Commit 00fd830c authored by Jozef Kralik's avatar Jozef Kralik

esp32: add security - wip

parent 0229e949
......@@ -67,6 +67,8 @@ port/contiki/symbols.*
port/openthread/output
port/esp32/build/
port/esp32/sdkconfig
port/esp32/esp-idf/
port/esp32/sdkconfig.old
*.o
*.cmd
*.tmp
......
......@@ -2,31 +2,30 @@ ESP32
# Build
## ubuntu
```
sudo apt install -y git wget flex bison gperf python3 python3-pip python3-setuptools python3-serial python3-click python3-cryptography python3-future python3-pyparsing python3-pyelftools cmake ninja-build ccache libffi-dev libssl-dev libusb-1.0-0
git clone --recursive https://github.com/espressif/esp-idf.git
./esp-idf/install.sh
. ./esp-idf/export.sh
idf.py set-target esp32
idf.py menuconfig // set wifi
idf.py build
idf.py -p (PORT) flash monitor
```
## Ubuntu
- sudo apt install -y git wget flex bison gperf python3 python3-pip python3-setuptools python3-serial python3-click python3-cryptography python3-future python3-pyparsing python3-pyelftools cmake ninja-build ccache libffi-dev libssl-dev libusb-1.0-0
- cd port/esp32
- git clone --recursive https://github.com/espressif/esp-idf.git
- ./esp-idf/install.sh
- . ./esp-idf/export.sh
- [CommonSteps][]
## windows
## Windows
- [install] (https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/windows-setup.html)
- Please select master repository
- Please select master repository and install it to iotivity-lite/port/esp32/esp-idf
- Install CMake
- Set PATH env to cmake, python
- Run esp-idf commandline
- cd iotivity-lite/port/esp32
- ```
idf.py set-target esp32
idf.py menuconfig // set wifi
idf.py build
idf.py -p (PORT) flash monitor
```
- [CommonSteps][]
## Common steps [CommonSteps] ##
```
idf.py set-target esp32
idf.py menuconfig // set wifi + mbedtls
( cd esp-idf/components/mbedtls/mbedtls && git am ../../../../patches/mbedtls/*.patch )
( cd esp-idf && git am ../patches/esp-idf/*.patch )
idf.py build
idf.py -p (PORT) flash monitor
```
......@@ -58,7 +58,7 @@ struct in6_pktinfo
((((__const uint32_t *)(a))[0] == 0) && (((__const uint32_t *)(a))[1] == 0) && (((__const uint32_t *)(a))[2] == htonl(0xffff)))
/* As not defined, just need to define is as something innocuous */
#define IPV6_PKTINFO IPV6_CHECKSUM
// #define IPV6_PKTINFO IPV6_CHECKSUM
/* Some outdated toolchains do not define IFA_FLAGS.
Note: Requires Linux kernel 3.14 or later. */
......@@ -693,7 +693,7 @@ recv_msg(int sock, uint8_t *recv_buf, int recv_buf_size,
struct cmsghdr *cmsg;
for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != 0; cmsg = CMSG_NXTHDR(&msg, cmsg))
{
if (cmsg->cmsg_level == IPPROTO_IPV6 && cmsg->cmsg_type == IPV6_PKTINFO)
if (cmsg->cmsg_level == IPPROTO_IPV6 /*&& cmsg->cmsg_type == IPV6_PKTINFO*/)
{
if (msg.msg_namelen != sizeof(struct sockaddr_in6))
{
......@@ -983,7 +983,7 @@ send_msg(int sock, struct sockaddr_storage *receiver, oc_message_t *message)
cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_level = IPPROTO_IPV6;
cmsg->cmsg_type = IPV6_PKTINFO;
// cmsg->cmsg_type = IPV6_PKTINFO;
cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
pktinfo = (struct in6_pktinfo *)CMSG_DATA(cmsg);
......@@ -1660,12 +1660,14 @@ int oc_connectivity_init(size_t device)
}
#ifdef OC_SECURITY
if (setsockopt(dev->secure_sock, IPPROTO_IPV6, IPV6_RECVPKTINFO, &on,
/*
if (setsockopt(dev->secure_sock, IPPROTO_IPV6, IPV6_PKTINFO, &on,
sizeof(on)) == -1)
{
OC_ERR("setting recvpktinfo option %d\n", errno);
return -1;
}
*/
if (setsockopt(dev->secure_sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) ==
-1)
{
......
