mirror of
				https://github.com/alexandrebobkov/ESP-Nodes.git
				synced 2025-10-25 05:12:37 +00:00 
			
		
		
		
	.
This commit is contained in:
		| @@ -1,18 +0,0 @@ | ||||
| # The following four lines of boilerplate have to be in your project's CMakeLists | ||||
| # in this exact order for cmake to work correctly | ||||
| cmake_minimum_required(VERSION 3.16) | ||||
|  | ||||
|  | ||||
| include($ENV{IDF_PATH}/tools/cmake/project.cmake) | ||||
| # "Trim" the build. Include the minimal set of components, main, and anything it depends on. | ||||
| idf_build_set_property(MINIMAL_BUILD ON) | ||||
| project(mqtt_ssl_ds) | ||||
|  | ||||
| # Flash the custom partition named `esp_secure_cert`. | ||||
| set(partition esp_secure_cert) | ||||
| idf_build_get_property(project_dir PROJECT_DIR) | ||||
| set(image_file ${project_dir}/esp_secure_cert_data/${partition}.bin) | ||||
| partition_table_get_partition_info(offset "--partition-name ${partition}" "offset") | ||||
| esptool_py_flash_target_image(flash "${partition}" "${offset}" "${image_file}") | ||||
|  | ||||
| target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "main/mosquitto.org.crt" TEXT) | ||||
| @@ -1,105 +0,0 @@ | ||||
| | Supported Targets | ESP32-C3 | ESP32-C5 | ESP32-C6 | ESP32-H2 | ESP32-P4 | ESP32-S2 | ESP32-S3 | | ||||
| | ----------------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | | ||||
|  | ||||
| # ESP-MQTT SSL Mutual Authentication with Digital Signature | ||||
| (See the README.md file in the upper level 'examples' directory for more information about examples.) | ||||
|  | ||||
| Espressif's ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6, ESP32-H2 and ESP32-P4 MCU have a built-in Digital Signature (DS) Peripheral, which provides hardware acceleration for RSA signature. More details can be found at [Digital Signature with ESP-TLS](https://docs.espressif.com/projects/esp-idf/en/latest/esp32s2/api-reference/protocols/esp_tls.html#digital-signature-with-esp-tls). | ||||
|  | ||||
| This example connects to the broker test.mosquitto.org using ssl transport with client certificate(RSA) and as a demonstration subscribes/unsubscribes and sends a message on certain topic.The RSA signature operation required in the ssl connection is performed with help of the Digital Signature (DS) peripheral. | ||||
| (Please note that the public broker is maintained by the community so may not be always available, for details please visit http://test.mosquitto.org) | ||||
|  | ||||
| It uses ESP-MQTT library which implements mqtt client to connect to mqtt broker. | ||||
| ## How to use example | ||||
|  | ||||
| ### Hardware Required | ||||
|  | ||||
| This example can be executed on any of the supported ESP32 family board (which has a built-in DS peripheral), the only required interface is WiFi/Ethernet and connection to internet. | ||||
|  | ||||
| ### Configure the project | ||||
|  | ||||
| #### 1) Selecting the target | ||||
|  | ||||
| Please select the supported target with the following command: | ||||
| ``` | ||||
| idf.py set-target /* target */ | ||||
| ``` | ||||
| More details can be found at [Selecting the target](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#selecting-the-target). | ||||
|  | ||||
| #### 2) Generate your client key and certificate | ||||
|  | ||||
| Navigate to the main directory | ||||
|  | ||||
| ``` | ||||
| cd main | ||||
| ``` | ||||
|  | ||||
| Generate a client key and a CSR. When you are generating the CSR, do not use the default values. At a minimum, the CSR must include the Country, Organisation and Common Name fields. | ||||
