mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
430b737760
components/coap/port/coap_mbedtls.c: Add in additional compile time check wrappers for different MbedTLS configurations. components/coap/CMakeLists.txt: components/coap/component.mk: components/coap/port/coap_notls.c: components/coap/port/include/coap_config_posix.h: Add in the ability to compile and run if MbedTLS does not have any TLS mode enabled. examples/protocols/coap_client/main/coap_client_example_main.c: Inform user that MbedTLS Client Mode is required for DTLS if not enabled, and coaps:// has been requested. [Lower libcoap library will still error and report this condition] examples/protocols/coap_server/main/coap_server_example_main.c: Inform user that MbedTLS Server Mode is required for DTLS if not enabled. [Lower libcoap library will still error and report this condition] Closes https://github.com/espressif/esp-idf/issues/3961 Closes https://github.com/espressif/esp-idf/issues/3971 Closes https://github.com/espressif/esp-idf/pull/3977
320 lines
11 KiB
C
320 lines
11 KiB
C
/* CoAP server Example
|
|
|
|
This example code is in the Public Domain (or CC0 licensed, at your option.)
|
|
|
|
Unless required by applicable law or agreed to in writing, this
|
|
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
|
|
CONDITIONS OF ANY KIND, either express or implied.
|
|
*/
|
|
|
|
/*
|
|
* WARNING
|
|
* libcoap is not multi-thread safe, so only this thread must make any coap_*()
|
|
* calls. Any external (to this thread) data transmitted in/out via libcoap
|
|
* therefore has to be passed in/out by xQueue*() via this thread.
|
|
*/
|
|
|
|
#include <string.h>
|
|
#include <sys/socket.h>
|
|
|
|
#include "freertos/FreeRTOS.h"
|
|
#include "freertos/task.h"
|
|
#include "freertos/event_groups.h"
|
|
|
|
#include "esp_log.h"
|
|
#include "esp_wifi.h"
|
|
#include "esp_event.h"
|
|
|
|
#include "nvs_flash.h"
|
|
|
|
#include "protocol_examples_common.h"
|
|
|
|
#if 1
|
|
/* Needed until coap_dtls.h becomes a part of libcoap proper */
|
|
#include "libcoap.h"
|
|
#include "coap_dtls.h"
|
|
#endif
|
|
#include "coap.h"
|
|
|
|
/* The examples use simple Pre-Shared-Key configuration that you can set via
|
|
'make menuconfig'.
|
|
|
|
If you'd rather not, just change the below entries to strings with
|
|
the config you want - ie #define EXAMPLE_COAP_PSK_KEY "some-agreed-preshared-key"
|
|
|
|
Note: PSK will only be used if the URI is prefixed with coaps://
|
|
instead of coap:// and the PSK must be one that the server supports
|
|
(potentially associated with the IDENTITY)
|
|
*/
|
|
#define EXAMPLE_COAP_PSK_KEY CONFIG_EXAMPLE_COAP_PSK_KEY
|
|
|
|
/* The examples use CoAP Logging Level that
|
|
you can set via 'make menuconfig'.
|
|
|
|
If you'd rather not, just change the below entry to a value
|
|
that is between 0 and 7 with
|
|
the config you want - ie #define EXAMPLE_COAP_LOG_DEFAULT_LEVEL 7
|
|
*/
|
|
#define EXAMPLE_COAP_LOG_DEFAULT_LEVEL CONFIG_COAP_LOG_DEFAULT_LEVEL
|
|
|
|
const static char *TAG = "CoAP_server";
|
|
|
|
static char espressif_data[100];
|
|
static int espressif_data_len = 0;
|
|
|
|
#ifdef CONFIG_COAP_MBEDTLS_PKI
|
|
/* CA cert, taken from coap_ca.pem
|
|
Server cert, taken from coap_server.crt
|
|
Server key, taken from coap_server.key
|
|
|
|
The PEM, CRT and KEY file are examples taken from the wpa2 enterprise
|
|
example.
|
|
|
|
To embed it in the app binary, the PEM, CRT and KEY file is named
|
|
in the component.mk COMPONENT_EMBED_TXTFILES variable.
