Skip to content

Add WiFiSSLClient #152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 8 commits into from
Closed

Add WiFiSSLClient #152

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
3577e32
Provide SSL/TLS functions to ESP32 with Arduino IDE
copercini Jan 27, 2017
f09c12a
Provide SSL/TLS functions to ESP32 with Arduino IDE
copercini Jan 27, 2017
f8c175a
Add Wifi secure connection example for ESP32
copercini Jan 27, 2017
2acb075
Provide SSL/TLS functions to ESP32 with Arduino IDE
copercini Jan 30, 2017
f76c340
move WifiSSLClient out of core
copercini Jan 30, 2017
54c2809
move WifiSSLClient out of core
copercini Jan 30, 2017
f9c2004
move WifiSSLClient out of core
copercini Jan 30, 2017
d7fde5e
move WifiSSLClient out of core
copercini Jan 30, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 70 additions & 0 deletions libraries/WiFi/examples/WiFiSSLClient/WiFiSSLClient.ino
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
/*
Wifi secure connection example for ESP32
Running on TLS 1.2 using mbedTLS
Suporting the folling chipersuites:
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CCM","TLS_DHE_RSA_WITH_AES_256_CCM","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","TLS_DHE_RSA_WITH_AES_256_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_DHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8","TLS_DHE_RSA_WITH_AES_256_CCM_8","TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_DHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CCM","TLS_DHE_RSA_WITH_AES_128_CCM","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_DHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_DHE_RSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8","TLS_DHE_RSA_WITH_AES_128_CCM_8","TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA","TLS_DHE_PSK_WITH_AES_256_GCM_SHA384","TLS_DHE_PSK_WITH_AES_256_CCM","TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384","TLS_DHE_PSK_WITH_AES_256_CBC_SHA384","TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA","TLS_DHE_PSK_WITH_AES_256_CBC_SHA","TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384","TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384","TLS_PSK_DHE_WITH_AES_256_CCM_8","TLS_DHE_PSK_WITH_AES_128_GCM_SHA256","TLS_DHE_PSK_WITH_AES_128_CCM","TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256","TLS_DHE_PSK_WITH_AES_128_CBC_SHA256","TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA","TLS_DHE_PSK_WITH_AES_128_CBC_SHA","TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256","TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256","TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256","TLS_PSK_DHE_WITH_AES_128_CCM_8","TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA","TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA","TLS_RSA_WITH_AES_256_GCM_SHA384","TLS_RSA_WITH_AES_256_CCM","TLS_RSA_WITH_AES_256_CBC_SHA256","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_256_CCM_8","TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA","TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_RSA_WITH_AES_128_GCM_SHA256","TLS_RSA_WITH_AES_128_CCM","TLS_RSA_WITH_AES_128_CBC_SHA256","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_128_CCM_8","TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA","TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_RSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA","TLS_RSA_PSK_WITH_AES_256_GCM_SHA384","TLS_RSA_PSK_WITH_AES_256_CBC_SHA384","TLS_RSA_PSK_WITH_AES_256_CBC_SHA","TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384","TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384","TLS_RSA_PSK_WITH_AES_128_GCM_SHA256","TLS_RSA_PSK_WITH_AES_128_CBC_SHA256","TLS_RSA_PSK_WITH_AES_128_CBC_SHA","TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256","TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256","TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA","TLS_PSK_WITH_AES_256_GCM_SHA384","TLS_PSK_WITH_AES_256_CCM","TLS_PSK_WITH_AES_256_CBC_SHA384","TLS_PSK_WITH_AES_256_CBC_SHA","TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384","TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384","TLS_PSK_WITH_AES_256_CCM_8","TLS_PSK_WITH_AES_128_GCM_SHA256","TLS_PSK_WITH_AES_128_CCM","TLS_PSK_WITH_AES_128_CBC_SHA256","TLS_PSK_WITH_AES_128_CBC_SHA","TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256","TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256","TLS_PSK_WITH_AES_128_CCM_8","TLS_PSK_WITH_3DES_EDE_CBC_SHA","TLS_EMPTY_RENEGOTIATION_INFO_SCSV"]
2017 - Evandro Copercini - Public Domain
*/

