Merge branch 'feature/esp_https_ota' into 'master'

Feature/esp https ota

See merge request sdk/ESP8266_RTOS_SDK!776

Author: donghengqaz

components/esp_https_ota/CMakeLists.txt

@@ -0,0 +1,7 @@
+set(COMPONENT_ADD_INCLUDEDIRS include)
+set(COMPONENT_SRCS "src/esp_https_ota.c")
+
+set(COMPONENT_REQUIRES esp_http_client)
+set(COMPONENT_PRIV_REQUIRES log app_update)
+
+register_component()

components/esp_https_ota/component.mk

@@ -0,0 +1,7 @@
+COMPONENT_SRCDIRS :=
+COMPONENT_ADD_INCLUDEDIRS :=
+
+ifdef CONFIG_SSL_USING_MBEDTLS 
+COMPONENT_SRCDIRS := src
+COMPONENT_ADD_INCLUDEDIRS := include
+endif

components/esp_https_ota/include/esp_https_ota.h

@@ -0,0 +1,45 @@
+// Copyright 2017-2018 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#pragma once
+
+#include <esp_http_client.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief    HTTPS OTA Firmware upgrade.
+ *
+ * This function performs HTTPS OTA Firmware upgrade
+ *
+ * @param[in]  config       pointer to esp_http_client_config_t structure.
+ *
+ * @note     For secure HTTPS updates, the `cert_pem` member of `config`
+ *           structure must be set to the server certificate.
+ *
+ * @return
+ *    - ESP_OK: OTA data updated, next reboot will use specified partition.
+ *    - ESP_FAIL: For generic failure.
+ *    - ESP_ERR_OTA_VALIDATE_FAILED: Invalid app image
+ *    - ESP_ERR_NO_MEM: Cannot allocate memory for OTA operation.
+ *    - ESP_ERR_FLASH_OP_TIMEOUT or ESP_ERR_FLASH_OP_FAIL: Flash write failed.
+ *    - For other return codes, refer OTA documentation in esp-idf's app_update component.
+ */
+esp_err_t esp_https_ota(const esp_http_client_config_t *config);
+
+#ifdef __cplusplus
+}
+#endif

components/esp_https_ota/src/esp_https_ota.c

@@ -0,0 +1,130 @@
+// Copyright 2017-2018 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <esp_https_ota.h>
+#include <esp_ota_ops.h>
+#include <esp_log.h>
+
+#define OTA_BUF_SIZE 256
+static const char *TAG = "esp_https_ota";
+
+static void http_cleanup(esp_http_client_handle_t client)
+{
+    esp_http_client_close(client);
+    esp_http_client_cleanup(client);
+}
+
+esp_err_t esp_https_ota(const esp_http_client_config_t *config)
+{
+    if (!config) {
+        ESP_LOGE(TAG, "esp_http_client config not found");
+        return ESP_ERR_INVALID_ARG;
+    }
+
+    if (!config->cert_pem) {
+        ESP_LOGE(TAG, "Server certificate not found in esp_http_client config");
+        return ESP_FAIL;
+    }
+
+    esp_http_client_handle_t client = esp_http_client_init(config);
+    if (client == NULL) {
+        ESP_LOGE(TAG, "Failed to initialise HTTP connection");
+        return ESP_FAIL;
+    }
+
+    if (esp_http_client_get_transport_type(client) != HTTP_TRANSPORT_OVER_SSL) {
+        ESP_LOGE(TAG, "Transport is not over HTTPS");
+        return ESP_FAIL;
+    }
+
+    esp_err_t err = esp_http_client_open(client, 0);
+    if (err != ESP_OK) {
+        esp_http_client_cleanup(client);
+        ESP_LOGE(TAG, "Failed to open HTTP connection: %d", err);
+        return err;
+    }
+    esp_http_client_fetch_headers(client);
+
+    esp_ota_handle_t update_handle = 0;
+    const esp_partition_t *update_partition = NULL;
+    ESP_LOGI(TAG, "Starting OTA...");
+    update_partition = esp_ota_get_next_update_partition(NULL);
+    if (update_partition == NULL) {
+        ESP_LOGE(TAG, "Passive OTA partition not found");
+        http_cleanup(client);
+        return ESP_FAIL;
+    }
+    ESP_LOGI(TAG, "Writing to partition subtype %d at offset 0x%x",
+             update_partition->subtype, update_partition->address);
+
+    err = esp_ota_begin(update_partition, OTA_SIZE_UNKNOWN, &update_handle);
+    if (err != ESP_OK) {
+        ESP_LOGE(TAG, "esp_ota_begin failed, error=%d", err);
+        http_cleanup(client);
+        return err;
+    }
+    ESP_LOGI(TAG, "esp_ota_begin succeeded");
+    ESP_LOGI(TAG, "Please Wait. This may take time");
+
+    esp_err_t ota_write_err = ESP_OK;
+    char *upgrade_data_buf = (char *)malloc(OTA_BUF_SIZE);
+    if (!upgrade_data_buf) {
+        ESP_LOGE(TAG, "Couldn't allocate memory to upgrade data buffer");
+        return ESP_ERR_NO_MEM;
+    }
+    int binary_file_len = 0;
+    while (1) {
+        int data_read = esp_http_client_read(client, upgrade_data_buf, OTA_BUF_SIZE);
+        if (data_read == 0) {
+            ESP_LOGI(TAG, "Connection closed,all data received");
+            break;
+        }
+        if (data_read < 0) {
+            ESP_LOGE(TAG, "Error: SSL data read error");
+            break;
+        }
+        if (data_read > 0) {
+            ota_write_err = esp_ota_write( update_handle, (const void *)upgrade_data_buf, data_read);
+            if (ota_write_err != ESP_OK) {
+                break;
+            }
+            binary_file_len += data_read;
+            ESP_LOGD(TAG, "Written image length %d", binary_file_len);
+        }
+    }
+    free(upgrade_data_buf);
+    http_cleanup(client); 
+    ESP_LOGD(TAG, "Total binary data length writen: %d", binary_file_len);
+    
+    esp_err_t ota_end_err = esp_ota_end(update_handle);
+    if (ota_write_err != ESP_OK) {
+        ESP_LOGE(TAG, "Error: esp_ota_write failed! err=0x%d", err);
+        return ota_write_err;
+    } else if (ota_end_err != ESP_OK) {
+        ESP_LOGE(TAG, "Error: esp_ota_end failed! err=0x%d. Image is invalid", ota_end_err);
+        return ota_end_err;
+    }
+
+    err = esp_ota_set_boot_partition(update_partition);
+    if (err != ESP_OK) {
+        ESP_LOGE(TAG, "esp_ota_set_boot_partition failed! err=0x%d", err);
+        return err;
+    }
+    ESP_LOGI(TAG, "esp_ota_set_boot_partition succeeded"); 
+
+    return ESP_OK;
+}

