8_t client_pem_start[] asm("_binary_client_pem_start"); +extern const uint8_t client_pem_end[] asm("_binary_client_pem_end"); +extern const uint8_t client_key_start[] asm("_binary_client_key_start"); +extern const uint8_t client_key_end[] asm("_binary_client_key_end"); + +/* +Fragment size range 2048~8192 +| Private key len | Fragment size recommend | +| RSA2048 | 2048 | +| RSA3072 | 3072 | +| RSA4096 | 4096 | +*/ +#define OPENSSL_CLIENT_FRAGMENT_SIZE 2048 + +/* Local tcp port */ +#define OPENSSL_CLIENT_LOCAL_TCP_PORT 1000 + +#define OPENSSL_CLIENT_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n" + +/* receive length */ +#define OPENSSL_CLIENT_RECV_BUF_LEN 1024 + +LOCAL xTaskHandle openssl_handle; + +LOCAL char send_data[] = OPENSSL_CLIENT_REQUEST; +LOCAL int send_bytes = sizeof(send_data); + +LOCAL char recv_buf[OPENSSL_CLIENT_RECV_BUF_LEN]; + +LOCAL void openssl_client_thread(void* p) +{ + int ret; + + SSL_CTX* ctx; + SSL* ssl; + + int socket; + struct sockaddr_in sock_addr; + struct hostent* entry = NULL; + int recv_bytes = 0; + + printf("OpenSSL client thread start...\n"); + + /*get addr info for hostname*/ + do { + entry = gethostbyname(CONFIG_TARGET_DOMAIN); + vTaskDelay(100 / portTICK_RATE_MS); + } while (entry == NULL); + + printf("create SSL context ......"); + ctx = SSL_CTX_new(TLSv1_2_client_method()); + + if (!ctx) { + printf("failed\n"); + goto failed1; + } + + printf("OK\n"); + + printf("load ca crt ......"); + X509* cacrt = d2i_X509(NULL, ca_pem_start, ca_pem_end - ca_pem_start); + + if (cacrt) { + SSL_CTX_add_client_CA(ctx, cacrt); + printf("OK\n"); + } else { + printf("failed\n"); + goto failed2; + } + + printf("load client crt ......"); + ret = SSL_CTX_use_certificate_ASN1(ctx, client_pem_end - client_pem_start, client_pem_start); + + if (ret) { + printf("OK\n"); + } else { + printf("failed\n"); + goto failed2; + } + + printf("load client private key ......"); + ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, client_key_start, client_key_end - client_key_start); + + if (ret) { + printf("OK\n"); + } else { + printf("failed\n"); + goto failed2; + } + + printf("set verify mode verify peer\n"); + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); + + printf("set SSL context read buffer size ......"); + SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_CLIENT_FRAGMENT_SIZE); + ret = 0; + + if (ret) { + printf("failed, return %d\n", ret); + goto failed2; + } + + printf("OK\n"); + + printf("create socket ......"); + socket = socket(AF_INET, SOCK_STREAM, 0); + + if (socket < 0) { + printf("failed\n"); + goto failed3; + } + + printf("OK\n"); + + printf("bind socket ......"); + memset(&sock_addr, 0, sizeof(sock_addr)); + sock_addr.sin_family = AF_INET; + sock_addr.sin_addr.s_addr = 0; + sock_addr.sin_port = htons(OPENSSL_CLIENT_LOCAL_TCP_PORT); + ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); + + if (ret) { + printf("failed\n"); + goto failed4; + } + + printf("OK\n"); + + printf("socket connect to remote ......"); + memset(&sock_addr, 0, sizeof(sock_addr)); + sock_addr.sin_family = AF_INET; + sock_addr.sin_addr.s_addr = ((struct in_addr*)(entry->h_addr))->s_addr; + sock_addr.sin_port = htons(CONFIG_TARGET_PORT_NUMBER); + ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); + + if (ret) { + printf("failed\n"); + goto failed5; + } + + printf("OK\n"); + + printf("create SSL ......"); + ssl = SSL_new(ctx); + + if (!ssl) { + printf("failed\n"); + goto failed6; + } + + printf("OK\n"); + + SSL_set_fd(ssl, socket); + + printf("SSL connected to %s port %d ......", CONFIG_TARGET_DOMAIN, CONFIG_TARGET_PORT_NUMBER); + ret = SSL_connect(ssl); + + if (ret <= 0) { + printf("failed, return [-0x%x]\n", -ret); + goto failed7; + } + + printf("OK\n"); + + printf("send request to %s port %d ......", CONFIG_TARGET_DOMAIN, CONFIG_TARGET_PORT_NUMBER); + ret = SSL_write(ssl, send_data, send_bytes); + + if (ret <= 0) { + printf("failed, return [-0x%x]\n", -ret); + goto failed8; + } + + printf("OK\n\n"); + + do { + ret = SSL_read(ssl, recv_buf, OPENSSL_CLIENT_RECV_BUF_LEN - 1); + + if (ret <= 0) { + break; + } + + recv_bytes += ret; + recv_buf[ret] = '\0'; + printf("%s", recv_buf); + } while (1); + + printf("read %d bytes data from %s ......\n", recv_bytes, CONFIG_TARGET_DOMAIN); + +failed8: + SSL_shutdown(ssl); +failed7: + SSL_free(ssl); +failed6: +failed5: +failed4: + close(socket); +failed3: +failed2: + SSL_CTX_free(ctx); +failed1: + vTaskDelete(NULL); + + printf("task exit\n"); + + return ; +} + +void user_conn_init(void) +{ + int ret; + + ret = xTaskCreate(openssl_client_thread, + OPENSSL_CLIENT_THREAD_NAME, + OPENSSL_CLIENT_THREAD_STACK_WORDS, + NULL, + OPENSSL_CLIENT_THREAD_PRORIOTY, + &openssl_handle); + + if (ret != pdPASS) { + printf("create thread %s failed\n", OPENSSL_CLIENT_THREAD_NAME); + return ; + } +} + +/****************************************************************************** + * FunctionName : user_rf_cal_sector_set + * Description : SDK just reversed 4 sectors, used for rf init data and paramters. + * We add this function to force users to set rf cal sector, since + * we don't know which sector is free in user's application. + * sector map for last several sectors : ABCCC + * A : rf cal + * B : rf init data + * C : sdk parameters + * Parameters : none + * Returns : rf cal sector +*******************************************************************************/ +uint32 user_rf_cal_sector_set(void) +{ + flash_size_map size_map = system_get_flash_size_map(); + uint32 rf_cal_sec = 0; + + switch (size_map) { + case FLASH_SIZE_4M_MAP_256_256: + rf_cal_sec = 128 - 5; + break; + + case FLASH_SIZE_8M_MAP_512_512: + rf_cal_sec = 256 - 5; + break; + + case FLASH_SIZE_16M_MAP_512_512: + case FLASH_SIZE_16M_MAP_1024_1024: + rf_cal_sec = 512 - 5; + break; + + case FLASH_SIZE_32M_MAP_512_512: + case FLASH_SIZE_32M_MAP_1024_1024: + rf_cal_sec = 1024 - 5; + break; + + case FLASH_SIZE_64M_MAP_1024_1024: + rf_cal_sec = 2048 - 5; + break; + + case FLASH_SIZE_128M_MAP_1024_1024: + rf_cal_sec = 4096 - 5; + break; + + default: + rf_cal_sec = 0; + break; + } + + return rf_cal_sec; +} + +void wifi_event_handler_cb(System_Event_t* event) +{ + if (event == NULL) { + return; + } + + switch (event->event_id) { + case EVENT_STAMODE_GOT_IP: + printf("sta got ip , creat task %d\n", system_get_free_heap_size()); + user_conn_init(); + break; + + default: + break; + } +} + +/****************************************************************************** + * FunctionName : user_init + * Description : entry of user