blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-10 01:29:21 -04:00
Code Issues Projects Releases Wiki Activity

Added support for client session tickets in esp-tls (with mbedtls)

Browse Source 
* client session tickets for individual tls connections are supported
* reorganize the esp-tls error codes.
* Update esp_err_to_name.c
* Fix styling
This commit is contained in:
Aditya Patwardhan 2021-07-23 17:00:32 +05:30
parent 7e886ca9ed
commit b4e4b9f20d
7 changed files with 235 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
components/esp-tls/Kconfig
View File

@ -41,8 +41,15 @@ menu "ESP-TLS"
Enable support for creating server side SSL/TLS session, available for mbedTLS
as well as wolfSSL TLS library.
config ESP_TLS_CLIENT_SESSION_TICKETS
bool "Enable client session tickets"
depends on ESP_TLS_USING_MBEDTLS && MBEDTLS_CLIENT_SSL_SESSION_TICKETS
default n
help
Enable session ticket support as specified in RFC5077.
config ESP_TLS_SERVER_SESSION_TICKETS
bool "Enable session tickets"
bool "Enable server session tickets"
depends on ESP_TLS_SERVER && ESP_TLS_USING_MBEDTLS && MBEDTLS_SERVER_SSL_SESSION_TICKETS
default n
help

29
components/esp-tls/esp_tls.c
View File

@ -38,11 +38,12 @@ static const char *TAG = "esp-tls";
#define _esp_tls_write esp_mbedtls_write
#define _esp_tls_conn_delete esp_mbedtls_conn_delete
#define _esp_tls_net_init esp_mbedtls_net_init
#define _esp_tls_get_client_session esp_mbedtls_get_client_session
#ifdef CONFIG_ESP_TLS_SERVER
#define _esp_tls_server_session_create esp_mbedtls_server_session_create
#define _esp_tls_server_session_delete esp_mbedtls_server_session_delete
#define _esp_tls_session_ticket_ctx_init esp_mbedtls_session_ticket_ctx_init
#define _esp_tls_session_ticket_ctx_free esp_mbedtls_session_ticket_ctx_free
#define _esp_tls_server_session_ticket_ctx_init esp_mbedtls_server_session_ticket_ctx_init
#define _esp_tls_server_session_ticket_ctx_free esp_mbedtls_server_session_ticket_ctx_free
#endif /* CONFIG_ESP_TLS_SERVER */
#define _esp_tls_get_bytes_avail esp_mbedtls_get_bytes_avail
#define _esp_tls_init_global_ca_store esp_mbedtls_init_global_ca_store
@ -570,19 +571,31 @@ mbedtls_x509_crt *esp_tls_get_global_ca_store(void)
}
#endif /* CONFIG_ESP_TLS_USING_MBEDTLS */
#ifdef CONFIG_ESP_TLS_SERVER
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
esp_tls_client_session_t *esp_tls_get_client_session(esp_tls_t *tls)
{
return _esp_tls_get_client_session(tls);
}
#endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
#ifdef CONFIG_ESP_TLS_SERVER
esp_err_t esp_tls_cfg_server_session_tickets_init(esp_tls_cfg_server_t *cfg)
{
#if defined(CONFIG_ESP_TLS_USING_MBEDTLS) && defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
#if defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
if (!cfg || cfg->ticket_ctx) {
return ESP_ERR_INVALID_ARG;
}
cfg->ticket_ctx = calloc(1, sizeof(esp_tls_session_ticket_ctx_t));
cfg->ticket_ctx = calloc(1, sizeof(esp_tls_server_session_ticket_ctx_t));
if (!cfg->ticket_ctx) {
return ESP_ERR_NO_MEM;
}
return _esp_tls_session_ticket_ctx_init(cfg->ticket_ctx);
esp_err_t ret = _esp_tls_server_session_ticket_ctx_init(cfg->ticket_ctx);
if (ret != ESP_OK) {
free(cfg->ticket_ctx);
}
return ret;
#else
return ESP_ERR_NOT_SUPPORTED;
#endif
@ -590,9 +603,9 @@ esp_err_t esp_tls_cfg_server_session_tickets_init(esp_tls_cfg_server_t *cfg)
void esp_tls_cfg_server_session_tickets_free(esp_tls_cfg_server_t *cfg)
{
#if defined(CONFIG_ESP_TLS_USING_MBEDTLS) && defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
#if defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
if (cfg && cfg->ticket_ctx) {
_esp_tls_session_ticket_ctx_free(cfg->ticket_ctx);
_esp_tls_server_session_ticket_ctx_free(cfg->ticket_ctx);
}
#endif
}

