Sternenlabor/nuki_hub
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add and remove libs and components for Arduino Core 3 (#400)

Browse Source 
* Add and remove libs and components for Arduino Core 3

* Add back NimBLE-Arduino in resources
This commit is contained in:
iranl
2024-06-20 18:34:49 +02:00
committed by GitHub
parent 90d13068c9
commit b673fb4d5c
1217 changed files with 118233 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
lib/NetworkClientSecure/examples/WiFiClientInsecure/WiFiClientInsecure.ino Normal file
View File

@@ -0,0 +1,70 @@
#include <NetworkClientSecure.h>
#include <WiFi.h>
/* This is a very INSECURE approach.
* If for some reason the secure, proper example NetworkClientSecure
* does not work for you; then you may want to check the
* NetworkClientTrustOnFirstUse example first. It is less secure than
* NetworkClientSecure, but a lot better than this totally insecure
* approach shown below.
*/
const char *ssid = "your-ssid"; // your network SSID (name of wifi network)
const char *password = "your-password"; // your network password
const char *server = "www.howsmyssl.com"; // Server URL
NetworkClientSecure client;
void setup() {
//Initialize serial and wait for port to open:
Serial.begin(115200);
delay(100);
Serial.print("Attempting to connect to SSID: ");
Serial.println(ssid);
WiFi.begin(ssid, password);
// attempt to connect to Wifi network:
while (WiFi.status() != WL_CONNECTED) {
Serial.print(".");
// wait 1 second for re-trying
delay(1000);
}
Serial.print("Connected to ");
Serial.println(ssid);
Serial.println("\nStarting connection to server...");
client.setInsecure(); //skip verification
if (!client.connect(server, 443)) {
Serial.println("Connection failed!");
} else {
Serial.println("Connected to server!");
// Make a HTTP request:
client.println("GET https://www.howsmyssl.com/a/check HTTP/1.0");
client.println("Host: www.howsmyssl.com");
client.println("Connection: close");
client.println();
while (client.connected()) {
String line = client.readStringUntil('\n');
if (line == "\r") {
Serial.println("headers received");
break;
}
}
// if there are incoming bytes available
// from the server, read them and print them:
while (client.available()) {
char c = client.read();
Serial.write(c);
}
client.stop();
}
}
void loop() {
// do nothing
}

5
lib/NetworkClientSecure/examples/WiFiClientInsecure/ci.json Normal file
View File

@@ -0,0 +1,5 @@
{
"targets": {
"esp32h2": false
}
}

86
lib/NetworkClientSecure/examples/WiFiClientPSK/WiFiClientPSK.ino Normal file
View File

@@ -0,0 +1,86 @@
/*
Wifi secure connection example for ESP32 using a pre-shared key (PSK)
This is useful with MQTT servers instead of using a self-signed cert, tested with mosquitto.
Running on TLS 1.2 using mbedTLS
To test run a test server using: openssl s_server -accept 8443 -psk 1a2b3c4d -nocert
It will show the http request made, but there's no easy way to send a reply back...
2017 - Evandro Copercini - Apache 2.0 License.
2018 - Adapted for PSK by Thorsten von Eicken
*/
#include <NetworkClientSecure.h>
#include <WiFi.h>
#if 0
const char* ssid = "your-ssid"; // your network SSID (name of wifi network)
const char* password = "your-password"; // your network password
#else
const char *ssid = "test"; // your network SSID (name of wifi network)
const char *password = "securetest"; // your network password
#endif
//const char* server = "server.local"; // Server hostname
const IPAddress server = IPAddress(192, 168, 0, 14); // Server IP address
const int port = 8443; // server's port (8883 for MQTT)
const char *pskIdent = "Client_identity"; // PSK identity (sometimes called key hint)
const char *psKey = "1a2b3c4d"; // PSK Key (must be hex string without 0x)
NetworkClientSecure client;
void setup() {
//Initialize serial and wait for port to open:
Serial.begin(115200);
delay(100);
Serial.print("Attempting to connect to SSID: ");
Serial.println(ssid);
WiFi.begin(ssid, password);
// attempt to connect to Wifi network:
while (WiFi.status() != WL_CONNECTED) {
Serial.print(".");
// wait 1 second for re-trying
delay(1000);
}
Serial.print("Connected to ");
Serial.println(ssid);
client.setPreSharedKey(pskIdent, psKey);
Serial.println("\nStarting connection to server...");
if (!client.connect(server, port)) {
Serial.println("Connection failed!");
} else {
Serial.println("Connected to server!");
// Make a HTTP request:
client.println("GET /a/check HTTP/1.0");
client.print("Host: ");
client.println(server);
client.println("Connection: close");
client.println();
while (client.connected()) {
String line = client.readStringUntil('\n');
if (line == "\r") {
Serial.println("headers received");
break;
}
}
// if there are incoming bytes available
// from the server, read them and print them:
while (client.available()) {
char c = client.read();
Serial.write(c);
}
client.stop();
}
}
void loop() {
// do nothing
}

