From 823abfdfd56ce937a314fdaa0f69dcd7acdcf2e8 Mon Sep 17 00:00:00 2001 From: "suren.gabrielyan" Date: Thu, 11 Feb 2021 00:46:28 +0400 Subject: [PATCH] examples: Add esp-ssl example tests `server/client` Closes IDF-1156 --- .../protocols/openssl_client/CMakeLists.txt | 8 + examples/protocols/openssl_client/README.md | 68 ++++- .../protocols/openssl_client/example_test.py | 126 +++++++++ .../openssl_client/main/Kconfig.projbuild | 22 +- .../openssl_client/main/baidu_ca.crt | 26 ++ .../openssl_client/main/component.mk | 7 + .../main/openssl_client_example.h | 16 +- .../main/openssl_client_example_main.c | 244 ++++++++---------- .../protocols/openssl_client/sdkconfig.ci | 2 + .../openssl_client/server_certs/ca.crt | 20 ++ .../openssl_client/server_certs/ca.key | 27 ++ .../protocols/openssl_server/CMakeLists.txt | 3 + examples/protocols/openssl_server/README.md | 75 ++++-- .../protocols/openssl_server/example_test.py | 47 ++++ .../openssl_server/main/CMakeLists.txt | 3 +- .../openssl_server/main/Kconfig.projbuild | 10 + .../protocols/openssl_server/main/cacert.pem | 21 -- .../openssl_server/main/component.mk | 4 +- .../main/openssl_server_example.h | 2 +- .../main/openssl_server_example_main.c | 26 +- .../protocols/openssl_server/main/prvtkey.pem | 27 -- .../openssl_server/server_certs/ca.crt | 20 ++ .../openssl_server/server_certs/ca.key | 27 ++ tools/ci/mypy_ignore_list.txt | 2 + 24 files changed, 600 insertions(+), 233 deletions(-) create mode 100644 examples/protocols/openssl_client/example_test.py create mode 100644 examples/protocols/openssl_client/main/baidu_ca.crt create mode 100644 examples/protocols/openssl_client/sdkconfig.ci create mode 100644 examples/protocols/openssl_client/server_certs/ca.crt create mode 100644 examples/protocols/openssl_client/server_certs/ca.key create mode 100644 examples/protocols/openssl_server/example_test.py create mode 100644 examples/protocols/openssl_server/main/Kconfig.projbuild delete mode 100644 examples/protocols/openssl_server/main/cacert.pem delete mode 100644 examples/protocols/openssl_server/main/prvtkey.pem create mode 100644 examples/protocols/openssl_server/server_certs/ca.crt create mode 100644 examples/protocols/openssl_server/server_certs/ca.key diff --git a/examples/protocols/openssl_client/CMakeLists.txt b/examples/protocols/openssl_client/CMakeLists.txt index 577d4ae082..57c43fd628 100644 --- a/examples/protocols/openssl_client/CMakeLists.txt +++ b/examples/protocols/openssl_client/CMakeLists.txt @@ -8,3 +8,11 @@ set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_exam include($ENV{IDF_PATH}/tools/cmake/project.cmake) project(openssl_client) + +if(CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN) + # This ca.crt is used when connecting to local(python executed) server + target_add_binary_data(openssl_client.elf "server_certs/ca.crt" TEXT) +else() + # This ca.crt is used when connecting to www.baidu.com + target_add_binary_data(openssl_client.elf "main/baidu_ca.crt" TEXT) +endif() diff --git a/examples/protocols/openssl_client/README.md b/examples/protocols/openssl_client/README.md index 272060a60c..d393da4ae7 100644 --- a/examples/protocols/openssl_client/README.md +++ b/examples/protocols/openssl_client/README.md @@ -1,17 +1,67 @@ -# Openssl Example +# OpenSSL Client Example -The Example contains of OpenSSL client demo. +(See the README.md file in the upper level 'examples' directory for more information about examples.) -Open the project configuration menu (`idf.py menuconfig`): +This example shows how to set up esp openssl client and communicate over ssl transport layer. -* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../README.md) for more details. +## How to use example + +### Python scripts + +Script example_test.py could be used as a client part to the ESP-OPENSSL server demo, + +``` +python example_test.py +``` +Note that this script is used in automated tests, as well, so the IDF test framework packages need to be imported; +please add `$IDF_PATH/tools/ci/python_packages` to `PYTHONPATH`. + +### Hardware Required + +This example can be executed on any ESP32 board, the only required interface is WiFi and connection to internet. + +### Configure the project + +* Open the project configuration menu (`idf.py menuconfig`) +* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../../README.md) for more details. +* Configure the openssl client endpoint URI under "Example Configuration", if "OPENSSL_CLIENT_URI_FROM_STDIN" is selected then the example application will connect to the URI it reads from stdin (used for testing) * When using Make build system, set `Default serial port` under `Serial flasher config`. -* Configure target domain and port number under "Example Configuration" +* When using OPENSSL_CLIENT_URI_FROM_STRING configure target domain and port number under "Example Configuration" -If you want to test the OpenSSL client demo: - 1. compile the code and load the firmware - 2. open the UART TTY, then you can see it print the context of target domain +* Please note that verification mode is VERIFY_PEER by default, that's why during connection to public host('www.baidu.com') it's needed to use + appropriate certificates('baidu_ca.crt'), or it is needed to change verify mode to VERIFY_NONE. -See the README.md file in the upper level 'examples' directory for more information about examples. +### Build and Flash + +Build the project and flash it to the board, then run monitor tool to view serial output: + +``` +idf.py -p PORT flash monitor +``` + +(To exit the serial monitor, type ``Ctrl-]``.) + +See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects. + +## Example Output + +``` +I (2601) esp_netif_handlers: example_connect: sta ip: 192.168.1.191, mask: 255.255.255.0, gw: 192.168.1.1 +I (2601) example_connect: Got IPv4 event: Interface "example_connect: sta" address: 192.168.1.191 +I (3601) example_connect: Got IPv6 event: Interface "example_connect: sta" address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL +I (3601) example_connect: Connected to example_connect: sta +I (3611) example_connect: - IPv4 address: 192.168.1.191 +I (3611) example_connect: - IPv6 address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL +I (3631) openssl_example: Test started +I (3631) openssl_example: Trying connect to www.baidu.com port 443 ... +I (3641) openssl_example: DNS lookup succeeded. IP=103.235.46.39 +I (4101) openssl_example: OK +I (4101) openssl_example: Create SSL obj +I (4101) openssl_example: OK +I (4101) openssl_example: SSL verify mode = 0 connected to www.baidu.com port 443 ... +I (8091) openssl_example: OK +I (8091) openssl_example: SSL Connection Succeed + +``` diff --git a/examples/protocols/openssl_client/example_test.py b/examples/protocols/openssl_client/example_test.py new file mode 100644 index 0000000000..96083a0f5c --- /dev/null +++ b/examples/protocols/openssl_client/example_test.py @@ -0,0 +1,126 @@ +from __future__ import print_function, unicode_literals + +import os +import re +import socket +import ssl +from threading import Event, Thread + +import ttfw_idf + +SERVER_CERTS_DIR = 'server_certs/' + + +def _path(f): + return os.path.join(os.path.dirname(os.path.realpath(__file__)),f) + + +def get_my_ip(): + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + try: + # doesn't even have to be reachable + s.connect(('10.255.255.255', 1)) + IP = s.getsockname()[0] + except socket.error: + IP = '127.0.0.1' + finally: + s.close() + return IP + + +# Simple TLS server +class TlsServer: + + def __init__(self, port, negotiated_protocol=ssl.PROTOCOL_TLSv1): + self.port = port + self.socket = socket.socket() + self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + self.socket.settimeout(20.0) + self.shutdown = Event() + self.negotiated_protocol = negotiated_protocol + self.conn = None + self.ssl_error = None + self.server_thread = None + + def __enter__(self): + try: + self.socket.bind(('', self.port)) + except socket.error as e: + print('Bind failed:{}'.format(e)) + raise + + self.socket.listen(1) + self.server_thread = Thread(target=self.run_server) + self.server_thread.start() + + return self + + def __exit__(self, exc_type, exc_value, traceback): + self.shutdown.set() + self.server_thread.join() + self.socket.close() + if (self.conn is not None): + self.conn.close() + + def run_server(self): + ctx = ssl.SSLContext(self.negotiated_protocol) + ctx.load_cert_chain(certfile=_path(SERVER_CERTS_DIR + 'ca.crt'), keyfile=_path(SERVER_CERTS_DIR + 'ca.key')) + self.socket = ctx.wrap_socket(self.socket, server_side=True) + try: + print('Listening socket') + self.conn, address = self.socket.accept() # accept new connection + self.socket.settimeout(20.0) + print(' - connection from: {}'.format(address)) + except ssl.SSLError as e: + self.conn = None + self.ssl_error = str(e) + print(' - SSLError: {}'.format(str(e))) + + +def test_echo(dut): + dut.expect('SSL Connection Succeed') + print('SSL Connection Succeed') + + +@ttfw_idf.idf_example_test(env_tag='Example_WIFI') +def test_example_protocol_openssl_client(env, extra_data): + """ + steps: + 1. join AP + 2. connect to uri "xxxx.xxxx.xxxx.xxxx:port" + 3. send and receive data + """ + dut1 = env.get_dut('openssl_client', 'examples/protocols/openssl_client', dut_class=ttfw_idf.ESP32DUT) + # check and log bin size + binary_file = os.path.join(dut1.app.binary_path, 'openssl_client.bin') + binary_size = os.path.getsize(binary_file) + ttfw_idf.log_performance('openssl_client_bin_size', '{}KB'.format(binary_size // 1024)) + + try: + if 'CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN' in dut1.app.get_sdkconfig(): + uri_from_stdin = True + else: + uri = dut1.app.get_sdkconfig()['CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN'].strip('"') + uri_from_stdin = False + except Exception: + print('ENV_TEST_FAILURE: Cannot find target domain in sdkconfig') + raise + + # start test + dut1.start_app() + dut1.expect(re.compile(r' IPv4 address: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'), timeout=30) + ip = get_my_ip() + + if uri_from_stdin: + server_port = 2222 + with TlsServer(server_port, negotiated_protocol=ssl.PROTOCOL_TLSv1_1): + print('Starting test') + dut1.write('{} {}'.format(ip, server_port)) + dut1.expect(re.compile('SSL Connection Succeed'), timeout=10) + else: + print('DUT connecting to {}'.format(uri)) + test_echo(dut1) + + +if __name__ == '__main__': + test_example_protocol_openssl_client() diff --git a/examples/protocols/openssl_client/main/Kconfig.projbuild b/examples/protocols/openssl_client/main/Kconfig.projbuild index 64b5b37304..e84daf334f 100644 --- a/examples/protocols/openssl_client/main/Kconfig.projbuild +++ b/examples/protocols/openssl_client/main/Kconfig.projbuild @@ -1,15 +1,27 @@ menu "Example Configuration" - config TARGET_DOMAIN + choice EXAMPLE_OPENSSL_CLIENT_URI_SOURCE + prompt "SSL Client URI source" + default EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING + help + Selects the source of the URI used in the example. + + config EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING + bool "From string" + + config EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN + bool "From stdin" + endchoice + + config EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN string "Target Domain" default "www.baidu.com" help Target domain for the example to connect to. - config TARGET_PORT_NUMBER - int "Target port number" - range 0 65535 - default 443 + config EXAMPLE_OPENSSL_CLIENT_TARGET_PORT + string "Target port number" + default "443" help Target port number for the example to connect to. diff --git a/examples/protocols/openssl_client/main/baidu_ca.crt b/examples/protocols/openssl_client/main/baidu_ca.crt new file mode 100644 index 0000000000..c846c09b0b --- /dev/null +++ b/examples/protocols/openssl_client/main/baidu_ca.crt @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw +MDBaFw0yNDAyMjAxMDAwMDBaMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW +YWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDHDmw/I5N/zHClnSDDDlM/fsBOwphJykfVI+8DNIV0yKMCLkZc +C33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchj +SHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj +mxK1zusp36QUArkBpdSmnENkiN74fv7j9R7l/tyjqORmMdlMJekYuYlZCa7pnRxt +Nw9KHjUgKOKv1CGLAcRFrW4rY6uSa2EKTSDtc7p8zv4WtdufgPDWi2zZCHlKT3hl +2pK8vjX5s8T5J4BO/5ZS5gIg4Qdz6V0rvbLxAgMBAAGjggElMIIBITAOBgNVHQ8B +Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlt5h8b0cFilT +HMDMfTuDAEDmGnwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0 +dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCow +KKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYB +BQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNv +bS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZI +hvcNAQELBQADggEBAEYq7l69rgFgNzERhnF0tkZJyBAW/i9iIxerH4f4gu3K3w4s +32R1juUYcqeMOovJrKV3UPfvnqTgoI8UV6MqX+x+bRDmuo2wCId2Dkyy2VG7EQLy +XN0cvfNVlg/UBsD84iOKJHDTu/B5GqdhcIOKrwbFINihY9Bsrk8y1658GEV1BSl3 +30JAZGSGvip2CTFvHST0mdCF/vIhCPnG9vHQWe3WVjwIKANnuvD58ZAWR65n5ryA +SOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2G +K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg= +-----END CERTIFICATE----- diff --git a/examples/protocols/openssl_client/main/component.mk b/examples/protocols/openssl_client/main/component.mk index 44bd2b5273..d2f2860520 100644 --- a/examples/protocols/openssl_client/main/component.mk +++ b/examples/protocols/openssl_client/main/component.mk @@ -1,3 +1,10 @@ # # Main Makefile. This is basically the same as a component makefile. # + +ifdef CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN +COMPONENT_EMBED_TXTFILES := ${PROJECT_PATH}/server_certs/ca.crt +else +COMPONENT_EMBED_TXTFILES := ${PROJECT_PATH}/main/baidu_ca.crt +endif +COMPONENT_EMBED_TXTFILES += ${PROJECT_PATH}/server_certs/ca.key diff --git a/examples/protocols/openssl_client/main/openssl_client_example.h b/examples/protocols/openssl_client/main/openssl_client_example.h index 09782ecb52..212fb8d81b 100644 --- a/examples/protocols/openssl_client/main/openssl_client_example.h +++ b/examples/protocols/openssl_client/main/openssl_client_example.h @@ -17,17 +17,15 @@ the config you want - ie #define OPENSSL_EXAMPLE_TARGET_NAME "www.baidu.com" and ie #define OPENSSL_EXAMPLE_TARGET_TCP_PORT 433 */ -#define OPENSSL_EXAMPLE_TARGET_NAME CONFIG_TARGET_DOMAIN -#define OPENSSL_EXAMPLE_TARGET_TCP_PORT CONFIG_TARGET_PORT_NUMBER +#define EXAMPLE_OPENSSL_TARGET_DOMAIN CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN +#define EXAMPLE_OPENSSL_TARGET_PORT CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_PORT -#define OPENSSL_EXAMPLE_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n" +#define EXAMPLE_OPENSSL_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n" -#define OPENSSL_EXAMPLE_TASK_NAME "openssl_example" -#define OPENSSL_EXAMPLE_TASK_STACK_WORDS 10240 -#define OPENSSL_EXAMPLE_TASK_PRIORITY 8 +#define EXAMPLE_OPENSSL_TASK_NAME "openssl_example" +#define EXAMPLE_OPENSSL_TASK_STACK_WORDS 10240 +#define EXAMPLE_OPENSSL_TASK_PRIORITY 8 -#define OPENSSL_EXAMPLE_RECV_BUF_LEN 1024 - -#define OPENSSL_EXAMPLE_LOCAL_TCP_PORT 443 +#define EXAMPLE_OPENSSL_RECV_BUF_LEN 1024 #endif diff --git a/examples/protocols/openssl_client/main/openssl_client_example_main.c b/examples/protocols/openssl_client/main/openssl_client_example_main.c index bd808fa346..603c1b3b84 100644 --- a/examples/protocols/openssl_client/main/openssl_client_example_main.c +++ b/examples/protocols/openssl_client/main/openssl_client_example_main.c @@ -1,4 +1,4 @@ -/* OpenSSL client Example +/* OpenSSL Client Example This example code is in the Public Domain (or CC0 licensed, at your option.) @@ -6,172 +6,151 @@ software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ - #include "openssl_client_example.h" -#include - #include "openssl/ssl.h" -#include "freertos/FreeRTOS.h" -#include "freertos/task.h" +#include "lwip/netdb.h" +#include "lwip/sockets.h" -#include "esp_log.h" -#include "esp_wifi.h" -#include "esp_event.h" #include "nvs_flash.h" -#include "esp_netif.h" +#include "esp_event.h" +#include "esp_log.h" + #include "protocol_examples_common.h" -#include "lwip/sockets.h" -#include "lwip/netdb.h" -const static char *TAG = "openssl_example"; +static const char *TAG = "openssl_example"; -static void openssl_example_task(void *p) +static int open_connection(const char *host, char *port) { - int ret; - SSL_CTX *ctx; - SSL *ssl; + const struct addrinfo hints = { + .ai_family = AF_INET, + .ai_socktype = SOCK_STREAM, + }; + struct addrinfo * res; + struct in_addr *addr; + int sd; + int err = getaddrinfo(host, port, &hints, &res); + if (err < 0) { + ESP_LOGE(TAG, "getaddrinfo() failed for IPV4 destination address. error: %d", err); + return -1; + } + if (res == 0) { + ESP_LOGE(TAG, "getaddrinfo() did not return any addresses"); + return -1; + } + addr = &((struct sockaddr_in *)res->ai_addr)->sin_addr; + ESP_LOGI(TAG, "DNS lookup succeeded. IP=%s", inet_ntoa(*addr)); + sd = socket(res->ai_family, res->ai_socktype, 0); + if(sd < 0) { + ESP_LOGE(TAG, "Failed to allocate socket."); + freeaddrinfo(res); + return -1; + } + if (connect(sd, res->ai_addr, res->ai_addrlen) != 0) { + ESP_LOGE(TAG, "Socket connect failed"); + return -1; + } + return sd; +} + +static SSL_CTX* init_contex(void) +{ + +#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN + extern const unsigned char cacert_pem_start[] asm("_binary_ca_crt_start"); + extern const unsigned char cacert_pem_end[] asm("_binary_ca_crt_end"); +#else + extern const unsigned char cacert_pem_start[] asm("_binary_baidu_ca_crt_start"); + extern const unsigned char cacert_pem_end[] asm("_binary_baidu_ca_crt_end"); +#endif + const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start; + + const SSL_METHOD *mtd = TLSv1_1_client_method(); + SSL_CTX *ctx = SSL_CTX_new(mtd); /* Create new context */ + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); + + X509 *x = d2i_X509(NULL, cacert_pem_start, cacert_pem_bytes); + if(!x) { + ESP_LOGI(TAG,"Loading certs failed \n"); + } + SSL_CTX_add_client_CA(ctx, x); + + return ctx; +} + +static void start_example(const char *host, char *port) +{ + SSL_CTX *ctx = NULL; + SSL *ssl = NULL; int sockfd; - struct sockaddr_in sock_addr; - struct hostent *hp; - struct ip4_addr *ip4_addr; + int ret; - int recv_bytes = 0; - char recv_buf[OPENSSL_EXAMPLE_RECV_BUF_LEN]; - - const char send_data[] = OPENSSL_EXAMPLE_REQUEST; - const int send_bytes = sizeof(send_data); - - ESP_LOGI(TAG, "OpenSSL demo thread start OK"); - - ESP_LOGI(TAG, "get target IP address"); - hp = gethostbyname(OPENSSL_EXAMPLE_TARGET_NAME); - if (!hp) { - ESP_LOGI(TAG, "failed"); - goto failed1; - } - ESP_LOGI(TAG, "OK"); - - ip4_addr = (struct ip4_addr *)hp->h_addr; - ESP_LOGI(TAG, IPSTR, IP2STR(ip4_addr)); - - ESP_LOGI(TAG, "create SSL context ......"); - ctx = SSL_CTX_new(TLSv1_1_client_method()); + ctx = init_contex(); if (!ctx) { - ESP_LOGI(TAG, "failed"); + ESP_LOGE(TAG, "Failed"); + goto failed1; + } + ESP_LOGI(TAG, "Trying connect to %s port %s ...", host, port); + sockfd = open_connection(host, port); + if(sockfd < 0) { + ESP_LOGE(TAG,"Failed"); goto failed1; } ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "create socket ......"); - sockfd = socket(AF_INET, SOCK_STREAM, 0); - if (sockfd < 0) { - ESP_LOGI(TAG, "failed"); + ESP_LOGI(TAG, "Create SSL obj"); + ssl = SSL_new(ctx); + if (!ssl) { + ESP_LOGE(TAG,"Failed"); goto failed2; } ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "bind socket ......"); - memset(&sock_addr, 0, sizeof(sock_addr)); - sock_addr.sin_family = AF_INET; - sock_addr.sin_addr.s_addr = 0; - sock_addr.sin_port = htons(OPENSSL_EXAMPLE_LOCAL_TCP_PORT); - ret = bind(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); - if (ret) { - ESP_LOGI(TAG, "failed"); - goto failed3; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "socket connect to remote %s ......", OPENSSL_EXAMPLE_TARGET_NAME); - memset(&sock_addr, 0, sizeof(sock_addr)); - sock_addr.sin_family = AF_INET; - sock_addr.sin_addr.s_addr = ip4_addr->addr; - sock_addr.sin_port = htons(OPENSSL_EXAMPLE_TARGET_TCP_PORT); - ret = connect(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); - if (ret) { - ESP_LOGI(TAG, "failed"); - goto failed3; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "create SSL ......"); - ssl = SSL_new(ctx); - if (!ssl) { - ESP_LOGI(TAG, "failed"); - goto failed3; - } - ESP_LOGI(TAG, "OK"); - SSL_set_fd(ssl, sockfd); - - ESP_LOGI(TAG, "SSL connected to %s port %d ......", - OPENSSL_EXAMPLE_TARGET_NAME, OPENSSL_EXAMPLE_TARGET_TCP_PORT); ret = SSL_connect(ssl); - if (!ret) { - ESP_LOGI(TAG, "failed " ); - goto failed4; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "send https request to %s port %d ......", - OPENSSL_EXAMPLE_TARGET_NAME, OPENSSL_EXAMPLE_TARGET_TCP_PORT); - ret = SSL_write(ssl, send_data, send_bytes); if (ret <= 0) { - ESP_LOGI(TAG, "failed"); - goto failed5; + ESP_LOGE(TAG,"SSL Connection Failed"); + goto failed3; } - ESP_LOGI(TAG, "OK"); - - do { - ret = SSL_read(ssl, recv_buf, OPENSSL_EXAMPLE_RECV_BUF_LEN - 1); - if (ret <= 0) { - break; - } - recv_buf[ret] = '\0'; - recv_bytes += ret; - ESP_LOGI(TAG, "%s", recv_buf); - } while (1); - - ESP_LOGI(TAG, "totally read %d bytes data from %s ......", recv_bytes, OPENSSL_EXAMPLE_TARGET_NAME); - -failed5: - SSL_shutdown(ssl); -failed4: + ESP_LOGI(TAG,"SSL Connection Succeed"); +failed3: SSL_free(ssl); ssl = NULL; -failed3: +failed2: close(sockfd); sockfd = -1; -failed2: +failed1: SSL_CTX_free(ctx); ctx = NULL; -failed1: - vTaskDelete(NULL); - return ; } -static void openssl_example_client_init(void) +#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN +static void get_string(char *line, size_t size) { - int ret; - xTaskHandle openssl_handle; - - ret = xTaskCreate(openssl_example_task, - OPENSSL_EXAMPLE_TASK_NAME, - OPENSSL_EXAMPLE_TASK_STACK_WORDS, - NULL, - OPENSSL_EXAMPLE_TASK_PRIORITY, - &openssl_handle); - - if (ret != pdPASS) { - ESP_LOGI(TAG, "create thread %s failed", OPENSSL_EXAMPLE_TASK_NAME); + int count = 0; + while (count < size) { + int c = fgetc(stdin); + if (c == '\n') { + line[count] = '\0'; + break; + } else if (c > 0 && c < 127) { + line[count] = c; + ++count; + } + vTaskDelay(10 / portTICK_PERIOD_MS); } } +#endif /* CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN */ void app_main(void) { + char host[128] = EXAMPLE_OPENSSL_TARGET_DOMAIN; + char port[32] = EXAMPLE_OPENSSL_TARGET_PORT; + + ESP_LOGI(TAG, "[APP] Startup.."); + ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size()); + ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version()); + ESP_ERROR_CHECK(nvs_flash_init()); ESP_ERROR_CHECK(esp_netif_init()); ESP_ERROR_CHECK(esp_event_loop_create_default()); @@ -182,5 +161,10 @@ void app_main(void) */ ESP_ERROR_CHECK(example_connect()); - openssl_example_client_init(); +#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN + char line[256] = ""; + get_string(line, sizeof(line)); + sscanf(line, "%s %s", host, port); +#endif /* CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN */ + start_example(host, port); } diff --git a/examples/protocols/openssl_client/sdkconfig.ci b/examples/protocols/openssl_client/sdkconfig.ci new file mode 100644 index 0000000000..ab023d2264 --- /dev/null +++ b/examples/protocols/openssl_client/sdkconfig.ci @@ -0,0 +1,2 @@ +CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN=y +CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING=n diff --git a/examples/protocols/openssl_client/server_certs/ca.crt b/examples/protocols/openssl_client/server_certs/ca.crt new file mode 100644 index 0000000000..541d527602 --- /dev/null +++ b/examples/protocols/openssl_client/server_certs/ca.