Skip to content

Commit

Permalink
fix(tls_cxx): Fixup udp example
Browse files Browse the repository at this point in the history
  • Loading branch information
@david-cermak
david-cermak committed Mar 15, 2024
1 parent 5139223 commit 790e39b
Show file tree
Hide file tree
Showing 7 changed files with 38 additions and 14 deletions.
8 changes: 8 additions & 0 deletions components/mbedtls_cxx/examples/test_certs/CMakeLists.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
idf_component_register(
EMBED_TXTFILES srv.crt
EMBED_TXTFILES srv.key
EMBED_TXTFILES ca.crt
EMBED_TXTFILES client.crt
EMBED_TXTFILES client.key
INCLUDE_DIRS "."
REQUIRES mbedtls_cxx)
4 changes: 4 additions & 0 deletions components/mbedtls_cxx/examples/test_certs/idf_component.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
dependencies:
espressif/mbedtls_cxx:
version: "*"
override_path: "../.."
4 changes: 4 additions & 0 deletions components/mbedtls_cxx/examples/udp_mutual_auth/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# UDP Mutual authentication example

This example uses `mbedtls_cxx` to perform a DTLS handshake and exchange a message between server and client.
The example uses UDP sockets on `'localhost'` interface, so no actual connection is needed, it could be run on linux target as well as on ESP32.
2 changes: 0 additions & 2 deletions components/mbedtls_cxx/examples/udp_mutual_auth/main/CMakeLists.txt
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,2 @@
idf_component_register(SRCS "udp_mutual.cpp"
EMBED_TXTFILES ../../test_certs/srv.crt
EMBED_TXTFILES ../../test_certs/srv.key
INCLUDE_DIRS ".")
3 changes: 3 additions & 0 deletions components/mbedtls_cxx/examples/udp_mutual_auth/main/idf_component.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,6 @@ dependencies:
espressif/mbedtls_cxx:
version: "*"
override_path: "../../.."
test_certs:
version: "*"
path: "../../test_certs"
29 changes: 17 additions & 12 deletions components/mbedtls_cxx/examples/udp_mutual_auth/main/udp_mutual.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,22 +7,16 @@
#include <sys/socket.h>
#include <netdb.h>
#include <unistd.h>
#include <cstring>
#include "esp_log.h"
#include "mbedtls_wrap.hpp"
#include "test_certs.hpp"

namespace {
constexpr auto *TAG = "udp_example";

using pem_format = const unsigned char;
extern pem_format servercert_start[] asm("_binary_srv_crt_start");
extern pem_format servercert_end[] asm("_binary_srv_crt_end");
extern pem_format serverkey_start[] asm("_binary_srv_key_start");
extern pem_format serverkey_end[] asm("_binary_srv_key_end");

}

using namespace idf::mbedtls_cxx;
using namespace test_certs;

class SecureLink: public Tls {
public:
Expand Down Expand Up @@ -86,7 +80,7 @@ class SecureLink: public Tls {
const unsigned char client_id[] = "localhost";
config.client_id = std::make_pair(client_id, sizeof(client_id));
}
if (!init(is_server{server_not_client}, do_verify{false}, &config)) {
if (!init(is_server{server_not_client}, do_verify{true}, &config)) {
return false;
}

Expand Down Expand Up @@ -141,6 +135,15 @@ void tls_client()
const unsigned char message[] = "Hello\n";
unsigned char reply[128];
SecureLink client;
client.set_hostname(get_server_cn());
if (!client.set_own_cert(get_buf(type::clientcert), get_buf(type::clientkey))) {
ESP_LOGE(TAG, "Failed to set own cert");
return;
}
if (!client.set_ca_cert(get_buf(type::cacert))) {
ESP_LOGE(TAG, "Failed to set peer's cert");
return;
}
if (!client.open(false)) {
ESP_LOGE(TAG, "Failed to CONNECT! %d", errno);
return;
Expand All @@ -162,12 +165,14 @@ void tls_server()
{
unsigned char message[128];
SecureLink server;
const_buf cert{servercert_start, servercert_end - servercert_start};
const_buf key{serverkey_start, serverkey_end - serverkey_start};
if (!server.set_own_cert(cert, key)) {
if (!server.set_own_cert(get_buf(type::servercert), get_buf(type::serverkey))) {
ESP_LOGE(TAG, "Failed to set own cert");
return;
}
if (!server.set_ca_cert(get_buf(type::cacert))) {
ESP_LOGE(TAG, "Failed to set peer's cert");
return;
}
ESP_LOGI(TAG, "opening...");
if (!server.open(true)) {
ESP_LOGE(TAG, "Failed to OPEN! %d", errno);
Expand Down
2 changes: 2 additions & 0 deletions components/mbedtls_cxx/examples/udp_mutual_auth/sdkconfig.defaults
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
CONFIG_MBEDTLS_SSL_PROTO_DTLS=y
CONFIG_PTHREAD_TASK_STACK_SIZE_DEFAULT=8192

0 comments on commit 790e39b

Please sign in to comment.