5
lib/NetworkClientSecure/examples/WiFiClientPSK/ci.json Normal file
View File

@@ -0,0 +1,5 @@
{
"targets": {
"esp32h2": false
}
}

102
lib/NetworkClientSecure/examples/WiFiClientSecure/WiFiClientSecure.ino Normal file
View File

@@ -0,0 +1,102 @@
/*
Wifi secure connection example for ESP32
Running on TLS 1.2 using mbedTLS
Supporting the following ciphersuites:
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CCM","TLS_DHE_RSA_WITH_AES_256_CCM","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","TLS_DHE_RSA_WITH_AES_256_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_DHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8","TLS_DHE_RSA_WITH_AES_256_CCM_8","TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_DHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CCM","TLS_DHE_RSA_WITH_AES_128_CCM","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_DHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_DHE_RSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8","TLS_DHE_RSA_WITH_AES_128_CCM_8","TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA","TLS_DHE_PSK_WITH_AES_256_GCM_SHA384","TLS_DHE_PSK_WITH_AES_256_CCM","TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384","TLS_DHE_PSK_WITH_AES_256_CBC_SHA384","TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA","TLS_DHE_PSK_WITH_AES_256_CBC_SHA","TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384","TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384","TLS_PSK_DHE_WITH_AES_256_CCM_8","TLS_DHE_PSK_WITH_AES_128_GCM_SHA256","TLS_DHE_PSK_WITH_AES_128_CCM","TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256","TLS_DHE_PSK_WITH_AES_128_CBC_SHA256","TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA","TLS_DHE_PSK_WITH_AES_128_CBC_SHA","TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256","TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256","TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256","TLS_PSK_DHE_WITH_AES_128_CCM_8","TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA","TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA","TLS_RSA_WITH_AES_256_GCM_SHA384","TLS_RSA_WITH_AES_256_CCM","TLS_RSA_WITH_AES_256_CBC_SHA256","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_256_CCM_8","TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA","TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384","TLS_RSA_WITH_AES_128_GCM_SHA256","TLS_RSA_WITH_AES_128_CCM","TLS_RSA_WITH_AES_128_CBC_SHA256","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_128_CCM_8","TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA","TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256","TLS_RSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA","TLS_RSA_PSK_WITH_AES_256_GCM_SHA384","TLS_RSA_PSK_WITH_AES_256_CBC_SHA384","TLS_RSA_PSK_WITH_AES_256_CBC_SHA","TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384","TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384","TLS_RSA_PSK_WITH_AES_128_GCM_SHA256","TLS_RSA_PSK_WITH_AES_128_CBC_SHA256","TLS_RSA_PSK_WITH_AES_128_CBC_SHA","TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256","TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256","TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA","TLS_PSK_WITH_AES_256_GCM_SHA384","TLS_PSK_WITH_AES_256_CCM","TLS_PSK_WITH_AES_256_CBC_SHA384","TLS_PSK_WITH_AES_256_CBC_SHA","TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384","TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384","TLS_PSK_WITH_AES_256_CCM_8","TLS_PSK_WITH_AES_128_GCM_SHA256","TLS_PSK_WITH_AES_128_CCM","TLS_PSK_WITH_AES_128_CBC_SHA256","TLS_PSK_WITH_AES_128_CBC_SHA","TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256","TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256","TLS_PSK_WITH_AES_128_CCM_8","TLS_PSK_WITH_3DES_EDE_CBC_SHA","TLS_EMPTY_RENEGOTIATION_INFO_SCSV"]
2017 - Evandro Copercini - Apache 2.0 License.
*/
#include <NetworkClientSecure.h>
#include <WiFi.h>
const char *ssid = "your-ssid"; // your network SSID (name of wifi network)
const char *password = "your-password"; // your network password
const char *server = "www.howsmyssl.com"; // Server URL
// www.howsmyssl.com root certificate authority, to verify the server
// change it to your server root CA
// SHA1 fingerprint is broken now!
const char *test_root_ca = "-----BEGIN CERTIFICATE-----\n"
"MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/\n"
"MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\n"
"DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow\n"
"PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD\n"
"Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
"AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O\n"
"rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq\n"
"OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b\n"
"xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw\n"
"7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD\n"
"aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV\n"
"HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG\n"
"SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69\n"
"ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr\n"
"AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz\n"
"R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5\n"
"JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo\n"
"Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ\n"
"-----END CERTIFICATE-----\n";
// You can use x.509 client certificates if you want
//const char* test_client_key = ""; //to verify the client
//const char* test_client_cert = ""; //to verify the client
NetworkClientSecure client;
void setup() {
//Initialize serial and wait for port to open:
Serial.begin(115200);
delay(100);
Serial.print("Attempting to connect to SSID: ");
Serial.println(ssid);
WiFi.begin(ssid, password);
// attempt to connect to Wifi network:
while (WiFi.status() != WL_CONNECTED) {
Serial.print(".");
// wait 1 second for re-trying
delay(1000);
}
Serial.print("Connected to ");
Serial.println(ssid);
client.setCACert(test_root_ca);
//client.setCertificate(test_client_cert); // for client verification
//client.setPrivateKey(test_client_key); // for client verification
Serial.println("\nStarting connection to server...");
if (!client.connect(server, 443)) {
Serial.println("Connection failed!");
} else {
Serial.println("Connected to server!");
// Make a HTTP request:
client.println("GET https://www.howsmyssl.com/a/check HTTP/1.0");
client.println("Host: www.howsmyssl.com");
client.println("Connection: close");
client.println();
while (client.connected()) {
String line = client.readStringUntil('\n');
if (line == "\r") {
Serial.println("headers received");
break;
}
}
// if there are incoming bytes available
// from the server, read them and print them:
while (client.available()) {
char c = client.read();
Serial.write(c);
}
client.stop();
}
}
void loop() {
// do nothing
}

