diff --git a/examples/protocols/coap_client/README.md b/examples/protocols/coap_client/README.md index 7c317dddd..a870f9363 100644 --- a/examples/protocols/coap_client/README.md +++ b/examples/protocols/coap_client/README.md @@ -37,17 +37,12 @@ Example Connection Configuration ---> * Set WiFi Password under Example Configuration Example CoAP Client Configuration ---> * Set CoAP Target Uri - * Set encryption method definitions (None, PSK or PKI) - * If PSK Set CoAP Preshared Key to use in connection to the server - * If PSK Set CoAP PSK Client identity (username) - Enable CoAP debugging if required + * If PSK, Set CoAP Preshared Key to use in connection to the server + * If PSK, Set CoAP PSK Client identity (username) Component config ---> - mbedTLS ---> - [*] Enable mbedtls certificate expiry check - TLS Key Exchange Methods ---> - [*] Enable pre-shared-key ciphersuites - [*] Enable PSK based ciphersuite modes - [*] Support DTLS protocol (all versions) + CoAP Configuration ---> + * Set encryption method definition, PSK (default) or PKI + * Enable CoAP debugging if required ### Build and Flash @@ -103,6 +98,4 @@ optional `path`, and begins with `coap://`, `coaps://` or `coap+tcp://` for a coap server that supports TCP (not all do including coap+tcp://californium.eclipse.org). -* CoAP logging can be enabled by running 'make menuconfig' and enable debugging - -* Encryption (MbedTLS) can be enabled by running 'make menuconfig' and enable debugging +* CoAP logging can be enabled by running 'idf.py menuconfig -> Component config -> CoAP Configuration' and setting appropriate log level diff --git a/examples/protocols/coap_client/main/CMakeLists.txt b/examples/protocols/coap_client/main/CMakeLists.txt index eb0d27066..d64daaee2 100644 --- a/examples/protocols/coap_client/main/CMakeLists.txt +++ b/examples/protocols/coap_client/main/CMakeLists.txt @@ -1,4 +1,4 @@ # Embed CA, certificate & key directly into binary idf_component_register(SRCS "coap_client_example_main.c" INCLUDE_DIRS "." - EMBED_TXTFILES coap_ca.pem coap_client.crt coap_client.key) + EMBED_TXTFILES certs/coap_ca.pem certs/coap_client.crt certs/coap_client.key) diff --git a/examples/protocols/coap_client/main/coap_ca.pem b/examples/protocols/coap_client/main/certs/coap_ca.pem similarity index 100% rename from examples/protocols/coap_client/main/coap_ca.pem rename to examples/protocols/coap_client/main/certs/coap_ca.pem diff --git a/examples/protocols/coap_client/main/coap_client.crt b/examples/protocols/coap_client/main/certs/coap_client.crt similarity index 100% rename from examples/protocols/coap_client/main/coap_client.crt rename to examples/protocols/coap_client/main/certs/coap_client.crt diff --git a/examples/protocols/coap_client/main/coap_client.key b/examples/protocols/coap_client/main/certs/coap_client.key similarity index 100% rename from examples/protocols/coap_client/main/coap_client.key rename to examples/protocols/coap_client/main/certs/coap_client.key diff --git a/examples/protocols/coap_client/main/coap_client_example_main.c b/examples/protocols/coap_client/main/coap_client_example_main.c index 067364a73..c7223bc0e 100644 --- a/examples/protocols/coap_client/main/coap_client_example_main.c +++ b/examples/protocols/coap_client/main/coap_client_example_main.c @@ -17,6 +17,7 @@ #include #include #include +#include #include "freertos/FreeRTOS.h" #include "freertos/task.h" @@ -49,8 +50,8 @@ instead of coap:// and the PSK must be one that the server supports (potentially associated with the IDENTITY) */ -#define EXAMPLE_COAP_PSK_KEY CONFIG_COAP_PSK_KEY -#define EXAMPLE_COAP_PSK_IDENTITY CONFIG_COAP_PSK_IDENTITY +#define EXAMPLE_COAP_PSK_KEY CONFIG_EXAMPLE_COAP_PSK_KEY +#define EXAMPLE_COAP_PSK_IDENTITY CONFIG_EXAMPLE_COAP_PSK_IDENTITY /* The examples use uri Logging Level that you can set via 'make menuconfig'. @@ -65,9 +66,9 @@ you can set via the project configuration (idf.py menuconfig) If you'd rather not, just change the below entries to strings with - the config you want - ie #define COAP_DEFAULT_DEMO_URI "coap://californium.eclipse.org" + the config you want - ie #define COAP_DEFAULT_DEMO_URI "coaps://californium.eclipse.org" */ -#define COAP_DEFAULT_DEMO_URI CONFIG_TARGET_DOMAIN_URI +#define COAP_DEFAULT_DEMO_URI CONFIG_EXAMPLE_TARGET_DOMAIN_URI const static char *TAG = "CoAP_client"; @@ -75,11 +76,30 @@ static int resp_wait = 1; static coap_optlist_t *optlist = NULL; static int wait_ms; +#ifdef CONFIG_COAP_MBEDTLS_PKI +/* CA cert, taken from coap_ca.pem + Client cert, taken from coap_client.crt + Client key, taken from coap_client.key + + The PEM, CRT and KEY file are examples taken from the wpa2 enterprise + example. + + To embed it in the app binary, the PEM, CRT and KEY file is named + in the component.mk COMPONENT_EMBED_TXTFILES variable. + */ +extern uint8_t ca_pem_start[] asm("_binary_coap_ca_pem_start"); +extern uint8_t ca_pem_end[] asm("_binary_coap_ca_pem_end"); +extern uint8_t client_crt_start[] asm("_binary_coap_client_crt_start"); +extern uint8_t client_crt_end[] asm("_binary_coap_client_crt_end"); +extern uint8_t client_key_start[] asm("_binary_coap_client_key_start"); +extern uint8_t client_key_end[] asm("_binary_coap_client_key_end"); +#endif /* CONFIG_COAP_MBEDTLS_PKI */ + static void message_handler(coap_context_t *ctx, coap_session_t *session, - coap_pdu_t *sent, coap_pdu_t *received, - const coap_tid_t id) + coap_pdu_t *sent, coap_pdu_t *received, + const coap_tid_t id) { - unsigned char* data = NULL; + unsigned char *data = NULL; size_t data_len; coap_pdu_t *pdu = NULL; coap_opt_t *block_opt; @@ -106,8 +126,8 @@ static void message_handler(coap_context_t *ctx, coap_session_t *session, /* create pdu with request for next block */ pdu = coap_new_pdu(session); if (!pdu) { - ESP_LOGE(TAG, "coap_new_pdu() failed"); - goto clean_up; + ESP_LOGE(TAG, "coap_new_pdu() failed"); + goto clean_up; } pdu->type = COAP_MESSAGE_CON; pdu->tid = coap_new_message_id(session); @@ -121,7 +141,7 @@ static void message_handler(coap_context_t *ctx, coap_session_t *session, case COAP_OPTION_URI_PATH : case COAP_OPTION_URI_QUERY : coap_add_option(pdu, option->number, option->length, - option->data); + option->data); break; default: ; /* skip other options */ @@ -133,8 +153,8 @@ static void message_handler(coap_context_t *ctx, coap_session_t *session, coap_add_option(pdu, blktype, coap_encode_var_safe(buf, sizeof(buf), - ((coap_opt_block_num(block_opt) + 1) << 4) | - COAP_OPT_BLOCK_SZX(block_opt)), buf); + ((coap_opt_block_num(block_opt) + 1) << 4) | + COAP_OPT_BLOCK_SZX(block_opt)), buf); tid = coap_send(session, pdu); @@ -155,41 +175,31 @@ clean_up: resp_wait = 0; } -#ifdef CONFIG_MBEDTLS_COAP_PKI - -#ifdef __GNUC__ -#define UNUSED_PARAM __attribute__ ((unused)) -#else /* not a GCC */ -#define UNUSED_PARAM -#endif /* GCC */ - -#ifndef min -#define min(a,b) ((a) < (b) ? (a) : (b)) -#endif +#ifdef CONFIG_COAP_MBEDTLS_PKI static int verify_cn_callback(const char *cn, - const uint8_t *asn1_public_cert UNUSED_PARAM, - size_t asn1_length UNUSED_PARAM, - coap_session_t *session UNUSED_PARAM, + const uint8_t *asn1_public_cert, + size_t asn1_length, + coap_session_t *session, unsigned depth, - int validated UNUSED_PARAM, - void *arg UNUSED_PARAM -) { - coap_log(LOG_INFO, "CN '%s' presented by server (%s)\n", - cn, depth ? "CA" : "Certificate"); - return 1; + int validated, + void *arg + ) +{ + coap_log(LOG_INFO, "CN '%s' presented by server (%s)\n", + cn, depth ? "CA" : "Certificate"); + return 1; } -#endif /* CONFIG_MBEDTLS_COAP_PKI */ +#endif /* CONFIG_COAP_MBEDTLS_PKI */ static void coap_example_client(void *p) { struct hostent *hp; - coap_address_t dst_addr; static coap_uri_t uri; - const char* server_uri = COAP_DEFAULT_DEMO_URI; - char* phostname = NULL; + const char *server_uri = COAP_DEFAULT_DEMO_URI; + char *phostname = NULL; coap_set_log_level(EXAMPLE_COAP_LOG_DEFAULT_LEVEL); @@ -209,17 +219,16 @@ static void coap_example_client(void *p) break; } - if ((uri.scheme==COAP_URI_SCHEME_COAPS && !coap_dtls_is_supported()) || - (uri.scheme==COAP_URI_SCHEME_COAPS_TCP && !coap_tls_is_supported())) { + if ((uri.scheme == COAP_URI_SCHEME_COAPS && !coap_dtls_is_supported()) || + (uri.scheme == COAP_URI_SCHEME_COAPS_TCP && !coap_tls_is_supported())) { ESP_LOGE(TAG, "CoAP server uri scheme is not supported"); break; } phostname = (char *)calloc(1, uri.host.length + 1); - if (phostname == NULL) { ESP_LOGE(TAG, "calloc failed"); - continue; + break; } memcpy(phostname, uri.host.s, uri.host.length); @@ -230,12 +239,11 @@ static void coap_example_client(void *p) ESP_LOGE(TAG, "DNS lookup failed"); vTaskDelay(1000 / portTICK_PERIOD_MS); free(phostname); - goto clean_up; + continue; } - { char tmpbuf[INET6_ADDRSTRLEN]; - coap_address_init(&dst_addr); - switch (hp->h_addrtype) { + coap_address_init(&dst_addr); + switch (hp->h_addrtype) { case AF_INET: dst_addr.addr.sin.sin_family = AF_INET; dst_addr.addr.sin.sin_port = htons(uri.port); @@ -253,7 +261,6 @@ static void coap_example_client(void *p) default: ESP_LOGE(TAG, "DNS lookup response failed"); goto clean_up; - } } if (uri.path.length) { @@ -263,9 +270,9 @@ static void coap_example_client(void *p) while (res--) { coap_insert_optlist(&optlist, - coap_new_optlist(COAP_OPTION_URI_PATH, - coap_opt_length(buf), - coap_opt_value(buf))); + coap_new_optlist(COAP_OPTION_URI_PATH, + coap_opt_length(buf), + coap_opt_value(buf))); buf += coap_opt_size(buf); } @@ -278,9 +285,9 @@ static void coap_example_client(void *p) while (res--) { coap_insert_optlist(&optlist, - coap_new_optlist(COAP_OPTION_URI_QUERY, - coap_opt_length(buf), - coap_opt_value(buf))); + coap_new_optlist(COAP_OPTION_URI_QUERY, + coap_opt_length(buf), + coap_opt_value(buf))); buf += coap_opt_size(buf); } @@ -288,8 +295,8 @@ static void coap_example_client(void *p) ctx = coap_new_context(NULL); if (!ctx) { - ESP_LOGE(TAG, "coap_new_context() failed"); - goto clean_up; + ESP_LOGE(TAG, "coap_new_context() failed"); + goto clean_up; } /* @@ -300,32 +307,16 @@ static void coap_example_client(void *p) * so COAP_URI_SCHEME_COAPS_TCP will have failed in a test above, * but the code is left in for completeness. */ - if (uri.scheme==COAP_URI_SCHEME_COAPS || uri.scheme==COAP_URI_SCHEME_COAPS_TCP) { -#ifdef CONFIG_MBEDTLS_COAP_PSK + if (uri.scheme == COAP_URI_SCHEME_COAPS || uri.scheme == COAP_URI_SCHEME_COAPS_TCP) { +#ifdef CONFIG_COAP_MBEDTLS_PSK session = coap_new_client_session_psk(ctx, NULL, &dst_addr, - uri.scheme==COAP_URI_SCHEME_COAPS ? COAP_PROTO_DTLS : COAP_PROTO_TLS, - EXAMPLE_COAP_PSK_IDENTITY, - (const uint8_t*)EXAMPLE_COAP_PSK_KEY, - sizeof(EXAMPLE_COAP_PSK_KEY)-1); -#endif /* CONFIG_MBEDTLS_COAP_PSK */ + uri.scheme == COAP_URI_SCHEME_COAPS ? COAP_PROTO_DTLS : COAP_PROTO_TLS, + EXAMPLE_COAP_PSK_IDENTITY, + (const uint8_t *)EXAMPLE_COAP_PSK_KEY, + sizeof(EXAMPLE_COAP_PSK_KEY) - 1); +#endif /* CONFIG_COAP_MBEDTLS_PSK */ -#ifdef CONFIG_MBEDTLS_COAP_PKI -/* CA cert, taken from coap_ca.pem - Client cert, taken from coap_client.crt - Client key, taken from coap_client.key - - The PEM, CRT and KEY file are examples taken from the wpa2 enterprise - example. - - To embed it in the app binary, the PEM, CRT and KEY file is named - in the component.mk COMPONENT_EMBED_TXTFILES variable. -*/ -extern uint8_t ca_pem_start[] asm("_binary_coap_ca_pem_start"); -extern uint8_t ca_pem_end[] asm("_binary_coap_ca_pem_end"); -extern uint8_t client_crt_start[] asm("_binary_coap_client_crt_start"); -extern uint8_t client_crt_end[] asm("_binary_coap_client_crt_end"); -extern uint8_t client_key_start[] asm("_binary_coap_client_key_start"); -extern uint8_t client_key_end[] asm("_binary_coap_client_key_end"); +#ifdef CONFIG_COAP_MBEDTLS_PKI unsigned int ca_pem_bytes = ca_pem_end - ca_pem_start; unsigned int client_crt_bytes = client_crt_end - client_crt_start; unsigned int client_key_bytes = client_key_end - client_key_start; @@ -360,10 +351,11 @@ extern uint8_t client_key_end[] asm("_binary_coap_client_key_end"); dtls_pki.validate_sni_call_back = NULL; dtls_pki.sni_call_back_arg = NULL; memset(client_sni, 0, sizeof(client_sni)); - if (uri.host.length) - memcpy(client_sni, uri.host.s, min(uri.host.length, sizeof(client_sni))); - else + if (uri.host.length) { + memcpy(client_sni, uri.host.s, MIN(uri.host.length, sizeof(client_sni))); + } else { memcpy(client_sni, "localhost", 9); + } dtls_pki.client_sni = client_sni; } dtls_pki.pki_key.key_type = COAP_PKI_KEY_PEM_BUF; @@ -375,30 +367,25 @@ extern uint8_t client_key_end[] asm("_binary_coap_client_key_end"); dtls_pki.pki_key.key.pem_buf.ca_cert_len = ca_pem_bytes; session = coap_new_client_session_pki(ctx, NULL, &dst_addr, - uri.scheme==COAP_URI_SCHEME_COAPS ? COAP_PROTO_DTLS : COAP_PROTO_TLS, - &dtls_pki); -#endif /* CONFIG_MBEDTLS_COAP_PKI */ - -#ifdef CONFIG_MBEDTLS_COAP_NONE - session = coap_new_client_session(ctx, NULL, &dst_addr, - uri.scheme==COAP_URI_SCHEME_COAPS ? COAP_PROTO_DTLS : COAP_PROTO_TLS); -#endif /* CONFIG_MBEDTLS_COAP_NONE */ + uri.scheme == COAP_URI_SCHEME_COAPS ? COAP_PROTO_DTLS : COAP_PROTO_TLS, + &dtls_pki); +#endif /* CONFIG_COAP_MBEDTLS_PKI */ } else { session = coap_new_client_session(ctx, NULL, &dst_addr, - uri.scheme==COAP_URI_SCHEME_COAP_TCP ? COAP_PROTO_TCP : - COAP_PROTO_UDP); + uri.scheme == COAP_URI_SCHEME_COAP_TCP ? COAP_PROTO_TCP : + COAP_PROTO_UDP); } if (!session) { - ESP_LOGE(TAG, "coap_new_client_session() failed"); - goto clean_up; + ESP_LOGE(TAG, "coap_new_client_session() failed"); + goto clean_up; } coap_register_response_handler(ctx, message_handler); request = coap_new_pdu(session); if (!request) { - ESP_LOGE(TAG, "coap_new_pdu() failed"); - goto clean_up; + ESP_LOGE(TAG, "coap_new_pdu() failed"); + goto clean_up; } request->type = COAP_MESSAGE_CON; request->tid = coap_new_message_id(session); @@ -413,12 +400,12 @@ extern uint8_t client_key_end[] asm("_binary_coap_client_key_end"); while (resp_wait) { int result = coap_run_once(ctx, wait_ms > 1000 ? 