#include <WiFiSSLClient.h>

char ssid[] = "your_network_name"; // your network SSID (name of wifi network)
char pass[] = "your_password"; // your network password

char server[] = "www.howsmyssl.com"; // Server URL
// You can use x.509 certificates if you want
//unsigned char test_ca_cert[] = ""; //For the usage of verifying server
//unsigned char test_client_key[] = ""; //For the usage of verifying client
//unsigned char test_client_cert[] = ""; //For the usage of verifying client


WiFiSSLClient client;

void setup() {
//Initialize serial and wait for port to open:
Serial.begin(115200);

WiFi.begin(ssid, pass);
// attempt to connect to Wifi network:
while (WiFi.status() != WL_CONNECTED) {
Serial.print("Attempting to connect to SSID: ");
Serial.println(ssid);

// wait 5 seconds for re-trying
delay(5000);
}

Serial.print("Connected to ");
Serial.println(ssid);

Serial.println("\nStarting connection to server...");
if (client.connect(server, 443)) { //client.connect(server, 443, test_ca_cert, test_client_cert, test_client_key)
Serial.println("Connected to server!");
// Make a HTTP request:
client.println("GET https://www.howsmyssl.com/a/check HTTP/1.0");
client.println("Host: www.howsmyssl.com");
client.println("Connection: close");
client.println();
}
else
Serial.println("Connection failed!");


// if there are incoming bytes available
// from the server, read them and print them:
while (client.available()) {
char c = client.read();
Serial.write(c);
}

// if the server's disconnected, stop the client:
if (!client.connected()) {
Serial.println();
Serial.println("disconnecting from server.");
client.stop();
}
}

void loop() {
// do nothing
}
204 changes: 204 additions & 0 deletions libraries/WiFi/src/WiFiSSLClient.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,204 @@
/* Provide SSL/TLS functions to ESP32 with Arduino IDE
* Ported from Ameba8195 (no license specified) to ESP32 by Evandro Copercini - 2017 - Public domain
*/
#include "WiFi.h"
#include "WiFiSSLClient.h"

WiFiSSLClient::WiFiSSLClient(){
_is_connected = false;
_sock = -1;

sslclient = new sslclient_context;
ssl_init(sslclient);
sslclient->fd = -1;

_rootCABuff = NULL;
_cli_cert = NULL;
_cli_key = NULL;
}

WiFiSSLClient::WiFiSSLClient(uint8_t sock) {
_sock = sock;

sslclient = new sslclient_context;
ssl_init(sslclient);
sslclient->fd = -1;

if(sock >= 0)
_is_connected = true;
_rootCABuff = NULL;
_cli_cert = NULL;
_cli_key = NULL;
}

uint8_t WiFiSSLClient::connected() {
if (sslclient->fd < 0) {
_is_connected = false;
return 0;
}
else {
if(_is_connected)
return 1;
else{
stop();
return 0;
}
}
}

int WiFiSSLClient::available() {
int ret = 0;
int err;

if(!_is_connected)
return 0;
if (sslclient->fd >= 0)
{
ret = ssldrv.availData(sslclient);
if (ret > 0) {
return 1;
} else {
err = ssldrv.getLastErrno(sslclient);
if (err != EAGAIN) {
_is_connected = false;
}
}
return 0;
}
}

int WiFiSSLClient::read() {
int ret;
int err;
uint8_t b[1];

if (!available())
return -1;

ret = ssldrv.getData(sslclient, b);
if (ret > 0) {
return b[0];
} else {
err = ssldrv.getLastErrno(sslclient);
if (err != EAGAIN) {
_is_connected = false;
}
}
return -1;
}

int WiFiSSLClient::read(uint8_t* buf, size_t size) {
uint16_t _size = size;
int ret;
int err;