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTTCCAjWgAwIBAgIUe0ZW+zwJ0KauAHVreTmv8xqC9QgwDQYJKoZIhvcNAQEL +BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM +CUVzcHJlc3NpZjAeFw0yMDA5MjMwNzU1NTRaFw00ODAyMDkwNzU1NTRaMDYxCzAJ +BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz +aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52tv077MpX817BVUP +yjmz/Nk1Tj7Za4pHlpVlbRRSlEz5h/62s7arB6dq9K2kC7fTIkw6MN/Qp4zPZ1Ug +0abzZesb71w3NLhw9ModiakDkvdRoDORXbxeJuxHbJyui/8N9UNJfb3IOPX/nSP+ +coDWrkk0GrJbLwU1aLf7zr00iY2yx+lAEd75ElXhKrheUJJ/dpKYl4ZcGSm55WkQ +tJi5dHfZCx1dDXnt49q5hbGa7lsOwdIdE7xM4NtqWo61LJ2Z/scbha48RMvEAnAl +IfG9VcfjfOY1Y3LZemXS1NhuGRRgT3hc/xJFyTja4zg71XK1Z5VJO/QShFuDWnkx +oXrdAgMBAAGjUzBRMB0GA1UdDgQWBBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAfBgNV +HSMEGDAWgBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAPBgNVHRMBAf8EBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQBqu44Bdq2JWAx3gDrIz42Vvocq4kRkNEg2C00b7OEU +Hi/zm2JTOyoHQfLZWc1Y6dzcPTbA/+7JFgnlgyzfH4YCi8YosEjRB+cBqEwDeeGY +XS0vKxEG69vDb/neqsKsWawKU7P8TVar7qg/41eqoC84o/d23eBFJ0Tr/3EWO5hr +8ct2mSLkewCJIzxqQIsORynxjd7K9N2Dxb7Lg7kremM+nADfrbArSh443t+G9YEY +fDatlIgFXietPyg6i27Aob5Ogs5gmbdY2swEoYfnrN++DpLyLoPB9Y1t/691CkNF +AzCQft+CFyZfNXbjHBE7q3s660/UkC20OyHFyFt9C0q2 +-----END CERTIFICATE----- diff --git a/examples/protocols/openssl_client/server_certs/ca.key b/examples/protocols/openssl_client/server_certs/ca.key new file mode 100644 index 0000000000..99f0a0aea1 --- /dev/null +++ b/examples/protocols/openssl_client/server_certs/ca.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAudrb9O+zKV/NewVVD8o5s/zZNU4+2WuKR5aVZW0UUpRM+Yf+ +trO2qwenavStpAu30yJMOjDf0KeMz2dVINGm82XrG+9cNzS4cPTKHYmpA5L3UaAz +kV28XibsR2ycrov/DfVDSX29yDj1/50j/nKA1q5JNBqyWy8FNWi3+869NImNssfp +QBHe+RJV4Sq4XlCSf3aSmJeGXBkpueVpELSYuXR32QsdXQ157ePauYWxmu5bDsHS +HRO8TODbalqOtSydmf7HG4WuPETLxAJwJSHxvVXH43zmNWNy2Xpl0tTYbhkUYE94 +XP8SRck42uM4O9VytWeVSTv0EoRbg1p5MaF63QIDAQABAoIBAQC480UkcEz4hW/0 +VpAZkILvzFVTKLR+pPgM2Zt+PZiVvSMExwMBScIkXQ+L7kXGFCswntcAqZZxC+ui +khAzAq+DVA8t03sPLRXGwrNHxbA98EjSH/xxUribcVx8j2c0g/ijKUl2nvz3fUfA +wd4J3mS8PuB2S4LmHtquFbHRkiDTX8RPtq+1ZGpl2+u2DlKIyPrkr8UZyZPVVjHd +ACyG4rJdFy/XVS3cGSQ0Nkp/Ml706oSOUklRPzQEumZt6UkdgRYt9VlLL65CzIrF +qW34v0olgD5pVM4hIKIV8GgqGCqKhfsj8Mv6kQ2iO4/Wu32iwwezGpqO5pOUVJLB +t/22iNxBAoGBAOmHHUN9Vl5wnZ88/TG1zU4aom/PHNiPCym1Zr4MekdMtCOFo+i/ +8hB+X8ZfR8VfQpzF2TdvCde0f/nQCT7ixCFmx5ZgD6QqDU2oHqV1N+/6k3IFGG8X +BFcKMOyRU866E7RknMQfXmKc0V9BFnwo1hFfNlaQNUsiT6BX9TXvDzBVAoGBAMu9 +Vpnv95FbFAb3+5gLABfFu9jUDSIanE+YJgtm5akDxF5paYZNTUcTe0KwT/h/nqyU +EyHeb32IbKUOzEmN1RlvfIec2QmZJk0u6TfLRLmORsBxM5z5dn+mvJwsYHaam0iI +pdpbnObCH+dIgGrn6zPPgaLr/NQ/GJMbVpGTVAhpAoGAc9p9MRtAOvABspsuPXgl +F2dtSKzmcaVdc160TvqfuzmZcLn/HBwFuhsH5sEkOQ3OXTpmTfL/Xg0FJGkJ/THA +/ZUg1UBo4heeq/UI5yrlCmA0v+85NPulQo0iwmpCup9j4S28/CtXxvJniKsgvY4A +zXN/4KgAWHr4J+MbGpuz3FUCgYB6ACr3iyaoN+3KLnzOEug/U/ykXnZu0ZiAYQ+H +DFrB1qukDWNPNMLtqNDKomGA4IrXtOOwCE6i0SqdvDrAYNoWnRfo7RdaFAdHeKvW +6TWCF5xuaFsLyKYY0nNm4XvyCaqqyIjoNKvD0sLf8B5V5gKFx+BM+xsuzYmdrWUt +Txem4QKBgQDGTEuEy8lX3AO7+iSwjgOC0mooLOR6MoH3iH81GUj+IuiwngIDRtHj +gIh0mNu6vgQkfBkaP27tyr00PBi3SIGAJOLaTKimjEOk0plTw1ewt4apMlhdcT/f +eVEUD7zpX3v1a8mN34wCRUEilpfMvEpIxW3GnDRzxVaXerydLiApJQ== +-----END RSA PRIVATE KEY----- diff --git a/examples/protocols/openssl_server/CMakeLists.txt b/examples/protocols/openssl_server/CMakeLists.txt index 9fb42034a5..7ed911f9e8 100644 --- a/examples/protocols/openssl_server/CMakeLists.txt +++ b/examples/protocols/openssl_server/CMakeLists.txt @@ -8,3 +8,6 @@ set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_exam include($ENV{IDF_PATH}/tools/cmake/project.cmake) project(openssl_server) + +target_add_binary_data(openssl_server.elf "server_certs/ca.crt" TEXT) +target_add_binary_data(openssl_server.elf "server_certs/ca.key" TEXT) diff --git a/examples/protocols/openssl_server/README.md b/examples/protocols/openssl_server/README.md index d304397039..d41aca3db7 100644 --- a/examples/protocols/openssl_server/README.md +++ b/examples/protocols/openssl_server/README.md @@ -1,22 +1,65 @@ -# Openssl Example +# OpenSSL Server Example -The Example contains of OpenSSL server demo. +(See the README.md file in the upper level 'examples' directory for more information about examples.) -Open the project configuration menu (`idf.py menuconfig`): +This example connects to the ESP-OPENSSL server demo using ssl transport and and sends some messages. -* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../README.md) for more details. +## How to use example +### Python scripts + +Script example_test.py could be used as a client part to the ESP-OPENSSL server demo, + +``` +python example_test.py +``` +Note that this script is used in automated tests, as well, so the IDF test framework packages need to be imported; +please add `$IDF_PATH/tools/ci/python_packages` to `PYTHONPATH`. + +### Hardware Required + +This example can be executed on any ESP32 board, the only required interface is WiFi and connection to internet. + +### Configure the project + +* Open the project configuration menu (`idf.py menuconfig`) +* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../../README.md) for