diff --git a/examples/tls_server_bearssl/Makefile b/examples/tls_server_bearssl/Makefile new file mode 100644 index 0000000..79c0e38 --- /dev/null +++ b/examples/tls_server_bearssl/Makefile @@ -0,0 +1,4 @@ +PROGRAM=tls_server_bearssl +EXTRA_COMPONENTS = extras/bearssl + +include ../../common.mk diff --git a/examples/tls_server_bearssl/certificate.h b/examples/tls_server_bearssl/certificate.h new file mode 100644 index 0000000..45f0fdf --- /dev/null +++ b/examples/tls_server_bearssl/certificate.h @@ -0,0 +1,97 @@ +#include "bearssl.h" + +/* + * Server certificate chain + * Generated using brssl ta certificate.pem + */ + +static const unsigned char CERT0[] = { + 0x30, 0x82, 0x03, 0xC9, 0x30, 0x82, 0x02, 0xB1, 0xA0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x09, 0x00, 0xF1, 0x32, 0x8D, 0x73, 0x19, 0xEA, 0x40, 0x2C, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x0B, 0x05, 0x00, 0x30, 0x7B, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x0C, 0x30, 0x0A, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x03, 0x56, 0x69, 0x63, 0x31, 0x12, 0x30, 0x10, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x09, 0x4D, 0x65, 0x6C, 0x62, 0x6F, + 0x75, 0x72, 0x6E, 0x65, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x15, 0x65, 0x73, 0x70, 0x2D, 0x6F, 0x70, 0x65, 0x6E, 0x2D, + 0x72, 0x74, 0x6F, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4C, 0x74, 0x64, + 0x31, 0x1C, 0x30, 0x1A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x13, 0x53, + 0x6E, 0x61, 0x6B, 0x65, 0x6F, 0x69, 0x6C, 0x20, 0x53, 0x61, 0x6C, 0x65, + 0x73, 0x20, 0x55, 0x6E, 0x69, 0x74, 0x31, 0x0C, 0x30, 0x0A, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x03, 0x65, 0x73, 0x70, 0x30, 0x1E, 0x17, 0x0D, + 0x31, 0x36, 0x30, 0x32, 0x30, 0x38, 0x30, 0x33, 0x34, 0x34, 0x35, 0x35, + 0x5A, 0x17, 0x0D, 0x31, 0x37, 0x30, 0x32, 0x30, 0x37, 0x30, 0x33, 0x34, + 0x34, 0x35, 0x35, 0x5A, 0x30, 0x7B, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x0C, 0x30, 0x0A, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0C, 0x03, 0x56, 0x69, 0x63, 0x31, 0x12, 0x30, + 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x09, 0x4D, 0x65, 0x6C, 0x62, + 0x6F, 0x75, 0x72, 0x6E, 0x65, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x0C, 0x15, 0x65, 0x73, 0x70, 0x2D, 0x6F, 0x70, 0x65, 0x6E, + 0x2D, 0x72, 0x74, 0x6F, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4C, 