Remove axTLS

This commit is contained in:
Angus Gratton 2015-09-28 13:00:56 +10:00
parent 99facb808e
commit 233e5f377a
12 changed files with 3 additions and 528 deletions

4
.gitmodules vendored
View file

@ -1,10 +1,6 @@
[submodule "lwip/lwip"]
path = lwip/lwip
url = https://github.com/SuperHouse/esp-lwip.git
[submodule "axtls/axtls"]
path = axtls/axtls
url = https://github.com/SuperHouse/axtls.git
[submodule "extras/mbedtls/mbedtls"]
path = extras/mbedtls/mbedtls
url = https://github.com/ARMmbed/mbedtls.git

View file

@ -71,14 +71,13 @@ Current status is alpha quality, actively developed. AP STATION mode (ie wifi cl
- rboot-ota - OTA support (over-the-air updates) including a TFTP server for receiving updates ([for rboot by @raburton](http://richard.burtons.org/2015/05/18/rboot-a-new-boot-loader-for-esp8266/))
- bmp180 driver for digital pressure sensor ([upstream project](https://github.com/Angus71/esp-open-rtos-driver-bmp180))
* `FreeRTOS` contains FreeRTOS implementation, subdirectory structure is the standard FreeRTOS structure. `FreeRTOS/source/portable/esp8266/` contains the ESP8266 port.
* `lwip` and `axtls` contain the lwIP TCP/IP library and the axTLS TLS library ('libssl' in the esp8266 SDKs), respectively. See [Third Party Libraries](https://github.com/SuperHouse/esp-open-rtos/wiki/Third-Party-Libraries) wiki page for details.
* `lwip` contains the lwIP TCP/IP library. See [Third Party Libraries](https://github.com/SuperHouse/esp-open-rtos/wiki/Third-Party-Libraries) wiki page for details.
* `libc` contains the newlib libc. [Libc details here](https://github.com/SuperHouse/esp-open-rtos/wiki/libc-configuration).
## Open Source Components
* [FreeRTOS](http://freertos.org) V7.5.2
* [lwIP](http://lwip.wikia.com/wiki/LwIP_Wiki) v1.4.1, modified via the [esp-lwip project](https://github.com/kadamski/esp-lwip) by @kadamski.
* [axTLS](http://axtls.sourceforge.net/) compiled from development version v1.5.3, plus modifications for low memory devices.
* [newlib](https://github.com/projectgus/newlib-xtensa) v2.2.0, with patches for xtensa support and locking stubs for thread-safe operation on FreeRTOS.
For details of how third party libraries are integrated, [see the wiki page](https://github.com/SuperHouse/esp-open-rtos/wiki/Third-Party-Libraries).
@ -96,7 +95,7 @@ Some binary libraries appear to contain unattributed open source code:
## Licensing
* BSD license (as described in LICENSE) applies to original source files, [lwIP](http://lwip.wikia.com/wiki/LwIP_Wiki), and [axTLS](http://axtls.sourceforge.net/). lwIP is Copyright (C) Swedish Institute of Computer Science. axTLS is Copyright (C) Cameron Rich.
* BSD license (as described in LICENSE) applies to original source files, [lwIP](http://lwip.wikia.com/wiki/LwIP_Wiki). lwIP is Copyright (C) Swedish Institute of Computer Science.
* FreeRTOS is provided under the GPL with the FreeRTOS linking exception, allowing non-GPL firmwares to be produced using FreeRTOS as the RTOS core. License details in files under FreeRTOS dir. FreeRTOS is Copyright (C) Real Time Engineers Ltd.

@ -1 +0,0 @@
Subproject commit a4860ef68d7f5d98a8731f99787d51cc44c433c9

View file

@ -1,33 +0,0 @@
/*
* Stub time-related functions for TLS time-related operations
*
* ESPTODO: Revisit these ASAP as gettimeofday() is used for entropy
*
* Part of esp-open-rtos
* Copyright (C) 2015 Superhouse Automation Pty Ltd
* BSD Licensed as described in the file LICENSE
*/
#include <time.h>
#include <sys/time.h>
#include <stdio.h>
time_t time(time_t *t)
{
return 0;
}
time_t mktime(struct tm *tm)
{
return 0;
}
int gettimeofday(struct timeval *tv, void *tz)
{
return 0;
}
void abort(void)
{
printf("abort() was called.\r\n");
while(1) {}
}

