8000 esp32/modusocket: Improvments to sockets handling and ssl handshake (#6) · pycom/pycom-micropython-sigfox@ddc48bd · GitHub
[go: up one dir, main page]
Skip to content
This repository was archived by the owner on Sep 16, 2024. It is now read-only.

Commit ddc48bd

Browse files
author
Islam Wahdan
authored
esp32/modusocket: Improvments to sockets handling and ssl handshake (#6)
* esp32/modusocket: Improvments to sockets handling and ssl handshake * esp32/modusocket: minor update
1 parent 310998c commit ddc48bd

File tree

11 files changed

+153
-94
lines changed

11 files changed

+153
-94
lines changed

esp32/Makefile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,8 @@ BUILD = $(BUILD_DIR)/$(BOARD)/$(BTYPE)
2929

3030
RELEASE_DIR ?= build/
3131

32+
COPY_IDF_LIB ?= 1
33+
3234
# by default Secure Boot and Flash Encryption are disabled
3335
SECURE ?= off
3436

esp32/application.mk

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -524,8 +524,10 @@ $(BUILD)/bootloader/bootloader.a: $(BOOT_OBJ) sdkconfig.h
524524
$(Q) $(AR) cru $@ $^
525525

526526
$(BUILD)/bootloader/bootloader.elf: $(BUILD)/bootloader/bootloader.a $(SECURE_BOOT_VERIFICATION_KEY)
527+
ifeq ($(COPY_IDF_LIB), 1)
527528
$(ECHO) "COPY IDF LIBRARIES $@"
528529
$(Q) $(PYTHON) get_idf_libs.py --idflibs $(IDF_PATH)/examples/wifi/scan/build
530+
endif
529531
ifeq ($(SECURE), on)
530532
# unpack libbootloader_support.a, and archive again using the right key for verifying signatures
531533
$(ECHO) "Inserting verification key $(SECURE_BOOT_VERIFICATION_KEY) in $@"
@@ -593,8 +595,10 @@ $(BUILD)/application.elf: $(BUILD)/application.a $(BUILD)/esp32_out.ld
593595
$(Q) $(SIZE) $@
594596
else
595597
$(BUILD)/application.elf: $(BUILD)/application.a $(BUILD)/esp32_out.ld $(SECURE_BOOT_VERIFICATION_KEY)
598+
ifeq ($(COPY_IDF_LIB), 1)
596599
$(ECHO) "COPY IDF LIBRARIES $@"
597600
$(Q) $(PYTHON) get_idf_libs.py --idflibs $(IDF_PATH)/examples/wifi/scan/build
601+
endif
598602
ifeq ($(SECURE), on)
599603
# unpack libbootloader_support.a, and archive again using the right key for verifying signatures
600604
$(ECHO) "Inserting verification key $(SECURE_BOOT_VERIFICATION_KEY) in $@"

esp32/mods/lwipsocket.c

Lines changed: 45 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@
3333
#include "lwip/sockets.h"
3434
#include "lwip/dns.h"
3535
#include "lwip/netdb.h"
36+
#include "lwipsocket.h"
3637

3738

3839
#define WLAN_MAX_RX_SIZE 2048
@@ -162,42 +163,12 @@ int lwipsocket_socket_connect(mod_network_socket_obj_t *s, byte *ip, mp_uint_t p
162163
// printf("Connected.\n");
163164

164165
if (s->sock_base.is_ssl && (ret == 0)) {
165-
mp_obj_ssl_socket_t *ss = (mp_obj_ssl_socket_t *)s;
166-
167-
if ((ret = mbedtls_net_set_block(&ss->context_fd)) != 0) {
168-
// printf("failed! net_set_(non)block() returned -0x%x\n", -ret);
169-
*_errno = errno;
170-
return -1;
171-
}
172-
173-
mbedtls_ssl_set_bio(&ss->ssl, &ss->context_fd, mbedtls_net_send, NULL, mbedtls_net_recv_timeout);
174-
175-
// printf("Performing the SSL/TLS handshake...\n");
176-
177-
while ((ret = mbedtls_ssl_handshake(&ss->ssl)) != 0)
178-
{
179-
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_TIMEOUT)
180-
{
181-
// printf("mbedtls_ssl_handshake returned -0x%x\n", -ret);
182-
*_errno = errno;
183-
return -1;
184-
}
185-
}
186-
187-
// printf("Verifying peer X.509 certificate...\n");
188166

189-
if ((ret = mbedtls_ssl_get_verify_result(&ss->ssl)) != 0) {
190-
/* In real life, we probably want to close connection if ret != 0 */
191-
// printf("Failed to verify peer certificate!\n");
192-
*_errno = errno;
193-
return -1;
194-
} else {
195-
// printf("Certificate verified.\n");
196-
}
167+
ret = lwipsocket_socket_setup_ssl(s, _errno);
197168
}
198169

199170
s->sock_base.connected = true;
200-
return 0;
171+
return ret;
201172
}
202173