39
components/esp-tls/esp_tls.h
View File

@ -57,6 +57,15 @@ typedef struct psk_key_hint {
const char* hint; /*!< hint in PSK authentication mode in string format */
} psk_hint_key_t;
/**
* @brief esp-tls client session ticket ctx
*/
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
typedef struct esp_tls_client_session {
mbedtls_ssl_session saved_session;
} esp_tls_client_session_t;
#endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
/**
* @brief Keep alive parameters structure
*/
@ -171,21 +180,25 @@ typedef struct esp_tls_cfg {
directly with esp_tls_plain_tcp_connect() API */
struct ifreq *if_name; /*!< The name of interface for data to go through. Use the default interface without setting */
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
esp_tls_client_session_t *client_session; /*! Pointer for the client session ticket context. */
#endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
} esp_tls_cfg_t;
#ifdef CONFIG_ESP_TLS_SERVER
#if defined(CONFIG_ESP_TLS_USING_MBEDTLS) && defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
#if defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
/**
* @brief Data structures necessary to support TLS session tickets according to RFC5077
*/
typedef struct esp_tls_session_ticket_ctx {
typedef struct esp_tls_server_session_ticket_ctx {
mbedtls_entropy_context entropy; /*!< mbedTLS entropy context structure */
mbedtls_ctr_drbg_context ctr_drbg; /*!< mbedTLS ctr drbg context structure.
CTR_DRBG is deterministic random
bit generation based on AES-256 */
mbedtls_ssl_ticket_context ticket_ctx; /*!< Session ticket generation context */
} esp_tls_session_ticket_ctx_t;
} esp_tls_server_session_ticket_ctx_t;
#endif
typedef struct esp_tls_cfg_server {
@ -239,8 +252,8 @@ typedef struct esp_tls_cfg_server {
unsigned int serverkey_password_len; /*!< String length of the password pointed to by
serverkey_password */
#if defined(CONFIG_ESP_TLS_USING_MBEDTLS) && defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
esp_tls_session_ticket_ctx_t * ticket_ctx; /*!< Session ticket generation context.
#if defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
esp_tls_server_session_ticket_ctx_t * ticket_ctx; /*!< Session ticket generation context.
You have to call esp_tls_cfg_server_session_tickets_init
to use it.
Call esp_tls_cfg_server_session_tickets_free
@ -268,6 +281,8 @@ esp_err_t esp_tls_cfg_server_session_tickets_init(esp_tls_cfg_server_t *cfg);
/**
* @brief Free the server side TLS session ticket context
*
* @param cfg server configuration as esp_tls_cfg_server_t
*/
void esp_tls_cfg_server_session_tickets_free(esp_tls_cfg_server_t *cfg);
#endif /* ! CONFIG_ESP_TLS_SERVER */
@ -656,6 +671,20 @@ void esp_tls_server_session_delete(esp_tls_t *tls);
*/
esp_err_t esp_tls_plain_tcp_connect(const char *host, int hostlen, int port, const esp_tls_cfg_t *cfg, esp_tls_error_handle_t error_handle, int *sockfd);
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
/**
* @brief Obtain the client session ticket
*
* This function should be called when the TLS connection is already established.
* This can be passed again in the esp_tls_cfg_t structure, to appropriate tls session create (e.g. esp_tls_conn_http_new) API for session resumption.
*
* @param[in] esp_tls context as esp_tls_t
* @return
* Pointer to the saved client session.
* NULL on Failure
*/
esp_tls_client_session_t *esp_tls_get_client_session(esp_tls_t *tls);
#endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
#ifdef __cplusplus
}
#endif

