https client module for ota image download

2021-01-04 17:03:18 +01:00
parent a787a18d21
commit d50985c577
1 changed files with 287 additions and 151 deletions
--- a/main/https_mbedtls_example_main.c
+++ b/main/https_mbedtls_example_main.c
@ -27,213 +27,349 @@
 #include "esp_crt_bundle.h"


-/* Constants that aren't configurable in menuconfig */
-#define WEB_SERVER "ota.hendrikschutter.com"
-#define WEB_PORT "443"
-#define WEB_URL "https://ota.hendrikschutter.com/hello-world.bin"
+/* Constants that aren't configurable in menuconfig, yet */
+#define HTTPS_CLIENT_COMMON_NAME "ota.hendrikschutter.com"
+#define HTTPS_CLIENT_PORT "443"
+#define HTTPS_CLIENT_URL "https://ota.hendrikschutter.com/hello-world.bin"
+#define HTTPS_CLIENT_AUTH "b3RhOnB3"  //base64("username:password")

-static const char *TAG = "example";
+#define HTTPS_CLIENT_OK 0
+#define HTTPS_CLIENT_ERROR -1
+#define HTTPS_CLIENT_ERROR_INIT_EMBEDTLS -2
+#define HTTPS_CLIENT_ERROR_INIT_CONNECT_TWO_SERVER -3
+#define HTTPS_CLIENT_ERROR_INIT_VALIDATE_SERVER -4
+#define HTTPS_CLIENT_ERROR_INIT_SEND_REQUEST -5

-static const char *REQUEST = "GET " WEB_URL " HTTP/1.1\r\n"
-                             "Host: "WEB_SERVER"\r\n"
-                             "User-Agent: esp-idf/1.0 esp32\r\n"
-                             "Authorization: Basic b3RhOnB3\r\n" //base64("username:password")
-                             "\r\n";
-
-
-static void https_get_task(void *pvParameters)
+struct HTTPS_Client
 {
-    char buf[512];
-    int ret, flags, len;
-
    mbedtls_entropy_context entropy;
    mbedtls_ctr_drbg_context ctr_drbg;
    mbedtls_ssl_context ssl;
    mbedtls_x509_crt cacert;
    mbedtls_ssl_config conf;
    mbedtls_net_context server_fd;
+};

-    mbedtls_ssl_init(&ssl);
-    mbedtls_x509_crt_init(&cacert);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    ESP_LOGI(TAG, "Seeding the random number generator");
+typedef int32_t https_client_ret_t;
+typedef struct HTTPS_Client HTTPS_Client_t;

-    mbedtls_ssl_config_init(&conf);
+static const char *TAG = "https_client";

-    mbedtls_entropy_init(&entropy);
-    if((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0)) != 0)
+static const char *REQUEST = "GET " HTTPS_CLIENT_URL " HTTP/1.1\r\n"
+                             "Host: "HTTPS_CLIENT_COMMON_NAME"\r\n"
+                             "User-Agent: esp-idf/1.0 esp32\r\n"
+                             "Authorization: Basic " HTTPS_CLIENT_AUTH "\r\n"
+                             "\r\n";
+
+static HTTPS_Client_t sHTTPS_ClientConfig;
+
+https_client_ret_t https_clientInitialize();
+https_client_ret_t https_clientRetrieveData();
+https_client_ret_t https_clientDeinitialize();
+
+https_client_ret_t https_clientInitEmbedTLS();
+https_client_ret_t https_clientConnectToServer();
+https_client_ret_t https_clientValidateServer();
+https_client_ret_t https_clientSendRequest();
+
+https_client_ret_t https_clientInitialize()
+{
+    https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
+
+    i32RetHTTPClient = https_clientInitEmbedTLS();
+
+    if(i32RetHTTPClient == HTTPS_CLIENT_OK)
    {
-        ESP_LOGE(TAG, "mbedtls_ctr_drbg_seed returned %d", ret);
-        abort();
+        i32RetHTTPClient = https_clientConnectToServer();
    }

