feature/openssl: add the openssl server demo

diff --git a/examples/10_openssl_server/Makefile b/examples/10_openssl_server/Makefile
new file mode 100644 (file)
index 0000000..f65f11a
--- /dev/null
+++ b/examples/10_openssl_server/Makefile
@@ -0,0 +1,9 @@
+#
+# This is a project Makefile. It is assumed the directory this Makefile resides in is a
+# project subdirectory.
+#
+
+PROJECT_NAME := openssl_server
+
+include $(IDF_PATH)/make/project.mk
+

diff --git a/examples/10_openssl_server/README.md b/examples/10_openssl_server/README.md
new file mode 100644 (file)
index 0000000..ae5c8da
--- /dev/null
+++ b/examples/10_openssl_server/README.md
@@ -0,0 +1,20 @@
+# Openssl Example
+
+The Example contains of OpenSSL server demo.
+
+First you should configure the project by "make menuconfig":
+  Example Configuration -> 
+    1. WiFi SSID: you own wifi that you pc is connected to alse. 
+    1. WiFi Password: wifi password
+    
+IF you want to test the OpenSSL server demo: 
+  1. compile the code and load the firmware 
+  2. input the context of "https://192.168.17.128" into your web browser, the IP of your module may not be 192.168.17.128, you should input your module's IP
+  3. You may see that it shows the website is not able to be trusted, but you should select that "go on to visit it"
+  4. You should wait for a moment until your see the "OpenSSL server demo!" in your web browser
+  
+Note:
+  The private key and certification at the example are not trusted by web browser, because they are not created by CA official, just by ourselves.
+  You can alse create your own private key and ceritification by "openssl at ubuntu or others".  
+
+See the README.md file in the upper level 'examples' directory for more information about examples.

diff --git a/examples/10_openssl_server/main/Kconfig.projbuild b/examples/10_openssl_server/main/Kconfig.projbuild
new file mode 100644 (file)
index 0000000..7a9cb97
--- /dev/null
+++ b/examples/10_openssl_server/main/Kconfig.projbuild
@@ -0,0 +1,15 @@
+menu "Example Configuration"
+
+config WIFI_SSID
+    string "WiFi SSID"
+    default "myssid"
+    help
+        SSID (network name) for the example to connect to.
+
+config WIFI_PASSWORD
+    string "WiFi Password"
+    default "mypassword"
+    help
+        WiFi password (WPA or WPA2) for the example to use.
+
+endmenu
\ No newline at end of file

diff --git a/examples/10_openssl_server/main/cacert.pem b/examples/10_openssl_server/main/cacert.pem
new file mode 100644 (file)
index 0000000..e09c398
--- /dev/null
+++ b/examples/10_openssl_server/main/cacert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDezCCAmOgAwIBAgIJAPMMNobNczaUMA0GCSqGSIb3DQEBBAUAMHQxEzARBgNV
+BAMTCk15IFRlc3QgQ0ExCzAJBgNVBAgTAkhaMQswCQYDVQQGEwJDTjEcMBoGCSqG
+SIb3DQEJARYNdGVzdEBjZXJ0LmNvbTElMCMGA1UEChMcUm9vdCBDZXJ0aWZpY2F0
+aW9uIEF1dGhvcml0eTAeFw0xNjExMTUwNTA0MThaFw0xOTExMTUwNTA0MThaMHQx
+EzARBgNVBAMTCk15IFRlc3QgQ0ExCzAJBgNVBAgTAkhaMQswCQYDVQQGEwJDTjEc
+MBoGCSqGSIb3DQEJARYNdGVzdEBjZXJ0LmNvbTElMCMGA1UEChMcUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALDjSPDlomepHCzbw4MUrquQAU0xTV4/Npb27k9I5TRVTjIoOs/5hNI2LPFW
+e4CREx09ZrT8K3NFOBoSy7bhPAsjGaFxCYYWc9tiX1m5gq3ToVRSmbZ65fE3kvnI
+8E/d5VyzA0OMmWbfaolBSTMoWgqRynEaT+z1Eh2yDTzVFy9eov1DdQFUqGDqbH5b
+QYvTY5Fyem7UcKWAe2yS0j3H4dVtVBKNY7qV3Px08yGAs5fQFgUwhyB5+qwhvkeL
+JdgapGaSTwLgoQKWHbe/lA3NiBIB9hznFUGKo3hmniAvYZbrQcn3tc0l/J4I39v2