application, init user function here + * Parameters : none + * Returns : none +*******************************************************************************/ +void user_init(void) +{ + printf("SDK version:%s %d\n", system_get_sdk_version(), system_get_free_heap_size()); + wifi_set_opmode(STATION_MODE); + + // set AP parameter + struct station_config config; + bzero(&config, sizeof(struct station_config)); + sprintf((char*)config.ssid, CONFIG_WIFI_SSID); + sprintf((char*)config.password, CONFIG_WIFI_PASSWORD); + wifi_station_set_config(&config); + wifi_set_event_handler_cb(wifi_event_handler_cb); +} \ No newline at end of file diff --git a/examples/protocols/openssl_client/main/openssl_demo.c b/examples/protocols/openssl_client/main/openssl_demo.c deleted file mode 100644 index 6efef8f9..00000000 --- a/examples/protocols/openssl_client/main/openssl_demo.c +++ /dev/null @@ -1,228 +0,0 @@ -/* openSSL client example - - This example code is in the Public Domain (or CC0 licensed, at your option.) - - Unless required by applicable law or agreed to in writing, this - software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - CONDITIONS OF ANY KIND, either express or implied. -*/ - -#include -#include "openssl_demo.h" -#include "openssl/ssl.h" -#include "freertos/FreeRTOS.h" -#include "freertos/task.h" -#include "c_types.h" -#include "esp_misc.h" -#include "lwip/sockets.h" -#include "lwip/api.h" -#include "ssl_client_crt.h" - -#define OPENSSL_DEMO_THREAD_NAME "ssl_demo" -#define OPENSSL_DEMO_THREAD_STACK_WORDS 2048 -#define OPENSSL_DEMO_THREAD_PRORIOTY 6 - -/* -Fragment size range 2048~8192 -| Private key len | Fragment size recommend | -| RSA2048 | 2048 | -| RSA3072 | 3072 | -| RSA4096 | 4096 | -*/ -#define OPENSSL_DEMO_FRAGMENT_SIZE 2048 - -/* Local tcp port */ -#define OPENSSL_DEMO_LOCAL_TCP_PORT 1000 - -/* Server ip address */ -#define OPENSSL_DEMO_TARGET_NAME "192.168.3.196" - -/* Server tcp port */ -#define OPENSSL_DEMO_TARGET_TCP_PORT 443 - -#define OPENSSL_DEMO_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n" - -/* receive length */ -#define OPENSSL_DEMO_RECV_BUF_LEN 1024 - -LOCAL xTaskHandle openssl_handle; - -LOCAL char send_data[] = OPENSSL_DEMO_REQUEST; -LOCAL int send_bytes = sizeof(send_data); - -LOCAL char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN]; - -LOCAL void openssl_demo_thread(void* p) -{ - int ret; - - SSL_CTX* ctx; - SSL* ssl; - - int socket; - struct sockaddr_in sock_addr; - - ip_addr_t target_ip; - - int recv_bytes = 0; - - printf("OpenSSL demo thread start...\n"); - - do { - ret = netconn_gethostbyname(OPENSSL_DEMO_TARGET_NAME, &target_ip); - } while (ret); - - printf("get target IP is "IPSTR"\n", IP2STR(&(target_ip.u_addr.ip4))); - - printf("create SSL context ......"); - ctx = SSL_CTX_new(TLSv1_1_client_method()); - if (!ctx) { - printf("failed\n"); - goto failed1; - } - printf("OK\n"); - - printf("load ca crt ......"); - X509 *cacrt = d2i_X509(NULL, ca_crt, ca_crt_len); - if(cacrt){ - SSL_CTX_add_client_CA(ctx, cacrt); - printf("OK\n"); - }else{ - printf("failed\n"); - goto failed2; - } - - printf("load client crt ......"); - ret = SSL_CTX_use_certificate_ASN1(ctx, client_crt_len, client_crt); - if(ret){ - printf("OK\n"); - }else{ - printf("failed\n"); - goto failed2; - } - - printf("load client private key ......"); - ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, client_key, client_key_len); - if(ret){ - printf("OK\n"); - }else{ - printf("failed\n"); - goto failed2; - } - - printf("set verify mode verify peer\n"); - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); - - printf("set SSL context read buffer size ......"); - SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_DEMO_FRAGMENT_SIZE); - ret = 0; - if (ret) { - printf("failed, return %d\n", ret); - goto failed2; - } - printf("OK\n"); - - printf("create socket ......"); - socket = socket(AF_INET, SOCK_STREAM, 0); - if (socket < 0) { - printf("failed\n"); - goto failed3; - } - printf("OK\n"); - - printf("bind socket ......"); - memset(&sock_addr, 0, sizeof(sock_addr)); - sock_addr.sin_family = AF_INET; - sock_addr.sin_addr.s_addr = 0; - sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT); - ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); - if (ret) { - printf("failed\n"); - goto failed4; - } - printf("OK\n"); - - printf("socket connect to remote ......"); - memset(&sock_addr, 0, sizeof(sock_addr)); - sock_addr.sin_family = AF_INET; - sock_addr.sin_addr.s_addr = target_ip.u_addr.ip4.addr; - sock_addr.sin_port = htons(OPENSSL_DEMO_TARGET_TCP_PORT); - ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); - if (ret) { - printf("failed\n"); - goto failed5; - } - printf("OK\n"); - - printf("create SSL ......"); - ssl = SSL_new(ctx); - if (!ssl) { - printf("failed\n"); - goto failed6; - } - printf("OK\n"); - - SSL_set_fd(ssl, socket); - - printf("SSL connected to %s port %d ......", OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT); - ret = SSL_connect(ssl); - if (ret <= 0) { - printf("failed, return [-0x%x]\n", -ret); - goto failed7; - } - printf("OK\n"); - - printf("send request to %s port %d ......", OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT); - ret = SSL_write(ssl, send_data, send_bytes); - if (ret <= 0) { - printf("failed, return [-0x%x]\n", -ret); - goto failed8; - } - printf("OK\n\n"); - - do { - ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1); - if (ret <= 0) { - break; - } - recv_bytes += ret; - recv_buf[ret] = '\0'; - printf("%s", recv_buf); - } while (1); - printf("read %d bytes data from %s ......\n", recv_bytes, OPENSSL_DEMO_TARGET_NAME); - -failed8: - SSL_shutdown(ssl); -failed7: - SSL_free(ssl); -failed6: -failed5: -failed4: - close(socket); -failed3: -failed2: - SSL_CTX_free(ctx); -failed1: - vTaskDelete(NULL); - - printf("task exit\n"); - - return ; -} - -void user_conn_init(void) -{ - int ret; - - ret = xTaskCreate(openssl_demo_thread, - OPENSSL_DEMO_THREAD_NAME, - OPENSSL_DEMO_THREAD_STACK_WORDS, - NULL, - OPENSSL_DEMO_THREAD_PRORIOTY, - &openssl_handle); - if (ret != pdPASS) { - printf("create thread %s failed\n", OPENSSL_DEMO_THREAD_NAME); - return ; - } -} - diff --git a/examples/protocols/openssl_client/main/openssl_demo.h b/examples/protocols/openssl_client/main/openssl_demo.h deleted file mode 100644 index 9e28977d..00000000 --- a/examples/protocols/openssl_client/main/openssl_demo.h +++ /dev/null @@ -1,14 +0,0 @@ -/* - This example code is in the Public Domain (or CC0 licensed, at your option.) - - Unless required by applicable law or agreed to in writing, this - software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - CONDITIONS OF ANY KIND, either express or implied. -*/ - -#ifndef _OPENSSL_DEMO_H_ -#define _OPENSSL_DEMO_H_ - -void user_conn_init(void); - -#endif diff --git a/examples/protocols/openssl_client/main/server.key b/examples/protocols/openssl_client/main/server.key new file mode 100644 index 00000000..e18d0c64 --- /dev/null +++ b/examples/protocols/openssl_client/main/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA4wXG8hMRb6vOxWQOHMKNvSNbzYRxBNRYqLGHZjH9/jGySN9I +T+RymtSv9lH+XjNCGaanzcVxrgQzupk1GH2pgkrWczauqasZoRfnBECKOdihpyjx +iknh+lVbjK3intRqrF0dKYhNNXUvK26YMVCFktniucauK6iv9FhV+B/dO7KFgJzi +7qbtrT0UMSgitoGl+Q27wyKSkTbzUtiHWEfzFvQEaPdejH5AuWDKQW5K3eV2nckd +PL+0WOa1jAsEZyy4qZsH49YidW0Gp6CUZ79QJjsjHzvlbr+dsdaWdbqkNPv7oHjj +iJNAlcwucjUiNgHXwByGObDL2PZ2KdCNTs8t/wIDAQABAoIBAEUv7Iq3/vdej/ye +WqKvNE0xKng+5cbIBGEdAZvGnpbKhIAq9DnM8JR5P0s9f90rl/iDTt6qTtPu2ekD +aigVnARmVGb2glKZH4114GTuWnH4sINmOf6gN6t4OhdsowUuzXfMROf0bztchEyj +PuTAmoS/vJZLk6cgmMdJ6KFe7KiVU4PPu4eT6XP41nYV7ZYETevJzW6f4jUZJ2ta +FKI70JE+u5iFc1amGqHfJJezPPdLM4FbPW2qYhWEfe75kVsyUJrlBCgxTXiv3jgh +1ewd7m+loBe+S/I+51Hi6rLWRU5cjhiRmDRzgVP9OYeHypXykfS0JN0F7VlySEPG +gXEc7LECgYEA+x6eENjsQlJcrUe5vQKrnzguZrWStbWbJeuIvAvtr7s9GhdLNZl5 +eVk3xlyOyo6wonrbtrS5REs5HIRRRMdLo30PCgYWJRYT51UF2aLv9oMTGhNSlvdA +5L/X/aOJpZJXpV7YMbi7ILn3Hpm3zgXprX0px6wSVFNczZTdnr4JPakCgYEA529F +XNqVoIAOS5LR2dc9JHMtbNyvf3vo9LUu57XOv9OKJYGOrpTLAfN1pNfJ69BqWzX6 +JMeghIlosvDXG9XRk4mAtjb9rwiBrXDg0FqOb6z5QWmMsVHW9lsOD1iHqdc7rYPV +QuCmxJFK5cUEFqfEfrYSa+RrpDlNtPZtb9iBx2cCgYEA0kAdSa/Fh/XbgH1YJsdQ +mBt6xiXqMtddkg81SXSXShXzn5+3KaZZDV/EkgE20KNNgoxo3v1LTMHKjHTAclyG +mNiBOfxEmEJ24a3PGxwP24589M0OzjUwERYKqmM9QPJZDa1uR5sKmej53ZYITaen +scjkrTgFlLLDNaEZOOqVZBkCgYAgUMIvr/nammbkmJCiyVIpR8fc/oem1md12+K7 +ygAfeus8R3Xj3LToBdW0eckhG03uhH/0KMe6GfG7orN2mImV/0owp0cO7LImxK8v +iKWA5Hc9cf6KN/I7HgW9kNAIoBweI11g5DuFEQCTSspCW5StWMEDvbZmDPZTwWEQ +j/u3GwKBgAH3fWE+fMF+BmaYAubgUUQzBQEsC9bZC/anELABex2ru3p5zR1HVuAT +KgEmFCizRf5ST4bihq/rzxJ9TbwHXlN1ZSI6Hvgm1etY0CZRg4o7vMBYglfibX0L +AyhS+oeWdUWSJMxMxrL3uPvXfksX4ol1WiXdkHF3jAzmhjJdRx+W +-----END RSA PRIVATE KEY----- diff --git a/examples/protocols/openssl_client/main/server.pem b/examples/protocols/openssl_client/main/server.pem new file mode 100644 index 00000000..e4e85cbb --- /dev/null +++ b/examples/protocols/openssl_client/main/server.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDZDCCAkwCCQCSgOJ0ov23ETANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJD +MTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDExDTAL +BgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0BCQEW +BEVTUDEwHhcNMTgwNTExMDIzNzQ0WhcNMzIwMTE4MDIzNzQ0WjB3MQswCQYDVQQG +EwJDMjENMAsGA1UECAwESlMyMjENMAsGA1UEBwwEV1gyMjEOMAwGA1UECgwFRVNQ +MjIxDjAMBgNVBAsMBUVTUDIyMRQwEgYDVQQDDAtTZXJ2ZXIyMiBDQTEUMBIGCSqG +SIb3DQEJARYFRVNQMjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDj +BcbyExFvq87FZA4cwo29I1vNhHEE1FiosYdmMf3+MbJI30hP5HKa1K/2Uf5eM0IZ +pqfNxXGuBDO6mTUYfamCStZzNq6pqxmhF+cEQIo52KGnKPGKSeH6VVuMreKe1Gqs +XR0piE01dS8rbpgxUIWS2eK5xq4rqK/0WFX4H907soWAnOLupu2tPRQxKCK2gaX5 +DbvDIpKRNvNS2IdYR/MW9ARo916MfkC5YMpBbkrd5XadyR08v7RY5rWMCwRnLLip +mwfj1iJ1bQanoJRnv1AmOyMfO+Vuv52x1pZ1uqQ0+/ugeOOIk0CVzC5yNSI2AdfA +HIY5sMvY9nYp0I1Ozy3/AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHHC3TO3TWoD +FKrjs8nMQxm+PrTEaV4+4nzJU86pSrdrXdPfsWd6RixXYidb0p1Pg4urCwLf+1Cu +/JmXA1F/9yFCfV53VPYnT6HQ+W1DwU8A+cyTweh4hZvEQEmFtbt2dHZMLTMlUwBQ +mmGM4Urfl1AyCdqQIK4EmPqBwtuBGVjIAixdRH3YcWPSkxV51ppHh2P6yk/4/D2B +GYfTBA3h7myfbdqiMDRJuBIfUAsaDmohPOmYQIuh0YdwdWQxZVi6r6JSg3nV9udI +M2p5MfFrpXz9MkC9XUZ/pQXszsPQJHyL76mozujEWpANWwofskfLHJmWPOcsJmIk +VLMMmm1AhdI= +-----END CERTIFICATE----- diff --git a/examples/protocols/openssl_client/main/user_config.h b/examples/protocols/openssl_client/main/user_config.h deleted file mode 100644 index 4bd11b34..00000000 --- a/examples/protocols/openssl_client/main/user_config.h +++ /dev/null @@ -1,18 +0,0 @@ -/* - This example code is in the Public Domain (or CC0 licensed, at your option.) - - Unless required by applicable law or agreed to in writing, this - software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - CONDITIONS OF ANY KIND, either express or implied. -*/ - -#ifndef __USER_CONFIG_H__ -#define __USER_CONFIG_H__ - -#include "openssl_demo.h" - -#define SSID "HUAWEI001" -#define PASSWORD "" - -#endif - diff --git a/examples/protocols/openssl_client/main/user_main.c b/examples/protocols/openssl_client/main/user_main.c deleted file mode 100644 index c708cb02..00000000 --- a/examples/protocols/openssl_client/main/user_main.c +++ /dev/null @@ -1,100 +0,0 @@ -/* openSSL client example - - This example code is in the Public Domain (or CC0 licensed, at your option.) - - Unless required by applicable law or agreed to in writing, this - software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - CONDITIONS OF ANY KIND, either express or implied. -*/ - -#include "esp_common.h" -#include "user_config.h" - -/****************************************************************************** - * FunctionName : user_rf_cal_sector_set - * Description : SDK just reversed 4 sectors, used for rf init data and paramters. - * We add this function to force users to set rf cal sector, since - * we don't know which sector is free in user's application. - * sector map for last several sectors : ABCCC - * A : rf cal - * B : rf init data - * C : sdk parameters - * Parameters : none - * Returns : rf cal sector -*******************************************************************************/ -uint32 user_rf_cal_sector_set(void) -{ - flash_size_map size_map = system_get_flash_size_map(); - uint32 rf_cal_sec = 0; - - switch (size_map) { - case FLASH_SIZE_4M_MAP_256_256: - rf_cal_sec = 128 - 5; - break; - - case FLASH_SIZE_8M_MAP_512_512: - rf_cal_sec = 256 - 5; - break; - - case FLASH_SIZE_16M_MAP_512_512: - case FLASH_SIZE_16M_MAP_1024_1024: - rf_cal_sec = 512 - 5; - break; - - case FLASH_SIZE_32M_MAP_512_512: - case FLASH_SIZE_32M_MAP_1024_1024: - rf_cal_sec = 1024 - 5; - break; - - case FLASH_SIZE_64M_MAP_1024_1024: - rf_cal_sec = 2048 - 5; - break; - - case FLASH_SIZE_128M_MAP_1024_1024: - rf_cal_sec = 4096 - 5; - break; - - default: - rf_cal_sec = 0; - break; - } - - return rf_cal_sec; -} - -void wifi_event_handler_cb(System_Event_t* event) -{ - if (event == NULL) { - return; - } - - switch (event->event_id) { - case EVENT_STAMODE_GOT_IP: - printf("sta got ip , creat task %d\n", system_get_free_heap_size()); - user_conn_init(); - break; - - default: - break; - } -} - -/****************************************************************************** - * FunctionName : user_init - * Description : entry of user application, init user function here - * Parameters : none - * Returns : none -*******************************************************************************/ -void user_init(void) -{ - printf("SDK version:%s %d\n", system_get_sdk_version(), system_get_free_heap_size()); - wifi_set_opmode(STATION_MODE); - - // set AP parameter - struct station_config config; - bzero(&config, sizeof(struct station_config)); - sprintf(config.ssid, SSID); - sprintf(config.password, PASSWORD); - wifi_station_set_config(&config); - wifi_set_event_handler_cb(wifi_event_handler_cb); -} diff --git a/examples/protocols/openssl_server/Makefile b/examples/protocols/openssl_server/Makefile index 0d1f5e68..8f781a8c 100644 --- a/examples/protocols/openssl_server/Makefile +++ b/examples/protocols/openssl_server/Makefile @@ -3,7 +3,7 @@ # project subdirectory. # -PROJECT_NAME := hello-world +PROJECT_NAME := openssl-server include $(IDF_PATH)/make/project.mk diff --git a/examples/protocols/openssl_server/README.md b/examples/protocols/openssl_server/README.md index 0afaab48..1b7593c1 100644 --- a/examples/protocols/openssl_server/README.md +++ b/examples/protocols/openssl_server/README.md @@ -1,39 +1,30 @@ -1. Run ./gencrt.sh or if you have your own certificate, move to the openssl_server directory, the name is ca.crt,server.crt, server.key, client.crt and client.key. +1. Run `./gencrt.sh` or if you have your own certifications, move them to the main directory, the name is ca.pem, server.pem, server.key, client.pem and client.key. - The server.crt and client.crt was generate by the same ca.crt in ./gencrt.sh. + The server.pem and client.pem was generated by the same ca.pem in gencrt.sh. - Server side needs ca.crt(to verify client.crt), server.crt, server.key + Server side needs ca.pem(to verify client.pem), server.pem, server.key - Client side needs ca.crt(to verify server.crt), client.crt, client.key + Client side needs ca.pem(to verify server.pem), client.pem, client.key - If you have two ca.crt to generate server.crt and client.crt respectively, client1.crt is generate by ca1.crt and client1.key, server2.crt is generate by ca2.crt and server2.key: + If you have two ca.pem to generate server.pem and client.pem respectively, client1.pem is generate by ca1.pem and client1.key, server2.pem is generate by ca2.pem and server2.key: - Client side needs ca2.crt, client1.crt, client1.key. + Client side needs ca2.pem, client1.pem, client1.key. - Server side needs ca1.crt, server2.crt, server2.key. + Server side needs ca1.pem, server2.pem, server2.key. - Rename ca1.crt server2.crt server2.key to ca.crt server.crt server.key and run ./genheader.sh. + Rename ca1.pem server2.pem server2.key to ca.pem server.pem server.key. - Use ca2.crt in openssl s_client -CAfile option. + Use ca2.pem in openssl s_client -CAfile option. -2. Run ./genheader.sh. +2. Compile and download + - run `make menuconfig` + - Modify SSID and PASSWORD under menu "Example Configuration". + Make sure that the computer and ESP8266 are in the same local area network. + - run `make flash monitor` -3. Modify thease two lines in file user_config.h to your local Wi-Fi SSID and Password. - - ```#define SSID "HUAWEI001"``` - - ```#define PASSWORD ""``` - -4. Make sure that the computer and ESP8266 are in the same local area network. - -5. Run ./gen_misc.sh. - -6. Download bin file to ESP8266. - - Find server ip address in ESP8266 UART log: ip:192.168.3.6,mask:255.255.255.0,gw:192.168.3.1. - -7. Run openssl s_client -CAfile ca.crt -cert client.crt -key client.key -verify 1 -tls1_1 -host 192.168.3.6 -port 443. +3. Find server ip address in ESP8266 UART log, such as:`ip:192.168.3.6,mask:255.255.255.0,gw:192.168.3.1`. +4. Run `openssl s_client -CAfile ca.pem -cert client.pem -key client.key -verify 1 -tls1_2 -host 192.168.3.6 -port 443` in ./main directory to start client on your PC and connect to ESP8266 server. **ATTENTION** @@ -41,4 +32,4 @@ **2. Make sure the private key length larger than 2048.** -**3. Make sure the fragment size range is between 2048 and 8192.** +**3. Make sure the fragment size range is between 2048 and 16384.** diff --git a/examples/protocols/openssl_server/gencrt.sh b/examples/protocols/openssl_server/gencrt.sh index 22d8dc76..957b0560 100755 --- a/examples/protocols/openssl_server/gencrt.sh +++ b/examples/protocols/openssl_server/gencrt.sh @@ -22,6 +22,13 @@ openssl req -new -key server.key -out server.csr -text -subj $LEVEL2_SUBJECT openssl req -new -key client.key -out client.csr -text -subj $LEVEL3_SUBJECT # generate the actual certs. -openssl x509 -req -in ca.csr -out ca.crt -sha1 -days 5000 -signkey ca.key -text -extensions v3_ca -openssl x509 -req -in server.csr -out server.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key -text -extensions v3_ca -openssl x509 -req -in client.csr -out client.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key -text -extensions v3_ca +openssl x509 -req -in ca.csr -out ca.pem -sha1 -days 5000 -signkey ca.key -text -extensions v3_ca +openssl x509 -req -in server.csr -out server.pem -sha1 -CAcreateserial -days 5000 -CA ca.pem -CAkey ca.key -text -extensions v3_ca +openssl x509 -req -in client.csr -out client.pem -sha1 -CAcreateserial -days 5000 -CA ca.pem -CAkey ca.key -text -extensions v3_ca + +rm *.csr +rm *.srl + +mv ca.* ./main +mv server.* ./main +mv client.* ./main \ No newline at end of file diff --git a/examples/protocols/openssl_server/genheader.sh b/examples/protocols/openssl_server/genheader.sh deleted file mode 100755 index bd45fa6a..00000000 --- a/examples/protocols/openssl_server/genheader.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -# set ca crt for use in the server -xxd -i ca.crt | sed -e "s/ca_crt/ca_crt/" > ssl_server_crt.h - -# set server crt for use in the server -xxd -i server.crt | sed -e "s/server_crt/server_crt/" >> ssl_server_crt.h - -# set private key for use in the server -xxd -i server.key | sed -e "s/server_key/server_key/" >> ssl_server_crt.h - -mv ssl_server_crt.h ./include diff --git a/examples/protocols/openssl_server/main/Kconfig.projbuild b/examples/protocols/openssl_server/main/Kconfig.projbuild new file mode 100644 index 00000000..92a75195 --- /dev/null +++ b/examples/protocols/openssl_server/main/Kconfig.projbuild @@ -0,0 +1,17 @@ +menu "Example Configuration" + +config WIFI_SSID + string "WiFi SSID" + default "myssid" + help + SSID (network name) for the example to connect to. + +config WIFI_PASSWORD + string "WiFi Password" + default "mypassword" + help + WiFi password (WPA or WPA2) for the example to use. + + Can be left blank if the network has no security set. + +endmenu diff --git a/examples/protocols/openssl_server/main/ca.pem b/examples/protocols/openssl_server/main/ca.pem new file mode 100644 index 00000000..72c88f97 --- /dev/null +++ b/examples/protocols/openssl_server/main/ca.