Mqtt-mbedtls

.vscode/settings.json

@@ -16,4 +16,4 @@
 	"prettier.tabWidth": 4,
 	"prettier.useTabs": true,
 	"prettier.printWidth": 120
-}
+}

Makefile

@@ -1,8 +1,12 @@
 # HACK - if COMPILE_PREX defined then we are being called running from original build_app.sh script in standard SDK
 # Required to not break old build_app.sh script lines 74-77
+MBEDTLS=output/mbedtls-2.28.5
 ifdef COMPILE_PREX
 all:
 	@echo Calling original build_app.sh script
+	mkdir -p output
+	if [ ! -d "$(MBEDTLS)" ]; then wget -q "https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v2.28.5.tar.gz"; tar -xf v2.28.5.tar.gz -C output; rm -f v2.28.5.tar.gz; fi	
+	mv $(MBEDTLS)/library/base64.c $(MBEDTLS)/library/base64_mbedtls.c
 	cd $(PWD)/../../platforms/$(TARGET_PLATFORM)/toolchain/$(TUYA_APPS_BUILD_PATH) && sh $(TUYA_APPS_BUILD_CMD) $(APP_NAME) $(APP_VERSION) $(TARGET_PLATFORM) $(USER_CMD)
 else
 
@@ -77,9 +81,15 @@ sdk/OpenLN882H/project/OpenBeken/app:
 
 # Build main binaries
 OpenBK7231T:
+	mkdir -p output
+	if [ ! -d "$(MBEDTLS)" ]; then wget -q "https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v2.28.5.tar.gz"; tar -xf v2.28.5.tar.gz -C output; rm -f v2.28.5.tar.gz; fi	
+	mv $(MBEDTLS)/library/base64.c $(MBEDTLS)/library/base64_mbedtls.c
 	$(MAKE) APP_NAME=OpenBK7231T TARGET_PLATFORM=bk7231t SDK_PATH=sdk/OpenBK7231T APPS_BUILD_PATH=../bk7231t_os build-BK7231
 
 OpenBK7231N:
+	mkdir -p output
+	if [ ! -d "$(MBEDTLS)" ]; then wget -q "https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v2.28.5.tar.gz"; tar -xf v2.28.5.tar.gz -C output; rm -f v2.28.5.tar.gz; fi	
+	mv $(MBEDTLS)/library/base64.c $(MBEDTLS)/library/base64_mbedtls.c
 	$(MAKE) APP_NAME=OpenBK7231N TARGET_PLATFORM=bk7231n SDK_PATH=sdk/OpenBK7231N APPS_BUILD_PATH=../bk7231n_os build-BK7231
 
 sdk/OpenXR809/tools/gcc-arm-none-eabi-4_9-2015q2:

