Skip to content

Add WiFiSSLClient (2) #156

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 12 commits into from
Closed

Add WiFiSSLClient (2) #156

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
b835f4a
Provide SSL/TLS functions to ESP32 with Arduino IDE
copercini Jan 30, 2017
4fc89a6
Wifi SSL client example
copercini Jan 30, 2017
156b900
Provide SSL/TLS functions to ESP32 with Arduino IDE
copercini Jan 30, 2017
54d52ef
Provide SSL/TLS functions to ESP32 with Arduino IDE
copercini Jan 30, 2017
5defcd2
Provide SSL/TLS functions to ESP32 with Arduino IDE
copercini Jan 30, 2017
140d5d5
fix path to MbedTLS config file
copercini Jan 30, 2017
f83c314
fix problem in include_next
copercini Jan 30, 2017
74344cb
fixed tipo in name of the file
copercini Jan 30, 2017
7e44679
Update WiFiSSLClient.cpp
copercini Jan 30, 2017
9c02638
Update WiFiSSLClient.h
copercini Jan 30, 2017
3e342d5
Update ssl_client.cpp
copercini Jan 30, 2017
5ede5a7
Update and rename libraries/WiFi/examples/WifiSSLClient/WifiSSLClient…
copercini Jan 30, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 72 additions & 0 deletions libraries/WiFi/examples/WiFiSSLClient/WiFiSSLClient.ino
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
/*
Wifi secure connection example for ESP32
Running on TLS 1.2 using mbedTLS
Suporting the folling chipersuites:
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CCM","TLS_DHE_RSA_WITH_AES_256_CCM","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","TLS_DHE_RSA_WITH_AES_256_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_DHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8","TLS_DHE_RSA_WITH_AES_256_CCM_8","TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_DHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CCM","TLS_DHE_RSA_WITH_AES_128_CCM","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_DHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_DHE_RSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8","TLS_DHE_RSA_WITH_AES_128_CCM_8","TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA","TLS_DHE_PSK_WITH_AES_256_GCM_SHA384","TLS_DHE_PSK_WITH_AES_256_CCM","TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384","TLS_DHE_PSK_WITH_AES_256_CBC_SHA384","TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA","TLS_DHE_PSK_WITH_AES_256_CBC_SHA","TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384","TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384","TLS_PSK_DHE_WITH_AES_256_CCM_8","TLS_DHE_PSK_WITH_AES_128_GCM_SHA256","TLS_DHE_PSK_WITH_AES_128_CCM","TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256","TLS_DHE_PSK_WITH_AES_128_CBC_SHA256","TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA","TLS_DHE_PSK_WITH_AES_128_CBC_SHA","TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256","TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256","TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256","TLS_PSK_DHE_WITH_AES_128_CCM_8","TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA","TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA","TLS_RSA_WITH_AES_256_GCM_SHA384","TLS_RSA_WITH_AES_256_CCM","TLS_RSA_WITH_AES_256_CBC_SHA256","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_256_CCM_8","TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA","TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_RSA_WITH_AES_128_GCM_SHA256","TLS_RSA_WITH_AES_128_CCM","TLS_RSA_WITH_AES_128_CBC_SHA256","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_128_CCM_8","TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA","TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_RSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA","TLS_RSA_PSK_WITH_AES_256_GCM_SHA384","TLS_RSA_PSK_WITH_AES_256_CBC_SHA384","TLS_RSA_PSK_WITH_AES_256_CBC_SHA","TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384","TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384","TLS_RSA_PSK_WITH_AES_128_GCM_SHA256","TLS_RSA_PSK_WITH_AES_128_CBC_SHA256","TLS_RSA_PSK_WITH_AES_128_CBC_SHA","TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256","TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256","TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA","TLS_PSK_WITH_AES_256_GCM_SHA384","TLS_PSK_WITH_AES_256_CCM","TLS_PSK_WITH_AES_256_CBC_SHA384","TLS_PSK_WITH_AES_256_CBC_SHA","TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384","TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384","TLS_PSK_WITH_AES_256_CCM_8","TLS_PSK_WITH_AES_128_GCM_SHA256","TLS_PSK_WITH_AES_128_CCM","TLS_PSK_WITH_AES_128_CBC_SHA256","TLS_PSK_WITH_AES_128_CBC_SHA","TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256","TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256","TLS_PSK_WITH_AES_128_CCM_8","TLS_PSK_WITH_3DES_EDE_CBC_SHA","TLS_EMPTY_RENEGOTIATION_INFO_SCSV"]
2017 - Evandro Copercini - Public Domain.
*/

