github-forks
/
FreeRTOS
mirror of https://github.com/FreeRTOS/FreeRTOS.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Minor changes to wolfSSL MQTT demo files (#493)

Browse Source 
* Clean up demo config for wolfSSL mutual auth. 
* Add comment about picking the correct ROOT CA.
* uncrustify using_wolfSSL.c and some other code style changes.
* Apply suggestions from code review

Co-authored-by: Archit Aggarwal <architag@amazon.com>
pull/494/head^2
Carl Lundin 4 years ago committed by GitHub
parent dfdf2ddf1f
commit a78cb45d12
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 153 additions and 135 deletions
Show Stats Download Patch File Download Diff File

39
FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth_wolfSSL/demo_config.h
Unescape Escape View File

@ -76,7 +76,7 @@ extern void vLoggingPrintf(const char* pcFormatString,
* *
* #define democonfigCLIENT_IDENTIFIER "insert here." * #define democonfigCLIENT_IDENTIFIER "insert here."
*/ */
#define democonfigCLIENT_IDENTIFIER "demoDevice"
/** /**
* @brief Endpoint of the MQTT broker to connect to. * @brief Endpoint of the MQTT broker to connect to.
* *
@ -91,7 +91,7 @@ extern void vLoggingPrintf(const char* pcFormatString,
* *
* #define democonfigMQTT_BROKER_ENDPOINT "...insert here..." * #define democonfigMQTT_BROKER_ENDPOINT "...insert here..."
*/ */
#define democonfigMQTT_BROKER_ENDPOINT "...insert here..."
/** /**
* @brief The port to use for the demo. * @brief The port to use for the demo.
* *
@ -102,7 +102,7 @@ extern void vLoggingPrintf(const char* pcFormatString,
* *
* #define democonfigMQTT_BROKER_PORT "...insert here..." * #define democonfigMQTT_BROKER_PORT "...insert here..."
*/ */
#define democonfigMQTT_BROKER_PORT 8883
/** /**
* @brief Server's root CA certificate. * @brief Server's root CA certificate.
* *
@ -111,16 +111,19 @@ extern void vLoggingPrintf(const char* pcFormatString,
* in the link below. * in the link below.
* https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html#server-authentication-certs * https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html#server-authentication-certs
* *
* @note This certificate should be PEM-encoded.
* *
* Must include the PEM header and footer: * @note This certificate should be PEM-encoded.
* "-----BEGIN CERTIFICATE-----\n"\ * @note Define the path to the certificate, do not copy and paste the certificate
* "...base64 data...\n"\ * contents to this macro.
* "-----END CERTIFICATE-----\n" * @warning If wolfSSL cannot verify the peer when connecting to AWS IoT, try
* using the root CA of Starfield Services found at
* https://www.amazontrust.com/repository/SFSRootCAG2.pem.
* wolfSSL requires that the whole CA certificate chain is trusted. AWS
* certificates are cross signed by this CA.
* *
* #define democonfigROOT_CA_PEM "...insert here..." * #define democonfigROOT_CA_PEM "...insert here..."
*/ */
#define democonfigROOT_CA_PEM "...insert here..."
/** /**
* @brief Client certificate. * @brief Client certificate.
* *
@ -129,15 +132,12 @@ extern void vLoggingPrintf(const char* pcFormatString,
* https://docs.aws.amazon.com/iot/latest/developerguide/client-authentication.html * https://docs.aws.amazon.com/iot/latest/developerguide/client-authentication.html
* *
* @note This certificate should be PEM-encoded. * @note This certificate should be PEM-encoded.
* * @note Define the path to the certificate, do not copy and paste the certificate
* Must include the PEM header and footer: * contents to this macro.
* "-----BEGIN CERTIFICATE-----\n"\
* "...base64 data...\n"\
* "-----END CERTIFICATE-----\n"
* *
* #define democonfigCLIENT_CERTIFICATE_PEM "...insert here..." * #define democonfigCLIENT_CERTIFICATE_PEM "...insert here..."
*/ */
#define democonfigCLIENT_CERTIFICATE_PEM "...insert here..."