-    ESP_LOGI(TAG, "Attaching the certificate bundle...");
-
-    ret = esp_crt_bundle_attach(&conf);
-
-    if(ret < 0)
+    if(i32RetHTTPClient == HTTPS_CLIENT_OK)
    {
-        ESP_LOGE(TAG, "esp_crt_bundle_attach returned -0x%x\n\n", -ret);
-        abort();
+        i32RetHTTPClient = https_clientValidateServer();
    }

-    ESP_LOGI(TAG, "Setting hostname for TLS session...");
-
-    /* Hostname set here should match CN in server certificate */
-    if((ret = mbedtls_ssl_set_hostname(&ssl, WEB_SERVER)) != 0)
+    if(i32RetHTTPClient == HTTPS_CLIENT_OK)
    {
-        ESP_LOGE(TAG, "mbedtls_ssl_set_hostname returned -0x%x", -ret);
-        abort();
+        i32RetHTTPClient = https_clientSendRequest();
    }

-    ESP_LOGI(TAG, "Setting up the SSL/TLS structure...");
-
-    if((ret = mbedtls_ssl_config_defaults(&conf,
-                                          MBEDTLS_SSL_IS_CLIENT,
-                                          MBEDTLS_SSL_TRANSPORT_STREAM,
-                                          MBEDTLS_SSL_PRESET_DEFAULT)) != 0)
+    switch (i32RetHTTPClient)
    {
-        ESP_LOGE(TAG, "mbedtls_ssl_config_defaults returned %d", ret);
-        goto exit;
+    case HTTPS_CLIENT_ERROR_INIT_EMBEDTLS:
+        ESP_LOGE(TAG, "Unable to initialize EmbedTLS");
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR;
+        break;
+    case HTTPS_CLIENT_ERROR_INIT_CONNECT_TWO_SERVER:
+        ESP_LOGE(TAG, "Unable to connect to server");
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR;
+        break;
+    case HTTPS_CLIENT_ERROR_INIT_VALIDATE_SERVER:
+        ESP_LOGE(TAG, "Unable to validate the server");
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR;
+        break;
+    case HTTPS_CLIENT_ERROR_INIT_SEND_REQUEST:
+        ESP_LOGE(TAG, "Unable to send request to server");
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR;
+        break;
+    case HTTPS_CLIENT_OK:
+        ESP_LOGI(TAG, "HTTPS Client successfully initialized");
+        i32RetHTTPClient = HTTPS_CLIENT_OK;
+        break;
+    default:
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR;
+        ESP_LOGE(TAG, "Unknown error while init");
+        break;
    }

-    mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
-    mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
-    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+    return i32RetHTTPClient;
+}

-    if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0)
+https_client_ret_t https_clientRetrieveData(unsigned char* pu8Data, uint32_t* pu32DataLenght, uint32_t* pu32BytesRead)
+{
+    https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
+    int32_t i32RetRetrieveData = ESP_OK;
+    bzero(pu8Data, *pu32DataLenght);
+    bool bRetriveData = true;
+
+    while (bRetriveData)
    {
-        ESP_LOGE(TAG, "mbedtls_ssl_setup returned -0x%x\n\n", -ret);
-        goto exit;
-    }
+        //Reading HTTP response
+        i32RetRetrieveData = mbedtls_ssl_read(&sHTTPS_ClientConfig.ssl, (unsigned char *)pu8Data, *pu32DataLenght);

