localhorst
/
ESP32-Mesh-OTA
1
0
Fork 0
Code Issues Pull Requests Releases Activity

https client module for ota image download

This commit is contained in:
Hendrik Schutter 2021-01-04 17:03:18 +01:00
parent a787a18d21
commit d50985c577
1 changed files with 287 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

438
main/https_mbedtls_example_main.c
View File

@ -27,213 +27,349 @@
#include "esp_crt_bundle.h"
/* Constants that aren't configurable in menuconfig */
#define WEB_SERVER "ota.hendrikschutter.com"
#define WEB_PORT "443"
#define WEB_URL "https://ota.hendrikschutter.com/hello-world.bin"
/* Constants that aren't configurable in menuconfig, yet */
#define HTTPS_CLIENT_COMMON_NAME "ota.hendrikschutter.com"
#define HTTPS_CLIENT_PORT "443"
#define HTTPS_CLIENT_URL "https://ota.hendrikschutter.com/hello-world.bin"
#define HTTPS_CLIENT_AUTH "b3RhOnB3" //base64("username:password")
static const char *TAG = "example";
#define HTTPS_CLIENT_OK 0
#define HTTPS_CLIENT_ERROR -1
#define HTTPS_CLIENT_ERROR_INIT_EMBEDTLS -2
#define HTTPS_CLIENT_ERROR_INIT_CONNECT_TWO_SERVER -3
#define HTTPS_CLIENT_ERROR_INIT_VALIDATE_SERVER -4
#define HTTPS_CLIENT_ERROR_INIT_SEND_REQUEST -5
static const char *REQUEST = "GET " WEB_URL " HTTP/1.1\r\n"
"Host: "WEB_SERVER"\r\n"
"User-Agent: esp-idf/1.0 esp32\r\n"
"Authorization: Basic b3RhOnB3\r\n" //base64("username:password")
"\r\n";
static void https_get_task(void *pvParameters)
struct HTTPS_Client
{
char buf[512];
int ret, flags, len;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_x509_crt cacert;
mbedtls_ssl_config conf;
mbedtls_net_context server_fd;
};
mbedtls_ssl_init(&ssl);
mbedtls_x509_crt_init(&cacert);
mbedtls_ctr_drbg_init(&ctr_drbg);
ESP_LOGI(TAG, "Seeding the random number generator");
typedef int32_t https_client_ret_t;
typedef struct HTTPS_Client HTTPS_Client_t;
mbedtls_ssl_config_init(&conf);
static const char *TAG = "https_client";
mbedtls_entropy_init(&entropy);
if((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0)) != 0)
static const char *REQUEST = "GET " HTTPS_CLIENT_URL " HTTP/1.1\r\n"
"Host: "HTTPS_CLIENT_COMMON_NAME"\r\n"
"User-Agent: esp-idf/1.0 esp32\r\n"
"Authorization: Basic " HTTPS_CLIENT_AUTH "\r\n"
"\r\n";
static HTTPS_Client_t sHTTPS_ClientConfig;
https_client_ret_t https_clientInitialize();
https_client_ret_t https_clientRetrieveData();
https_client_ret_t https_clientDeinitialize();
https_client_ret_t https_clientInitEmbedTLS();
https_client_ret_t https_clientConnectToServer();
https_client_ret_t https_clientValidateServer();
https_client_ret_t https_clientSendRequest();
https_client_ret_t https_clientInitialize()
{
https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
i32RetHTTPClient = https_clientInitEmbedTLS();
if(i32RetHTTPClient == HTTPS_CLIENT_OK)
{
ESP_LOGE(TAG, "mbedtls_ctr_drbg_seed returned %d", ret);
abort();
i32RetHTTPClient = https_clientConnectToServer();
}
ESP_LOGI(TAG, "Attaching the certificate bundle...");
ret = esp_crt_bundle_attach(&conf);
if(ret < 0)
if(i32RetHTTPClient == HTTPS_CLIENT_OK)
{
ESP_LOGE(TAG, "esp_crt_bundle_attach returned -0x%x\n\n", -ret);
abort();
i32RetHTTPClient = https_clientValidateServer();
}
ESP_LOGI(TAG, "Setting hostname for TLS session...");
/* Hostname set here should match CN in server certificate */
if((ret = mbedtls_ssl_set_hostname(&ssl, WEB_SERVER)) != 0)
if(i32RetHTTPClient == HTTPS_CLIENT_OK)
{
ESP_LOGE(TAG, "mbedtls_ssl_set_hostname returned -0x%x", -ret);