1000 : wait_ms); if (result >= 0) { - if (result >= wait_ms) { - ESP_LOGE(TAG, "select timeout"); - break; - } else { - wait_ms -= result; - } + if (result >= wait_ms) { + ESP_LOGE(TAG, "select timeout"); + break; + } else { + wait_ms -= result; + } } } clean_up: @@ -426,8 +413,12 @@ clean_up: coap_delete_optlist(optlist); optlist = NULL; } - if (session) coap_session_release(session); - if (ctx) coap_free_context(ctx); + if (session) { + coap_session_release(session); + } + if (ctx) { + coap_free_context(ctx); + } coap_cleanup(); /* * change the following line to something like sleep(2) @@ -445,14 +436,6 @@ void app_main(void) tcpip_adapter_init(); ESP_ERROR_CHECK(esp_event_loop_create_default()); -#if 0 -/* See https://github.com/Ebiroll/qemu_esp32 for further information */ -#include "emul_ip.h" - if (is_running_qemu()) { - xTaskCreate(task_lwip_init, "task_lwip_init", 2*4096, NULL, 20, NULL); - } - else -#endif /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig. * Read "Establishing Wi-Fi or Ethernet Connection" section in * examples/protocols/README.md for more information about this function. diff --git a/examples/protocols/coap_client/main/component.mk b/examples/protocols/coap_client/main/component.mk index 50306ea2f..51bf0b68c 100644 --- a/examples/protocols/coap_client/main/component.mk +++ b/examples/protocols/coap_client/main/component.mk @@ -5,6 +5,4 @@ # embed files from the "certs" directory as binary data symbols # in the app -COMPONENT_EMBED_TXTFILES := coap_ca.pem -COMPONENT_EMBED_TXTFILES += coap_client.crt -COMPONENT_EMBED_TXTFILES += coap_client.key +COMPONENT_EMBED_TXTFILES := certs/coap_ca.pem certs/coap_client.crt certs/coap_client.key diff --git a/examples/protocols/coap_server/README.md b/examples/protocols/coap_server/README.md index 60941855f..9be65ad5a 100644 --- a/examples/protocols/coap_server/README.md +++ b/examples/protocols/coap_server/README.md @@ -35,18 +35,11 @@ Example Connection Configuration ---> * Set WiFi SSID under Example Configuration * Set WiFi Password under Example Configuration Example CoAP Client Configuration ---> - * Set CoAP Target Uri - * Set encryption method definitions (None, PSK or PKI) - * If PSK Set CoAP Preshared Key to use in connection to the server - * If PSK Set CoAP PSK Client identity (username) - Enable CoAP debugging if required + * If PSK, Set CoAP Preshared Key to use in connection to the server Component config ---> - mbedTLS ---> - [*] Enable mbedtls certificate expiry check - TLS Key Exchange Methods ---> - [*] Enable pre-shared-key ciphersuites - [*] Enable PSK based ciphersuite modes - [*] Support DTLS protocol (all versions) + CoAP Configuration ---> + * Set encryption method definition, PSK (default) or PKI + * Enable CoAP debugging if required ### Build and Flash @@ -90,7 +83,4 @@ This can be found at https://libcoap.net/doc/reference/4.2.0/ * Please make sure CoAP client fetchs or puts data under path: `/Espressif` or fetches `/.well-known/core` -* CoAP logging can be enabled by running 'make menuconfig' and enable debugging - -* Encryption (MbedTLS) can be enabled by running 'make menuconfig' and enable debugging - +* CoAP logging can be enabled by running 'idf.py menuconfig -> Component config -> CoAP Configuration' and setting appropriate log level diff --git a/examples/protocols/coap_server/main/CMakeLists.txt b/examples/protocols/coap_server/main/CMakeLists.txt index d4738f691..a014088ec 100644 --- a/examples/protocols/coap_server/main/CMakeLists.txt +++ b/examples/protocols/coap_server/main/CMakeLists.txt @@ -1,3 +1,3 @@ idf_component_register(SRCS "coap_server_example_main.c" INCLUDE_DIRS "." - EMBED_TXTFILES coap_ca.pem coap_server.crt coap_server.key) + EMBED_TXTFILES certs/coap_ca.pem certs/coap_server.crt certs/coap_server.key) diff --git a/examples/protocols/coap_server/main/coap_ca.pem b/examples/protocols/coap_server/main/certs/coap_ca.pem similarity index 100% rename from