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDXjCCAkYCCQCKO2+tDiY2HTANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJD +MTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDExDTAL +BgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0BCQEW +BEVTUDEwHhcNMTgwNTExMDQ0NDQ4WhcNMzIwMTE4MDQ0NDQ4WjBxMQswCQYDVQQG +EwJDMTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDEx +DTALBgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0B +CQEWBEVTUDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4/Tn8wT+3 +M7XpH4X0kF2WSVwCNWcU9nhpOki/9U8bMIfk/S6i2IYhUVSnDgogxiW9tMfGzjar +gk4ZrWFeRxicgknxKMhWSrUny8mXvEE2aUU7F+Udqimi56ZYAkF+v2wNMrh6UWDH +IF2FfPXsngg2vbM1+nSLaSvTzVL5bupqWFU5gFUocyoAMKInGinz2prG4xDWVkoL +d0Ees9XrozWYmWG1M48xNK1PdtN4aK/UEAY4W9QMX3Lgo26wTauSB4m3pb+5D2pL +MzGmCkZadcpug8rkf0yA+D0V1uP5DJH1mtKCWwHRaYjOazv5USk7lifOYbi83MwY +/tM6UPhFpZCzAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEDnb5fBpYaDjFSRst9s +Yu2yqCj6GyOeRLlDL4N9ySm/kPfgEGlrMhMgdYNKXkHf0F9fioKqXDI0apT8NHAq +lpDRifPU+pYu1YWalti0f+Ktwy+A56cPU/e5TzKLw7gcQ8UGeG6EsSUeq8OU7+Sg +cBmRouUT7q4LExq8AEo0S2ELlNIcV9k0KASCQLDR0aTBiaWnLXoq5hVvGbEsuDeG +6YUhO+L4IQs8o+JZYmXM7Fl1lpddu7XSEdpe+4n/u350GoR9xLXDiCuE/AS/g85f ++U5XybySN5Mvr+GqnGo/JbAsArgXW4mu+5q50aZ7MgJSeWAEEmhDV5pEATeqLfbO +9tk= +-----END CERTIFICATE----- diff --git a/examples/protocols/openssl_server/main/client.key b/examples/protocols/openssl_server/main/client.key new file mode 100644 index 00000000..2e03fff2 --- /dev/null +++ b/examples/protocols/openssl_server/main/client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAtaPgzM+DKRyHYrGU0iOgsOj+/U0sRXmQ6fqcuuLq/1JMCJ17 +PRmr7wMpmtFS93NnbYeFyvNNshecsv9qmhvNXiatez6gd79cqP00O0QSRC3DhZCa +nVpjB7EsFcHMH9T1EXQmJ6GGo3jyQGvoneqWWAuiT0hth8sp9ms3Q/WhgjLaC9qe +eebD3IxyCIJhXe9XX1ToBQIaGofbf1cQpPxPK4ITve9cALgaknJ+E70jhSG2B24p +c+LqzIj7QeGkmq6CJf1qhYsJmxXi26osmYjQyC6fsQ0Fa3X5YXQsshR0eZ/cexwi +nILSK1aBCBAuORwvghIAN7zXuCay4U2qOWRSSwIDAQABAoIBAE1WeWC6+h2HCB39 +fl/6y3CHxAoV0cPC/vCgxBrOg0Ayyizg4JgjVhFuR0ij16+Ec4UvLsg6z9oEM7QD +DGCRdd+gmDzhbXGPCOTq6lJRqXVeBuHXr/1PftrHlP2uhjsHcVD9I0G8hJcV6A+F +4oVaXKkgSvt22yv2VOeWvvEwpJPKW1zZvbL75LBfgNbeJB1WeXRj7XGnwl4XlTWT +QnKKcgcPgMrw4fWDhVYpdA/6SOi46w+MsRWPCmFUB5b8Qwiqimm4zcWZHB3iNqCf +hxeqkuAV7RUBtJVQVhE1CTaGAaaScRt+Iz4vnH3tziBFIr8vBOHQQT7nkQOR8V5O +dddicAECgYEA3RjPDwNKlyfGMrNfFA3xSZvlTUueL0AF1r3NbTa4uw6tu7ZdUYS3 +zESaiTm35Hg0uaOKKLojbgMJaDRuw7/te6hBGIYPJFpOtpA7Y3JZU3Xdh0C8K9uU +5i6ctkfj1m23nVrwc3eOz/qyVrR6ru7I4Z2wJQzeTVPV4k6ea4P4q5kCgYEA0lCA +v35NR08ocCekhbiOSPdsW7NS/+/+nLVsWpH2U11nD5EYrMY55PewhfB+jytw6hxV +UXBaNB+IAaFgcBNKPqwXaFMXLrrr+cXx8b9j8XsLGmS7CX9kyX8R7450NkxPXmkh +ts+kf2xvzECeRuI8Xi2VNEatqR2JSH9PWouCe4MCgYBxBClzZx9NvMsXR5EmUyov +kjzYEfs98+AIMOU9Gme7VnmAJmv1K344MCk+U/6oDroE2o/Y2a0aovrABW1JKmZe +e1crDfvXfUIXGAsDfoQioXEnnfOSB6BJOTJqCr1v8o2VJdMbctXRgjh/EapUmUKd +8VkE11sa8+u0zrM0CjWmoQKBgQC86o1L9fMKzAMiA6oYZ/h/eKlAEevLdNP8BkeH +b7eZmLv70rUcdY8JqqhJGAdHKZlq4fqNheOxEGXGOSR8aAd4FnOMRZ78XfGcUn+L +TQVEo+cMVVFhLarmCJue2RJwt8lPoBYltY0o3Mnr6luChrP9UOrGo3pY/+wSUDGC +vvB9awKBgQCEzfvWcPN9PHOSnYjxwEIRhFLeDWG77lFj0qSTSrjJ06uLMMIp9hcg +PYgk6AJwQNCDfoYHyF7ZUn8UydL93fq6CzmDFHIulw3eUIriOFgPbWjaLdcW3XEC +/gVhSlWIQhFpiHJJbAZ3DEw8OxXpA7rpuI7l29I43sf42t9lzYN6Nw== +-----END RSA PRIVATE KEY----- diff --git a/examples/protocols/openssl_server/main/client.pem b/examples/protocols/openssl_server/main/client.pem new file mode 100644 index 00000000..91489f69 --- /dev/null +++ b/examples/protocols/openssl_server/main/client.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDajCCAlICCQDcpwWJyoCFiDANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJD +MTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDExDTAL +BgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0BCQEW +BEVTUDEwHhcNMTgwNTExMDQ0NDQ4WhcNMzIwMTE4MDQ0NDQ4WjB9MQswCQYDVQQG +EwJDMzEOMAwGA1UECAwFSlMzMzMxDjAMBgNVBAcMBVdYMzMzMQ8wDQYDVQQKDAZF +U1AzMzMxDzANBgNVBAsMBkVTUDMzMzEVMBMGA1UEAwwMU2VydmVyMzMzIENBMRUw +EwYJKoZIhvcNAQkBFgZFU1AzMzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC1o+DMz4MpHIdisZTSI6Cw6P79TSxFeZDp+py64ur/UkwInXs9GavvAyma +0VL3c2dth4XK802yF5yy/2qaG81eJq17PqB3v1yo/TQ7RBJELcOFkJqdWmMHsSwV +wcwf1PURdCYnoYajePJAa+id6pZYC6JPSG2Hyyn2azdD9aGCMtoL2p555sPcjHII +gmFd71dfVOgFAhoah9t/VxCk/E8rghO971wAuBqScn4TvSOFIbYHbilz4urMiPtB +4aSaroIl/WqFiwmbFeLbqiyZiNDILp+xDQVrdflhdCyyFHR5n9x7HCKcgtIrVoEI +EC45HC+CEgA3vNe4JrLhTao5ZFJLAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAJDf +Ofo/NL/N1xL2g6bUfk2OQUfWWVTPPOtkbvbP2PrLwxjmZFl2p5uvA6lTGWo0IcQx +YN4baF+KbD8WdzDkfrXvPE2h1SwQut2XXi3JB+TgU/ZJq6qf7LkkYvojxaI6/80X +3l1CbpwLCr+Empw9mtgMGkl4SCGR2qirYWoDbF+fNMM/fwMpPUtssbIrcueVmrJc +TE2T7zhdY1a7h+M1vojqnZ6eHqf7VhH83+DwO1tIeC0dpFbCdTtymtVRxlHPvdU1 +rZt7+CIBM9LQhwzX7LaGG+Mk53mMzO7nqdD+APSRgKq4bLWXOeXs58YRHRiYdHAE +g/rV6gxK6lhBb/gQ+uw= +-----END CERTIFICATE----- diff --git a/examples/protocols/openssl_server/main/component.mk b/examples/protocols/openssl_server/main/component.mk index 0b9d7585..19c297cf 100644 --- a/examples/protocols/openssl_server/main/component.mk +++ b/examples/protocols/openssl_server/main/component.mk @@ -2,4 +2,6 @@ # "main" pseudo-component makefile. # # (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.) - +COMPONENT_EMBED_TXTFILES := ca.pem +COMPONENT_EMBED_TXTFILES += server.pem +COMPONENT_EMBED_TXTFILES += server.key \ No newline at end of file diff --git a/examples/protocols/openssl_server/main/openssl_demo.c b/examples/protocols/openssl_server/main/openssl_demo.c deleted file mode 100644 index 93a0f08d..00000000 --- a/examples/protocols/openssl_server/main/openssl_demo.c +++ /dev/null @@ -1,226 +0,0 @@ -/* openSSL server example - - This example code is in the Public Domain (or CC0 licensed, at your option.) - - Unless required by applicable law or agreed to in writing, this - software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - CONDITIONS OF ANY KIND, either express or implied. -*/ - -#include -#include "openssl_demo.h" -#include "openssl/ssl.h" -#include "freertos/FreeRTOS.h" -#include "freertos/task.h" -#include "c_types.h" -#include "esp_misc.h" -#include "lwip/sockets.h" -#include "ssl_server_crt.h" - -#define OPENSSL_DEMO_THREAD_NAME "ssl_demo" -#define OPENSSL_DEMO_THREAD_STACK_WORDS 2048 -#define OPENSSL_DEMO_THREAD_PRORIOTY 6 - -/* -Fragment size range 2048~8192 -| Private key len | Fragment size recommend | -| RSA2048 | 2048 | -| RSA3072 | 3072 | -| RSA4096 | 4096 | -*/ -#define OPENSSL_DEMO_FRAGMENT_SIZE 2048 - -/* Local server tcp port */ -#define OPENSSL_DEMO_LOCAL_TCP_PORT 443 - -#define OPENSSL_DEMO_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n" - -/* receive length */ -#define OPENSSL_DEMO_RECV_BUF_LEN 1024 - -LOCAL xTaskHandle openssl_handle; - -LOCAL char send_data[] = OPENSSL_DEMO_REQUEST; -LOCAL int send_bytes = sizeof(send_data); - -LOCAL char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN]; - -LOCAL void openssl_demo_thread(void* p) -{ - int ret; - - SSL_CTX* ctx; - SSL* ssl; - - struct sockaddr_in sock_addr; - int sockfd, new_sockfd; - int recv_bytes = 0; - socklen_t addr_len; - - printf("OpenSSL demo thread start...