Initial SSL implementation

Author: Me No Dev

src/ESPAsyncTCP.cpp

@@ -28,6 +28,7 @@ extern "C"{
   #include "lwip/inet.h"
   #include "lwip/dns.h"
 }
+#include "lwipr_compat.h"
 
 /*
   Async TCP Client
@@ -47,6 +48,8 @@ AsyncClient::AsyncClient(tcp_pcb* pcb):
   , _timeout_cb(0)
   , _timeout_cb_arg(0)
   , _pcb_busy(false)
+  , _pcb_secure(false)
+  , _handshake_done(true)
   , _pcb_sent_at(0)
   , _close_pcb(false)
   , _ack_pcb(true)
@@ -73,7 +76,7 @@ AsyncClient::~AsyncClient(){
     _close();
 }
 
-bool AsyncClient::connect(IPAddress ip, uint16_t port){
+bool AsyncClient::connect(IPAddress ip, uint16_t port, bool secure){
 
   if (_pcb) //already connected
     return false;
@@ -88,18 +91,22 @@ bool AsyncClient::connect(IPAddress ip, uint16_t port){
   if (!pcb) //could not allocate pcb
     return false;
 
+  _pcb_secure = secure;
+  _handshake_done = !secure;
   tcp_arg(pcb, this);
   tcp_err(pcb, &_s_error);
   tcp_connect(pcb, &addr, port,(tcp_connected_fn)&_s_connected);
   return true;
 }
 
-bool AsyncClient::connect(const char* host, uint16_t port) {
+bool AsyncClient::connect(const char* host, uint16_t port, bool secure) {
   ip_addr_t addr;
   err_t err = dns_gethostbyname(host, &addr, (dns_found_callback)&_s_dns_found, this);
   if(err == ERR_OK) {
-    return connect(IPAddress(addr.addr), port);
+    return connect(IPAddress(addr.addr), port, secure);
   } else if(err == ERR_INPROGRESS) {
+    _pcb_secure = secure;
+    _handshake_done = !secure;
     _connect_port = port;
     return true;
   }
@@ -165,6 +172,13 @@ size_t AsyncClient::write(const char* data, size_t size) {
     return 0;
   if(!canSend())
     return 0;
+  if(_pcb_secure){
+    int sent = axl_write(_pcb, (uint8_t*)data, size);
+    if(sent >= 0)
+      return sent;
+    //ssl error
+    return 0;
+  }
   size_t room = tcp_sndbuf(_pcb);
   size_t will_send = (room < size) ? room : size;
   int8_t err = tcp_write(_pcb, data, will_send, 0);
@@ -188,6 +202,13 @@ size_t AsyncClient::add(const char* data, size_t size) {
   size_t room = tcp_sndbuf(_pcb);
   if(!room)
     return 0;
+  if(_pcb_secure){
+    int sent = axl_write(_pcb, (uint8_t*)data, size);
+    if(sent >= 0)
+      return sent;
+    //ssl error
+    return 0;
+  }
   size_t will_send = (room < size) ? room : size;
   int8_t err = tcp_write(_pcb, data, will_send, 0);
   if(err != ERR_OK)
@@ -196,6 +217,8 @@ size_t AsyncClient::add(const char* data, size_t size) {
 }
 
 bool AsyncClient::send(){
+  if(_pcb_secure)
+    return true;
   if(!canSend())
     return false;
   if(tcp_output(_pcb) == ERR_OK){
@@ -225,6 +248,8 @@ int8_t AsyncClient::_close(){
     tcp_recv(_pcb, NULL);
     tcp_err(_pcb, NULL);
     tcp_poll(_pcb, NULL, 0);
+    if(_pcb_secure)
+      axl_free(_pcb);
     err = tcp_close(_pcb);
     if(err != ERR_OK) {
       err = abort();
@@ -239,13 +264,23 @@ int8_t AsyncClient::_close(){
 int8_t AsyncClient::_connected(void* pcb, int8_t err){
   _pcb = reinterpret_cast<tcp_pcb*>(pcb);
   if(_pcb){
+    if(_pcb_secure){
+      axl_tcp_t * axl = axl_new(_pcb);
+      if(axl == NULL){
+        return _close();
+      }
+      axl_arg(_pcb, this);
+      axl_data(_pcb, &_s_data);
+      axl_handshake(_pcb, &_s_handshake);
+      axl_err(_pcb, &_s_ssl_error);
+    }
     tcp_setprio(_pcb, TCP_PRIO_MIN);
     tcp_recv(_pcb, &_s_recv);
     tcp_sent(_pcb, &_s_sent);
     tcp_poll(_pcb, &_s_poll, 1);
     _pcb_busy = false;
   }
-  if(_connect_cb)
+  if(!_pcb_secure && _connect_cb)
     _connect_cb(_connect_cb_arg, this);
   return ERR_OK;
 }
@@ -257,6 +292,8 @@ void AsyncClient::_error(int8_t err) {
     tcp_recv(_pcb, NULL);
     tcp_err(_pcb, NULL);
     tcp_poll(_pcb, NULL, 0);
+    if(_pcb_secure)
+      axl_free(_pcb);
     _pcb = NULL;
   }
   if(_error_cb)
@@ -265,6 +302,11 @@ void AsyncClient::_error(int8_t err) {
     _discard_cb(_discard_cb_arg, this);
 }
 
