alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

mqtt: ssl mutual authentication example added per PR from github, corrected cmake build, updated per idf style

Browse Source 
Merges https://github.com/espressif/esp-idf/pull/2490
This commit is contained in:
David Cermak 2018-10-11 17:34:09 +02:00
parent 49df479486
commit 0cdb33c9dd
15 changed files with 107 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
components/esp-tls/esp_tls.h
View File

@ -106,12 +106,12 @@ typedef struct esp_tls {
mbedtls_x509_crt cacert; /*!< Container for the X.509 CA certificate */ mbedtls_x509_crt cacert; /*!< Container for the X.509 CA certificate */
mbedtls_x509_crt *cacert_ptr; /*!< Pointer to the cacert being used. */
mbedtls_x509_crt clientcert; /*!< Container for the X.509 client certificate */ mbedtls_x509_crt clientcert; /*!< Container for the X.509 client certificate */
mbedtls_pk_context clientkey; /*!< Container for the private key of the client mbedtls_pk_context clientkey; /*!< Container for the private key of the client
certificate */ certificate */
mbedtls_x509_crt *cacert_ptr; /*!< Pointer to the cacert being used. */
int sockfd; /*!< Underlying socket file descriptor. */ int sockfd; /*!< Underlying socket file descriptor. */

2
components/mqtt/esp-mqtt

@ -1 +1 @@
Subproject commit 85ee406d03fd84f5613c6dead1ea653e384b9559 Subproject commit a7b1cea5b3e246298607a8c64447765297626f36

6
components/tcp_transport/include/esp_transport_ssl.h
View File

@ -32,7 +32,7 @@ esp_transport_handle_t esp_transport_ssl_init();
/** /**
* @brief Set SSL certificate data (as PEM format). * @brief Set SSL certificate data (as PEM format).
* Note that, this function stores the pointer to data, rather than making a copy. * Note that, this function stores the pointer to data, rather than making a copy.
* So we need to make sure to keep the data lifetime before cleanup the connection * So this data must remain valid until after the connection is cleaned up
* *
* @param t ssl transport * @param t ssl transport
* @param[in] data The pem data * @param[in] data The pem data
@ -43,7 +43,7 @@ void esp_transport_ssl_set_cert_data(esp_transport_handle_t t, const char *data,
/** /**
* @brief Set SSL client certificate data for mutual authentication (as PEM format). * @brief Set SSL client certificate data for mutual authentication (as PEM format).
* Note that, this function stores the pointer to data, rather than making a copy. * Note that, this function stores the pointer to data, rather than making a copy.
* So we need to make sure to keep the data lifetime before cleanup the connection * So this data must remain valid until after the connection is cleaned up
* *
* @param t ssl transport * @param t ssl transport
* @param[in] data The pem data * @param[in] data The pem data
@ -54,7 +54,7 @@ void esp_transport_ssl_set_client_cert_data(esp_transport_handle_t t, const char
/** /**
* @brief Set SSL client key data for mutual authentication (as PEM format). * @brief Set SSL client key data for mutual authentication (as PEM format).
* Note that, this function stores the pointer to data, rather than making a copy. * Note that, this function stores the pointer to data, rather than making a copy.
* So we need to make sure to keep the data lifetime before cleanup the connection * So this data must remain valid until after the connection is cleaned up
* *
* @param t ssl transport * @param t ssl transport
* @param[in] data The pem data * @param[in] data The pem data

17
components/tcp_transport/transport_ssl.c
View File

@ -39,8 +39,6 @@ typedef struct {
esp_tls_t *tls; esp_tls_t *tls;
esp_tls_cfg_t cfg; esp_tls_cfg_t cfg;
bool ssl_initialized; bool ssl_initialized;
bool verify_server;
bool mutual_authentication;
transport_ssl_conn_state_t conn_state; transport_ssl_conn_state_t conn_state;
} transport_ssl_t; } transport_ssl_t;
@ -50,12 +48,6 @@ static int ssl_connect_async(esp_transport_handle_t t, const char *host, int por
{ {
transport_ssl_t *ssl = esp_transport_get_context_data(t); transport_ssl_t *ssl = esp_transport_get_context_data(t);
if (ssl->conn_state == TRANS_SSL_INIT) { if (ssl->conn_state == TRANS_SSL_INIT) {
if (ssl->cfg.cacert_pem_buf) {
ssl->verify_server = true;
}
if (ssl->cfg.clientcert_pem_buf && ssl->cfg.clientkey_pem_buf) {
ssl->mutual_authentication = true;
}
ssl->cfg.timeout_ms = timeout_ms; ssl->cfg.timeout_ms = timeout_ms;
ssl->cfg.non_block = true; ssl->cfg.non_block = true;
ssl->ssl_initialized = true; ssl->ssl_initialized = true;
@ -74,12 +66,7 @@ static int ssl_connect_async(esp_transport_handle_t t, const char *host, int por
static int ssl_connect(esp_transport_handle_t t, const char *host, int port, int timeout_ms) static int ssl_connect(esp_transport_handle_t t, const char *host, int port, int timeout_ms)
{ {
transport_ssl_t *ssl = esp_transport_get_context_data(t); transport_ssl_t *ssl = esp_transport_get_context_data(t);
if (ssl->cfg.cacert_pem_buf) {
ssl->verify_server = true;
}
if (ssl->cfg.clientcert_pem_buf && ssl->cfg.clientkey_pem_buf) {
ssl->mutual_authentication = true;
}
ssl->cfg.timeout_ms = timeout_ms; ssl->cfg.timeout_ms = timeout_ms;
ssl->ssl_initialized = true; ssl->ssl_initialized = true;
ssl->tls = esp_tls_conn_new(host, strlen(host), port, &ssl->cfg); ssl->tls = esp_tls_conn_new(host, strlen(host), port, &ssl->cfg);
@ -153,8 +140,6 @@ static int ssl_close(esp_transport_handle_t t)
if (ssl->ssl_initialized) { if (ssl->ssl_initialized) {
esp_tls_conn_delete(ssl->tls); esp_tls_conn_delete(ssl->tls);
ssl->ssl_initialized = false; ssl->ssl_initialized = false;
ssl->verify_server = false;
ssl->mutual_authentication = false;
} }
return ret; return ret;
} }