#include <WiFiSSLClient.h>

char ssid[] = "your_network_name"; // your network SSID (name of wifi network)
char pass[] = "your_password"; // your network password

char server[] = "www.howsmyssl.com"; // Server URL
// You can use x.509 certificates if you want
//unsigned char test_ca_cert[] = ""; //For the usage of verifying server
//unsigned char test_client_key[] = ""; //For the usage of verifying client
//unsigned char test_client_cert[] = ""; //For the usage of verifying client


WiFiSSLClient client;

void setup() {
//Initialize serial and wait for port to open:
Serial.begin(115200);
delay(100);

Serial.print("Attempting to connect to SSID: ");
Serial.println(ssid);
WiFi.begin(ssid, pass);

// attempt to connect to Wifi network:
while (WiFi.status() != WL_CONNECTED) {
Serial.print(".");
// wait 1 second for re-trying
delay(1000);
}

Serial.print("Connected to ");
Serial.println(ssid);

Serial.println("\nStarting connection to server...");
if (client.connect(server, 443)) { //client.connect(server, 443, test_ca_cert, test_client_cert, test_client_key)
Serial.println("Connected to server!");
// Make a HTTP request:
client.println("GET https://www.howsmyssl.com/a/check HTTP/1.0");
client.println("Host: www.howsmyssl.com");
client.println("Connection: close");
client.println();
}
else
Serial.println("Connection failed!");


// if there are incoming bytes available
// from the server, read them and print them:
while (client.available()) {
char c = client.read();
Serial.write(c);
}

// if the server's disconnected, stop the client:
if (!client.connected()) {
Serial.println();
Serial.println("disconnecting from server.");
client.stop();
}
}

void loop() {
// do nothing
}
308 changes: 308 additions & 0 deletions libraries/WiFi/src/WiFiSSLClient.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,308 @@
/* Provide SSL/TLS functions to ESP32 with Arduino IDE
* by Evandro Copercini - 2017 - Public domain
*/
#include "WiFi.h"
#include "WiFiSSLClient.h"


WiFiSSLClient::WiFiSSLClient(){
_connected = false;

sslclient = new sslclient_context;
ssl_init(sslclient);
sslclient->fd = -1;

_CA_cert = NULL;
_cert = NULL;
_private_key = NULL;
}

WiFiSSLClient::WiFiSSLClient(uint8_t sock) {

sslclient = new sslclient_context;
ssl_init(sslclient);
sslclient->fd = -1;

if(sock >= 0)
_connected = true;

_CA_cert = NULL;
_cert = NULL;
_private_key = NULL;
}

uint8_t WiFiSSLClient::connected() {
if (sslclient->fd < 0) {
_connected = false;
return 0;
}
else {
if(_connected)
return 1;
else{
stop();
return 0;
}
}
}

int WiFiSSLClient::available() {
int ret = 0;
int err;

if(!_connected)
return 0;
if (sslclient->fd >= 0)
{
ret = availData(sslclient);
if (ret > 0) {
return 1;
} else {
printf("SSLclient: availData ERROR");
_connected = false;
}
return 0;
}
}

int WiFiSSLClient::read() {
int ret;
int err;
uint8_t b[1];

if (!available())
return -1;

ret = getData(sslclient, b);
if (ret > 0) {
return b[0];
} else {
printf("SSLclient: read ERROR");
_connected = false;
}
return -1;
}

int WiFiSSLClient::read(uint8_t* buf, size_t size) {
uint16_t _size = size;
int ret;
int err;

ret = getDataBuf(sslclient, buf, _size);
if (ret <= 0){
printf("SSLclient: read ERROR");
_connected = false;
}
return ret;
}

void WiFiSSLClient::stop() {

if (sslclient->fd < 0)
return;

stopClient(sslclient);
_connected = false;