+void AsyncClient::_ssl_error(int8_t err){
+  if(_error_cb)
+    _error_cb(_error_cb_arg, this, err+64);
+}
+
 int8_t AsyncClient::_sent(tcp_pcb* pcb, uint16_t len) {
   _rx_last_packet = millis();
   _pcb_busy = false;
@@ -279,7 +321,16 @@ int8_t AsyncClient::_recv(tcp_pcb* pcb, pbuf* pb, int8_t err) {
   }
 
   _rx_last_packet = millis();
-  //use callback (onData defined)
+  if(_pcb_secure){
+    int read_bytes = axl_read(pcb, pb);
+    if(read_bytes < 0){
+      if (read_bytes != SSL_CLOSE_NOTIFY && read_bytes != SSL_ERROR_CONN_LOST) {
+        _close();
+      }
+      return read_bytes;
+    }
+    return ERR_OK;
+  }
   while(pb != NULL){
     //we should not ack before we assimilate the data
     _ack_pcb = true;
@@ -326,7 +377,7 @@ int8_t AsyncClient::_poll(tcp_pcb* pcb){
 
 void AsyncClient::_dns_found(ip_addr_t *ipaddr){
   if(ipaddr){
-    connect(IPAddress(ipaddr->addr), _connect_port);
+    connect(IPAddress(ipaddr->addr), _connect_port, _pcb_secure);
   } else {
     if(_error_cb)
       _error_cb(_error_cb_arg, this, -55);
@@ -361,6 +412,24 @@ int8_t AsyncClient::_s_connected(void* arg, void* tpcb, int8_t err){
     return reinterpret_cast<AsyncClient*>(arg)->_connected(tpcb, err);
 }
 
+void AsyncClient::_s_data(void *arg, struct tcp_pcb *tcp, uint8_t * data, size_t len){
+  AsyncClient *c = reinterpret_cast<AsyncClient*>(arg);
+  if(c->_recv_cb)
+    c->_recv_cb(c->_recv_cb_arg, c, data, len);
+}
+
+void AsyncClient::_s_handshake(void *arg, struct tcp_pcb *tcp, SSL *ssl){
+  AsyncClient *c = reinterpret_cast<AsyncClient*>(arg);
+  c->_handshake_done = true;
+  if(c->_connect_cb)
+    c->_connect_cb(c->_connect_cb_arg, c);
+}
+
+void AsyncClient::_s_ssl_error(void *arg, struct tcp_pcb *tcp, int8_t err){
+  reinterpret_cast<AsyncClient*>(arg)->_ssl_error(err);
+}
+
+
 // Operators
 
 AsyncClient & AsyncClient::operator+=(const AsyncClient &other) {
@@ -447,6 +516,16 @@ uint16_t AsyncClient::localPort() {
   return getLocalPort();
 }
 
+SSL * AsyncClient::getSSL(){
+  if(_pcb && _pcb_secure){
+    axl_tcp_t* axl = axl_get(_pcb);
+    if(axl){
+      return axl->ssl;
+    }
+  }
+  return NULL;
+}
+
 uint8_t AsyncClient::state() {
   if(!_pcb)
     return 0;
@@ -456,7 +535,7 @@ uint8_t AsyncClient::state() {
 bool AsyncClient::connected(){
   if (!_pcb)
     return false;
-  return _pcb->state == 4;
+  return _pcb->state == 4 && _handshake_done;
 }
 
 bool AsyncClient::connecting(){

src/ESPAsyncTCP.h

@@ -44,6 +44,8 @@ typedef std::function<void(void*, AsyncClient*, uint32_t time)> AcTimeoutHandler
 struct tcp_pcb;
 struct pbuf;
 struct ip_addr;
+struct SSL_;
+typedef struct SSL_ SSL;
 