/** /**
* @brief Client's private key. * @brief Client's private key.
* *
@ -146,15 +146,12 @@ extern void vLoggingPrintf(const char* pcFormatString,
* https://docs.aws.amazon.com/iot/latest/developerguide/client-authentication.html * https://docs.aws.amazon.com/iot/latest/developerguide/client-authentication.html
* *
* @note This private key should be PEM-encoded. * @note This private key should be PEM-encoded.
* * @note define the path to the certificate, do not copy and paste the certificate
* Must include the PEM header and footer: * contents to this macro.
* "-----BEGIN RSA PRIVATE KEY-----\n"\
* "...base64 data...\n"\
* "-----END RSA PRIVATE KEY-----\n"
* *
* #define democonfigCLIENT_PRIVATE_KEY_PEM "...insert here..." * #define democonfigCLIENT_PRIVATE_KEY_PEM "...insert here..."
*/ */
#define democonfigCLIENT_PRIVATE_KEY_PEM "...insert here..."
/** /**
* @brief Set the stack size of the main demo task. * @brief Set the stack size of the main demo task.
* *

227
FreeRTOS-Plus/Source/Application-Protocols/network_transport/freertos_plus_tcp/using_wolfSSL/using_wolfSSL.c
Unescape Escape View File

@ -86,51 +86,59 @@ static TlsTransportStatus_t tlsSetup( NetworkContext_t * pNetworkContext,
* *
* @return #TLS_TRANSPORT_SUCCESS, #TLS_TRANSPORT_INSUFFICIENT_MEMORY, or #TLS_TRANSPORT_INTERNAL_ERROR. * @return #TLS_TRANSPORT_SUCCESS, #TLS_TRANSPORT_INSUFFICIENT_MEMORY, or #TLS_TRANSPORT_INTERNAL_ERROR.
*/ */
static TlsTransportStatus_t initTLS(void); static TlsTransportStatus_t initTLS( void );
/* /*
* @brief Receive date from the socket passed as the context * @brief Receive date from the socket passed as the context
* *
* @param[in] ssl WOLFSSL object. * @param[in] ssl WOLFSSL object.
* @param[in] buf Buffer for received data * @param[in] buf Buffer for received data
* @param[in] sz Size to receive * @param[in] sz Size to receive
* @param[in] context Socket to be received from * @param[in] context Socket to be received from
* *
* @return received size( > 0 ), #WOLFSSL_CBIO_ERR_CONN_CLOSE, #WOLFSSL_CBIO_ERR_WANT_READ. * @return received size( > 0 ), #WOLFSSL_CBIO_ERR_CONN_CLOSE, #WOLFSSL_CBIO_ERR_WANT_READ.
*/ */
static int wolfSSL_IORecvGlue(WOLFSSL* ssl, char* buf, int sz, void* context); static int wolfSSL_IORecvGlue( WOLFSSL * ssl,
char * buf,
int sz,
void * context );
/* /*
* @brief Send date to the socket passed as the context * @brief Send date to the socket passed as the context
* *
* @param[in] ssl WOLFSSL object. * @param[in] ssl WOLFSSL object.
* @param[in] buf Buffer for data to be sent * @param[in] buf Buffer for data to be sent
* @param[in] sz Size to send * @param[in] sz Size to send
* @param[in] context Socket to be sent to * @param[in] context Socket to be sent to
* *
* @return received size( > 0 ), #WOLFSSL_CBIO_ERR_CONN_CLOSE, #WOLFSSL_CBIO_ERR_WANT_WRITE. * @return received size( > 0 ), #WOLFSSL_CBIO_ERR_CONN_CLOSE, #WOLFSSL_CBIO_ERR_WANT_WRITE.