examples/system/ota/Makefile renamed to examples/system/ota/native_ota/Makefile

@@ -84,7 +84,7 @@ Note: The firmware location information must be same as partition table file. **
 
 The OTA_workflow.png diagram demonstrates the overall workflow:
 
-![OTA Workflow diagram](OTA_workflow.png)
+![OTA Workflow diagram](../OTA_workflow.png)
 
 ## Step 1: Connect to AP
 

examples/system/ota/README.md renamed to examples/system/ota/native_ota/README.md

@@ -0,0 +1,6 @@
+# The following lines of boilerplate have to be in your project's CMakeLists
+# in this exact order for cmake to work correctly
+cmake_minimum_required(VERSION 3.5)
+
+include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+project(simple_ota)

examples/system/ota/main/Kconfig.projbuild renamed to examples/system/ota/native_ota/main/Kconfig.projbuild

@@ -0,0 +1,9 @@
+#
+# This is a project Makefile. It is assumed the directory this Makefile resides in is a
+# project subdirectory.
+#
+
+PROJECT_NAME := simple_ota
+
+include $(IDF_PATH)/make/project.mk
+

examples/system/ota/main/component.mk renamed to examples/system/ota/native_ota/main/component.mk

@@ -0,0 +1,134 @@
+# OTA Demo
+
+## Introduction
+
+Over The Air (OTA) updates can be performed in esp8266 in two ways:
+
+- Using native APIs which are part of OTA component.
+- Using simplified APIs which are part of `esp_https_ota`. It is an abstraction layer over OTA APIs to perform updates using HTTPS.
+
+Both these methods are demonstrated in OTA Demo under `native_ota_example` and `simple_ota_example` respectively.
+
+---
+
+## Aim
+
+An app running on ESP8266 can upgrade itself by downloading a new app "image" binary file, and storing it in flash.
+
+In this example, the ESP8266 has 3 images in flash: factory, OTA_0, OTA_1. Each of these is a self-contained partition. The number of OTA image partition is determined by the partition table layout.
+
+Flashing the example over serial with "make flash" updates the factory app image. On first boot, the bootloader loads this factory app image which then performs an OTA update (triggered in the example code). The update downloads a new image from a HTTPS server and saves it into the OTA_0 partition. At this point the example code updates the ota_data partition to indicate the new app partition, and resets. The bootloader reads ota_data, determines the new OTA image has been selected, and runs it.
+
+
+## Workflow
+
+The OTA_workflow.png diagram demonstrates the overall workflow:
+
+![OTA Workflow diagram](../OTA_workflow.png)
+
+### Step 1: Connect to AP
+
+Connect your host PC to the same AP that you will use for the ESP8266.
+
+### Step 2: Generate the OTA Binary
+For our upgrade example OTA file, we're going to use the `get-started/project_template` example.
+
+Build the example:
+
+```
+cd $IDF_PATH/examples/get-started/project_template
+make
+cd build
+```
+
+Note: You've probably noticed there is nothing special about the "project_template" example when used for OTA updates. This is because any .bin app file which is built by ESP8266_RTOS_SDK can be used as an app image for OTA. The only difference is whether it is written to a factory partition or an OTA partition.
+
+### Step 3: Run HTTPS Server
+
+Open a new terminal and run these commands to start the HTTPS server:
+
+Generate self-signed certificate and key:
+
+*NOTE: `Common Name` of server certificate should be host-name of your server.*
+
+```
+openssl req -x509 -newkey rsa:2048 -keyout ca_key.pem -out ca_cert.pem -days 365
+
+```
+
+Copy the certificate to `server_certs` directory inside OTA example directory:
+
+```
+cp ca_cert.pem /path/to/ota/example/server_certs/
+```
+
+
+Start the HTTPS server:
+
+```
+openssl s_server -WWW -key ca_key.pem -cert ca_cert.pem -port 8070
+```
+
+Copy the generated binary(project_template.bin) into the folder in which the HTTPS server is running.  
+If you have any firewall software running that will block incoming access to port 8070, configure it to allow access while running the example.
+
+### Step 4: Build OTA Example
+