|  | ||||
| ``` | ||||
| openssl genrsa -out client.key | ||||
| openssl req -out client.csr -key client.key -new | ||||
| ``` | ||||
|  | ||||
| Paste the generated CSR in the [Mosquitto test certificate signer](https://test.mosquitto.org/ssl/index.php), click Submit and downloaded the `client.crt`. This `client.crt` file shall be used as the device certificate. | ||||
|  | ||||
| #### 3) Configure the DS peripheral | ||||
|  | ||||
| * i) Install the [esp_secure_cert configuration utility](https://github.com/espressif/esp_secure_cert_mgr/tree/main/tools#esp_secure_cert-configuration-tool) with following command: | ||||
| ``` | ||||
| pip install esp-secure-cert-tool | ||||
| ``` | ||||
| * ii) The DS peripheral can be configured by executing the following command: | ||||
|  | ||||
| ``` | ||||
| configure_esp_secure_cert.py -p /* Serial port */ --device-cert /* Device cert */ --private-key /* RSA priv key */ --target_chip /* target chip */ --configure_ds  --skip_flash | ||||
| ``` | ||||
| This command shall generate a partition named `esp_secure_cert.bin` in the `esp_secure_cert_data` directory. This partition would be aumatically detected by the build system and flashed at appropriate offset when `idf.py flash` command is used. For this process, the command must be executed in the current folder only. | ||||
|  | ||||
| In the command USB COM port is nothing but the serial port to which the ESP chip is connected. see | ||||
| [check serial port](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/establish-serial-connection.html#check-port-on-windows) for more details. | ||||
| RSA private key is nothing but the client private key ( RSA ) generated in Step 2. | ||||
|  | ||||
| > Note: More details about the `esp-secure-cert-tool` utility can be found [here](https://github.com/espressif/esp_secure_cert_mgr/tree/main/tools). | ||||
|  | ||||
| #### 4) Connection configuration | ||||
| * Open the project configuration menu (`idf.py menuconfig`) | ||||
| * Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../../README.md) for more details. | ||||
|  | ||||
| ### Build and Flash | ||||
|  | ||||
| Build the project and flash it to the board, then run monitor tool to view serial output: | ||||
|  | ||||
| ``` | ||||
| idf.py -p PORT flash monitor | ||||
| ``` | ||||
|  | ||||
| (To exit the serial monitor, type ``Ctrl-]``.) | ||||
|  | ||||
| See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects. | ||||
|  | ||||
| ## Example Output | ||||
|  | ||||
| ``` | ||||
| I (3714) event: sta ip: 192.168.0.139, mask: 255.255.255.0, gw: 192.168.0.2 | ||||
| I (3714) system_api: Base MAC address is not set, read default base MAC address from BLK0 of EFUSE | ||||
| I (3964) MQTT_CLIENT: Sending MQTT CONNECT message, type: 1, id: 0000 | ||||
| I (4164) MQTTS_EXAMPLE: MQTT_EVENT_CONNECTED | ||||
| I (4174) MQTTS_EXAMPLE: sent publish successful, msg_id=41464 | ||||
| I (4174) MQTTS_EXAMPLE: sent subscribe successful, msg_id=17886 | ||||
| I (4174) MQTTS_EXAMPLE: sent subscribe successful, msg_id=42970 | ||||
| I (4184) MQTTS_EXAMPLE: sent unsubscribe successful, msg_id=50241 | ||||
| I (4314) MQTTS_EXAMPLE: MQTT_EVENT_PUBLISHED, msg_id=41464 | ||||
| I (4484) MQTTS_EXAMPLE: MQTT_EVENT_SUBSCRIBED, msg_id=17886 | ||||
| I (4484) MQTTS_EXAMPLE: sent publish successful, msg_id=0 | ||||
| I (4684) MQTTS_EXAMPLE: MQTT_EVENT_SUBSCRIBED, msg_id=42970 | ||||