sslclient->fd = -1;
}

size_t WiFiSSLClient::write(uint8_t b) {
return write(&b, 1);
}

size_t WiFiSSLClient::write(const uint8_t *buf, size_t size) {
if (sslclient->fd < 0)
{
setWriteError();
return 0;
}
if (size == 0)
{
setWriteError();
return 0;
}

if (!sendData(sslclient, buf, size))
{
setWriteError();
_connected = false;
return 0;
}

return size;
}

WiFiSSLClient::operator bool() {
return sslclient->fd >= 0;
}

int WiFiSSLClient::connect(IPAddress ip, uint16_t port) {
connect(ip, port, _CA_cert, _cert, _private_key);
}

int WiFiSSLClient::connect(const char *host, uint16_t port) {
connect(host, port, _CA_cert, _cert, _private_key);
}


int WiFiSSLClient::connect(const char* host, uint16_t port, unsigned char* CA_cert, unsigned char* cert, unsigned char* private_key) {
IPAddress remote_addr;

if (WiFi.hostByName(host, remote_addr))
{
return connect(remote_addr, port, CA_cert, cert, private_key);
}
return 0;
}

int WiFiSSLClient::connect(IPAddress ip, uint16_t port, unsigned char* CA_cert, unsigned char* cert, unsigned char* private_key) {
int ret = 0;

ret = startClient(sslclient, ip, port, CA_cert, cert, private_key);

if (ret < 0) {
_connected = false;
return 0;
} else {
_connected = true;
}

return 1;
}

int WiFiSSLClient::peek() {
uint8_t b;

if (!available())
return -1;

getData(sslclient, &b, 1);

return b;
}
void WiFiSSLClient::flush() {
while (available())
read();
}

void WiFiSSLClient::setCACert(unsigned char *rootCA) {
_CA_cert = rootCA;
}

void WiFiSSLClient::setCertificate (unsigned char *client_ca){
_cert = client_ca;
}

void WiFiSSLClient::setPrivateKey (unsigned char *private_key) {
_private_key = private_key;
}


uint16_t WiFiSSLClient::availData(sslclient_context *ssl_client)
{
int ret;

if (ssl_client->fd < 0)
return 0;

if(_available) {
return 1;
} else {
return getData(ssl_client, c, 1);
}
}

bool WiFiSSLClient::getData(sslclient_context *ssl_client, uint8_t *data, uint8_t peek)
{
int ret = 0;
int flag = 0;

if (_available) {
/* we already has data to read */
data[0] = c[0];
if (peek) {
} else {
/* It's not peek and the data has been taken */
_available = false;
}
return true;
}

if (peek) {
flag |= 1;
}

ret = get_ssl_receive(ssl_client, c, 1, flag);

if (ret == 1) {
data[0] = c[0];
if (peek) {
_available = true;
} else {
_available = false;
}
return true;
}

return false;
}

int WiFiSSLClient::getDataBuf(sslclient_context *ssl_client, uint8_t *_data, uint16_t _dataLen)
{
int ret;

if (_available) {
/* there is one byte cached */
_data[0] = c[0];
_available = false;
_dataLen--;
if (_dataLen > 0) {
ret = get_ssl_receive(ssl_client, _data, _dataLen, 0);
if (ret > 0) {
ret++;
return ret;
} else {
return 1;
}
} else {
return 1;
}
} else {
ret = get_ssl_receive(ssl_client, _data, _dataLen, 0);
}

return ret;
}

void WiFiSSLClient::stopClient(sslclient_context *ssl_client)
{
stop_ssl_socket(ssl_client);
_available = false;
}

bool WiFiSSLClient::sendData(sslclient_context *ssl_client, const uint8_t *data, uint16_t len)
{
int ret;

if (ssl_client->fd < 0)
return false;

ret = send_ssl_data(ssl_client, data, len);

if (ret == 0) {
return false;
}

return true;
}


int WiFiSSLClient::startClient(sslclient_context *ssl_client, uint32_t ipAddress, uint32_t port, unsigned char* CA_cert, unsigned char* cert, unsigned char* private_key)
{
int ret;

ret = start_ssl_client(ssl_client, ipAddress, port, CA_cert, cert, private_key);

return ret;
}
Loading