5
lib/NetworkClientSecure/examples/WiFiClientSecure/ci.json Normal file
View File

@@ -0,0 +1,5 @@
{
"targets": {
"esp32h2": false
}
}

132
lib/NetworkClientSecure/examples/WiFiClientSecureEnterprise/WiFiClientSecureEnterprise.ino Normal file
View File

@@ -0,0 +1,132 @@
/*|-----------------------------------------------------------|*/
/*|WORKING EXAMPLE FOR HTTPS CONNECTION |*/
/*|Author: Bc. Martin Chlebovec |*/
/*|Technical University of Košice |*/
/*|TESTED BOARDS: Devkit v1 DOIT, Devkitc v4 |*/
/*|CORE: 0.9x, 1.0.0, 1.0.1 tested, working (newer not tested)|*/
/*|Supported methods: PEAP + MsCHAPv2, EAP-TTLS + MsCHAPv2 |*/
/*|-----------------------------------------------------------|*/
// This example demonstrates a secure connection to a WiFi network using WPA/WPA2 Enterprise (for example eduroam),
// and establishing a secure HTTPS connection with an external server (for example arduino.php5.sk) using the defined anonymous identity, user identity, and password.
// Note: this example is outdated and may not work!
// For more examples see https://github.com/martinius96/ESP32-eduroam
#include <WiFi.h>
#include <NetworkClientSecure.h>
#if __has_include("esp_eap_client.h")
#include "esp_eap_client.h"
#else
#include "esp_wpa2.h"
#endif
#include <Wire.h>
#define EAP_ANONYMOUS_IDENTITY "anonymous@example.com" //anonymous identity
#define EAP_IDENTITY "id@example.com" //user identity
#define EAP_PASSWORD "password" //eduroam user password
const char *ssid = "eduroam"; // eduroam SSID
const char *host = "arduino.php5.sk"; //external server domain for HTTPS connection
int counter = 0;
const char *test_root_ca = "-----BEGIN CERTIFICATE-----\n"
"MIIEsTCCA5mgAwIBAgIQCKWiRs1LXIyD1wK0u6tTSTANBgkqhkiG9w0BAQsFADBh\n"
"MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
"d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n"
"QTAeFw0xNzExMDYxMjIzMzNaFw0yNzExMDYxMjIzMzNaMF4xCzAJBgNVBAYTAlVT\n"
"MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\n"
"b20xHTAbBgNVBAMTFFJhcGlkU1NMIFJTQSBDQSAyMDE4MIIBIjANBgkqhkiG9w0B\n"
"AQEFAAOCAQ8AMIIBCgKCAQEA5S2oihEo9nnpezoziDtx4WWLLCll/e0t1EYemE5n\n"
"+MgP5viaHLy+VpHP+ndX5D18INIuuAV8wFq26KF5U0WNIZiQp6mLtIWjUeWDPA28\n"
"OeyhTlj9TLk2beytbtFU6ypbpWUltmvY5V8ngspC7nFRNCjpfnDED2kRyJzO8yoK\n"
"MFz4J4JE8N7NA1uJwUEFMUvHLs0scLoPZkKcewIRm1RV2AxmFQxJkdf7YN9Pckki\n"
"f2Xgm3b48BZn0zf0qXsSeGu84ua9gwzjzI7tbTBjayTpT+/XpWuBVv6fvarI6bik\n"
"KB859OSGQuw73XXgeuFwEPHTIRoUtkzu3/EQ+LtwznkkdQIDAQABo4IBZjCCAWIw\n"
"HQYDVR0OBBYEFFPKF1n8a8ADIS8aruSqqByCVtp1MB8GA1UdIwQYMBaAFAPeUDVW\n"
"0Uy7ZvCj4hsbw5eyPdFVMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEF\n"
"BQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADA0BggrBgEFBQcBAQQo\n"
"MCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBCBgNVHR8E\n"
"OzA5MDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9i\n"
"YWxSb290Q0EuY3JsMGMGA1UdIARcMFowNwYJYIZIAYb9bAECMCowKAYIKwYBBQUH\n"
"AgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCwYJYIZIAYb9bAEBMAgG\n"
"BmeBDAECATAIBgZngQwBAgIwDQYJKoZIhvcNAQELBQADggEBAH4jx/LKNW5ZklFc\n"
"YWs8Ejbm0nyzKeZC2KOVYR7P8gevKyslWm4Xo4BSzKr235FsJ4aFt6yAiv1eY0tZ\n"
