From d228dd0c85ca715d7e0d7d29c02d791ded737b2b Mon Sep 17 00:00:00 2001 From: Ravi kumar Veeramally Date: Mon, 13 Jan 2020 11:41:43 +0200 Subject: [PATCH] samples: net: echo_server: Add signed certs and keys Current sample certs and keys are not signed. Adding signed certificates and keys. CA file also added. This helps users to test with different kind of configurations. Signed-off-by: Ravi kumar Veeramally --- .../net/sockets/echo_server/CMakeLists.txt | 3 +++ samples/net/sockets/echo_server/Kconfig | 7 ++++++ samples/net/sockets/echo_server/src/ca.der | Bin 0 -> 783 bytes .../net/sockets/echo_server/src/certificate.h | 17 ++++++++++++++ .../net/sockets/echo_server/src/echo-server.c | 22 ++++++++++++++---- .../net/sockets/echo_server/src/server.der | Bin 0 -> 693 bytes .../echo_server/src/server_privkey.der | Bin 0 -> 1219 bytes 7 files changed, 45 insertions(+), 4 deletions(-) create mode 100644 samples/net/sockets/echo_server/src/ca.der create mode 100644 samples/net/sockets/echo_server/src/server.der create mode 100644 samples/net/sockets/echo_server/src/server_privkey.der diff --git a/samples/net/sockets/echo_server/CMakeLists.txt b/samples/net/sockets/echo_server/CMakeLists.txt index 3237e2a9658..5764048adc3 100644 --- a/samples/net/sockets/echo_server/CMakeLists.txt +++ b/samples/net/sockets/echo_server/CMakeLists.txt @@ -27,6 +27,9 @@ include($ENV{ZEPHYR_BASE}/samples/net/common/common.cmake) set(gen_dir ${ZEPHYR_BINARY_DIR}/include/generated/) foreach(inc_file + ca.der + server.der + server_privkey.der echo-apps-cert.der echo-apps-key.der ) diff --git a/samples/net/sockets/echo_server/Kconfig b/samples/net/sockets/echo_server/Kconfig index 5e28415fb0d..58c91424f83 100644 --- a/samples/net/sockets/echo_server/Kconfig +++ b/samples/net/sockets/echo_server/Kconfig @@ -58,4 +58,11 @@ config NET_SAMPLE_PSK_HEADER_FILE Name of a header file containing a pre-shared key. +config NET_SAMPLE_CERTS_WITH_SC + bool "Signed certificates" + depends on NET_SOCKETS_SOCKOPT_TLS + help + Enable this flag, if you are interested to run this + application with signed certificates and keys. + source "Kconfig.zephyr" diff --git a/samples/net/sockets/echo_server/src/ca.der b/samples/net/sockets/echo_server/src/ca.der new file mode 100644 index 0000000000000000000000000000000000000000..b1d3e097cadcea344d9b172b4a540ddd57dae71e GIT binary patch literal 783 zcmXqLV&*nzV*I>-nTe5!NkrQ5sj}%5hTSG>R`_Lq-*o88&x{EMylk9WZ60mkc^MhG zSs4sO4228?*qB3En0Yu;D-v@Ha#Ecg4HU$AjSLJ74b2TKfs|#G1iz7?p{1dbkqJ}) zhrT98C1eX2Ss9p{82K51ZsKBUVq|34wV`KTh|5~Fr}HK2;*u6Ee|T=)1e1!xi;caz z-Z<-YoAX;FSjv^Y>1nk1mK&woeDe9}%lcDyWX(QRwR~w^i;nQdPj^{11~o3t{h`P~MygMx|HOPX%tXsnEOA>fFBedeU33Yx~_59X84`-hUap=ymBqc8_=e zXJ0AHhzvS^yv$SG(`m0>x{E^8F`u&eJ(a)Lt@-kAO77R3LtU3@X0!0{EwG4T-8z42 z@`rzOzWi!tInektcgxn$j9`t&6D!)di-I|~?Tzus+tW+_OU zBOPJG^i2Jk=Y-?xkG9WkdAoLt*%`^MJMCs?Hr>7-wUvpPk%4h>utA`KEHKPv`B=nQ zL;`E>*2qT+TP*1l-lo3#WLEad32P1HLDI@B5(Z)o*cI@D6bLgi{%2t|UYw?JA%`W?xT7A$?XFl} zX+CG(vMCB{-fr{pd|lDHbz#Hxjy)3f&IdyKXSc+pI<5$Nwf$h;y-8pD0*`A~XmRRD S-t=3uW{SGEL-b8SsSE(&xI?V~ literal 0 HcmV?d00001 diff --git a/samples/net/sockets/echo_server/src/certificate.h b/samples/net/sockets/echo_server/src/certificate.h index eb6fd741d1d..0d70f4326aa 100644 --- a/samples/net/sockets/echo_server/src/certificate.h +++ b/samples/net/sockets/echo_server/src/certificate.h @@ -10,6 +10,7 @@ #define SERVER_CERTIFICATE_TAG 1 #define PSK_TAG 2 +#if !defined(CONFIG_NET_SAMPLE_CERTS_WITH_SC) static const unsigned char server_certificate[] = { #include "echo-apps-cert.der.inc" }; @@ -19,6 +20,22 @@ static const unsigned char