espressif · me-no-dev · Feb 10, 2017 · Feb 8, 2017 · Feb 10, 2017
diff --git a/libraries/WiFiClientSecure/examples/WiFiClientSecure/WiFiClientSecure.ino b/libraries/WiFiClientSecure/examples/WiFiClientSecure/WiFiClientSecure.ino
@@ -0,0 +1,76 @@
+/*
+  Wifi secure connection example for ESP32
+  Running on TLS 1.2 using mbedTLS
+  Suporting the following chipersuites:
+  "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CCM","TLS_DHE_RSA_WITH_AES_256_CCM","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","TLS_DHE_RSA_WITH_AES_256_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_DHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8","TLS_DHE_RSA_WITH_AES_256_CCM_8","TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_DHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CCM","TLS_DHE_RSA_WITH_AES_128_CCM","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_DHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_DHE_RSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8","TLS_DHE_RSA_WITH_AES_128_CCM_8","TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA","TLS_DHE_PSK_WITH_AES_256_GCM_SHA384","TLS_DHE_PSK_WITH_AES_256_CCM","TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384","TLS_DHE_PSK_WITH_AES_256_CBC_SHA384","TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA","TLS_DHE_PSK_WITH_AES_256_CBC_SHA","TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384","TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384","TLS_PSK_DHE_WITH_AES_256_CCM_8","TLS_DHE_PSK_WITH_AES_128_GCM_SHA256","TLS_DHE_PSK_WITH_AES_128_CCM","TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256","TLS_DHE_PSK_WITH_AES_128_CBC_SHA256","TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA","TLS_DHE_PSK_WITH_AES_128_CBC_SHA","TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256","TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256","TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256","TLS_PSK_DHE_WITH_AES_128_CCM_8","TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA","TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA","TLS_RSA_WITH_AES_256_GCM_SHA384","TLS_RSA_WITH_AES_256_CCM","TLS_RSA_WITH_AES_256_CBC_SHA256","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_256_CCM_8","TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA","TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_RSA_WITH_AES_128_GCM_SHA256","TLS_RSA_WITH_AES_128_CCM","TLS_RSA_WITH_AES_128_CBC_SHA256","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_128_CCM_8","TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA","TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_RSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA","TLS_RSA_PSK_WITH_AES_256_GCM_SHA384","TLS_RSA_PSK_WITH_AES_256_CBC_SHA384","TLS_RSA_PSK_WITH_AES_256_CBC_SHA","TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384","TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384","TLS_RSA_PSK_WITH_AES_128_GCM_SHA256","TLS_RSA_PSK_WITH_AES_128_CBC_SHA256","TLS_RSA_PSK_WITH_AES_128_CBC_SHA","TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256","TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256","TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA","TLS_PSK_WITH_AES_256_GCM_SHA384","TLS_PSK_WITH_AES_256_CCM","TLS_PSK_WITH_AES_256_CBC_SHA384","TLS_PSK_WITH_AES_256_CBC_SHA","TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384","TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384","TLS_PSK_WITH_AES_256_CCM_8","TLS_PSK_WITH_AES_128_GCM_SHA256","TLS_PSK_WITH_AES_128_CCM","TLS_PSK_WITH_AES_128_CBC_SHA256","TLS_PSK_WITH_AES_128_CBC_SHA","TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256","TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256","TLS_PSK_WITH_AES_128_CCM_8","TLS_PSK_WITH_3DES_EDE_CBC_SHA","TLS_EMPTY_RENEGOTIATION_INFO_SCSV"]
+  2017 - Evandro Copercini - Apache 2.0 License.
