espressif/FreeRTOS
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS.git synced 2025-06-01 09:27:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add feature to set credentials using buffer in MQTT_Mutual_Auth_wolfSSL demo (#522)

Browse Source 
* Add feature to set credentials using buffer
* Change instructions for giving credential data via buffer
This commit is contained in:
TakayukiMatsuo
2021-04-22 03:09:43 +09:00
committed by GitHub
parent 9f10725bee
commit 1e2f99a11b
4 changed files with 231 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

177
FreeRTOS-Plus/Source/Application-Protocols/network_transport/freertos_plus_tcp/using_wolfSSL/using_wolfSSL.c
View File

@ -118,6 +118,16 @@ static int wolfSSL_IOSendGlue( WOLFSSL * ssl,
int sz,
void * context );
/*
* @brief Load credentials from file/buffer
*
* @param[in] pNetCtx NetworkContext_t
* @param[in] pNetCred NetworkCredentials_t
*
* @return #TLS_TRANSPORT_SUCCESS, #TLS_TRANSPORT_INVALID_CREDENTIALS.
*/
static TlsTransportStatus_t loadCredentials( NetworkContext_t * pNetCtx,
const NetworkCredentials_t * pNetCred );
/*-----------------------------------------------------------*/
static int wolfSSL_IORecvGlue( WOLFSSL * ssl,
@ -189,6 +199,84 @@ static TlsTransportStatus_t initTLS( void )
return TLS_TRANSPORT_SUCCESS;
}
/*-----------------------------------------------------------*/
static TlsTransportStatus_t loadCredentials( NetworkContext_t * pNetCtx,
const NetworkCredentials_t * pNetCred )
{
TlsTransportStatus_t returnStatus = TLS_TRANSPORT_SUCCESS;
configASSERT( pNetCtx != NULL );
configASSERT( pNetCred != NULL );
#if defined( democonfigCREDENTIALS_IN_BUFFER )
if( wolfSSL_CTX_load_verify_buffer( pNetCtx->sslContext.ctx,
( const byte * ) ( pNetCred->pRootCa ), ( long ) ( pNetCred->rootCaSize ),
SSL_FILETYPE_PEM ) == SSL_SUCCESS )
{
if( wolfSSL_CTX_use_certificate_buffer( pNetCtx->sslContext.ctx,
( const byte * ) ( pNetCred->pClientCert ), ( long ) ( pNetCred->clientCertSize ),
SSL_FILETYPE_PEM ) == SSL_SUCCESS )
{
if( wolfSSL_CTX_use_PrivateKey_buffer( pNetCtx->sslContext.ctx,
( const byte * ) ( pNetCred->pPrivateKey ), ( long ) ( pNetCred->privateKeySize ),
SSL_FILETYPE_PEM ) == SSL_SUCCESS )
{
returnStatus = TLS_TRANSPORT_SUCCESS;
}
else
{
LogError( ( "Failed to load client-private-key from buffer" ) );
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
}
}
else
{
LogError( ( "Failed to load client-certificate from buffer" ) );
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
}
}
else
{
LogError( ( "Failed to load ca-certificate from buffer" ) );
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
}
return returnStatus;
#else /* if defined( democonfigCREDENTIALS_IN_BUFFER ) */
if( wolfSSL_CTX_load_verify_locations( pNetCtx->sslContext.ctx,
( const char * ) ( pNetCred->pRootCa ), NULL ) == SSL_SUCCESS )
{
if( wolfSSL_CTX_use_certificate_file( pNetCtx->sslContext.ctx,
( const char * ) ( pNetCred->pClientCert ), SSL_FILETYPE_PEM )
== SSL_SUCCESS )
{
if( wolfSSL_CTX_use_PrivateKey_file( pNetCtx->sslContext.ctx,
( const char * ) ( pNetCred->pPrivateKey ), SSL_FILETYPE_PEM )
== SSL_SUCCESS )
{
returnStatus = TLS_TRANSPORT_SUCCESS;
}
else
{
LogError( ( "Failed to load client-private-key file" ) );
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
}
}
else
{
LogError( ( "Failed to load client-certificate file" ) );
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
}
}
else
{
LogError( ( "Failed to load ca-certificate file" ) );
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
}
return returnStatus;
#endif /* if defined( democonfigCREDENTIALS_IN_BUFFER ) */
}
/*-----------------------------------------------------------*/
static TlsTransportStatus_t tlsSetup( NetworkContext_t * pNetCtx,
@ -213,70 +301,43 @@ static TlsTransportStatus_t tlsSetup( NetworkContext_t * pNetCtx,
if( pNetCtx->sslContext.ctx != NULL )
{
