From 788c9ddf8d938593e27984b45743cafb8ded7586 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 20 Apr 2022 11:30:56 +0530 Subject: [PATCH] esp_tls: Added getter function for esp_tls ssl ctx. --- components/esp-tls/esp_tls.c | 9 ++++- components/esp-tls/esp_tls.h | 13 ++++++- components/esp-tls/esp_tls_mbedtls.c | 10 +++++ components/esp-tls/esp_tls_wolfssl.c | 9 +++++ .../esp-tls/private_include/esp_tls_mbedtls.h | 5 +++ .../esp-tls/private_include/esp_tls_wolfssl.h | 5 +++ .../protocols/https_server/simple/main/main.c | 38 +++++++++++++++---- 7 files changed, 79 insertions(+), 10 deletions(-) diff --git a/components/esp-tls/esp_tls.c b/components/esp-tls/esp_tls.c index b7014026f0..c3f025e91b 100644 --- a/components/esp-tls/esp_tls.c +++ b/components/esp-tls/esp_tls.c @@ -40,6 +40,7 @@ static const char *TAG = "esp-tls"; #define _esp_tls_conn_delete esp_mbedtls_conn_delete #define _esp_tls_net_init esp_mbedtls_net_init #define _esp_tls_get_client_session esp_mbedtls_get_client_session +#define _esp_tls_get_ssl_context esp_mbedtls_get_ssl_context #ifdef CONFIG_ESP_TLS_SERVER #define _esp_tls_server_session_create esp_mbedtls_server_session_create #define _esp_tls_server_session_delete esp_mbedtls_server_session_delete @@ -66,6 +67,7 @@ static const char *TAG = "esp-tls"; #define _esp_tls_init_global_ca_store esp_wolfssl_init_global_ca_store #define _esp_tls_set_global_ca_store esp_wolfssl_set_global_ca_store /*!< Callback function for setting global CA store data for TLS/SSL */ #define _esp_tls_free_global_ca_store esp_wolfssl_free_global_ca_store /*!< Callback function for freeing global ca store for TLS/SSL */ +#define _esp_tls_get_ssl_context esp_wolfssl_get_ssl_context #else /* ESP_TLS_USING_WOLFSSL */ #error "No TLS stack configured" #endif @@ -616,6 +618,11 @@ ssize_t esp_tls_get_bytes_avail(esp_tls_t *tls) return _esp_tls_get_bytes_avail(tls); } +void *esp_tls_get_ssl_context(esp_tls_t *tls) +{ + return _esp_tls_get_ssl_context(tls); +} + esp_err_t esp_tls_get_conn_sockfd(esp_tls_t *tls, int *sockfd) { if (!tls || !sockfd) { @@ -644,7 +651,7 @@ esp_err_t esp_tls_get_and_clear_last_error(esp_tls_error_handle_t h, int *esp_tl esp_err_t esp_tls_get_error_handle(esp_tls_t *tls, esp_tls_error_handle_t *error_handle) { - if (tls == NULL) { + if (!tls || !error_handle) { return ESP_ERR_INVALID_ARG; } diff --git a/components/esp-tls/esp_tls.h b/components/esp-tls/esp_tls.h index 100ef7d7fd..f00490090b 100644 --- a/components/esp-tls/esp_tls.h +++ b/components/esp-tls/esp_tls.h @@ -473,6 +473,17 @@ ssize_t esp_tls_get_bytes_avail(esp_tls_t *tls); */ esp_err_t esp_tls_get_conn_sockfd(esp_tls_t *tls, int *sockfd); +/** + * @brief Returns the ssl context + * + * @param[in] tls handle to esp_tls context + * + * + * @return - ssl_ctx pointer to ssl context of underlying TLS layer on success + * - NULL in case of error + */ +void *esp_tls_get_ssl_context(esp_tls_t *tls); + /** * @brief Create a global CA store, initially empty. * @@ -554,7 +565,7 @@ esp_err_t esp_tls_get_and_clear_error_type(esp_tls_error_handle_t h, esp_tls_err * @return * - ESP_OK on success and error_handle will be updated with the ESP-TLS error handle. * - * - ESP_ERR_INVALID_ARG if (tls == NULL) + * - ESP_ERR_INVALID_ARG if (tls == NULL || error_handle == NULL) */ esp_err_t esp_tls_get_error_handle(esp_tls_t *tls, esp_tls_error_handle_t *error_handle); diff --git a/components/esp-tls/esp_tls_mbedtls.c b/components/esp-tls/esp_tls_mbedtls.c index 7dccec4960..c870f85f25 100644 --- a/components/esp-tls/esp_tls_mbedtls.c +++ b/components/esp-tls/esp_tls_mbedtls.c @@ -18,6 +18,7 @@ #include "esp_tls_error_capture_internal.h" #include #include "esp_log.h" +#include "esp_check.h" #ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE #include "esp_crt_bundle.h" @@ -140,6 +141,15 @@ exit: } +void *esp_mbedtls_get_ssl_context(esp_tls_t *tls) +{ + if (tls == NULL) { + ESP_LOGE(TAG, "Invalid arguments"); + return NULL; + } + return (void*)&tls->ssl; +} + #ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS esp_tls_client_session_t *esp_mbedtls_get_client_session(esp_tls_t *tls) { diff --git a/components/esp-tls/esp_tls_wolfssl.c b/components/esp-tls/esp_tls_wolfssl.c index 6114c6e100..d4ce3c577f 100644 --- a/components/esp-tls/esp_tls_wolfssl.c +++ b/components/esp-tls/esp_tls_wolfssl.c @@ -115,6 +115,15 @@ static esp_err_t esp_load_wolfssl_verify_buffer(esp_tls_t *tls, const unsigned c } } +void *esp_wolfssl_get_ssl_context(esp_tls_t *tls) +{ + if (tls == NULL) { + ESP_LOGE(TAG, "Invalid arguments"); + return NULL; + } + return (void*)tls->priv_ssl; +} + esp_err_t esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls) { #ifdef CONFIG_ESP_DEBUG_WOLFSSL diff --git a/components/esp-tls/private_include/esp_tls_mbedtls.h b/components/esp-tls/private_include/esp_tls_mbedtls.h index cb64083186..da94f4b2a5 100644 --- a/components/esp-tls/private_include/esp_tls_mbedtls.h +++ b/components/esp-tls/private_include/esp_tls_mbedtls.h @@ -56,6 +56,11 @@ static inline void esp_mbedtls_net_init(esp_tls_t *tls) mbedtls_net_init(&tls->server_fd); } +/** + * Return ssl context for mbedTLS stack + */ +void *esp_mbedtls_get_ssl_context(esp_tls_t *tls); + #ifdef CONFIG_ESP_TLS_SERVER /** * Internal Callback for set_server_config diff --git a/components/esp-tls/private_include/esp_tls_wolfssl.h b/components/esp-tls/private_include/esp_tls_wolfssl.h index b9f5de3b13..32c9a42917 100644 --- a/components/esp-tls/private_include/esp_tls_wolfssl.h +++ b/components/esp-tls/private_include/esp_tls_wolfssl.h @@ -64,6 +64,11 @@ void esp_wolfssl_free_global_ca_store(void); */ esp_err_t esp_wolfssl_init_global_ca_store(void); +/** + * Return ssl context for wolfSSL stack + */ +void *esp_wolfssl_get_ssl_context(esp_tls_t *tls); + /** * wolfSSL function for Initializing socket wrappers (no-operation for wolfSSL) */ diff --git a/examples/protocols/https_server/simple/main/main.c b/examples/protocols/https_server/simple/main/main.c index c578cb8e04..3cbe5dcd20 100644 --- a/examples/protocols/https_server/simple/main/main.c +++ b/examples/protocols/https_server/simple/main/main.c @@ -36,7 +36,7 @@ static esp_err_t root_get_handler(httpd_req_t *req) } #if CONFIG_EXAMPLE_ENABLE_HTTPS_USER_CALLBACK - +#ifdef CONFIG_ESP_TLS_USING_MBEDTLS static void print_peer_cert_info(const mbedtls_ssl_context *ssl) { const mbedtls_x509_crt *cert; @@ -58,7 +58,7 @@ static void print_peer_cert_info(const mbedtls_ssl_context *ssl) free(buf); } - +#endif /** * Example callback function to get the certificate of connected clients, * whenever a new SSL connection is created and closed @@ -75,22 +75,44 @@ static void print_peer_cert_info(const mbedtls_ssl_context *ssl) static void https_server_user_callback(esp_https_server_user_cb_arg_t *user_cb) { ESP_LOGI(TAG, "User callback invoked!"); - +#ifdef CONFIG_ESP_TLS_USING_MBEDTLS + mbedtls_ssl_context *ssl_ctx = NULL; +#endif switch(user_cb->user_cb_state) { case HTTPD_SSL_USER_CB_SESS_CREATE: ESP_LOGD(TAG, "At session creation"); // Logging the socket FD - ESP_LOGI(TAG, "Socket FD: %d", user_cb->tls->sockfd); - + int sockfd = -1; + esp_err_t esp_ret; + esp_ret = esp_tls_get_conn_sockfd(user_cb->tls, &sockfd); + if (esp_ret != ESP_OK) { + ESP_LOGE(TAG, "Error in obtaining the sockfd from tls context"); + break; + } + ESP_LOGI(TAG, "Socket FD: %d", sockfd); +#ifdef CONFIG_ESP_TLS_USING_MBEDTLS + ssl_ctx = (mbedtls_ssl_context *) esp_tls_get_ssl_context(user_cb->tls); + if (ssl_ctx == NULL) { + ESP_LOGE(TAG, "Error in obtaining ssl context"); + break; + } // Logging the current ciphersuite - ESP_LOGI(TAG, "Current Ciphersuite: %s", mbedtls_ssl_get_ciphersuite(&user_cb->tls->ssl)); + ESP_LOGI(TAG, "Current Ciphersuite: %s", mbedtls_ssl_get_ciphersuite(ssl_ctx)); +#endif break; + case HTTPD_SSL_USER_CB_SESS_CLOSE: ESP_LOGD(TAG, "At session close"); - +#ifdef CONFIG_ESP_TLS_USING_MBEDTLS // Logging the peer certificate - print_peer_cert_info(&user_cb->tls->ssl); + ssl_ctx = (mbedtls_ssl_context *) esp_tls_get_ssl_context(user_cb->tls); + if (ssl_ctx == NULL) { + ESP_LOGE(TAG, "Error in obtaining ssl context"); + break; + } + print_peer_cert_info(ssl_ctx); +#endif break; default: ESP_LOGE(TAG, "Illegal state!");