From 19e22f870f89938246388ef8240d833f51b41869 Mon Sep 17 00:00:00 2001 From: Simon Goldschmidt Date: Tue, 6 Aug 2019 22:17:55 +0200 Subject: [PATCH] add https example --- contrib/Filelists.cmake | 1 + contrib/Filelists.mk | 1 + contrib/examples/example_app/test.c | 4 + .../httpd/https_example/https_example.c | 147 ++++++++++++++++++ .../httpd/https_example/https_example.h | 38 +++++ contrib/ports/win32/msvc/lwIP_Test.vcxproj | 2 + .../win32/msvc/lwIP_Test.vcxproj.filters | 9 ++ 7 files changed, 202 insertions(+) create mode 100644 contrib/examples/httpd/https_example/https_example.c create mode 100644 contrib/examples/httpd/https_example/https_example.h diff --git a/contrib/Filelists.cmake b/contrib/Filelists.cmake index c603026e..a375dd26 100644 --- a/contrib/Filelists.cmake +++ b/contrib/Filelists.cmake @@ -14,6 +14,7 @@ endif() set(lwipcontribexamples_SRCS ${LWIP_CONTRIB_DIR}/examples/httpd/fs_example/fs_example.c + ${LWIP_CONTRIB_DIR}/examples/httpd/https_example/https_example.c ${LWIP_CONTRIB_DIR}/examples/httpd/ssi_example/ssi_example.c ${LWIP_CONTRIB_DIR}/examples/lwiperf/lwiperf_example.c ${LWIP_CONTRIB_DIR}/examples/mdns/mdns_example.c diff --git a/contrib/Filelists.mk b/contrib/Filelists.mk index e330295f..f0fb48b2 100644 --- a/contrib/Filelists.mk +++ b/contrib/Filelists.mk @@ -42,6 +42,7 @@ CONTRIBAPPFILES=$(CONTRIBDIR)/apps/httpserver/httpserver-netconn.c \ $(CONTRIBDIR)/apps/socket_examples/socket_examples.c \ $(CONTRIBDIR)/apps/rtp/rtp.c \ $(CONTRIBDIR)/examples/httpd/fs_example/fs_example.c \ + $(CONTRIBDIR)/examples/httpd/https_example/https_example.c \ $(CONTRIBDIR)/examples/httpd/ssi_example/ssi_example.c \ $(CONTRIBDIR)/examples/lwiperf/lwiperf_example.c \ $(CONTRIBDIR)/examples/mdns/mdns_example.c \ diff --git a/contrib/examples/example_app/test.c b/contrib/examples/example_app/test.c index 510fd3ae..563d5710 100644 --- a/contrib/examples/example_app/test.c +++ b/contrib/examples/example_app/test.c @@ -83,6 +83,7 @@ #include "examples/httpd/cgi_example/cgi_example.h" #include "examples/httpd/fs_example/fs_example.h" +#include "examples/httpd/https_example/https_example.h" #include "examples/httpd/ssi_example/ssi_example.h" #include "default_netif.h" @@ -540,6 +541,9 @@ apps_init(void) #if defined(LWIP_HTTPD_EXAMPLE_CGI_SIMPLE) && LWIP_HTTPD_EXAMPLE_CGI_SIMPLE cgi_ex_init(); #endif +#if defined(LWIP_HTTPD_EXAMPLE_HTTPS) && LWIP_HTTPD_EXAMPLE_HTTPS + https_ex_init(); +#endif #endif /* LWIP_HTTPD_APP_NETCONN */ #endif /* LWIP_HTTPD_APP && LWIP_TCP */ diff --git a/contrib/examples/httpd/https_example/https_example.c b/contrib/examples/httpd/https_example/https_example.c new file mode 100644 index 00000000..80cea3c7 --- /dev/null +++ b/contrib/examples/httpd/https_example/https_example.c @@ -0,0 +1,147 @@ +/** + * @file + * HTTPD https example + * + * This file demonstrates how to initialize httpd for https. + * To do this, it needs 2 files: + * - server certificate + * - server private key + * + * In addition to that, watch out for resource shortage. You'll need plenty of + * heap (start with MEM_SIZE >= 200 KByte or monitor its err counters) and be + * sure to at least set the following settings high enough (monitor + * lwip_stats for an idea of what's needed): + * - MEMP_NUM_TCP_PCB/MEMP_NUM_ALTCP_PCB + * - MEMP_NUM_TCPIP_MSG_INPKT + * - MEMP_NUM_TCP_SEG + */ + + /* + * Copyright (c) 2017-2019 Simon Goldschmidt + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT + * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT + * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + * + * This file is part of the lwIP TCP/IP stack. + * + * Author: Simon Goldschmidt + * + */ + +#include "lwip/opt.h" +#include "https_example.h" + +#include "lwip/altcp_tls.h" +#include "lwip/apps/httpd.h" + +#include +#include +#include + +/** define LWIP_HTTPD_EXAMPLE_HTTPS to 1 to enable this file system */ +#ifndef LWIP_HTTPD_EXAMPLE_HTTPS +#define LWIP_HTTPD_EXAMPLE_HTTPS 0 +#endif + +#define LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE "f:\\dev\\lwip\\https_test\\privateKey.key" +#define LWIP_HTTPD_EXAMPLE_HTTPS_CERT_FILE "f:\\dev\\lwip\\https_test\\certificate.crt" + +#if LWIP_HTTPD_EXAMPLE_HTTPS + +#ifndef LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE +#error "define LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE to the created server private key" +#endif + +/* If the key file is password-protected, define LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS */ +#ifdef LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS +#ifndef LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS_LEN +#define LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS_LEN strlen(LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS) +#endif +#else +#define LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS NULL +#define LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS_LEN 0 +#endif + +#ifndef LWIP_HTTPD_EXAMPLE_HTTPS_CERT_FILE +#error "define LWIP_HTTPD_EXAMPLE_HTTPS_CERT_FILE to the created server certificate" +#endif + +static u8_t *read_file(const char *filename, size_t *file_size) +{ + u8_t *buf; + long fsize; + FILE *f = fopen(filename, "rb"); + if (!f) { + return NULL; + } + fseek(f, 0, SEEK_END); + fsize = ftell(f); + fseek(f, 0, SEEK_SET); + + buf = malloc(fsize + 1); + if (!buf) { + fclose(f); + return NULL; + } + fread(buf, 1, fsize, f); + fclose(f); + + buf[fsize] = 0; + if (file_size) { + /* Note: the '+ 1' is required for mbedTLS to correctly parse the buffer */ + *file_size = (size_t)(fsize + 1); + } + return buf; +} + +/** This function loads a server certificate and private key as x509 from disk. + * For information how to create such files, see mbedTLS tutorial ("How to + * generate a self-signed certificate") or OpenSSL documentation ("How to + * generate a self-signed certificate and private key using OpenSSL"), e.g. + * 'openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt' + * Copy the resulting files and define the path to them + */ +void +https_ex_init(void) +{ + struct altcp_tls_config *conf; + u8_t *privkey, *cert; + size_t privkey_size, cert_size; + + privkey = read_file(LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE, &privkey_size); + LWIP_ASSERT("Failed to open https server private key", privkey != NULL); + cert = read_file(LWIP_HTTPD_EXAMPLE_HTTPS_CERT_FILE, &cert_size); + LWIP_ASSERT("Failed to open https server certificate", cert != NULL); + + conf = altcp_tls_create_config_server_privkey_cert(privkey, privkey_size, + LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS, LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS_LEN, cert, cert_size); + LWIP_ASSERT("Failed to create https server config", conf != NULL); + + httpd_inits(conf); + + /* secure erase should be done in production environment */ + free(privkey); + free(cert); +} + +#endif /* LWIP_HTTPD_EXAMPLE_HTTPS */ diff --git a/contrib/examples/httpd/https_example/https_example.h b/contrib/examples/httpd/https_example/https_example.h new file mode 100644 index 00000000..0f92214e --- /dev/null +++ b/contrib/examples/httpd/https_example/https_example.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2017 Simon Goldschmidt + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT + * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT + * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + * + * This file is part of the lwIP TCP/IP stack. + * + * Author: Simon Goldschmidt + * + */ + +#ifndef LWIP_HDR_HTTP_EXAMPLES_HTTPS_EXAMPLE +#define LWIP_HDR_HTTP_EXAMPLES_HTTPS_EXAMPLE +#define LWIP_HTTPD_EXAMPLE_HTTPS 1 +void https_ex_init(void); + +#endif /* LWIP_HDR_HTTP_EXAMPLES_HTTPS_EXAMPLE */ diff --git a/contrib/ports/win32/msvc/lwIP_Test.vcxproj b/contrib/ports/win32/msvc/lwIP_Test.vcxproj index 41b2a24b..372e9184 100644 --- a/contrib/ports/win32/msvc/lwIP_Test.vcxproj +++ b/contrib/ports/win32/msvc/lwIP_Test.vcxproj @@ -134,6 +134,7 @@ + @@ -173,6 +174,7 @@ + diff --git a/contrib/ports/win32/msvc/lwIP_Test.vcxproj.filters b/contrib/ports/win32/msvc/lwIP_Test.vcxproj.filters index 499334bc..52f7732e 100644 --- a/contrib/ports/win32/msvc/lwIP_Test.vcxproj.filters +++ b/contrib/ports/win32/msvc/lwIP_Test.vcxproj.filters @@ -65,6 +65,9 @@ {bd6f1fcc-c88f-4b96-a267-401f6bf9898b} + + {1098bc59-6867-48a3-afa4-b896510241d1} + @@ -154,6 +157,9 @@ Source Files + + Source Files\examples\httpd\https_example + @@ -234,6 +240,9 @@ Source Files\examples\mqtt + + Source Files\examples\httpd\https_example +