Skip to content
Permalink
Browse files

lib: updatehub: add suport a CoAPS/DTLS

This extends the UpdateHub library code to allow the
use of CoAPS/DTLS for communication.

Refs: #13039.

Signed-off-by: Christian Tavares <christian.tavares@ossystems.com.br>
  • Loading branch information...
chtavares592 authored and carlescufi committed Mar 19, 2019
1 parent 297ac37 commit c5d74eccdaa3e069e858c1cb87412697bc5d8e65
@@ -1,5 +1,5 @@
#
# Copyright (c) 2018 O.S.Systems
# Copyright (c) 2018, 2019 O.S.Systems
#
# SPDX -License-Identifier: Apache-2.0
#
@@ -79,6 +79,17 @@ config UPDATEHUB_SHELL
help
Activate shell module that provides UpdateHub commands like

config UPDATEHUB_DTLS
bool"Activite communication CoAPS/DTLS"
depends on UPDATEHUB
select MBEDTLS
select MBEDTLS_ENABLE_HEAP
select NET_SOCKETS_SOCKOPT_TLS
select NET_SOCKETS_ENABLE_DTLS
help
Enables DTLS communication between the UpdateHub
client and the server

module = UPDATEHUB
module-str = Log level for UpdateHub
module-help = Enables logging for UpdateHub code.
@@ -12,7 +12,7 @@
#include "updatehub_firmware.h"
#include "updatehub_device.h"

#if defined(CONFIG_UPDATEHUB_CE_SERVER)
#if defined(CONFIG_UPDATEHUB_CE)
#define UPDATEHUB_SERVER CONFIG_UPDATEHUB_SERVER
#else
#define UPDATEHUB_SERVER "coap.updatehub.io"
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018 O.S.Systems
* Copyright (c) 2018, 2019 O.S.Systems
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -27,6 +27,11 @@ LOG_MODULE_REGISTER(updatehub);
#include "updatehub_firmware.h"
#include "updatehub_device.h"

#if defined(CONFIG_UPDATEHUB_DTLS)
#define CA_CERTIFICATE_TAG 1
#include <net/tls_credentials.h>
#endif

#define NETWORK_TIMEOUT K_SECONDS(2)
#define UPDATEHUB_POLL_INTERVAL K_MINUTES(CONFIG_UPDATEHUB_POLL_INTERVAL)
#define MAX_PATH_SIZE 255
@@ -127,8 +132,18 @@ static bool start_coap_client(void)
struct addrinfo *addr;
int resolve_attempts = 10;

#if defined(CONFIG_UPDATEHUB_DTLS)
int verify = 0;
sec_tag_t sec_list[] = { CA_CERTIFICATE_TAG };
int protocol = IPPROTO_DTLS_1_2;
char port[] = "5684";
#else
int protocol = IPPROTO_UDP;
char port[] = "5683";
#endif

while (resolve_attempts--) {
if (getaddrinfo(UPDATEHUB_SERVER, "5683", &hints, &addr) == 0) {
if (getaddrinfo(UPDATEHUB_SERVER, port, &hints, &addr) == 0) {
break;
}
if (resolve_attempts-- == 0) {
@@ -137,12 +152,25 @@ static bool start_coap_client(void)
}
}

ctx.sock = socket(addr->ai_family, SOCK_DGRAM, IPPROTO_UDP);
ctx.sock = socket(addr->ai_family, SOCK_DGRAM, protocol);
if (ctx.sock < 0) {
LOG_ERR("Failed to create UDP socket");
return false;
}

#if defined(CONFIG_UPDATEHUB_DTLS)
if (setsockopt(ctx.sock, SOL_TLS, TLS_SEC_TAG_LIST,
sec_list, sizeof(sec_list)) < 0) {
LOG_ERR("Failed to set TLS_TAG option");
return false;
}

if (setsockopt(ctx.sock, SOL_TLS, TLS_PEER_VERIFY, &verify, sizeof(int)) < 0) {
LOG_ERR("Failed to set TLS_PEER_VERIFY option");
return false;
}
#endif

if (connect(ctx.sock, addr->ai_addr, addr->ai_addrlen) < 0) {
LOG_ERR("Cannot connect to UDP remote");
return false;
@@ -161,6 +189,7 @@ static void cleanup_conection(void)