components.mk

@@ -0,0 +1,69 @@
+ifeq ($(TARGET_PLATFORM),bk7231n)
+
+CFG_USE_MQTT_TLS ?= 1
+
+ifeq ($(CFG_USE_MQTT_TLS),1)
+
+MBEDTLS_DIR = $(TOP_DIR)/apps/$(APP_BIN_NAME)/output/mbedtls-2.28.5
+INCLUDES := -I$(MBEDTLS_DIR)/include -I$(TOP_DIR)/apps/$(APP_BIN_NAME)/src $(INCLUDES)
+MQTT_TLS_DEFS += -DMQTT_USE_TLS=1
+MQTT_TLS_DEFS += -DLWIP_ALTCP=1
+MQTT_TLS_DEFS += -DLWIP_ALTCP_TLS=1
+MQTT_TLS_DEFS += -DLWIP_ALTCP_TLS_MBEDTLS=1
+MQTT_TLS_DEFS += -DMEMP_NUM_ALTCP_PCB=4
+MQTT_TLS_DEFS += -DMBEDTLS_CONFIG_FILE='"user_mbedtls_config.h"'
+CPPDEFINES += $(MQTT_TLS_DEFS) -Wno-misleading-indentation
+OSFLAGS += $(MQTT_TLS_DEFS)
+
+SRC_C += ./beken378/func/lwip_intf/lwip-2.1.3/src/apps/altcp_tls/altcp_tls_mbedtls.c
+SRC_C += ./beken378/func/lwip_intf/lwip-2.1.3/src/apps/altcp_tls/altcp_tls_mbedtls_mem.c
+SRC_C += ${MBEDTLS_DIR}/library/ssl_tls.c
+SRC_C += ${MBEDTLS_DIR}/library/x509_crt.c
+SRC_C += ${MBEDTLS_DIR}/library/entropy.c
+SRC_C += ${MBEDTLS_DIR}/library/chachapoly.c
+SRC_C += ${MBEDTLS_DIR}/library/ctr_drbg.c
+SRC_C += ${MBEDTLS_DIR}/library/ssl_msg.c
+SRC_C += ${MBEDTLS_DIR}/library/debug.c
+SRC_C += ${MBEDTLS_DIR}/library/md.c
+SRC_C += ${MBEDTLS_DIR}/library/sha512.c
+SRC_C += ${MBEDTLS_DIR}/library/platform_util.c
+SRC_C += ${MBEDTLS_DIR}/library/sha256.c
+SRC_C += ${MBEDTLS_DIR}/library/sha1.c
+SRC_C += ${MBEDTLS_DIR}/library/ripemd160.c
+SRC_C += ${MBEDTLS_DIR}/library/md5.c
+SRC_C += ${MBEDTLS_DIR}/library/cipher.c
+SRC_C += ${MBEDTLS_DIR}/library/gcm.c
+SRC_C += ${MBEDTLS_DIR}/library/chacha20.c
+SRC_C += ${MBEDTLS_DIR}/library/ccm.c
+SRC_C += ${MBEDTLS_DIR}/library/constant_time.c
+SRC_C += ${MBEDTLS_DIR}/library/aes.c
+SRC_C += ${MBEDTLS_DIR}/library/poly1305.c
+SRC_C += ${MBEDTLS_DIR}/library/pem.c
+SRC_C += ${MBEDTLS_DIR}/library/des.c
+SRC_C += ${MBEDTLS_DIR}/library/asn1parse.c
+SRC_C += ${MBEDTLS_DIR}/library/base64_mbedtls.c
+SRC_C += ${MBEDTLS_DIR}/library/x509.c
+SRC_C += ${MBEDTLS_DIR}/library/oid.c
+SRC_C += ${MBEDTLS_DIR}/library/pkparse.c
+SRC_C += ${MBEDTLS_DIR}/library/ecp.c
+SRC_C += ${MBEDTLS_DIR}/library/bignum.c
+SRC_C += ${MBEDTLS_DIR}/library/pk.c
+SRC_C += ${MBEDTLS_DIR}/library/pk_wrap.c
+SRC_C += ${MBEDTLS_DIR}/library/ecdsa.c
+SRC_C += ${MBEDTLS_DIR}/library/asn1write.c
+SRC_C += ${MBEDTLS_DIR}/library/hmac_drbg.c
+SRC_C += ${MBEDTLS_DIR}/library/rsa.c
+SRC_C += ${MBEDTLS_DIR}/library/rsa_internal.c
+SRC_C += ${MBEDTLS_DIR}/library/ecp_curves.c
+SRC_C += ${MBEDTLS_DIR}/library/ssl_ciphersuites.c
+SRC_C += ${MBEDTLS_DIR}/library/ecdh.c
+SRC_C += ${MBEDTLS_DIR}/library/dhm.c
+SRC_C += ${MBEDTLS_DIR}/library/ssl_srv.c
+SRC_C += ${MBEDTLS_DIR}/library/cipher_wrap.c
+SRC_C += ${MBEDTLS_DIR}/library/arc4.c
+SRC_C += ${MBEDTLS_DIR}/library/blowfish.c
+SRC_C += ${MBEDTLS_DIR}/library/camellia.c
+SRC_C += ${MBEDTLS_DIR}/library/ssl_cli.c
+
+endif   #ifeq ($(CFG_USE_MQTT_TLS),1)
+endif   #ifeq ($(TARGET_PLATFORM),bk7231n)

docs/commands.md

@@ -298,4 +298,4 @@ Do not add anything here, as it will overwritten with next rebuild.
 | VCPPublishThreshold | [VoltageDeltaVolts][CurrentDeltaAmpers][PowerDeltaWats][EnergyDeltaWh] | Sets the minimal change between previous reported value over MQTT and next reported value over MQTT. Very useful for BL0942, BL0937, etc. So, if you set, VCPPublishThreshold 0.5 0.001 0.5, it will only report voltage again if the delta from previous reported value is largen than 0.5V. Remember, that the device will also ALWAYS force-report values every N seconds (default 60).<br/><br/>See also [VCPPublishThreshold on forum](https://www.elektroda.com/rtvforum/find.php?q=VCPPublishThreshold). |
 | VoltageSet | Voltage | Measure the real voltage with an external, reliable power meter and enter this voltage via this command to calibrate. The calibration is automatically saved in the flash memory.<br/><br/>See also [VoltageSet on forum](https://www.elektroda.com/rtvforum/find.php?q=VoltageSet). |
 | waitFor | [EventName] [Argument] | Wait forever for event. Can be used within script. For example, you can do: waitFor MQTTState 1 or waitFor NTPState 1. You can also do waitFor NoPingTime 600 to wait for 600 seconds without ping watchdog getting successful reply.<br/><br/>See also [waitFor on forum](https://www.elektroda.com/rtvforum/find.php?q=waitFor). |
-
+| WebServer | [1or0] | Enable/Disable web interface. 1 to Enable. 0 to Disable. No argument, returns the actual state of the web server interface. No effect on safe mode. In safe mode, the web interface is always enabled. |