0x74, + 0x64, 0x31, 0x1C, 0x30, 0x1A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x13, + 0x53, 0x6E, 0x61, 0x6B, 0x65, 0x6F, 0x69, 0x6C, 0x20, 0x53, 0x61, 0x6C, + 0x65, 0x73, 0x20, 0x55, 0x6E, 0x69, 0x74, 0x31, 0x0C, 0x30, 0x0A, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x03, 0x65, 0x73, 0x70, 0x30, 0x82, 0x01, + 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, + 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xAB, 0xE4, 0xFA, 0xBB, 0x54, 0x04, + 0x49, 0x24, 0xA6, 0xB9, 0x82, 0x5E, 0xBC, 0x17, 0x64, 0xC9, 0x01, 0x1B, + 0x09, 0xEF, 0x57, 0xE9, 0xE1, 0xAE, 0x3C, 0xB9, 0x53, 0xF0, 0xC2, 0xD9, + 0xBB, 0x2F, 0xB8, 0xA5, 0x8B, 0xEA, 0xB1, 0x86, 0xD0, 0x7B, 0xDC, 0x03, + 0xA3, 0xA6, 0x24, 0x7F, 0x66, 0xA2, 0x41, 0x92, 0x93, 0x2B, 0x4A, 0x36, + 0xCD, 0x74, 0x73, 0xE9, 0xBF, 0x3F, 0x41, 0x93, 0x5E, 0xB8, 0x9A, 0xCB, + 0xFC, 0xD4, 0x35, 0xF3, 0x0E, 0xEC, 0xE7, 0xE5, 0x05, 0xEE, 0xBD, 0xB2, + 0x3C, 0xEC, 0x81, 0x5D, 0x9C, 0x23, 0x3E, 0x23, 0xEC, 0x4B, 0x48, 0xF0, + 0xA3, 0x05, 0xB3, 0xE3, 0x3D, 0x0B, 0x26, 0xED, 0x42, 0x54, 0x1B, 0xDA, + 0x5F, 0x8C, 0x00, 0x19, 0x94, 0x5E, 0x0A, 0x00, 0xDE, 0x77, 0x38, 0xBA, + 0x4A, 0x39, 0xEB, 0xBA, 0xBA, 0xDE, 0xDB, 0xD2, 0x51, 0xC9, 0xD4, 0x7F, + 0xD8, 0x2D, 0xE0, 0x4E, 0x31, 0xC4, 0x5E, 0x4D, 0xB3, 0x9B, 0x61, 0xAE, + 0x90, 0x1C, 0xEE, 0x3E, 0x46, 0x5E, 0xE7, 0xF4, 0xC3, 0x24, 0x0E, 0x0D, + 0x60, 0x78, 0x2B, 0x16, 0x6A, 0xCE, 0x8B, 0xCE, 0x73, 0xD5, 0x33, 0x52, + 0x72, 0xEE, 0x48, 0x7B, 0x21, 0x96, 0x77, 0x02, 0xCF, 0xB8, 0x75, 0x0F, + 0x95, 0xDD, 0x52, 0x77, 0xFE, 0xDF, 0xFE, 0x94, 0xE2, 0xB9, 0x3B, 0xE5, + 0xAD, 0x01, 0x66, 0x7D, 0xE9, 0xBE, 0xC0, 0x1F, 0x17, 0x34, 0x0E, 0x48, + 0x02, 0x2D, 0x6C, 0xFD, 0xFB, 0x87, 0xE9, 0x47, 0x11, 0xED, 0x8C, 0x3E, + 0x2C, 0x03, 0xB9, 0xD7, 0x12, 0x98, 0x24, 0xEA, 0xA6, 0x2A, 0x4B, 0xFF, + 0x0D, 0xD2, 0xD1, 0xCA, 0x40, 0x10, 0xBE, 0xB8, 0x34, 0x96, 0xC4, 0x4D, + 0xED, 0xD2, 0x61, 0x76, 0x26, 0xBD, 0x43, 0xD6, 0x01, 0xA5, 0x17, 0x2D, + 0xD5, 0x57, 0x9A, 0xF6, 0x7C, 0x47, 0xD6, 0x37, 0xBE, 0x09, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xA3, 0x50, 0x30, 0x4E, 0x30, 0x1D, 0x06, 0x03, 0x55, + 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x92, 0x0D, 0xAD, 0xDF, 0x06, 0x80, + 0xFC, 0xFF, 0xC7, 0x60, 0x31, 0x1E, 0x6D, 0x04, 0xBF, 0xE8, 0xD6, 0xD6, + 0xAF, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, + 0x16, 0x80, 0x14, 