Merge pull request wolfSSL#491 from wolfSSL/devin/1740502756-add-freertos-fullstack-example

Add FreeRTOS + wolfIP + wolfSSL HTTPS example

Author: gasbytes

fullstack/freertos-wolfip-wolfssl-https/.gitignore

@@ -0,0 +1,33 @@
+# FreeRTOS directories managed by setup script
+freertos/FreeRTOS/
+freertos/FreeRTOS-Kernel/
+
+# Certificate files
+certs/
+
+
+# Build directory
+build/
+
+# Object files
+*.o
+*.ko
+*.obj
+*.elf
+
+# Libraries
+*.lib
+*.a
+*.la
+*.lo
+
+# Executables
+*.exe
+*.out
+*.app
+*.i*86
+*.x86_64
+*.hex
+
+# Debug files
+*.dSYM/

fullstack/freertos-wolfip-wolfssl-https/CMakeLists.txt

@@ -0,0 +1,61 @@
+cmake_minimum_required(VERSION 3.13)
+project(freertos_wolfssl_demo C)
+
+# Set C standard
+set(CMAKE_C_STANDARD 11)
+set(CMAKE_C_STANDARD_REQUIRED ON)
+
+# wolfSSL configuration
+add_definitions(-DWOLFSSL_USER_SETTINGS)
+add_definitions(-DWOLFSSL_WOLFIP)
+
+# FreeRTOS Kernel source files for POSIX port
+set(FREERTOS_PORT_DIR ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/portable/ThirdParty/GCC/Posix)
+set(FREERTOS_HEAP_DIR ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/portable/MemMang)
+
+# Include directories
+include_directories(
+    ${CMAKE_CURRENT_SOURCE_DIR}/include
+    ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/include
+    ${FREERTOS_PORT_DIR}
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/http
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/port
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfssl
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfssl/include
+)
+
+# FreeRTOS source files
+set(FREERTOS_SOURCES
+    ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/tasks.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/queue.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/list.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/timers.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/event_groups.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/stream_buffer.c
+    ${FREERTOS_PORT_DIR}/port.c
+    ${FREERTOS_HEAP_DIR}/heap_3.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/freertos/utils/utils.c
+)
+
+# Add wolfIP library
+add_library(wolfip STATIC
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/wolfip.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/http/httpd.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/port/wolfssl_io.c
+)
+
+# Add the main application
+add_executable(freertos_sim
+    ${FREERTOS_SOURCES}
+    src/main.c
+    src/wolfip_freertos.c
+    src/https_server.c
+)
+
+target_link_libraries(freertos_sim
+    pthread
+    wolfip
+    wolfssl
+)

fullstack/freertos-wolfip-wolfssl-https/README.md

@@ -0,0 +1,85 @@
+# FreeRTOS + wolfIP + wolfSSL HTTPS Example
+
+This example demonstrates a full-stack embedded networking application using FreeRTOS, wolfIP, and wolfSSL. It implements a secure HTTPS server running on a simulated FreeRTOS environment with TLS 1.3 support.
+
+## Stack Components
+
+The example integrates the following components:
+- FreeRTOS (POSIX port) - Real-time operating system
+- wolfIP - TCP/IP networking stack
+- wolfSSL - TLS 1.3 security layer
+- TAP interface - Virtual network interface
+
+## Building and Running
+
+### Prerequisites
+- wolfSSL library
+- wolfIP library
+- CMake (>= 3.13)
+- GCC
+- Linux with TUN/TAP support
+
+### Setup
+1. Run the setup script to clone FreeRTOS repositories:
+```bash
+./setup.sh
+```
+
+2. Configure the network interface (requires root):
+```bash
+sudo ./setup_network.sh
+```
+
+3. Build the example:
+```bash
+cd build && cmake .. && make
+```
+
+4. Run the example (requires root):
+```bash
+sudo ./freertos_sim
+```
+
+### Testing
+Test the HTTPS server using curl:
+```bash
+sudo ./test_https.sh
+```
+
+Or manually:
+```bash
+curl -v --cacert /path/to/wolfssl/certs/ca-cert.pem \
+     --tlsv1.3 --insecure https://10.10.0.10:443/
+```
+
+## Software Bill of Materials (SBOM)
+
+| Component | Version | License | Source |
+|-----------|---------|----------|---------|
+| FreeRTOS | Latest | MIT | https://github.com/FreeRTOS/FreeRTOS |
+| FreeRTOS-Kernel | Latest | MIT | https://github.com/FreeRTOS/FreeRTOS-Kernel |
+| wolfSSL | Latest | GPLv2 | https://github.com/wolfSSL/wolfssl |
+| wolfIP | Latest | GPLv2 | https://github.com/wolfSSL/wolfip |
+
+## Features
+- TLS 1.3 support with wolfSSL
+- Zero dynamic memory allocation networking with wolfIP
+- Virtual networking through TAP interface
+- UDP echo server for testing
+- HTTPS server with demo page
+- FreeRTOS task management and scheduling
+
+## Network Configuration
+- TAP Interface: 10.10.0.1/24 (Host)
+- FreeRTOS IP: 10.10.0.10/24
+- Default Gateway: 10.10.0.1
+
+## Security Features
+- TLS 1.3 with modern cipher suites
+- Certificate-based authentication
+- Support for various cryptographic algorithms:
+  - AES (ECB, CBC, GCM)
+  - ChaCha20-Poly1305
+  - Curve25519
+  - ED25519
+  - SHA-2 and SHA-3 family