-    mbedtls_net_init(&server_fd);
-
-    ESP_LOGI(TAG, "Connecting to %s:%s...", WEB_SERVER, WEB_PORT);
-
-    if ((ret = mbedtls_net_connect(&server_fd, WEB_SERVER,
-                                   WEB_PORT, MBEDTLS_NET_PROTO_TCP)) != 0)
-    {
-        ESP_LOGE(TAG, "mbedtls_net_connect returned -%x", -ret);
-        goto exit;
-    }
-
-    ESP_LOGI(TAG, "Connected.");
-
-    mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
-
-    ESP_LOGI(TAG, "Performing the SSL/TLS handshake...");
-
-    while ((ret = mbedtls_ssl_handshake(&ssl)) != 0)
-    {
-        if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE)
+        if(i32RetRetrieveData > 0)
        {
-            ESP_LOGE(TAG, "mbedtls_ssl_handshake returned -0x%x", -ret);
-            goto exit;
+            //Data received
+            *pu32BytesRead = *pu32BytesRead + i32RetRetrieveData;
+            *pu32DataLenght = *pu32DataLenght - *pu32BytesRead;
+
+            if(*pu32DataLenght > 0)
+            {
+                //buffer not full yet --> read some more
+                bRetriveData = true;
+            }
+            else
+            {
+                //buffer full --> stop reading
+                bRetriveData = false;
+            }
+        }
+
+        if(i32RetRetrieveData == 0)
+        {
+            //all data read --> stop reading
+            bRetriveData = false;
+        }
+
+        if(i32RetRetrieveData == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY)
+        {
+            //connection is going to be closed
+            i32RetHTTPClient = HTTPS_CLIENT_ERROR;
+            bRetriveData = false;
+        }
+    }
+    return i32RetHTTPClient;
+}
+
+https_client_ret_t https_clientDeinitialize()
+{
+    https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
+
+    i32RetHTTPClient = mbedtls_ssl_close_notify(&sHTTPS_ClientConfig.ssl);
+
+    if(i32RetHTTPClient != ESP_OK)
+    {
+        ESP_LOGE(TAG, "mbedtls_ssl_close_notify returned 0x%x", i32RetHTTPClient);
+    }
+
+    mbedtls_ssl_session_reset(&sHTTPS_ClientConfig.ssl);
+    mbedtls_net_free(&sHTTPS_ClientConfig.server_fd);
+
+    return i32RetHTTPClient;
+}
+
+https_client_ret_t https_clientInitEmbedTLS() {
+
+    https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
+    int32_t i32RetEmbedTLS = ESP_OK;
+
+    mbedtls_ssl_init(&sHTTPS_ClientConfig.ssl);
+    mbedtls_x509_crt_init(&sHTTPS_ClientConfig.cacert);
+    mbedtls_ctr_drbg_init(&sHTTPS_ClientConfig.ctr_drbg);
+    mbedtls_ssl_config_init(&sHTTPS_ClientConfig.conf);
+    mbedtls_entropy_init(&sHTTPS_ClientConfig.entropy);
+
+    i32RetEmbedTLS = mbedtls_ctr_drbg_seed(&sHTTPS_ClientConfig.ctr_drbg, mbedtls_entropy_func, &sHTTPS_ClientConfig.entropy, NULL, 0);
+
+    if(i32RetEmbedTLS!= ESP_OK)
+    {
+        ESP_LOGE(TAG, "mbedtls_ctr_drbg_seed returned %d", i32RetEmbedTLS);
+    }
+
+    if(i32RetEmbedTLS == ESP_OK)
+    {
+        //Attaching the certificate bundle
+        i32RetEmbedTLS = esp_crt_bundle_attach(&sHTTPS_ClientConfig.conf);
+        if(i32RetEmbedTLS != ESP_OK)
+        {
+            ESP_LOGE(TAG, "esp_crt_bundle_attach returned 0x%x\n\n", i32RetEmbedTLS);
        }
    }

-    ESP_LOGI(TAG, "Verifying peer X.509 certificate...");
-
-    if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0)
+    if(i32RetEmbedTLS == ESP_OK)
    {
-        /* In real life, we probably want to close connection if ret != 0 */
-        ESP_LOGW(TAG, "Failed to verify peer certificate!");
-        bzero(buf, sizeof(buf));
-        mbedtls_x509_crt_verify_info(buf, sizeof(buf), "  ! ", flags);
-        ESP_LOGW(TAG, "verification info: %s", buf);
-    }
-    else {
-        ESP_LOGI(TAG, "Certificate verified.");
+        //Setting hostname for TLS session.
+        i32RetEmbedTLS = mbedtls_ssl_set_hostname(&sHTTPS_ClientConfig.ssl, HTTPS_CLIENT_COMMON_NAME);
+        // Hostname set here should match CN in server certificate
+        if(i32RetEmbedTLS != ESP_OK)
+        {
+            ESP_LOGE(TAG, "mbedtls_ssl_set_hostname returned 0x%x", i32RetEmbedTLS);
+        }
    }
+    if(i32RetEmbedTLS == ESP_OK)
+    {
+        //Setting up the SSL/TLS structure
+        i32RetEmbedTLS = mbedtls_ssl_config_defaults(&sHTTPS_ClientConfig.conf,
+                         MBEDTLS_SSL_IS_CLIENT,
+                         MBEDTLS_SSL_TRANSPORT_STREAM,
+                         MBEDTLS_SSL_PRESET_DEFAULT);

