2017-11-14 10:16:20 +07:00
|
|
|
// Copyright 2015-2018 Espressif Systems (Shanghai) PTE LTD
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
#include <string.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
#include "freertos/FreeRTOS.h"
|
|
|
|
#include "freertos/task.h"
|
2018-07-27 18:18:26 +05:30
|
|
|
#include "esp_tls.h"
|
2017-11-14 10:16:20 +07:00
|
|
|
#include "esp_log.h"
|
|
|
|
#include "esp_system.h"
|
|
|
|
|
2018-09-25 10:34:04 +02:00
|
|
|
#include "esp_transport.h"
|
|
|
|
#include "esp_transport_ssl.h"
|
|
|
|
#include "esp_transport_utils.h"
|
2019-04-16 11:58:38 +02:00
|
|
|
#include "esp_transport_ssl_internal.h"
|
2020-07-17 17:59:05 +02:00
|
|
|
#include "esp_transport_internal.h"
|
2017-11-14 10:16:20 +07:00
|
|
|
|
|
|
|
static const char *TAG = "TRANS_SSL";
|
2018-08-07 23:26:59 +05:30
|
|
|
|
|
|
|
typedef enum {
|
|
|
|
TRANS_SSL_INIT = 0,
|
|
|
|
TRANS_SSL_CONNECTING,
|
|
|
|
} transport_ssl_conn_state_t;
|
|
|
|
|
2017-11-14 10:16:20 +07:00
|
|
|
/**
|
|
|
|
* mbedtls specific transport data
|
|
|
|
*/
|
|
|
|
typedef struct {
|
2018-07-27 18:18:26 +05:30
|
|
|
esp_tls_t *tls;
|
2018-08-07 23:26:59 +05:30
|
|
|
esp_tls_cfg_t cfg;
|
2017-11-14 10:16:20 +07:00
|
|
|
bool ssl_initialized;
|
2018-08-07 23:26:59 +05:30
|
|
|
transport_ssl_conn_state_t conn_state;
|
2017-11-14 10:16:20 +07:00
|
|
|
} transport_ssl_t;
|
|
|
|
|
2018-09-26 11:56:47 +02:00
|
|
|
static int ssl_close(esp_transport_handle_t t);
|
2017-11-14 10:16:20 +07:00
|
|
|
|
2018-09-26 11:56:47 +02:00
|
|
|
static int ssl_connect_async(esp_transport_handle_t t, const char *host, int port, int timeout_ms)
|
2018-08-07 23:26:59 +05:30
|
|
|
{
|
2018-09-26 11:56:47 +02:00
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
2018-08-07 23:26:59 +05:30
|
|
|
if (ssl->conn_state == TRANS_SSL_INIT) {
|
|
|
|
ssl->cfg.timeout_ms = timeout_ms;
|
|
|
|
ssl->cfg.non_block = true;
|
|
|
|
ssl->ssl_initialized = true;
|
2019-04-09 16:08:05 +02:00
|
|
|
ssl->tls = esp_tls_init();
|
2018-08-07 23:26:59 +05:30
|
|
|
if (!ssl->tls) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
ssl->conn_state = TRANS_SSL_CONNECTING;
|
|
|
|
}
|
|
|
|
if (ssl->conn_state == TRANS_SSL_CONNECTING) {
|
|
|
|
return esp_tls_conn_new_async(host, strlen(host), port, &ssl->cfg, ssl->tls);
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2018-09-26 11:56:47 +02:00
|
|
|
static int ssl_connect(esp_transport_handle_t t, const char *host, int port, int timeout_ms)
|
2017-11-14 10:16:20 +07:00
|
|
|
{
|
2018-09-26 11:56:47 +02:00
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
2018-10-11 17:34:09 +02:00
|
|
|
|
2018-08-07 23:26:59 +05:30
|
|
|
ssl->cfg.timeout_ms = timeout_ms;
|
2018-07-27 18:18:26 +05:30
|
|
|
ssl->ssl_initialized = true;
|
2019-04-09 16:08:05 +02:00
|
|
|
ssl->tls = esp_tls_init();
|
2020-01-13 16:20:50 +01:00
|
|
|
if (esp_tls_conn_new_sync(host, strlen(host), port, &ssl->cfg, ssl->tls) <= 0) {
|
2018-07-27 18:18:26 +05:30
|
|
