Request for ALTCP example etc.

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Request for ALTCP example etc.

Richard Man
Hi Simon or others, I am attempting to build 2.1.0 RC1 with ALTCP, specifically with the mbedTLS 2.12.0. Looks like I need to map the function pointers in altcp_tcp.h to the mbedTLS functions, but if there is a working example that I can leverage, I would appreciate it. There is some urgency in this (but why of course).

Thank you, and thank you for great work with lwIP!

--
// richard http://imagecraft.com
Beyond Arduino - When you're ready to get serious...
JumpStart C Tools for Atmel AVR and Cortex-M, The Better Alternative

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Request for ALTCP example etc.

Dirk Ziegelmeier-2
Maybe a look at httpd_inits() may help you for now

lwip\src\apps\http\httpd.c ​

Ciao
Dirk


On Fri, Aug 3, 2018 at 9:37 AM Richard Man <[hidden email]> wrote:
Hi Simon or others, I am attempting to build 2.1.0 RC1 with ALTCP, specifically with the mbedTLS 2.12.0. Looks like I need to map the function pointers in altcp_tcp.h to the mbedTLS functions, but if there is a working example that I can leverage, I would appreciate it. There is some urgency in this (but why of course).

Thank you, and thank you for great work with lwIP!

--
// richard http://imagecraft.com
Beyond Arduino - When you're ready to get serious...
JumpStart C Tools for Atmel AVR and Cortex-M, The Better Alternative
_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Request for ALTCP example etc.

Richard Man
Yes, sorry, I just found apps\altcp_tls\ directory.

Should have looked more deeply. My apology.

On Fri, Aug 3, 2018 at 12:39 AM, Dirk Ziegelmeier <[hidden email]> wrote:
Maybe a look at httpd_inits() may help you for now

lwip\src\apps\http\httpd.c ​

Ciao
Dirk


On Fri, Aug 3, 2018 at 9:37 AM Richard Man <[hidden email]> wrote:
Hi Simon or others, I am attempting to build 2.1.0 RC1 with ALTCP, specifically with the mbedTLS 2.12.0. Looks like I need to map the function pointers in altcp_tcp.h to the mbedTLS functions, but if there is a working example that I can leverage, I would appreciate it. There is some urgency in this (but why of course).

Thank you, and thank you for great work with lwIP!

--
// richard http://imagecraft.com
Beyond Arduino - When you're ready to get serious...
JumpStart C Tools for Atmel AVR and Cortex-M, The Better Alternative
_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users



--
// richard http://imagecraft.com
Beyond Arduino - When you're ready to get serious...
JumpStart C Tools for Atmel AVR and Cortex-M, The Better Alternative

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Request for ALTCP example etc.

goldsimon@gmx.de
In reply to this post by Richard Man
On 03.08.2018 09:36, Richard Man wrote:
> Hi Simon or others, I am attempting to build 2.1.0 RC1 with ALTCP,
> specifically with the mbedTLS 2.12.0. Looks like I need to map the
> function pointers in altcp_tcp.h to the mbedTLS functions, but if
> there is a working example that I can leverage, I would appreciate it.
> There is some urgency in this (but why of course).

The altcp functions are mapped to mbedTLS in the files under
"src\apps\altcp_tls\". You just need to enable them and link them in.

mqtt initialization works much like normal, but you have to assign a
"tls_config" in struct mqtt_connect_client_info_t:
mqtt_client_info.tls_config = altcp_tls_create_config_client(cert,
sizeof(cert));

where "cert" is a certificate readable by "mbedtls_x509_crt_parse()"
(e.g. x509).

Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Request for ALTCP example etc.

Richard Man
Hello pardon me for asking newbie question.

With the requisite call
mqtt_client_info.tls_config = altcp_tls_create_config_client(cert, sizeof(cert));
 
Let's say I am using an embedded system with no file system support. I am communicating with a server only and will not be acting as a server for other clients. TLS is used for MQTT data encryption. 

Is it correct that in this scenario I can use a self-signing certificate? I used Java Keytool to create a .cer file. Is it the case that I can convert the .cer file into a C array, and then use it in the call above?

Thanks for any help.


