1 /**
2 * @file
3 * HTTPD https example
4 *
5 * This file demonstrates how to initialize httpd for https.
6 * To do this, it needs 2 files:
7 * - server certificate
8 * - server private key
9 *
10 * In addition to that, watch out for resource shortage. You'll need plenty of
11 * heap (start with MEM_SIZE >= 200 KByte or monitor its err counters) and be
12 * sure to at least set the following settings high enough (monitor
13 * lwip_stats for an idea of what's needed):
14 * - MEMP_NUM_TCP_PCB/MEMP_NUM_ALTCP_PCB
15 * - MEMP_NUM_TCPIP_MSG_INPKT
16 * - MEMP_NUM_TCP_SEG
17 */
18
19 /*
20 * Copyright (c) 2017-2019 Simon Goldschmidt
21 * All rights reserved.
22 *
23 * Redistribution and use in source and binary forms, with or without modification,
24 * are permitted provided that the following conditions are met:
25 *
26 * 1. Redistributions of source code must retain the above copyright notice,
27 * this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright notice,
29 * this list of conditions and the following disclaimer in the documentation
30 * and/or other materials provided with the distribution.
31 * 3. The name of the author may not be used to endorse or promote products
32 * derived from this software without specific prior written permission.
33 *
34 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
35 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
36 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
37 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
38 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
39 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
40 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
41 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
42 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
43 * OF SUCH DAMAGE.
44 *
45 * This file is part of the lwIP TCP/IP stack.
46 *
47 * Author: Simon Goldschmidt <goldsimon@gmx.de>
48 *
49 */
50
51 #include "lwip/opt.h"
52 #include "https_example.h"
53
54 #include "lwip/altcp_tls.h"
55 #include "lwip/apps/httpd.h"
56
57 #include <stdio.h>
58 #include <stdlib.h>
59 #include <string.h>
60
61 /** define LWIP_HTTPD_EXAMPLE_HTTPS to 1 to enable this file system */
62 #ifndef LWIP_HTTPD_EXAMPLE_HTTPS
63 #define LWIP_HTTPD_EXAMPLE_HTTPS 0
64 #endif
65
66 #if LWIP_HTTPD_EXAMPLE_HTTPS && LWIP_ALTCP_TLS
67
68 #ifndef LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE
69 #error "define LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE to the created server private key"
70 #endif
71
72 /* If the key file is password-protected, define LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS */
73 #ifdef LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS
74 #ifndef LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS_LEN
75 #define LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS_LEN strlen(LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS)
76 #endif
77 #else
78 #define LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS NULL
79 #define LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS_LEN 0
80 #endif
81
82 #ifndef LWIP_HTTPD_EXAMPLE_HTTPS_CERT_FILE
83 #error "define LWIP_HTTPD_EXAMPLE_HTTPS_CERT_FILE to the created server certificate"
84 #endif
85
read_file(const char * filename,size_t * file_size)86 static u8_t *read_file(const char *filename, size_t *file_size)
87 {
88 u8_t *buf;
89 long fsize;
90 FILE *f = fopen(filename, "rb");
91 if (!f) {
92 return NULL;
93 }
94 fseek(f, 0, SEEK_END);
95 fsize = ftell(f);
96 fseek(f, 0, SEEK_SET);
97
98 buf = (u8_t *)malloc(fsize + 1);
99 if (!buf) {
100 fclose(f);
101 return NULL;
102 }
103 fread(buf, 1, fsize, f);
104 fclose(f);
105
106 buf[fsize] = 0;
107 if (file_size) {
108 /* Note: the '+ 1' is required for mbedTLS to correctly parse the buffer */
109 *file_size = (size_t)(fsize + 1);
110 }
111 return buf;
112 }
113
114 /** This function loads a server certificate and private key as x509 from disk.
115 * For information how to create such files, see mbedTLS tutorial ("How to
116 * generate a self-signed certificate") or OpenSSL documentation ("How to
117 * generate a self-signed certificate and private key using OpenSSL"), e.g.
118 * 'openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt'
119 * Copy the resulting files and define the path to them
120 */
121 void
https_ex_init(void)122 https_ex_init(void)
123 {
124 struct altcp_tls_config *conf;
125 u8_t *privkey, *cert;
126 size_t privkey_size, cert_size;
127
128 privkey = read_file(LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE, &privkey_size);
129 LWIP_ASSERT("Failed to open https server private key", privkey != NULL);
130 cert = read_file(LWIP_HTTPD_EXAMPLE_HTTPS_CERT_FILE, &cert_size);
131 LWIP_ASSERT("Failed to open https server certificate", cert != NULL);
132
133 conf = altcp_tls_create_config_server_privkey_cert(privkey, privkey_size,
134 LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS, LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS_LEN, cert, cert_size);
135 LWIP_ASSERT("Failed to create https server config", conf != NULL);
136
137 httpd_inits(conf);
138
139 /* secure erase should be done in production environment */
140 free(privkey);
141 free(cert);
142 }
143
144 #endif /* LWIP_HTTPD_EXAMPLE_HTTPS */
145