Merge branch 'feature/removing_mbedtls_dependancy' into 'master'

Removing mbedtls dependancy for components

Closes IDF-975 and IDF-976

See merge request espressif/esp-idf!7138

components/esp-tls/CMakeLists.txt

@@ -1,4 +1,4 @@
-set(srcs esp_tls.c)
+set(srcs esp_tls.c esp-tls-crypto/esp_tls_crypto.c)
 if(CONFIG_ESP_TLS_USING_MBEDTLS)
     list(APPEND srcs
         "esp_tls_mbedtls.c")
@@ -10,7 +10,7 @@ if(CONFIG_ESP_TLS_USING_WOLFSSL)
 endif()
 
 idf_component_register(SRCS "${srcs}"
-                    INCLUDE_DIRS "."
+                    INCLUDE_DIRS . esp-tls-crypto
                     PRIV_INCLUDE_DIRS "private_include"
                     REQUIRES mbedtls
                     PRIV_REQUIRES lwip nghttp)

components/esp-tls/component.mk

@@ -1,8 +1,8 @@
 
-COMPONENT_SRCDIRS := .
-COMPONENT_OBJS := esp_tls.o
+COMPONENT_SRCDIRS := . esp-tls-crypto
+COMPONENT_OBJS := esp_tls.o esp-tls-crypto/esp_tls_crypto.o
 
-COMPONENT_ADD_INCLUDEDIRS := . private_include
+COMPONENT_ADD_INCLUDEDIRS := . esp-tls-crypto private_include
 
 
 ifneq ($(CONFIG_ESP_TLS_USING_MBEDTLS), )

components/esp-tls/esp-tls-crypto/esp_tls_crypto.c

@@ -0,0 +1,85 @@
+// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "esp_tls_crypto.h"
+#include "esp_log.h"
+#include "esp_err.h"
+static const char *TAG = "esp_crypto";
+#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
+#include "mbedtls/sha1.h"
+#include "mbedtls/base64.h"
+#define _esp_crypto_sha1 esp_crypto_sha1_mbedtls
+#define _esp_crypto_base64_encode esp_crypto_bas64_encode_mbedtls
+#elif  CONFIG_ESP_TLS_USING_WOLFSSL
+#include "wolfssl/ssl.h" /* SHA functions are listed in wolfssl/ssl.h */
+#include "wolfssl/wolfcrypt/coding.h"
+#define _esp_crypto_sha1 esp_crypto_sha1_wolfSSL
+#define _esp_crypto_base64_encode esp_crypto_base64_encode_woflSSL
+#endif
+
+#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
+static int esp_crypto_sha1_mbedtls( const unsigned char *input,
+                                    size_t ilen,
+                                    unsigned char output[20])
+{
+    int ret = mbedtls_sha1_ret(input, ilen, output);
+    if (ret != 0) {
+        ESP_LOGE(TAG, "Error in calculating sha1 sum , Returned 0x%02X", ret);
+    }
+    return ret;
+}
+
+static int esp_crypto_bas64_encode_mbedtls( unsigned char *dst, size_t dlen,
+        size_t *olen, const unsigned char *src,
+        size_t slen)
+{
+    return mbedtls_base64_encode(dst, dlen, olen, src, slen);
+}
+
+#elif CONFIG_ESP_TLS_USING_WOLFSSL
+static int esp_crypto_sha1_wolfSSL( const unsigned char *input,
+                                    size_t ilen,
+                                    unsigned char output[20])
+{
+    unsigned char *ret = wolfSSL_SHA1(input, ilen, output);
+    if (ret == NULL) {
+        ESP_LOGE(TAG, "Error in calculating sha1 sum");
+        return -1;
+    }
+    return 0;
+}
+
+static int esp_crypto_base64_encode_woflSSL(unsigned char *dst, size_t dlen, size_t *olen,
+        const unsigned char *src, size_t slen)
+{
+    *olen = dlen;
+    return Base64_Encode((const byte *) src, (word32) slen, (byte *) dst, (word32 *) olen);
+}
+
+#else
+#error "No TLS/SSL Stack selected"
+#endif
+
+int esp_crypto_sha1( const unsigned char *input,
+                     size_t ilen,
+                     unsigned char output[20])
+{
+    return _esp_crypto_sha1(input, ilen, output);
+}
+
+int esp_crypto_base64_encode(unsigned char *dst, size_t dlen, size_t *olen,
+                             const unsigned char *src, size_t slen )
+{
+    return _esp_crypto_base64_encode(dst, dlen, olen, src, slen);
+}

components/esp-tls/esp-tls-crypto/esp_tls_crypto.h

@@ -0,0 +1,68 @@
+// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#ifndef _ESP_TLS_CRYPTO_H
+#define _ESP_TLS_CRYPTO_H
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Calculate sha1 sum
+ * esp-tls abstraction for crypto sha1 API, calculates the sha1 sum(digest) of
+ * the data provided in input which is of ilen size and returns
+ * a 20 char sha1 sum
+ * @param[in]   input   Input array
+ * @param[in]   ilen    Length of Input array
+ * @param[out]  output  calculated sha1 sum
+ *
+ * @return
+ * mbedtls stack:-
+ *              - MBEDTLS_ERR_SHA1_BAD_INPUT_DATA   on BAD INPUT.
+ *              -  0 on success.
+ * wolfssl stack:-
+ *              - -1    on failure.
+ *              -  0    on success.
+ */
+int esp_crypto_sha1(const unsigned char *input,
+                    size_t ilen,
+                    unsigned char output[20]);
+
+/**
+ * @brief Do Base64 encode of the src data
+ *
+ * @param[in]   dst   destination buffer
+ * @param[in]   dlen  length of destination buffer
+ * @param[out]  olen  number of bytes written
+ * @param[in]   src   src buffer to be encoded
+ * @param[in]   slen  src buffer len
+ *
+ * @return
+ * mbedtls stack:-
+ *               - MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL  if buffer is of insufficient size.
+ *               -  0   if successful.
+ * wolfssl stack:-
+ *               - <0   on failure.
+ *               -  0   if succcessful.
+ */
+int esp_crypto_base64_encode(unsigned char *dst, size_t dlen,
+                             size_t *olen, const unsigned char *src,
+                             size_t slen);
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* _ESP_TLS_CRYPTO_H */