View file

@ -1,22 +0,0 @@
# Component makefile for axTLS
# axTLS has its own configure and build system, but it's not particularly
# designed for embedded systems. For now we're just imposing the ESP Open RTOS
# build system over the top.
# We supply our own hand tweaked config.h in the external 'include' dir.
AXTLS_DIR = $(axtls_ROOT)axtls/
INC_DIRS += $(axtls_ROOT)include $(AXTLS_DIR)ssl $(AXTLS_DIR)crypto
# args for passing into compile rule generation
axtls_INC_DIR = $(AXTLS_DIR)include $(AXTLS_DIR)
axtls_SRC_DIR = $(AXTLS_DIR)crypto $(AXTLS_DIR)ssl $(axtls_ROOT)
#axtls_CFLAGS = $(CFLAGS) -Wno-address
$(eval $(call component_compile_rules,axtls))
# Helpful error if git submodule not initialised
$(axtls_SRC_DIR):
$(error "axtls git submodule not installed. Please run 'git submodule init' then 'git submodule update'")

View file

@ -1,128 +0,0 @@
/*
* Automatically generated header file: don't edit
*/
#define HAVE_DOT_CONFIG 0
#undef CONFIG_PLATFORM_LINUX
#undef CONFIG_PLATFORM_CYGWIN
#undef CONFIG_PLATFORM_WIN32
/*
* General Configuration
*/
#define PREFIX "/usr/local"
#define CROSS "xtensa-lx106-elf-"
#undef CONFIG_DEBUG
#define CONFIG_STRIP_UNWANTED_SECTIONS 1
#undef CONFIG_VISUAL_STUDIO_7_0
#undef CONFIG_VISUAL_STUDIO_8_0
#undef CONFIG_VISUAL_STUDIO_10_0
#define CONFIG_VISUAL_STUDIO_7_0_BASE ""
#define CONFIG_VISUAL_STUDIO_8_0_BASE ""
#define CONFIG_VISUAL_STUDIO_10_0_BASE ""
#define CONFIG_EXTRA_CFLAGS_OPTIONS ""
#define CONFIG_EXTRA_LDFLAGS_OPTIONS ""
/*
* Embedded System Options (added for ESP RTOS SDK, don't have config entries yetr)
*/
#define CONFIG_NO_FILESYSTEM 1
#define CONFIG_USE_RAND 1
#define CONFIG_MAX_PLAIN_LENGTH 1024
#define CONFIG_MAX_KEY_BYTE_SIZE 256 /* for max 2048 bit keys (untested with >1024 bit keys) */
/*
* SSL Library
*/
#undef CONFIG_SSL_SERVER_ONLY
#undef CONFIG_SSL_CERT_VERIFICATION
#define CONFIG_SSL_ENABLE_CLIENT 1
#undef CONFIG_SSL_FULL_MODE
#undef CONFIG_SSL_SKELETON_MODE
#undef CONFIG_SSL_PROT_LOW
#define CONFIG_SSL_PROT_MEDIUM 1
#undef CONFIG_SSL_PROT_HIGH
#undef CONFIG_SSL_USE_DEFAULT_KEY
#define CONFIG_SSL_PRIVATE_KEY_LOCATION ""
#define CONFIG_SSL_PRIVATE_KEY_PASSWORD ""
#define CONFIG_SSL_X509_CERT_LOCATION ""