more details. * When using Make build system, set `Default serial port` under `Serial flasher config`. - -IF you want to test the OpenSSL server demo: - 1. compile the code and load the firmware - 2. input the context of "https://192.168.17.128" into your web browser, the IP of your module may not be 192.168.17.128, you should input your module's IP - 3. You may see that it shows the website is not able to be trusted, but you should select that "go on to visit it" - 4. You should wait for a moment until your see the "OpenSSL server demo!" in your web browser - -Note: - The private key and certification at the example are not trusted by web browser, because they are not created by CA official, just by ourselves. - You can alse create your own private key and ceritification by "openssl at ubuntu or others". - We have the document of "ESP8266_SDKSSL_User_Manual_EN_v1.4.pdf" at "https://www.espressif.com/en/support/download/documents". By it you can gernerate the private key and certification with the fomate of ".pem" -See the README.md file in the upper level 'examples' directory for more information about examples. +### Build and Flash + +Build the project and flash it to the board, then run monitor tool to view serial output: + +``` +idf.py -p PORT flash monitor +``` + +(To exit the serial monitor, type ``Ctrl-]``.) + +See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects. + +## Example Output + +``` +I (2609) example_connect: Got IPv6 event: Interface "example_connect: sta" address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL +I (3609) esp_netif_handlers: example_connect: sta ip: 192.168.1.191, mask: 255.255.255.0, gw: 192.168.1.1 +I (3609) example_connect: Got IPv4 event: Interface "example_connect: sta" address: 192.168.1.191 +I (3619) example_connect: Connected to example_connect: sta +I (3619) example_connect: - IPv4 address: 192.168.1.191 +I (3629) example_connect: - IPv6 address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL +I (3639) OPENSSL_EXAMPLE: SSL server context create ...... +I (3649) OPENSSL_EXAMPLE: OK +I (3649) OPENSSL_EXAMPLE: SSL server context set own certification...... +I (3659) OPENSSL_EXAMPLE: OK +I (3659) OPENSSL_EXAMPLE: SSL server context set private key...... +I (3669) OPENSSL_EXAMPLE: OK +I (3669) OPENSSL_EXAMPLE: SSL server create socket ...... +I (3679) OPENSSL_EXAMPLE: OK +I (3679) OPENSSL_EXAMPLE: SSL server socket bind ...... +I (3689) OPENSSL_EXAMPLE: OK +I (3689) OPENSSL_EXAMPLE: SSL server socket listen on 443 port +I (3699) OPENSSL_EXAMPLE: OK +I (3699) OPENSSL_EXAMPLE: SSL server create ...... +I (3709) OPENSSL_EXAMPLE: OK +I (3709) OPENSSL_EXAMPLE: SSL server socket accept client ...... +``` diff --git a/examples/protocols/openssl_server/example_test.py b/examples/protocols/openssl_server/example_test.py new file mode 100644 index 0000000000..be1af74fcd --- /dev/null +++ b/examples/protocols/openssl_server/example_test.py @@ -0,0 +1,47 @@ +from __future__ import print_function, unicode_literals + +import os +import re +import socket +import ssl + +import ttfw_idf + + +def _path(f): + return os.path.join(os.path.dirname(os.path.realpath(__file__)),f) + + +@ttfw_idf.idf_example_test(env_tag='Example_WIFI') +def test_example_protocol_openssl_server(env, extra_data): + """ + steps: + 1. join AP + 2. connect to uri "xxxx.xxxx.xxxx.xxxx:port" + 3. send data + """ + dut1 = env.get_dut('openssl_server', 'examples/protocols/openssl_server', dut_class=ttfw_idf.ESP32DUT) + # check and log bin size + binary_file = os.path.join(dut1.app.binary_path, 'openssl_server.bin') + bin_size = os.path.getsize(binary_file) + ttfw_idf.log_performance('openssl_server_bin_size', '{}KB'.format(bin_size // 1024)) + # start test + dut1.start_app() + ip = dut1.expect(re.compile(r' IPv4 address: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'), timeout=30)[0] + port = dut1.expect(re.compile(r' SSL server socket listen on ([0-9]+)'), timeout=30)[0] + # create socket + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.settimeout(10) + addr = (ip, int(port)) + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) + # wrap socket + wrappedSocket = ssl.wrap_socket(sock, ca_certs=_path('server_certs/ca.crt'), cert_reqs=ssl.CERT_REQUIRED) + # connect and send data + wrappedSocket.connect(addr) + wrappedSocket.send('Some Data'.encode()) + # close socket connection + wrappedSocket.close() + + +if __name__ == '__main__': + test_example_protocol_openssl_server() diff --git a/examples/protocols/openssl_server/main/CMakeLists.txt b/examples/protocols/openssl_server/main/CMakeLists.txt index a567653734..592d3df099 100644 --- a/examples/protocols/openssl_server/main/CMakeLists.txt +++ b/examples/protocols/openssl_server/main/CMakeLists.txt @@ -1,4 +1,3 @@ # Embed the certificate & key data directly in the built binary idf_component_register(SRCS "openssl_server_example_main.c" - INCLUDE_DIRS "." - EMBED_TXTFILES cacert.pem prvtkey.pem) + INCLUDE_DIRS ".") diff --git a/examples/protocols/openssl_server/main/Kconfig.projbuild b/examples/protocols/openssl_server/main/Kconfig.projbuild new file mode 100644 index 0000000000..6b9e21c67a --- /dev/null +++ b/examples/protocols/openssl_server/main/Kconfig.projbuild @@ -0,0 +1,10 @@ +menu "Example Configuration" + + config EXAMPLE_OPENSSL_SERVER_PORT + int "Target port number" + range 0 65535 + default 443 + help + Target port number for the example to connect to. + +endmenu diff --git a/examples/protocols/openssl_server/main/cacert.pem b/examples/protocols/openssl_server/main/cacert.pem deleted file mode 100644 index e09c3989cd..0000000000 --- a/examples/protocols/openssl_server/main/cacert.