diff options
author | Paul Bartell <pbartell@amazon.com> | 2022-08-22 11:30:31 -0700 |
---|---|---|
committer | Paul Bartell <paul.bartell@gmail.com> | 2022-08-26 09:58:39 -0700 |
commit | 9f7979145af953083bb0d5ec5cb2e91522f800ab (patch) | |
tree | 98032385e14588ab46eb646cd84776d5460199cd | |
parent | 0fc242b7db5a78a2a39f0de7abe3c188b7bec20e (diff) | |
download | freertos-git-9f7979145af953083bb0d5ec5cb2e91522f800ab.tar.gz |
mqtt_demo_helpers: Fix ALPN strings for mbedtls use
-rw-r--r-- | FreeRTOS-Plus/Demo/AWS/Mqtt_Demo_Helpers/mqtt_demo_helpers.c | 78 | ||||
-rw-r--r-- | FreeRTOS-Plus/Demo/AWS/Mqtt_Demo_Helpers/mqtt_pkcs11_demo_helpers.c | 95 |
2 files changed, 93 insertions, 80 deletions
diff --git a/FreeRTOS-Plus/Demo/AWS/Mqtt_Demo_Helpers/mqtt_demo_helpers.c b/FreeRTOS-Plus/Demo/AWS/Mqtt_Demo_Helpers/mqtt_demo_helpers.c index dc3ea2405..65daf51d7 100644 --- a/FreeRTOS-Plus/Demo/AWS/Mqtt_Demo_Helpers/mqtt_demo_helpers.c +++ b/FreeRTOS-Plus/Demo/AWS/Mqtt_Demo_Helpers/mqtt_demo_helpers.c @@ -165,21 +165,6 @@ "?SDK=" democonfigOS_NAME "&Version=" democonfigOS_VERSION \ "&Platform=" democonfigHARDWARE_PLATFORM_NAME "&MQTTLib=" democonfigMQTT_LIB -/** - * @brief The length of the MQTT metrics string expected by AWS IoT. - */ -#define AWS_IOT_METRICS_STRING_LENGTH ( ( uint16_t ) ( sizeof( AWS_IOT_METRICS_STRING ) - 1 ) ) - -/** - * @brief ALPN (Application-Layer Protocol Negotiation) protocol name for AWS IoT MQTT. - * - * This will be used if democonfigMQTT_BROKER_PORT is configured as 443 for the AWS IoT MQTT broker. - * Please see more details about the ALPN protocol for AWS IoT MQTT endpoint - * in the link below. - * https://aws.amazon.com/blogs/iot/mqtt-with-tls-client-authentication-on-port-443-why-it-is-useful-and-how-it-works/ - */ -#define AWS_IOT_MQTT_ALPN "\x0ex-amzn-mqtt-ca" - /*-----------------------------------------------------------*/ @@ -347,10 +332,42 @@ static TlsTransportStatus_t prvConnectToServerWithBackoffRetries( NetworkContext NetworkCredentials_t xNetworkCredentials = { 0 }; uint16_t usNextRetryBackOff = 0U; - /* ALPN protocols must be a NULL-terminated list of strings. Therefore, - * the first entry will contain the actual ALPN protocol string while the - * second entry must remain NULL. */ - char * pcAlpnProtocols[] = { NULL, NULL }; + #if defined( democonfigCLIENT_USERNAME ) + /* + * When democonfigCLIENT_USERNAME is defined, use the "mqtt" alpn to connect + * to AWS IoT Core with Custom Authentication on port 443. + * + * Custom Authentication uses the contents of the username and password + * fields of the MQTT CONNECT packet to authenticate the client. + * + * For more information, refer to the documentation at: + * https://docs.aws.amazon.com/iot/latest/developerguide/custom-authentication.html + */ + static const char * ppcAlpnProtocols[] = { "mqtt", NULL }; + #if democonfigMQTT_BROKER_PORT != 443U + #error "Connections to AWS IoT Core with custom authentication must connect to TCP port 443 with the \"mqtt\" alpn." + #endif /* democonfigMQTT_BROKER_PORT != 443U */ + #else /* if !defined( democonfigCLIENT_USERNAME ) */ + /* + * Otherwise, use the "x-amzn-mqtt-ca" alpn to connect to AWS IoT Core using + * x509 Certificate Authentication. + */ + static const char * ppcAlpnProtocols[] = { "x-amzn-mqtt-ca", NULL }; + + #endif /* !defined( democonfigCLIENT_USERNAME ) */ + + /* + * An ALPN identifier is only required when connecting to AWS IoT core on port 443. + * https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html + */ + #if democonfigMQTT_BROKER_PORT == 443U + xNetworkCredentials.pAlpnProtos = ppcAlpnProtocols; + #elif democonfigMQTT_BROKER_PORT == 8883U + xNetworkCredentials.pAlpnProtos = NULL; + #else /* democonfigMQTT_BROKER_PORT != 8883U */ + xNetworkCredentials.pAlpnProtos = NULL; + #error "MQTT connections to AWS IoT Core are only allowed on ports 443 and 8883." + #endif /* democonfigMQTT_BROKER_PORT != 443U */ configASSERT( pxNetworkContext != NULL ); @@ -365,13 +382,6 @@ static TlsTransportStatus_t prvConnectToServerWithBackoffRetries( NetworkContext #endif xNetworkCredentials.disableSni = pdFALSE; -/* The ALPN string changes depending on whether username/password authentication is used. */ - #ifdef democonfigCLIENT_USERNAME - pcAlpnProtocols[ 0 ] = AWS_IOT_CUSTOM_AUTH_ALPN; - #else - pcAlpnProtocols[ 0 ] = AWS_IOT_MQTT_ALPN; - #endif - xNetworkCredentials.pAlpnProtos = pcAlpnProtocols; /* Initialize reconnect attempts and interval.*/ BackoffAlgorithm_InitializeParams( &xReconnectParams, @@ -656,19 +666,23 @@ BaseType_t xEstablishMqttSession( MQTTContext_t * pxMqttContext, * PINGREQ Packet. */ xConnectInfo.keepAliveSeconds = mqttexampleKEEP_ALIVE_TIMEOUT_SECONDS; -/* Append metrics when connecting to the AWS IoT Core broker. */ - #ifdef democonfigCLIENT_USERNAME - xConnectInfo.pUserName = CLIENT_USERNAME_WITH_METRICS; - xConnectInfo.userNameLength = ( uint16_t ) strlen( CLIENT_USERNAME_WITH_METRICS ); + #if defined( democonfigCLIENT_USERNAME ) + /* Append metrics string when connecting to AWS IoT Core with custom auth */ + xConnectInfo.pUserName = democonfigCLIENT_USERNAME AWS_IOT_METRICS_STRING; + xConnectInfo.userNameLength = ( uint16_t ) strlen( democonfigCLIENT_USERNAME AWS_IOT_METRICS_STRING ); + + /* Use the provided password as-is */ xConnectInfo.pPassword = democonfigCLIENT_PASSWORD; xConnectInfo.passwordLength = ( uint16_t ) strlen( democonfigCLIENT_PASSWORD ); #else + /* If no username is needed, only send the metrics string */ xConnectInfo.pUserName = AWS_IOT_METRICS_STRING; - xConnectInfo.userNameLength = AWS_IOT_METRICS_STRING_LENGTH; + xConnectInfo.userNameLength = ( uint16_t ) strlen( AWS_IOT_METRICS_STRING ); + /* Password for authentication is not used. */ xConnectInfo.pPassword = NULL; xConnectInfo.passwordLength = 0U; - #endif /* ifdef democonfigCLIENT_USERNAME */ + #endif /* defined( democonfigCLIENT_USERNAME ) */ /* Send MQTT CONNECT packet to broker. */ xMQTTStatus = MQTT_Connect( pxMqttContext, diff --git a/FreeRTOS-Plus/Demo/AWS/Mqtt_Demo_Helpers/mqtt_pkcs11_demo_helpers.c b/FreeRTOS-Plus/Demo/AWS/Mqtt_Demo_Helpers/mqtt_pkcs11_demo_helpers.c index 8431388bc..b8ca62dec 100644 --- a/FreeRTOS-Plus/Demo/AWS/Mqtt_Demo_Helpers/mqtt_pkcs11_demo_helpers.c +++ b/FreeRTOS-Plus/Demo/AWS/Mqtt_Demo_Helpers/mqtt_pkcs11_demo_helpers.c @@ -25,7 +25,7 @@ */ /** - * @file mqtt_demo_helpers.c + * @file mqtt_pkcs11_demo_helpers.c * * @brief This file provides helper functions used by the AWS demo applications to * do MQTT operations over a mutually authenticated TLS connection. @@ -158,26 +158,6 @@ "?SDK=" democonfigOS_NAME "&Version=" democonfigOS_VERSION \ "&Platform=" democonfigHARDWARE_PLATFORM_NAME "&MQTTLib=" democonfigMQTT_LIB -/** - * @brief The length of the MQTT metrics string expected by AWS IoT. - */ -#define AWS_IOT_METRICS_STRING_LENGTH ( ( uint16_t ) ( sizeof( AWS_IOT_METRICS_STRING ) - 1 ) ) - -/** - * @brief ALPN protocol name for AWS IoT MQTT. - * - * This will be used if the democonfigMQTT_BROKER_PORT is configured as 443 for AWS IoT MQTT - * broker. Please see more details about the ALPN protocol for AWS IoT MQTT - * endpoint in the link below. - * https://aws.amazon.com/blogs/iot/mqtt-with-tls-client-authentication-on-port-443-why-it-is-useful-and-how-it-works/ - * - * @note OpenSSL requires that the protocol string passed to it for configuration be encoded - * with the prefix of 8-bit length information of the string. Thus, the 14 byte (0x0e) length - * information is prefixed to the string. - */ -#define mqttopALPN_PROTOCOL_NAME "\x0ex-amzn-mqtt-ca" - - /*-----------------------------------------------------------*/ /** @@ -349,12 +329,43 @@ static TlsTransportStatus_t prvConnectToServerWithBackoffRetries( NetworkContext BackoffAlgorithmContext_t xReconnectParams = { 0 }; NetworkCredentials_t xNetworkCredentials = { 0 }; uint16_t usNextRetryBackOff = 0U; - const char * pcAlpn[] = { mqttopALPN_PROTOCOL_NAME, NULL }; - /* ALPN protocols must be a NULL-terminated list of strings. Therefore, - * the first entry will contain the actual ALPN protocol string while the - * second entry must remain NULL. */ - char * pcAlpnProtocols[] = { NULL, NULL }; + #if defined( democonfigCLIENT_USERNAME ) + /* + * When democonfigCLIENT_USERNAME is defined, use the "mqtt" alpn to connect + * to AWS IoT Core with Custom Authentication on port 443. + * + * Custom Authentication uses the contents of the username and password + * fields of the MQTT CONNECT packet to authenticate the client. + * + * For more information, refer to the documentation at: + * https://docs.aws.amazon.com/iot/latest/developerguide/custom-authentication.html + */ + static const char * ppcAlpnProtocols[] = { "mqtt", NULL }; + #if democonfigMQTT_BROKER_PORT != 443U + #error "Connections to AWS IoT Core with custom authentication must connect to TCP port 443 with the \"mqtt\" alpn." + #endif /* democonfigMQTT_BROKER_PORT != 443U */ + #else /* if !defined( democonfigCLIENT_USERNAME ) */ + /* + * Otherwise, use the "x-amzn-mqtt-ca" alpn to connect to AWS IoT Core using + * x509 Certificate Authentication. + */ + static const char * ppcAlpnProtocols[] = { "x-amzn-mqtt-ca", NULL }; + + #endif /* !defined( democonfigCLIENT_USERNAME ) */ + + /* + * An ALPN identifier is only required when connecting to AWS IoT core on port 