examples/protocols/coap_server/main/coap_ca.pem rename to examples/protocols/coap_server/main/certs/coap_ca.pem diff --git a/examples/protocols/coap_server/main/coap_server.crt b/examples/protocols/coap_server/main/certs/coap_server.crt similarity index 100% rename from examples/protocols/coap_server/main/coap_server.crt rename to examples/protocols/coap_server/main/certs/coap_server.crt diff --git a/examples/protocols/coap_server/main/coap_server.key b/examples/protocols/coap_server/main/certs/coap_server.key similarity index 100% rename from examples/protocols/coap_server/main/coap_server.key rename to examples/protocols/coap_server/main/certs/coap_server.key diff --git a/examples/protocols/coap_server/main/coap_server_example_main.c b/examples/protocols/coap_server/main/coap_server_example_main.c index b2f78bb03..29bf69122 100644 --- a/examples/protocols/coap_server/main/coap_server_example_main.c +++ b/examples/protocols/coap_server/main/coap_server_example_main.c @@ -46,7 +46,7 @@ instead of coap:// and the PSK must be one that the server supports (potentially associated with the IDENTITY) */ -#define EXAMPLE_COAP_PSK_KEY CONFIG_COAP_PSK_KEY +#define EXAMPLE_COAP_PSK_KEY CONFIG_EXAMPLE_COAP_PSK_KEY /* The examples use CoAP Logging Level that you can set via 'make menuconfig'. @@ -57,9 +57,30 @@ */ #define EXAMPLE_COAP_LOG_DEFAULT_LEVEL CONFIG_COAP_LOG_DEFAULT_LEVEL +const static char *TAG = "CoAP_server"; + static char espressif_data[100]; static int espressif_data_len = 0; +#ifdef CONFIG_COAP_MBEDTLS_PKI +/* CA cert, taken from coap_ca.pem + Server cert, taken from coap_server.crt + Server key, taken from coap_server.key + + The PEM, CRT and KEY file are examples taken from the wpa2 enterprise + example. + + To embed it in the app binary, the PEM, CRT and KEY file is named + in the component.mk COMPONENT_EMBED_TXTFILES variable. + */ +extern uint8_t ca_pem_start[] asm("_binary_coap_ca_pem_start"); +extern uint8_t ca_pem_end[] asm("_binary_coap_ca_pem_end"); +extern uint8_t server_crt_start[] asm("_binary_coap_server_crt_start"); +extern uint8_t server_crt_end[] asm("_binary_coap_server_crt_end"); +extern uint8_t server_key_start[] asm("_binary_coap_server_key_start"); +extern uint8_t server_key_end[] asm("_binary_coap_server_key_end"); +#endif /* CONFIG_COAP_MBEDTLS_PKI */ + #define INITIAL_DATA "Hello World!" /* @@ -93,8 +114,7 @@ hnd_espressif_put(coap_context_t *ctx, if (strcmp (espressif_data, INITIAL_DATA) == 0) { response->code = COAP_RESPONSE_CODE(201); - } - else { + } else { response->code = COAP_RESPONSE_CODE(204); } @@ -125,32 +145,23 @@ hnd_espressif_delete(coap_context_t *ctx, response->code = COAP_RESPONSE_CODE(202); } -#ifdef CONFIG_MBEDTLS_COAP_PKI - -#ifdef __GNUC__ -#define UNUSED_PARAM __attribute__ ((unused)) -#else /* not a GCC */ -#define UNUSED_PARAM -#endif /* GCC */ - -#ifndef min -#define min(a,b) ((a) < (b) ? (a) : (b)) -#endif +#ifdef CONFIG_COAP_MBEDTLS_PKI static int verify_cn_callback(const char *cn, - const uint8_t *asn1_public_cert UNUSED_PARAM, - size_t asn1_length UNUSED_PARAM, - coap_session_t *session UNUSED_PARAM, + const uint8_t *asn1_public_cert, + size_t asn1_length, + coap_session_t *session, unsigned depth, - int validated UNUSED_PARAM, - void *arg UNUSED_PARAM -) { - coap_log(LOG_INFO, "CN '%s' presented by server (%s)\n", - cn, depth ? "CA" : "Certificate"); - return 1; + int validated, + void *arg + ) +{ + coap_log(LOG_INFO, "CN '%s' presented by server (%s)\n", + cn, depth ? "CA" : "Certificate"); + return 1; } -#endif /* CONFIG_MBEDTLS_COAP_PKI */ +#endif /* CONFIG_COAP_MBEDTLS_PKI */ static void coap_example_server(void *p) { @@ -174,96 +185,85 @@ static void coap_example_server(void *p) ctx = coap_new_context(NULL); if (!ctx) { - continue; + ESP_LOGE(TAG, "coap_new_context() failed"); + continue; } -#ifdef CONFIG_MBEDTLS_COAP_PSK +#ifdef CONFIG_COAP_MBEDTLS_PSK /* Need PSK setup before we set up endpoints */ coap_context_set_psk(ctx, "CoAP", - (const uint8_t*)EXAMPLE_COAP_PSK_KEY, - sizeof(EXAMPLE_COAP_PSK_KEY)-1); -#endif /* CONFIG_MBEDTLS_COAP_PSK */ + (const uint8_t *)EXAMPLE_COAP_PSK_KEY, + sizeof(EXAMPLE_COAP_PSK_KEY) - 1); +#endif /* CONFIG_COAP_MBEDTLS_PSK */ -#ifdef CONFIG_MBEDTLS_COAP_PKI -/* CA cert, taken from coap_ca.pem - Server cert, taken from coap_server.crt - Server key, taken from coap_server.key +#ifdef CONFIG_COAP_MBEDTLS_PKI + unsigned int ca_pem_bytes = ca_pem_end - ca_pem_start; + unsigned int server_crt_bytes = server_crt_end - server_crt_start; + unsigned int server_key_bytes = server_key_end - server_key_start; + coap_dtls_pki_t dtls_pki; - The PEM, CRT and KEY file are examples taken from the wpa2 enterprise - example. + memset (&dtls_pki, 0, sizeof(dtls_pki)); + dtls_pki.version = COAP_DTLS_PKI_SETUP_VERSION; + if (ca_pem_bytes) { + /* + * Add in additional certificate checking. + * This list of enabled can be tuned for the specific + * requirements - see 'man coap_encryption'. + * + * Note: A list of root ca file can be setup separately using + * coap_context_set_pki_root_cas(), but the below is used to + * define what checking actually takes place. + */ + dtls_pki.verify_peer_cert = 1; + dtls_pki.require_peer_cert = 1; + dtls_pki.allow_self_signed = 1; + dtls_pki.allow_expired_certs = 1; + dtls_pki.cert_chain_validation = 1; + dtls_pki.cert_chain_verify_depth = 2; + dtls_pki.check_cert_revocation = 1; + dtls_pki.allow_no_crl = 1; + dtls_pki.allow_expired_crl = 1; + dtls_pki.allow_bad_md_hash = 1; + dtls_pki.allow_short_rsa_length = 1; + dtls_pki.validate_cn_call_back = verify_cn_callback; + dtls_pki.cn_call_back_arg = NULL; + dtls_pki.validate_sni_call_back = NULL; + dtls_pki.sni_call_back_arg = NULL; + } + dtls_pki.pki_key.key_type = COAP_PKI_KEY_PEM_BUF; + dtls_pki.pki_key.key.pem_buf.public_cert = server_crt_start; + dtls_pki.pki_key.key.pem_buf.public_cert_len = server_crt_bytes; + dtls_pki.pki_key.key.pem_buf.private_key = server_key_start; + dtls_pki.pki_key.key.pem_buf.private_key_len = server_key_bytes; + dtls_pki.pki_key.key.pem_buf.ca_cert = ca_pem_start; + dtls_pki.pki_key.key.pem_buf.ca_cert_len = ca_pem_bytes; - To embed it in the app binary, the PEM, CRT and KEY file is named - in the component.mk COMPONENT_EMBED_TXTFILES variable. -*/ -extern uint8_t ca_pem_start[] asm("_binary_coap_ca_pem_start"); -extern uint8_t ca_pem_end[] asm("_binary_coap_ca_pem_end"); -extern uint8_t server_crt_start[] asm("_binary_coap_server_crt_start"); -extern uint8_t server_crt_end[] asm("_binary_coap_server_crt_end"); -extern uint8_t server_key_start[] asm("_binary_coap_server_key_start"); -extern uint8_t server_key_end[] asm("_binary_coap_server_key_end"); - unsigned int ca_pem_bytes = ca_pem_end - ca_pem_start; - unsigned int server_crt_bytes = server_crt_end - server_crt_start; - unsigned int server_key_bytes = server_key_end - server_key_start; - coap_dtls_pki_t dtls_pki; - - memset (&dtls_pki, 0, sizeof(dtls_pki)); - dtls_pki.version = COAP_DTLS_PKI_SETUP_VERSION; - if (ca_pem_bytes) { - /* - * Add in additional certificate checking. - * This list of enabled can be tuned for the specific - * requirements - see 'man coap_encryption'. - * - * Note: A list of