 class AsyncClient {
   protected:
@@ -64,6 +66,8 @@ class AsyncClient {
     AcConnectHandler _poll_cb;
     void* _poll_cb_arg;
     bool _pcb_busy;
+    bool _pcb_secure;
+    bool _handshake_done;
     uint32_t _pcb_sent_at;
     bool _close_pcb;
     bool _ack_pcb;
@@ -76,6 +80,7 @@ class AsyncClient {
     int8_t _close();
     int8_t _connected(void* pcb, int8_t err);
     void _error(int8_t err);
+    void _ssl_error(int8_t err);
     int8_t _poll(tcp_pcb* pcb);
     int8_t _sent(tcp_pcb* pcb, uint16_t len);
     int8_t _recv(tcp_pcb* pcb, pbuf* pb, int8_t err);
@@ -86,6 +91,9 @@ class AsyncClient {
     static int8_t _s_sent(void *arg, struct tcp_pcb *tpcb, uint16_t len);
     static int8_t _s_connected(void* arg, void* tpcb, int8_t err);
     static void _s_dns_found(const char *name, struct ip_addr *ipaddr, void *arg);
+    static void _s_data(void *arg, struct tcp_pcb *tcp, uint8_t * data, size_t len);
+    static void _s_handshake(void *arg, struct tcp_pcb *tcp, SSL *ssl);
+    static void _s_ssl_error(void *arg, struct tcp_pcb *tcp, int8_t err);
 
   public:
     AsyncClient* prev;
@@ -103,8 +111,8 @@ class AsyncClient {
       return !(*this == other);
     }
 
-    bool connect(IPAddress ip, uint16_t port);
-    bool connect(const char* host, uint16_t port);
+    bool connect(IPAddress ip, uint16_t port, bool secure=false);
+    bool connect(const char* host, uint16_t port, bool secure=false);
     void close(bool now = false);
     void stop();
     int8_t abort();
@@ -117,6 +125,7 @@ class AsyncClient {
     size_t ack(size_t len); //ack data that you have not acked using the method below
     void ackLater(){ _ack_pcb = false; } //will not ack the current packet. Call from onData
 
+    SSL *getSSL();
 
     size_t write(const char* data);
     size_t write(const char* data, size_t size); //only when canSend() == true

src/SyncClient.cpp

@@ -53,26 +53,26 @@ SyncClient::~SyncClient(){
   }
 }
 
-int SyncClient::connect(IPAddress ip, uint16_t port){
+int SyncClient::connect(IPAddress ip, uint16_t port, bool secure){
   if(_client != NULL && connected())
     return 0;
   _client = new AsyncClient();
   _client->onConnect([](void *obj, AsyncClient *c){ ((SyncClient*)(obj))->_onConnect(c); }, this);
-  if(_client->connect(ip, port)){
-    while(_client->state() < 4)
+  if(_client->connect(ip, port, secure)){
+    while(_client != NULL && !_client->connected() && !_client->disconnecting())
       delay(1);
     return connected();
   }
   return 0;
 }
 
-int SyncClient::connect(const char *host, uint16_t port){
+int SyncClient::connect(const char *host, uint16_t port, bool secure){
   if(_client != NULL && connected())
     return 0;
   _client = new AsyncClient();
   _client->onConnect([](void *obj, AsyncClient *c){ ((SyncClient*)(obj))->_onConnect(c); }, this);
-  if(_client->connect(host, port)){
-    while(_client->state() < 4)
+  if(_client->connect(host, port, secure)){
+    while(_client != NULL && !_client->connected() && !_client->disconnecting())
       delay(1);
     return connected();
   }

src/SyncClient.h

@@ -47,8 +47,14 @@ class SyncClient: public Client {
     operator bool(){ return connected(); }
     SyncClient & operator=(const SyncClient &other);
 
-    int connect(IPAddress ip, uint16_t port);
-    int connect(const char *host, uint16_t port);
+    int connect(IPAddress ip, uint16_t port, bool secure);
+    int connect(const char *host, uint16_t port, bool secure);
+    int connect(IPAddress ip, uint16_t port){
+      return connect(ip, port, false);
+    }
+    int connect(const char *host, uint16_t port){
+      return connect(host, port, false);
+    }
     void setTimeout(uint32_t seconds);
 
     uint8_t status();