0x92, 0x0D, 0xAD, 0xDF, 0x06, 0x80, 0xFC, 0xFF, 0xC7, + 0x60, 0x31, 0x1E, 0x6D, 0x04, 0xBF, 0xE8, 0xD6, 0xD6, 0xAF, 0x21, 0x30, + 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, + 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xA4, 0x8B, 0xD8, + 0x14, 0xDF, 0xAE, 0x7C, 0x39, 0x2A, 0x88, 0x66, 0x30, 0x67, 0x28, 0x17, + 0xE2, 0xEA, 0x36, 0xCA, 0xC0, 0x04, 0xDD, 0x0B, 0x6B, 0xBB, 0x0B, 0x05, + 0x9E, 0x76, 0xB4, 0xF9, 0xAB, 0x1A, 0xB7, 0xF4, 0xCD, 0x96, 0xB1, 0x62, + 0xBE, 0x27, 0xFD, 0xA4, 0x45, 0xB9, 0xD2, 0x91, 0xE7, 0x65, 0x5D, 0xBE, + 0x59, 0x9B, 0x5E, 0xFC, 0xB8, 0x1E, 0x99, 0xE4, 0xB0, 0x4A, 0xA1, 0x9E, + 0x91, 0x54, 0x98, 0x1B, 0x36, 0xDE, 0x65, 0xC8, 0xAE, 0x39, 0xDA, 0xE7, + 0xC1, 0xA7, 0x72, 0x06, 0xA1, 0x89, 0xA0, 0xB4, 0xC1, 0xF8, 0x98, 0xC9, + 0x44, 0x9A, 0x9D, 0x95, 0x54, 0x7E, 0x3A, 0xB5, 0x66, 0x7B, 0x42, 0x76, + 0xAC, 0x16, 0x64, 0x43, 0xCE, 0x7F, 0x2D, 0x90, 0x19, 0xF1, 0x7A, 0x0B, + 0x0C, 0xFA, 0x29, 0x83, 0xEF, 0xA7, 0x53, 0x7E, 0x4D, 0x04, 0x42, 0xB9, + 0xA8, 0x89, 0x84, 0x5B, 0x25, 0x09, 0x6F, 0x54, 0xCF, 0x51, 0x96, 0xD5, + 0x29, 0x0B, 0xB8, 0x68, 0xF8, 0xBD, 0x02, 0xBA, 0x6B, 0x0E, 0x70, 0xDD, + 0xEB, 0x65, 0x32, 0x36, 0x20, 0xD6, 0xBC, 0x7C, 0x7D, 0xC9, 0x1D, 0xA1, + 0x0D, 0xBF, 0x68, 0x23, 0x98, 0xD5, 0x9C, 0xC1, 0xCD, 0x2D, 0x20, 0xAB, + 0x0F, 0x66, 0xDA, 0x05, 0x59, 0x2D, 0x17, 0x03, 0xE0, 0x27, 0x68, 0x1D, + 0x9C, 0xF5, 0xCE, 0xCE, 0x15, 0x87, 0x68, 0xB5, 0x4A, 0xCE, 0x5F, 0xBB, + 0x4C, 0xC8, 0xC8, 0xC4, 0xB3, 0xFA, 0xB9, 0xEA, 0x65, 0xEE, 0xB8, 0x34, + 0x3F, 0xA8, 0xF4, 0x50, 0x26, 0x2D, 0xED, 0xD4, 0x93, 0x2E, 0x56, 0xF4, + 0xEB, 0x08, 0xB4, 0xCD, 0x6A, 0x54, 0x54, 0x4A, 0xE9, 0x3F, 0xEB, 0x06, + 0x39, 0x76, 0x0B, 0x0C, 0xB7, 0xE5, 0xB3, 0xE1, 0x30, 0xA1, 0xF7, 0x7D, + 0x31, 0x84, 0x21, 0x64, 0xD3, 0xC5, 0xC3, 0xEE, 0x8B, 0xCE, 0xEC, 0x16, + 0x08 +}; + +static const br_x509_certificate SERVER_CERTIFICATE_CHAIN[] = { + { (unsigned char *)CERT0, sizeof CERT0 } +}; + +#define SERVER_CERTIFICATE_CHAIN_LEN 1 \ No newline at end of file diff --git a/examples/tls_server_bearssl/key.h b/examples/tls_server_bearssl/key.h new file mode 100644 index 0000000..46ab3fa --- /dev/null +++ b/examples/tls_server_bearssl/key.h @@ -0,0 +1,85 @@ +#include "bearssl.h" + +/* + * Server private key + * Generated using ./brssl skey -c key.pem + */ + +static const unsigned char RSA_P[] = { + 0xD5, 0xE0, 0xC5, 0xAB, 