ret = ssldrv.getDataBuf(sslclient, buf, _size);
if (ret <= 0){
err = ssldrv.getLastErrno(sslclient);
if (err != EAGAIN) {
_is_connected = false;
}
}
return ret;
}

void WiFiSSLClient::stop() {

if (sslclient->fd < 0)
return;

ssldrv.stopClient(sslclient);
_is_connected = false;

sslclient->fd = -1;
_sock = -1;
}

size_t WiFiSSLClient::write(uint8_t b) {
return write(&b, 1);
}

size_t WiFiSSLClient::write(const uint8_t *buf, size_t size) {
if (sslclient->fd < 0)
{
setWriteError();
return 0;
}
if (size == 0)
{
setWriteError();
return 0;
}

if (!ssldrv.sendData(sslclient, buf, size))
{
setWriteError();
_is_connected = false;
return 0;
}

return size;
}

WiFiSSLClient::operator bool() {
return sslclient->fd >= 0;
}

int WiFiSSLClient::connect(IPAddress ip, uint16_t port) {
//
}

int WiFiSSLClient::connect(const char *host, uint16_t port) {
connect(host, port, _rootCABuff, _cli_cert, _cli_key);
}


int WiFiSSLClient::connect(const char* host, uint16_t port, unsigned char* rootCABuff, unsigned char* cli_cert, unsigned char* cli_key) {
IPAddress remote_addr;

if (WiFi.hostByName(host, remote_addr))
{
return connect(remote_addr, port, rootCABuff, cli_cert, cli_key);
}
return 0;
}

int WiFiSSLClient::connect(IPAddress ip, uint16_t port, unsigned char* rootCABuff, unsigned char* cli_cert, unsigned char* cli_key) {
int ret = 0;

ret = ssldrv.startClient(sslclient, ip, port, rootCABuff, cli_cert, cli_key);

if (ret < 0) {
_is_connected = false;
return 0;
} else {
_is_connected = true;
}

return 1;
}

int WiFiSSLClient::peek() {
uint8_t b;

if (!available())
return -1;

ssldrv.getData(sslclient, &b, 1);

return b;
}
void WiFiSSLClient::flush() {
while (available())
read();
}

void WiFiSSLClient::setRootCA(unsigned char *rootCA) {
_rootCABuff = rootCA;
}

void WiFiSSLClient::setClientCertificate(unsigned char *client_ca, unsigned char *private_key) {
_cli_cert = client_ca;
_cli_key = private_key;
}

52 changes: 52 additions & 0 deletions libraries/WiFi/src/WiFiSSLClient.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
/* Provide SSL/TLS functions to ESP32 with Arduino IDE
* Ported from Ameba8195 to ESP32 by Evandro Copercini - 2017 - Public domain
*/

#ifndef wifisslclient_h
#define wifisslclient_h
#include "Wifi.h"
#include "IPAddress.h"
#include "ssl_drv.h"

struct ssl_context;
class WiFiSSLClient : public Client {

public:

WiFiSSLClient();
WiFiSSLClient(uint8_t sock);

uint8_t status();
virtual int connect(IPAddress ip, uint16_t port);
virtual int connect(const char *host, uint16_t port);
virtual size_t write(uint8_t);
virtual size_t write(const uint8_t *buf, size_t size);
virtual int available();
virtual int read();
virtual int read(uint8_t *buf, size_t size);
virtual int peek();
virtual void flush();
virtual void stop();
virtual uint8_t connected();
virtual operator bool();

void setRootCA(unsigned char *rootCA);
void setClientCertificate(unsigned char *client_ca, unsigned char *private_key);

int connect(IPAddress ip, uint16_t port, unsigned char* rootCABuff, unsigned char* cli_cert, unsigned char* cli_key);
int connect(const char *host, uint16_t port, unsigned char* rootCABuff, unsigned char* cli_cert, unsigned char* cli_key);

using Print::write;

private:
int _sock;
bool _is_connected;
sslclient_context* sslclient;
SSLDrv ssldrv;

unsigned char *_rootCABuff;
unsigned char *_cli_cert;
unsigned char *_cli_key;
};

#endif
Loading