*/ */
static int wolfSSL_IOSendGlue(WOLFSSL* ssl, char* buf, int sz, void* context); static int wolfSSL_IOSendGlue( WOLFSSL * ssl,
char * buf,
int sz,
void * context );
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
static int wolfSSL_IORecvGlue(WOLFSSL* ssl, char* buf, int sz, void* context) static int wolfSSL_IORecvGlue( WOLFSSL * ssl,
char * buf,
int sz,
void * context )
{ {
( void )ssl; /* to prevent unused warning*/ ( void ) ssl; /* to prevent unused warning*/
BaseType_t read = 0;
Socket_t xSocket = (Socket_t)context;
BaseType_t read; Socket_t xSocket = ( Socket_t ) context;
read = FreeRTOS_recv(xSocket, (void*)buf, (size_t)sz, 0);
read = FreeRTOS_recv( xSocket, ( void * ) buf, ( size_t ) sz, 0 );
if ((read == 0 ) || if( ( read == 0 ) ||
(read == -pdFREERTOS_ERRNO_EWOULDBLOCK)) ( read == -pdFREERTOS_ERRNO_EWOULDBLOCK ) )
{ {
read = WOLFSSL_CBIO_ERR_WANT_READ; read = WOLFSSL_CBIO_ERR_WANT_READ;
} }
else if (read == -pdFREERTOS_ERRNO_ENOTCONN) else if( read == -pdFREERTOS_ERRNO_ENOTCONN )
{ {
read = WOLFSSL_CBIO_ERR_CONN_CLOSE; read = WOLFSSL_CBIO_ERR_CONN_CLOSE;
} }
@ -138,23 +146,25 @@ static int wolfSSL_IORecvGlue(WOLFSSL* ssl, char* buf, int sz, void* context)
{ {
/* do nothing */ /* do nothing */
} }
return (int)read;
return ( int ) read;
} }
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
static int wolfSSL_IOSendGlue(WOLFSSL* ssl, char* buf, int sz, void* context) static int wolfSSL_IOSendGlue( WOLFSSL * ssl,
char * buf,
int sz,
void * context )
{ {
( void )ssl; /* to prevent unused warning*/ ( void ) ssl; /* to prevent unused warning*/
Socket_t xSocket = ( Socket_t ) context;
Socket_t xSocket = (Socket_t)context; BaseType_t sent = FreeRTOS_send( xSocket, ( void * ) buf, ( size_t ) sz, 0 );
BaseType_t sent = FreeRTOS_send(xSocket, (void*)buf, (size_t)sz, 0); if( sent == -pdFREERTOS_ERRNO_EWOULDBLOCK )
if ( sent == -pdFREERTOS_ERRNO_EWOULDBLOCK )
{ {
sent = WOLFSSL_CBIO_ERR_WANT_WRITE; sent = WOLFSSL_CBIO_ERR_WANT_WRITE;
} }
else if ( sent == -pdFREERTOS_ERRNO_ENOTCONN ) else if( sent == -pdFREERTOS_ERRNO_ENOTCONN )
{ {
sent = WOLFSSL_CBIO_ERR_CONN_CLOSE; sent = WOLFSSL_CBIO_ERR_CONN_CLOSE;
} }
@ -162,135 +172,134 @@ static int wolfSSL_IOSendGlue(WOLFSSL* ssl, char* buf, int sz, void* context)
{ {
/* do nothing */ /* do nothing */
} }
return (int)sent;
return ( int ) sent;
} }
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
static TlsTransportStatus_t initTLS(void) static TlsTransportStatus_t initTLS( void )
{ {
/* initialize wolfSSL */ /* initialize wolfSSL */
wolfSSL_Init(); wolfSSL_Init();
#ifdef DEBUG_WOLFSSL #ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON(); wolfSSL_Debugging_ON();
#endif #endif
return TLS_TRANSPORT_SUCCESS; return TLS_TRANSPORT_SUCCESS;
} }
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/
static TlsTransportStatus_t tlsSetup(NetworkContext_t* pNetCtx, static TlsTransportStatus_t tlsSetup( NetworkContext_t * pNetCtx,
const char* pHostName, const char * pHostName,