54
components/esp-tls/esp_tls_errors.h
View File

@ -14,36 +14,42 @@ extern "C" {
#endif
#define ESP_ERR_ESP_TLS_BASE 0x8000 /*!< Starting number of ESP-TLS error codes */
/* generic esp-tls error codes */
#define ESP_ERR_ESP_TLS_CANNOT_RESOLVE_HOSTNAME (ESP_ERR_ESP_TLS_BASE + 0x01) /*!< Error if hostname couldn't be resolved upon tls connection */
#define ESP_ERR_ESP_TLS_CANNOT_CREATE_SOCKET (ESP_ERR_ESP_TLS_BASE + 0x02) /*!< Failed to create socket */
#define ESP_ERR_ESP_TLS_UNSUPPORTED_PROTOCOL_FAMILY (ESP_ERR_ESP_TLS_BASE + 0x03) /*!< Unsupported protocol family */
#define ESP_ERR_ESP_TLS_FAILED_CONNECT_TO_HOST (ESP_ERR_ESP_TLS_BASE + 0x04) /*!< Failed to connect to host */
#define ESP_ERR_ESP_TLS_SOCKET_SETOPT_FAILED (ESP_ERR_ESP_TLS_BASE + 0x05) /*!< failed to set/get socket option */
#define ESP_ERR_MBEDTLS_CERT_PARTLY_OK (ESP_ERR_ESP_TLS_BASE + 0x06) /*!< mbedtls parse certificates was partly successful */
#define ESP_ERR_MBEDTLS_CTR_DRBG_SEED_FAILED (ESP_ERR_ESP_TLS_BASE + 0x07) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_SET_HOSTNAME_FAILED (ESP_ERR_ESP_TLS_BASE + 0x08) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_CONFIG_DEFAULTS_FAILED (ESP_ERR_ESP_TLS_BASE + 0x09) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_CONF_ALPN_PROTOCOLS_FAILED (ESP_ERR_ESP_TLS_BASE + 0x0A) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x0B) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_CONF_OWN_CERT_FAILED (ESP_ERR_ESP_TLS_BASE + 0x0C) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x0D) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_WRITE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x0E) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_PK_PARSE_KEY_FAILED (ESP_ERR_ESP_TLS_BASE + 0x0F) /*!< mbedtls api returned failed */
#define ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x10) /*!< mbedtls api returned failed */
#define ESP_ERR_MBEDTLS_SSL_CONF_PSK_FAILED (ESP_ERR_ESP_TLS_BASE + 0x11) /*!< mbedtls api returned failed */
#define ESP_ERR_MBEDTLS_SSL_SESSION_TICKET_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x12) /*!< mbedtls api returned failed */
#define ESP_ERR_ESP_TLS_CONNECTION_TIMEOUT (ESP_ERR_ESP_TLS_BASE + 0x13) /*!< new connection in esp_tls_low_level_conn connection timeouted */
#define ESP_ERR_WOLFSSL_SSL_SET_HOSTNAME_FAILED (ESP_ERR_ESP_TLS_BASE + 0x14) /*!< wolfSSL api returned error */
#define ESP_ERR_WOLFSSL_SSL_CONF_ALPN_PROTOCOLS_FAILED (ESP_ERR_ESP_TLS_BASE + 0x15) /*!< wolfSSL api returned error */
#define ESP_ERR_WOLFSSL_CERT_VERIFY_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x16) /*!< wolfSSL api returned error */
#define ESP_ERR_WOLFSSL_KEY_VERIFY_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x17) /*!< wolfSSL api returned error */
#define ESP_ERR_WOLFSSL_SSL_HANDSHAKE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x18) /*!< wolfSSL api returned failed */
#define ESP_ERR_WOLFSSL_CTX_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x19) /*!< wolfSSL api returned failed */
#define ESP_ERR_WOLFSSL_SSL_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x1A) /*!< wolfSSL api returned failed */
#define ESP_ERR_WOLFSSL_SSL_WRITE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x1B) /*!< wolfSSL api returned failed */
