feat(mbedtls): Add mbedtls debug function

Author: Zhang Jun Hao

components/ssl/CMakeLists.txt

@@ -36,6 +36,6 @@ target_link_libraries(ssl "-L ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/lib")
 target_link_libraries(ssl wolfssl)
 else()
 if(CONFIG_SSL_USING_MBEDTLS)
-target_compile_options(${COMPONENT_NAME} PUBLIC -DMBEDTLS_CONFIG_FILE="esp_config.h")
+target_compile_options(${COMPONENT_NAME} PUBLIC -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h")
 endif()
 endif()

components/ssl/Kconfig

@@ -21,7 +21,7 @@ menu "mbedTLS"
 
 config MBEDTLS_SSL_MAX_CONTENT_LEN
     int "TLS maximum message content length"
-    default 16384
+    default 4096
     range 512 16384
     help
         Maximum TLS message length (in bytes) supported by mbedTLS.
@@ -45,14 +45,12 @@ config MBEDTLS_DEBUG
    help
        Enable mbedTLS debugging functions at compile time.
 
-       If this option is enabled, you can include
-	   "mbedtls/esp_debug.h" and call mbedtls_esp_enable_debug_log()
-	   at runtime in order to enable mbedTLS debug output via the ESP
-	   log mechanism.
+       If this option is enabled, you must call mbedtls_esp_enable_debug_log
+	   at runtime in order to enable mbedTLS debug output.
 
 config MBEDTLS_HAVE_TIME
    bool "Enable mbedtls time"
-   default n
+   default y
    help
        System has time.h and time().
        The time does not need to be correct, only time differences are used,

components/ssl/Makefile.projbuild

@@ -2,7 +2,7 @@
 # alternative config file
 
 #ifdef CONFIG_SSL_USING_MBEDTLS
-CPPFLAGS += -DMBEDTLS_CONFIG_FILE='"esp_config.h"'
+CPPFLAGS += -DMBEDTLS_CONFIG_FILE='"mbedtls/esp_config.h"'
 #endif
 
 #ifdef CONFIG_SSL_USING_WOLFSSL

components/ssl/mbedtls/port/include/esp_config.h renamed to components/ssl/mbedtls/port/include/mbedtls/esp_config.h

@@ -1972,7 +1972,7 @@
  * This module provides debugging functions.
  */
 #if CONFIG_MBEDTLS_DEBUG
-//#define MBEDTLS_DEBUG_C
+#define MBEDTLS_DEBUG_C
 #endif
 
 /**
@@ -2887,7 +2887,6 @@
 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
 
 /* SSL options */
-extern unsigned int max_content_len;
 #define MBEDTLS_SSL_MAX_CONTENT_LEN             CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
 //#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */

components/ssl/mbedtls/port/include/mbedtls/esp_debug.h

@@ -0,0 +1,57 @@
+// Copyright 2018 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#ifndef _ESP_DEBUG_H_
+#define _ESP_DEBUG_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "sdkconfig.h"
+
+#ifdef CONFIG_MBEDTLS_DEBUG
+
+/** @brief Enable mbedTLS debug logging via the esp_log mechanism.
+ *
+ * mbedTLS internal debugging is filtered from a specified mbedTLS
+ * threshold level to esp_log level at runtime:
+ *
+ * - 1 - Warning
+ * - 2 - Info
+ * - 3 - Debug
+ * - 4 - Verbose
+ *
+ * (Note that mbedTLS debug thresholds are not always consistently used.)
+ *
+ * This function will set the esp log level for "mbedtls" to the specified mbedTLS
+ * threshold level that matches. However, the overall max ESP log level must be set high
+ * enough in menuconfig, or some messages may be filtered at compile time.
+ *
+ * @param conf mbedtls_ssl_config structure
+ * @param mbedTLS debug threshold, 0-4. Messages are filtered at runtime.
+ */
+void mbedtls_esp_enable_debug_log(mbedtls_ssl_config *conf, int threshold);
+
+/** @brief Disable mbedTLS debug logging via the esp_log mechanism.
+ *
+ */
+void mbedtls_esp_disable_debug_log(mbedtls_ssl_config *conf);
+
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __ESP_DEBUG_H__ */

components/ssl/mbedtls/port/mbedtls_debug.c

@@ -0,0 +1,60 @@
+// Copyright 2018 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <strings.h>
+
+#include "mbedtls/platform.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/esp_debug.h"
+
+#ifdef MBEDTLS_DEBUG_C
+
+static void mbedtls_esp_debug(void *ctx, int level,
+                              const char *file, int line,
+                              const char *str);
+
+void mbedtls_esp_enable_debug_log(mbedtls_ssl_config *conf, int threshold)
+{
+    mbedtls_debug_set_threshold(threshold);
+    mbedtls_ssl_conf_dbg(conf, mbedtls_esp_debug, NULL);
+}
+
+void mbedtls_esp_disable_debug_log(mbedtls_ssl_config *conf)
+{
+    mbedtls_ssl_conf_dbg(conf, NULL, NULL);
+}
+
+/* Default mbedtls debug function that translates mbedTLS debug output
+   to ESP_LOGx debug output.
+*/
+static void mbedtls_esp_debug(void *ctx, int level,
+                     const char *file, int line,
+                     const char *str)
+{
+    char *file_sep;
+
+    /* Shorten 'file' from the whole file path to just the filename
+
+       This is a bit wasteful because the macros are compiled in with
+       the full _FILE_ path in each case.
+    */
+    file_sep = rindex(file, '/');
+    if(file_sep)
+        file = file_sep+1;
+
+    printf("mbedtls: %s:%d %s", file, line, str);
+}
+
+#endif