components/esp_http_client/CMakeLists.txt

@@ -5,4 +5,4 @@ idf_component_register(SRCS "esp_http_client.c"
                     INCLUDE_DIRS "include"
                     PRIV_INCLUDE_DIRS "lib/include"
                     REQUIRES nghttp
-                    PRIV_REQUIRES mbedtls lwip esp-tls tcp_transport)
+                    PRIV_REQUIRES lwip esp-tls tcp_transport)

components/esp_http_client/Kconfig

@@ -5,7 +5,7 @@ menu "ESP HTTP client"
         bool "Enable https"
         default y
         help
-            This option will enable https protocol by linking mbedtls library and initializing SSL transport
+            This option will enable https protocol by linking esp-tls library and initializing SSL transport
 
     config ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH
         bool "Enable HTTP Basic Authentication"

components/esp_http_client/lib/http_auth.c

@@ -20,7 +20,7 @@
 #include "esp_netif.h"
 #include "lwip/sockets.h"
 #include "esp_rom_md5.h"
-#include "mbedtls/base64.h"
+#include "esp_tls_crypto.h"
 
 #include "esp_system.h"
 #include "esp_log.h"
@@ -140,11 +140,11 @@ char *http_auth_basic(const char *username, const char *password)
     size_t n = 0;
     asprintf(&user_info, "%s:%s", username, password);
     HTTP_MEM_CHECK(TAG, user_info, return NULL);
-    mbedtls_base64_encode(NULL, 0, &n, (const unsigned char *)user_info, strlen(user_info));
+    esp_crypto_base64_encode(NULL, 0, &n, (const unsigned char *)user_info, strlen(user_info));
     digest = calloc(1, 6 + n + 1);
     HTTP_MEM_CHECK(TAG, digest, goto _basic_exit);
     strcpy(digest, "Basic ");
-    mbedtls_base64_encode((unsigned char *)digest + 6, n, (size_t *)&out, (const unsigned char *)user_info, strlen(user_info));
+    esp_crypto_base64_encode((unsigned char *)digest + 6, n, (size_t *)&out, (const unsigned char *)user_info, strlen(user_info));
 _basic_exit:
     free(user_info);
     return digest;

components/tcp_transport/transport_ws.c

@@ -8,10 +8,9 @@
 #include "esp_transport_tcp.h"
 #include "esp_transport_ws.h"
 #include "esp_transport_utils.h"
-#include "mbedtls/base64.h"
-#include "mbedtls/sha1.h"
 #include "esp_transport_internal.h"
 #include "errno.h"
+#include "esp_tls_crypto.h"
 
 static const char *TAG = "TRANSPORT_WS";
 
@@ -118,7 +117,7 @@ static int ws_connect(esp_transport_handle_t t, const char *host, int port, int
     const char *user_agent_ptr = (ws->user_agent)?(ws->user_agent):"ESP32 Websocket Client";
 
     size_t outlen = 0;
-    mbedtls_base64_encode(client_key, sizeof(client_key), &outlen, random_key, sizeof(random_key));
+    esp_crypto_base64_encode(client_key, sizeof(client_key), &outlen, random_key, sizeof(random_key));
     int len = snprintf(ws->buffer, WS_BUFFER_SIZE,
                          "GET %s HTTP/1.1\r\n"
                          "Connection: Upgrade\r\n"
@@ -183,7 +182,7 @@ static int ws_connect(esp_transport_handle_t t, const char *host, int port, int
         return -1;
     }
 
-    // See mbedtls_sha1_ret() arg size
+    // See esp_crypto_sha1() arg size
     unsigned char expected_server_sha1[20];
     // Size of base64 coded string see above
     unsigned char expected_server_key[33] = {0};
@@ -194,8 +193,8 @@ static int ws_connect(esp_transport_handle_t t, const char *host, int port, int
     strcat((char*)expected_server_text, expected_server_magic);
 
     size_t key_len = strlen((char*)expected_server_text);
-    mbedtls_sha1_ret(expected_server_text, key_len, expected_server_sha1);
-    mbedtls_base64_encode(expected_server_key, sizeof(expected_server_key),  &outlen, expected_server_sha1, sizeof(expected_server_sha1));
+    esp_crypto_sha1(expected_server_text, key_len, expected_server_sha1);
+    esp_crypto_base64_encode(expected_server_key, sizeof(expected_server_key),  &outlen, expected_server_sha1, sizeof(expected_server_sha1));
     expected_server_key[ (outlen < sizeof(expected_server_key)) ? outlen : (sizeof(expected_server_key) - 1) ] = 0;
     ESP_LOGD(TAG, "server key=%s, send_key=%s, expected_server_key=%s", (char *)server_key, (char*)client_key, expected_server_key);
     if (strcmp((char*)expected_server_key, (char*)server_key) != 0) {