#define ESP_ERR_ESP_TLS_CONNECTION_TIMEOUT (ESP_ERR_ESP_TLS_BASE + 0x06) /*!< new connection in esp_tls_low_level_conn connection timeouted */
#define ESP_ERR_ESP_TLS_SE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x07) /*< esp-tls use Secure Element returned failed */
#define ESP_ERR_ESP_TLS_TCP_CLOSED_FIN (ESP_ERR_ESP_TLS_BASE + 0x08) /*< esp-tls's TPC transport connection has benn closed (in a clean way) */
/* mbedtls specific error codes */
#define ESP_ERR_MBEDTLS_CERT_PARTLY_OK (ESP_ERR_ESP_TLS_BASE + 0x10) /*!< mbedtls parse certificates was partly successful */
#define ESP_ERR_MBEDTLS_CTR_DRBG_SEED_FAILED (ESP_ERR_ESP_TLS_BASE + 0x11) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_SET_HOSTNAME_FAILED (ESP_ERR_ESP_TLS_BASE + 0x12) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_CONFIG_DEFAULTS_FAILED (ESP_ERR_ESP_TLS_BASE + 0x13) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_CONF_ALPN_PROTOCOLS_FAILED (ESP_ERR_ESP_TLS_BASE + 0x14) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x15) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_CONF_OWN_CERT_FAILED (ESP_ERR_ESP_TLS_BASE + 0x16) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x17) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_SSL_WRITE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x18) /*!< mbedtls api returned error */
#define ESP_ERR_MBEDTLS_PK_PARSE_KEY_FAILED (ESP_ERR_ESP_TLS_BASE + 0x19) /*!< mbedtls api returned failed */
#define ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x1A) /*!< mbedtls api returned failed */
#define ESP_ERR_MBEDTLS_SSL_CONF_PSK_FAILED (ESP_ERR_ESP_TLS_BASE + 0x1B) /*!< mbedtls api returned failed */
#define ESP_ERR_MBEDTLS_SSL_TICKET_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x1C) /*!< mbedtls api returned failed */
/* wolfssl specific error codes */
#define ESP_ERR_WOLFSSL_SSL_SET_HOSTNAME_FAILED (ESP_ERR_ESP_TLS_BASE + 0x31) /*!< wolfSSL api returned error */
#define ESP_ERR_WOLFSSL_SSL_CONF_ALPN_PROTOCOLS_FAILED (ESP_ERR_ESP_TLS_BASE + 0x32) /*!< wolfSSL api returned error */
#define ESP_ERR_WOLFSSL_CERT_VERIFY_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x33) /*!< wolfSSL api returned error */
#define ESP_ERR_WOLFSSL_KEY_VERIFY_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x34) /*!< wolfSSL api returned error */
#define ESP_ERR_WOLFSSL_SSL_HANDSHAKE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x35) /*!< wolfSSL api returned failed */
#define ESP_ERR_WOLFSSL_CTX_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x36) /*!< wolfSSL api returned failed */
#define ESP_ERR_WOLFSSL_SSL_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x37) /*!< wolfSSL api returned failed */
#define ESP_ERR_WOLFSSL_SSL_WRITE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x38) /*!< wolfSSL api returned failed */
#define ESP_ERR_ESP_TLS_SE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x1C) /*< esp-tls use Secure Element returned failed */
#define ESP_ERR_ESP_TLS_TCP_CLOSED_FIN (ESP_ERR_ESP_TLS_BASE + 0x1D) /*< esp-tls's TPC transport connection has benn closed (in a clean way) */
/**
* Definition of errors reported from IO API (potentially non-blocking) in case of error:

