Merge pull request arduino#70 from bcmi-labs/fs_cert

Allow certificate loading from FS

Author: facchinm

extras/tls/mbedtls_alt/.gitignore

@@ -0,0 +1,3 @@
+*.o
+*.a
+*.d

libraries/Ethernet/examples/WebClientSSL/WebClientSSL.ino

@@ -0,0 +1,87 @@
+/*
+  TLS Ethernet Web client
+
+  Remeber to update the CA certificates using CertificateUploader sketch
+  before using this sketch.
+
+*/
+
+#include <Ethernet.h>
+#include <EthernetSSLClient.h>
+
+// if you don't want to use DNS (and reduce your sketch size)
+// use the numeric IP instead of the name for the server:
+//IPAddress server(74,125,232,128);  // numeric IP for Google (no DNS)
+char server[] = "www.google.com";    // name address for Google (using DNS)
+
+// Set the static IP address to use if the DHCP fails to assign
+IPAddress ip(192, 168, 0, 177);
+
+// Initialize the Ethernet client library
+// with the IP address and port of the server
+// that you want to connect to (port 80 is default for HTTP):
+EthernetSSLClient client;
+
+void setup() {
+  // Open serial communications and wait for port to open:
+  Serial.begin(9600);
+  
+  while (!Serial) {
+    ; // wait for serial port to connect. Needed for native USB port only
+  }
+
+  // start the Ethernet connection:
+  Serial.println("Starting Ethernet");
+  if (Ethernet.begin() == 0) {
+    Serial.println("Failed to configure Ethernet using DHCP");
+    // try to configure using IP address instead of DHCP:
+    Ethernet.begin(ip);
+  }
+  // give the Ethernet shield a second to initialize:
+  delay(1000);
+  Serial.println("Connecting...");
+
+  // if you get a connection, report back via serial:
+  if (client.connect(server, 443)) {
+    Serial.println("connected");
+    // Make a HTTP request:
+    client.println("GET / HTTP/1.1");
+    client.println("Host: www.google.com");
+    client.println("Connection: close");
+    client.println();
+  } else {
+    // if you didn't get a connection to the server:
+    Serial.println("connection failed");
+  }
+}
+
+/* just wrap the received data up to 80 columns in the serial print*/
+void read_request() {
+  uint32_t received_data_num = 0;
+  while (client.available()) {
+    /* actual data reception */
+    char c = client.read();
+    /* print data to serial port */
+    Serial.print(c);
+    /* wrap data to 80 columns*/
+    received_data_num++;
+    if(received_data_num % 80 == 0) { 
+      Serial.println();
+    }
+  }  
+}
+
+void loop() {
+ 
+  read_request();
+
+  // if the server's disconnected, stop the client:
+  if (!client.connected()) {
+    Serial.println();
+    Serial.println("disconnecting.");
+    client.stop();
+
+    // do nothing forevermore:
+    while (true);
+  }
+}

libraries/Ethernet/library.properties

@@ -8,5 +8,4 @@ category=Communication
 url=https://github.com/arduino/ArduinoCore-renesas/tree/master/libraries/Ethernet
 architectures=renesas
 includes=Ethernet.h
-precompiled=true
 

libraries/Ethernet/src/CEthernet.cpp renamed to libraries/Ethernet/src/Ethernet.cpp

@@ -65,7 +65,7 @@ int CEthernet::begin(IPAddress local_ip, IPAddress subnet, IPAddress gateway, IP
 }
 
 /* -------------------------------------------------------------------------- */
-void setDNS(IPAddress dns_server) {
+void CEthernet::setDNS(IPAddress dns_server) {
 /* -------------------------------------------------------------------------- */  
   CLwipIf::getInstance().addDns(dns_server);
 } 

libraries/Ethernet/src/ethernetDriver.cpp renamed to libraries/Ethernet/src/EthernetDriver.cpp

@@ -1,4 +1,4 @@
-#include "ethernetDriver.h"
+#include "EthernetDriver.h"
 #include "IRQManager.h"
 
 /* IMPORTANT NOTE: this driver is configured to use ZERO COPY 

libraries/Ethernet/src/ethernetDriver.h renamed to libraries/Ethernet/src/EthernetDriver.h

@@ -6,14 +6,17 @@ EthernetSSLClient::EthernetSSLClient()
 
   sslclient = new sslclient_context;
   _client = new EthernetClient;
-  ssl_init(sslclient, _client);
+
   _timeout = 1000;
   _CA_cert = NULL;
+  _CA_path = "/mbedtls";
   _cert = NULL;
   _private_key = NULL;
   _pskIdent = NULL;
   _psKey = NULL;
 