abort();
i32RetHTTPClient = https_clientSendRequest();
}
ESP_LOGI(TAG, "Setting up the SSL/TLS structure...");
if((ret = mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT)) != 0)
switch (i32RetHTTPClient)
{
ESP_LOGE(TAG, "mbedtls_ssl_config_defaults returned %d", ret);
goto exit;
case HTTPS_CLIENT_ERROR_INIT_EMBEDTLS:
ESP_LOGE(TAG, "Unable to initialize EmbedTLS");
i32RetHTTPClient = HTTPS_CLIENT_ERROR;
break;
case HTTPS_CLIENT_ERROR_INIT_CONNECT_TWO_SERVER:
ESP_LOGE(TAG, "Unable to connect to server");
i32RetHTTPClient = HTTPS_CLIENT_ERROR;
break;
case HTTPS_CLIENT_ERROR_INIT_VALIDATE_SERVER:
ESP_LOGE(TAG, "Unable to validate the server");
i32RetHTTPClient = HTTPS_CLIENT_ERROR;
break;
case HTTPS_CLIENT_ERROR_INIT_SEND_REQUEST:
ESP_LOGE(TAG, "Unable to send request to server");
i32RetHTTPClient = HTTPS_CLIENT_ERROR;
break;
case HTTPS_CLIENT_OK:
ESP_LOGI(TAG, "HTTPS Client successfully initialized");
i32RetHTTPClient = HTTPS_CLIENT_OK;
break;
default:
i32RetHTTPClient = HTTPS_CLIENT_ERROR;
ESP_LOGE(TAG, "Unknown error while init");
break;
}
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
return i32RetHTTPClient;
}
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0)
https_client_ret_t https_clientRetrieveData(unsigned char* pu8Data, uint32_t* pu32DataLenght, uint32_t* pu32BytesRead)
{
https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
int32_t i32RetRetrieveData = ESP_OK;
bzero(pu8Data, *pu32DataLenght);
bool bRetriveData = true;
while (bRetriveData)
{
ESP_LOGE(TAG, "mbedtls_ssl_setup returned -0x%x\n\n", -ret);
goto exit;
}
//Reading HTTP response
i32RetRetrieveData = mbedtls_ssl_read(&sHTTPS_ClientConfig.ssl, (unsigned char *)pu8Data, *pu32DataLenght);
mbedtls_net_init(&server_fd);
ESP_LOGI(TAG, "Connecting to %s:%s...", WEB_SERVER, WEB_PORT);
if ((ret = mbedtls_net_connect(&server_fd, WEB_SERVER,
WEB_PORT, MBEDTLS_NET_PROTO_TCP)) != 0)
{
ESP_LOGE(TAG, "mbedtls_net_connect returned -%x", -ret);
goto exit;
}
ESP_LOGI(TAG, "Connected.");
mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
ESP_LOGI(TAG, "Performing the SSL/TLS handshake...");
while ((ret = mbedtls_ssl_handshake(&ssl)) != 0)
{
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE)
if(i32RetRetrieveData > 0)
{
ESP_LOGE(TAG, "mbedtls_ssl_handshake returned -0x%x", -ret);
goto exit;
//Data received
*pu32BytesRead = *pu32BytesRead + i32RetRetrieveData;
*pu32DataLenght = *pu32DataLenght - *pu32BytesRead;
if(*pu32DataLenght > 0)
{
//buffer not full yet --> read some more
bRetriveData = true;
}
else
{
//buffer full --> stop reading
bRetriveData = false;
}
}
if(i32RetRetrieveData == 0)
{
//all data read --> stop reading
bRetriveData = false;
}
if(i32RetRetrieveData == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY)
{
//connection is going to be closed
i32RetHTTPClient = HTTPS_CLIENT_ERROR;
bRetriveData = false;
}
}
return i32RetHTTPClient;
}
https_client_ret_t https_clientDeinitialize()
{
https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
i32RetHTTPClient = mbedtls_ssl_close_notify(&sHTTPS_ClientConfig.ssl);
if(i32RetHTTPClient != ESP_OK)
{
ESP_LOGE(TAG, "mbedtls_ssl_close_notify returned 0x%x", i32RetHTTPClient);
}
mbedtls_ssl_session_reset(&sHTTPS_ClientConfig.ssl);
mbedtls_net_free(&sHTTPS_ClientConfig.server_fd);
return i32RetHTTPClient;
}
https_client_ret_t https_clientInitEmbedTLS() {
https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
int32_t i32RetEmbedTLS = ESP_OK;