memset(&ctx.fds[1], 0, sizeof(ctx.fds[1]));
ctx.nfds = 0;
ctx.sock = 0;
}

static int send_request(enum coap_msgtype msgtype, enum coap_method method,
@@ -11,3 +11,16 @@ include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
project(NONE)

target_sources(app PRIVATE src/main.c)

if(CONFIG_UPDATEHUB_DTLS)
foreach(inc_file
servercert.der
privkey.der
)
generate_inc_file_for_target(
${ZEPHYR_CURRENT_LIBRARY}
src/certificates/${inc_file}
${gen_dir}/${inc_file}.inc
)
endforeach()
endif()
@@ -67,6 +67,25 @@ Step 3: Start the updatehub Community Edition
By default, the updatehub application is set to start on the UpdateHub Cloud.
For more details on how to use the UpdateHub Cloud please refer to the
documentation on `updatehub.io`_.
The UpdateHub Cloud has the option to use CoAPS/DTLS or not. If the user want
to use the CoAPS/DTLS just need to add the ``overlay-dtls.conf`` at the build.
You must use the certificate available just for test example. For you create a new certificates
you can execute this following commands:

.. code-block:: console

openssl genrsa -out privkey.pem 512

openssl req -new -x509 -key privkey.pem -out servercert.pem

The cert and private key that is to be embedded into certificates.h in your application, can be generated like this:

.. code-block:: console

openssl x509 -in servercert.pem -outform DER -out servercert.der

openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in privkey.pem \
-out privkey.der

If you would like to use your own server, the steps below explain how
updatehub works with updatehub-ce running, started by the
@@ -81,6 +100,7 @@ Using this server the user need create own ``overaly-prj.conf`` setting the opti
:option:`CONFIG_UPDATEHUB_CE` with true. If the user will use polling mode on
UpdateHub need too set the option :option:`CONFIG_UPDATEHUB_POLL_INTERVAL` with the period of
your preference, remembering that the limit is between 0 minute until 43200 minutes(30 days).
This server does not use DTLS, so you must not add ``overlay-dtls.config``.

Step 4: Build UpdateHub
=======================
@@ -0,0 +1,13 @@
#
# Copyright (c) 2019 O.S.Systems
#
# SPDX-License-Identifier: Apache-2.0
#

CONFIG_UPDATEHUB_DTLS=y
#Minimal TLS configuration
CONFIG_MAIN_STACK_SIZE=3000
CONFIG_NET_BUF_RX_COUNT=50
CONFIG_MBEDTLS_HEAP_SIZE=60000
# End tls configs

@@ -0,0 +1,23 @@
/*
* Copyright (c) 2019 O.S.Systems
*
* SPDX-License-Identifier: Apache-2.0
*/

#ifndef __CERTIFICATE_H__
#define __CERTIFICATE_H__

#if defined(CONFIG_UPDATEHUB_DTLS)
#define CA_CERTIFICATE_TAG 1

static const unsigned char server_certificate[] = {
#include "servercert.der.inc"
};


static const unsigned char private_key[] = {
#include "privkey.der.inc"
};

#endif
#endif /* __CERTIFICATE_H__ */
Binary file not shown.
Binary file not shown.
@@ -10,6 +10,11 @@
#include <misc/printk.h>
#include <logging/log.h>

#if defined(CONFIG_UPDATEHUB_DTLS)
#include <net/tls_credentials.h>
#include "c_certificates.h"
#endif

LOG_MODULE_REGISTER(main);

int main(void)
@@ -18,6 +23,24 @@ int main(void)

LOG_INF("UpdateHub sample app started");

#if defined(CONFIG_UPDATEHUB_DTLS)
if (tls_credential_add(CA_CERTIFICATE_TAG,
TLS_CREDENTIAL_SERVER_CERTIFICATE,
server_certificate,
sizeof(server_certificate)) < 0) {
LOG_ERR("Failed to register server certificate");
return -1;
}

if (tls_credential_add(CA_CERTIFICATE_TAG,
TLS_CREDENTIAL_PRIVATE_KEY,
private_key,
sizeof(private_key)) < 0) {
LOG_ERR("Failed to register private key");
return -1;
}
#endif

/* The image of application needed be confirmed */
LOG_INF("Confirming the boot image");
ret = boot_write_img_confirmed();

0 comments on commit c5d74ec

Please sign in to comment.
You can’t perform that action at this time.