+Pm29FAyjWvQyBkGktz2q4elOZYkCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkq
+hkiG9w0BAQQFAAOCAQEAJCJ+97oae/FcOLbPpjCpUQnWqYydgSChgalkZNvr4fVp
+TnuNg471l0Y2oTJLoWn2YcbPSFVOEeKkU47mpjMzucHHp0zGaW9SdzhZalWwmbgK
+q2ijecIbuFHFNedYTk/03K7eaAcjVhD8e0oOJImeLOL6DAFivA1LUnSgXsdGPDtD
+zhISsCPTu+cL1j0yP6HBvLeAyb8kaCWJ05RtiVLRANNHQn/keHajJYpMwnEEbJdG
+cqN3whfJoGVbZ6isEf2RQJ0pYRnP7uGLW3wGkLWxfdto8uER8HVDx7fZpevLIqGd
+1OoSEi3cIJXWBAjx0TLzzhtb6aeIxBJWQqHThtkKdg==
+-----END CERTIFICATE-----

diff --git a/examples/10_openssl_server/main/component.mk b/examples/10_openssl_server/main/component.mk
new file mode 100644 (file)
index 0000000..4a891d5
--- /dev/null
+++ b/examples/10_openssl_server/main/component.mk
@@ -0,0 +1,11 @@
+#
+# Main Makefile. This is basically the same as a component makefile.
+#
+# This Makefile should, at the very least, just include $(IDF_PATH)/make/component_common.mk. By default, 
+# this will take the sources in the src/ directory, compile them and link them into 
+# lib(subdirectory_name).a in the build directory. This behaviour is entirely configurable,
+# please read the ESP-IDF documents if you need to do this.
+#
+
+COMPONENT_EMBED_TXTFILES := cacert.pem
+COMPONENT_EMBED_TXTFILES += prvtkey.pem

diff --git a/examples/10_openssl_server/main/openssl_server.c b/examples/10_openssl_server/main/openssl_server.c
new file mode 100644 (file)
index 0000000..4fc841a
--- /dev/null
+++ b/examples/10_openssl_server/main/openssl_server.c
@@ -0,0 +1,258 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD\r
+//\r
+// Licensed under the Apache License, Version 2.0 (the "License");\r
+// you may not use this file except in compliance with the License.\r
+// You may obtain a copy of the License at\r
+\r
+//     http://www.apache.org/licenses/LICENSE-2.0\r
+//\r
+// Unless required by applicable law or agreed to in writing, software\r
+// distributed under the License is distributed on an "AS IS" BASIS,\r
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+// See the License for the specific language governing permissions and\r
+// limitations under the License.\r
+\r
+#include "openssl_server.h"\r
+\r
+#include <string.h>\r
+\r
+#include "openssl/ssl.h"\r
+\r
+#include "freertos/FreeRTOS.h"\r
+#include "freertos/task.h"\r
+#include "freertos/event_groups.h"\r
+\r
+#include "esp_types.h"\r
+#include "esp_log.h"\r
+#include "esp_system.h"\r
+#include "esp_wifi.h"\r
+#include "esp_event_loop.h"\r
+#include "esp_log.h"\r
+\r
+#include "nvs_flash.h"\r
+#include "tcpip_adapter.h"\r
+\r
+#include "lwip/sockets.h"\r
+#include "lwip/netdb.h"\r
+\r
+static EventGroupHandle_t wifi_event_group;\r
+\r
+/* The event group allows multiple bits for each event,\r
+   but we only care about one event - are we connected\r
+   to the AP with an IP? */\r
+const static int CONNECTED_BIT = BIT0;\r
+\r
+const static char *TAG = "Openssl_demo";\r
+\r
+#define OPENSSL_DEMO_SERVER_ACK "HTTP/1.1 200 OK\r\n" \\r
+                                "Content-Type: text/html\r\n" \\r
+                                "Content-Length: 98\r\n" \\r
+                                "<html>\r\n" \\r
+                                "<head>\r\n" \\r
+                                "<title>OpenSSL demo</title></head><body>\r\n" \\r
+                                "OpenSSL server demo!\r\n" \\r