mbedtls_ssl_init(&sHTTPS_ClientConfig.ssl);
mbedtls_x509_crt_init(&sHTTPS_ClientConfig.cacert);
mbedtls_ctr_drbg_init(&sHTTPS_ClientConfig.ctr_drbg);
mbedtls_ssl_config_init(&sHTTPS_ClientConfig.conf);
mbedtls_entropy_init(&sHTTPS_ClientConfig.entropy);
i32RetEmbedTLS = mbedtls_ctr_drbg_seed(&sHTTPS_ClientConfig.ctr_drbg, mbedtls_entropy_func, &sHTTPS_ClientConfig.entropy, NULL, 0);
if(i32RetEmbedTLS!= ESP_OK)
{
ESP_LOGE(TAG, "mbedtls_ctr_drbg_seed returned %d", i32RetEmbedTLS);
}
if(i32RetEmbedTLS == ESP_OK)
{
//Attaching the certificate bundle
i32RetEmbedTLS = esp_crt_bundle_attach(&sHTTPS_ClientConfig.conf);
if(i32RetEmbedTLS != ESP_OK)
{
ESP_LOGE(TAG, "esp_crt_bundle_attach returned 0x%x\n\n", i32RetEmbedTLS);
}
}
ESP_LOGI(TAG, "Verifying peer X.509 certificate...");
if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0)
if(i32RetEmbedTLS == ESP_OK)
{
/* In real life, we probably want to close connection if ret != 0 */
ESP_LOGW(TAG, "Failed to verify peer certificate!");
bzero(buf, sizeof(buf));
mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", flags);
ESP_LOGW(TAG, "verification info: %s", buf);
}
else {
ESP_LOGI(TAG, "Certificate verified.");
//Setting hostname for TLS session.
i32RetEmbedTLS = mbedtls_ssl_set_hostname(&sHTTPS_ClientConfig.ssl, HTTPS_CLIENT_COMMON_NAME);
// Hostname set here should match CN in server certificate
if(i32RetEmbedTLS != ESP_OK)
{
ESP_LOGE(TAG, "mbedtls_ssl_set_hostname returned 0x%x", i32RetEmbedTLS);
}
}
if(i32RetEmbedTLS == ESP_OK)
{
//Setting up the SSL/TLS structure
i32RetEmbedTLS = mbedtls_ssl_config_defaults(&sHTTPS_ClientConfig.conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT);
ESP_LOGI(TAG, "Cipher suite is %s", mbedtls_ssl_get_ciphersuite(&ssl));
ESP_LOGI(TAG, "Writing HTTP request...");
size_t written_bytes = 0;
while(written_bytes < strlen(REQUEST)) {
ret = mbedtls_ssl_write(&ssl,
(const unsigned char *)REQUEST + written_bytes,
strlen(REQUEST) - written_bytes);
if (ret >= 0) {
ESP_LOGI(TAG, "%d bytes written", ret);
written_bytes += ret;
} else if (ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_WANT_READ) {
ESP_LOGE(TAG, "mbedtls_ssl_write returned -0x%x", -ret);
goto exit;
if(i32RetEmbedTLS != ESP_OK)
{
ESP_LOGE(TAG, "mbedtls_ssl_config_defaults returned %d", i32RetEmbedTLS);
}
}
ESP_LOGI(TAG, "Reading HTTP response...");
if(i32RetEmbedTLS == ESP_OK)
{
mbedtls_ssl_conf_authmode(&sHTTPS_ClientConfig.conf, MBEDTLS_SSL_VERIFY_REQUIRED);
mbedtls_ssl_conf_ca_chain(&sHTTPS_ClientConfig.conf, &sHTTPS_ClientConfig.cacert, NULL);
mbedtls_ssl_conf_rng(&sHTTPS_ClientConfig.conf, mbedtls_ctr_drbg_random, &sHTTPS_ClientConfig.ctr_drbg);
//do
/// {
len = sizeof(buf) - 1;
bzero(buf, sizeof(buf));
ret = mbedtls_ssl_read(&ssl, (unsigned char *)buf, len);
if(ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE)
// continue;
if(ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
ret = 0;
// break;
i32RetEmbedTLS = mbedtls_ssl_setup(&sHTTPS_ClientConfig.ssl, &sHTTPS_ClientConfig.conf);
if(i32RetEmbedTLS != ESP_OK)
{
ESP_LOGE(TAG, "mbedtls_ssl_setup returned -0x%x\n\n", i32RetEmbedTLS);
}
}
if(ret < 0)
if(i32RetEmbedTLS == ESP_OK)
{
ESP_LOGE(TAG, "mbedtls_ssl_read returned -0x%x", -ret);
// break;
mbedtls_net_init(&sHTTPS_ClientConfig.server_fd);
}
if(ret == 0)
if (i32RetEmbedTLS != ESP_OK)
{
ESP_LOGI(TAG, "connection closed");
// break;
i32RetHTTPClient = HTTPS_CLIENT_ERROR_INIT_EMBEDTLS;
}
len = ret;