\n"); - - printf("create SSL context ......"); - ctx = SSL_CTX_new(TLSv1_1_server_method()); - - if (!ctx) { - printf("failed\n"); - goto failed1; - } - - printf("OK\n"); - - printf("load ca crt ......"); - X509* cacrt = d2i_X509(NULL, ca_crt, ca_crt_len); - - if (cacrt) { - SSL_CTX_add_client_CA(ctx, cacrt); - printf("OK\n"); - } else { - printf("failed\n"); - goto failed2; - } - - printf("load server crt ......"); - ret = SSL_CTX_use_certificate_ASN1(ctx, server_crt_len, server_crt); - - if (ret) { - printf("OK\n"); - } else { - printf("failed\n"); - goto failed2; - } - - printf("load server private key ......"); - ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, server_key, server_key_len); - - if (ret) { - printf("OK\n"); - } else { - printf("failed\n"); - goto failed2; - } - - printf("set verify mode verify peer\n"); - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); - - printf("set SSL context read buffer size ......OK\n"); - SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_DEMO_FRAGMENT_SIZE); - - printf("create socket ......"); - sockfd = socket(AF_INET, SOCK_STREAM, 0); - - if (sockfd < 0) { - printf("failed\n"); - goto failed2; - } - - printf("OK\n"); - - printf("socket bind ......"); - memset(&sock_addr, 0, sizeof(sock_addr)); - sock_addr.sin_family = AF_INET; - sock_addr.sin_addr.s_addr = 0; - sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT); - - ret = bind(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); - - if (ret) { - printf("bind failed\n"); - goto failed3; - } - - printf("bind OK\n"); - - printf("server socket listen ......"); - ret = listen(sockfd, 32); - - if (ret) { - printf("failed\n"); - goto failed3; - } - - printf("OK\n"); - -reconnect: - printf("SSL server create ......"); - ssl = SSL_new(ctx); - - if (!ssl) { - printf("failed\n"); - goto failed3; - } - - printf("OK\n"); - - printf("SSL server socket accept client ......"); - new_sockfd = accept(sockfd, (struct sockaddr*)&sock_addr, &addr_len); - - if (new_sockfd < 0) { - printf("failed"); - goto failed4; - } - - printf("OK\n"); - - SSL_set_fd(ssl, new_sockfd); - - printf("SSL server accept client ......"); - ret = SSL_accept(ssl); - - if (!ret) { - printf("failed\n"); - goto failed5; - } - - printf("OK\n"); - - do { - ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1); - - if (ret <= 0) { - break; - } - - recv_bytes += ret; - recv_buf[ret] = '\0'; - printf("%s", recv_buf); - } while (1); - - SSL_shutdown(ssl); -failed5: - close(new_sockfd); - new_sockfd = -1; -failed4: - SSL_free(ssl); - ssl = NULL; - goto reconnect; -failed3: - close(sockfd); - sockfd = -1; -failed2: - SSL_CTX_free(ctx); - ctx = NULL; -failed1: - vTaskDelete(NULL); - printf("task exit\n"); - - return ; -} - -void user_conn_init(void) -{ - int ret; - - ret = xTaskCreate(openssl_demo_thread, - OPENSSL_DEMO_THREAD_NAME, - OPENSSL_DEMO_THREAD_STACK_WORDS, - NULL, - OPENSSL_DEMO_THREAD_PRORIOTY, - &openssl_handle); - - if (ret != pdPASS) { - printf("create thread %s failed\n", OPENSSL_DEMO_THREAD_NAME); - return ; - } -} - diff --git a/examples/protocols/openssl_server/main/openssl_demo.h b/examples/protocols/openssl_server/main/openssl_demo.h deleted file mode 100644 index aa10359e..00000000 --- a/examples/protocols/openssl_server/main/openssl_demo.h +++ /dev/null @@ -1,15 +0,0 @@ -/* openSSL server example - - This example code is in the Public Domain (or CC0 licensed, at your option.) - - Unless required by applicable law or agreed to in writing, this - software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - CONDITIONS OF ANY KIND, either express or implied. -*/ - -#ifndef _OPENSSL_DEMO_H_ -#define _OPENSSL_DEMO_H_ - -void user_conn_init(void); - -#endif diff --git a/examples/protocols/openssl_server/main/openssl_server_example_main.c b/examples/protocols/openssl_server/main/openssl_server_example_main.c new file mode 100644 index 00000000..e1d2caad --- /dev/null +++ b/examples/protocols/openssl_server/main/openssl_server_example_main.c @@ -0,0 +1,334 @@ +/* openSSL server example + + This example code is in the Public Domain (or CC0 licensed, at your option.) + + Unless required by applicable law or agreed to in writing, this + software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + CONDITIONS OF ANY KIND, either express or implied. +*/ + +#include "sdkconfig.h" + +#include "esp_misc.h" +#include "esp_sta.h" +#include "esp_system.h" + +#include "freertos/FreeRTOS.h" +#include "freertos/task.h" + +#include + +#include "openssl/ssl.h" + +#define OPENSSL_SERVER_THREAD_NAME "openssl_server" +#define OPENSSL_SERVER_THREAD_STACK_WORDS 2048 +#define OPENSSL_SERVER_THREAD_PRORIOTY 6 + +extern const uint8_t ca_pem_start[] asm("_binary_ca_pem_start"); +extern const uint8_t ca_pem_end[] asm("_binary_ca_pem_end"); +extern const uint8_t server_pem_start[] asm("_binary_server_pem_start"); +extern const uint8_t server_pem_end[] asm("_binary_server_pem_end"); +extern const uint8_t server_key_start[] asm("_binary_server_key_start"); +extern const uint8_t server_key_end[] asm("_binary_server_key_end"); + +/* +Fragment size range 2048~8192 +| Private key len | Fragment size recommend | +| RSA2048 | 2048 | +| RSA3072 | 3072 | +| RSA4096 | 4096 | +*/ +#define OPENSSL_SERVER_FRAGMENT_SIZE 2048 + +/* Local server tcp port */ +#define OPENSSL_SERVER_LOCAL_TCP_PORT 443 + +#define OPENSSL_SERVER_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n" + +/* receive length */ +#define OPENSSL_SERVER_RECV_BUF_LEN 1024 + +LOCAL xTaskHandle openssl_handle; + +LOCAL char send_data[] = OPENSSL_SERVER_REQUEST; +LOCAL int send_bytes = sizeof(send_data); + +LOCAL char recv_buf[OPENSSL_SERVER_RECV_BUF_LEN]; + +LOCAL void openssl_server_thread(void* p) +{ + int ret; + + SSL_CTX* ctx; + SSL* ssl; + + struct sockaddr_in sock_addr; + int sockfd, new_sockfd; + int recv_bytes = 0; + socklen_t addr_len; + + printf("OpenSSL server thread start...