len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-10-15 01:07:47 -04:00
Code Issues Projects Releases Packages Wiki Activity

Minor changes to wolfSSL MQTT demo files (#493)

Browse source 
* Clean up demo config for wolfSSL mutual auth. 
* Add comment about picking the correct ROOT CA.
* uncrustify using_wolfSSL.c and some other code style changes.
* Apply suggestions from code review

Co-authored-by: Archit Aggarwal <architag@amazon.com>
This commit is contained in:
Carl Lundin 2021-02-04 16:17:34 -08:00 committed by GitHub
parent dfdf2ddf1f
commit a78cb45d12
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 154 additions and 136 deletions
Download patch file Download diff file Expand all files Collapse all files

39
FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth_wolfSSL/demo_config.h
View file

@ -76,7 +76,7 @@ extern void vLoggingPrintf(const char* pcFormatString,
* *
* #define democonfigCLIENT_IDENTIFIER "insert here." * #define democonfigCLIENT_IDENTIFIER "insert here."
*/ */
#define democonfigCLIENT_IDENTIFIER "demoDevice"
/** /**
* @brief Endpoint of the MQTT broker to connect to. * @brief Endpoint of the MQTT broker to connect to.
* *
@ -91,7 +91,7 @@ extern void vLoggingPrintf(const char* pcFormatString,
* *
* #define democonfigMQTT_BROKER_ENDPOINT "...insert here..." * #define democonfigMQTT_BROKER_ENDPOINT "...insert here..."
*/ */
#define democonfigMQTT_BROKER_ENDPOINT "...insert here..."
/** /**
* @brief The port to use for the demo. * @brief The port to use for the demo.
* *
@ -102,7 +102,7 @@ extern void vLoggingPrintf(const char* pcFormatString,
* *
* #define democonfigMQTT_BROKER_PORT "...insert here..." * #define democonfigMQTT_BROKER_PORT "...insert here..."
*/ */
#define democonfigMQTT_BROKER_PORT 8883
/** /**
* @brief Server's root CA certificate. * @brief Server's root CA certificate.
* *
@ -111,16 +111,19 @@ extern void vLoggingPrintf(const char* pcFormatString,
* in the link below. * in the link below.
* https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html#server-authentication-certs * https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html#server-authentication-certs
* *
* @note This certificate should be PEM-encoded.
* *
* Must include the PEM header and footer: * @note This certificate should be PEM-encoded.
* "-----BEGIN CERTIFICATE-----\n"\ * @note Define the path to the certificate, do not copy and paste the certificate
* "...base64 data...\n"\ * contents to this macro.
* "-----END CERTIFICATE-----\n" * @warning If wolfSSL cannot verify the peer when connecting to AWS IoT, try
* using the root CA of Starfield Services found at
* https://www.amazontrust.com/repository/SFSRootCAG2.pem.
* wolfSSL requires that the whole CA certificate chain is trusted. AWS
* certificates are cross signed by this CA.
* *
* #define democonfigROOT_CA_PEM "...insert here..." * #define democonfigROOT_CA_PEM "...insert here..."
*/ */
#define democonfigROOT_CA_PEM "...insert here..."
/** /**
* @brief Client certificate. * @brief Client certificate.
* *
@ -129,15 +132,12 @@ extern void vLoggingPrintf(const char* pcFormatString,
* https://docs.aws.amazon.com/iot/latest/developerguide/client-authentication.html * https://docs.aws.amazon.com/iot/latest/developerguide/client-authentication.html
* *
* @note This certificate should be PEM-encoded. * @note This certificate should be PEM-encoded.
* * @note Define the path to the certificate, do not copy and paste the certificate
* Must include the PEM header and footer: * contents to this macro.
* "-----BEGIN CERTIFICATE-----\n"\
* "...base64 data...\n"\
* "-----END CERTIFICATE-----\n"
* *
* #define democonfigCLIENT_CERTIFICATE_PEM "...insert here..." * #define democonfigCLIENT_CERTIFICATE_PEM "...insert here..."
*/ */
#define democonfigCLIENT_CERTIFICATE_PEM "...insert here..."
/** /**
* @brief Client's private key. * @brief Client's private key.
* *
@ -146,15 +146,12 @@ extern void vLoggingPrintf(const char* pcFormatString,
* https://docs.aws.amazon.com/iot/latest/developerguide/client-authentication.html * https://docs.aws.amazon.com/iot/latest/developerguide/client-authentication.html
* *
* @note This private key should be PEM-encoded. * @note This private key should be PEM-encoded.
* * @note define the path to the certificate, do not copy and paste the certificate
* Must include the PEM header and footer: * contents to this macro.
* "-----BEGIN RSA PRIVATE KEY-----\n"\
* "...base64 data...\n"\
* "-----END RSA PRIVATE KEY-----\n"
* *
* #define democonfigCLIENT_PRIVATE_KEY_PEM "...insert here..." * #define democonfigCLIENT_PRIVATE_KEY_PEM "...insert here..."
*/ */
#define democonfigCLIENT_PRIVATE_KEY_PEM "...insert here..."
/** /**
* @brief Set the stack size of the main demo task. * @brief Set the stack size of the main demo task.
* *