83
components/esp-tls/esp_tls_mbedtls.c
View File

@ -44,7 +44,6 @@ static esp_err_t esp_mbedtls_init_pk_ctx_for_ds(const void *pki);
static const char *TAG = "esp-tls-mbedtls";
static mbedtls_x509_crt *global_cacert = NULL;
/* This function shall return the error message when appropriate log level has been set, otherwise this function shall do nothing */
static void mbedtls_print_error_msg(int error)
{
@ -132,12 +131,48 @@ exit:
}
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
esp_tls_client_session_t *esp_mbedtls_get_client_session(esp_tls_t *tls)
{
if (tls == NULL) {
ESP_LOGE(TAG, "esp_tls session context cannot be NULL");
return NULL;
}
esp_tls_client_session_t *client_session = (esp_tls_client_session_t*)calloc(1, sizeof(esp_tls_client_session_t));
if (client_session == NULL) {
ESP_LOGE(TAG, "Failed to allocate memory for client session ctx");
return NULL;
}
int ret = mbedtls_ssl_get_session(&tls->ssl, &(client_session->saved_session));
if (ret != 0) {
ESP_LOGE(TAG, "Error in obtaining the client ssl session");
mbedtls_print_error_msg(ret);
free(client_session);
return NULL;
}
return client_session;
}
#endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
int esp_mbedtls_handshake(esp_tls_t *tls, const esp_tls_cfg_t *cfg)
{
int ret;
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
if (cfg->client_session != NULL) {
ESP_LOGD(TAG, "Reusing the already saved client session context");
if ((ret = mbedtls_ssl_set_session(&tls->ssl, &(cfg->client_session->saved_session))) != 0 ) {
ESP_LOGE(TAG, " mbedtls_ssl_conf_session returned -0x%04X", -ret);
return -1;
}
}
#endif
ret = mbedtls_ssl_handshake(&tls->ssl);
if (ret == 0) {
tls->conn_state = ESP_TLS_DONE;
#ifdef CONFIG_ESP_TLS_USE_DS_PERIPHERAL
esp_ds_release_ds_lock();
#endif
@ -370,7 +405,7 @@ static esp_err_t set_global_ca_store(esp_tls_t *tls)
#ifdef CONFIG_ESP_TLS_SERVER
#ifdef CONFIG_ESP_TLS_SERVER_SESSION_TICKETS
int esp_mbedtls_session_ticket_write(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime)
int esp_mbedtls_server_session_ticket_write(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime)
{
int ret = mbedtls_ssl_ticket_write(p_ticket, session, start, end, tlen, lifetime);
#ifndef NDEBUG
@ -382,7 +417,7 @@ int esp_mbedtls_session_ticket_write(void *p_ticket, const mbedtls_ssl_session *
return ret;
}
int esp_mbedtls_session_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len)
int esp_mbedtls_server_session_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len)
{
int ret = mbedtls_ssl_ticket_parse(p_ticket, session, buf, len);
#ifndef NDEBUG
@ -394,7 +429,7 @@ int esp_mbedtls_session_ticket_parse(void *p_ticket, mbedtls_ssl_session *sessio
return ret;
}
esp_err_t esp_mbedtls_session_ticket_ctx_init(esp_tls_session_ticket_ctx_t *ctx)
esp_err_t esp_mbedtls_server_session_ticket_ctx_init(esp_tls_server_session_ticket_ctx_t *ctx)
{
if (!ctx) {
return ESP_ERR_INVALID_ARG;
@ -403,26 +438,31 @@ esp_err_t esp_mbedtls_session_ticket_ctx_init(esp_tls_session_ticket_ctx_t *ctx)
mbedtls_entropy_init(&ctx->entropy);
mbedtls_ssl_ticket_init(&ctx->ticket_ctx);
int ret;
esp_err_t esp_ret;
if ((ret = mbedtls_ctr_drbg_seed(&ctx->ctr_drbg,
mbedtls_entropy_func, &ctx->entropy, NULL, 0)) != 0) {
mbedtls_entropy_func, &ctx->entropy, NULL, 0)) != 0) {
ESP_LOGE(TAG, "mbedtls_ctr_drbg_seed returned -0x%04X", -ret);
mbedtls_print_error_msg(ret);
return ESP_ERR_MBEDTLS_CTR_DRBG_SEED_FAILED;
esp_ret = ESP_ERR_MBEDTLS_CTR_DRBG_SEED_FAILED;
goto exit;
}
if( ( ret = mbedtls_ssl_ticket_setup( &ctx->ticket_ctx,
if((ret = mbedtls_ssl_ticket_setup(&ctx->ticket_ctx,
mbedtls_ctr_drbg_random, &ctx->ctr_drbg,
MBEDTLS_CIPHER_AES_256_GCM,
CONFIG_ESP_TLS_SERVER_SESSION_TICKET_TIMEOUT ) ) != 0 )
{
ESP_LOGE(TAG, "mbedtls_ssl_ticket_setup returned -0x%04X", -ret);
mbedtls_print_error_msg(ret);
return ESP_ERR_MBEDTLS_SSL_SESSION_TICKET_SETUP_FAILED;
}
CONFIG_ESP_TLS_SERVER_SESSION_TICKET_TIMEOUT)) != 0) {
ESP_LOGE(TAG, "mbedtls_ssl_ticket_setup returned -0x%04X", -ret);
mbedtls_print_error_msg(ret);
esp_ret = ESP_ERR_MBEDTLS_SSL_TICKET_SETUP_FAILED;
goto exit;
}
return ESP_OK;
exit:
esp_mbedtls_server_session_ticket_ctx_free(ctx);
return esp_ret;
}
void esp_mbedtls_session_ticket_ctx_free(esp_tls_session_ticket_ctx_t *ctx)
void esp_mbedtls_server_session_ticket_ctx_free(esp_tls_server_session_ticket_ctx_t *ctx)
{
if (ctx) {
mbedtls_ssl_ticket_free(&ctx->ticket_ctx);
@ -489,8 +529,8 @@ esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
ESP_LOGD(TAG, "Enabling server-side tls session ticket support");
mbedtls_ssl_conf_session_tickets_cb( &tls->conf,
esp_mbedtls_session_ticket_write,
esp_mbedtls_session_ticket_parse,
esp_mbedtls_server_session_ticket_write,
esp_mbedtls_server_session_ticket_parse,
&cfg->ticket_ctx->ticket_ctx );
}
#endif
@ -554,6 +594,13 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
#endif
}
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
ESP_LOGD(TAG, "Enabling client-side tls session ticket support");
mbedtls_ssl_conf_session_tickets(&tls->conf, MBEDTLS_SSL_SESSION_TICKETS_ENABLED);
mbedtls_ssl_conf_renegotiation(&tls->conf, MBEDTLS_SSL_RENEGOTIATION_ENABLED);
#endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
if (cfg->crt_bundle_attach != NULL) {
#ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
ESP_LOGD(TAG, "Use certificate bundle");
@ -590,6 +637,10 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
#else
ESP_LOGE(TAG, "psk_hint_key configured but not enabled in menuconfig: Please enable ESP_TLS_PSK_VERIFICATION option");
return ESP_ERR_INVALID_STATE;
#endif
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
} else if (cfg->client_session != NULL) {
ESP_LOGD(TAG, "Resuing the saved client session");
#endif
} else {
#ifdef CONFIG_ESP_TLS_SKIP_SERVER_CERT_VERIFY