+                                "</body>\r\n" \\r
+                                "</html>\r\n"\r
+\r
+static void openssl_demo_thread(void *p)\r
+{\r
+    int ret;\r
+\r
+    SSL_CTX *ctx;\r
+    SSL *ssl;\r
+\r
+    int socket, new_socket;\r
+    socklen_t addr_len;\r
+    struct sockaddr_in sock_addr;\r
+\r
+    char send_data[] = OPENSSL_DEMO_SERVER_ACK;\r
+    int send_bytes = sizeof(send_data);\r
+    char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN];\r
+\r
+    extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start");\r
+    extern const unsigned char cacert_pem_end[]   asm("_binary_cacert_pem_end");\r
+    const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start;\r
+\r
+    extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");\r
+    extern const unsigned char prvtkey_pem_end[]   asm("_binary_prvtkey_pem_end");\r
+    const unsigned int prvtkey_pem_bytes = prvtkey_pem_end - prvtkey_pem_start;   \r
+\r
+    ESP_LOGI(TAG, "SSL server context create ......");\r
+    ctx = SSL_CTX_new(SSLv3_server_method());\r
+    if (!ctx) {\r
+        ESP_LOGI(TAG, "failed");\r
+        goto failed1;\r
+    }\r
+    ESP_LOGI(TAG, "OK");\r
+\r
+    ESP_LOGI(TAG, "SSL server context set own certification......");\r
+    ret = SSL_CTX_use_certificate_ASN1(ctx, cacert_pem_bytes, cacert_pem_start);\r
+    if (!ret) {\r
+        ESP_LOGI(TAG, "failed");\r
+        goto failed2;\r
+    }\r
+    ESP_LOGI(TAG, "OK");\r
+\r
+    ESP_LOGI(TAG, "SSL server context set private key......");\r
+    ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, prvtkey_pem_start, prvtkey_pem_bytes);\r
+    if (!ret) {\r
+        ESP_LOGI(TAG, "failed");\r
+        goto failed2;\r
+    }\r
+    ESP_LOGI(TAG, "OK");\r
+\r
+    ESP_LOGI(TAG, "SSL server create socket ......");\r
+    socket = socket(AF_INET, SOCK_STREAM, 0);\r
+    if (socket < 0) {\r
+        ESP_LOGI(TAG, "failed");\r
+        goto failed2;\r
+    }\r
+    ESP_LOGI(TAG, "OK");\r
+\r
+    ESP_LOGI(TAG, "SSL server socket bind ......");\r
+    memset(&sock_addr, 0, sizeof(sock_addr));\r
+    sock_addr.sin_family = AF_INET;\r
+    sock_addr.sin_addr.s_addr = 0;\r
+    sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT);\r
+    ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));\r
+    if (ret) {\r
+        ESP_LOGI(TAG, "failed");\r
+        goto failed3;\r
+    }\r
+    ESP_LOGI(TAG, "OK");\r
+\r
+    ESP_LOGI(TAG, "SSL server socket listen ......");\r
+    ret = listen(socket, 32);\r
+    if (ret) {\r
+        ESP_LOGI(TAG, "failed");\r
+        goto failed3;\r
+    }\r
+    ESP_LOGI(TAG, "OK");\r
+\r
+reconnect:\r
+    ESP_LOGI(TAG, "SSL server create ......");\r
+    ssl = SSL_new(ctx);\r
+    if (!ssl) {\r
+        ESP_LOGI(TAG, "failed");\r
+        goto failed3;\r
+    }\r
+    ESP_LOGI(TAG, "OK");\r
+\r
+    ESP_LOGI(TAG, "SSL server socket accept client ......");\r
+    new_socket = accept(socket, (struct sockaddr *)&sock_addr, &addr_len);\r
+    if (new_socket < 0) {\r
+        ESP_LOGI(TAG, "failed" );\r
+        goto failed4;\r
+    }\r
+    ESP_LOGI(TAG, "OK");\r
+\r
+    SSL_set_fd(ssl, new_socket);\r
+\r
+    ESP_LOGI(TAG, "SSL server accept client ......");\r
+    ret = SSL_accept(ssl);\r
+    if (!ret) {\r
+        ESP_LOGI(TAG, "failed");\r
+        goto failed5;\r
+    }\r
+    ESP_LOGI(TAG, "OK");\r
+\r