443. + * https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html + */ + #if democonfigMQTT_BROKER_PORT == 443U + xNetworkCredentials.pAlpnProtos = ppcAlpnProtocols; + #elif democonfigMQTT_BROKER_PORT == 8883U + xNetworkCredentials.pAlpnProtos = NULL; + #else /* democonfigMQTT_BROKER_PORT != 8883U */ + xNetworkCredentials.pAlpnProtos = NULL; + #error "MQTT connections to AWS IoT Core are only allowed on ports 443 and 8883." + #endif /* democonfigMQTT_BROKER_PORT != 443U */ configASSERT( pxNetworkContext != NULL ); @@ -364,24 +375,8 @@ static TlsTransportStatus_t prvConnectToServerWithBackoffRetries( NetworkContext xNetworkCredentials.pClientCertLabel = pcClientCertLabel; xNetworkCredentials.pPrivateKeyLabel = pcPrivateKeyLabel; - /* AWS IoT requires devices to send the Server Name Indication (SNI) - * extension to the Transport Layer Security (TLS) protocol and provide - * the complete endpoint address in the host_name field. Details about - * SNI for AWS IoT can be found in the link below. - * https://docs.aws.amazon.com/iot/latest/developerguide/transport-security.html - */ xNetworkCredentials.disableSni = pdFALSE; - if( democonfigMQTT_BROKER_PORT == 443 ) - { - /* Pass the ALPN protocol name depending on the port being used. - * Please see more details about the ALPN protocol for AWS IoT MQTT endpoint - * in the link below. - * https://aws.amazon.com/blogs/iot/mqtt-with-tls-client-authentication-on-port-443-why-it-is-useful-and-how-it-works/ - */ - xNetworkCredentials.pAlpnProtos = pcAlpn; - } - /* Initialize reconnect attempts and interval.*/ BackoffAlgorithm_InitializeParams( &xReconnectParams, RETRY_BACKOFF_BASE_MS, @@ -669,19 +664,23 @@ BaseType_t xEstablishMqttSession( MQTTContext_t * pxMqttContext, * PINGREQ Packet. */ xConnectInfo.keepAliveSeconds = mqttexampleKEEP_ALIVE_TIMEOUT_SECONDS; - /* Append metrics when connecting to the AWS IoT Core broker. */ - #ifdef democonfigCLIENT_USERNAME - xConnectInfo.pUserName = CLIENT_USERNAME_WITH_METRICS; - xConnectInfo.userNameLength = ( uint16_t ) strlen( CLIENT_USERNAME_WITH_METRICS ); + #if defined( democonfigCLIENT_USERNAME ) + /* Append metrics string when connecting to AWS IoT Core with custom auth */ + xConnectInfo.pUserName = democonfigCLIENT_USERNAME AWS_IOT_METRICS_STRING; + xConnectInfo.userNameLength = ( uint16_t ) strlen( democonfigCLIENT_USERNAME AWS_IOT_METRICS_STRING ); + + /* Use the provided password as-is */ xConnectInfo.pPassword = democonfigCLIENT_PASSWORD; xConnectInfo.passwordLength = ( uint16_t ) strlen( democonfigCLIENT_PASSWORD ); #else + /* If no username is needed, only send the metrics string */ xConnectInfo.pUserName = AWS_IOT_METRICS_STRING; - xConnectInfo.userNameLength = AWS_IOT_METRICS_STRING_LENGTH; + xConnectInfo.userNameLength = ( uint16_t ) strlen( AWS_IOT_METRICS_STRING ); + /* Password for authentication is not used. */ xConnectInfo.pPassword = NULL; xConnectInfo.passwordLength = 0U; - #endif /* ifdef democonfigCLIENT_USERNAME */ + #endif /* defined( democonfigCLIENT_USERNAME ) */ /* Send MQTT CONNECT packet to broker. */ xMQTTStatus = MQTT_Connect( pxMqttContext, |