11
components/esp-tls/private_include/esp_tls_mbedtls.h
View File

@ -83,14 +83,14 @@ void esp_mbedtls_server_session_delete(esp_tls_t *tls);
*
* /note :- The function can only be used with mbedtls ssl library
*/
esp_err_t esp_mbedtls_session_ticket_ctx_init(esp_tls_session_ticket_ctx_t *cfg);
esp_err_t esp_mbedtls_server_session_ticket_ctx_init(esp_tls_server_session_ticket_ctx_t *cfg);
/**
* Internal function to free server side session ticket context
*
* /note :- The function can only be used with mbedtls ssl library
*/
void esp_mbedtls_session_ticket_ctx_free(esp_tls_session_ticket_ctx_t *cfg);
void esp_mbedtls_server_session_ticket_ctx_free(esp_tls_server_session_ticket_ctx_t *cfg);
#endif
#endif
@ -99,6 +99,13 @@ void esp_mbedtls_session_ticket_ctx_free(esp_tls_session_ticket_ctx_t *cfg);
*/
esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t *cfg, esp_tls_t *tls);
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
/**
* Internal Callback for mbedtls_get_client_session
*/
esp_tls_client_session_t *esp_mbedtls_get_client_session(esp_tls_t *tls);
#endif
/**
* Internal Callback for mbedtls_init_global_ca_store
*/