fullstack/freertos-wolfip-wolfssl-https/freertos/utils/utils.c

@@ -0,0 +1,50 @@
+#include <errno.h>
+#include <pthread.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+typedef struct event_t {
+    pthread_mutex_t mutex;
+    pthread_cond_t cond;
+    int value;
+} event_t;
+
+event_t *event_create(void) {
+    event_t *event = malloc(sizeof(event_t));
+    if (event != NULL) {
+        pthread_mutex_init(&event->mutex, NULL);
+        pthread_cond_init(&event->cond, NULL);
+        event->value = 0;
+    }
+    return event;
+}
+
+void event_delete(event_t *event) {
+    if (event != NULL) {
+        pthread_mutex_destroy(&event->mutex);
+        pthread_cond_destroy(&event->cond);
+        free(event);
+    }
+}
+
+void event_signal(event_t *event) {
+    if (event != NULL) {
+        pthread_mutex_lock(&event->mutex);
+        event->value = 1;
+        pthread_cond_signal(&event->cond);
+        pthread_mutex_unlock(&event->mutex);
+    }
+}
+
+void event_wait(event_t *event) {
+    if (event != NULL) {
+        pthread_mutex_lock(&event->mutex);
+        while (event->value == 0) {
+            pthread_cond_wait(&event->cond, &event->mutex);
+        }
+        event->value = 0;
+        pthread_mutex_unlock(&event->mutex);
+    }
+}