|
|
*/
|
|
extern uint8_t ca_pem_start[] asm("_binary_coap_ca_pem_start");
|
|
extern uint8_t ca_pem_end[] asm("_binary_coap_ca_pem_end");
|
|
extern uint8_t server_crt_start[] asm("_binary_coap_server_crt_start");
|
|
extern uint8_t server_crt_end[] asm("_binary_coap_server_crt_end");
|
|
extern uint8_t server_key_start[] asm("_binary_coap_server_key_start");
|
|
extern uint8_t server_key_end[] asm("_binary_coap_server_key_end");
|
|
#endif /* CONFIG_COAP_MBEDTLS_PKI */
|
|
|
|
#define INITIAL_DATA "Hello World!"
|
|
|
|
/*
|
|
* The resource handler
|
|
*/
|
|
static void
|
|
hnd_espressif_get(coap_context_t *ctx, coap_resource_t *resource,
|
|
coap_session_t *session,
|
|
coap_pdu_t *request, coap_binary_t *token,
|
|
coap_string_t *query, coap_pdu_t *response)
|
|
{
|
|
coap_add_data_blocked_response(resource, session, request, response, token,
|
|
COAP_MEDIATYPE_TEXT_PLAIN, 0,
|
|
(size_t)espressif_data_len,
|
|
(const u_char *)espressif_data);
|
|
}
|
|
|
|
static void
|
|
hnd_espressif_put(coap_context_t *ctx,
|
|
coap_resource_t *resource,
|
|
coap_session_t *session,
|
|
coap_pdu_t *request,
|
|
coap_binary_t *token,
|
|
coap_string_t *query,
|
|
coap_pdu_t *response)
|
|
{
|
|
size_t size;
|
|
unsigned char *data;
|
|
|
|
coap_resource_notify_observers(resource, NULL);
|
|
|
|
if (strcmp (espressif_data, INITIAL_DATA) == 0) {
|
|
response->code = COAP_RESPONSE_CODE(201);
|
|
} else {
|
|
response->code = COAP_RESPONSE_CODE(204);
|
|
}
|
|
|
|
/* coap_get_data() sets size to 0 on error */
|
|
(void)coap_get_data(request, &size, &data);
|
|
|
|
if (size == 0) { /* re-init */
|
|
snprintf(espressif_data, sizeof(espressif_data), INITIAL_DATA);
|
|
espressif_data_len = strlen(espressif_data);
|
|
} else {
|
|
espressif_data_len = size > sizeof (espressif_data) ? sizeof (espressif_data) : size;
|
|
memcpy (espressif_data, data, espressif_data_len);
|
|
}
|
|
}
|
|
|
|
static void
|
|
hnd_espressif_delete(coap_context_t *ctx,
|
|
coap_resource_t *resource,
|
|
coap_session_t *session,
|
|
coap_pdu_t *request,
|
|
coap_binary_t *token,
|
|
coap_string_t *query,
|
|
coap_pdu_t *response)
|
|
{
|
|
coap_resource_notify_observers(resource, NULL);
|
|
snprintf(espressif_data, sizeof(espressif_data), INITIAL_DATA);
|
|
espressif_data_len = strlen(espressif_data);
|
|
response->code = COAP_RESPONSE_CODE(202);
|
|
}
|
|
|
|
#ifdef CONFIG_COAP_MBEDTLS_PKI
|
|
|
|
static int
|
|
verify_cn_callback(const char *cn,
|
|
const uint8_t *asn1_public_cert,
|
|
size_t asn1_length,
|
|
coap_session_t *session,
|
|
unsigned depth,
|
|
int validated,
|
|
void *arg
|
|
)
|
|
{
|
|
coap_log(LOG_INFO, "CN '%s' presented by server (%s)\n",
|
|
cn, depth ? "CA" : "Certificate");
|
|
return 1;
|
|
}
|
|
#endif /* CONFIG_COAP_MBEDTLS_PKI */
|
|
|
|