| I (4684) MQTTS_EXAMPLE: sent publish successful, msg_id=0 | ||||
| I (4884) MQTT_CLIENT: deliver_publish, message_length_read=19, message_length=19 | ||||
| I (4884) MQTTS_EXAMPLE: MQTT_EVENT_DATA | ||||
| TOPIC=/topic/qos0 | ||||
| DATA=data | ||||
| I (5194) MQTT_CLIENT: deliver_publish, message_length_read=19, message_length=19 | ||||
| I (5194) MQTTS_EXAMPLE: MQTT_EVENT_DATA | ||||
| TOPIC=/topic/qos0 | ||||
| DATA=data | ||||
| ``` | ||||
| @@ -1,3 +0,0 @@ | ||||
| idf_component_register(SRCS "app_main.c" | ||||
|                     PRIV_REQUIRES mqtt esp_netif | ||||
|                     INCLUDE_DIRS ".") | ||||
| @@ -1,156 +0,0 @@ | ||||
| /* MQTT Mutual Authentication Example | ||||
|  | ||||
|    This example code is in the Public Domain (or CC0 licensed, at your option.) | ||||
|  | ||||
|    Unless required by applicable law or agreed to in writing, this | ||||
|    software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR | ||||
|    CONDITIONS OF ANY KIND, either express or implied. | ||||
| */ | ||||
| #include <stdio.h> | ||||
| #include <stdint.h> | ||||
| #include <stddef.h> | ||||
| #include <string.h> | ||||
| #include "esp_system.h" | ||||
| #include "nvs_flash.h" | ||||
| #include "esp_event.h" | ||||
| #include "esp_netif.h" | ||||
| #include "protocol_examples_common.h" | ||||
|  | ||||
| #include "freertos/FreeRTOS.h" | ||||
| #include "freertos/task.h" | ||||
| #include "freertos/semphr.h" | ||||
| #include "freertos/queue.h" | ||||
|  | ||||
| #include "lwip/sockets.h" | ||||
| #include "lwip/dns.h" | ||||
| #include "lwip/netdb.h" | ||||
|  | ||||
| #include "esp_log.h" | ||||
| #include "mqtt_client.h" | ||||
| #include "rsa_sign_alt.h" | ||||
| #include "esp_secure_cert_read.h" | ||||
|  | ||||
| static const char *TAG = "mqtts_example"; | ||||
|  | ||||
| extern const uint8_t server_cert_pem_start[] asm("_binary_mosquitto_org_crt_start"); | ||||
| extern const uint8_t server_cert_pem_end[] asm("_binary_mosquitto_org_crt_end"); | ||||
|  | ||||
| /* | ||||
|  * @brief Event handler registered to receive MQTT events | ||||
|  * | ||||
|  *  This function is called by the MQTT client event loop. | ||||
|  * | ||||
|  * @param handler_args user data registered to the event. | ||||
|  * @param base Event base for the handler(always MQTT Base in this example). | ||||
|  * @param event_id The id for the received event. | ||||
|  * @param event_data The data for the event, esp_mqtt_event_handle_t. | ||||
|  */ | ||||
| static void mqtt_event_handler(void *handler_args, esp_event_base_t base, int32_t event_id, void *event_data) | ||||
| { | ||||
|     ESP_LOGD(TAG, "Event dispatched from event loop base=%s, event_id=%" PRIi32, base, event_id); | ||||
|     esp_mqtt_event_handle_t event = event_data; | ||||
|     esp_mqtt_client_handle_t client = event->client; | ||||
|     int msg_id; | ||||
|     // your_context_t *context = event->context; | ||||
|     switch ((esp_mqtt_event_id_t)event_id) { | ||||
|     case MQTT_EVENT_CONNECTED: | ||||
|         ESP_LOGI(TAG, "MQTT_EVENT_CONNECTED"); | ||||
|         msg_id = esp_mqtt_client_subscribe(client, "/topic/qos0", 0); | ||||
|         ESP_LOGI(TAG, "sent subscribe successful, msg_id=%d", msg_id); | ||||
|  | ||||
|         msg_id = esp_mqtt_client_subscribe(client, "/topic/qos1", 1); | ||||
|         ESP_LOGI(TAG, "sent subscribe successful, msg_id=%d", msg_id); | ||||
|  | ||||
|         msg_id = esp_mqtt_client_unsubscribe(client, "/topic/qos1"); | ||||