203174
int lwipsocket_socket_send(mod_network_socket_obj_t *s, const byte *buf, mp_uint_t len, int *_errno) {
@@ -392,3 +363,45 @@ int lwipsocket_socket_ioctl (mod_network_socket_obj_t *s, mp_uint_t request, mp_
392363
}
393364
return ret;
394365
}
366+
367+
int lwipsocket_socket_setup_ssl(mod_network_socket_obj_t *s, int *_errno)
368+
{
369+
int ret;
370+
uint32_t count = 0;
371+
mp_obj_ssl_socket_t *ss = (mp_obj_ssl_socket_t *)s;
372+
373+
if ((ret = mbedtls_net_set_block(&ss->context_fd)) != 0) {
374+
// printf("failed! net_set_(non)block() returned -0x%x\n", -ret);
375+
*_errno = ret;
376+
return -1;
377+
}
378+
379+
mbedtls_ssl_set_bio(&ss->ssl, &ss->context_fd, mbedtls_net_send, NULL, mbedtls_net_recv_timeout);
380+
381+
// printf("Performing the SSL/TLS handshake...\n");
382+
383+
while ((ret = mbedtls_ssl_handshake(&ss->ssl)) != 0)
384+
{
385+
if ((ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_TIMEOUT ) || count >= ss->read_timeout)
386+
{
387+
// printf("mbedtls_ssl_handshake returned -0x%x\n", -ret);
388+
*_errno = ret;
389+
return -1;
390+
}
391+
if(ret == MBEDTLS_ERR_SSL_TIMEOUT)
392+
{
393+
count++;
394+
}
395+
}
396+
397+
// printf("Verifying peer X.509 certificate...\n");
398+
399+
if ((ret = mbedtls_ssl_get_verify_result(&ss->ssl)) != 0) {
400+
/* In real life, we probably want to close connection if ret != 0 */
401+
// printf("Failed to verify peer certificate!\n");
402+
*_errno = ret;
403+
return -1;
404+
}
405+
// printf("Certificate verified.\n");
406+
return 0;
407+
}

esp32/mods/lwipsocket.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,4 +40,6 @@ extern int lwipsocket_socket_settimeout(mod_network_socket_obj_t *s, mp_int_t ti
4040

4141
extern int lwipsocket_socket_ioctl (mod_network_socket_obj_t *s, mp_uint_t request, mp_uint_t arg, int *_errno);
4242

43+
extern int lwipsocket_socket_setup_ssl(mod_network_socket_obj_t *s, int *_errno);
44+
4345
#endif // LWIPSOCKET_H_

esp32/mods/modlte.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1050,5 +1050,6 @@ const mod_network_nic_type_t mod_network_nic_type_lte = {
10501050
.n_setsockopt = lwipsocket_socket_setsockopt,
10511051
.n_bind = lwipsocket_socket_bind,
10521052
.n_ioctl = lwipsocket_socket_ioctl,
1053+
.n_setupssl = lwipsocket_socket_setup_ssl,
10531054
.inf_up = ltepp_is_ppp_conn_up,
10541055
};

esp32/mods/modnetwork.h

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,15 @@
5050
// forward declarations
5151
struct _mod_network_socket_obj_t;
5252

53+
typedef enum {
54+
SOCKET_CONN_START = 0,
55+
SOCKET_CONNECTED,
56+
SOCKET_NOT_CONNECTED,
57+
SOCKET_CONN_PENDING,
58+
SOCKET_CONN_ERROR,
59+
SOCKET_CONN_TIMEDOUT
60+
}mod_network_sock_conn_status_t;
61+
5362
typedef struct _mod_network_nic_type_t {
5463
mp_obj_type_t base;
5564

@@ -70,6 +79,7 @@ typedef struct _mod_network_nic_type_t {
7079
int (*n_setsockopt)(struct _mod_network_socket_obj_t *socket, mp_uint_t level, mp_uint_t opt, const void *optval, mp_uint_t optlen, int *_errno);
7180
int (*n_settimeout)(struct _mod_network_socket_obj_t *socket, mp_int_t timeout_ms, int *_errno);
7281
int (*n_ioctl)(struct _mod_network_socket_obj_t *socket, mp_uint_t request, mp_uint_t arg, int *_errno);
82+
int (*n_setupssl)(struct _mod_network_socket_obj_t *socket, int *_errno);
7383

7484
// Interface status
7585
bool (*inf_up)(void);
@@ -90,6 +100,11 @@ typedef struct _mod_network_socket_base_t {
90100
int32_t timeout;
91101
bool is_ssl;
92102
bool connected;
103+
uint8_t ip_addr[MOD_NETWORK_IPV4ADDR_BUF_SIZE];
104+
mp_uint_t port;
105+
mod_network_sock_conn_status_t conn_status;
106+
int err;
107+
uint8_t domain;
93108
} mod_network_socket_base_t;
94109

95110
typedef struct _mod_network_socket_obj_t {

0 commit comments

Comments
 (0)
0