-    ESP_LOGI(TAG, "Cipher suite is %s", mbedtls_ssl_get_ciphersuite(&ssl));
-
-    ESP_LOGI(TAG, "Writing HTTP request...");
-
-    size_t written_bytes = 0;
-    while(written_bytes < strlen(REQUEST)) {
-        ret = mbedtls_ssl_write(&ssl,
-                                (const unsigned char *)REQUEST + written_bytes,
-                                strlen(REQUEST) - written_bytes);
-        if (ret >= 0) {
-            ESP_LOGI(TAG, "%d bytes written", ret);
-            written_bytes += ret;
-        } else if (ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_WANT_READ) {
-            ESP_LOGE(TAG, "mbedtls_ssl_write returned -0x%x", -ret);
-            goto exit;
+        if(i32RetEmbedTLS != ESP_OK)
+        {
+            ESP_LOGE(TAG, "mbedtls_ssl_config_defaults returned %d", i32RetEmbedTLS);
        }
    }

-    ESP_LOGI(TAG, "Reading HTTP response...");
+    if(i32RetEmbedTLS == ESP_OK)
+    {
+        mbedtls_ssl_conf_authmode(&sHTTPS_ClientConfig.conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+        mbedtls_ssl_conf_ca_chain(&sHTTPS_ClientConfig.conf, &sHTTPS_ClientConfig.cacert, NULL);
+        mbedtls_ssl_conf_rng(&sHTTPS_ClientConfig.conf, mbedtls_ctr_drbg_random, &sHTTPS_ClientConfig.ctr_drbg);

-    //do
-    /// {
-    len = sizeof(buf) - 1;
-    bzero(buf, sizeof(buf));
-    ret = mbedtls_ssl_read(&ssl, (unsigned char *)buf, len);
-
-    if(ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE)
-        // continue;
-
-        if(ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
-            ret = 0;
-            //  break;
+        i32RetEmbedTLS = mbedtls_ssl_setup(&sHTTPS_ClientConfig.ssl, &sHTTPS_ClientConfig.conf);
+        if(i32RetEmbedTLS != ESP_OK)
+        {
+            ESP_LOGE(TAG, "mbedtls_ssl_setup returned -0x%x\n\n", i32RetEmbedTLS);
        }
+    }

-    if(ret < 0)
+    if(i32RetEmbedTLS == ESP_OK)
    {
-        ESP_LOGE(TAG, "mbedtls_ssl_read returned -0x%x", -ret);
-        // break;
+        mbedtls_net_init(&sHTTPS_ClientConfig.server_fd);
    }

-    if(ret == 0)
+    if (i32RetEmbedTLS != ESP_OK)
    {
-        ESP_LOGI(TAG, "connection closed");
-        //  break;
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR_INIT_EMBEDTLS;
    }

-    len = ret;
+    return i32RetHTTPClient;
+}

-    ESP_LOGI(TAG, "%d bytes read", len);
+https_client_ret_t https_clientConnectToServer()
+{
+    https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
+    int32_t i32RetServerConnect = ESP_OK;

-    /* Print response directly to stdout as it is read */
-    for(int i = 0; i < len; i++) {
-        putchar(buf[i]);
-        //printf("0x%x ", buf[i]);
-    }
-    printf("\n");
-
-    //  } while(1);
-
-   ret = mbedtls_ssl_close_notify(&ssl);
-
-   if(ret != 0)
-   {
-    ESP_LOGE(TAG, "mbedtls_ssl_close_notify returned 0x%x", ret);
-   }
-   
-
-exit:
-    mbedtls_ssl_session_reset(&ssl);
-    mbedtls_net_free(&server_fd);
-
-    if(ret != 0)
+    //Connecting to server
+    i32RetServerConnect = mbedtls_net_connect(&sHTTPS_ClientConfig.server_fd, HTTPS_CLIENT_COMMON_NAME, HTTPS_CLIENT_PORT, MBEDTLS_NET_PROTO_TCP);
+    if (i32RetServerConnect != ESP_OK)
    {
-        mbedtls_strerror(ret, buf, 100);
-        ESP_LOGE(TAG, "Last error was: -0x%x - %s", -ret, buf);
+        ESP_LOGE(TAG, "mbedtls_net_connect returned %x", i32RetServerConnect);
    }