static void coap_example_server(void *p)
|
|
{
|
|
coap_context_t *ctx = NULL;
|
|
coap_address_t serv_addr;
|
|
coap_resource_t *resource = NULL;
|
|
|
|
snprintf(espressif_data, sizeof(espressif_data), INITIAL_DATA);
|
|
espressif_data_len = strlen(espressif_data);
|
|
coap_set_log_level(EXAMPLE_COAP_LOG_DEFAULT_LEVEL);
|
|
|
|
while (1) {
|
|
coap_endpoint_t *ep = NULL;
|
|
unsigned wait_ms;
|
|
|
|
/* Prepare the CoAP server socket */
|
|
coap_address_init(&serv_addr);
|
|
serv_addr.addr.sin.sin_family = AF_INET;
|
|
serv_addr.addr.sin.sin_addr.s_addr = INADDR_ANY;
|
|
serv_addr.addr.sin.sin_port = htons(COAP_DEFAULT_PORT);
|
|
|
|
ctx = coap_new_context(NULL);
|
|
if (!ctx) {
|
|
ESP_LOGE(TAG, "coap_new_context() failed");
|
|
continue;
|
|
}
|
|
#ifdef CONFIG_COAP_MBEDTLS_PSK
|
|
/* Need PSK setup before we set up endpoints */
|
|
coap_context_set_psk(ctx, "CoAP",
|
|
(const uint8_t *)EXAMPLE_COAP_PSK_KEY,
|
|
sizeof(EXAMPLE_COAP_PSK_KEY) - 1);
|
|
#endif /* CONFIG_COAP_MBEDTLS_PSK */
|
|
|
|
#ifdef CONFIG_COAP_MBEDTLS_PKI
|
|
unsigned int ca_pem_bytes = ca_pem_end - ca_pem_start;
|
|
unsigned int server_crt_bytes = server_crt_end - server_crt_start;
|
|
unsigned int server_key_bytes = server_key_end - server_key_start;
|
|
coap_dtls_pki_t dtls_pki;
|
|
|
|
memset (&dtls_pki, 0, sizeof(dtls_pki));
|
|
dtls_pki.version = COAP_DTLS_PKI_SETUP_VERSION;
|
|
if (ca_pem_bytes) {
|
|
/*
|
|
* Add in additional certificate checking.
|
|
* This list of enabled can be tuned for the specific
|
|
* requirements - see 'man coap_encryption'.
|
|
*
|
|
* Note: A list of root ca file can be setup separately using
|
|
* coap_context_set_pki_root_cas(), but the below is used to
|
|
* define what checking actually takes place.
|
|
*/
|
|
dtls_pki.verify_peer_cert = 1;
|
|
dtls_pki.require_peer_cert = 1;
|
|
dtls_pki.allow_self_signed = 1;
|
|
dtls_pki.allow_expired_certs = 1;
|
|
dtls_pki.cert_chain_validation = 1;
|
|
dtls_pki.cert_chain_verify_depth = 2;
|
|
dtls_pki.check_cert_revocation = 1;
|
|
dtls_pki.allow_no_crl = 1;
|
|
dtls_pki.allow_expired_crl = 1;
|
|
dtls_pki.allow_bad_md_hash = 1;
|
|
dtls_pki.allow_short_rsa_length = 1;
|
|
dtls_pki.validate_cn_call_back = verify_cn_callback;
|
|
dtls_pki.cn_call_back_arg = NULL;
|
|
dtls_pki.validate_sni_call_back = NULL;
|
|
dtls_pki.sni_call_back_arg = NULL;
|
|
}
|
|
dtls_pki.pki_key.key_type = COAP_PKI_KEY_PEM_BUF;
|
|
dtls_pki.pki_key.key.pem_buf.public_cert = server_crt_start;
|
|
dtls_pki.pki_key.key.pem_buf.public_cert_len = server_crt_bytes;
|
|
dtls_pki.pki_key.key.pem_buf.private_key = server_key_start;
|
|
dtls_pki.pki_key.key.pem_buf.private_key_len = server_key_bytes;
|
|
dtls_pki.pki_key.key.pem_buf.ca_cert = ca_pem_start;
|
|
dtls_pki.pki_key.key.pem_buf.ca_cert_len = ca_pem_bytes;
