Merge branch 'feature/tlsio_esp_tls' into 'master'

port: Add support for esp-tls based TLS connection

See merge request esp-components/esp-azure!5

.gitlab-ci.yml

@@ -6,6 +6,7 @@ variables:
   V: "0"
   MAKEFLAGS: "-j5 --no-keep-going"
   IDF_PATH: "$CI_PROJECT_DIR/esp-idf"
+  IDF_CI_BUILD: "1"
 
 build_demo:
   stage: build

component.mk

@@ -35,7 +35,7 @@ azure-iot-sdk-c/c-utility/pal/tlsio_options.o \
 \
 port/src/agenttime_esp.o \
 port/src/platform_esp.o \
-port/src/tlsio_openssl_compact.o \
+port/src/tlsio_esp_tls.o \
 port/src/socketio_berkeley.o \
 \
 azure-iot-sdk-c/c-utility/src/xlogging.o \

examples/iothub_client_sample_mqtt/main/component.mk

@@ -3,3 +3,4 @@
 #
 # (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
 
+CFLAGS += -DSET_TRUSTED_CERT_IN_SAMPLES

examples/prov_dev_client_ll_sample/main/Kconfig.projbuild

@@ -16,7 +16,7 @@ config WIFI_PASSWORD
 
 config IOTHUB_CONNECTION_STRING
     string "IOT Hub Device Connection String"
-	default "HostName=<host_name>;DeviceId=<device_id>;SharedAccessKey=<device_key>"
+	default "HostName=<host_name>;DeviceId=<device_id>;x509=true"
 	help
 		String containing Hostname, Device Id & Device Key in the format:
 
@@ -25,4 +25,17 @@ config IOTHUB_CONNECTION_STRING
 
 		You can get this from the iothub-explorer CLI or the Azure Portal
 
-endmenu
+config DEVICE_COMMON_NAME
+    string "Device Leaf Certificate Common Name"
+    default "mydevice"
+    help
+        Common name of Leaf Certificate
+
+config DPS_ID_SCOPE
+    string "Unique ID Scope of Device provisioning service"
+    default "myidscope"
+    help
+        This is the unique ID scope of DPS, and can be found under "Overview"
+        section of your DPS on azure IoT portal
+
+endmenu

examples/prov_dev_client_ll_sample/main/component.mk

@@ -1,6 +1,24 @@
 #
-# "main" pseudo-component makefile.
+# Main component makefile.
 #
-# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
+# This Makefile can be left empty. By default, it will take the sources in the 
+# src/ directory, compile them and link them into lib(subdirectory_name).a 
+# in the build directory. This behaviour is entirely configurable,
+# please read the ESP-IDF documents if you need to do this.
+#
+COMPONENT_EMBED_TXTFILES := certs/leaf_private_key.pem certs/leaf_certificate.pem
+
+ifndef IDF_CI_BUILD
+# Print an error if the certificate/key files are missing
+$(COMPONENT_PATH)/certs/leaf_private_key.pem $(COMPONENT_PATH)/certs/leaf_certificate.pem:
+	@echo "Missing PEM file $@. This file identifies the ESP32 to Azure DPS for the example, see README for details."
+	exit 1
+else  # IDF_CI_BUILD
+# this case is for the internal Continuous Integration build which
+# compiles all examples. Add some dummy certs so the example can
+# compile (even though it won't work)
+$(COMPONENT_PATH)/certs/leaf_private_key.pem $(COMPONENT_PATH)/certs/leaf_certificate.pem:
+	echo "Dummy certificate data for continuous integration" > $@
+endif
 
 CFLAGS += -DSET_TRUSTED_CERT_IN_SAMPLES

examples/prov_dev_client_ll_sample/main/custom_hsm_x509.c

@@ -3,18 +3,19 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-
+#include <stdint.h>
+#include <sdkconfig.h>
 #include "hsm_client_data.h"
 
+static const char* const COMMON_NAME = CONFIG_DEVICE_COMMON_NAME;
+
+extern const uint8_t leaf_cert_pem_start[] asm("_binary_leaf_certificate_pem_start");
+extern const uint8_t leaf_pv_key_pem_start[] asm("_binary_leaf_private_key_pem_start");
+
 // This sample is provided for sample only.  Please do not use this in production
 // For more information please see the devdoc using_custom_hsm.md
-static const char* const COMMON_NAME = "custom-hsm-example";
-static const char* const CERTIFICATE = "-----BEGIN CERTIFICATE-----""\n"
-"BASE64 Encoded certificate Here""\n"
-"-----END CERTIFICATE-----";
-static const char* const PRIVATE_KEY = "-----BEGIN PRIVATE KEY-----""\n"
-"BASE64 Encoded certificate Here""\n"
-"-----END PRIVATE KEY-----";
+static const char* const CERTIFICATE = (char *)leaf_cert_pem_start;
+static const char* const PRIVATE_KEY = (char *)leaf_pv_key_pem_start;
 
 // Provided for sample only
 static const char* const SYMMETRIC_KEY = "Symmetric Key value";

examples/prov_dev_client_ll_sample/main/prov_dev_client_ll_sample.c

@@ -19,7 +19,7 @@
 #include "iothub_client_options.h"
 #include "azure_prov_client/prov_device_ll_client.h"
 #include "azure_prov_client/prov_security_factory.h"
-
+#include "sdkconfig.h"
 #ifdef SET_TRUSTED_CERT_IN_SAMPLES
 #include "certs.h"
 #endif // SET_TRUSTED_CERT_IN_SAMPLES
@@ -65,7 +65,7 @@ DEFINE_ENUM_STRINGS(PROV_DEVICE_RESULT, PROV_DEVICE_RESULT_VALUE);
 DEFINE_ENUM_STRINGS(PROV_DEVICE_REG_STATUS, PROV_DEVICE_REG_STATUS_VALUES);
 
 static const char* global_prov_uri = "global.azure-devices-provisioning.net";
-static const char* id_scope = "[ID Scope]";
+static const char* id_scope = CONFIG_DPS_ID_SCOPE;
 
 static bool g_use_proxy = false;
 static const char* PROXY_ADDRESS = "127.0.0.1";