\n"); + + printf("create SSL context ......"); + ctx = SSL_CTX_new(TLSv1_2_server_method()); + + if (!ctx) { + printf("failed\n"); + goto failed1; + } + + printf("OK\n"); + + printf("load ca crt ......"); + X509* cacrt = d2i_X509(NULL, ca_pem_start, ca_pem_end - ca_pem_start); + + if (cacrt) { + SSL_CTX_add_client_CA(ctx, cacrt); + printf("OK\n"); + } else { + printf("failed\n"); + goto failed2; + } + + printf("load server crt ......"); + ret = SSL_CTX_use_certificate_ASN1(ctx, server_pem_end - server_pem_start, server_pem_start); + + if (ret) { + printf("OK\n"); + } else { + printf("failed\n"); + goto failed2; + } + + printf("load server private key ......"); + ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, server_key_start, server_key_end - server_key_start); + + if (ret) { + printf("OK\n"); + } else { + printf("failed\n"); + goto failed2; + } + + printf("set verify mode verify peer\n"); + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); + + printf("set SSL context read buffer size ......OK\n"); + SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_SERVER_FRAGMENT_SIZE); + + printf("create socket ......"); + sockfd = socket(AF_INET, SOCK_STREAM, 0); + + if (sockfd < 0) { + printf("failed\n"); + goto failed2; + } + + printf("OK\n"); + + printf("socket bind ......"); + memset(&sock_addr, 0, sizeof(sock_addr)); + sock_addr.sin_family = AF_INET; + sock_addr.sin_addr.s_addr = 0; + sock_addr.sin_port = htons(OPENSSL_SERVER_LOCAL_TCP_PORT); + + ret = bind(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); + + if (ret) { + printf("bind failed\n"); + goto failed3; + } + + printf("bind OK\n"); + + printf("server socket listen ......"); + ret = listen(sockfd, 32); + + if (ret) { + printf("failed\n"); + goto failed3; + } + + printf("OK\n"); + +reconnect: + printf("SSL server create ......"); + ssl = SSL_new(ctx); + + if (!ssl) { + printf("failed\n"); + goto failed3; + } + + printf("OK\n"); + + printf("SSL server socket accept client ......"); + new_sockfd = accept(sockfd, (struct sockaddr*)&sock_addr, &addr_len); + + if (new_sockfd < 0) { + printf("failed"); + goto failed4; + } + + printf("OK\n"); + + SSL_set_fd(ssl, new_sockfd); + + printf("SSL server accept client ......"); + ret = SSL_accept(ssl); + + if (!ret) { + printf("failed\n"); + goto failed5; + } + + printf("OK\n"); + + printf("send data to client ......"); + ret = SSL_write(ssl, send_data, send_bytes); + + if (ret <= 0) { + printf("failed, return [-0x%x]\n", -ret); + goto failed5; + } + + printf("OK\n\n"); + + do { + ret = SSL_read(ssl, recv_buf, OPENSSL_SERVER_RECV_BUF_LEN - 1); + + if (ret <= 0) { + break; + } + + recv_bytes += ret; + recv_buf[ret] = '\0'; + printf("%s", recv_buf); + } while (1); + + SSL_shutdown(ssl); +failed5: + close(new_sockfd); + new_sockfd = -1; +failed4: + SSL_free(ssl); + ssl = NULL; + goto reconnect; +failed3: + close(sockfd); + sockfd = -1; +failed2: + SSL_CTX_free(ctx); + ctx = NULL; +failed1: + vTaskDelete(NULL); + printf("task exit\n"); + + return ; +} + +void user_conn_init(void) +{ + int ret; + + ret = xTaskCreate(openssl_server_thread, + OPENSSL_SERVER_THREAD_NAME, + OPENSSL_SERVER_THREAD_STACK_WORDS, + NULL, + OPENSSL_SERVER_THREAD_PRORIOTY, + &openssl_handle); + + if (ret != pdPASS) { + printf("create thread %s failed\n", OPENSSL_SERVER_THREAD_NAME); + return ; + } +} + +/****************************************************************************** + * FunctionName : user_rf_cal_sector_set + * Description : SDK just reversed 4 sectors, used for rf init data and paramters. + * We add this function to force users to set rf cal sector, since + * we don't know which sector is free in user's application. + * sector map for last several sectors : ABCCC + * A : rf cal + * B : rf init data + * C : sdk parameters + * Parameters : none + * Returns : rf cal sector +*******************************************************************************/ +uint32 user_rf_cal_sector_set(void) +{ + flash_size_map size_map = system_get_flash_size_map(); + uint32 rf_cal_sec = 0; + + switch (size_map) { + case FLASH_SIZE_4M_MAP_256_256: + rf_cal_sec = 128 - 5; + break; + + case FLASH_SIZE_8M_MAP_512_512: + rf_cal_sec = 256 - 5; + break; + + case FLASH_SIZE_16M_MAP_512_512: + case FLASH_SIZE_16M_MAP_1024_1024: + rf_cal_sec = 512 - 5; + break; + + case FLASH_SIZE_32M_MAP_512_512: + case FLASH_SIZE_32M_MAP_1024_1024: + rf_cal_sec = 1024 - 5; + break; + + case FLASH_SIZE_64M_MAP_1024_1024: + rf_cal_sec = 2048 - 5; + break; + + case FLASH_SIZE_128M_MAP_1024_1024: + rf_cal_sec = 4096 - 5; + break; + + default: + rf_cal_sec = 0; + break; + } + + return rf_cal_sec; +} + +void wifi_event_handler_cb(System_Event_t* event) +{ + if (event == NULL) { + return; + } + + switch (event->event_id) { + case EVENT_STAMODE_GOT_IP: + printf("sta got ip , creat task %d\n", system_get_free_heap_size()); + user_conn_init(); + break; + + default: + break; + } +} + +/****************************************************************************** + * FunctionName : user_init + * Description : entry of user application, init user function here + * Parameters : none + * Returns : none +*******************************************************************************/ +void user_init(void) +{ + printf("SDK version:%s %d\n", system_get_sdk_version(), system_get_free_heap_size()); + wifi_set_opmode(STATION_MODE); + + // set AP parameter + struct station_config config; + bzero(&config, sizeof(struct station_config)); + sprintf((char*)config.ssid, CONFIG_WIFI_SSID); + sprintf((char*)config.password, CONFIG_WIFI_PASSWORD); + wifi_station_set_config(&config); + wifi_set_event_handler_cb(wifi_event_handler_cb); +} \ No newline at end of file diff --git a/examples/protocols/openssl_server/main/server.key b/examples/protocols/openssl_server/main/server.key new file mode 100644 index 00000000..d6a6cde0 --- /dev/null +++ b/examples/protocols/openssl_server/main/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA4hO0qkELImKZbfwjYDmeMkAE9Umi+iJwYZrjKJtCR86yAw7n +YBdurbPPbRE5709vJzg0XUbOAzus7g1MQGy+P/WJZQQ03iO4/ro/E2oLH+YLarFS +mFL9DXNGf597SEnUlRV6/3eBCmFCeil79F42mDjqcZ3AnVpfLPz5Y6Tqo6Y9xOsT +nJTgSXIMl3pNRwAhAEgTAMDAHqAtbZiztoF6QNSujPbwU/2K/YkTlMn1UpF2OxR6 +kNHWFYZnrXRn8Eld2VfOCbe6mZaCW+QHTLhq6CIqPhuTI7KYqxHwmacZhqHFEX4p +lbCB6zexJxuNF1VbHbGS4A4S7vmaHJ/nPWmidQIDAQABAoIBAAtOzQSPCE2J/P6h +U+umNiFxTk4uhrZYLqLTKnWHfoM09XZtsmj+Aw0xJzjfWbR8lqSxjPz1Y6yJuZaW +l6/JQKLWVy70TOinhMNI8Yq5DSFlUkDd6bGwxPN9RpNvmKz+9GEYl/RbN9sbDkYp ++Qc6ByUKA7/3EgFM2eHYLWksgIf62pceH7JO7efNrHnVaOh6vms8IjM9g+9eG6fx +n1/7GqoXUSTRTSR9B/LzqJxDLrNq0ryniVV1SYIlgojMaL38cl1OBdl/1Lfvjh0y +WtQnZnTmvymnND9zb7wMOs9IsbaOakOIh/17fekTB2y0ZYrqQK0PQI/nJLWqFwPb +wHGSfqkCgYEA/Srd+JAlHQcCz+dDytfCl4OcK40nA3WGAthcH9JY5aiG/OCrwzuO +bheERYD76C/d1E2Rgvr8kD1vqU6fGOChBP0bBmnFEAJgppVQKi2SJiNn/RUVca4I +llpecL7JDUfnxSrr2dx0ntcWX6ypywlEN+l2nzBC2Dp7A+ClbBeVNbMCgYEA5Js+ +th1Bq04GkOorXKT/dVb8YzSFVxD3kVqQgaXM2EoNZwCaXngCrlC6pckpMVNQmCDg +rwi+FLAGIk9L5SGu4TxsBBvVcPlHMSeJZZguV8zpV3UPqou2QXUYzTVXfOsnRUEZ +7IpCppZ6Tyf9EAyFYHw9owBBk1wG4927+vdeAzcCgYEAxUwdBNNBOSf3lxLCEFip +e+7DTGWKm/WA5MK8uMfzI7d8y6JD+bh2PXHyUUA+ESsMk6GH3y2+mqJmXOm6r2aP +1hVydEMFon5X2DrQ6K3vEe3R4rgFqDxa0OHIa9EjWkhJZa0XdQeLkyZId3NWN7cX +BQPawCCaV2zr5Y+zG1QdomUCgYBldh2kOGHwBOZXJQdvy+9xhdTotuPDW811Hsvq +Lss2588A+zyIVx1hfoUIlbqJoN+xVU5DgU7T4bgnPCiEHqn+X5HVVQErbgfR4ilS +BPP0lgaugU8ds3qFnNIQKe+ViszYKOe3mzmvtDO+tBHWMKh1xU6Z7MAuBfcs5TnM +TkPUiwKBgQC+9Yxv4IqjlqLqXNDyb4jJn5MNt9Gt6W85+ScdXAL6vdF38CrZWqyz +ORI3sr6JQ3p4Sq9e9mwcl472Y1bqIQ0ApxYA5fDCyzPP6P3hmhGY77hE6HEQvQq2 +qKfCcxBcLuvbcqeX0hairUOhjg8m2tb/sDNxm6ZaQmMHNRyIM1WgIw== +-----END RSA PRIVATE KEY----- diff --git a/examples/protocols/openssl_server/main/server.pem b/examples/protocols/openssl_server/main/server.pem new file mode 100644 index 00000000..acd8edfb --- /dev/null +++ b/examples/protocols/openssl_server/main/server.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDZDCCAkwCCQDcpwWJyoCFhzANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJD +MTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDExDTAL +BgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0BCQEW +BEVTUDEwHhcNMTgwNTExMDQ0NDQ4WhcNMzIwMTE4MDQ0NDQ4WjB3MQswCQYDVQQG +EwJDMjENMAsGA1UECAwESlMyMjENMAsGA1UEBwwEV1gyMjEOMAwGA1UECgwFRVNQ +MjIxDjAMBgNVBAsMBUVTUDIyMRQwEgYDVQQDDAtTZXJ2ZXIyMiBDQTEUMBIGCSqG +SIb3DQEJARYFRVNQMjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi +E7SqQQsiYplt/CNgOZ4yQAT1SaL6InBhmuMom0JHzrIDDudgF26ts89tETnvT28n +ODRdRs4DO6zuDUxAbL4/9YllBDTeI7j+uj8Tagsf5gtqsVKYUv0Nc0Z/n3tISdSV +FXr/d4EKYUJ6KXv0XjaYOOpxncCdWl8s/PljpOqjpj3E6xOclOBJcgyXek1HACEA +SBMAwMAeoC1tmLO2gXpA1K6M9vBT/Yr9iROUyfVSkXY7FHqQ0dYVhmetdGfwSV3Z +V84Jt7qZloJb5AdMuGroIio+G5MjspirEfCZpxmGocURfimVsIHrN7EnG40XVVsd +sZLgDhLu+Zocn+c9aaJ1AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBABZ7dxV/AjwU +1J0JeCQAXGBsNJDErmYLP9mZ0UVLiXoK29ulDAmruf2nm4GK3YfSdErO4fUJHw2i +zysTucNHJTOX6NSTigfQK7YKo8Cngt8RCNk9dRD88zwehlXKom52aLrC3SeC469O +Pu4PF7hFEskChz1qNNg+jcNkV5hvpdNwE55as86LWVcWeax6r9013Ojz6BKmKNIF +w3LXEQtvl/4lTyxI2hydXLaeIVfOe6c1LeJa29C+GXZsP2J5rkJZ1GGai0/KlwwH +6zaIhzjjiEDmkugKAgV0dnoV+E/m91OfMSge+ljllC7Il1qhr0/UXwmtnj1zQTLw +2VbO1/x/B7s= +-----END CERTIFICATE----- diff --git a/examples/protocols/openssl_server/main/user_config.h b/examples/protocols/openssl_server/main/user_config.h deleted file mode 100644 index 921eb281..00000000 --- a/examples/protocols/openssl_server/main/user_config.h +++ /dev/null @@ -1,19 +0,0 @@ -/* openSSL server example - - This example code is in the Public Domain (or CC0 licensed, at your option.) - - Unless required by applicable law or agreed to in writing, this - software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - CONDITIONS OF ANY KIND, either express or implied. -*/ - -#ifndef __USER_CONFIG_H__ -#define __USER_CONFIG_H__ - -#include "openssl_demo.h" - -#define SSID "HUAWEI001" -#define PASSWORD "" - -#endif - diff --git a/examples/protocols/openssl_server/main/user_main.c b/examples/protocols/openssl_server/main/user_main.c deleted file mode 100644 index 4c20fb67..00000000 --- a/examples/protocols/openssl_server/main/user_main.c +++ /dev/null @@ -1,101 +0,0 @@ -/* openSSL server example - - This example code is in the Public Domain (or CC0 licensed, at your option.) - - Unless required by applicable law or agreed to in writing, this - software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - CONDITIONS OF ANY KIND, either express or implied. -*/ - - -#include "esp_common.h" -#include "user_config.h" - -/****************************************************************************** - * FunctionName : user_rf_cal_sector_set - * Description : SDK just reversed 4 sectors, used for rf init data and paramters. - * We add this function to force users to set rf cal sector, since - * we don't know which sector is free in user's application. - * sector map for last several sectors : ABCCC - * A : rf cal - * B : rf init data - * C : sdk parameters - * Parameters : none - * Returns : rf cal sector -*******************************************************************************/ -uint32 user_rf_cal_sector_set(void) -{ - flash_size_map size_map = system_get_flash_size_map(); - uint32 rf_cal_sec = 0; - - switch (size_map) { - case FLASH_SIZE_4M_MAP_256_256: - rf_cal_sec = 128 - 5; - break; - - case FLASH_SIZE_8M_MAP_512_512: - rf_cal_sec = 256 - 5; - break; - - case FLASH_SIZE_16M_MAP_512_512: - case FLASH_SIZE_16M_MAP_1024_1024: - rf_cal_sec = 512 - 5; - break; - - case FLASH_SIZE_32M_MAP_512_512: - case FLASH_SIZE_32M_MAP_1024_1024: - rf_cal_sec = 1024 - 5; - break; - - case FLASH_SIZE_64M_MAP_1024_1024: - rf_cal_sec = 2048 - 5; - break; - - case FLASH_SIZE_128M_MAP_1024_1024: - rf_cal_sec = 4096 - 5; - break; - - default: - rf_cal_sec = 0; - break; - } - - return rf_cal_sec; -} - -void wifi_event_handler_cb(System_Event_t* event) -{ - if (event == NULL) { - return; - } - - switch (event->event_id) { - case EVENT_STAMODE_GOT_IP: - printf("sta got ip , creat task %d\n", system_get_free_heap_size()); - user_conn_init(); - break; - - default: - break; - } -} - -/****************************************************************************** - * FunctionName : user_init - * Description : entry of user application, init user function here - * Parameters : none - * Returns : none -*******************************************************************************/ -void user_init(void) -{ - printf("SDK version:%s %d\n", system_get_sdk_version(), system_get_free_heap_size()); - wifi_set_opmode(STATION_MODE); - - // set AP parameter - struct station_config config; - bzero(&config, sizeof(struct station_config)); - sprintf(config.ssid, SSID); - sprintf(config.password, PASSWORD); - wifi_station_set_config(&config); - wifi_set_event_handler_cb(wifi_event_handler_cb); -}