"/ZN18bOGSGStoEc/JE4ocIzr8P5Mg11kRYHbmgYnr1Rxeki5mSeb39DGxTpJD4kG\n"
"hs5lXNoo4conUiiJwKaqH7vh2baryd8pMISag83JUqyVGc2tWPpO0329/CWq2kry\n"
"qv66OSMjwulUz0dXf4OHQasR7CNfIr+4KScc6ABlQ5RDF86PGeE6kdwSQkFiB/cQ\n"
"ysNyq0jEDQTkfa2pjmuWtMCNbBnhFXBYejfubIhaUbEv2FOQB3dCav+FPg5eEveX\n"
"TVyMnGo=\n"
"-----END CERTIFICATE-----\n";
// You can use x.509 client certificates if you want
//const char* test_client_key = ""; //to verify the client
//const char* test_client_cert = ""; //to verify the client
NetworkClientSecure client;
void setup() {
Serial.begin(115200);
delay(10);
Serial.println();
Serial.print("Connecting to network: ");
Serial.println(ssid);
WiFi.disconnect(true); //disconnect form wifi to set new wifi connection
WiFi.mode(WIFI_STA); //init wifi mode
#if __has_include("esp_eap_client.h")
esp_eap_client_set_identity((uint8_t *)EAP_ANONYMOUS_IDENTITY, strlen(EAP_ANONYMOUS_IDENTITY)); //provide identity
esp_eap_client_set_username((uint8_t *)EAP_IDENTITY, strlen(EAP_IDENTITY)); //provide username
esp_eap_client_set_password((uint8_t *)EAP_PASSWORD, strlen(EAP_PASSWORD)); //provide password
esp_wifi_sta_enterprise_enable();
#else
esp_wifi_sta_wpa2_ent_set_identity((uint8_t *)EAP_ANONYMOUS_IDENTITY, strlen(EAP_ANONYMOUS_IDENTITY)); //provide identity
esp_wifi_sta_wpa2_ent_set_username((uint8_t *)EAP_IDENTITY, strlen(EAP_IDENTITY)); //provide username
esp_wifi_sta_wpa2_ent_set_password((uint8_t *)EAP_PASSWORD, strlen(EAP_PASSWORD)); //provide password
esp_wifi_sta_wpa2_ent_enable();
#endif
WiFi.begin(ssid); //connect to wifi
while (WiFi.status() != WL_CONNECTED) {
delay(500);
Serial.print(".");
counter++;
if (counter >= 60) { //after 30 seconds timeout - reset board (on unsuccessful connection)
ESP.restart();
}
}
client.setCACert(test_root_ca);
//client.setCertificate(test_client_cert); // for client verification - certificate
//client.setPrivateKey(test_client_key); // for client verification - private key
Serial.println("");
Serial.println("WiFi connected");
Serial.println("IP address set: ");
Serial.println(WiFi.localIP()); //print LAN IP
}
void loop() {
if (WiFi.status() == WL_CONNECTED) { //if we are connected to eduroam network
counter = 0; //reset counter
Serial.println("Wifi is still connected with IP: ");
Serial.println(WiFi.localIP()); //inform user about his IP address
} else if (WiFi.status() != WL_CONNECTED) { //if we lost connection, retry
WiFi.begin(ssid);
}
while (WiFi.status() != WL_CONNECTED) { //during lost connection, print dots
delay(500);
Serial.print(".");
counter++;
if (counter >= 60) { //30 seconds timeout - reset board
ESP.restart();
}
}
Serial.print("Connecting to website: ");
Serial.println(host);
if (client.connect(host, 443)) {
String url = "/rele/rele1.txt";
client.print(String("GET ") + url + " HTTP/1.1\r\n" + "Host: " + host + "\r\n" + "User-Agent: ESP32\r\n" + "Connection: close\r\n\r\n");
while (client.connected()) {
String header = client.readStringUntil('\n');
Serial.println(header);
if (header == "\r") {
break;
}
}
String line = client.readStringUntil('\n');
Serial.println(line);
} else {
Serial.println("Connection unsuccessful");
}
delay(5000);
}