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDezCCAmOgAwIBAgIJAPMMNobNczaUMA0GCSqGSIb3DQEBBAUAMHQxEzARBgNV -BAMTCk15IFRlc3QgQ0ExCzAJBgNVBAgTAkhaMQswCQYDVQQGEwJDTjEcMBoGCSqG -SIb3DQEJARYNdGVzdEBjZXJ0LmNvbTElMCMGA1UEChMcUm9vdCBDZXJ0aWZpY2F0 -aW9uIEF1dGhvcml0eTAeFw0xNjExMTUwNTA0MThaFw0xOTExMTUwNTA0MThaMHQx -EzARBgNVBAMTCk15IFRlc3QgQ0ExCzAJBgNVBAgTAkhaMQswCQYDVQQGEwJDTjEc -MBoGCSqGSIb3DQEJARYNdGVzdEBjZXJ0LmNvbTElMCMGA1UEChMcUm9vdCBDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBALDjSPDlomepHCzbw4MUrquQAU0xTV4/Npb27k9I5TRVTjIoOs/5hNI2LPFW -e4CREx09ZrT8K3NFOBoSy7bhPAsjGaFxCYYWc9tiX1m5gq3ToVRSmbZ65fE3kvnI -8E/d5VyzA0OMmWbfaolBSTMoWgqRynEaT+z1Eh2yDTzVFy9eov1DdQFUqGDqbH5b -QYvTY5Fyem7UcKWAe2yS0j3H4dVtVBKNY7qV3Px08yGAs5fQFgUwhyB5+qwhvkeL -JdgapGaSTwLgoQKWHbe/lA3NiBIB9hznFUGKo3hmniAvYZbrQcn3tc0l/J4I39v2 -Pm29FAyjWvQyBkGktz2q4elOZYkCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkq -hkiG9w0BAQQFAAOCAQEAJCJ+97oae/FcOLbPpjCpUQnWqYydgSChgalkZNvr4fVp -TnuNg471l0Y2oTJLoWn2YcbPSFVOEeKkU47mpjMzucHHp0zGaW9SdzhZalWwmbgK -q2ijecIbuFHFNedYTk/03K7eaAcjVhD8e0oOJImeLOL6DAFivA1LUnSgXsdGPDtD -zhISsCPTu+cL1j0yP6HBvLeAyb8kaCWJ05RtiVLRANNHQn/keHajJYpMwnEEbJdG -cqN3whfJoGVbZ6isEf2RQJ0pYRnP7uGLW3wGkLWxfdto8uER8HVDx7fZpevLIqGd -1OoSEi3cIJXWBAjx0TLzzhtb6aeIxBJWQqHThtkKdg== ------END CERTIFICATE----- diff --git a/examples/protocols/openssl_server/main/component.mk b/examples/protocols/openssl_server/main/component.mk index 80af01cb53..2f52006ae6 100644 --- a/examples/protocols/openssl_server/main/component.mk +++ b/examples/protocols/openssl_server/main/component.mk @@ -2,5 +2,5 @@ # Main Makefile. This is basically the same as a component makefile. # -COMPONENT_EMBED_TXTFILES := cacert.pem -COMPONENT_EMBED_TXTFILES += prvtkey.pem +COMPONENT_EMBED_TXTFILES := ${PROJECT_PATH}/server_certs/ca.crt +COMPONENT_EMBED_TXTFILES += ${PROJECT_PATH}/server_certs/ca.key diff --git a/examples/protocols/openssl_server/main/openssl_server_example.h b/examples/protocols/openssl_server/main/openssl_server_example.h index 14afc27e25..4cf8c7710c 100644 --- a/examples/protocols/openssl_server/main/openssl_server_example.h +++ b/examples/protocols/openssl_server/main/openssl_server_example.h @@ -18,6 +18,6 @@ #define OPENSSL_EXAMPLE_RECV_BUF_LEN 1024 -#define OPENSSL_EXAMPLE_LOCAL_TCP_PORT 443 +#define OPENSSL_EXAMPLE_LOCAL_TCP_PORT CONFIG_EXAMPLE_OPENSSL_SERVER_PORT #endif diff --git a/examples/protocols/openssl_server/main/openssl_server_example_main.c b/examples/protocols/openssl_server/main/openssl_server_example_main.c index d500d16e2d..500a45397c 100644 --- a/examples/protocols/openssl_server/main/openssl_server_example_main.c +++ b/examples/protocols/openssl_server/main/openssl_server_example_main.c @@ -1,4 +1,4 @@ -/* OpenSSL server Example +/* OpenSSL Server Example This example code is in the Public Domain (or CC0 licensed, at your option.) @@ -27,7 +27,7 @@ #include "lwip/netdb.h" -const static char *TAG = "Openssl_example"; +const static char *TAG = "openssl_example"; #define OPENSSL_EXAMPLE_SERVER_ACK "HTTP/1.1 200 OK\r\n" \ "Content-Type: text/html\r\n" \ @@ -56,13 +56,13 @@ static void openssl_example_task(void *p) const char send_data[] = OPENSSL_EXAMPLE_SERVER_ACK; const int send_bytes = sizeof(send_data); - extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start"); - extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end"); - const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start; + extern const unsigned char ca_crt_start[] asm("_binary_ca_crt_start"); + extern const unsigned char ca_crt_end[] asm("_binary_ca_crt_end"); + const unsigned int ca_crt_bytes = ca_crt_end - ca_crt_start; - extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start"); - extern const unsigned char prvtkey_pem_end[] asm("_binary_prvtkey_pem_end"); - const unsigned int prvtkey_pem_bytes = prvtkey_pem_end - prvtkey_pem_start; + extern const unsigned char ca_key_start[] asm("_binary_ca_key_start"); + extern const unsigned char ca_key_end[] asm("_binary_ca_key_end"); + const unsigned int ca_key_bytes = ca_key_end - ca_key_start; ESP_LOGI(TAG, "SSL server context create ......"); /* For security reasons, it is best if you can use @@ -77,7 +77,7 @@ static void openssl_example_task(void *p) ESP_LOGI(TAG, "OK"); ESP_LOGI(TAG, "SSL server context set own certification......"); - ret = SSL_CTX_use_certificate_ASN1(ctx, cacert_pem_bytes, cacert_pem_start); + ret = SSL_CTX_use_certificate_ASN1(ctx, ca_crt_bytes, ca_crt_start); if (!ret) { ESP_LOGI(TAG, "failed"); goto failed2; @@ -85,7 +85,7 @@ static void openssl_example_task(void *p) ESP_LOGI(TAG, "OK"); ESP_LOGI(TAG, "SSL server context set private key......"); - ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, prvtkey_pem_start, prvtkey_pem_bytes); + ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, ca_key_start, ca_key_bytes); if (!ret) { ESP_LOGI(TAG, "failed"); goto failed2; @@ -112,7 +112,7 @@ static void openssl_example_task(void *p) } ESP_LOGI(TAG, "OK"); - ESP_LOGI(TAG, "SSL server socket listen ......"); + ESP_LOGI(TAG, "SSL server socket listen on %d port", OPENSSL_EXAMPLE_LOCAL_TCP_PORT); ret = listen(sockfd, 32); if (ret) { ESP_LOGI(TAG, "failed"); @@ -207,6 +207,10 @@ static void openssl_server_init(void) void app_main(void) { + ESP_LOGI(TAG, "[APP] Startup.."); + ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size()); + ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version()); + ESP_ERROR_CHECK(nvs_flash_init()); ESP_ERROR_CHECK(esp_netif_init()); ESP_ERROR_CHECK(esp_event_loop_create_default()); diff --git a/examples/protocols/openssl_server/main/prvtkey.pem b/examples/protocols/openssl_server/main/prvtkey.pem deleted file mode 100644 index 4ead61f6ff..0000000000 --- a/examples/protocols/openssl_server/main/prvtkey.