0xDA, 0xA1, 0x32, 0x6C, 0x4A, 0x35, 0x4B, 0x44, + 0x2B, 0x87, 0xBD, 0xBB, 0xDD, 0x31, 0x60, 0xD8, 0x52, 0x74, 0xA4, 0x15, + 0xFD, 0x7C, 0x97, 0xA7, 0xE1, 0x64, 0xD1, 0xA4, 0x86, 0xB8, 0x37, 0x63, + 0x2C, 0x99, 0xBE, 0xAB, 0x58, 0xB6, 0x28, 0x3E, 0x91, 0x7D, 0xBB, 0xB1, + 0x0B, 0x2E, 0x35, 0x54, 0xF3, 0x6C, 0xFC, 0x43, 0xA5, 0xA7, 0xA9, 0x8F, + 0xF9, 0xF0, 0x93, 0x0D, 0x54, 0xAB, 0x04, 0xB9, 0x0E, 0x4B, 0xF7, 0x76, + 0x0E, 0x26, 0xFF, 0xD1, 0x75, 0xA2, 0xDE, 0x8F, 0xCD, 0xA7, 0xA6, 0x41, + 0xF4, 0xF6, 0x5B, 0x53, 0xCB, 0x57, 0xAA, 0xA2, 0x9C, 0x68, 0xA9, 0xA4, + 0x85, 0x33, 0x88, 0xFC, 0xFD, 0xDC, 0xFB, 0x80, 0x29, 0xDB, 0x17, 0xC3, + 0x06, 0xD3, 0x7F, 0x18, 0x17, 0xB9, 0x0D, 0x13, 0xBB, 0x36, 0x7E, 0xB4, + 0xBD, 0xAD, 0xC0, 0xD1, 0xC4, 0x85, 0xD9, 0xF1 +}; + +static const unsigned char RSA_Q[] = { + 0xCD, 0xBF, 0x7E, 0x90, 0x59, 0xC4, 0x7F, 0x5D, 0xD7, 0x1A, 0xF9, 0x39, + 0xDB, 0xDC, 0x20, 0x0D, 0xB9, 0x77, 0xB4, 0x7B, 0x0D, 0xAC, 0x74, 0x59, + 0x39, 0x6F, 0x9F, 0x04, 0xDB, 0x7F, 0xE4, 0x3F, 0x87, 0xF0, 0xAC, 0xB8, + 0x9B, 0x51, 0xE4, 0x7A, 0x39, 0x36, 0xF2, 0xAE, 0xFB, 0x7C, 0x24, 0x0F, + 0x46, 0xF7, 0xF4, 0x2D, 0xE3, 0x4A, 0x09, 0x6A, 0xBF, 0xAC, 0x32, 0xE3, + 0x8E, 0x40, 0xBB, 0x10, 0x1E, 0x61, 0x0F, 0x3B, 0x47, 0x5C, 0x57, 0xF4, + 0xA6, 0xD3, 0x4B, 0xC8, 0xE5, 0x67, 0x87, 0x5E, 0xA1, 0x4A, 0xCE, 0x01, + 0xAF, 0x32, 0xDE, 0x6D, 0xFB, 0x12, 0xA8, 0xC0, 0x98, 0x81, 0x61, 0xB1, + 0x18, 0x97, 0xB7, 0xB9, 0xDC, 0x66, 0xFB, 0x03, 0xE7, 0x30, 0x0E, 0x6D, + 0x7F, 0x4A, 0xC0, 0x4D, 0x8D, 0x81, 0xD3, 0x09, 0x59, 0xF7, 0x47, 0xB0, + 0xA6, 0x38, 0xCA, 0xE4, 0x17, 0x5B, 0x4D, 0x99 +}; + +static const unsigned char RSA_DP[] = { + 0x34, 0xCC, 0xB7, 0x9F, 0xF4, 0x6A, 0x45, 0x1B, 0x6C, 0xBA, 0x79, 0x69, + 0x4B, 0xE1, 0xC7, 0xDA, 0x40, 0x01, 0xF7, 0xA9, 0x8F, 0xB9, 0x91, 0xE4, + 0x87, 0xDE, 0xA1, 0x45, 0xE5, 0xA3, 0xD1, 0x09, 0x6F, 0xE4, 0xBC, 0x6F, + 0xB4, 0x4C, 0x04, 0x41, 0x22, 0xB6, 0x5D, 0x7B, 0x0C, 0xC9, 0xE0, 0x73, + 0x15, 0x92, 0x83, 0xC2, 0x04, 0x12, 0x4C, 0xB8, 0x9A, 0x85, 0xA8, 0x9B, + 0x8D, 0x95, 0x71, 0x88, 0x21, 0xF5, 0xD2, 0x45, 0xA9, 0x1C, 0xE1, 0xEB, + 0x78, 0x14, 0xF2, 0xA4, 0x90, 0x08, 0xF4, 0x2E, 0xC6, 0x13, 0x74, 0x3C, + 0xE6, 0x2F, 0x87, 0x5E, 0x49, 0x5D, 0xCC, 0x17, 0x36, 0xCB, 0xB3, 0xCD, + 0x94, 0xC0, 0xA3, 0x39, 0xE9, 0xA6, 0x0B, 0x44, 0x99, 0x90, 0xA7, 0xEE, + 0x12, 0x9A, 0x55, 0xCE, 0xE9, 0xD4, 0x5A, 0x41, 0x1B, 0xBF, 