19
examples/mqtt_ssl_mutual_auth/CMakeLists.txt
View File

@ -1,19 +0,0 @@
cmake_minimum_required(VERSION 3.5)
get_filename_component(DEV_ROOT "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
set(PROJECT_ROOT "${DEV_ROOT}/")
set(SUBMODULE_ROOT "${DEV_ROOT}/../../../")
set(PROJECT_NAME "mqtt_ssl_mutual_auth")
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
set(MAIN_SRCS ${PROJECT_ROOT}/main/app_main.c)
set(EXTRA_COMPONENT_DIRS "${EXTRA_COMPONENT_DIRS} ${SUBMODULE_ROOT}")
set(BUILD_COMPONENTS "${BUILD_COMPONENTS} espmqtt")
project(${PROJECT_NAME})

16
examples/mqtt_ssl_mutual_auth/README.md
View File

@ -1,16 +0,0 @@
# ESPMQTT SSL Sample application
Navigate to the main directory
```
cd main
```
Generate a client key and a CSR. When you are generating the CSR, do not use the default values. At a minimum, the CSR must include the Country, Organisation and Common Name fields.
```
openssl genrsa -out client.key
openssl req -out client.csr -key client.key -new
```
Paste the generated CSR in the [Mosquitto test certificate signer](https://test.mosquitto.org/ssl/index.php), click Submit and copy the downloaded `client.crt` in the `main` directory.

10
examples/protocols/mqtt/ssl_mutual_auth/CMakeLists.txt Normal file
View File

@ -0,0 +1,10 @@
# The following four lines of boilerplate have to be in your project's CMakeLists
# in this exact order for cmake to work correctly
cmake_minimum_required(VERSION 3.5)
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(mqtt_ssl_mutual_auth)
target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "main/client.crt" TEXT)
target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "main/client.key" TEXT)

6
examples/mqtt_ssl_mutual_auth/Makefile → examples/protocols/mqtt/ssl_mutual_auth/Makefile
View File

@ -2,12 +2,6 @@
# This is a project Makefile. It is assumed the directory this Makefile resides in is a # This is a project Makefile. It is assumed the directory this Makefile resides in is a
# project subdirectory. # project subdirectory.
# #
#
# This is a project Makefile. It is assumed the directory this Makefile resides in is a
# project subdirectory.
#
PROJECT_NAME := mqtt_ssl_mutual_auth PROJECT_NAME := mqtt_ssl_mutual_auth
EXTRA_COMPONENT_DIRS += $(PROJECT_PATH)/../../../
include $(IDF_PATH)/make/project.mk include $(IDF_PATH)/make/project.mk