5
lib/NetworkClientSecure/examples/WiFiClientSecureEnterprise/ci.json Normal file
View File

@@ -0,0 +1,5 @@
{
"targets": {
"esp32h2": false
}
}

190
lib/NetworkClientSecure/examples/WiFiClientSecureProtocolUpgrade/WiFiClientSecureProtocolUpgrade.ino Normal file
View File

@@ -0,0 +1,190 @@
/* STARTSSL example
Inline upgrading from a clear-text connection to an SSL/TLS connection.
Some protocols such as SMTP, XMPP, Mysql, Postgresql and others allow, or require,
that you start the connection without encryption; and then send a command to switch
over to encryption.
E.g. a typical SMTP submission would entail a dialog such as this:
1. client connects to server in the clear
2. server says hello
3. client sents a EHLO
4. server tells the client that it supports SSL/TLS
5. client sends a 'STARTTLS' to make use of this faciltiy
6. client/server negiotiate a SSL or TLS connection.
7. client sends another EHLO
8. server now tells the client what (else) is supported; such as additional authentication options.
... conversation continues encrypted.
This can be enabled in NetworkClientSecure by telling it to start in plaintext:
client.setPlainStart();
and client is than a plain, TCP, connection (just as NetworkClient would be); until the client calls
the method:
client.startTLS(); // returns zero on error; non zero on success.
After which things switch to TLS/SSL.
*/
#include <WiFi.h>
#include <NetworkClientSecure.h>
#ifndef WIFI_NETWORK
#define WIFI_NETWORK "YOUR Wifi SSID"
#endif
#ifndef WIFI_PASSWD
#define WIFI_PASSWD "your-secret-password"
#endif
#ifndef SMTP_HOST
#define SMTP_HOST "smtp.gmail.com"
#endif
#ifndef SMTP_PORT
#define SMTP_PORT (587) // Standard (plaintext) submission port
#endif
const char *ssid = WIFI_NETWORK; // your network SSID (name of wifi network)
const char *password = WIFI_PASSWD; // your network password
const char *server = SMTP_HOST; // Server URL
const int submission_port = SMTP_PORT; // submission port.
NetworkClientSecure client;
static bool readAllSMTPLines();
void setup() {
int ret;
//Initialize serial and wait for port to open:
Serial.begin(115200);
delay(100);
Serial.print("Attempting to connect to SSID: ");
Serial.print(ssid);
WiFi.begin(ssid, password);
// attempt to connect to Wifi network:
while (WiFi.status() != WL_CONNECTED) {
Serial.print(".");
// wait 1 second for re-trying
delay(1000);
}
Serial.print("Connected to ");
Serial.println(ssid);
Serial.printf("\nStarting connection to server: %s:%d\n", server, submission_port);
// skip verification for this demo. In production one should at the very least
// enable TOFU; or ideally hardcode a (CA) certificate that is trusted.
client.setInsecure();
// Enable a plain-test start.
client.setPlainStart();
if (!client.connect(server, SMTP_PORT)) {
Serial.println("Connection failed!");
return;
};
Serial.println("Connected to server (in the clear, in plaintest)");
if (!readAllSMTPLines()) {
goto err;
}
Serial.println("Sending : EHLO\t\tin the clear");
client.print("EHLO there\r\n");
if (!readAllSMTPLines()) {
goto err;
}
Serial.println("Sending : STARTTLS\t\tin the clear");
client.print("STARTTLS\r\n");
if (!readAllSMTPLines()) {
goto err;
}
Serial.println("Upgrading connection to TLS");
if ((ret = client.startTLS()) <= 0) {
Serial.printf("Upgrade connection failed: err %d\n", ret);
goto err;
}
Serial.println("Sending : EHLO again\t\tover the now encrypted connection");
client.print("EHLO again\r\n");
if (!readAllSMTPLines()) {
goto err;
}
// normally, as this point - we'd be authenticating and then be submitting
// an email. This has been left out of this example.
Serial.println("Sending : QUIT\t\t\tover the now encrypted connection");
client.print("QUIT\r\n");
if (!readAllSMTPLines()) {
goto err;
}
Serial.println("Completed OK\n");
err:
Serial.println("Closing connection");
client.stop();
}
// SMTP command repsponse start with three digits and a space;
// or, for continuation, with three digits and a '-'.
static bool readAllSMTPLines() {
String s = "";
int i;
// blocking read; we cannot rely on a timeout
// of a NetworkClientSecure read; as it is non
// blocking.
const unsigned long timeout = 15 * 1000;
unsigned long start = millis(); // the timeout is for the entire CMD block response; not per character/line.
while (1) {
while ((i = client.available()) == 0 && millis() - start < timeout) {
/* .. wait */
};
if (i == 0) {
Serial.println("Timeout reading SMTP response");
return false;
};
if (i < 0) {
break;
}
i = client.read();
if (i < 0) {
break;
}
if (i > 31 && i < 128) {
s += (char)i;
}
if (i == 0x0A) {
Serial.print("Receiving: ");
Serial.println(s);
if (s.charAt(3) == ' ') {
return true;
}
s = "";
}
}
Serial.printf("Error reading SMTP command response line: %d\n", i);
return false;
}
void loop() {
// do nothing
}

