From feb7bb6f8ae21bd5a28d13d20be48eb29a6fa4ee Mon Sep 17 00:00:00 2001
From: David Cermak <cermak@espressif.com>
Date: Thu, 23 May 2019 21:48:08 +0200
Subject: [PATCH] esp_tls: enable psk verification mode, added mqtt example
 using psk authentication

---
 .../protocols/mqtt/ssl_psk/CMakeLists.txt     |  10 ++
 examples/protocols/mqtt/ssl_psk/Makefile      |   9 ++
 examples/protocols/mqtt/ssl_psk/README.md     |  76 ++++++++++
 .../mqtt/ssl_psk/main/CMakeLists.txt          |   4 +
 .../protocols/mqtt/ssl_psk/main/app_main.c    | 141 ++++++++++++++++++
 .../protocols/mqtt/ssl_psk/main/component.mk  |   0
 .../protocols/mqtt/ssl_psk/sdkconfig.defaults |   1 +
 7 files changed, 241 insertions(+)
 create mode 100644 examples/protocols/mqtt/ssl_psk/CMakeLists.txt
 create mode 100644 examples/protocols/mqtt/ssl_psk/Makefile
 create mode 100644 examples/protocols/mqtt/ssl_psk/README.md
 create mode 100644 examples/protocols/mqtt/ssl_psk/main/CMakeLists.txt
 create mode 100644 examples/protocols/mqtt/ssl_psk/main/app_main.c
 create mode 100644 examples/protocols/mqtt/ssl_psk/main/component.mk
 create mode 100644 examples/protocols/mqtt/ssl_psk/sdkconfig.defaults

diff --git a/examples/protocols/mqtt/ssl_psk/CMakeLists.txt b/examples/protocols/mqtt/ssl_psk/CMakeLists.txt
new file mode 100644
index 0000000..77934fa
--- /dev/null
+++ b/examples/protocols/mqtt/ssl_psk/CMakeLists.txt
@@ -0,0 +1,10 @@
+# The following four lines of boilerplate have to be in your project's CMakeLists
+# in this exact order for cmake to work correctly
+cmake_minimum_required(VERSION 3.5)
+
+# (Not part of the boilerplate)
+# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
+include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+project(mqtt_ssl_psk)
diff --git a/examples/protocols/mqtt/ssl_psk/Makefile b/examples/protocols/mqtt/ssl_psk/Makefile
new file mode 100644
index 0000000..24bec17
--- /dev/null
+++ b/examples/protocols/mqtt/ssl_psk/Makefile
@@ -0,0 +1,9 @@
+#
+# This is a project Makefile. It is assumed the directory this Makefile resides in is a
+# project subdirectory.
+#
+PROJECT_NAME := mqtt_ssl_psk
+
+EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_common
+
+include $(IDF_PATH)/make/project.mk
diff --git a/examples/protocols/mqtt/ssl_psk/README.md b/examples/protocols/mqtt/ssl_psk/README.md
new file mode 100644
index 0000000..c46688f
--- /dev/null
+++ b/examples/protocols/mqtt/ssl_psk/README.md
@@ -0,0 +1,76 @@
+# ESP-MQTT SSL example with PSK verification 
+
+(See the README.md file in the upper level 'examples' directory for more information about examples.)
+
+This example connects to a local broker configured to PSK authentication
+
+## How to use example
+
+### Hardware Required
+
+This example can be executed on any ESP32 board, the only required interface is WiFi (or ethernet) to connect to a MQTT 
+broker with preconfigured PSK verification method.
+
+#### Mosquitto settings
+In case of using mosquitto broker, here is how to enable PSK authentication in `mosquitto.config`, 
+```
+psk_hint hint
+psk_file path_to_your_psk_file
+allow_anonymous true
+```
+Note: Last line enables anonymous mode, as this example does not use mqtt username and password.
+
+PSK file then has to contain pairs of hints and keys, as shown below:
+```
+hint:BAD123
+```
+
+Important note: Keys are stored as text hexadecimal values in PSK file, while the example code stores key as plain binary
+as required by MQTT API. (See the example source for details: `"BAD123" -> 0xBA, 0xD1, 0x23`)
+
+### Configure the project
+
+* Run `make menuconfig` (or `idf.py menuconfig` if using CMake build system)
+* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../../README.md) for more details.
+* When using Make build system, set `Default serial port` under `Serial flasher config`.
+
+### Build and Flash
+
+
+(To exit the serial monitor, type ``Ctrl-]``.)
+
+See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects.