+    ESP_LOGI(TAG, "SSL server read message ......");\r
+    do {\r
+        memset(recv_buf, 0, OPENSSL_DEMO_RECV_BUF_LEN);\r
+        ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1);\r
+        if (ret <= 0) {\r
+            break;\r
+        }\r
+        if (strstr(recv_buf, "GET / HTTP/1.1")) {\r
+            SSL_write(ssl, send_data, send_bytes);\r
+            break;\r
+        }\r
+    } while (1);\r
+    \r
+    ESP_LOGI(TAG, "result %d", ret);\r
+\r
+    SSL_shutdown(ssl);\r
+failed5:\r
+    close(new_socket);\r
+    new_socket = -1;\r
+failed4:\r
+    SSL_free(ssl);\r
+    ssl = NULL;\r
+    goto reconnect;\r
+failed3:\r
+    close(socket);\r
+    socket = -1;\r
+failed2:\r
+    SSL_CTX_free(ctx);\r
+    ctx = NULL;\r
+failed1:\r
+    vTaskDelete(NULL);\r
+    return ;\r
+} \r
+\r
+static void openssl_client_init(void)\r
+{\r
+    int ret;\r
+    xTaskHandle openssl_handle;\r
+    extern void openssl_demo_thread(void *p);\r
+\r
+    ret = xTaskCreate(openssl_demo_thread,\r
+                      OPENSSL_DEMO_THREAD_NAME,\r
+                      OPENSSL_DEMO_THREAD_STACK_WORDS,\r
+                      NULL,\r
+                      OPENSSL_DEMO_THREAD_PRORIOTY,\r
+                      &openssl_handle); \r
+\r
+    if (ret != pdPASS)  {\r
+        ESP_LOGI(TAG, "create thread %s failed", OPENSSL_DEMO_THREAD_NAME);\r
+        return ;\r
+    }\r
+}\r
+\r
+static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)\r
+{\r
+    switch(event->event_id) {\r
+    case SYSTEM_EVENT_STA_START:\r
+        esp_wifi_connect();\r
+        break;\r
+    case SYSTEM_EVENT_STA_GOT_IP:\r
+        xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);\r
+        openssl_client_init();\r
+        break;\r
+    case SYSTEM_EVENT_STA_DISCONNECTED:\r
+        /* This is a workaround as ESP32 WiFi libs don't currently\r
+           auto-reassociate. */\r
+        esp_wifi_connect();        \r
+        xEventGroupClearBits(wifi_event_group, CONNECTED_BIT);\r
+        break;\r
+    default:\r
+        break;\r
+    }\r
+    return ESP_OK;\r
+}\r
+\r
+static void wifi_conn_init(void)\r
+{\r
+    tcpip_adapter_init();\r
+    wifi_event_group = xEventGroupCreate();\r
+    ESP_ERROR_CHECK( esp_event_loop_init(wifi_event_handler, NULL) );\r
+    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();\r
+    ESP_ERROR_CHECK( esp_wifi_init(&cfg) );\r
+    ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) );\r
+    wifi_config_t wifi_config = {\r
+        .sta = {\r
+            .ssid = EXAMPLE_WIFI_SSID,\r
+            .password = EXAMPLE_WIFI_PASS,\r
+        },\r
+    };\r
+    ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) );\r
+    ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) );\r
+    ESP_LOGI(TAG, "start the WIFI SSID:[%s] password:[%s]\n", EXAMPLE_WIFI_SSID, EXAMPLE_WIFI_PASS);\r
+    ESP_ERROR_CHECK( esp_wifi_start() );\r
+}\r
+\r
+void app_main(void)\r
+{\r
+    nvs_flash_init();\r
+    wifi_conn_init();\r
+}\r

diff --git a/examples/10_openssl_server/main/openssl_server.h b/examples/10_openssl_server/main/openssl_server.h
new file mode 100644 (file)
index 0000000..e87f5e4
--- /dev/null
+++ b/examples/10_openssl_server/main/openssl_server.h
@@ -0,0 +1,22 @@
+#ifndef _OPENSSL_DEMO_H_
+#define _OPENSSL_DEMO_H_
+
+/* The examples use simple WiFi configuration that you can set via
+   'make menuconfig'.