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAsONI8OWiZ6kcLNvDgxSuq5ABTTFNXj82lvbuT0jlNFVOMig6 -z/mE0jYs8VZ7gJETHT1mtPwrc0U4GhLLtuE8CyMZoXEJhhZz22JfWbmCrdOhVFKZ -tnrl8TeS+cjwT93lXLMDQ4yZZt9qiUFJMyhaCpHKcRpP7PUSHbINPNUXL16i/UN1 -AVSoYOpsfltBi9NjkXJ6btRwpYB7bJLSPcfh1W1UEo1jupXc/HTzIYCzl9AWBTCH -IHn6rCG+R4sl2BqkZpJPAuChApYdt7+UDc2IEgH2HOcVQYqjeGaeIC9hlutByfe1 -zSX8ngjf2/Y+bb0UDKNa9DIGQaS3Parh6U5liQIDAQABAoIBAB9K9jp3xXVlO3DM -KBhmbkg3n6NSV4eW00d9w8cO9E1/0eeZql3knJS7tNO1IwApqiIAHM1j1yP7WONz -88oUqpSlzwD6iF7KVhC3pHqxEOdDi0Tpn/viXg+Ab2X1IF5guRTfLnKiyviiCazi -edqtBtDb3d6Icx9Oc7gBKcpbQFDGt++wSOb5L+xhRm9B5B4l/6byikiPeKqIK5tC -SoP9Zr1mvpNoGm1P4LvEunFJcRBqVI010VNwfO9P98oVyzJu9/FZZrQxXoY9JdXF -OM6nbl+hMDM3TkEOda9NvBhImozEAvuc97CaaXyR3XivxMqNqNIb4+syUPa2PCS3 -ZztI5qECgYEA1gbVG6ifpvpbBkDPi3Im8fM3F7FLLrQc48FdFjdMvDhHD9lVKucD -Uaa8PF9dbbvlu2cwMyfBOKSuWaXxRxRsiqiPmTunS1MvPzQcSrGwUrL2AogGucn6 -+NrLQf5P4H5IpkDQ9ih3zwjO6xKFK1WeYnYpHM8qUBtl6q0YFyVBPu0CgYEA05Pn -StWA4D7VSbNnVi6lvFyEOUsTrK3v419598TFiq4eXLq6aV8/CQYzKsSzoG+aOZhX -Li+0uyT5cNzUcXYhTsW1hA/pNhMfxMrYiB1x14zlLp2WRGg4vd/+SxX6d9Yd3acX -7QzPKgdDicXs9QN8ozJOICKvNbUI53AJdATVEY0CgYEAwvpGeoQLrdq1weSZLrg3 -soOX1QW3MDz1dKdbXjnStkWut0mOxR7fbysuoPFf8/ARQcCnsHKvHCMqkpESVWbN -2yPkbfxiU8Tcbf/TJljqAOz4ISY6ula/RKZONTixHBrvpEW4GAiV3Q5xMsYUe33s -ZFaw7YXtTj0ng7tdDvjpj6ECgYEApHdUU9ejVq2BHslWiqe4LbO9FMxHfvO2hgix -xugupp6y+2Irhb2EQn+PRq+g8hXOzPaezkhHNTKItDL08T3iplkJwJ6dqmszRsZn -i2dYFzZu8M2PAZ4CfZahFbz/9id7D9HTx3EtmH4NAgvZJpyPRkzUbiaIDDettDpj -Hsyi1AECgYAPLvjBzQj4kPF8Zo9pQEUcz4pmupRVfv3aRfjnahDK4qZHEePDRj+J -W7pzayrs1dyN9QLB8pTc424z7f8MB3llCICN+ohs8CR/eW0NEobE9ldDOeoCr1Vh -NhNSbrN1iZ8U4oLkRTMaDKkVngGffvjGi/q0tOU7hJdZOqNlk2Iahg== ------END RSA PRIVATE KEY----- diff --git a/examples/protocols/openssl_server/server_certs/ca.crt b/examples/protocols/openssl_server/server_certs/ca.crt new file mode 100644 index 0000000000..541d527602 --- /dev/null +++ b/examples/protocols/openssl_server/server_certs/ca.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTTCCAjWgAwIBAgIUe0ZW+zwJ0KauAHVreTmv8xqC9QgwDQYJKoZIhvcNAQEL +BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM +CUVzcHJlc3NpZjAeFw0yMDA5MjMwNzU1NTRaFw00ODAyMDkwNzU1NTRaMDYxCzAJ +BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz +aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52tv077MpX817BVUP +yjmz/Nk1Tj7Za4pHlpVlbRRSlEz5h/62s7arB6dq9K2kC7fTIkw6MN/Qp4zPZ1Ug +0abzZesb71w3NLhw9ModiakDkvdRoDORXbxeJuxHbJyui/8N9UNJfb3IOPX/nSP+ +coDWrkk0GrJbLwU1aLf7zr00iY2yx+lAEd75ElXhKrheUJJ/dpKYl4ZcGSm55WkQ +tJi5dHfZCx1dDXnt49q5hbGa7lsOwdIdE7xM4NtqWo61LJ2Z/scbha48RMvEAnAl +IfG9VcfjfOY1Y3LZemXS1NhuGRRgT3hc/xJFyTja4zg71XK1Z5VJO/QShFuDWnkx +oXrdAgMBAAGjUzBRMB0GA1UdDgQWBBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAfBgNV +HSMEGDAWgBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAPBgNVHRMBAf8EBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQBqu44Bdq2JWAx3gDrIz42Vvocq4kRkNEg2C00b7OEU +Hi/zm2JTOyoHQfLZWc1Y6dzcPTbA/+7JFgnlgyzfH4YCi8YosEjRB+cBqEwDeeGY +XS0vKxEG69vDb/neqsKsWawKU7P8TVar7qg/41eqoC84o/d23eBFJ0Tr/3EWO5hr +8ct2mSLkewCJIzxqQIsORynxjd7K9N2Dxb7Lg7kremM+nADfrbArSh443t+G9YEY +fDatlIgFXietPyg6i27Aob5Ogs5gmbdY2swEoYfnrN++DpLyLoPB9Y1t/691CkNF +AzCQft+CFyZfNXbjHBE7q3s660/UkC20OyHFyFt9C0q2 +-----END CERTIFICATE----- diff --git a/examples/protocols/openssl_server/server_certs/ca.key b/examples/protocols/openssl_server/server_certs/ca.key new file mode 100644 index 0000000000..99f0a0aea1 --- /dev/null +++ b/examples/protocols/openssl_server/server_certs/ca.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAudrb9O+zKV/NewVVD8o5s/zZNU4+2WuKR5aVZW0UUpRM+Yf+ +trO2qwenavStpAu30yJMOjDf0KeMz2dVINGm82XrG+9cNzS4cPTKHYmpA5L3UaAz +kV28XibsR2ycrov/DfVDSX29yDj1/50j/nKA1q5JNBqyWy8FNWi3+869NImNssfp +QBHe+RJV4Sq4XlCSf3aSmJeGXBkpueVpELSYuXR32QsdXQ157ePauYWxmu5bDsHS +HRO8TODbalqOtSydmf7HG4WuPETLxAJwJSHxvVXH43zmNWNy2Xpl0tTYbhkUYE94 +XP8SRck42uM4O9VytWeVSTv0EoRbg1p5MaF63QIDAQABAoIBAQC480UkcEz4hW/0 +VpAZkILvzFVTKLR+pPgM2Zt+PZiVvSMExwMBScIkXQ+L7kXGFCswntcAqZZxC+ui +khAzAq+DVA8t03sPLRXGwrNHxbA98EjSH/xxUribcVx8j2c0g/ijKUl2nvz3fUfA +wd4J3mS8PuB2S4LmHtquFbHRkiDTX8RPtq+1ZGpl2+u2DlKIyPrkr8UZyZPVVjHd +ACyG4rJdFy/XVS3cGSQ0Nkp/Ml706oSOUklRPzQEumZt6UkdgRYt9VlLL65CzIrF +qW34v0olgD5pVM4hIKIV8GgqGCqKhfsj8Mv6kQ2iO4/Wu32iwwezGpqO5pOUVJLB +t/22iNxBAoGBAOmHHUN9Vl5wnZ88/TG1zU4aom/PHNiPCym1Zr4MekdMtCOFo+i/ +8hB+X8ZfR8VfQpzF2TdvCde0f/nQCT7ixCFmx5ZgD6QqDU2oHqV1N+/6k3IFGG8X +BFcKMOyRU866E7RknMQfXmKc0V9BFnwo1hFfNlaQNUsiT6BX9TXvDzBVAoGBAMu9 +Vpnv95FbFAb3+5gLABfFu9jUDSIanE+YJgtm5akDxF5paYZNTUcTe0KwT/h/nqyU +EyHeb32IbKUOzEmN1RlvfIec2QmZJk0u6TfLRLmORsBxM5z5dn+mvJwsYHaam0iI +pdpbnObCH+dIgGrn6zPPgaLr/NQ/GJMbVpGTVAhpAoGAc9p9MRtAOvABspsuPXgl +F2dtSKzmcaVdc160TvqfuzmZcLn/HBwFuhsH5sEkOQ3OXTpmTfL/Xg0FJGkJ/THA +/ZUg1UBo4heeq/UI5yrlCmA0v+85NPulQo0iwmpCup9j4S28/CtXxvJniKsgvY4A +zXN/4KgAWHr4J+MbGpuz3FUCgYB6ACr3iyaoN+3KLnzOEug/U/ykXnZu0ZiAYQ+H +DFrB1qukDWNPNMLtqNDKomGA4IrXtOOwCE6i0SqdvDrAYNoWnRfo7RdaFAdHeKvW +6TWCF5xuaFsLyKYY0nNm4XvyCaqqyIjoNKvD0sLf8B5V5gKFx+BM+xsuzYmdrWUt +Txem4QKBgQDGTEuEy8lX3AO7+iSwjgOC0mooLOR6MoH3iH81GUj+IuiwngIDRtHj +gIh0mNu6vgQkfBkaP27tyr00PBi3SIGAJOLaTKimjEOk0plTw1ewt4apMlhdcT/f +eVEUD7zpX3v1a8mN34wCRUEilpfMvEpIxW3GnDRzxVaXerydLiApJQ== +-----END RSA PRIVATE KEY----- diff --git a/tools/ci/mypy_ignore_list.txt b/tools/ci/mypy_ignore_list.txt index 4c8d021df6..a76883839b 100644 --- a/tools/ci/mypy_ignore_list.txt +++ b/tools/ci/mypy_ignore_list.txt @@ -97,6 +97,8 @@ examples/protocols/mqtt/ssl_ds/configure_ds.py examples/protocols/mqtt/tcp/mqtt_tcp_example_test.py examples/protocols/mqtt/ws/mqtt_ws_example_test.py examples/protocols/mqtt/wss/mqtt_wss_example_test.py +examples/protocols/openssl_client/example_test.py +examples/protocols/openssl_server/example_test.py examples/protocols/pppos_client/example_test.py examples/protocols/sntp/example_test.py examples/protocols/sockets/tcp_client/example_test.py