+*/
+
+#include <WiFiClientSecure.h>
+
+char ssid[] = "your_network_name"; //  your network SSID (name of wifi network)
+char pass[] = "your_password";    // your network password
+
+char server[] = "www.howsmyssl.com";      // Server URL
+// You can use x.509 certificates if you want
+//unsigned char test_ca_cert[] = "";      //For the usage of verifying server
+//unsigned char test_client_key[] = "";   //For the usage of verifying client
+//unsigned char test_client_cert[] = "";  //For the usage of verifying client
+
+
+WiFiClientSecure client;
+
+void setup() {
+  //Initialize serial and wait for port to open:
+  Serial.begin(115200);
+  delay(100);
+
+  Serial.print("Attempting to connect to SSID: ");
+  Serial.println(ssid);
+  WiFi.begin(ssid, pass);
+
+  // attempt to connect to Wifi network:
+  while (WiFi.status() != WL_CONNECTED) {
+    Serial.print(".");
+    // wait 1 second for re-trying
+    delay(1000);
+  }
+
+  Serial.print("Connected to ");
+  Serial.println(ssid);
+
+  Serial.println("\nStarting connection to server...");
+  if (client.connect(server, 443)) { //client.connect(server, 443, test_ca_cert, test_client_cert, test_client_key)
+    Serial.println("Connected to server!");
+    // Make a HTTP request:
+    client.println("GET https://www.howsmyssl.com/a/check HTTP/1.0");
+    client.println("Host: www.howsmyssl.com");
+    client.println("Connection: close");
+    client.println();
+  }
+  else
+    Serial.println("Connection failed!");
+
+	Serial.print("Waiting for response "); //WiFiClientSecure uses a non blocking implementation
+	while (!client.available()){
+		delay(50); //
+		Serial.print(".");
+	}	 
+  // if there are incoming bytes available
+  // from the server, read them and print them:
+  while (client.available()) {
+    char c = client.read();
+    Serial.write(c);
+  }
+
+  // if the server's disconnected, stop the client:
+  if (!client.connected()) {
+    Serial.println();
+    Serial.println("disconnecting from server.");
+    client.stop();
+  }
+}
+
+void loop() {
+  // do nothing
+}
diff --git a/libraries/WiFiClientSecure/keywords.txt b/libraries/WiFiClientSecure/keywords.txt
@@ -0,0 +1,35 @@
+#######################################
+# Syntax Coloring Map For WiFi
+#######################################
+
+#######################################
+# Library (KEYWORD3)
+#######################################
+
+WiFiClientSecure	KEYWORD3
+
+#######################################
+# Datatypes (KEYWORD1)
+#######################################
+
+WiFiClientSecure	KEYWORD1
+
+#######################################
+# Methods and Functions (KEYWORD2)
+#######################################
+
+connect	KEYWORD2
+write	KEYWORD2
+available	KEYWORD2
+config	KEYWORD2
+read	KEYWORD2
+flush	KEYWORD2
+stop	KEYWORD2
+connected	KEYWORD2
+setCACert	KEYWORD2
+setCertificate	KEYWORD2
+setPrivateKey	KEYWORD2
+
+#######################################
+# Constants (LITERAL1)
+#######################################
diff --git a/libraries/WiFiClientSecure/library.properties b/libraries/WiFiClientSecure/library.properties
@@ -0,0 +1,9 @@
+name=WiFiClientSecure
+version=1.0
+author=Evandro Luis Copercini
+maintainer=Github Community
+sentence=Enables secure network connection (local and Internet) using the ESP32 built-in WiFi.
+paragraph=With this library you can make a TLS or SSL connection to a remote server.
+category=Communication
+url=
+architectures=esp32
diff --git a/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp b/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp
@@ -0,0 +1,190 @@
+/*
+  WiFiClientSecure.cpp - Client Secure class for ESP32
+  Copyright (c) 2016 Hristo Gochkov  All right reserved.
+  Additions Copyright (C) 2017 Evandro Luis Copercini.
+
+  This library is free software; you can redistribute it and/or
+  modify it under the terms of the GNU Lesser General Public
+  License as published by the Free Software Foundation; either
+  version 2.1 of the License, or (at your option) any later version.