const NetworkCredentials_t* pNetCred ) const NetworkCredentials_t * pNetCred )
{ {
TlsTransportStatus_t returnStatus = TLS_TRANSPORT_SUCCESS; TlsTransportStatus_t returnStatus = TLS_TRANSPORT_SUCCESS;
Socket_t xSocket = { 0 };
/*char errString[80];*/ configASSERT( pNetCtx != NULL );
configASSERT( pHostName != NULL );
configASSERT(pNetCtx != NULL); configASSERT( pNetCred != NULL );
configASSERT(pHostName != NULL); configASSERT( pNetCred->pRootCa != NULL );
configASSERT(pNetCred != NULL); configASSERT( pNetCtx->tcpSocket != NULL );
configASSERT(pNetCred->pRootCa != NULL);
configASSERT(pNetCtx->tcpSocket != NULL);
if (pNetCtx->sslContext.ctx == NULL ) if( pNetCtx->sslContext.ctx == NULL )
{ {
/* Attempt to create a context that uses the TLS 1.3 or 1.2 */ /* Attempt to create a context that uses the TLS 1.3 or 1.2 */
pNetCtx->sslContext.ctx = pNetCtx->sslContext.ctx =
wolfSSL_CTX_new( wolfSSLv23_client_method_ex( NULL ) ); wolfSSL_CTX_new( wolfSSLv23_client_method_ex( NULL ) );
} }
if (pNetCtx->sslContext.ctx != NULL ) if( pNetCtx->sslContext.ctx != NULL )
{ {
/* attempt to load ca cert file, client cert file and client private key file */ /* attempt to load ca cert file, client cert file and client private key file */
if( wolfSSL_CTX_load_verify_locations( pNetCtx->sslContext.ctx, if( wolfSSL_CTX_load_verify_locations( pNetCtx->sslContext.ctx,
(const char*)(pNetCred->pRootCa), NULL) == SSL_SUCCESS ) ( const char * ) ( pNetCred->pRootCa ), NULL ) == SSL_SUCCESS )
{ {
if( wolfSSL_CTX_use_certificate_file(pNetCtx->sslContext.ctx, if( wolfSSL_CTX_use_certificate_file( pNetCtx->sslContext.ctx,
(const char*)(pNetCred->pClientCert), SSL_FILETYPE_PEM) ( const char * ) ( pNetCred->pClientCert ), SSL_FILETYPE_PEM )
== SSL_SUCCESS ) == SSL_SUCCESS )
{ {
if ( wolfSSL_CTX_use_PrivateKey_file(pNetCtx->sslContext.ctx, if( wolfSSL_CTX_use_PrivateKey_file( pNetCtx->sslContext.ctx,
(const char*)(pNetCred->pPrivateKey), SSL_FILETYPE_PEM) ( const char * ) ( pNetCred->pPrivateKey ), SSL_FILETYPE_PEM )
== SSL_SUCCESS) == SSL_SUCCESS )
{ {
/* create a ssl object */ /* create a ssl object */
pNetCtx->sslContext.ssl = pNetCtx->sslContext.ssl =
wolfSSL_new(pNetCtx->sslContext.ctx); wolfSSL_new( pNetCtx->sslContext.ctx );
if (pNetCtx->sslContext.ssl != NULL) if( pNetCtx->sslContext.ssl != NULL )
{ {
Socket_t xSocket = pNetCtx->tcpSocket; xSocket = pNetCtx->tcpSocket;
/* set Recv/Send glue functions to the WOLFSSL object */ /* set Recv/Send glue functions to the WOLFSSL object */
wolfSSL_SSLSetIORecv(pNetCtx->sslContext.ssl, wolfSSL_SSLSetIORecv( pNetCtx->sslContext.ssl,
wolfSSL_IORecvGlue); wolfSSL_IORecvGlue );
wolfSSL_SSLSetIOSend(pNetCtx->sslContext.ssl, wolfSSL_SSLSetIOSend( pNetCtx->sslContext.ssl,
wolfSSL_IOSendGlue); wolfSSL_IOSendGlue );
/* set socket as a context of read/send glue funcs */ /* set socket as a context of read/send glue funcs */
wolfSSL_SetIOReadCtx(pNetCtx->sslContext.ssl, xSocket); wolfSSL_SetIOReadCtx( pNetCtx->sslContext.ssl, xSocket );