#undef CONFIG_SSL_GENERATE_X509_CERT
#define CONFIG_SSL_X509_COMMON_NAME ""
#define CONFIG_SSL_X509_ORGANIZATION_NAME ""
#define CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME ""
#undef CONFIG_SSL_ENABLE_V23_HANDSHAKE
#undef CONFIG_SSL_HAS_PEM
#undef CONFIG_SSL_USE_PKCS12
#define CONFIG_SSL_EXPIRY_TIME 24
#define CONFIG_X509_MAX_CA_CERTS 1
#define CONFIG_SSL_MAX_CERTS 3
#undef CONFIG_SSL_CTX_MUTEXING
#undef CONFIG_USE_DEV_URANDOM
#undef CONFIG_WIN32_USE_CRYPTO_LIB
#undef CONFIG_OPENSSL_COMPATIBLE
#undef CONFIG_PERFORMANCE_TESTING
#undef CONFIG_SSL_TEST
#undef CONFIG_AXTLSWRAP
#undef CONFIG_AXHTTPD
#undef CONFIG_HTTP_STATIC_BUILD
#define CONFIG_HTTP_PORT
#define CONFIG_HTTP_HTTPS_PORT
#define CONFIG_HTTP_SESSION_CACHE_SIZE
#define CONFIG_HTTP_WEBROOT ""
#define CONFIG_HTTP_TIMEOUT
#undef CONFIG_HTTP_HAS_CGI
#define CONFIG_HTTP_CGI_EXTENSIONS ""
#undef CONFIG_HTTP_ENABLE_LUA
#define CONFIG_HTTP_LUA_PREFIX ""
#undef CONFIG_HTTP_BUILD_LUA
#define CONFIG_HTTP_CGI_LAUNCHER ""
#undef CONFIG_HTTP_DIRECTORIES
#undef CONFIG_HTTP_HAS_AUTHORIZATION
#undef CONFIG_HTTP_HAS_IPV6
#undef CONFIG_HTTP_ENABLE_DIFFERENT_USER
#define CONFIG_HTTP_USER ""
#undef CONFIG_HTTP_VERBOSE
#undef CONFIG_HTTP_IS_DAEMON
/*
* Language Bindings
*/
#undef CONFIG_BINDINGS
#undef CONFIG_CSHARP_BINDINGS
#undef CONFIG_VBNET_BINDINGS
#define CONFIG_DOT_NET_FRAMEWORK_BASE ""
#undef CONFIG_JAVA_BINDINGS
#define CONFIG_JAVA_HOME ""
#undef CONFIG_PERL_BINDINGS
#define CONFIG_PERL_CORE ""
#define CONFIG_PERL_LIB ""
#undef CONFIG_LUA_BINDINGS
#define CONFIG_LUA_CORE ""
/*
* Samples
*/
#undef CONFIG_SAMPLES
#undef CONFIG_C_SAMPLES
#undef CONFIG_CSHARP_SAMPLES
#undef CONFIG_VBNET_SAMPLES
#undef CONFIG_JAVA_SAMPLES
#undef CONFIG_PERL_SAMPLES
#undef CONFIG_LUA_SAMPLES
/*
* BigInt Options
*/
#undef CONFIG_BIGINT_CLASSICAL
#undef CONFIG_BIGINT_MONTGOMERY
#define CONFIG_BIGINT_BARRETT 1
#define CONFIG_BIGINT_CRT 1
#undef CONFIG_BIGINT_KARATSUBA
#define MUL_KARATSUBA_THRESH
#define SQU_KARATSUBA_THRESH
#define CONFIG_BIGINT_SLIDING_WINDOW 1
#define CONFIG_BIGINT_SQUARE 1
#define CONFIG_BIGINT_CHECK_ON 1
#define CONFIG_INTEGER_32BIT 1
#undef CONFIG_INTEGER_16BIT
#undef CONFIG_INTEGER_8BIT