root ca file can be setup separately using - * coap_context_set_pki_root_cas(), but the below is used to - * define what checking actually takes place. - */ - dtls_pki.verify_peer_cert = 1; - dtls_pki.require_peer_cert = 1; - dtls_pki.allow_self_signed = 1; - dtls_pki.allow_expired_certs = 1; - dtls_pki.cert_chain_validation = 1; - dtls_pki.cert_chain_verify_depth = 2; - dtls_pki.check_cert_revocation = 1; - dtls_pki.allow_no_crl = 1; - dtls_pki.allow_expired_crl = 1; - dtls_pki.allow_bad_md_hash = 1; - dtls_pki.allow_short_rsa_length = 1; - dtls_pki.validate_cn_call_back = verify_cn_callback; - dtls_pki.cn_call_back_arg = NULL; - dtls_pki.validate_sni_call_back = NULL; - dtls_pki.sni_call_back_arg = NULL; - } - dtls_pki.pki_key.key_type = COAP_PKI_KEY_PEM_BUF; - dtls_pki.pki_key.key.pem_buf.public_cert = server_crt_start; - dtls_pki.pki_key.key.pem_buf.public_cert_len = server_crt_bytes; - dtls_pki.pki_key.key.pem_buf.private_key = server_key_start; - dtls_pki.pki_key.key.pem_buf.private_key_len = server_key_bytes; - dtls_pki.pki_key.key.pem_buf.ca_cert = ca_pem_start; - dtls_pki.pki_key.key.pem_buf.ca_cert_len = ca_pem_bytes; - - coap_context_set_pki(ctx, &dtls_pki); -#endif /* CONFIG_MBEDTLS_COAP_PKI */ + coap_context_set_pki(ctx, &dtls_pki); +#endif /* CONFIG_COAP_MBEDTLS_PKI */ ep = coap_new_endpoint(ctx, &serv_addr, COAP_PROTO_UDP); if (!ep) { - goto clean_up; + ESP_LOGE(TAG, "udp: coap_new_endpoint() failed"); + goto clean_up; } ep = coap_new_endpoint(ctx, &serv_addr, COAP_PROTO_TCP); if (!ep) { - goto clean_up; + ESP_LOGE(TAG, "tcp: coap_new_endpoint() failed"); + goto clean_up; } -#if defined(CONFIG_MBEDTLS_COAP_PSK) || defined(CONFIG_MBEDTLS_COAP_PKI) - if (coap_dtls_is_supported()) { +#if defined(CONFIG_COAP_MBEDTLS_PSK) || defined(CONFIG_COAP_MBEDTLS_PKI) + if (coap_dtls_is_supported()) { serv_addr.addr.sin.sin_port = htons(COAPS_DEFAULT_PORT); ep = coap_new_endpoint(ctx, &serv_addr, COAP_PROTO_DTLS); if (!ep) { - goto clean_up; + ESP_LOGE(TAG, "dtls: coap_new_endpoint() failed"); + goto clean_up; } } -#endif /* CONFIG_MBEDTLS_COAP_PSK CONFIG_MBEDTLS_COAP_PKI */ +#endif /* CONFIG_COAP_MBEDTLS_PSK CONFIG_COAP_MBEDTLS_PKI */ resource = coap_resource_init(coap_make_str_const("Espressif"), 0); if (!resource) { - goto clean_up; + ESP_LOGE(TAG, "coap_resource_init() failed"); + goto clean_up; } coap_register_handler(resource, COAP_REQUEST_GET, hnd_espressif_get); coap_register_handler(resource, COAP_REQUEST_PUT, hnd_espressif_put); @@ -301,14 +301,6 @@ void app_main(void) tcpip_adapter_init(); ESP_ERROR_CHECK(esp_event_loop_create_default()); -#if 0 -/* See https://github.com/Ebiroll/qemu_esp32 for further information */ -#include "emul_ip.h" - if (is_running_qemu()) { - xTaskCreate(task_lwip_init, "task_lwip_init", 2*4096, NULL, 20, NULL); - } - else -#endif /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig. * Read "Establishing Wi-Fi or Ethernet Connection" section in * examples/protocols/README.md for more information about this function. diff --git a/examples/protocols/coap_server/main/component.mk b/examples/protocols/coap_server/main/component.mk index bccdac23f..d3d1de0b0 100644 --- a/examples/protocols/coap_server/main/component.mk +++ b/examples/protocols/coap_server/main/component.mk @@ -5,6 +5,4 @@ # embed files from the "certs" directory as binary data symbols # in the app -COMPONENT_EMBED_TXTFILES := coap_ca.pem -COMPONENT_EMBED_TXTFILES += coap_server.crt -COMPONENT_EMBED_TXTFILES += coap_server.key +COMPONENT_EMBED_TXTFILES := certs/coap_ca.pem certs/coap_server.crt certs/coap_server.key