On Fri, Aug 3, 2018 at 12:48 AM, [hidden email] <[hidden email]> wrote:
On 03.08.2018 09:36, Richard Man wrote:
Hi Simon or others, I am attempting to build 2.1.0 RC1 with ALTCP, specifically with the mbedTLS 2.12.0. Looks like I need to map the function pointers in altcp_tcp.h to the mbedTLS functions, but if there is a working example that I can leverage, I would appreciate it. There is some urgency in this (but why of course).

The altcp functions are mapped to mbedTLS in the files under "src\apps\altcp_tls\". You just need to enable them and link them in.

mqtt initialization works much like normal, but you have to assign a "tls_config" in struct mqtt_connect_client_info_t:
mqtt_client_info.tls_config = altcp_tls_create_config_client(cert, sizeof(cert));

where "cert" is a certificate readable by "mbedtls_x509_crt_parse()" (e.g. x509).

Simon


_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users



--
// richard http://imagecraft.com
Beyond Arduino - When you're ready to get serious...
JumpStart C Tools for Atmel AVR and Cortex-M, The Better Alternative

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Request for ALTCP example etc.

goldsimon@gmx.de


Am 4. August 2018 04:52:36 MESZ schrieb Richard Man <[hidden email]>:

>Hello pardon me for asking newbie question.
>
>With the requisite call
>
>mqtt_client_info.tls_config = altcp_tls_create_config_client(cert,
>sizeof(cert));
>
>
>Let's say I am using an embedded system with no file system support. I
>am
>communicating with a server only and will not be acting as a server for
>other clients. TLS is used for MQTT data encryption.
>
>Is it correct that in this scenario I can use a self-signing
>certificate?

This is more of an mbedtls related question. Honestly, without looking at the code, I can't even tell you whether this is really a client certificate or the certificate chain to trust for server certificates...

>I used Java Keytool to create a .cer file. Is it the case that I can
>convert
>the .cer file into a C array, and then use it in the call above?

This is also mbedtls related. Lwip just passed the certificate through to mbedtls code. I think I used openssl to create the certificates.

Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Request for ALTCP example etc.

Richard Man
Further: tracing through the code, with altcp.c, altcp_tcp.c, and altcp_tls_mbedtls.c enabled, looks like the flow of control is this

mqtt_client_connect calls altcp_connect, which using the indirect table, calls
altcp_mbedtls_connect, which calls altcp_connect again, with the "innerconn"
atlcp_connect this times, calls 
altcp_tcp_connect, which basically just calls tcp_connect

So am I correct to think that this chain completely replaces the mbedtls_net_connect call?

The problem I have is that the callback function originally supplied to  mqtt_client_connect never gets called. 



On Fri, Aug 3, 2018 at 11:34 PM, goldsimon <[hidden email]> wrote:


Am 4. August 2018 04:52:36 MESZ schrieb Richard Man <[hidden email]>:
>Hello pardon me for asking newbie question.
>
>With the requisite call
>
>mqtt_client_info.tls_config = altcp_tls_create_config_client(cert,
>sizeof(cert));
>
>
>Let's say I am using an embedded system with no file system support. I
>am
>communicating with a server only and will not be acting as a server for
>other clients. TLS is used for MQTT data encryption.
>
>Is it correct that in this scenario I can use a self-signing
>certificate?

This is more of an mbedtls related question. Honestly, without looking at the code, I can't even tell you whether this is really a client certificate or the certificate chain to trust for server certificates...

>I used Java Keytool to create a .cer file. Is it the case that I can
>convert
>the .cer file into a C array, and then use it in the call above?

This is also mbedtls related. Lwip just passed the certificate through to mbedtls code. I think I used openssl to create the certificates.

Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users



--
// richard http://imagecraft.com
Beyond Arduino - When you're ready to get serious...
JumpStart C Tools for Atmel AVR and Cortex-M, The Better Alternative

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Request for ALTCP example etc.

Richard Man
OK, I believe I found the source of the bug

In altcp_mbedtls_setup, after setting up the SSL, it should call the ssl_handshake, e.g.

  mbedtls_ssl_set_bio(&state->ssl_context, conn, altcp_mbedtls_bio_send, altcp_mbedtls_bio_recv, NULL);

  mbedtls_ssl_handshake(&state->ssl_context);

Otherwise, it would not even try to connect. With the line added, I am connecting with MQTT/TLS.