47
FreeRTOS-Plus/Source/Application-Protocols/network_transport/freertos_plus_tcp/using_wolfSSL/using_wolfSSL.c
View file

@ -98,7 +98,10 @@ static TlsTransportStatus_t initTLS(void);
* *
* @return received size( > 0 ), #WOLFSSL_CBIO_ERR_CONN_CLOSE, #WOLFSSL_CBIO_ERR_WANT_READ. * @return received size( > 0 ), #WOLFSSL_CBIO_ERR_CONN_CLOSE, #WOLFSSL_CBIO_ERR_WANT_READ.
*/ */
static int wolfSSL_IORecvGlue(WOLFSSL* ssl, char* buf, int sz, void* context); static int wolfSSL_IORecvGlue( WOLFSSL * ssl,
char * buf,
int sz,
void * context );
/* /*
* @brief Send date to the socket passed as the context * @brief Send date to the socket passed as the context
@ -110,21 +113,26 @@ static int wolfSSL_IORecvGlue(WOLFSSL* ssl, char* buf, int sz, void* context);
* *
* @return received size( > 0 ), #WOLFSSL_CBIO_ERR_CONN_CLOSE, #WOLFSSL_CBIO_ERR_WANT_WRITE. * @return received size( > 0 ), #WOLFSSL_CBIO_ERR_CONN_CLOSE, #WOLFSSL_CBIO_ERR_WANT_WRITE.
*/ */
static int wolfSSL_IOSendGlue(WOLFSSL* ssl, char* buf, int sz, void* context); static int wolfSSL_IOSendGlue( WOLFSSL * ssl,
char * buf,
int sz,
void * context );
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
static int wolfSSL_IORecvGlue(WOLFSSL* ssl, char* buf, int sz, void* context) static int wolfSSL_IORecvGlue( WOLFSSL * ssl,
char * buf,
int sz,
void * context )
{ {
( void ) ssl; /* to prevent unused warning*/ ( void ) ssl; /* to prevent unused warning*/
BaseType_t read = 0;
Socket_t xSocket = ( Socket_t ) context; Socket_t xSocket = ( Socket_t ) context;
BaseType_t read;
read = FreeRTOS_recv( xSocket, ( void * ) buf, ( size_t ) sz, 0 ); read = FreeRTOS_recv( xSocket, ( void * ) buf, ( size_t ) sz, 0 );
if( ( read == 0 ) || if( ( read == 0 ) ||
( read == -pdFREERTOS_ERRNO_EWOULDBLOCK ) ) ( read == -pdFREERTOS_ERRNO_EWOULDBLOCK ) )
{ {
@ -138,16 +146,18 @@ static int wolfSSL_IORecvGlue(WOLFSSL* ssl, char* buf, int sz, void* context)
{ {
/* do nothing */ /* do nothing */
} }
return ( int ) read; return ( int ) read;
} }
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
static int wolfSSL_IOSendGlue(WOLFSSL* ssl, char* buf, int sz, void* context) static int wolfSSL_IOSendGlue( WOLFSSL * ssl,
char * buf,
int sz,
void * context )
{ {
( void ) ssl; /* to prevent unused warning*/ ( void ) ssl; /* to prevent unused warning*/
Socket_t xSocket = ( Socket_t ) context; Socket_t xSocket = ( Socket_t ) context;
BaseType_t sent = FreeRTOS_send( xSocket, ( void * ) buf, ( size_t ) sz, 0 ); BaseType_t sent = FreeRTOS_send( xSocket, ( void * ) buf, ( size_t ) sz, 0 );
if( sent == -pdFREERTOS_ERRNO_EWOULDBLOCK ) if( sent == -pdFREERTOS_ERRNO_EWOULDBLOCK )
@ -162,6 +172,7 @@ static int wolfSSL_IOSendGlue(WOLFSSL* ssl, char* buf, int sz, void* context)
{ {
/* do nothing */ /* do nothing */
} }
return ( int ) sent; return ( int ) sent;
} }
@ -185,8 +196,7 @@ static TlsTransportStatus_t tlsSetup(NetworkContext_t* pNetCtx,
const NetworkCredentials_t * pNetCred ) const NetworkCredentials_t * pNetCred )
{ {
TlsTransportStatus_t returnStatus = TLS_TRANSPORT_SUCCESS; TlsTransportStatus_t returnStatus = TLS_TRANSPORT_SUCCESS;
Socket_t xSocket = { 0 };
/*char errString[80];*/
configASSERT( pNetCtx != NULL ); configASSERT( pNetCtx != NULL );
configASSERT( pHostName != NULL ); configASSERT( pHostName != NULL );
@ -194,7 +204,6 @@ static TlsTransportStatus_t tlsSetup(NetworkContext_t* pNetCtx,