5
lib/NetworkClientSecure/examples/WiFiClientSecureProtocolUpgrade/ci.json Normal file
View File

@@ -0,0 +1,5 @@
{
"targets": {
"esp32h2": false
}
}

98
lib/NetworkClientSecure/examples/WiFiClientShowPeerCredentials/WiFiClientShowPeerCredentials.ino Normal file
View File

@@ -0,0 +1,98 @@
// NetworkClientShowPeerCredentials
//
// Example of a establishing a secure connection and then
// showing the fingerprint of the certificate. This can
// be useful in an IoT setting to know for sure that you
// are connecting to the right server. Especially in
// situations where you cannot hardcode a trusted root
// certificate for long periods of time (as they tend to
// get replaced more often than the lifecycle of IoT
// hardware).
//
#include <WiFi.h>
#include <HTTPClient.h>
#include <NetworkClientSecure.h>
#ifndef WIFI_NETWORK
#define WIFI_NETWORK "MyWifiNetwork"
#endif
#ifndef WIFI_PASSWD
#define WIFI_PASSWD "MySecretWifiPassword"
#endif
#define URL "https://arduino.cc"
void demo() {
NetworkClientSecure *client = new NetworkClientSecure;
client->setInsecure(); //
HTTPClient https;
if (!https.begin(*client, URL)) {
Serial.println("HTTPS setup failed");
return;
};
https.setTimeout(5000);
int httpCode = https.GET();
if (httpCode != 200) {
Serial.print("Connect failed: ");
Serial.println(https.errorToString(httpCode));
return;
}
const mbedtls_x509_crt *peer = client->getPeerCertificate();
// Show general output / certificate information
//
char buf[1024];
int l = mbedtls_x509_crt_info(buf, sizeof(buf), "", peer);
if (l <= 0) {
Serial.println("Peer conversion to printable buffer failed");
return;
};
Serial.println();
Serial.println(buf);
uint8_t fingerprint_remote[32];
if (!client->getFingerprintSHA256(fingerprint_remote)) {
Serial.println("Failed to get the fingerprint");
return;
}
// Fingerprint late 2021
Serial.println("Expecting Fingerprint (SHA256): 70 CF A4 B7 5D 09 E9 2A 52 A8 B6 85 B5 0B D6 BE 83 47 83 5B 3A 4D 3C 3E 32 30 EC 1D 61 98 D7 0F");
Serial.print(" Received Fingerprint (SHA256): ");
for (int i = 0; i < 32; i++) {
Serial.print(fingerprint_remote[i], HEX);
Serial.print(" ");
};
Serial.println("");
};
void setup() {
Serial.begin(115200);
Serial.println("Started " __FILE__ " build " __DATE__ " " __TIME__);
WiFi.mode(WIFI_STA);
WiFi.begin(WIFI_NETWORK, WIFI_PASSWD);
while (WiFi.waitForConnectResult() != WL_CONNECTED) {
Serial.println("Wifi fail - rebooting");
delay(5000);
ESP.restart();
}
}
void loop() {
bool already_tried = false;
if ((millis() < 1000) || already_tried) {
return;
}
already_tried = true;
// Run the test just once.
demo();
}