129
components/esp_common/src/esp_err_to_name.c
View File

@ -620,75 +620,78 @@ static const esp_err_msg_t esp_err_msg_table[] = {
# ifdef ESP_ERR_ESP_TLS_SOCKET_SETOPT_FAILED
ERR_TBL_IT(ESP_ERR_ESP_TLS_SOCKET_SETOPT_FAILED), /* 32773 0x8005 failed to set/get socket option */
# endif
# ifdef ESP_ERR_MBEDTLS_CERT_PARTLY_OK
ERR_TBL_IT(ESP_ERR_MBEDTLS_CERT_PARTLY_OK), /* 32774 0x8006 mbedtls parse certificates was partly successful */
# endif
# ifdef ESP_ERR_MBEDTLS_CTR_DRBG_SEED_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_CTR_DRBG_SEED_FAILED), /* 32775 0x8007 mbedtls api returned error */
# endif
# ifdef ESP_ERR_MBEDTLS_SSL_SET_HOSTNAME_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_SET_HOSTNAME_FAILED), /* 32776 0x8008 mbedtls api returned error */
# endif
# ifdef ESP_ERR_MBEDTLS_SSL_CONFIG_DEFAULTS_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_CONFIG_DEFAULTS_FAILED), /* 32777 0x8009 mbedtls api returned error */
# endif
# ifdef ESP_ERR_MBEDTLS_SSL_CONF_ALPN_PROTOCOLS_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_CONF_ALPN_PROTOCOLS_FAILED), /* 32778 0x800a mbedtls api returned error */
# endif
# ifdef ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED), /* 32779 0x800b mbedtls api returned error */
# endif
# ifdef ESP_ERR_MBEDTLS_SSL_CONF_OWN_CERT_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_CONF_OWN_CERT_FAILED), /* 32780 0x800c mbedtls api returned error */
# endif
# ifdef ESP_ERR_MBEDTLS_SSL_SETUP_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_SETUP_FAILED), /* 32781 0x800d mbedtls api returned error */
# endif
# ifdef ESP_ERR_MBEDTLS_SSL_WRITE_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_WRITE_FAILED), /* 32782 0x800e mbedtls api returned error */
# endif
# ifdef ESP_ERR_MBEDTLS_PK_PARSE_KEY_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_PK_PARSE_KEY_FAILED), /* 32783 0x800f mbedtls api returned failed */
# endif
# ifdef ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED), /* 32784 0x8010 mbedtls api returned failed */
# endif
# ifdef ESP_ERR_MBEDTLS_SSL_CONF_PSK_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_CONF_PSK_FAILED), /* 32785 0x8011 mbedtls api returned failed */
# endif
# ifdef ESP_ERR_ESP_TLS_CONNECTION_TIMEOUT
ERR_TBL_IT(ESP_ERR_ESP_TLS_CONNECTION_TIMEOUT), /* 32786 0x8012 new connection in esp_tls_low_level_conn
ERR_TBL_IT(ESP_ERR_ESP_TLS_CONNECTION_TIMEOUT), /* 32774 0x8006 new connection in esp_tls_low_level_conn
connection timeouted */
# endif
# ifdef ESP_ERR_WOLFSSL_SSL_SET_HOSTNAME_FAILED
ERR_TBL_IT(ESP_ERR_WOLFSSL_SSL_SET_HOSTNAME_FAILED), /* 32787 0x8013 wolfSSL api returned error */
# endif
# ifdef ESP_ERR_WOLFSSL_SSL_CONF_ALPN_PROTOCOLS_FAILED
ERR_TBL_IT(ESP_ERR_WOLFSSL_SSL_CONF_ALPN_PROTOCOLS_FAILED), /* 32788 0x8014 wolfSSL api returned error */
# endif
# ifdef ESP_ERR_WOLFSSL_CERT_VERIFY_SETUP_FAILED
ERR_TBL_IT(ESP_ERR_WOLFSSL_CERT_VERIFY_SETUP_FAILED), /* 32789 0x8015 wolfSSL api returned error */
# endif
# ifdef ESP_ERR_WOLFSSL_KEY_VERIFY_SETUP_FAILED
ERR_TBL_IT(ESP_ERR_WOLFSSL_KEY_VERIFY_SETUP_FAILED), /* 32790 0x8016 wolfSSL api returned error */
# endif
# ifdef ESP_ERR_WOLFSSL_SSL_HANDSHAKE_FAILED
ERR_TBL_IT(ESP_ERR_WOLFSSL_SSL_HANDSHAKE_FAILED), /* 32791 0x8017 wolfSSL api returned failed */
# endif
# ifdef ESP_ERR_WOLFSSL_CTX_SETUP_FAILED
ERR_TBL_IT(ESP_ERR_WOLFSSL_CTX_SETUP_FAILED), /* 32792 0x8018 wolfSSL api returned failed */
# endif
# ifdef ESP_ERR_WOLFSSL_SSL_SETUP_FAILED
ERR_TBL_IT(ESP_ERR_WOLFSSL_SSL_SETUP_FAILED), /* 32793 0x8019 wolfSSL api returned failed */
# endif
# ifdef ESP_ERR_WOLFSSL_SSL_WRITE_FAILED
ERR_TBL_IT(ESP_ERR_WOLFSSL_SSL_WRITE_FAILED), /* 32794 0x801a wolfSSL api returned failed */