View file

@ -1,6 +0,0 @@
#ifndef _OS_INT_H
#define _OS_INT_H
#include <stdint.h>
#endif

View file

@ -1,95 +0,0 @@
/*
* Copyright (c) 2007-2015, Cameron Rich
* Modifications Copyright (c) 2015 Superhouse Automation Pty Ltd
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* * Neither the name of the axTLS project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file os_port.h
*
* Some stuff to minimise the differences between windows and linux/unix
*/
#ifndef _HEADER_OS_PORT_H
#define _HEADER_OS_PORT_H
#ifdef __cplusplus
extern "C" {
#endif
#include "FreeRTOS.h"
#include "os_int.h"
#include "config.h"
#include <stdio.h>
#include <pwd.h>
#include <netdb.h>
//#include <fcntl.h>
#include <errno.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <posix/sys/socket.h>
#include <sys/wait.h>
#include <ipv4/lwip/inet.h>
#if defined(CONFIG_SSL_CTX_MUTEXING)
#include "semphr.h"
#endif
#define SOCKET_READ(A,B,C) read(A,B,C)
#define SOCKET_WRITE(A,B,C) write(A,B,C)
#define SOCKET_CLOSE(A) if (A >= 0) close(A)
#define TTY_FLUSH()
static inline uint64_t be64toh(uint64_t x) {
return ntohl(x>>32) | ((uint64_t)(ntohl(x)) << 32);
}
void exit_now(const char *format, ...) __attribute((noreturn));
#define EXP_FUNC
#define STDCALL
/* Mutex definitions */
#if defined(CONFIG_SSL_CTX_MUTEXING)
#define SSL_CTX_MUTEX_TYPE xSemaphoreHandle
#define SSL_CTX_MUTEX_INIT(A) vSemaphoreCreateBinaryCreateMutex(A)
#define SSL_CTX_MUTEX_DESTROY(A) vSemaphoreDelete(A)
#define SSL_CTX_LOCK(A) xSemaphoreTakeRecursive(A, portMAX_DELAY)
#define SSL_CTX_UNLOCK(A) xSemaphoreGiveRecursive(A)
#else
#define SSL_CTX_MUTEX_TYPE
#define SSL_CTX_MUTEX_INIT(A)
#define SSL_CTX_MUTEX_DESTROY(A)
#define SSL_CTX_LOCK(A)
#define SSL_CTX_UNLOCK(A)
#endif
#ifdef __cplusplus
}
#endif
#endif

View file

@ -1,10 +0,0 @@
/* axTLS version header
We need this because we're using axTLS from source repo, not from a release.
*/
#ifndef _VERSION_H
#define AXTLS_VERSION "esp-open-rtos axTLS " GITSHORTREV
#endif

View file

@ -80,7 +80,7 @@ OBJDUMP = $(CROSS)objdump
# Source components to compile and link. Each of these are subdirectories
# of the root, with a 'component.mk' file.
COMPONENTS ?= $(EXTRA_COMPONENTS) FreeRTOS lwip axtls core
COMPONENTS ?= $(EXTRA_COMPONENTS) FreeRTOS lwip core
# binary esp-iot-rtos SDK libraries to link. These are pre-processed prior to linking.
SDK_LIBS ?= main net80211 phy pp wpa