/* attempt to load ca cert file, client cert file and client private key file */
if( wolfSSL_CTX_load_verify_locations( pNetCtx->sslContext.ctx,
( const char * ) ( pNetCred->pRootCa ), NULL ) == SSL_SUCCESS )
/* load credentials from file */
if( loadCredentials( pNetCtx, pNetCred ) == TLS_TRANSPORT_SUCCESS )
{
if( wolfSSL_CTX_use_certificate_file( pNetCtx->sslContext.ctx,
( const char * ) ( pNetCred->pClientCert ), SSL_FILETYPE_PEM )
== SSL_SUCCESS )
/* create a ssl object */
pNetCtx->sslContext.ssl =
wolfSSL_new( pNetCtx->sslContext.ctx );
if( pNetCtx->sslContext.ssl != NULL )
{
if( wolfSSL_CTX_use_PrivateKey_file( pNetCtx->sslContext.ctx,
( const char * ) ( pNetCred->pPrivateKey ), SSL_FILETYPE_PEM )
xSocket = pNetCtx->tcpSocket;
/* set Recv/Send glue functions to the WOLFSSL object */
wolfSSL_SSLSetIORecv( pNetCtx->sslContext.ssl,
wolfSSL_IORecvGlue );
wolfSSL_SSLSetIOSend( pNetCtx->sslContext.ssl,
wolfSSL_IOSendGlue );
/* set socket as a context of read/send glue funcs */
wolfSSL_SetIOReadCtx( pNetCtx->sslContext.ssl, xSocket );
wolfSSL_SetIOWriteCtx( pNetCtx->sslContext.ssl, xSocket );
/* let wolfSSL perform tls handshake */
if( wolfSSL_connect( pNetCtx->sslContext.ssl )
== SSL_SUCCESS )
{
/* create a ssl object */
pNetCtx->sslContext.ssl =
wolfSSL_new( pNetCtx->sslContext.ctx );
if( pNetCtx->sslContext.ssl != NULL )
{
xSocket = pNetCtx->tcpSocket;
/* set Recv/Send glue functions to the WOLFSSL object */
wolfSSL_SSLSetIORecv( pNetCtx->sslContext.ssl,
wolfSSL_IORecvGlue );
wolfSSL_SSLSetIOSend( pNetCtx->sslContext.ssl,
wolfSSL_IOSendGlue );
/* set socket as a context of read/send glue funcs */
wolfSSL_SetIOReadCtx( pNetCtx->sslContext.ssl, xSocket );
wolfSSL_SetIOWriteCtx( pNetCtx->sslContext.ssl, xSocket );
/* let wolfSSL perform tls handshake */
if( wolfSSL_connect( pNetCtx->sslContext.ssl )
== SSL_SUCCESS )
{
returnStatus = TLS_TRANSPORT_SUCCESS;
}
else
{
wolfSSL_shutdown( pNetCtx->sslContext.ssl );
wolfSSL_free( pNetCtx->sslContext.ssl );
pNetCtx->sslContext.ssl = NULL;
wolfSSL_CTX_free( pNetCtx->sslContext.ctx );
pNetCtx->sslContext.ctx = NULL;
LogError( ( "Failed to establish a TLS connection" ) );
returnStatus = TLS_TRANSPORT_HANDSHAKE_FAILED;
}
}
else
{
wolfSSL_CTX_free( pNetCtx->sslContext.ctx );
pNetCtx->sslContext.ctx = NULL;
LogError( ( "Failed to create wolfSSL object" ) );
returnStatus = TLS_TRANSPORT_INTERNAL_ERROR;
}
returnStatus = TLS_TRANSPORT_SUCCESS;
}
else
{
wolfSSL_shutdown( pNetCtx->sslContext.ssl );
wolfSSL_free( pNetCtx->sslContext.ssl );
pNetCtx->sslContext.ssl = NULL;
wolfSSL_CTX_free( pNetCtx->sslContext.ctx );
pNetCtx->sslContext.ctx = NULL;
LogError( ( "Failed to load client-private-key file" ) );
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
LogError( ( "Failed to establish a TLS connection" ) );
returnStatus = TLS_TRANSPORT_HANDSHAKE_FAILED;
}
}
else
@ -284,8 +345,8 @@ static TlsTransportStatus_t tlsSetup( NetworkContext_t * pNetCtx,
wolfSSL_CTX_free( pNetCtx->sslContext.ctx );
pNetCtx->sslContext.ctx = NULL;
LogError( ( "Failed to load client-certificate file" ) );
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
LogError( ( "Failed to create wolfSSL object" ) );
returnStatus = TLS_TRANSPORT_INTERNAL_ERROR;
}
}
else
@ -293,7 +354,7 @@ static TlsTransportStatus_t tlsSetup( NetworkContext_t * pNetCtx,
wolfSSL_CTX_free( pNetCtx->sslContext.ctx );
pNetCtx->sslContext.ctx = NULL;
LogError( ( "Failed to load ca-certificate file" ) );
LogError( ( "Failed to load credentials" ) );
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
}
}
@ -392,7 +453,7 @@ TlsTransportStatus_t TLS_FreeRTOS_Connect( NetworkContext_t * pNetworkContext,
void TLS_FreeRTOS_Disconnect( NetworkContext_t * pNetworkContext )
{
WOLFSSL * pSsl = pNetworkContext->sslContext.ssl;
WOLFSSL_CTX * pCtx = NULL;
WOLFSSL_CTX * pCtx = NULL;
/* shutdown an active TLS connection */
wolfSSL_shutdown( pSsl );