0x99, 0x4A, + 0x1F, 0x65, 0x6C, 0xAB, 0x9C, 0x7B, 0x7A, 0xD1 +}; + +static const unsigned char RSA_DQ[] = { + 0x82, 0xE5, 0xE5, 0x00, 0xB3, 0x8B, 0xD7, 0x38, 0x7D, 0xA4, 0xF4, 0x90, + 0xC1, 0xF7, 0x0F, 0x11, 0x8C, 0x40, 0xC3, 0x3B, 0x52, 0x9C, 0xB8, 0x3D, + 0x17, 0xD4, 0x93, 0x08, 0x05, 0x1A, 0x1D, 0xBD, 0xE9, 0x9F, 0xCE, 0x53, + 0x78, 0xC5, 0xA6, 0x25, 0xB8, 0x86, 0xE3, 0xE9, 0x3D, 0xA8, 0x62, 0x4C, + 0xB1, 0xEB, 0x08, 0x97, 0xB5, 0x36, 0x22, 0x3D, 0x9F, 0x0A, 0x50, 0x2A, + 0x04, 0x13, 0xDC, 0xAF, 0x49, 0x94, 0x98, 0x9B, 0x2F, 0x30, 0x69, 0xE9, + 0x05, 0xC6, 0x02, 0x3E, 0x22, 0xED, 0x35, 0xEB, 0x97, 0x94, 0x3E, 0xF2, + 0x45, 0x63, 0x88, 0xAD, 0xD2, 0x01, 0xB2, 0x09, 0x2E, 0x3D, 0x8A, 0x48, + 0xA0, 0x8B, 0xCD, 0xE0, 0xDA, 0x7F, 0x4E, 0x0D, 0xD2, 0xA4, 0xF9, 0x58, + 0xE2, 0x96, 0x4D, 0x38, 0x49, 0xE2, 0x21, 0xC0, 0x9E, 0x53, 0x3B, 0x72, + 0x00, 0x9E, 0xBB, 0x3E, 0x58, 0x39, 0xC7, 0x69 +}; + +static const unsigned char RSA_IQ[] = { + 0x2E, 0x70, 0x40, 0x8D, 0xF9, 0xC6, 0xB8, 0x49, 0x28, 0x3D, 0x76, 0x48, + 0x8D, 0x8F, 0x54, 0x57, 0x57, 0xDF, 0xEE, 0x56, 0x50, 0x42, 0x09, 0xE5, + 0x28, 0xAF, 0xBB, 0x9A, 0xF6, 0x6B, 0x99, 0xCF, 0x63, 0xE1, 0x1E, 0xD8, + 0x7E, 0x4D, 0xBA, 0x15, 0x9F, 0xEF, 0x8D, 0x95, 0x14, 0x08, 0x3A, 0x60, + 0x27, 0xCA, 0xD7, 0x26, 0x2E, 0x2B, 0x6B, 0xFF, 0xBC, 0x9F, 0xE1, 0x68, + 0xB8, 0x99, 0xA8, 0x16, 0x5E, 0xDC, 0x5E, 0x81, 0xD1, 0x40, 0x5F, 0x42, + 0x7C, 0xD4, 0xB5, 0x56, 0xDE, 0x9C, 0xD9, 0x62, 0x2E, 0x3E, 0xB4, 0x49, + 0xB0, 0x6F, 0x7B, 0x72, 0x0D, 0x0E, 0x04, 0xF0, 0xD9, 0xA6, 0xE6, 0xD2, + 0xFD, 0xC3, 0x73, 0x1E, 0x30, 0x6C, 0xC4, 0xFC, 0xC3, 0x64, 0xA1, 0x88, + 0x2F, 0x37, 0xED, 0x1A, 0xF4, 0x9D, 0x48, 0x46, 0xB3, 0x42, 0x14, 0x6B, + 0x25, 0x39, 0x74, 0xBA, 0x5D, 0xDE, 0xA0, 0x75 +}; + +static const br_rsa_private_key SERVER_PRIVATE_KEY = { + 2048, + (unsigned char *)RSA_P, sizeof RSA_P, + (unsigned char *)RSA_Q, sizeof RSA_Q, + (unsigned char *)RSA_DP, sizeof RSA_DP, + (unsigned char *)RSA_DQ, sizeof RSA_DQ, + (unsigned char *)RSA_IQ, sizeof RSA_IQ +}; \ No newline at end of file diff --git a/examples/tls_server_bearssl/tls_server_bearssl.c b/examples/tls_server_bearssl/tls_server_bearssl.c new file mode 100644 index 0000000..09632ae --- /dev/null +++ b/examples/tls_server_bearssl/tls_server_bearssl.c @@ -0,0 +1,188 @@ +/* tls_server_bearssl - simple BearSSL TLS server that outputs some statistics to a