|
ESP_LOGE(TAG, "Failed to open a new connection");
|
2019-04-16 11:58:38 +02:00
|
|
|
esp_transport_set_errors(t, ssl->tls->error_handle);
|
2020-04-28 12:16:03 +02:00
|
|
|
esp_tls_conn_destroy(ssl->tls);
|
2019-04-09 16:08:05 +02:00
|
|
|
ssl->tls = NULL;
|
2018-07-27 18:18:26 +05:30
|
|
|
return -1;
|
2017-11-14 10:16:20 +07:00
|
|
|
}
|
2019-09-12 13:55:47 +08:00
|
|
|
|
2018-07-27 18:18:26 +05:30
|
|
|
return 0;
|
2017-11-14 10:16:20 +07:00
|
|
|
}
|
|
|
|
|
2018-09-26 11:56:47 +02:00
|
|
|
static int ssl_poll_read(esp_transport_handle_t t, int timeout_ms)
|
2017-11-14 10:16:20 +07:00
|
|
|
{
|
2018-09-26 11:56:47 +02:00
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
2019-09-12 13:55:47 +08:00
|
|
|
int ret = -1;
|
2020-08-21 16:31:40 +08:00
|
|
|
int remain = 0;
|
2019-11-12 17:42:51 +01:00
|
|
|
struct timeval timeout;
|
2017-11-14 10:16:20 +07:00
|
|
|
fd_set readset;
|
2019-09-12 13:55:47 +08:00
|
|
|
fd_set errset;
|
2017-11-14 10:16:20 +07:00
|
|
|
FD_ZERO(&readset);
|
2019-09-12 13:55:47 +08:00
|
|
|
FD_ZERO(&errset);
|
2018-07-27 18:18:26 +05:30
|
|
|
FD_SET(ssl->tls->sockfd, &readset);
|
2019-09-12 13:55:47 +08:00
|
|
|
FD_SET(ssl->tls->sockfd, &errset);
|
2017-11-14 10:16:20 +07:00
|
|
|
|
2020-08-21 16:31:40 +08:00
|
|
|
if ((remain = esp_tls_get_bytes_avail(ssl->tls)) > 0) {
|
|
|
|
ESP_LOGD(TAG, "remain data in cache, need to read again");
|
|
|
|
return remain;
|
|
|
|
}
|
2019-11-12 17:42:51 +01:00
|
|
|
ret = select(ssl->tls->sockfd + 1, &readset, NULL, &errset, esp_transport_utils_ms_to_timeval(timeout_ms, &timeout));
|
2019-09-12 13:55:47 +08:00
|
|
|
if (ret > 0 && FD_ISSET(ssl->tls->sockfd, &errset)) {
|
|
|
|
int sock_errno = 0;
|
|
|
|
uint32_t optlen = sizeof(sock_errno);
|
|
|
|
getsockopt(ssl->tls->sockfd, SOL_SOCKET, SO_ERROR, &sock_errno, &optlen);
|
|
|
|
ESP_LOGE(TAG, "ssl_poll_read select error %d, errno = %s, fd = %d", sock_errno, strerror(sock_errno), ssl->tls->sockfd);
|
|
|
|
ret = -1;
|
|
|
|
}
|
|
|
|
return ret;
|
2017-11-14 10:16:20 +07:00
|
|
|
}
|
|
|
|
|
2018-09-26 11:56:47 +02:00
|
|
|
static int ssl_poll_write(esp_transport_handle_t t, int timeout_ms)
|
2017-11-14 10:16:20 +07:00
|
|
|
{
|
2018-09-26 11:56:47 +02:00
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
2019-09-12 13:55:47 +08:00
|
|
|
int ret = -1;
|
2019-11-12 17:42:51 +01:00
|
|
|
struct timeval timeout;
|
2017-11-14 10:16:20 +07:00
|
|
|
fd_set writeset;
|
2019-09-12 13:55:47 +08:00
|
|
|
fd_set errset;
|
2017-11-14 10:16:20 +07:00
|
|
|
FD_ZERO(&writeset);
|
2019-09-12 13:55:47 +08:00
|
|
|
FD_ZERO(&errset);
|
2018-07-27 18:18:26 +05:30
|
|
|
FD_SET(ssl->tls->sockfd, &writeset);
|
2019-09-12 13:55:47 +08:00
|
|
|
FD_SET(ssl->tls->sockfd, &errset);
|
2019-11-12 17:42:51 +01:00
|
|
|
ret = select(ssl->tls->sockfd + 1, NULL, &writeset, &errset, esp_transport_utils_ms_to_timeval(timeout_ms, &timeout));
|
2019-09-12 13:55:47 +08:00
|
|
|
if (ret > 0 && FD_ISSET(ssl->tls->sockfd, &errset)) {
|
|
|
|