THANK you for great piece of work!


On Sat, Aug 4, 2018 at 3:33 PM, Richard Man <[hidden email]> wrote:
Further: tracing through the code, with altcp.c, altcp_tcp.c, and altcp_tls_mbedtls.c enabled, looks like the flow of control is this

mqtt_client_connect calls altcp_connect, which using the indirect table, calls
altcp_mbedtls_connect, which calls altcp_connect again, with the "innerconn"
atlcp_connect this times, calls 
altcp_tcp_connect, which basically just calls tcp_connect

So am I correct to think that this chain completely replaces the mbedtls_net_connect call?

The problem I have is that the callback function originally supplied to  mqtt_client_connect never gets called. 



On Fri, Aug 3, 2018 at 11:34 PM, goldsimon <[hidden email]> wrote:


Am 4. August 2018 04:52:36 MESZ schrieb Richard Man <[hidden email]>:
>Hello pardon me for asking newbie question.
>
>With the requisite call
>
>mqtt_client_info.tls_config = altcp_tls_create_config_client(cert,
>sizeof(cert));
>
>
>Let's say I am using an embedded system with no file system support. I
>am
>communicating with a server only and will not be acting as a server for
>other clients. TLS is used for MQTT data encryption.
>
>Is it correct that in this scenario I can use a self-signing
>certificate?

This is more of an mbedtls related question. Honestly, without looking at the code, I can't even tell you whether this is really a client certificate or the certificate chain to trust for server certificates...

>I used Java Keytool to create a .cer file. Is it the case that I can
>convert
>the .cer file into a C array, and then use it in the call above?

This is also mbedtls related. Lwip just passed the certificate through to mbedtls code. I think I used openssl to create the certificates.

Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users



--
// richard http://imagecraft.com
Beyond Arduino - When you're ready to get serious...
JumpStart C Tools for Atmel AVR and Cortex-M, The Better Alternative



--
// richard http://imagecraft.com
Beyond Arduino - When you're ready to get serious...
JumpStart C Tools for Atmel AVR and Cortex-M, The Better Alternative

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Request for ALTCP example etc.

goldsimon@gmx.de
On 05.08.2018 02:09, Richard Man wrote:
OK, I believe I found the source of the bug

If you found a bug in our mbedtls adaption, could you please send a patch? It's not really clear from your mail what should be changed.

Aside from that, it worked for me, so this is somewhat strange...


Simon



In altcp_mbedtls_setup, after setting up the SSL, it should call the ssl_handshake, e.g.

  mbedtls_ssl_set_bio(&state->ssl_context, conn, altcp_mbedtls_bio_send, altcp_mbedtls_bio_recv, NULL);

  mbedtls_ssl_handshake(&state->ssl_context);

Otherwise, it would not even try to connect. With the line added, I am connecting with MQTT/TLS.

THANK you for great piece of work!


On Sat, Aug 4, 2018 at 3:33 PM, Richard Man <[hidden email]> wrote:
Further: tracing through the code, with altcp.c, altcp_tcp.c, and altcp_tls_mbedtls.c enabled, looks like the flow of control is this

mqtt_client_connect calls altcp_connect, which using the indirect table, calls
altcp_mbedtls_connect, which calls altcp_connect again, with the "innerconn"
atlcp_connect this times, calls 
altcp_tcp_connect, which basically just calls tcp_connect

So am I correct to think that this chain completely replaces the mbedtls_net_connect call?

The problem I have is that the callback function originally supplied to  mqtt_client_connect never gets called. 



On Fri, Aug 3, 2018 at 11:34 PM, goldsimon <[hidden email]> wrote:


Am 4. August 2018 04:52:36 MESZ schrieb Richard Man <[hidden email]>:
>Hello pardon me for asking newbie question.
>
>With the requisite call
>
>mqtt_client_info.tls_config = altcp_tls_create_config_client(cert,
>sizeof(cert));
>
>
>Let's say I am using an embedded system with no file system support. I
>am
>communicating with a server only and will not be acting as a server for
>other clients. TLS is used for MQTT data encryption.
>
>Is it correct that in this scenario I can use a self-signing
>certificate?