......@@ -11,60 +11,51 @@ set(includes
)
set(sources
${CMAKE_CURRENT_SOURCE_DIR}/../../../deps/tinycbor/src/cborencoder.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../deps/tinycbor/src/cborencoder_close_container_checked.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../deps/tinycbor/src/cborparser.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../deps/tinycbor/src/cborencoder.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../deps/tinycbor/src/cborencoder_close_container_checked.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../deps/tinycbor/src/cborparser.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/cloud/oc_cloud_apis.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/cloud/oc_cloud_manager.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/cloud/oc_cloud_rd.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/cloud/oc_cloud_resource.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/cloud/oc_cloud_store.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/cloud/oc_cloud.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/cloud/rd_client.c
${CMAKE_CURRENT_SOURCE_DIR}/../adapter/src/random.c
${CMAKE_CURRENT_SOURCE_DIR}/../adapter/src/storage.c
${CMAKE_CURRENT_SOURCE_DIR}/../adapter/src/clock.c
${CMAKE_CURRENT_SOURCE_DIR}/../adapter/src/ipadapter.c
${CMAKE_CURRENT_SOURCE_DIR}/../adapter/src/abort.c
${CMAKE_CURRENT_SOURCE_DIR}/../adapter/src/debug_print.c
${CMAKE_CURRENT_SOURCE_DIR}/../adapter/src/vfs_pipe.c
${CMAKE_CURRENT_SOURCE_DIR}/../adapter/src/tcpadapter.c
${CMAKE_CURRENT_SOURCE_DIR}/../adapter/src/random.c
${CMAKE_CURRENT_SOURCE_DIR}/../adapter/src/storage.c
${CMAKE_CURRENT_SOURCE_DIR}/../adapter/src/clock.c
${CMAKE_CURRENT_SOURCE_DIR}/../adapter/src/ipadapter.c
${CMAKE_CURRENT_SOURCE_DIR}/../adapter/src/abort.c
${CMAKE_CURRENT_SOURCE_DIR}/../adapter/src/debug_print.c
${CMAKE_CURRENT_SOURCE_DIR}/../adapter/src/vfs_pipe.c
${CMAKE_CURRENT_SOURCE_DIR}/../adapter/src/tcpadapter.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../util/oc_etimer.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../util/oc_list.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../util/oc_memb.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../util/oc_mmem.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../util/oc_process.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../util/oc_timer.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_base64.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_blockwise.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_buffer.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_client_api.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_core_res.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_discovery.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_endpoint.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_helpers.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_introspection.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_main.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_network_events.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_rep.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_ri.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_server_api.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_uuid.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_enums.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_session_events.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../messaging/coap/coap.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../messaging/coap/engine.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../messaging/coap/observe.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../messaging/coap/separate.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../messaging/coap/transactions.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../util/oc_etimer.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../util/oc_list.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../util/oc_memb.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../util/oc_mmem.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../util/oc_process.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../util/oc_timer.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_base64.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_blockwise.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_buffer.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_client_api.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_collection.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_core_res.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_discovery.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_endpoint.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_helpers.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_introspection.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_main.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_network_events.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_rep.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_ri.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_server_api.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_uuid.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_enums.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_session_events.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../messaging/coap/coap.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../messaging/coap/engine.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../messaging/coap/observe.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../messaging/coap/separate.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../messaging/coap/transactions.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../messaging/coap/coap_signal.c
${CMAKE_CURRENT_SOURCE_DIR}/lightbulb.c
${CMAKE_CURRENT_SOURCE_DIR}/light_bulb_main.c
main.c
${CMAKE_CURRENT_SOURCE_DIR}/lightbulb.c
${CMAKE_CURRENT_SOURCE_DIR}/light_bulb_main.c
main.c
)
if (CONFIG_OC_DEBUG)
......@@ -77,14 +68,64 @@ endif()
if (CONFIG_TCP)
add_definitions(-DOC_TCP)
list(APPEND sources
${CMAKE_CURRENT_SOURCE_DIR}/../adapter/src/tcpadapter.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../messaging/coap/coap_signal.c
)
endif()
if (CONFIG_CLOUD)
add_definitions(-DOC_CLOUD -DOC_DYNAMIC_ALLOCATION -DOC_TCP -DOC_IPV4)
list(APPEND sources
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/cloud/oc_cloud_apis.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/cloud/oc_cloud_manager.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/cloud/oc_cloud_rd.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/cloud/oc_cloud_resource.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/cloud/oc_cloud_store.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/cloud/oc_cloud.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/cloud/rd_client.c
)
endif()
if (CONFIG_DYNAMIC)
add_definitions(-DOC_DYNAMIC_ALLOCATION)
list(APPEND sources
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_collection.c
)
endif()
if (CONFIG_SECURE)
add_definitions(-DOC_SECURITY -DOC_PKI -DAPP_DEBUG)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-format-truncation")
list(APPEND sources
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_acl.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_ael.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_audit.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_certs.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_cred.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_csr.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_doxm.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_keypair.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_obt.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_obt_certs.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_obt_otm_cert.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_obt_otm_justworks.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_obt_otm_randompin.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_pki.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_pstat.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_roles.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_sdi.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_sp.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_store.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_svr.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_tls.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/oc_clock.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/c-timestamp/timestamp_format.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/c-timestamp/timestamp_tm.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/c-timestamp/timestamp_valid.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/c-timestamp/timestamp_parse.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../api/c-timestamp/timestamp_compare.c
)
endif()
#add_definitions(-DOC_CLIENT)
......