|         ESP_LOGI(TAG, "sent unsubscribe successful, msg_id=%d", msg_id); | ||||
|         break; | ||||
|     case MQTT_EVENT_DISCONNECTED: | ||||
|         ESP_LOGI(TAG, "MQTT_EVENT_DISCONNECTED"); | ||||
|         break; | ||||
|  | ||||
|     case MQTT_EVENT_SUBSCRIBED: | ||||
|         ESP_LOGI(TAG, "MQTT_EVENT_SUBSCRIBED, msg_id=%d, return code=0x%02x ", event->msg_id, (uint8_t)*event->data); | ||||
|         msg_id = esp_mqtt_client_publish(client, "/topic/qos0", "data", 0, 0, 0); | ||||
|         ESP_LOGI(TAG, "sent publish successful, msg_id=%d", msg_id); | ||||
|         break; | ||||
|     case MQTT_EVENT_UNSUBSCRIBED: | ||||
|         ESP_LOGI(TAG, "MQTT_EVENT_UNSUBSCRIBED, msg_id=%d", event->msg_id); | ||||
|         break; | ||||
|     case MQTT_EVENT_PUBLISHED: | ||||
|         ESP_LOGI(TAG, "MQTT_EVENT_PUBLISHED, msg_id=%d", event->msg_id); | ||||
|         break; | ||||
|     case MQTT_EVENT_DATA: | ||||
|         ESP_LOGI(TAG, "MQTT_EVENT_DATA"); | ||||
|         printf("TOPIC=%.*s\r\n", event->topic_len, event->topic); | ||||
|         printf("DATA=%.*s\r\n", event->data_len, event->data); | ||||
|         break; | ||||
|     case MQTT_EVENT_ERROR: | ||||
|         ESP_LOGI(TAG, "MQTT_EVENT_ERROR"); | ||||
|         break; | ||||
|     default: | ||||
|         ESP_LOGI(TAG, "Other event id:%d", event->event_id); | ||||
|         break; | ||||
|     } | ||||
| } | ||||
|  | ||||
| static void mqtt_app_start(void) | ||||
| { | ||||
|     /* The context is used by the DS peripheral, should not be freed */ | ||||
|     esp_ds_data_ctx_t *ds_data = esp_secure_cert_get_ds_ctx(); | ||||
|     if (ds_data == NULL) { | ||||
|         ESP_LOGE(TAG, "Error in reading DS data from NVS"); | ||||
|         vTaskDelete(NULL); | ||||
|     } | ||||
|     char *device_cert = NULL; | ||||
|     esp_err_t ret; | ||||
|     uint32_t len; | ||||
|     ret = esp_secure_cert_get_device_cert(&device_cert, &len); | ||||
|     if (ret != ESP_OK) { | ||||
|         ESP_LOGE(TAG, "Failed to obtain the device certificate"); | ||||
|         vTaskDelete(NULL); | ||||
|     } | ||||
|  | ||||
|     const esp_mqtt_client_config_t mqtt_cfg = { | ||||
|         .broker = { | ||||
|             .address.uri = "mqtts://test.mosquitto.org:8884", | ||||
|             .verification.certificate =  (const char *)server_cert_pem_start, | ||||
|         }, | ||||
|         .credentials = { | ||||
|             .authentication = { | ||||
|                 .certificate = (const char *)device_cert, | ||||
|                 .key = NULL, | ||||
|                 .ds_data = (void *)ds_data | ||||
|             }, | ||||
|         }, | ||||
|     }; | ||||
|  | ||||
|     ESP_LOGI(TAG, "[APP] Free memory: %" PRIu32 " bytes", esp_get_free_heap_size()); | ||||
|     esp_mqtt_client_handle_t client = esp_mqtt_client_init(&mqtt_cfg); | ||||
|     esp_mqtt_client_register_event(client, ESP_EVENT_ANY_ID, mqtt_event_handler, NULL); | ||||
|     esp_mqtt_client_start(client); | ||||
| } | ||||
|  | ||||
| void app_main(void) | ||||
| { | ||||
|     ESP_LOGI(TAG, "[APP] Startup.."); | ||||
|     ESP_LOGI(TAG, "[APP] Free memory: %" PRIu32 " bytes", esp_get_free_heap_size()); | ||||
|     ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version()); | ||||
|  | ||||
|     esp_log_level_set("*", ESP_LOG_INFO); | ||||
|     esp_log_level_set("mqtt_client", ESP_LOG_VERBOSE); | ||||
|     esp_log_level_set("transport_base", ESP_LOG_VERBOSE); | ||||
|     esp_log_level_set("transport", ESP_LOG_VERBOSE); | ||||