int sock_errno = 0;
|
|
|
|
uint32_t optlen = sizeof(sock_errno);
|
|
|
|
getsockopt(ssl->tls->sockfd, SOL_SOCKET, SO_ERROR, &sock_errno, &optlen);
|
|
|
|
ESP_LOGE(TAG, "ssl_poll_write select error %d, errno = %s, fd = %d", sock_errno, strerror(sock_errno), ssl->tls->sockfd);
|
|
|
|
ret = -1;
|
|
|
|
}
|
|
|
|
return ret;
|
2017-11-14 10:16:20 +07:00
|
|
|
}
|
|
|
|
|
2018-09-26 11:56:47 +02:00
|
|
|
static int ssl_write(esp_transport_handle_t t, const char *buffer, int len, int timeout_ms)
|
2017-11-14 10:16:20 +07:00
|
|
|
{
|
|
|
|
int poll, ret;
|
2018-09-26 11:56:47 +02:00
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
2017-11-14 10:16:20 +07:00
|
|
|
|
2018-09-26 11:56:47 +02:00
|
|
|
if ((poll = esp_transport_poll_write(t, timeout_ms)) <= 0) {
|
2018-07-27 18:18:26 +05:30
|
|
|
ESP_LOGW(TAG, "Poll timeout or error, errno=%s, fd=%d, timeout_ms=%d", strerror(errno), ssl->tls->sockfd, timeout_ms);
|
2017-11-14 10:16:20 +07:00
|
|
|
return poll;
|
|
|
|
}
|
2018-07-27 18:18:26 +05:30
|
|
|
ret = esp_tls_conn_write(ssl->tls, (const unsigned char *) buffer, len);
|
2019-01-07 16:33:41 +08:00
|
|
|
if (ret < 0) {
|
2018-08-07 23:26:59 +05:30
|
|
|
ESP_LOGE(TAG, "esp_tls_conn_write error, errno=%s", strerror(errno));
|
2019-04-16 11:58:38 +02:00
|
|
|
esp_transport_set_errors(t, ssl->tls->error_handle);
|
2017-11-14 10:16:20 +07:00
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2018-09-26 11:56:47 +02:00
|
|
|
static int ssl_read(esp_transport_handle_t t, char *buffer, int len, int timeout_ms)
|
2017-11-14 10:16:20 +07:00
|
|
|
{
|
2018-07-27 18:18:26 +05:30
|
|
|
int poll, ret;
|
2018-09-26 11:56:47 +02:00
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
2018-07-27 18:18:26 +05:30
|
|
|
|
2020-08-21 16:31:40 +08:00
|
|
|
if ((poll = esp_transport_poll_read(t, timeout_ms)) <= 0) {
|
|
|
|
return poll;
|
2017-11-14 10:16:20 +07:00
|
|
|
}
|
2018-07-27 18:18:26 +05:30
|
|
|
ret = esp_tls_conn_read(ssl->tls, (unsigned char *)buffer, len);
|
2019-01-07 16:33:41 +08:00
|
|
|
if (ret < 0) {
|
2018-08-07 23:26:59 +05:30
|
|
|
ESP_LOGE(TAG, "esp_tls_conn_read error, errno=%s", strerror(errno));
|
2019-04-16 11:58:38 +02:00
|
|
|
esp_transport_set_errors(t, ssl->tls->error_handle);
|
2018-07-27 18:18:26 +05:30
|
|
|
}
|
2019-01-19 11:13:22 +01:00
|
|
|
if (ret == 0) {
|
|
|
|
ret = -1;
|
|
|
|
}
|
2017-11-14 10:16:20 +07:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2018-09-26 11:56:47 +02:00
|
|
|
static int ssl_close(esp_transport_handle_t t)
|
2017-11-14 10:16:20 +07:00
|
|
|
{
|
|
|
|
int ret = -1;
|
2018-09-26 11:56:47 +02:00
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
2017-11-14 10:16:20 +07:00
|
|
|
if (ssl->ssl_initialized) {
|
2020-04-28 12:16:03 +02:00
|
|
|
ret = esp_tls_conn_destroy(ssl->tls);
|
2020-04-15 15:22:32 +05:30
|
|
|
ssl->conn_state = TRANS_SSL_INIT;
|
2017-11-14 10:16:20 +07:00
|
|
|
ssl->ssl_initialized = false;
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2018-09-26 11:56:47 +02:00