# endif
# ifdef ESP_ERR_ESP_TLS_SE_FAILED
ERR_TBL_IT(ESP_ERR_ESP_TLS_SE_FAILED), /* 32795 0x801b */
ERR_TBL_IT(ESP_ERR_ESP_TLS_SE_FAILED), /* 32775 0x8007 */
# endif
# ifdef ESP_ERR_ESP_TLS_TCP_CLOSED_FIN
ERR_TBL_IT(ESP_ERR_ESP_TLS_TCP_CLOSED_FIN), /* 32796 0x801c */
ERR_TBL_IT(ESP_ERR_ESP_TLS_TCP_CLOSED_FIN), /* 32776 0x8008 */
# endif
# ifdef ESP_ERR_MBEDTLS_CERT_PARTLY_OK
ERR_TBL_IT(ESP_ERR_MBEDTLS_CERT_PARTLY_OK), /* 32784 0x8010 mbedtls parse certificates was partly successful */
# endif
# ifdef ESP_ERR_MBEDTLS_CTR_DRBG_SEED_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_CTR_DRBG_SEED_FAILED), /* 32785 0x8011 mbedtls api returned error */
# endif
# ifdef ESP_ERR_MBEDTLS_SSL_SET_HOSTNAME_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_SET_HOSTNAME_FAILED), /* 32786 0x8012 mbedtls api returned error */
# endif
# ifdef ESP_ERR_MBEDTLS_SSL_CONFIG_DEFAULTS_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_CONFIG_DEFAULTS_FAILED), /* 32787 0x8013 mbedtls api returned error */
# endif
# ifdef ESP_ERR_MBEDTLS_SSL_CONF_ALPN_PROTOCOLS_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_CONF_ALPN_PROTOCOLS_FAILED), /* 32788 0x8014 mbedtls api returned error */
# endif
# ifdef ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED), /* 32789 0x8015 mbedtls api returned error */
# endif
# ifdef ESP_ERR_MBEDTLS_SSL_CONF_OWN_CERT_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_CONF_OWN_CERT_FAILED), /* 32790 0x8016 mbedtls api returned error */
# endif
# ifdef ESP_ERR_MBEDTLS_SSL_SETUP_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_SETUP_FAILED), /* 32791 0x8017 mbedtls api returned error */
# endif
# ifdef ESP_ERR_MBEDTLS_SSL_WRITE_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_WRITE_FAILED), /* 32792 0x8018 mbedtls api returned error */
# endif
# ifdef ESP_ERR_MBEDTLS_PK_PARSE_KEY_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_PK_PARSE_KEY_FAILED), /* 32793 0x8019 mbedtls api returned failed */
# endif
# ifdef ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED), /* 32794 0x801a mbedtls api returned failed */
# endif
# ifdef ESP_ERR_MBEDTLS_SSL_CONF_PSK_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_CONF_PSK_FAILED), /* 32795 0x801b mbedtls api returned failed */
# endif
# ifdef ESP_ERR_MBEDTLS_SSL_TICKET_SETUP_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_TICKET_SETUP_FAILED), /* 32796 0x801c mbedtls api returned failed */
# endif
# ifdef ESP_ERR_WOLFSSL_SSL_SET_HOSTNAME_FAILED
ERR_TBL_IT(ESP_ERR_WOLFSSL_SSL_SET_HOSTNAME_FAILED), /* 32817 0x8031 wolfSSL api returned error */
# endif
# ifdef ESP_ERR_WOLFSSL_SSL_CONF_ALPN_PROTOCOLS_FAILED
ERR_TBL_IT(ESP_ERR_WOLFSSL_SSL_CONF_ALPN_PROTOCOLS_FAILED), /* 32818 0x8032 wolfSSL api returned error */
# endif
# ifdef ESP_ERR_WOLFSSL_CERT_VERIFY_SETUP_FAILED
ERR_TBL_IT(ESP_ERR_WOLFSSL_CERT_VERIFY_SETUP_FAILED), /* 32819 0x8033 wolfSSL api returned error */
# endif
# ifdef ESP_ERR_WOLFSSL_KEY_VERIFY_SETUP_FAILED
ERR_TBL_IT(ESP_ERR_WOLFSSL_KEY_VERIFY_SETUP_FAILED), /* 32820 0x8034 wolfSSL api returned error */
# endif
# ifdef ESP_ERR_WOLFSSL_SSL_HANDSHAKE_FAILED
ERR_TBL_IT(ESP_ERR_WOLFSSL_SSL_HANDSHAKE_FAILED), /* 32821 0x8035 wolfSSL api returned failed */
# endif
# ifdef ESP_ERR_WOLFSSL_CTX_SETUP_FAILED
ERR_TBL_IT(ESP_ERR_WOLFSSL_CTX_SETUP_FAILED), /* 32822 0x8036 wolfSSL api returned failed */
# endif
# ifdef ESP_ERR_WOLFSSL_SSL_SETUP_FAILED
ERR_TBL_IT(ESP_ERR_WOLFSSL_SSL_SETUP_FAILED), /* 32823 0x8037 wolfSSL api returned failed */
# endif
# ifdef ESP_ERR_WOLFSSL_SSL_WRITE_FAILED
ERR_TBL_IT(ESP_ERR_WOLFSSL_SSL_WRITE_FAILED), /* 32824 0x8038 wolfSSL api returned failed */
# endif
// components/esp_https_ota/include/esp_https_ota.h
# ifdef ESP_ERR_HTTPS_OTA_BASE