connecting client, + * then closes the socket. + * + * Uses code from the server_basic example in BearSSL and the tls_server example. + * + * To test this program, connect to the ESP using openssl command line like this: + * + * openssl s_client -connect 192.168.66.209:800 + * + * The openssl command line client will print some information for the (self-signed) server certificate, + * then after a couple of seconds (validation) there will be a few lines of text output sent from the ESP. + * + * See the certificate.h and key.h files for private key & certificate, plus information for generation. + * + * Original Copyright (c) 2016 Thomas Pornin , MIT License. + * Additions Copyright (C) 2016 Stefan Schake, MIT License. + */ +#include "espressif/esp_common.h" +#include "esp/uart.h" +#include "esp/hwrand.h" + +#include + +#include "FreeRTOS.h" +#include "task.h" + +#include "lwip/err.h" +#include "lwip/sockets.h" +#include "lwip/sys.h" +#include "lwip/netdb.h" +#include "lwip/dns.h" +#include "lwip/api.h" + +#include "ssid_config.h" + +/* Server cert & key */ +#include "certificate.h" +#include "key.h" + +#include "bearssl.h" + +#define PORT 800 + +/* + * Low-level data read callback for the simplified SSL I/O API. + */ +static int +sock_read(void *ctx, unsigned char *buf, size_t len) +{ + for (;;) { + ssize_t rlen; + + rlen = read(*(int *)ctx, buf, len); + if (rlen <= 0) { + if (rlen < 0 && errno == EINTR) { + continue; + } + return -1; + } + return (int)rlen; + } +} + +/* + * Low-level data write callback for the simplified SSL I/O API. + */ +static int +sock_write(void *ctx, const unsigned char *buf, size_t len) +{ + for (;;) { + ssize_t wlen; + + wlen = write(*(int *)ctx, buf, len); + if (wlen <= 0) { + if (wlen < 0 && errno == EINTR) { + continue; + } + return -1; + } + return (int)wlen; + } +} + +/* + * BearSSL IO buffer and server state + */ +static unsigned char iobuf[BR_SSL_BUFSIZE_MONO]; +br_ssl_server_context sc; +br_sslio_context ioc; + +void tls_server_task(void *pvParameters) +{ + int successes = 0, failures = 0; + printf("TLS server task starting...\n"); + + /* Prepare server socket */ + int sfd = socket(PF_INET, SOCK_STREAM, 0); + if (sfd < 0) { + printf("Failed to allocate socket.