|
|
|
static int ssl_destroy(esp_transport_handle_t t)
|
2017-11-14 10:16:20 +07:00
|
|
|
{
|
2018-09-26 11:56:47 +02:00
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
|
|
|
esp_transport_close(t);
|
2017-11-14 10:16:20 +07:00
|
|
|
free(ssl);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2019-02-20 12:48:45 +05:30
|
|
|
void esp_transport_ssl_enable_global_ca_store(esp_transport_handle_t t)
|
|
|
|
{
|
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
|
|
|
if (t && ssl) {
|
|
|
|
ssl->cfg.use_global_ca_store = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-05-23 21:48:08 +02:00
|
|
|
void esp_transport_ssl_set_psk_key_hint(esp_transport_handle_t t, const psk_hint_key_t* psk_hint_key)
|
|
|
|
{
|
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
|
|
|
if (t && ssl) {
|
|
|
|
ssl->cfg.psk_hint_key = psk_hint_key;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-09-26 11:56:47 +02:00
|
|
|
void esp_transport_ssl_set_cert_data(esp_transport_handle_t t, const char *data, int len)
|
2017-11-14 10:16:20 +07:00
|
|
|
{
|
2018-09-26 11:56:47 +02:00
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
2017-11-14 10:16:20 +07:00
|
|
|
if (t && ssl) {
|
2018-08-07 23:26:59 +05:30
|
|
|
ssl->cfg.cacert_pem_buf = (void *)data;
|
|
|
|
ssl->cfg.cacert_pem_bytes = len + 1;
|
2017-11-14 10:16:20 +07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-07-15 17:53:39 +02:00
|
|
|
void esp_transport_ssl_set_cert_data_der(esp_transport_handle_t t, const char *data, int len)
|
|
|
|
{
|
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
|
|
|
if (t && ssl) {
|
2019-08-02 09:20:02 +02:00
|
|
|
ssl->cfg.cacert_buf = (void *)data;
|
|
|
|
ssl->cfg.cacert_bytes = len;
|
2019-07-15 17:53:39 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-09-28 18:45:37 +02:00
|
|
|
void esp_transport_ssl_set_client_cert_data(esp_transport_handle_t t, const char *data, int len)
|
|
|
|
{
|
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
|
|
|
if (t && ssl) {
|
|
|
|
ssl->cfg.clientcert_pem_buf = (void *)data;
|
|
|
|
ssl->cfg.clientcert_pem_bytes = len + 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-07-15 17:53:39 +02:00
|
|
|
void esp_transport_ssl_set_client_cert_data_der(esp_transport_handle_t t, const char *data, int len)
|
|
|
|
{
|
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
|
|
|
if (t && ssl) {
|
2019-08-02 09:20:02 +02:00
|
|
|
ssl->cfg.clientcert_buf = (void *)data;
|
|
|
|
ssl->cfg.clientcert_bytes = len;
|
2019-07-15 17:53:39 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-09-28 18:45:37 +02:00
|
|
|
void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char *data, int len)
|
|
|
|
{
|
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
|
|
|
if (t && ssl) {
|
|
|
|
ssl->cfg.clientkey_pem_buf = (void *)data;
|
|
|
|
ssl->cfg.clientkey_pem_bytes = len + 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-12-30 08:40:50 +01:00
|
|
|