return i32RetHTTPClient;
}
ESP_LOGI(TAG, "%d bytes read", len);
https_client_ret_t https_clientConnectToServer()
{
https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
int32_t i32RetServerConnect = ESP_OK;
/* Print response directly to stdout as it is read */
for(int i = 0; i < len; i++) {
putchar(buf[i]);
//printf("0x%x ", buf[i]);
}
printf("\n");
// } while(1);
ret = mbedtls_ssl_close_notify(&ssl);
if(ret != 0)
{
ESP_LOGE(TAG, "mbedtls_ssl_close_notify returned 0x%x", ret);
}
exit:
mbedtls_ssl_session_reset(&ssl);
mbedtls_net_free(&server_fd);
if(ret != 0)
//Connecting to server
i32RetServerConnect = mbedtls_net_connect(&sHTTPS_ClientConfig.server_fd, HTTPS_CLIENT_COMMON_NAME, HTTPS_CLIENT_PORT, MBEDTLS_NET_PROTO_TCP);
if (i32RetServerConnect != ESP_OK)
{
mbedtls_strerror(ret, buf, 100);
ESP_LOGE(TAG, "Last error was: -0x%x - %s", -ret, buf);
ESP_LOGE(TAG, "mbedtls_net_connect returned %x", i32RetServerConnect);
}
putchar('\n'); // JSON output doesn't have a newline at end
if(i32RetServerConnect == ESP_OK)
{
mbedtls_ssl_set_bio(&sHTTPS_ClientConfig.ssl, &sHTTPS_ClientConfig.server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
static int request_count;
ESP_LOGI(TAG, "Completed %d requests", ++request_count);
//Performing the SSL/TLS handshake
while ((i32RetServerConnect = mbedtls_ssl_handshake(&sHTTPS_ClientConfig.ssl)) != 0)
{
if ((i32RetServerConnect != MBEDTLS_ERR_SSL_WANT_READ) && (i32RetServerConnect != MBEDTLS_ERR_SSL_WANT_WRITE))
{
ESP_LOGE(TAG, "mbedtls_ssl_handshake returned 0x%x", i32RetServerConnect);
}
}
}
if(i32RetServerConnect != ESP_OK)
{
i32RetHTTPClient = HTTPS_CLIENT_ERROR_INIT_CONNECT_TWO_SERVER;
}
return i32RetHTTPClient;
}
https_client_ret_t https_clientValidateServer()
{
https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
int32_t i32RetValidateServer = ESP_OK;
//Verifying peer X.509 certificate
if ((i32RetValidateServer = mbedtls_ssl_get_verify_result(&sHTTPS_ClientConfig.ssl)) != 0)
{
ESP_LOGE(TAG, "Failed to verify peer certificate!");
}
if(i32RetValidateServer != ESP_OK)
{
i32RetHTTPClient = HTTPS_CLIENT_ERROR_INIT_VALIDATE_SERVER;
}
return i32RetHTTPClient;
}
https_client_ret_t https_clientSendRequest()
{
https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
int32_t i32RetSendRequest = ESP_OK;
uint32_t u32WrittenBytes = 0;
bool bWrite = true;
//Writing HTTP request
while((u32WrittenBytes < strlen(REQUEST)) && bWrite)
{
i32RetSendRequest = mbedtls_ssl_write(&sHTTPS_ClientConfig.ssl,
(const unsigned char *)REQUEST + u32WrittenBytes,
strlen(REQUEST) - u32WrittenBytes);
if (i32RetSendRequest >= 0)
{
//bytes written
u32WrittenBytes += i32RetSendRequest;
} else if (i32RetSendRequest != MBEDTLS_ERR_SSL_WANT_WRITE && i32RetSendRequest != MBEDTLS_ERR_SSL_WANT_READ) {
ESP_LOGE(TAG, "mbedtls_ssl_write returned 0x%x", i32RetSendRequest);
bWrite = false;
}
}
if(bWrite == false)
{
i32RetHTTPClient = HTTPS_CLIENT_ERROR_INIT_SEND_REQUEST;
}
return i32RetHTTPClient;
}
ESP_LOGI(TAG, "going into endless loop!");
static void https_get_task(void *pvParameters)
{
while(1) {
https_clientInitialize();
uint32_t u32BufferLenght = 1024U;
unsigned char buffer[1024U];
uint32_t u32BytesRead = 0;
https_clientRetrieveData(buffer, &u32BufferLenght, &u32BytesRead);
// Print response directly to stdout as it is read
for(uint32_t i = 0; i < u32BytesRead; i++) {
putchar(buffer[i]);
// printf("%x ", buffer[i]);
}
printf("\n END \n");
https_clientDeinitialize();
while(1)
{
}