+
+## Example Output
+
+```
+I (2160) example_connect: Ethernet Link Up
+I (4650) example_connect: Connected to Ethernet
+I (4650) example_connect: IPv4 address: 192.168.0.1
+I (4650) MQTTS_EXAMPLE: [APP] Free memory: 244792 bytes
+I (4660) system_api: Base MAC address is not set, read default base MAC address from BLK0 of EFUSE
+D (4670) MQTT_CLIENT: MQTT client_id=ESP32_c6B4F8
+D (4680) MQTT_CLIENT: Core selection disabled
+I (4680) MQTTS_EXAMPLE: Other event id:7
+D (4680) esp-tls: host:192.168.0.2: strlen 13
+D (4700) esp-tls: ssl psk authentication
+D (4700) esp-tls: handshake in progress...
+D (4720) MQTT_CLIENT: Transport connected to mqtts://192.168.0.2:8883
+I (4720) MQTT_CLIENT: Sending MQTT CONNECT message, type: 1, id: 0000
+D (4720) MQTT_CLIENT: mqtt_message_receive: first byte: 0x20
+D (4730) MQTT_CLIENT: mqtt_message_receive: read "remaining length" byte: 0x2
+D (4730) MQTT_CLIENT: mqtt_message_receive: total message length: 4 (already read: 2)
+D (4740) MQTT_CLIENT: mqtt_message_receive: read_len=2
+D (4750) MQTT_CLIENT: mqtt_message_receive: transport_read():4 4
+D (4750) MQTT_CLIENT: Connected
+I (4760) MQTTS_EXAMPLE: MQTT_EVENT_CONNECTED
+D (4760) MQTT_CLIENT: mqtt_enqueue id: 4837, type=8 successful
+D (4770) OUTBOX: ENQUEUE msgid=4837, msg_type=8, len=18, size=18
+D (4770) MQTT_CLIENT: Sent subscribe topic=/topic/qos0, id: 4837, type=8 successful
+I (4780) MQTTS_EXAMPLE: sent subscribe successful, msg_id=4837
+D (4790) MQTT_CLIENT: mqtt_enqueue id: 58982, type=8 successful
+D (4790) OUTBOX: ENQUEUE msgid=58982, msg_type=8, len=18, size=36
+D (4800) MQTT_CLIENT: Sent subscribe topic=/topic/qos1, id: 58982, type=8 successful
+I (4810) MQTTS_EXAMPLE: sent subscribe successful, msg_id=58982
+```
+
diff --git a/examples/protocols/mqtt/ssl_psk/main/CMakeLists.txt b/examples/protocols/mqtt/ssl_psk/main/CMakeLists.txt
new file mode 100644
index 0000000..6b03500
--- /dev/null
+++ b/examples/protocols/mqtt/ssl_psk/main/CMakeLists.txt
@@ -0,0 +1,4 @@
+set(COMPONENT_SRCS "app_main.c")
+set(COMPONENT_ADD_INCLUDEDIRS ".")
+
+register_component()
diff --git a/examples/protocols/mqtt/ssl_psk/main/app_main.c b/examples/protocols/mqtt/ssl_psk/main/app_main.c
new file mode 100644
index 0000000..7a08d17
--- /dev/null
+++ b/examples/protocols/mqtt/ssl_psk/main/app_main.c
@@ -0,0 +1,141 @@
+/* MQTT over SSL Example
+
+   This example code is in the Public Domain (or CC0 licensed, at your option.)
+
+   Unless required by applicable law or agreed to in writing, this
+   software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+   CONDITIONS OF ANY KIND, either express or implied.