wolfSSL_SetIOWriteCtx(pNetCtx->sslContext.ssl, xSocket); wolfSSL_SetIOWriteCtx( pNetCtx->sslContext.ssl, xSocket );
/* let wolfSSL perform tls handshake */ /* let wolfSSL perform tls handshake */
if (wolfSSL_connect(pNetCtx->sslContext.ssl) if( wolfSSL_connect( pNetCtx->sslContext.ssl )
== SSL_SUCCESS) == SSL_SUCCESS )
{ {
returnStatus = TLS_TRANSPORT_SUCCESS; returnStatus = TLS_TRANSPORT_SUCCESS;
} }
else else
{ {
wolfSSL_shutdown(pNetCtx->sslContext.ssl); wolfSSL_shutdown( pNetCtx->sslContext.ssl );
wolfSSL_free(pNetCtx->sslContext.ssl); wolfSSL_free( pNetCtx->sslContext.ssl );
pNetCtx->sslContext.ssl = NULL; pNetCtx->sslContext.ssl = NULL;
wolfSSL_CTX_free(pNetCtx->sslContext.ctx); wolfSSL_CTX_free( pNetCtx->sslContext.ctx );
pNetCtx->sslContext.ctx = NULL; pNetCtx->sslContext.ctx = NULL;
LogError(("Failed to establish a TLS connection")); LogError( ( "Failed to establish a TLS connection" ) );
returnStatus = TLS_TRANSPORT_HANDSHAKE_FAILED; returnStatus = TLS_TRANSPORT_HANDSHAKE_FAILED;
} }
} }
else else
{ {
wolfSSL_CTX_free(pNetCtx->sslContext.ctx); wolfSSL_CTX_free( pNetCtx->sslContext.ctx );
pNetCtx->sslContext.ctx = NULL; pNetCtx->sslContext.ctx = NULL;
LogError(("Failed to create wolfSSL object")); LogError( ( "Failed to create wolfSSL object" ) );
returnStatus = TLS_TRANSPORT_INTERNAL_ERROR; returnStatus = TLS_TRANSPORT_INTERNAL_ERROR;
} }
} }
else else
{ {
wolfSSL_CTX_free(pNetCtx->sslContext.ctx); wolfSSL_CTX_free( pNetCtx->sslContext.ctx );
pNetCtx->sslContext.ctx = NULL; pNetCtx->sslContext.ctx = NULL;
LogError(("Failed to load client-private-key file")); LogError( ( "Failed to load client-private-key file" ) );
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS; returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
} }
} }
else else
{ {
wolfSSL_CTX_free(pNetCtx->sslContext.ctx); wolfSSL_CTX_free( pNetCtx->sslContext.ctx );
pNetCtx->sslContext.ctx = NULL; pNetCtx->sslContext.ctx = NULL;
LogError(("Failed to load client-certificate file")); LogError( ( "Failed to load client-certificate file" ) );
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS; returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
} }
} }
else else
{ {
wolfSSL_CTX_free(pNetCtx->sslContext.ctx); wolfSSL_CTX_free( pNetCtx->sslContext.ctx );
pNetCtx->sslContext.ctx = NULL; pNetCtx->sslContext.ctx = NULL;
LogError(("Failed to load ca-certificate file")); LogError( ( "Failed to load ca-certificate file" ) );
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS; returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
} }
} }
else else
{ {
LogError(("Failed to create a wolfSSL_CTX")); LogError( ( "Failed to create a wolfSSL_CTX" ) );
returnStatus = TLS_TRANSPORT_CONNECT_FAILURE; returnStatus = TLS_TRANSPORT_CONNECT_FAILURE;
} }
@ -382,21 +391,23 @@ TlsTransportStatus_t TLS_FreeRTOS_Connect( NetworkContext_t * pNetworkContext,