configASSERT( pNetCred->pRootCa != NULL ); configASSERT( pNetCred->pRootCa != NULL );
configASSERT( pNetCtx->tcpSocket != NULL ); configASSERT( pNetCtx->tcpSocket != NULL );
if( pNetCtx->sslContext.ctx == NULL ) if( pNetCtx->sslContext.ctx == NULL )
{ {
/* Attempt to create a context that uses the TLS 1.3 or 1.2 */ /* Attempt to create a context that uses the TLS 1.3 or 1.2 */
@ -222,7 +231,7 @@ static TlsTransportStatus_t tlsSetup(NetworkContext_t* pNetCtx,
if( pNetCtx->sslContext.ssl != NULL ) if( pNetCtx->sslContext.ssl != NULL )
{ {
Socket_t xSocket = pNetCtx->tcpSocket; xSocket = pNetCtx->tcpSocket;
/* set Recv/Send glue functions to the WOLFSSL object */ /* set Recv/Send glue functions to the WOLFSSL object */
wolfSSL_SSLSetIORecv( pNetCtx->sslContext.ssl, wolfSSL_SSLSetIORecv( pNetCtx->sslContext.ssl,
@ -383,6 +392,7 @@ TlsTransportStatus_t TLS_FreeRTOS_Connect( NetworkContext_t * pNetworkContext,
void TLS_FreeRTOS_Disconnect( NetworkContext_t * pNetworkContext ) void TLS_FreeRTOS_Disconnect( NetworkContext_t * pNetworkContext )
{ {
WOLFSSL * pSsl = pNetworkContext->sslContext.ssl; WOLFSSL * pSsl = pNetworkContext->sslContext.ssl;
WOLFSSL_CTX * pCtx = NULL;
/* shutdown an active TLS connection */ /* shutdown an active TLS connection */
wolfSSL_shutdown( pSsl ); wolfSSL_shutdown( pSsl );
@ -395,7 +405,8 @@ void TLS_FreeRTOS_Disconnect( NetworkContext_t * pNetworkContext )
Sockets_Disconnect( pNetworkContext->tcpSocket ); Sockets_Disconnect( pNetworkContext->tcpSocket );
/* free WOLFSSL_CTX object*/ /* free WOLFSSL_CTX object*/
WOLFSSL_CTX* pCtx = pNetworkContext->sslContext.ctx; pCtx = pNetworkContext->sslContext.ctx;
wolfSSL_CTX_free( pCtx ); wolfSSL_CTX_free( pCtx );
pNetworkContext->sslContext.ctx = NULL; pNetworkContext->sslContext.ctx = NULL;
@ -415,15 +426,20 @@ int32_t TLS_FreeRTOS_recv( NetworkContext_t * pNetworkContext,
iResult = wolfSSL_read( pSsl, pBuffer, bytesToRecv ); iResult = wolfSSL_read( pSsl, pBuffer, bytesToRecv );
if( iResult > 0 ) if( iResult > 0 )
{
tlsStatus = iResult; tlsStatus = iResult;
}
else if( wolfSSL_want_read( pSsl ) == 1 ) else if( wolfSSL_want_read( pSsl ) == 1 )
{
tlsStatus = 0; tlsStatus = 0;
}
else else
{ {
tlsStatus = wolfSSL_state( pSsl ); tlsStatus = wolfSSL_state( pSsl );
LogError( ( "Error from wolfSSL_read %d : %s ", LogError( ( "Error from wolfSSL_read %d : %s ",
iResult, wolfSSL_ERR_reason_error_string( tlsStatus ) ) ); iResult, wolfSSL_ERR_reason_error_string( tlsStatus ) ) );
} }
return tlsStatus; return tlsStatus;
} }
@ -440,15 +456,20 @@ int32_t TLS_FreeRTOS_send( NetworkContext_t * pNetworkContext,
iResult = wolfSSL_write( pSsl, pBuffer, bytesToSend ); iResult = wolfSSL_write( pSsl, pBuffer, bytesToSend );
if( iResult > 0 ) if( iResult > 0 )
{
tlsStatus = iResult; tlsStatus = iResult;
}
else if( wolfSSL_want_write( pSsl ) == 1 ) else if( wolfSSL_want_write( pSsl ) == 1 )
{
tlsStatus = 0; tlsStatus = 0;
}
else else
{ {
tlsStatus = wolfSSL_state( pSsl ); tlsStatus = wolfSSL_state( pSsl );
LogError( ( "Error from wolfSL_write %d : %s ", LogError( ( "Error from wolfSL_write %d : %s ",
iResult, wolfSSL_ERR_reason_error_string( tlsStatus ) ) ); iResult, wolfSSL_ERR_reason_error_string( tlsStatus ) ) );
} }
return tlsStatus; return tlsStatus;
} }
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/