5
lib/NetworkClientSecure/examples/WiFiClientShowPeerCredentials/ci.json Normal file
View File

@@ -0,0 +1,5 @@
{
"targets": {
"esp32h2": false
}
}

270
lib/NetworkClientSecure/examples/WiFiClientTrustOnFirstUse/WiFiClientTrustOnFirstUse.ino Normal file
View File

@@ -0,0 +1,270 @@
/* For any secure connection - it is (at least) essential for the
the client to verify that it is talking with the server it
thinks it is talking to. And not some (invisible) man in the middle.
See https://en.wikipedia.org/wiki/Man-in-the-middle_attack,
https://www.ai.rug.nl/mas/finishedprojects/2011/TLS/hermsencomputerservices.nl/mas/mitm.html or
https://medium.com/@munteanu210/ssl-certificates-vs-man-in-the-middle-attacks-3fb7846fa5db
for some background on this.
Unfortunately this means that one needs to hardcode a server
public key, certificate or some cryptographically strong hash
thereoff into the code, to verify that you are indeed talking to
the right server. This is sometimes somewhat impractical. Especially
if you do not know the server in advance; or if your code needs to be
stable ovr very long times - during which the server may change.
However completely dispensing with any checks (See the WifiClientInSecure
example) is also not a good idea either.
This example gives you some middle ground; "Trust on First Use" --
TOFU - see https://developer.mozilla.org/en-US/docs/Glossary/TOFU or
https://en.wikipedia.org/wiki/Trust_on_first_use).
In this scheme; we start the very first time without any security checks
but once we have our first connection; we store the public crytpographic
details (or a proxy, such as a sha256 of this). And then we use this for
any subsequent connections.
The assumption here is that we do our very first connection in a somewhat
trusted network environment; where the chance of a man in the middle is
very low; or one where the person doing the first run can check the
details manually.
So this is not quite as good as building a CA certificate into your
code (as per the WifiClientSecure example). But not as bad as something
with no trust management at all.
To make it possible for the enduser to 'reset' this trust; the
startup sequence checks if a certain GPIO is low (assumed to be wired
to some physical button or jumper on the PCB). And we only allow
the TOFU to be configured when this pin is LOW.
*/
#ifndef WIFI_NETWORK
#define WIFI_NETWORK "Your Wifi SSID"
#endif
#ifndef WIFI_PASSWD
#define WIFI_PASSWD "your-secret-wifi-password"
#endif
const char *ssid = WIFI_NETWORK; // your network SSID (name of wifi network)
const char *password = WIFI_PASSWD; // your network password
const char *server = "www.howsmyssl.com"; // Server to test with.
const int TOFU_RESET_BUTTON = 35; /* Trust reset button wired between GPIO 35 and GND (pulldown) */
#include <WiFi.h>
#include <NetworkClientSecure.h>
#include <EEPROM.h>
/* Set aside some persistent memory (i.e. memory that is preserved on reboots and
power cycling; and will generally survive software updates as well.
*/
EEPROMClass TOFU("tofu0");
// Utility function; checks if a given buffer is entirely
// with with 0 bytes over its full length. Returns 0 on
// success; a non zero value on fail.
//
static int memcmpzero(unsigned char *ptr, size_t len) {
while (len--) {
if (0xff != *ptr++) {
return -1;
}
}
return 0;
};
static void printSHA256(unsigned char *ptr) {
for (int i = 0; i < 32; i++) {
Serial.printf("%s%02x", i ? ":" : "", ptr[i]);
}
Serial.println("");
};
NetworkClientSecure client;
bool get_tofu();
bool doTOFU_Protected_Connection(uint8_t *fingerprint_tofu);
void setup() {
bool tofu_reset = false;
//Initialize serial and wait for port to open:
Serial.begin(115200);
delay(100);
if (!TOFU.begin(32)) {
Serial.println("Could not initialsize the EEPROM");
return;
}
uint8_t fingerprint_tofu[32];
// reset the trust if the tofu reset button is pressed.
//
pinMode(TOFU_RESET_BUTTON, INPUT_PULLUP);
if (digitalRead(TOFU_RESET_BUTTON) == LOW) {
Serial.println("The TOFU reset button is pressed.");
tofu_reset = true;
}
/* if the button is not pressed; see if we can get the TOFU
fingerprint from the EEPROM.
*/
else if (32 != TOFU.readBytes(0, fingerprint_tofu, 32)) {
Serial.println("Failed to get the fingerprint from memory.");
tofu_reset = true;
}
/* And check that the EEPROM value is not all 0's; in which