\r\n"); + return; + } + struct sockaddr_in addr; + bzero(&addr, sizeof(addr)); + addr.sin_port = htons(PORT); + addr.sin_family = AF_INET; + addr.sin_addr.s_addr = INADDR_ANY; + if (bind(sfd, (const struct sockaddr*) &addr, sizeof(addr)) < 0) { + close(sfd); + printf("Failed to bind socket\r\n"); + return; + } + if (listen(sfd, 0) < 0) { + close(sfd); + printf("Failed to listen\r\n"); + return; + } + + /* Initialize engine */ + br_ssl_server_init_full_rsa(&sc, SERVER_CERTIFICATE_CHAIN, SERVER_CERTIFICATE_CHAIN_LEN, &SERVER_PRIVATE_KEY); + br_ssl_engine_set_buffer(&sc.eng, iobuf, sizeof iobuf, 0); + + /* + * Inject some entropy from the ESP hardware RNG + * This is necessary because we don't support any of the BearSSL methods + */ + for (int i = 0; i < 10; i++) { + int rand = hwrand(); + br_ssl_engine_inject_entropy(&sc.eng, &rand, 4); + } + + while(1) { + printf("Top of the loop, free heap = %u\r\n", xPortGetFreeHeapSize()); + + /* Accept a new client */ + struct sockaddr_in sa; + socklen_t sa_len = sizeof(sa); + int cfd = accept(sfd, (struct sockaddr*)&sa, &sa_len); + if (cfd < 0) { + continue; + } + + /* Prepare for a new handshake */ + br_ssl_server_reset(&sc); + /* Initialize the simplified IO wrapper */ + br_sslio_init(&ioc, &sc.eng, sock_read, &cfd, sock_write, &cfd); + + /* Prepare a message to the client */ + unsigned char buf[100]; + int len = sprintf((char *) buf, "O hai, client %d.%d.%d.%d:%d\r\nFree heap size is %d bytes\r\n", + ip4_addr1(&sa.sin_addr), ip4_addr2(&sa.sin_addr), + ip4_addr3(&sa.sin_addr), ip4_addr4(&sa.sin_addr), + ntohs(sa.sin_port), xPortGetFreeHeapSize()); + + /* Send the message and close the connection */ + br_sslio_write_all(&ioc, buf, len); + br_sslio_close(&ioc); + + /* Check if something bad happened */ + if (br_ssl_engine_last_error(&sc.eng) != BR_ERR_OK) { + close(cfd); + printf("failure, error = %d\r\n", br_ssl_engine_last_error(&sc.eng)); + failures++; + continue; + } + + close(cfd); + successes++; + printf("successes = %d failures = %d\r\n", successes, failures); + printf("Waiting for next client...\r\n"); + } +} + +void user_init(void) +{ + uart_set_baud(0, 115200); + printf("SDK version:%s\n", sdk_system_get_sdk_version()); + + struct sdk_station_config config = { + .ssid = WIFI_SSID, + .password = WIFI_PASS, + }; + + /* required to call wifi_set_opmode before station_set_config */ + sdk_wifi_set_opmode(STATION_MODE); + sdk_wifi_station_set_config(&config); + + xTaskCreate(&tls_server_task, "server_task", 2048, NULL, 2, NULL); +}