Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add DTLS support to MQTT-SN client #348

Merged
merged 1 commit into from
Sep 1, 2023
Merged

Add DTLS support to MQTT-SN client #348

merged 1 commit into from
Sep 1, 2023

Conversation

embhorn
Copy link
Member

@embhorn embhorn commented Aug 25, 2023
edited
Loading

Tested with mosquitto as broker, https://github.com/eclipse/paho.mqtt-sn.embedded-c as gateway.

  1. To use with local mosquitto broker, edit MQTTSNGateway/gateway.conf. Also set paths to DTLS cert / key.
-BrokerName=mqtt.eclipseprojects.io
+BrokerName=localhost

...

-DtlsCertsKey=/etc/ssl/certs/gateway.pem
-DtlsPrivKey=/etc/ssl/private/privkey.pem
+#DtlsCertsKey=/etc/ssl/certs/gateway.pem
+DtlsCertsKey=/<path_to_repo>/wolfssl/certs/server-cert.pem
+#DtlsPrivKey=/etc/ssl/private/privkey.pem
+DtlsPrivKey=/<path_to_repo>/wolfssl/certs/server-key.pem
  • I had to fix a bug in the gateway (could be related to the openssl or compiler version):
diff --git a/MQTTSNGateway/src/linux/dtls/SensorNetwork.cpp b/MQTTSNGateway/src/linux/dtls/SensorNetwork.cpp
index 3f2dcf3..363d0ba 100644
--- a/MQTTSNGateway/src/linux/dtls/SensorNetwork.cpp
+++ b/MQTTSNGateway/src/linux/dtls/SensorNetwork.cpp
@@ -308,7 +308,7 @@ Connections::~Connections()
     {
         for (int i = 0; i < _numfds; i++)
         {
-            if (_ssls[i] > 0)
+            if (_ssls[i] > (SSL *)0)
             {
                 SSL_shutdown(_ssls[i]);
                 SSL_free(_ssls[i]);
@@ -416,7 +416,7 @@ void Connections::close(int index)
         }
     }
 
-    if (ssl > 0)
+    if (ssl > (SSL *)0)
     {
         _numfds--;
         SSL_shutdown(ssl);
  • Build gateway with DTLS:
    <gateway-folder>/MQTTSNGateway$ ./build.sh dtls
  1. Build wolfSSL with DTLS: ./configure --enable-dtls && make && sudo make install
  2. Build wolfMQTT with SN support: ./configure --enable-sn && make
  3. Run the broker: mosquitto
  4. Run the gateway: <gateway-folder>/MQTTSNGateway$ ./bin/MQTT-SNGateway
  5. To run the wolfMQTT sn-client example with DTLS:
    ./examples/sn-client/sn-client -t

@embhorn embhorn self-assigned this Aug 25, 2023
@embhorn embhorn force-pushed the sn-dtls branch 2 times, most recently from 5ff973a to f262a6b Compare August 28, 2023 13:43
embhorn
embhorn commented Aug 28, 2023
View reviewed changes
examples/mqttnet.c Outdated
Comment on lines 809 to 814
#if defined(WOLFMQTT_SN) && defined(WOLFSSL_DTLS)
if (wolfSSL_dtls(mqttCtx->client.tls.ssl)) {
break;
}
#endif
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not like this, but during the handshake, wolfSSL calls read with a max size of 1900b, never intending to fully fill the buffer. So I needed a way to break out of the loop. I am very open to suggestions here.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This just means you got some data and instead of waiting for "all" data you just break out for DTLS. Seems fine to me. However you can likely do this for the TLS case too...

@embhorn embhorn requested a review from lealem47 August 28, 2023 15:50
lealem47
lealem47 previously approved these changes Aug 29, 2023
View reviewed changes
Copy link
Contributor

@lealem47 lealem47 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and working. Perhaps add some of the PR notes into the SN example section of the README

@lealem47 lealem47 removed their assignment Aug 29, 2023
@embhorn
Copy link
Member Author

embhorn commented Aug 30, 2023

Tested and working. Perhaps add some of the PR notes into the SN example section of the README

I added a new README for the MQTT-SN examples. It was getting pretty long, so makes sense to move it.

@embhorn embhorn requested a review from dgarske August 30, 2023 13:34
dgarske
dgarske requested changes Aug 31, 2023
View reviewed changes
examples/mqttexample.c Show resolved Hide resolved
examples/mqttnet.c Outdated
Comment on lines 809 to 814
#if defined(WOLFMQTT_SN) && defined(WOLFSSL_DTLS)
if (wolfSSL_dtls(mqttCtx->client.tls.ssl)) {
break;
}
#endif
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This just means you got some data and instead of waiting for "all" data you just break out for DTLS. Seems fine to me. However you can likely do this for the TLS case too...

src/mqtt_packet.c Outdated
/* Read first 2 bytes using MSG_PEEK */
rc = MqttSocket_Peek(client, rx_buf, 2, timeout_ms);
/* Read first 2 bytes */
if (client->flags & MQTT_CLIENT_FLAG_IS_TLS) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we have a flag for DTLS? Seems like you could use this flag for the mqtt_socket.c TLS method?

@embhorn embhorn requested a review from dgarske September 1, 2023 14:20
dgarske
dgarske requested changes Sep 1, 2023
View reviewed changes
src/mqtt_socket.c Outdated
@@ -359,7 +359,21 @@ int MqttSocket_Peek(MqttClient *client, byte* buf, int buf_len, int timeout_ms)

return rc;
}

#if defined(ENABLE_MQTT_TLS) && defined(WOLFSSL_DTLS)
void MqttSocket_SetDTLS(MqttClient *client, int value)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer the API to be in mqtt_client.c and named MqttClient_SetFlags API that takes in uint32_t of enum MqttClientFlags values as an argument.

Something like:

word32 MqttClient_SetFlags(MqttClient *client, word32 mask, word32 flags)
{
    if (client != NULL) {
        client->flags &= ~mask;
        client->flags |= flags;
        return client->flags;
    }
    return 0;
}

This is multi-purpose because you can set or clear any flags and return the final state.

@dgarske dgarske removed their assignment Sep 1, 2023
@embhorn embhorn requested a review from dgarske September 1, 2023 17:29
dgarske
dgarske previously approved these changes Sep 1, 2023
View reviewed changes
dgarske
dgarske requested changes Sep 1, 2023
View reviewed changes
src/mqtt_client.c Outdated
#ifdef WOLFMQTT_MULTITHREAD
wm_SemUnlock(&client->lockClient);
#endif
return client->flags;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please get the final flags before unlock.

@embhorn embhorn assigned lealem47 and unassigned embhorn and dgarske Sep 1, 2023
@embhorn
Copy link
Member Author

embhorn commented Sep 1, 2023

Ready for merge!

@lealem47 lealem47 merged commit d5eca1b into wolfSSL:master Sep 1, 2023
6 checks passed
@embhorn embhorn mentioned this pull request Oct 3, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgarske dgarske dgarske approved these changes

@lealem47 lealem47 lealem47 left review comments

Assignees

@lealem47 lealem47

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@embhorn @dgarske @lealem47