|     esp_log_level_set("outbox", ESP_LOG_VERBOSE); | ||||
|  | ||||
|     ESP_ERROR_CHECK(nvs_flash_init()); | ||||
|     ESP_ERROR_CHECK(esp_netif_init()); | ||||
|     ESP_ERROR_CHECK(esp_event_loop_create_default()); | ||||
|  | ||||
|     /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig. | ||||
|      * Read "Establishing Wi-Fi or Ethernet Connection" section in | ||||
|      * examples/protocols/README.md for more information about this function. | ||||
|      */ | ||||
|     ESP_ERROR_CHECK(example_connect()); | ||||
|  | ||||
|     mqtt_app_start(); | ||||
| } | ||||
| @@ -1,6 +0,0 @@ | ||||
| dependencies: | ||||
|   espressif/esp_secure_cert_mgr: ^2.0.2 | ||||
|   espressif/mqtt: | ||||
|     version: '*' | ||||
|   protocol_examples_common: | ||||
|     path: ${IDF_PATH}/examples/common_components/protocol_examples_common | ||||
| @@ -1,25 +0,0 @@ | ||||
| -----BEGIN CERTIFICATE----- | ||||
| MIIEAzCCAuugAwIBAgIUBY1hlCGvdj4NhBXkZ/uLUZNILAwwDQYJKoZIhvcNAQEL | ||||
| BQAwgZAxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwG | ||||
| A1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1vc3F1aXR0bzELMAkGA1UECwwCQ0ExFjAU | ||||
| BgNVBAMMDW1vc3F1aXR0by5vcmcxHzAdBgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hv | ||||
| by5vcmcwHhcNMjAwNjA5MTEwNjM5WhcNMzAwNjA3MTEwNjM5WjCBkDELMAkGA1UE | ||||
| BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTES | ||||
| MBAGA1UECgwJTW9zcXVpdHRvMQswCQYDVQQLDAJDQTEWMBQGA1UEAwwNbW9zcXVp | ||||
| dHRvLm9yZzEfMB0GCSqGSIb3DQEJARYQcm9nZXJAYXRjaG9vLm9yZzCCASIwDQYJ | ||||
| KoZIhvcNAQEBBQADggEPADCCAQoCggEBAME0HKmIzfTOwkKLT3THHe+ObdizamPg | ||||
| UZmD64Tf3zJdNeYGYn4CEXbyP6fy3tWc8S2boW6dzrH8SdFf9uo320GJA9B7U1FW | ||||
| Te3xda/Lm3JFfaHjkWw7jBwcauQZjpGINHapHRlpiCZsquAthOgxW9SgDgYlGzEA | ||||
| s06pkEFiMw+qDfLo/sxFKB6vQlFekMeCymjLCbNwPJyqyhFmPWwio/PDMruBTzPH | ||||
| 3cioBnrJWKXc3OjXdLGFJOfj7pP0j/dr2LH72eSvv3PQQFl90CZPFhrCUcRHSSxo | ||||
| E6yjGOdnz7f6PveLIB574kQORwt8ePn0yidrTC1ictikED3nHYhMUOUCAwEAAaNT | ||||
| MFEwHQYDVR0OBBYEFPVV6xBUFPiGKDyo5V3+Hbh4N9YSMB8GA1UdIwQYMBaAFPVV | ||||
| 6xBUFPiGKDyo5V3+Hbh4N9YSMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL | ||||
| BQADggEBAGa9kS21N70ThM6/Hj9D7mbVxKLBjVWe2TPsGfbl3rEDfZ+OKRZ2j6AC | ||||
| 6r7jb4TZO3dzF2p6dgbrlU71Y/4K0TdzIjRj3cQ3KSm41JvUQ0hZ/c04iGDg/xWf | ||||
| +pp58nfPAYwuerruPNWmlStWAXf0UTqRtg4hQDWBuUFDJTuWuuBvEXudz74eh/wK | ||||
| sMwfu1HFvjy5Z0iMDU8PUDepjVolOCue9ashlS4EB5IECdSR2TItnAIiIwimx839 | ||||
| LdUdRudafMu5T5Xma182OC0/u/xRlEm+tvKGGmfFcN0piqVl8OrSPBgIlb+1IKJE | ||||
| m/XriWr/Cq4h/JfB7NTsezVslgkBaoU= | ||||
| -----END CERTIFICATE----- | ||||
| --- | ||||
| @@ -1,6 +0,0 @@ | ||||
| # ESP-IDF Partition Table | ||||
| # Name, Type, SubType, Offset, Size, Flags | ||||
| esp_secure_cert,0x3F,,,0x2000, | ||||
| nvs,data,nvs,,24K, | ||||
| phy_init,data,phy,,4K, | ||||
| factory,app,factory,0x20000,1500K, | ||||
| 
 | 
| @@ -1,7 +0,0 @@ | ||||
| CONFIG_PARTITION_TABLE_CUSTOM=y | ||||
| # Setting partition table offset to 0xC000 would make the address of | ||||
| # `esp_secure_cert` partition as 0xD000 (comes next in the sequence). | ||||
| # Modules that are programmed with  Espressif Secure Pre Provisioining service | ||||
| # uses this offset for `esp_secure_cert` and hence this change aligns this example | ||||
| # to work on those modules. | ||||
| CONFIG_PARTITION_TABLE_OFFSET=0xC000 | ||||
| @@ -1,2 +0,0 @@ | ||||
| CONFIG_EXAMPLE_CONNECT_WIFI=n | ||||
| CONFIG_EXAMPLE_CONNECT_ETHERNET=y | ||||
		Reference in New Issue
	
	Block a user