case we also need to do a TOFU.
*/
else if (!memcmpzero(fingerprint_tofu, 32)) {
Serial.println("TOFU fingerprint in memory all zero.");
tofu_reset = true;
};
if (!tofu_reset) {
Serial.print("TOFU pegged to fingerprint: SHA256=");
printSHA256(fingerprint_tofu);
Serial.print("Note: You can check this fingerprint by going to the URL\n"
"<https://");
Serial.print(server);
Serial.println("> and then click on the lock icon.\n");
};
// attempt to connect to Wifi network:
Serial.print("Attempting to connect to SSID: ");
Serial.println(ssid);
WiFi.begin(ssid, password);
while (WiFi.status() != WL_CONNECTED) {
Serial.print(".");
// wait 1 second for re-trying
delay(1000);
}
Serial.print("Connected to ");
Serial.println(ssid);
if (tofu_reset) {
Serial.println("Resetting trust fingerprint.");
if (!get_tofu()) {
Serial.println("Trust reset failed. Giving up");
return;
}
Serial.println("(New) Trust of First used configured. Rebooting in 3 seconds");
delay(3 * 1000);
ESP.restart();
};
Serial.println("Trying to connect to a server; using TOFU details from the eeprom");
if (doTOFU_Protected_Connection(fingerprint_tofu)) {
Serial.println("ALL OK");
}
}
bool get_tofu() {
Serial.println("\nStarting our insecure connection to server...");
client.setInsecure(); //skip verification
if (!client.connect(server, 443)) {
Serial.println("Connection failed!");
client.stop();
return false;
};
Serial.println("Connected to server. Extracting trust data.");
// Now extract the data of the certificate and show it to
// the user over the serial connection for optional
// verification.
const mbedtls_x509_crt *peer = client.getPeerCertificate();
char buf[1024];
int l = mbedtls_x509_crt_info(buf, sizeof(buf), "", peer);
if (l <= 0) {
Serial.println("Peer conversion to printable buffer failed");
client.stop();
return false;
};
Serial.println();
Serial.println(buf);
// Extract the fingerprint - and store this in our EEPROM
// to be used for future validation.
uint8_t fingerprint_remote[32];
if (!client.getFingerprintSHA256(fingerprint_remote)) {
Serial.println("Failed to get the fingerprint");
client.stop();
return false;
}
if ((32 != TOFU.writeBytes(0, fingerprint_remote, 32)) || (!TOFU.commit())) {
Serial.println("Could not write the fingerprint to the EEPROM");
client.stop();
return false;
};
TOFU.end();
client.stop();
Serial.print("TOFU pegged to fingerprint: SHA256=");
printSHA256(fingerprint_remote);
return true;
};
bool doTOFU_Protected_Connection(uint8_t *fingerprint_tofu) {
// As we're not using a (CA) certificate to check the
// connection; but the hash of the peer - we need to initially
// allow the connection to be set up without the CA check.
client.setInsecure(); //skip verification
if (!client.connect(server, 443)) {
Serial.println("Connection failed!");
client.stop();
return false;
};
// Now that we're connected - we can check that we have
// end to end trust - by comparing the fingerprint we (now)
// see (of the server certificate) to the one we have stored
// in our EEPROM as part of an earlier trust-on-first use.
uint8_t fingerprint_remote[32];
if (!client.getFingerprintSHA256(fingerprint_remote)) {
Serial.println("Failed to get the fingerprint of the server");
client.stop();
return false;
}
if (memcmp(fingerprint_remote, fingerprint_tofu, 32)) {
Serial.println("TOFU fingerprint not the same as the one from the server.");
Serial.print("TOFU : SHA256=");
printSHA256(fingerprint_tofu);
Serial.print("Remote: SHA256=");
printSHA256(fingerprint_remote);
Serial.println(" : NOT identical -- Aborting!");
client.stop();
return false;
};
Serial.println("All well - you are talking to the same server as\n"
"when you set up TOFU. So we can now do a GET.\n\n");
client.println("GET /a/check HTTP/1.0");
client.print("Host: ");
client.println(server);
client.println("Connection: close");
client.println();
bool inhdr = true;
while (client.connected()) {
String line = client.readStringUntil('\n');
Serial.println(line);
if (inhdr && line == "\r") {
inhdr = false;
Serial.println("-- headers received. Payload follows\n\n");
}
}
Serial.println("\n\n-- Payload ended.");
client.stop();
return true;
}
void loop() {}

5
lib/NetworkClientSecure/examples/WiFiClientTrustOnFirstUse/ci.json Normal file
View File

@@ -0,0 +1,5 @@
{
"targets": {
"esp32h2": false
}
}