src/cmnds/cmd_main.c

@@ -9,6 +9,8 @@
 #include "../driver/drv_public.h"
 #include "../hal/hal_adc.h"
 #include "../hal/hal_flashVars.h"
+#include "../httpserver/http_tcp_server.h"
+#include "../hal/hal_generic.h"
 
 int cmd_uartInitIndex = 0;
 
@@ -630,6 +632,37 @@ commandResult_t CMD_DeepSleep_SetEdge(const void* context, const char* cmd, cons
 	return CMD_RES_OK;
 }
 
+#if MQTT_USE_TLS
+static commandResult_t CMD_WebServer(const void* context, const char* cmd, const char* args, int cmdFlags) {	
+	int arg_count;
+	Tokenizer_TokenizeString(args, 0);
+	arg_count = Tokenizer_GetArgsCount();
+	if (arg_count == 0)
+	{
+		ADDLOG_INFO(LOG_FEATURE_CMD, "WebServer:%d", !CFG_GetDisableWebServer());
+		return CMD_RES_OK;
+	} 
+	if (arg_count == 1) {
+		if (strcmp(Tokenizer_GetArg(0) , "0") == 0) {
+			ADDLOG_INFO(LOG_FEATURE_CMD, "Stop WebServer");
+			CFG_SetDisableWebServer(true);
+			CFG_Save_IfThereArePendingChanges();
+			HTTPServer_Stop();
+			return CMD_RES_OK;
+		}
+		else if (strcmp(Tokenizer_GetArg(0), "1") == 0) {
+			ADDLOG_INFO(LOG_FEATURE_CMD, "Enable WebServer and restart");
+			CFG_SetDisableWebServer(false);
+			CFG_Save_IfThereArePendingChanges();
+			HAL_RebootModule();
+			return CMD_RES_OK;
+		}
+	} 
+	ADDLOG_ERROR(LOG_FEATURE_CMD, "Invalid Argument");
+	return CMD_RES_BAD_ARGUMENT;
+}
+#endif
+
 void CMD_Init_Early() {
 	//cmddetail:{"name":"alias","args":"[Alias][Command with spaces]",
 	//cmddetail:"descr":"add an aliased command, so a command with spaces can be called with a short, nospaced alias",
@@ -761,7 +794,14 @@ void CMD_Init_Early() {
 	//cmddetail:"fn":"NULL);","file":"cmnds/cmd_main.c","requires":"",
 	//cmddetail:"examples":""}
 	CMD_RegisterCommand("Choice", CMD_Choice, NULL);
+#if MQTT_USE_TLS
 	//CMD_RegisterCommand("FindPattern", CMD_FindPattern, NULL);
+	//cmddetail:{"name":"WebServer","args":"[0 - Stop / 1 - Start]",
+	//cmddetail:"descr":"Setting state of WebServer",
+	//cmddetail:"fn":"CMD_WebServer","file":"cmnds/cmd_main.c","requires":"",
+	//cmddetail:"examples":""}
+	CMD_RegisterCommand("WebServer", CMD_WebServer, NULL);
+#endif
 
 #if (defined WINDOWS) || (defined PLATFORM_BEKEN)
 	CMD_InitScripting();

src/httpserver/http_fns.c

@@ -18,6 +18,9 @@
 #include <time.h>
 #include "../driver/drv_ntp.h"
 #include "../driver/drv_local.h"
+#ifdef PLATFORM_BEKEN
+#include "start_type_pub.h"
+#endif
 
 static char SUBMIT_AND_END_FORM[] = "<br><input type=\"submit\" value=\"Submit\"></form>";
 