View file

@ -1,2 +0,0 @@
PROGRAM=http_get_ssl
include ../../common.mk

View file

@ -1,223 +0,0 @@
/* http_get_ssl - HTTPS version of the http_get example.
*
* Retrieves a web page over HTTPS (TLS) using GET.
*
* Does not validate server certificate.
*
* This sample code is in the public domain.,
*/
#include "espressif/esp_common.h"
#include "espressif/sdk_private.h"
#include <string.h>
#include "FreeRTOS.h"
#include "task.h"
#include "lwip/err.h"
#include "lwip/sockets.h"
#include "lwip/sys.h"
#include "lwip/netdb.h"
#include "lwip/dns.h"
#include "ssl.h"
#include "ssid_config.h"
#define WEB_SERVER "192.168.0.18"
#define WEB_PORT "8000"
#define WEB_URL "/test"
static void display_cipher(SSL *ssl);
static void display_session_id(SSL *ssl);
void http_get_task(void *pvParameters)
{
int successes = 0, failures = 0;
SSL_CTX *ssl_ctx;
uint32_t options = SSL_SERVER_VERIFY_LATER|SSL_DISPLAY_CERTS;
printf("HTTP get task starting...\r\n");
printf("free heap = %u\r\n", xPortGetFreeHeapSize());
if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_CLNT_SESS)) == NULL)
{
printf("Error: SSL Client context is invalid\n");
while(1) {}
}
printf("Got SSL context.");
while(1) {
const struct addrinfo hints = {
.ai_family = AF_INET,
.ai_socktype = SOCK_STREAM,
};
struct addrinfo *res;
printf("top of loop, free heap = %u\r\n", xPortGetFreeHeapSize());
printf("Running DNS lookup for %s...\r\n", WEB_SERVER);
int err = getaddrinfo(WEB_SERVER, WEB_PORT, &hints, &res);
if(err != 0 || res == NULL) {
printf("DNS lookup failed err=%d res=%p\r\n", err, res);
if(res)
freeaddrinfo(res);
vTaskDelay(1000 / portTICK_RATE_MS);
failures++;
continue;
}
/* Note: inet_ntoa is non-reentrant, look at ipaddr_ntoa_r for "real" code */
struct in_addr *addr = &((struct sockaddr_in *)res->ai_addr)->sin_addr;
printf("DNS lookup succeeded. IP=%s\r\n", inet_ntoa(*addr));
int s = socket(res->ai_family, res->ai_socktype, 0);
if(s < 0) {
printf("... Failed to allocate socket.\r\n");
freeaddrinfo(res);
vTaskDelay(1000 / portTICK_RATE_MS);
failures++;
continue;
}
printf("... allocated socket\r\n");
if(connect(s, res->ai_addr, res->ai_addrlen) != 0) {
close(s);
freeaddrinfo(res);
printf("... socket connect failed.\r\n");
vTaskDelay(4000 / portTICK_RATE_MS);
failures++;
continue;
}
printf("... connected. starting TLS session...\r\n");
freeaddrinfo(res);
SSL *ssl = ssl_client_new(ssl_ctx, s, NULL, 0);
printf("initial status %p %d\r\n", ssl, ssl_handshake_status(ssl));
if((err = ssl_handshake_status(ssl)) != SSL_OK) {
ssl_free(ssl);
close(s);
printf("SSL handshake failed. :( %d\r\n", err);
vTaskDelay(4000 / portTICK_RATE_MS);
failures++;
continue;
}
const char *common_name = ssl_get_cert_dn(ssl,
SSL_X509_CERT_COMMON_NAME);
if (common_name)
{
printf("Common Name:\t\t\t%s\n", common_name);
}
display_session_id(ssl);
display_cipher(ssl);
const char *req =
"GET "WEB_URL"\r\n"
"User-Agent: esp-open-rtos/0.1 esp8266\r\n"
"\r\n";
if (ssl_write(ssl, (uint8_t *)req, strlen(req)) < 0) {
printf("... socket send failed\r\n");
ssl_free(ssl);
close(s);
vTaskDelay(4000 / portTICK_RATE_MS);
failures++;
continue;
}
printf("... socket send success\r\n");
uint8_t *recv_buf;
int r;
do {
r = ssl_read(ssl, &recv_buf);
for(int i = 0; i < r; i++)
printf("%c", recv_buf[i]);
} while(r > 0);
printf("... done reading from socket. Last read return=%d errno=%d\r\n", r, errno);
if(r != 0)
failures++;
else
successes++;
ssl_free(ssl);
close(s);
printf("successes = %d failures = %d\r\n", successes, failures);
for(int countdown = 10; countdown >= 0; countdown--) {
printf("%d... ", countdown);
vTaskDelay(1000 / portTICK_RATE_MS);
}
printf("\r\nStarting again!\r\n");
}
}
void user_init(void)
{
sdk_uart_div_modify(0, UART_CLK_FREQ / 115200);
printf("SDK version:%s\n", sdk_system_get_sdk_version());
struct sdk_station_config config = {
.ssid = WIFI_SSID,
.password = WIFI_PASS,
};
/* required to call wifi_set_opmode before station_set_config */
sdk_wifi_set_opmode(STATION_MODE);
sdk_wifi_station_set_config(&config);
xTaskCreate(&http_get_task, (signed char *)"get_task", 2048, NULL, 2, NULL);
}
/**
* Display what session id we have.
*/
static void display_session_id(SSL *ssl)
{
int i;
const uint8_t *session_id = ssl_get_session_id(ssl);
int sess_id_size = ssl_get_session_id_size(ssl);
if (sess_id_size > 0)
{
printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
for (i = 0; i < sess_id_size; i++)
{
printf("%02x", session_id[i]);
}
printf("\n-----END SSL SESSION PARAMETERS-----\n");
}
}
/**
* Display what cipher we are using
*/
static void display_cipher(SSL *ssl)
{
printf("CIPHER is ");
switch (ssl_get_cipher_id(ssl))
{
case SSL_AES128_SHA:
printf("AES128-SHA");
break;
case SSL_AES256_SHA:
printf("AES256-SHA");
break;
case SSL_RC4_128_SHA:
printf("RC4-SHA");
break;
case SSL_RC4_128_MD5:
printf("RC4-MD5");
break;
default:
printf("Unknown - %d", ssl_get_cipher_id(ssl));
break;
}
printf("\n");
}