......@@ -19,16 +19,18 @@
void lightbulb_damon_task(void *pvParameter)
{
APP_DBG("start lightbulb damon task...");
//APP_DBG("start lightbulb damon task...");
lightbulb_init();
bulb_state_t *esp_bulb_current_state = NULL;
while (1)
{
esp_bulb_current_state = get_current_bulb_state();
/*
APP_DBG("[update] on/off:%d interval:%d H:%f S:%f B:%d",
esp_bulb_current_state->set_on, esp_bulb_current_state->flash_interval,
esp_bulb_current_state->hue_value, esp_bulb_current_state->saturation_value, esp_bulb_current_state->brightness_value);
*/
// set light state to GPIO
lightbulb_set_hue(&(esp_bulb_current_state->hue_value));
......
......@@ -238,7 +238,7 @@ void lightbulb_set_on(void *p)
{
bool value = *(bool *)p;
APP_DBG("lightbulb_set_on : %s", value == true ? "true" : "false");
//APP_DBG("lightbulb_set_on : %s", value == true ? "true" : "false");
if (value == true)
{
......@@ -278,7 +278,7 @@ void lightbulb_set_saturation(void *p)
{
double value = *(double *)p;
APP_DBG("lightbulb_set_saturation : %f", value);
//APP_DBG("lightbulb_set_saturation : %f", value);
s_hsb_val.s = value;
......@@ -297,7 +297,7 @@ void lightbulb_set_hue(void *p)
{
double value = *(double *)p;
APP_DBG("lightbulb_set_hue : %f", value);
//APP_DBG("lightbulb_set_hue : %f", value);
s_hsb_val.h = value;
......@@ -316,7 +316,7 @@ void lightbulb_set_brightness(void *p)
{
int value = *(int *)p;
APP_DBG("lightbulb_set_brightness : %d", value);
//APP_DBG("lightbulb_set_brightness : %d", value);
s_hsb_val.b = value;
s_brightness = s_hsb_val.b;
......
......@@ -15,6 +15,8 @@
*/
#include "oc_api.h"
#include "oc_pki.h"
#include "oc_core_res.h"
#include "freertos/FreeRTOS.h"
#include "freertos/semphr.h"
......@@ -51,6 +53,7 @@ static const char *cis = "coap+tcp://try.plgd.cloud:5683";
static const char *auth_code = "1Ray-0w8s0_2lTg7";
static const char *sid = "00000000-0000-0000-0000-000000000001";
static const char *apn = "auth0";
static const char *device_name = "esp32";
static void
set_device_custom_property(void *data)
......@@ -63,7 +66,7 @@ static int
app_init(void)
{
int ret = oc_init_platform("Intel", NULL, NULL);
ret |= oc_add_device("/oic/d", "oic.d.light", "Kishen's light", "ocf.1.0.0",
ret |= oc_add_device("/oic/d", "oic.d.light", device_name, "ocf.1.0.0",
"ocf.res.1.0.0", set_device_custom_property, NULL);
return ret;
}
......@@ -146,6 +149,7 @@ register_resources(void)
oc_resource_set_request_handler(res, OC_POST, post_light, NULL);
oc_resource_set_request_handler(res, OC_PUT, put_light, NULL);
oc_add_resource(res);
oc_cloud_add_resource(res);
}
static void
......@@ -264,6 +268,65 @@ cloud_status_handler(oc_cloud_context_t *ctx, oc_cloud_status_t status,
}
}
void
factory_presets_cb_new(size_t device, void *data)
{
oc_device_info_t* dev = oc_core_get_device_info(device);
oc_free_string(&dev->name);
oc_new_string(&dev->name, device_name, strlen(device_name));
(void)data;
#if defined(OC_SECURITY) && defined(OC_PKI)
PRINT("factory_presets_cb: %d\n", (int) device);
const char* cert = "-----BEGIN CERTIFICATE-----\n"
"MIIB9zCCAZygAwIBAgIRAOwIWPAt19w7DswoszkVIEIwCgYIKoZIzj0EAwIwEzER\n"
"MA8GA1UEChMIVGVzdCBPUkcwHhcNMTkwNTAyMjAwNjQ4WhcNMjkwMzEwMjAwNjQ4\n"