81
examples/protocols/mqtt/ssl_mutual_auth/README.md Normal file
View File

@ -0,0 +1,81 @@
# ESP-MQTT SSL Sample application (mutual authentication)
(See the README.md file in the upper level 'examples' directory for more information about examples.)
This example connects to the broker test.mosquitto.org using ssl transport with client certificate and as a demonstration subscribes/unsubscribes and send a message on certain topic.
It uses ESP-MQTT library which implements mqtt client to connect to mqtt broker.
## How to use example
### Hardware Required
This example can be executed on any ESP32 board, the only required interface is WiFi and connection to internet.
### Configure the project
```
make menuconfig
```
* Set serial port under Serial Flasher Options.
* Set ssid and password for the board to connect to AP.
* Generate your client keys and certificate
Navigate to the main directory
```
cd main
```
Generate a client key and a CSR. When you are generating the CSR, do not use the default values. At a minimum, the CSR must include the Country, Organisation and Common Name fields.
```
openssl genrsa -out client.key
openssl req -out client.csr -key client.key -new
```
Paste the generated CSR in the [Mosquitto test certificate signer](https://test.mosquitto.org/ssl/index.php), click Submit and copy the downloaded `client.crt` in the `main` directory.
Please note, that the supplied files `client.crt` and `client.key` in the `main` directory are only placeholders for your client certificate and key (i.e. the example "as is" would compile but would not connect to the broker)
### Build and Flash
Build the project and flash it to the board, then run monitor tool to view serial output:
```
make -j4 flash monitor
```
(To exit the serial monitor, type ``Ctrl-]``.)
See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects.
## Example Output
```
I (3714) event: sta ip: 192.168.0.139, mask: 255.255.255.0, gw: 192.168.0.2
I (3714) system_api: Base MAC address is not set, read default base MAC address from BLK0 of EFUSE
I (3964) MQTT_CLIENT: Sending MQTT CONNECT message, type: 1, id: 0000
I (4164) MQTTS_EXAMPLE: MQTT_EVENT_CONNECTED
I (4174) MQTTS_EXAMPLE: sent publish successful, msg_id=41464
I (4174) MQTTS_EXAMPLE: sent subscribe successful, msg_id=17886
I (4174) MQTTS_EXAMPLE: sent subscribe successful, msg_id=42970
I (4184) MQTTS_EXAMPLE: sent unsubscribe successful, msg_id=50241
I (4314) MQTTS_EXAMPLE: MQTT_EVENT_PUBLISHED, msg_id=41464
I (4484) MQTTS_EXAMPLE: MQTT_EVENT_SUBSCRIBED, msg_id=17886
I (4484) MQTTS_EXAMPLE: sent publish successful, msg_id=0
I (4684) MQTTS_EXAMPLE: MQTT_EVENT_SUBSCRIBED, msg_id=42970
I (4684) MQTTS_EXAMPLE: sent publish successful, msg_id=0
I (4884) MQTT_CLIENT: deliver_publish, message_length_read=19, message_length=19
I (4884) MQTTS_EXAMPLE: MQTT_EVENT_DATA
TOPIC=/topic/qos0
DATA=data
I (5194) MQTT_CLIENT: deliver_publish, message_length_read=19, message_length=19
I (5194) MQTTS_EXAMPLE: MQTT_EVENT_DATA
TOPIC=/topic/qos0
DATA=data
```

4
examples/protocols/mqtt/ssl_mutual_auth/main/CMakeLists.txt Normal file
View File

@ -0,0 +1,4 @@
set(COMPONENT_SRCS "app_main.c")
set(COMPONENT_ADD_INCLUDEDIRS ".")
register_component()

2
examples/mqtt_ssl_mutual_auth/main/Kconfig.projbuild → examples/protocols/mqtt/ssl_mutual_auth/main/Kconfig.projbuild
View File

@ -1,4 +1,4 @@
menu "MQTT Application sample" menu "Example Configuration"
config WIFI_SSID config WIFI_SSID
string "WiFi SSID" string "WiFi SSID"

4
examples/mqtt_ssl_mutual_auth/main/app_main.c → examples/protocols/mqtt/ssl_mutual_auth/main/app_main.c Executable file → Normal file
View File

@ -20,7 +20,7 @@
#include "esp_log.h" #include "esp_log.h"
#include "mqtt_client.h" #include "mqtt_client.h"
static const char *TAG = "MQTTS_SAMPLE"; static const char *TAG = "MQTTS_EXAMPLE";
static EventGroupHandle_t wifi_event_group; static EventGroupHandle_t wifi_event_group;
const static int CONNECTED_BIT = BIT0; const static int CONNECTED_BIT = BIT0;
@ -63,7 +63,7 @@ static void wifi_init(void)
}; };
ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA)); ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA));
ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config)); ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config));
ESP_LOGI(TAG, "start the WIFI SSID:[%s] password:[%s]", CONFIG_WIFI_SSID, "******"); ESP_LOGI(TAG, "start the WIFI SSID:[%s]", CONFIG_WIFI_SSID);
ESP_ERROR_CHECK(esp_wifi_start()); ESP_ERROR_CHECK(esp_wifi_start());
ESP_LOGI(TAG, "Waiting for wifi"); ESP_LOGI(TAG, "Waiting for wifi");
xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT, false, true, portMAX_DELAY); xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT, false, true, portMAX_DELAY);

1
examples/protocols/mqtt/ssl_mutual_auth/main/client.crt Normal file
View File

@ -0,0 +1 @@
Please paste your client certificate here (follow instructions in README.md)

1
examples/protocols/mqtt/ssl_mutual_auth/main/client.key Normal file
View File

@ -0,0 +1 @@
Please paste here your client key (follow instructions in README.md)

0
examples/mqtt_ssl_mutual_auth/main/component.mk → examples/protocols/mqtt/ssl_mutual_auth/main/component.mk
View File