-    putchar('\n'); // JSON output doesn't have a newline at end
+    if(i32RetServerConnect == ESP_OK)
+    {
+        mbedtls_ssl_set_bio(&sHTTPS_ClientConfig.ssl, &sHTTPS_ClientConfig.server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);

-    static int request_count;
-    ESP_LOGI(TAG, "Completed %d requests", ++request_count);
+        //Performing the SSL/TLS handshake
+        while ((i32RetServerConnect = mbedtls_ssl_handshake(&sHTTPS_ClientConfig.ssl)) != 0)
+        {
+            if ((i32RetServerConnect != MBEDTLS_ERR_SSL_WANT_READ) && (i32RetServerConnect != MBEDTLS_ERR_SSL_WANT_WRITE))
+            {
+                ESP_LOGE(TAG, "mbedtls_ssl_handshake returned 0x%x", i32RetServerConnect);
+            }
+        }
+    }
+
+    if(i32RetServerConnect != ESP_OK)
+    {
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR_INIT_CONNECT_TWO_SERVER;
+    }
+    return i32RetHTTPClient;
+}
+
+https_client_ret_t https_clientValidateServer()
+{
+    https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
+    int32_t i32RetValidateServer = ESP_OK;
+
+    //Verifying peer X.509 certificate
+    if ((i32RetValidateServer = mbedtls_ssl_get_verify_result(&sHTTPS_ClientConfig.ssl)) != 0)
+    {
+        ESP_LOGE(TAG, "Failed to verify peer certificate!");
+    }
+
+    if(i32RetValidateServer != ESP_OK)
+    {
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR_INIT_VALIDATE_SERVER;
+    }
+    return i32RetHTTPClient;
+}
+
+https_client_ret_t https_clientSendRequest()
+{
+    https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
+    int32_t i32RetSendRequest = ESP_OK;
+    uint32_t u32WrittenBytes = 0;
+    bool bWrite = true;
+
+    //Writing HTTP request
+    while((u32WrittenBytes < strlen(REQUEST)) && bWrite)
+    {
+        i32RetSendRequest = mbedtls_ssl_write(&sHTTPS_ClientConfig.ssl,
+                                              (const unsigned char *)REQUEST + u32WrittenBytes,
+                                              strlen(REQUEST) - u32WrittenBytes);
+        if (i32RetSendRequest >= 0)
+        {
+            //bytes written
+            u32WrittenBytes += i32RetSendRequest;
+        } else if (i32RetSendRequest != MBEDTLS_ERR_SSL_WANT_WRITE && i32RetSendRequest != MBEDTLS_ERR_SSL_WANT_READ) {
+            ESP_LOGE(TAG, "mbedtls_ssl_write returned 0x%x", i32RetSendRequest);
+            bWrite = false;
+        }
+    }
+
+    if(bWrite == false)
+    {
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR_INIT_SEND_REQUEST;
+    }
+    return i32RetHTTPClient;
+}


-    ESP_LOGI(TAG, "going into endless loop!");

+static void https_get_task(void *pvParameters)
+{

-    while(1) {
+    https_clientInitialize();
+
+    uint32_t u32BufferLenght = 1024U;
+    unsigned char buffer[1024U];
+    uint32_t u32BytesRead = 0;
+
+    https_clientRetrieveData(buffer, &u32BufferLenght, &u32BytesRead);
+
+    // Print response directly to stdout as it is read
+    for(uint32_t i = 0; i < u32BytesRead; i++) {
+        putchar(buffer[i]);
+        // printf("%x ", buffer[i]);
+    }
+    printf("\n END \n");
+
+    https_clientDeinitialize();
+
+    while(1)
+    {

    }