This is more of an mbedtls related question. Honestly, without looking at the code, I can't even tell you whether this is really a client certificate or the certificate chain to trust for server certificates...

>I used Java Keytool to create a .cer file. Is it the case that I can
>convert
>the .cer file into a C array, and then use it in the call above?

This is also mbedtls related. Lwip just passed the certificate through to mbedtls code. I think I used openssl to create the certificates.

Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users



--
// richard http://imagecraft.com
Beyond Arduino - When you're ready to get serious...
JumpStart C Tools for Atmel AVR and Cortex-M, The Better Alternative



--
// richard http://imagecraft.com
Beyond Arduino - When you're ready to get serious...
JumpStart C Tools for Atmel AVR and Cortex-M, The Better Alternative


_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users



_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Request for ALTCP example etc.

Richard Man
I wonder if it is depending on the MQTT broker. My change is literally just adding a call to mbedtls_ssl_handshake() in  altcp_mbedtls_setup. The current code only does the handshake "on demand" when data is received. In my case, data is never initiated unless the handshake is done first.

Anyway, I will submit a patch. Thanks


On Mon, Aug 6, 2018 at 1:17 AM, [hidden email] <[hidden email]> wrote:
On 05.08.2018 02:09, Richard Man wrote:
OK, I believe I found the source of the bug

If you found a bug in our mbedtls adaption, could you please send a patch? It's not really clear from your mail what should be changed.

Aside from that, it worked for me, so this is somewhat strange...


Simon




In altcp_mbedtls_setup, after setting up the SSL, it should call the ssl_handshake, e.g.

  mbedtls_ssl_set_bio(&state->ssl_context, conn, altcp_mbedtls_bio_send, altcp_mbedtls_bio_recv, NULL);

  mbedtls_ssl_handshake(&state->ssl_context);

Otherwise, it would not even try to connect. With the line added, I am connecting with MQTT/TLS.

THANK you for great piece of work!


On Sat, Aug 4, 2018 at 3:33 PM, Richard Man <[hidden email]> wrote:
Further: tracing through the code, with altcp.c, altcp_tcp.c, and altcp_tls_mbedtls.c enabled, looks like the flow of control is this

mqtt_client_connect calls altcp_connect, which using the indirect table, calls
altcp_mbedtls_connect, which calls altcp_connect again, with the "innerconn"
atlcp_connect this times, calls 
altcp_tcp_connect, which basically just calls tcp_connect

So am I correct to think that this chain completely replaces the mbedtls_net_connect call?

The problem I have is that the callback function originally supplied to  mqtt_client_connect never gets called. 



On Fri, Aug 3, 2018 at 11:34 PM, goldsimon <[hidden email]> wrote:


Am 4. August 2018 04:52:36 MESZ schrieb Richard Man <[hidden email]>:
>Hello pardon me for asking newbie question.
>
>With the requisite call
>
>mqtt_client_info.tls_config = altcp_tls_create_config_client(cert,
>sizeof(cert));
>
>
>Let's say I am using an embedded system with no file system support. I
>am
>communicating with a server only and will not be acting as a server for
>other clients. TLS is used for MQTT data encryption.
>
>Is it correct that in this scenario I can use a self-signing
>certificate?

This is more of an mbedtls related question. Honestly, without looking at the code, I can't even tell you whether this is really a client certificate or the certificate chain to trust for server certificates...

>I used Java Keytool to create a .cer file. Is it the case that I can
>convert
>the .cer file into a C array, and then use it in the call above?

This is also mbedtls related. Lwip just passed the certificate through to mbedtls code. I think I used openssl to create the certificates.

Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users



--
// richard http://imagecraft.com
Beyond Arduino - When you're ready to get serious...
JumpStart C Tools for Atmel AVR and Cortex-M, The Better Alternative



--
// richard http://imagecraft.com
Beyond Arduino - When you're ready to get serious...
JumpStart C Tools for Atmel AVR and Cortex-M, The Better Alternative


_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users



_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users



--
// richard http://imagecraft.com
Beyond Arduino - When you're ready to get serious...
JumpStart C Tools for Atmel AVR and Cortex-M, The Better Alternative

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users