+
+  This library is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public
+  License along with this library; if not, write to the Free Software
+  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+#include "WiFiClientSecure.h"
+#include <lwip/sockets.h>
+#include <lwip/netdb.h>
+#include <errno.h>
+
+#undef connect
+#undef write
+#undef read
+
+
+WiFiClientSecure::WiFiClientSecure()
+{
+    _connected = false;
+
+    sslclient = new sslclient_context;
+    ssl_init(sslclient);
+    sslclient->socket = -1;
+
+    _CA_cert = NULL;
+    _cert = NULL;
+    _private_key = NULL;
+}
+
+
+WiFiClientSecure::WiFiClientSecure(int sock)
+{
+    _connected = false;
+
+    sslclient = new sslclient_context;
+    ssl_init(sslclient);
+    sslclient->socket = sock;
+
+    if (sock >= 0) {
+        _connected = true;
+    }
+
+    _CA_cert = NULL;
+    _cert = NULL;
+    _private_key = NULL;
+}
+
+WiFiClientSecure::~WiFiClientSecure()
+{
+    stop();
+}
+
+WiFiClientSecure &WiFiClientSecure::operator=(const WiFiClientSecure &other)
+{
+    stop();
+    sslclient->socket = other.sslclient->socket;
+    _connected = other._connected;
+    return *this;
+}
+
+void WiFiClientSecure::stop()
+{
+    if (_connected && sslclient->socket >= 0) {
+        stop_ssl_socket(sslclient, _CA_cert, _cert, _private_key);
+        sslclient->socket = -1;
+        _connected = false;
+    }
+}
+
+int WiFiClientSecure::connect(IPAddress ip, uint16_t port)
+{
+    connect(ip, port, _CA_cert, _cert, _private_key);
+}
+
+int WiFiClientSecure::connect(const char *host, uint16_t port)
+{
+    connect(host, port, _CA_cert, _cert, _private_key);
+}
+
+int WiFiClientSecure::connect(IPAddress ip, uint16_t port, unsigned char *_CA_cert, unsigned char *_cert, unsigned char *_private_key)
+{
+    int ret = start_ssl_client(sslclient, ip, port, _CA_cert, _cert, _private_key);
+    if (ret < 0) {
+        log_e("lwip_connect_r: %d", errno);
+    }
+    _connected = true;
+    return 1;
+}
+
+int WiFiClientSecure::connect(const char *host, uint16_t port, unsigned char *_CA_cert, unsigned char *_cert, unsigned char *_private_key)
+{
+    struct hostent *server;
+    server = gethostbyname(host);
+    if (server == NULL) {
+        return 0;
+    }
+    IPAddress srv((const uint8_t *)(server->h_addr));
+    return connect(srv, port, _CA_cert, _cert, _private_key);
+}
+
+
+size_t WiFiClientSecure::write(uint8_t data)
+{
+    return write(&data, 1);
+}
+
+int WiFiClientSecure::read()
+{
+    uint8_t data = 0;
+    int res = read(&data, 1);
+    if (res < 0) {
+        return res;
+    }
+    return data;
+}
+
+size_t WiFiClientSecure::write(const uint8_t *buf, size_t size)
+{
+    if (!_connected) {
+        return 0;
+    }
+    int res = send_ssl_data(sslclient, buf, size);
+    if (res < 0) {
+        log_e("%d", errno);
+        stop();
+        res = 0;
+    }
+    return res;
+}
+
+int WiFiClientSecure::read(uint8_t *buf, size_t size)
+{
+    if (!available()) {
+        return -1;
+    }
+    int res = get_ssl_receive(sslclient, buf, size);
+    if (res < 0 && errno != EWOULDBLOCK) {
+        printf("%d", errno);
+        stop();
+    }
+    return res;
+}
+
+int WiFiClientSecure::available()
+{
+    if (!_connected) {
+        return 0;
+    }
+    int res = data_to_read(sslclient);
+
+    return res;
+}
+
+uint8_t WiFiClientSecure::connected()
+{
+    uint8_t dummy = 0;
+    read(&dummy, 0);
+
+    return _connected;
+}
+
+void WiFiClientSecure::setCACert(unsigned char *rootCA)
+{
+    _CA_cert = rootCA;
+}
+
+void WiFiClientSecure::setCertificate (unsigned char *client_ca)
+{
+    _cert = client_ca;
+}
+
+void WiFiClientSecure::setPrivateKey (unsigned char *private_key)
+{
+    _private_key = private_key;
+}
+