fullstack/freertos-wolfip-wolfssl-https/include/FreeRTOSConfig.h

@@ -0,0 +1,102 @@
+/* FreeRTOSConfig.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifndef FREERTOS_CONFIG_H
+#define FREERTOS_CONFIG_H
+
+/* Scheduler Related */
+#define configUSE_PREEMPTION                    1
+#define configUSE_PORT_OPTIMISED_TASK_SELECTION 0
+#define configUSE_TICKLESS_IDLE                 0
+#define configCPU_CLOCK_HZ                      ( ( unsigned long ) 60000000 )
+#define configTICK_RATE_HZ                      ( ( TickType_t ) 1000 )
+#define configMAX_PRIORITIES                    5
+#define configMINIMAL_STACK_SIZE               ( ( unsigned short ) 4096 )
+#define configMAX_TASK_NAME_LEN                16
+#define configUSE_16_BIT_TICKS                 0
+#define configIDLE_SHOULD_YIELD                1
+#define configUSE_TASK_NOTIFICATIONS           1
+#define configTASK_NOTIFICATION_ARRAY_ENTRIES   3
+#define configUSE_MUTEXES                      1
+#define configUSE_RECURSIVE_MUTEXES            1
+#define configUSE_COUNTING_SEMAPHORES          1
+#define configQUEUE_REGISTRY_SIZE              10
+#define configUSE_QUEUE_SETS                   0
+#define configUSE_TIME_SLICING                 1
+#define configUSE_NEWLIB_REENTRANT             0
+#define configENABLE_BACKWARD_COMPATIBILITY    0
+#define configNUM_THREAD_LOCAL_STORAGE_POINTERS 5
+#define configUSE_MINI_LIST_ITEM              1
+
+/* Memory allocation related definitions. */
+#define configSUPPORT_STATIC_ALLOCATION         0
+#define configSUPPORT_DYNAMIC_ALLOCATION        1
+#define configTOTAL_HEAP_SIZE                   ( ( size_t ) ( 60 * 1024 ) )
+#define configAPPLICATION_ALLOCATED_HEAP        0
+
+/* Hook function related definitions. */
+#define configUSE_IDLE_HOOK                     0
+#define configUSE_TICK_HOOK                     0
+#define configCHECK_FOR_STACK_OVERFLOW          0
+#define configUSE_MALLOC_FAILED_HOOK            0
+#define configUSE_DAEMON_TASK_STARTUP_HOOK      0
+
+/* Run time and task stats gathering related definitions. */
+#define configGENERATE_RUN_TIME_STATS           0
+#define configUSE_TRACE_FACILITY                0
+#define configUSE_STATS_FORMATTING_FUNCTIONS    0
+
+/* Co-routine related definitions. */
+#define configUSE_CO_ROUTINES                   0
+#define configMAX_CO_ROUTINE_PRIORITIES         1
+
+/* Software timer related definitions. */
+#define configUSE_TIMERS                        1
+#define configTIMER_TASK_PRIORITY              ( configMAX_PRIORITIES - 1 )
+#define configTIMER_QUEUE_LENGTH                10
+#define configTIMER_TASK_STACK_DEPTH           configMINIMAL_STACK_SIZE
+
+/* Define to trap errors during development. */
+#define configASSERT( x )
+
+/* Optional functions - most linkers will remove unused functions anyway. */
+#define INCLUDE_vTaskPrioritySet                1
+#define INCLUDE_uxTaskPriorityGet               1
+#define INCLUDE_vTaskDelete                     1
+#define INCLUDE_vTaskSuspend                    1
+#define INCLUDE_xResumeFromISR                  1
+#define INCLUDE_vTaskDelayUntil                 1
+#define INCLUDE_vTaskDelay                      1
+#define INCLUDE_xTaskGetSchedulerState          1
+#define INCLUDE_xTaskGetCurrentTaskHandle       1
+#define INCLUDE_uxTaskGetStackHighWaterMark     0
+#define INCLUDE_xTaskGetIdleTaskHandle          0
+#define INCLUDE_eTaskGetState                   0
+#define INCLUDE_xEventGroupSetBitFromISR        1
+#define INCLUDE_xTimerPendFunctionCall          0
+#define INCLUDE_xTaskAbortDelay                 0
+#define INCLUDE_xTaskGetHandle                  0
+#define INCLUDE_xTaskResumeFromISR              1
+
+/* POSIX Port specific definitions. */
+#define configPOSIX_STACK_SIZE                  ( ( unsigned short ) 8192 )
+
+#endif /* FREERTOS_CONFIG_H */

fullstack/freertos-wolfip-wolfssl-https/include/user_settings.h

@@ -0,0 +1,48 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* wolfSSL configuration */
+#ifndef USER_SETTINGS_H
+#define USER_SETTINGS_H
+
+#define WOLFSSL_TLS13
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_SUPPORTED_CURVES
+#define HAVE_FFDHE_2048
+#define HAVE_HKDF
+#define HAVE_AEAD
+#define HAVE_CHACHA
+#define HAVE_POLY1305
+#define WOLFSSL_AES_COUNTER
+#define WOLFSSL_AES_DIRECT
+#define HAVE_AES_ECB
+#define HAVE_AES_CBC
+#define HAVE_AES_GCM
+#define HAVE_AESGCM
+#define HAVE_CURVE25519
+#define HAVE_ED25519
+#define WOLFSSL_SHA384
+#define WOLFSSL_SHA512
+#define WOLFSSL_SHA224
+#define WOLFSSL_SHA3
+#define WOLFSSL_SHAKE256
+
+#endif /* USER_SETTINGS_H */