"WjBHMREwDwYDVQQKEwhUZXN0IE9SRzEyMDAGA1UEAxMpdXVpZDpiNWEyYTQyZS1i\n"
"Mjg1LTQyZjEtYTM2Yi0wMzRjOGZjOGVmZDUwWTATBgcqhkjOPQIBBggqhkjOPQMB\n"
"BwNCAAQS4eiM0HNPROaiAknAOW08mpCKDQmpMUkywdcNKoJv1qnEedBhWne7Z0jq\n"
"zSYQbyqyIVGujnI3K7C63NRbQOXQo4GcMIGZMA4GA1UdDwEB/wQEAwIDiDAzBgNV\n"
"HSUELDAqBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMBBgorBgEEAYLefAEG\n"
"MAwGA1UdEwEB/wQCMAAwRAYDVR0RBD0wO4IJbG9jYWxob3N0hwQAAAAAhwR/AAAB\n"
"hxAAAAAAAAAAAAAAAAAAAAAAhxAAAAAAAAAAAAAAAAAAAAABMAoGCCqGSM49BAMC\n"
"A0kAMEYCIQDuhl6zj6gl2YZbBzh7Th0uu5izdISuU/ESG+vHrEp7xwIhANCA7tSt\n"
"aBlce+W76mTIhwMFXQfyF3awWIGjOcfTV8pU\n"
"-----END CERTIFICATE-----\n";
const char* key = "-----BEGIN EC PRIVATE KEY-----\n"
"MHcCAQEEIMPeADszZajrkEy4YvACwcbR0pSdlKG+m8ALJ6lj/ykdoAoGCCqGSM49\n"
"AwEHoUQDQgAEEuHojNBzT0TmogJJwDltPJqQig0JqTFJMsHXDSqCb9apxHnQYVp3\n"
"u2dI6s0mEG8qsiFRro5yNyuwutzUW0Dl0A==\n"
"-----END EC PRIVATE KEY-----\n";
const char* root_ca = "-----BEGIN CERTIFICATE-----\n"
"MIIBaTCCAQ+gAwIBAgIQR33gIB75I7Vi/QnMnmiWvzAKBggqhkjOPQQDAjATMREw\n"
"DwYDVQQKEwhUZXN0IE9SRzAeFw0xOTA1MDIyMDA1MTVaFw0yOTAzMTAyMDA1MTVa\n"
"MBMxETAPBgNVBAoTCFRlc3QgT1JHMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n"
"xbwMaS8jcuibSYJkCmuVHfeV3xfYVyUq8Iroz7YlXaTayspW3K4hVdwIsy/5U+3U\n"
"vM/vdK5wn2+NrWy45vFAJqNFMEMwDgYDVR0PAQH/BAQDAgEGMBMGA1UdJQQMMAoG\n"
"CCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0RBAQwAoIAMAoGCCqGSM49\n"
"BAMCA0gAMEUCIBWkxuHKgLSp6OXDJoztPP7/P5VBZiwLbfjTCVRxBvwWAiEAnzNu\n"
"6gKPwtKmY0pBxwCo3NNmzNpA6KrEOXE56PkiQYQ=\n"
"-----END CERTIFICATE-----\n";
int ee_credid = oc_pki_add_mfg_cert(0, (const unsigned char *)cert, strlen(cert),
(const unsigned char *)key, strlen(key));
if (ee_credid < 0) {
PRINT("ERROR installing manufacturer EE cert\n");
return;
}
int rootca_credid =
oc_pki_add_mfg_trust_anchor(0, (const unsigned char *)root_ca, strlen(root_ca));
if (rootca_credid < 0) {
PRINT("ERROR installing root cert\n");
return;
}
oc_pki_set_security_profile(0, OC_SP_BLACK, OC_SP_BLACK, ee_credid);
#endif /* OC_SECURITY && OC_PKI */
}
static void server_main(void *pvParameter)
{
int init;
......@@ -305,6 +368,7 @@ static void server_main(void *pvParameter)
#ifdef OC_SECURITY
oc_storage_config("./server_creds");
oc_set_factory_presets_cb(factory_presets_cb_new, NULL);
#endif /* OC_SECURITY */
init = oc_main_init(&handler);
......@@ -315,10 +379,12 @@ static void server_main(void *pvParameter)
if (ctx)
{
oc_cloud_manager_start(ctx, cloud_status_handler, NULL);
/*
if (cis)
{
oc_cloud_provision_conf_resource(ctx, cis, auth_code, sid, apn);
}
*/
}
while (quit != 1)
......@@ -358,12 +424,12 @@ void app_main(void)
initialise_wifi();
if (xTaskCreate(&server_main, "server_main", 15 * 1024, NULL, 5, NULL) != pdPASS)
if (xTaskCreate(&server_main, "server_main", 32 * 1024, NULL, 5, NULL) != pdPASS)
{
print_error("task create failed");
}
if (xTaskCreate(&lightbulb_damon_task, "lightbulb_damon_task", 8192, NULL, 5, NULL) != pdPASS)
if (xTaskCreate(&lightbulb_damon_task, "lightbulb_damon_task", 4096, NULL, 5, NULL) != pdPASS)
{
print_error("task create failed");
}
......
diff --git a/components/mbedtls/mbedtls b/components/mbedtls/mbedtls