|
|
|
|
coap_context_set_pki(ctx, &dtls_pki);
|
|
#endif /* CONFIG_COAP_MBEDTLS_PKI */
|
|
|
|
ep = coap_new_endpoint(ctx, &serv_addr, COAP_PROTO_UDP);
|
|
if (!ep) {
|
|
ESP_LOGE(TAG, "udp: coap_new_endpoint() failed");
|
|
goto clean_up;
|
|
}
|
|
ep = coap_new_endpoint(ctx, &serv_addr, COAP_PROTO_TCP);
|
|
if (!ep) {
|
|
ESP_LOGE(TAG, "tcp: coap_new_endpoint() failed");
|
|
goto clean_up;
|
|
}
|
|
#if defined(CONFIG_COAP_MBEDTLS_PSK) || defined(CONFIG_COAP_MBEDTLS_PKI)
|
|
if (coap_dtls_is_supported()) {
|
|
#ifndef CONFIG_MBEDTLS_TLS_SERVER
|
|
/* This is not critical as unencrypted support is still available */
|
|
ESP_LOGI(TAG, "MbedTLS (D)TLS Server Mode not configured");
|
|
#else /* CONFIG_MBEDTLS_TLS_SERVER */
|
|
serv_addr.addr.sin.sin_port = htons(COAPS_DEFAULT_PORT);
|
|
ep = coap_new_endpoint(ctx, &serv_addr, COAP_PROTO_DTLS);
|
|
if (!ep) {
|
|
ESP_LOGE(TAG, "dtls: coap_new_endpoint() failed");
|
|
goto clean_up;
|
|
}
|
|
#endif /* CONFIG_MBEDTLS_TLS_SERVER */
|
|
} else {
|
|
/* This is not critical as unencrypted support is still available */
|
|
ESP_LOGI(TAG, "MbedTLS (D)TLS Server Mode not configured");
|
|
}
|
|
#endif /* CONFIG_COAP_MBEDTLS_PSK CONFIG_COAP_MBEDTLS_PKI */
|
|
resource = coap_resource_init(coap_make_str_const("Espressif"), 0);
|
|
if (!resource) {
|
|
ESP_LOGE(TAG, "coap_resource_init() failed");
|
|
goto clean_up;
|
|
}
|
|
coap_register_handler(resource, COAP_REQUEST_GET, hnd_espressif_get);
|
|
coap_register_handler(resource, COAP_REQUEST_PUT, hnd_espressif_put);
|
|
coap_register_handler(resource, COAP_REQUEST_DELETE, hnd_espressif_delete);
|
|
/* We possibly want to Observe the GETs */
|
|
coap_resource_set_get_observable(resource, 1);
|
|
coap_add_resource(ctx, resource);
|
|
|
|
wait_ms = COAP_RESOURCE_CHECK_TIME * 1000;
|
|
|
|
while (1) {
|
|
int result = coap_run_once(ctx, wait_ms);
|
|
if (result < 0) {
|
|
break;
|
|
} else if (result && (unsigned)result < wait_ms) {
|
|
/* decrement if there is a result wait time returned */
|
|
wait_ms -= result;
|
|
}
|
|
if (result) {
|
|
/* result must have been >= wait_ms, so reset wait_ms */
|
|
wait_ms = COAP_RESOURCE_CHECK_TIME * 1000;
|
|
}
|
|
}
|
|
}
|
|
clean_up:
|
|
coap_free_context(ctx);
|
|
coap_cleanup();
|
|
|
|
vTaskDelete(NULL);
|
|
}
|
|
|
|
void app_main(void)
|
|
{
|
|
ESP_ERROR_CHECK( nvs_flash_init() );
|
|
tcpip_adapter_init();
|
|
ESP_ERROR_CHECK(esp_event_loop_create_default());
|
|
|
|
/* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
|
|
* Read "Establishing Wi-Fi or Ethernet Connection" section in
|
|
* examples/protocols/README.md for more information about this function.
|
|
*/
|
|
ESP_ERROR_CHECK(example_connect());
|
|
|
|
xTaskCreate(coap_example_server, "coap", 8 * 1024, NULL, 5, NULL);
|
|
}
|