private_key[] = { #include "echo-apps-key.der.inc" }; +#else + +static const unsigned char ca_certificate[] = { +#include "ca.der.inc" +}; + +static const unsigned char server_certificate[] = { +#include "server.der.inc" +}; + +/* This is the private key in pkcs#8 format. */ +static const unsigned char private_key[] = { +#include "server_privkey.der.inc" +}; +#endif + #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #include CONFIG_NET_SAMPLE_PSK_HEADER_FILE #endif diff --git a/samples/net/sockets/echo_server/src/echo-server.c b/samples/net/sockets/echo_server/src/echo-server.c index 601bb083b89..0049d0f9dda 100644 --- a/samples/net/sockets/echo_server/src/echo-server.c +++ b/samples/net/sockets/echo_server/src/echo-server.c @@ -41,15 +41,29 @@ void quit(void) static void init_app(void) { +#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) || \ + defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) + int err; +#endif k_sem_init(&quit_lock, 0, UINT_MAX); LOG_INF(APP_BANNER); #if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) - int err = tls_credential_add(SERVER_CERTIFICATE_TAG, - TLS_CREDENTIAL_SERVER_CERTIFICATE, - server_certificate, - sizeof(server_certificate)); +#if defined(CONFIG_NET_SAMPLE_CERTS_WITH_SC) + err = tls_credential_add(SERVER_CERTIFICATE_TAG, + TLS_CREDENTIAL_CA_CERTIFICATE, + ca_certificate, + sizeof(ca_certificate)); + if (err < 0) { + LOG_ERR("Failed to register CA certificate: %d", err); + } +#endif + + err = tls_credential_add(SERVER_CERTIFICATE_TAG, + TLS_CREDENTIAL_SERVER_CERTIFICATE, + server_certificate, + sizeof(server_certificate)); if (err < 0) { LOG_ERR("Failed to register public certificate: %d", err); } diff --git a/samples/net/sockets/echo_server/src/server.der b/samples/net/sockets/echo_server/src/server.der new file mode 100644 index 0000000000000000000000000000000000000000..2b664a4bdb2ce64d9e2f92d88aa163d09fd0a073 GIT binary patch literal 693 zcmXqLV%liX#5j{lBd#AN85K^Mn-N{1_Kd8 zAp-$6=1>-99?sN?#N2|MRA)y61#w;@0|P@ta|25QLnDJI34S9(LrX&=BNM0qioTru zik^@kDXYAcf~pQKuP)zo+30&- zdsL`W?2aE_c8Ub||GIFX(J^B};2(|hvNbb#i*={IPiDy3J$tJ&ci@?4VMWV=4&VCe zed*i}zE-9BtHZF9qVy(`sT+oy{ksJnS;amZ=bj_*v&j0}v(Aq0#9UNL&?l7Jj%zSgmElFXmI`$*a$X#J<0sy{~v`PEt_XN{9Kv4~>gL4f1N!%QHKI zrQ!?c2J27zSdg}K;<*B6sk_I_f9h;pVn08MKhh_xqvX6o-GpVLVd2xY%A(A-@$z5W zA6>qdW5xTj>8pMAgl1+(2pQNNu1#6e`Z4|)(;s_#+qPfTUHR2lm>=v4@vgY1wJ2i3 MBGv5t+z!hv0H2m3zyJUM literal 0 HcmV?d00001 diff --git a/samples/net/sockets/echo_server/src/server_privkey.der b/samples/net/sockets/echo_server/src/server_privkey.der new file mode 100644 index 0000000000000000000000000000000000000000..2269293fe790f2276d24bb62e5347e2d6e5b9cdf GIT binary patch literal 1219 zcmV;!1U&mNf&{+;0RS)!1_>&LNQUrsW5^Br2+u}0)hbn0Nqb)D1e?a zp8&aImt7ZC<#fYJP1_)U~2r>KV;Sh&|uxsbgd+Wqim>*RQP17 zN+MEv!KZt7vePp6ZiiY`B3-!n^tlvMkNVKSfk9}HQT!-(cC48Vb1jwcV*qTso3%p= zQOxF6a;8$l+WAY$!e4q1-E5KRYMu^m^R8*?f@AY^R3J|xb1OnZyf)d%@7jF-n#bq{w z_V0-_an4m}EhQL0a0eyJLfgYUma~AbF4TKUx0e^de%Z>SRLcd3_W}a}009Dm0RaG! zDnpyyq31e$(;f_OH=9&LUdAGWmcg)_U4%E0mb$XCnj(|v8LAHpDTtP?vr%m06^$EJ zZpnTE;H3hyxV~h-V=#o!93n{(=c4FC>CFRKQ-|zrZ1|YaIP9Ik-N}{ zy2<3cWREtdn{P+&|LN!)p7{mIkU|!Zt`2R(;Pg#_N=yr%0Vbp2xs8}fq?+{ zc_*4}atI@kiq43z4w}weDdyNNVAbB4NkS;27(x^wl z9J%b|Zc?z3;9TOiJK1`TB(hH8#oFnIv_f(!BjM<1Tj6}HlvN;ezG8sA3fPIW5j-m0 zrtNkO#a&BWxBBTNvSLcW2Sl27{uX5dfq?+z1E4J%6tye))MkM!X;Uf?8bH~Szs0u6 z*)cirwi2tZjOy@!RH&>XpF<1p??`R2z_I*@ponczcJ58;AN9n=lmO7)}?cPxq}S7K$e| z%_M>YTZQ&9fy?JR7<=cE*V;m7sn;&-g+MhbC^OY4hZM-K;ApehPU?Alz@8rI#vgD* ziCnquP~ol5;^064q^Ud%WP58WWvLp2efKx^7FEPDLiY hlYUM(QL<8v)b323|FJ#?NUg;s4_k!y09su`yV-?yRI&g7 literal 0 HcmV?d00001