index 90f46c8b1..f10c5683d 160000
--- a/components/mbedtls/mbedtls
+++ b/components/mbedtls/mbedtls
@@ -1 +1 @@
-Subproject commit 90f46c8b17bc1219a82d4ddf81520d40c5ac5ebf
+Subproject commit f10c5683d1750157d84b2e4dc2fd94cf4bce6cf8
diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
index 60826e6c2..adc4437b9 100644
--- a/components/mbedtls/port/include/mbedtls/esp_config.h
+++ b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -2463,6 +2463,8 @@
#include MBEDTLS_USER_CONFIG_FILE
#endif
+#define MBEDTLS_X509_EXPANDED_SUBJECT_ALT_NAME_SUPPORT
+
#include "mbedtls/check_config.h"
#endif /* MBEDTLS_CONFIG_H */
This diff is collapsed.
From 046071fb9684588dfbc3d69894ecf198bd6ecd6c Mon Sep 17 00:00:00 2001
From: Jozef Kralik <jozef.kralik@kistler.com>
Date: Thu, 1 Oct 2020 22:01:31 +0200
Subject: [PATCH 2/5] constrained
---
library/entropy_poll.c | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index cfadd4e2c..3550a837c 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -77,12 +77,32 @@
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
- !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
+ !defined(__APPLE__) && !defined(_WIN32) && !defined(__OC_RANDOM) && !defined(__QNXNTO__) && \
!defined(__HAIKU__)
#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h"
#endif
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+#ifdef __OC_RANDOM
+#include <string.h>
+#include "port/oc_random.h"
+
+int mbedtls_platform_entropy_poll( void *data,
+ unsigned char *output, size_t len, size_t *olen )
+{
+ (void) data;
+ *olen = 0;
+ do {
+ unsigned int val = oc_random_value();
+ size_t l = (len > sizeof(val))?sizeof(val):len;
+ memcpy(output + *olen, &val, l);
+ len -= l;
+ *olen += l;
+ } while (len > 0);
+
+ return 0;
+}
+
+#elif defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
#if !defined(_WIN32_WINNT)
#define _WIN32_WINNT 0x0400
--
2.19.2.windows.1
From 5f1aabf14204e531f4ac9597873a862c3f4efcd9 Mon Sep 17 00:00:00 2001
From: Kishen Maloor <kishen.maloor@intel.com>
Date: Tue, 15 Oct 2019 14:40:08 +0300
Subject: [PATCH 3/5] ocf C99
---
include/mbedtls/x509_crt.h | 4 ++--
library/x509_crt.c | 34 +++++++++++++++++-----------------
library/x509write_crt.c | 6 +++---
3 files changed, 22 insertions(+), 22 deletions(-)
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 576234699..5141fa7f5 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -85,11 +85,11 @@ typedef enum
typedef struct mbedtls_x509_general_name
{
mbedtls_x509_general_name_choice name_type;
- union
+ union name
{
mbedtls_x509_buf dns_name;
mbedtls_x509_name *directory_name;
- };
+ } name;
} mbedtls_x509_general_name;
typedef struct mbedtls_x509_general_names
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 9135c99b1..d214f4b58 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -702,9 +702,9 @@ static int x509_get_subject_alt_name( unsigned char **p,
{
case ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ): /* dNSName */
general_name.name_type = MBEDTLS_X509_GENERALNAME_DNSNAME;
- general_name.dns_name.tag = tag;
- general_name.dns_name.p = *p;
- general_name.dns_name.len = tag_len;
+ general_name.name.dns_name.tag = tag;