void esp_transport_ssl_set_client_key_password(esp_transport_handle_t t, const char *password, int password_len)
|
|
|
|
{
|
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
|
|
|
if (t && ssl) {
|
|
|
|
ssl->cfg.clientkey_password = (void *)password;
|
|
|
|
ssl->cfg.clientkey_password_len = password_len;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-07-15 17:53:39 +02:00
|
|
|
void esp_transport_ssl_set_client_key_data_der(esp_transport_handle_t t, const char *data, int len)
|
|
|
|
{
|
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
|
|
|
if (t && ssl) {
|
2019-08-02 09:20:02 +02:00
|
|
|
ssl->cfg.clientkey_buf = (void *)data;
|
|
|
|
ssl->cfg.clientkey_bytes = len;
|
2019-07-15 17:53:39 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-11-13 10:36:24 +08:00
|
|
|
void esp_transport_ssl_set_alpn_protocol(esp_transport_handle_t t, const char **alpn_protos)
|
|
|
|
{
|
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
|
|
|
if (t && ssl) {
|
|
|
|
ssl->cfg.alpn_protos = alpn_protos;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-06-12 14:11:00 +05:30
|
|
|
void esp_transport_ssl_skip_common_name_check(esp_transport_handle_t t)
|
|
|
|
{
|
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
|
|
|
if (t && ssl) {
|
|
|
|
ssl->cfg.skip_common_name = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-04-06 20:12:52 +05:30
|
|
|
void esp_transport_ssl_use_secure_element(esp_transport_handle_t t)
|
|
|
|
{
|
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
|
|
|
if (t && ssl) {
|
|
|
|
ssl->cfg.use_secure_element = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-07-17 17:59:05 +02:00
|
|
|
static int ssl_get_socket(esp_transport_handle_t t)
|
|
|
|
{
|
|
|
|
if (t) {
|
|
|
|
transport_ssl_t *ssl = t->data;
|
|
|
|
if (ssl && ssl->tls) {
|
|
|
|
return ssl->tls->sockfd;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2020-07-31 13:57:25 +05:30
|
|
|
void esp_transport_ssl_set_ds_data(esp_transport_handle_t t, void *ds_data)
|
|
|
|
{
|
|
|
|
transport_ssl_t *ssl = esp_transport_get_context_data(t);
|
|
|
|
if (t && ssl) {
|
|
|
|
ssl->cfg.ds_data = ds_data;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-07-16 16:33:30 +07:00
|
|
|
esp_transport_handle_t esp_transport_ssl_init(void)
|
2017-11-14 10:16:20 +07:00
|
|
|
{
|
2018-09-26 11:56:47 +02:00
|
|
|
esp_transport_handle_t t = esp_transport_init();
|
2017-11-14 10:16:20 +07:00
|
|
|
transport_ssl_t *ssl = calloc(1, sizeof(transport_ssl_t));
|
2018-09-26 11:56:47 +02:00
|
|
|
ESP_TRANSPORT_MEM_CHECK(TAG, ssl, return NULL);
|
|
|
|
esp_transport_set_context_data(t, ssl);
|
2018-10-02 15:19:46 +02:00
|
|
|
esp_transport_set_func(t, ssl_connect, ssl_read, ssl_write, ssl_close, ssl_poll_read, ssl_poll_write, ssl_destroy);
|
2018-09-26 11:56:47 +02:00
|
|
|
esp_transport_set_async_connect_func(t, ssl_connect_async);
|
2020-07-17 17:59:05 +02:00
|
|
|
t->_get_socket = ssl_get_socket;
|
2017-11-14 10:16:20 +07:00
|
|
|
return t;
|
|
|
|
}
|
|
|
|
|