+Change back to the OTA example directory, and type `make menuconfig` to configure the OTA example. Under the "Example Configuration" submenu, fill in the following details:
+
+* WiFi SSID & Password
+* Firmware Upgrade URL. The URL will be look like this:
+
+```
+https://<host-ip-address>:<host-port>/<firmware-image-filename>
+
+for e.g,
+https://192.168.0.3:8070/project_template.bin
+```
+
+Save your changes, and type `make` to build the example.
+
+### Step 5: Flash OTA Example
+
+When flashing, use the `make flash` to flash the factory image. This command will find if partition table has ota_data partition (as in our case) then ota_data will erase to initial. 
+It allows to run the newly loaded app from a factory partition.
+
+```
+make flash
+```
+
+### Step 6: Run the OTA Example
+
+When the example starts up, it will print "Starting OTA example..." then:
+
+1. Connect to the AP with configured SSID and password.
+2. Connect to the HTTP server and download the new image.
+3. Write the image to flash, and configure the next boot from this image.
+4. Reboot
+
+## Troubleshooting
+
+### General connectivity issues
+
+* Check your PC can ping the ESP8266 at its IP, and that the IP, AP and other configuration settings are correct in menuconfig.
+* Check if any firewall software is preventing incoming connections on the PC.
+* Check whether you can see the configured file (default project_template.bin), by checking the output of following command:
+
+ ```
+ curl -v https://<host-ip-address>:<host-port>/<firmware-image-filename>
+ ```
+
+* If you have another PC or a phone, try viewing the file listing from the separate host.
+
+### Error "ota_begin error err=0x104"
+
+If you see this error then check that the configured (and actual) flash size is large enough for the partitions in the partition table. The default "two OTA slots" partition table only works with 4MB flash size. To use OTA with smaller flash sizes, create a custom partition table CSV (look in components/partition_table) and configure it in menuconfig.
+
+If changing partition layout, it is usually wise to run "make erase_flash" between steps.
+
+### Error "mbedtls error: 0x7200"
+        
+CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN = 16384 is set in sdkconfig.defaults in this example and this value(16384) is required to comply fully with TLS standards.
+        
+You can set a lower value to save RAM if the other end of the connection supports Maximum Fragment Length Negotiation Extension (max_fragment_length, see RFC6066) or you know for certain that it will never send a message longer than a certain number of bytes.
+If the value is set too low, symptoms are a failed TLS handshake or a return value of MBEDTLS_ERR_SSL_INVALID_RECORD (-0x7200).

examples/system/ota/main/ota_example_main.c renamed to examples/system/ota/native_ota/main/ota_example_main.c

@@ -0,0 +1,8 @@
+set(COMPONENT_SRCS "simple_ota_example.c")
+set(COMPONENT_ADD_INCLUDEDIRS ".")
+
+
+# Embed the server root certificate into the final binary
+set(COMPONENT_EMBED_TXTFILES ${PROJECT_PATH}/server_certs/ca_cert.pem)
+
+register_component()

examples/system/ota/partitions_two_ota.1MB.mini.csv renamed to examples/system/ota/native_ota/partitions_two_ota.1MB.mini.csv

@@ -0,0 +1,21 @@
+menu "Example Configuration"
+
+config WIFI_SSID
+    string "WiFi SSID"
+    default "myssid"
+    help
+	SSID (network name) for the example to connect to.
+
+config WIFI_PASSWORD
+    string "WiFi Password"
+    default "mypassword"
+    help
+	WiFi password (WPA or WPA2) for the example to use.
+
+config FIRMWARE_UPGRADE_URL
+    string "firmware upgrade url endpoint"
+    default "https://192.168.0.3:8070/hello-world.bin"
+    help
+        URL of server which hosts the firmware
+        image.
+endmenu

examples/system/ota/partitions_two_ota_v2tov3.1MB.csv renamed to examples/system/ota/native_ota/partitions_two_ota_v2tov3.1MB.csv

@@ -0,0 +1,6 @@
+#
+# "main" pseudo-component makefile.
+#
+# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
+
+COMPONENT_EMBED_TXTFILES :=  ${PROJECT_PATH}/server_certs/ca_cert.pem