+ general_name.name.dns_name.p = *p;
+ general_name.name.dns_name.len = tag_len;
*p += tag_len;
break;
case ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 4 ): /* directoryName */
@@ -712,10 +712,10 @@ static int x509_get_subject_alt_name( unsigned char **p,
if( ( ret = mbedtls_asn1_get_tag( p, end, &name_len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
- general_name.directory_name = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
- if ( general_name.directory_name == NULL )
+ general_name.name.directory_name = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
+ if ( general_name.name.directory_name == NULL )
return( MBEDTLS_ERR_X509_ALLOC_FAILED );
- if( ( ret = mbedtls_x509_get_name( p, *p + name_len, general_name.directory_name ) ) != 0 )
+ if( ( ret = mbedtls_x509_get_name( p, *p + name_len, general_name.name.directory_name ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
break;
default:
@@ -1514,7 +1514,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
switch ( cur->general_name.name_type )
{
case MBEDTLS_X509_GENERALNAME_DNSNAME:
- i = cur->general_name.dns_name.len + sep_len;
+ i = cur->general_name.name.dns_name.len + sep_len;
if( i >= n )
{
@@ -1525,8 +1525,8 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
n -= i;
for( i = 0; i < sep_len; i++ )
*p++ = sep[i];
- for( i = 0; i < cur->general_name.dns_name.len; i++ )
- *p++ = cur->general_name.dns_name.p[i];
+ for( i = 0; i < cur->general_name.name.dns_name.len; i++ )
+ *p++ = cur->general_name.name.dns_name.p[i];
break;
@@ -1544,7 +1544,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
for( i = 0; i < LABEL_LEN( x509_directory_name_label ); i++ )
*p++ = x509_directory_name_label[i];
- ret = mbedtls_x509_dn_gets( p, n, cur->general_name.directory_name );
+ ret = mbedtls_x509_dn_gets( p, n, cur->general_name.name.directory_name );
if( ret < 0 || ( (size_t) ret ) >= n )
{
*p = '\0';
@@ -2637,13 +2637,13 @@ static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
/* Only consider dNSName subject alternative names for this check; ignore other types. */
if ( cur->general_name.name_type == MBEDTLS_X509_GENERALNAME_DNSNAME )
{
- if ( cur->general_name.dns_name.len == cn_len &&
- x509_memcasecmp( cn, cur->general_name.dns_name.p, cn_len ) == 0 )
+ if ( cur->general_name.name.dns_name.len == cn_len &&
+ x509_memcasecmp( cn, cur->general_name.name.dns_name.p, cn_len ) == 0 )
break;
- if ( cur->general_name.dns_name.len > 2 &&
- memcmp( cur->general_name.dns_name.p, "*.", 2 ) == 0 &&
- x509_check_wildcard( cn, &cur->general_name.dns_name ) == 0 )
+ if ( cur->general_name.name.dns_name.len > 2 &&
+ memcmp( cur->general_name.name.dns_name.p, "*.", 2 ) == 0 &&
+ x509_check_wildcard( cn, &cur->general_name.name.dns_name ) == 0 )
{
break;
}
@@ -2884,7 +2884,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
#if defined(MBEDTLS_X509_EXPANDED_SUBJECT_ALT_NAME_SUPPORT)
if ( cert_cur->subject_alt_names.general_name.name_type == MBEDTLS_X509_GENERALNAME_DIRECTORYNAME )
{
- name_cur = cert_cur->subject_alt_names.general_name.directory_name;
+ name_cur = cert_cur->subject_alt_names.general_name.name.directory_name;
while ( name_cur != NULL )
{