samples: net: echo_server: Add signed certs and keys

Current sample certs and keys are not signed. Adding signed certificates and keys. CA file also added. This helps users to test with different kind of configurations. Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
2020-01-13 11:41:43 +02:00 · 2020-01-13 11:41:43 +02:00 · d228dd0c85
commit d228dd0c85
parent dd65f7c38a
7 changed files with 45 additions and 4 deletions
--- a/samples/net/sockets/echo_server/CMakeLists.txt
+++ b/samples/net/sockets/echo_server/CMakeLists.txt
@ -27,6 +27,9 @@ include($ENV{ZEPHYR_BASE}/samples/net/common/common.cmake)
 set(gen_dir ${ZEPHYR_BINARY_DIR}/include/generated/)

 foreach(inc_file
+	ca.der
+	server.der
+	server_privkey.der
 	echo-apps-cert.der
 	echo-apps-key.der
    )
--- a/samples/net/sockets/echo_server/Kconfig
+++ b/samples/net/sockets/echo_server/Kconfig
@ -58,4 +58,11 @@ config NET_SAMPLE_PSK_HEADER_FILE
 	  Name of a header file containing a
 	  pre-shared key.

+config NET_SAMPLE_CERTS_WITH_SC
+	bool "Signed certificates"
+	depends on NET_SOCKETS_SOCKOPT_TLS
+	help
+	  Enable this flag, if you are interested to run this
+	  application with signed certificates and keys.
+
 source "Kconfig.zephyr"
--- a/samples/net/sockets/echo_server/src/ca.der
+++ b/samples/net/sockets/echo_server/src/ca.der
--- a/samples/net/sockets/echo_server/src/certificate.h
+++ b/samples/net/sockets/echo_server/src/certificate.h
@ -10,6 +10,7 @@
 #define SERVER_CERTIFICATE_TAG 1
 #define PSK_TAG 2

+#if !defined(CONFIG_NET_SAMPLE_CERTS_WITH_SC)
 static const unsigned char server_certificate[] = {
 #include "echo-apps-cert.der.inc"
 };
@ -19,6 +20,22 @@ static const unsigned char private_key[] = {
 #include "echo-apps-key.der.inc"
 };

+#else
+
+static const unsigned char ca_certificate[] = {
+#include "ca.der.inc"
+};
+
+static const unsigned char server_certificate[] = {
+#include "server.der.inc"
+};
+
+/* This is the private key in pkcs#8 format. */
+static const unsigned char private_key[] = {
+#include "server_privkey.der.inc"
+};
+#endif
+
 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
 #include CONFIG_NET_SAMPLE_PSK_HEADER_FILE
 #endif
--- a/samples/net/sockets/echo_server/src/echo-server.c
+++ b/samples/net/sockets/echo_server/src/echo-server.c
@ -41,15 +41,29 @@ void quit(void)

 static void init_app(void)
 {
+#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) || \
+	defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+	int err;
+#endif
 	k_sem_init(&quit_lock, 0, UINT_MAX);

 	LOG_INF(APP_BANNER);

 #if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
-	int err = tls_credential_add(SERVER_CERTIFICATE_TAG,
-				     TLS_CREDENTIAL_SERVER_CERTIFICATE,
-				     server_certificate,
-				     sizeof(server_certificate));
+#if defined(CONFIG_NET_SAMPLE_CERTS_WITH_SC)
+	err = tls_credential_add(SERVER_CERTIFICATE_TAG,
+				 TLS_CREDENTIAL_CA_CERTIFICATE,
+				 ca_certificate,
+				 sizeof(ca_certificate));
+	if (err < 0) {
+		LOG_ERR("Failed to register CA certificate: %d", err);
+	}
+#endif
+
+	err = tls_credential_add(SERVER_CERTIFICATE_TAG,
+				 TLS_CREDENTIAL_SERVER_CERTIFICATE,
+				 server_certificate,
+				 sizeof(server_certificate));
 	if (err < 0) {
 		LOG_ERR("Failed to register public certificate: %d", err);
 	}
--- a/samples/net/sockets/echo_server/src/server.der
+++ b/samples/net/sockets/echo_server/src/server.der
--- a/samples/net/sockets/echo_server/src/server_privkey.der
+++ b/samples/net/sockets/echo_server/src/server_privkey.der