+*/
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stddef.h>
+#include <string.h>
+#include "esp_wifi.h"
+#include "esp_system.h"
+#include "nvs_flash.h"
+#include "esp_event.h"
+#include "tcpip_adapter.h"
+#include "protocol_examples_common.h"
+
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "freertos/semphr.h"
+#include "freertos/queue.h"
+
+#include "lwip/sockets.h"
+#include "lwip/dns.h"
+#include "lwip/netdb.h"
+
+#include "esp_log.h"
+#include "mqtt_client.h"
+#include "esp_tls.h"
+
+/*
+ * Add here URI of mqtt broker which supports PSK authentication
+ */
+#define EXAMPLE_BROKER_URI "mqtts://192.168.0.2"
+
+static const char *TAG = "MQTTS_EXAMPLE";
+
+/*
+ * Define psk key and hint as defined in mqtt broker
+ * example for mosquitto server, content of psk_file:
+ * hint:BAD123
+ *
+ */
+static const uint8_t s_key[] = { 0xBA, 0xD1, 0x23 };
+
+static const psk_hint_key_t psk_hint_key = {
+        .key = s_key,
+        .key_size = sizeof(s_key),
+        .hint = "hint"
+        };
+
+static esp_err_t mqtt_event_handler(esp_mqtt_event_handle_t event)
+{
+    esp_mqtt_client_handle_t client = event->client;
+    int msg_id;
+    // your_context_t *context = event->context;
+    switch (event->event_id) {
+        case MQTT_EVENT_CONNECTED:
+            ESP_LOGI(TAG, "MQTT_EVENT_CONNECTED");
+            msg_id = esp_mqtt_client_subscribe(client, "/topic/qos0", 0);
+            ESP_LOGI(TAG, "sent subscribe successful, msg_id=%d", msg_id);
+
+            msg_id = esp_mqtt_client_subscribe(client, "/topic/qos1", 1);
+            ESP_LOGI(TAG, "sent subscribe successful, msg_id=%d", msg_id);
+
+            msg_id = esp_mqtt_client_unsubscribe(client, "/topic/qos1");
+            ESP_LOGI(TAG, "sent unsubscribe successful, msg_id=%d", msg_id);
+            break;
+        case MQTT_EVENT_DISCONNECTED:
+            ESP_LOGI(TAG, "MQTT_EVENT_DISCONNECTED");
+            break;
+
+        case MQTT_EVENT_SUBSCRIBED:
+            ESP_LOGI(TAG, "MQTT_EVENT_SUBSCRIBED, msg_id=%d", event->msg_id);
+            msg_id = esp_mqtt_client_publish(client, "/topic/qos0", "data", 0, 0, 0);
+            ESP_LOGI(TAG, "sent publish successful, msg_id=%d", msg_id);
+            break;
+        case MQTT_EVENT_UNSUBSCRIBED:
+            ESP_LOGI(TAG, "MQTT_EVENT_UNSUBSCRIBED, msg_id=%d", event->msg_id);
+            break;
+        case MQTT_EVENT_PUBLISHED:
+            ESP_LOGI(TAG, "MQTT_EVENT_PUBLISHED, msg_id=%d", event->msg_id);
+            break;
+        case MQTT_EVENT_DATA:
+            ESP_LOGI(TAG, "MQTT_EVENT_DATA");
+            printf("TOPIC=%.*s\r\n", event->topic_len, event->topic);
+            printf("DATA=%.*s\r\n", event->data_len, event->data);
+            break;
+        case MQTT_EVENT_ERROR:
+            ESP_LOGI(TAG, "MQTT_EVENT_ERROR");
+            break;
+        default:
+            ESP_LOGI(TAG, "Other event id:%d", event->event_id);
+            break;
+    }
+    return ESP_OK;
+}
+
+
+static void mqtt_app_start(void)
+{
+    const esp_mqtt_client_config_t mqtt_cfg = {
+        .uri = EXAMPLE_BROKER_URI,
+        .event_handle = mqtt_event_handler,
+        .psk_hint_key = &psk_hint_key,
+    };
+
+    ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size());
+    esp_mqtt_client_handle_t client = esp_mqtt_client_init(&mqtt_cfg);
+    esp_mqtt_client_start(client);
+}
+
+void app_main(void)
+{
+    ESP_LOGI(TAG, "[APP] Startup..");
+    ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size());
+    ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version());
+
+    esp_log_level_set("*", ESP_LOG_INFO);
+    esp_log_level_set("MQTT_CLIENT", ESP_LOG_VERBOSE);
+    esp_log_level_set("TRANSPORT_TCP", ESP_LOG_VERBOSE);
+    esp_log_level_set("TRANSPORT_SSL", ESP_LOG_VERBOSE);
+    esp_log_level_set("esp-tls", ESP_LOG_VERBOSE);
+    esp_log_level_set("TRANSPORT", ESP_LOG_VERBOSE);
+    esp_log_level_set("OUTBOX", ESP_LOG_VERBOSE);
+
+    ESP_ERROR_CHECK(nvs_flash_init());
+    tcpip_adapter_init();
+    ESP_ERROR_CHECK(esp_event_loop_create_default());
+
+    /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
+     * Read "Establishing Wi-Fi or Ethernet Connection" section in
+     * examples/protocols/README.md for more information about this function.
+     */
+    ESP_ERROR_CHECK(example_connect());
+
+    mqtt_app_start();
+}
diff --git a/examples/protocols/mqtt/ssl_psk/main/component.mk b/examples/protocols/mqtt/ssl_psk/main/component.mk
new file mode 100644
index 0000000..e69de29
diff --git a/examples/protocols/mqtt/ssl_psk/sdkconfig.defaults b/examples/protocols/mqtt/ssl_psk/sdkconfig.defaults
new file mode 100644
index 0000000..1df83e8
--- /dev/null
+++ b/examples/protocols/mqtt/ssl_psk/sdkconfig.defaults
@@ -0,0 +1 @@
+CONFIG_ESP_TLS_PSK_VERIFICATION=y