+
+   If you'd rather not, just change the below entries to strings with
+   the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
+*/
+#define EXAMPLE_WIFI_SSID               CONFIG_WIFI_SSID
+#define EXAMPLE_WIFI_PASS               CONFIG_WIFI_PASSWORD
+
+#define OPENSSL_DEMO_THREAD_NAME        "OpenSSL_demo"
+#define OPENSSL_DEMO_THREAD_STACK_WORDS 10240
+#define OPENSSL_DEMO_THREAD_PRORIOTY    8
+
+#define OPENSSL_DEMO_RECV_BUF_LEN       1024
+
+#define OPENSSL_DEMO_LOCAL_TCP_PORT     443
+
+#endif
+

diff --git a/examples/10_openssl_server/main/prvtkey.pem b/examples/10_openssl_server/main/prvtkey.pem
new file mode 100644 (file)
index 0000000..4ead61f
--- /dev/null
+++ b/examples/10_openssl_server/main/prvtkey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAsONI8OWiZ6kcLNvDgxSuq5ABTTFNXj82lvbuT0jlNFVOMig6
+z/mE0jYs8VZ7gJETHT1mtPwrc0U4GhLLtuE8CyMZoXEJhhZz22JfWbmCrdOhVFKZ
+tnrl8TeS+cjwT93lXLMDQ4yZZt9qiUFJMyhaCpHKcRpP7PUSHbINPNUXL16i/UN1
+AVSoYOpsfltBi9NjkXJ6btRwpYB7bJLSPcfh1W1UEo1jupXc/HTzIYCzl9AWBTCH
+IHn6rCG+R4sl2BqkZpJPAuChApYdt7+UDc2IEgH2HOcVQYqjeGaeIC9hlutByfe1
+zSX8ngjf2/Y+bb0UDKNa9DIGQaS3Parh6U5liQIDAQABAoIBAB9K9jp3xXVlO3DM
+KBhmbkg3n6NSV4eW00d9w8cO9E1/0eeZql3knJS7tNO1IwApqiIAHM1j1yP7WONz
+88oUqpSlzwD6iF7KVhC3pHqxEOdDi0Tpn/viXg+Ab2X1IF5guRTfLnKiyviiCazi
+edqtBtDb3d6Icx9Oc7gBKcpbQFDGt++wSOb5L+xhRm9B5B4l/6byikiPeKqIK5tC
+SoP9Zr1mvpNoGm1P4LvEunFJcRBqVI010VNwfO9P98oVyzJu9/FZZrQxXoY9JdXF
+OM6nbl+hMDM3TkEOda9NvBhImozEAvuc97CaaXyR3XivxMqNqNIb4+syUPa2PCS3
+ZztI5qECgYEA1gbVG6ifpvpbBkDPi3Im8fM3F7FLLrQc48FdFjdMvDhHD9lVKucD
+Uaa8PF9dbbvlu2cwMyfBOKSuWaXxRxRsiqiPmTunS1MvPzQcSrGwUrL2AogGucn6
++NrLQf5P4H5IpkDQ9ih3zwjO6xKFK1WeYnYpHM8qUBtl6q0YFyVBPu0CgYEA05Pn
+StWA4D7VSbNnVi6lvFyEOUsTrK3v419598TFiq4eXLq6aV8/CQYzKsSzoG+aOZhX
+Li+0uyT5cNzUcXYhTsW1hA/pNhMfxMrYiB1x14zlLp2WRGg4vd/+SxX6d9Yd3acX
+7QzPKgdDicXs9QN8ozJOICKvNbUI53AJdATVEY0CgYEAwvpGeoQLrdq1weSZLrg3
+soOX1QW3MDz1dKdbXjnStkWut0mOxR7fbysuoPFf8/ARQcCnsHKvHCMqkpESVWbN
+2yPkbfxiU8Tcbf/TJljqAOz4ISY6ula/RKZONTixHBrvpEW4GAiV3Q5xMsYUe33s
+ZFaw7YXtTj0ng7tdDvjpj6ECgYEApHdUU9ejVq2BHslWiqe4LbO9FMxHfvO2hgix
+xugupp6y+2Irhb2EQn+PRq+g8hXOzPaezkhHNTKItDL08T3iplkJwJ6dqmszRsZn
+i2dYFzZu8M2PAZ4CfZahFbz/9id7D9HTx3EtmH4NAgvZJpyPRkzUbiaIDDettDpj
+Hsyi1AECgYAPLvjBzQj4kPF8Zo9pQEUcz4pmupRVfv3aRfjnahDK4qZHEePDRj+J
+W7pzayrs1dyN9QLB8pTc424z7f8MB3llCICN+ohs8CR/eW0NEobE9ldDOeoCr1Vh
+NhNSbrN1iZ8U4oLkRTMaDKkVngGffvjGi/q0tOU7hJdZOqNlk2Iahg==
+-----END RSA PRIVATE KEY-----