void TLS_FreeRTOS_Disconnect( NetworkContext_t * pNetworkContext ) void TLS_FreeRTOS_Disconnect( NetworkContext_t * pNetworkContext )
{ {
WOLFSSL* pSsl = pNetworkContext->sslContext.ssl; WOLFSSL * pSsl = pNetworkContext->sslContext.ssl;
WOLFSSL_CTX * pCtx = NULL;
/* shutdown an active TLS connection */ /* shutdown an active TLS connection */
wolfSSL_shutdown(pSsl); wolfSSL_shutdown( pSsl );
/* cleanup WOLFSSL object */ /* cleanup WOLFSSL object */
wolfSSL_free(pSsl); wolfSSL_free( pSsl );
pNetworkContext->sslContext.ssl = NULL; pNetworkContext->sslContext.ssl = NULL;
/* Call socket shutdown function to close connection. */ /* Call socket shutdown function to close connection. */
Sockets_Disconnect(pNetworkContext->tcpSocket); Sockets_Disconnect( pNetworkContext->tcpSocket );
/* free WOLFSSL_CTX object*/ /* free WOLFSSL_CTX object*/
WOLFSSL_CTX* pCtx = pNetworkContext->sslContext.ctx; pCtx = pNetworkContext->sslContext.ctx;
wolfSSL_CTX_free(pCtx);
wolfSSL_CTX_free( pCtx );
pNetworkContext->sslContext.ctx = NULL; pNetworkContext->sslContext.ctx = NULL;
wolfSSL_Cleanup(); wolfSSL_Cleanup();
@ -410,20 +421,25 @@ int32_t TLS_FreeRTOS_recv( NetworkContext_t * pNetworkContext,
{ {
int32_t tlsStatus = 0; int32_t tlsStatus = 0;
int iResult = 0; int iResult = 0;
WOLFSSL* pSsl = pNetworkContext->sslContext.ssl; WOLFSSL * pSsl = pNetworkContext->sslContext.ssl;
iResult = wolfSSL_read( pSsl, pBuffer, bytesToRecv ); iResult = wolfSSL_read( pSsl, pBuffer, bytesToRecv );
if (iResult > 0) if( iResult > 0 )
{
tlsStatus = iResult; tlsStatus = iResult;
else if ( wolfSSL_want_read( pSsl ) == 1 ) }
else if( wolfSSL_want_read( pSsl ) == 1 )
{
tlsStatus = 0; tlsStatus = 0;
}
else else
{ {
tlsStatus = wolfSSL_state( pSsl ); tlsStatus = wolfSSL_state( pSsl );
LogError(("Error from wolfSSL_read %d : %s ", LogError( ( "Error from wolfSSL_read %d : %s ",
iResult, wolfSSL_ERR_reason_error_string( tlsStatus ))); iResult, wolfSSL_ERR_reason_error_string( tlsStatus ) ) );
} }
return tlsStatus; return tlsStatus;
} }
@ -435,20 +451,25 @@ int32_t TLS_FreeRTOS_send( NetworkContext_t * pNetworkContext,
{ {
int32_t tlsStatus = 0; int32_t tlsStatus = 0;
int iResult = 0; int iResult = 0;
WOLFSSL* pSsl = pNetworkContext->sslContext.ssl; WOLFSSL * pSsl = pNetworkContext->sslContext.ssl;
iResult = wolfSSL_write( pSsl, pBuffer, bytesToSend ); iResult = wolfSSL_write( pSsl, pBuffer, bytesToSend );
if (iResult > 0) if( iResult > 0 )
{
tlsStatus = iResult; tlsStatus = iResult;
else if( wolfSSL_want_write( pSsl ) == 1) }
else if( wolfSSL_want_write( pSsl ) == 1 )
{
tlsStatus = 0; tlsStatus = 0;
}
else else
{ {
tlsStatus = wolfSSL_state(pSsl); tlsStatus = wolfSSL_state( pSsl );
LogError(("Error from wolfSL_write %d : %s ", LogError( ( "Error from wolfSL_write %d : %s ",
iResult, wolfSSL_ERR_reason_error_string( tlsStatus ))); iResult, wolfSSL_ERR_reason_error_string( tlsStatus ) ) );
} }
return tlsStatus; return tlsStatus;
} }
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

Write Preview
Loading…
Cancel
Save