+  ssl_init(sslclient, _client, _CA_path);
+
   sslclient->handshake_timeout = 5000;
 }
 

libraries/Ethernet/src/EthernetSSLClient.cpp

@@ -1,5 +1,5 @@
-#ifndef ethernetsslclient_h
-#define ethernetsslclient_h
+#ifndef ARDUINO_LWIP_ETHERNET_SSL_CLIENT_H
+#define ARDUINO_LWIP_ETHERNET_SSL_CLIENT_H
 
 #include "EthernetClient.h"
 #include "SSLClient.h"

libraries/Ethernet/src/EthernetSSLClient.h

@@ -0,0 +1,112 @@
+#include "QSPIFlashBlockDevice.h"
+#include "FATFileSystem.h"
+#include "certificates.h"
+
+QSPIFlashBlockDevice root(PIN_QSPI_CLK, PIN_QSPI_SS, PIN_QSPI_D0, PIN_QSPI_D1, PIN_QSPI_D2, PIN_QSPI_D3);
+FATFileSystem root_fs("wlan");
+
+long getFileSize(FILE *fp) {
+    fseek(fp, 0, SEEK_END);
+    int size = ftell(fp);
+    fseek(fp, 0, SEEK_SET);
+    
+    return size;
+}
+
+void printProgress(uint32_t offset, uint32_t size, uint32_t threshold, bool reset) {
+  static int percent_done = 0;
+  if (reset == true) {
+    percent_done = 0;
+    Serial.println("Flashed " + String(percent_done) + "%");
+  } else {
+    uint32_t percent_done_new = offset * 100 / size;
+    if (percent_done_new >= percent_done + threshold) {
+      percent_done = percent_done_new;
+      Serial.println("Flashed " + String(percent_done) + "%");
+    }
+  }
+}
+
+void setup() {
+
+  Serial.begin(115200);
+  while (!Serial);
+
+  int err =  root_fs.mount(&root);
+  if (err) {
+    // Reformat if we can't mount the filesystem
+    // this should only happen on the first boot
+    Serial.println("No filesystem containing the WiFi firmware was found.");
+    Serial.println("Usually that means that the WiFi firmware has not been installed yet"
+                  " or was overwritten with another firmware.\n");
+    Serial.println("Formatting the filsystem to install the firmware and certificates...\n");
+    err = root_fs.reformat(&root);
+  }
+
+  DIR *dir;
+  struct dirent *ent;
+
+  if ((dir = opendir("/wlan")) != NULL) {
+    /* print all the files and directories within directory */
+    while ((ent = readdir (dir)) != NULL) {
+      Serial.println("Searching for WiFi firmware file " + String(ent->d_name) + " ...");
+      String fullname = "/wlan/" + String(ent->d_name);
+      if (fullname == "/wlan/cacert.pem") {
+        Serial.println("A WiFi firmware is already installed. "
+                       "Do you want to install the firmware anyway? Y/[n]");
+        while (1) {
+          if (Serial.available()) {
+            int c = Serial.read();
+            if (c == 'Y' || c == 'y') {
+              root_fs.reformat(&root);
+              break;
+            }
+            if (c == 'N' || c == 'n') {
+              Serial.println("It's now safe to reboot or disconnect your board.");
+              return;
+            }
+          }
+        }
+      }
+    }
+    closedir (dir);
+  }
+
+  
+
+  int chunck_size = 128;
+  int byte_count = 0;
+  FILE* fp = fopen("/wlan/cacert.pem", "wb");
+
+  Serial.println("Flashing certificates");
+  printProgress(byte_count, cacert_pem_len, 10, true);
+  while (byte_count < cacert_pem_len) {
+    if(byte_count + chunck_size > cacert_pem_len)
+      chunck_size = cacert_pem_len - byte_count;
+    int ret = fwrite(&cacert_pem[byte_count], chunck_size, 1 ,fp);
+    if (ret != 1) {
+      Serial.println("Error writing certificates");
+      break;
+    }
+    byte_count += chunck_size;
+    printProgress(byte_count, cacert_pem_len, 10, false);
+  }
+  fclose(fp);
+
+  fp = fopen("/wlan/cacert.pem", "rb");
+  char buffer[128];
+  int ret = fread(buffer, 1, 128, fp);
+  Serial.write(buffer, ret);
+  while (ret == 128) {
+    ret = fread(buffer, 1, 128, fp);
+    Serial.write(buffer, ret);
+  }
+  fclose(fp);
+
+  Serial.println("\nFirmware and certificates updated!");
+  Serial.println("It's now safe to reboot or disconnect your board.");
+}
+
+void loop() {
+
+}