@@ -933,7 +936,24 @@ int http_fn_cfg_mqtt(http_request_t* request) {
 
 	add_label_text_field(request, "Host", "host", CFG_GetMQTTHost(), "<form action=\"/cfg_mqtt_set\">");
 	add_label_numeric_field(request, "Port", "port", CFG_GetMQTTPort(), "<br>");
-	add_label_text_field(request, "Client Topic (Base Topic)", "client", CFG_GetMQTTClientId(), "<br><br>");
+
+#if MQTT_USE_TLS
+	hprintf255(request, "<input type=\"checkbox\" id=\"mqtt_use_tls\" name=\"mqtt_use_tls\" value=\"1\"");
+	if (CFG_GetMQTTUseTls()) {
+		hprintf255(request, " checked>");
+	}
+	hprintf255(request, "<label for=\"mqtt_use_tls\">Use TLS</label><br>");
+
+	hprintf255(request, "<input type=\"checkbox\" id=\"mqtt_verify_tls_cert\" name=\"mqtt_verify_tls_cert\" value=\"1\"");
+	if (CFG_GetMQTTVerifyTlsCert()) {
+		hprintf255(request, " checked>");
+	}
+	hprintf255(request, "<label for=\"mqtt_use_tls\">Verify TLS Certificate</label><br>");
+
+	add_label_text_field(request, "Certificate File (CA Root or Public Certificate PEM format)", "mqtt_cert_file", CFG_GetMQTTCertFile(), "<br>");
+#endif
+
+	add_label_text_field(request, "Client Topic (Base Topic)", "client", CFG_GetMQTTClientId(), "<br>");
 	add_label_text_field(request, "Group Topic (Secondary Topic to only receive cmnds)", "group", CFG_GetMQTTGroupTopic(), "<br>");
 	add_label_text_field(request, "User", "user", CFG_GetMQTTUserName(), "<br>");
 	add_label_password_field(request, "Password", "password", CFG_GetMQTTPass(), "<br>");
@@ -1003,6 +1023,14 @@ int http_fn_cfg_mqtt_set(http_request_t* request) {
 	if (http_getArg(request->url, "port", tmpA, sizeof(tmpA))) {
 		CFG_SetMQTTPort(atoi(tmpA));
 	}
+
+#if MQTT_USE_TLS
+	CFG_SetMQTTUseTls(http_getArg(request->url, "mqtt_use_tls", tmpA, sizeof(tmpA)));
+	CFG_SetMQTTVerifyTlsCert(http_getArg(request->url, "mqtt_verify_tls_cert", tmpA, sizeof(tmpA)));
+	http_getArg(request->url, "mqtt_cert_file", tmpA, sizeof(tmpA));
+	CFG_SetMQTTCertFile(tmpA);
+#endif
+
 	if (http_getArg(request->url, "user", tmpA, sizeof(tmpA))) {
 		CFG_SetMQTTUserName(tmpA);
 	}
@@ -1033,6 +1061,15 @@ int http_fn_cfg_webapp(http_request_t* request) {
 	http_setup(request, httpMimeTypeHTML);
 	http_html_start(request, "Set Webapp");
 	add_label_text_field(request, "URL of the Webapp", "url", CFG_GetWebappRoot(), "<form action=\"/cfg_webapp_set\">");
+
+#if MQTT_USE_TLS
+	hprintf255(request, "<input type=\"checkbox\" id=\"enable_web_server\" name=\"enable_web_server\" value=\"1\"");
+	if (!CFG_GetDisableWebServer()) {
+		hprintf255(request, " checked>");
+	}
+	hprintf255(request, "<label for=\"enable_web_server\">Web Server Enabled</label><br>");
+#endif
+
 	poststr(request, SUBMIT_AND_END_FORM);
 	poststr(request, htmlFooterReturnToCfgOrMainPage);
 	http_html_end(request);
@@ -1054,6 +1091,14 @@ int http_fn_cfg_webapp_set(http_request_t* request) {
 		poststr(request, "Webapp url not set because you didn't specify the argument.");
 	}
 
+#if MQTT_USE_TLS
+	CFG_SetDisableWebServer(!http_getArg(request->url, "enable_web_server", tmpA, sizeof(tmpA)));
+	if (CFG_GetDisableWebServer()) {
+		poststr(request, "<br>");
+		poststr(request, "Webapp will be disabled on next boot!");
+	}
+#endif
+
 	poststr(request, "<br>");
 	poststr(request, htmlFooterReturnToCfgOrMainPage);
 	http_html_end(request);

src/httpserver/http_tcp_server.c

@@ -54,6 +54,17 @@ void HTTPServer_Start()
 	}
 }
 
+void HTTPServer_Stop()
+{
+	OSStatus err = kNoErr;
+
+	err = rtos_delete_thread(&g_http_thread);
+
+	if (err != kNoErr)
+	{
+		ADDLOG_ERROR(LOG_FEATURE_HTTP, "stop \"TCP_server\" thread failed with %i!\r\n", err);
+	}
+}
 
 int sendfn(int fd, char* data, int len) {
 	if (fd) {

src/httpserver/http_tcp_server.h

@@ -1,2 +1,3 @@
 
 void HTTPServer_Start();
+void HTTPServer_Stop();