【嵌入式实战】STM32+FreeRTOS+LWIP+WolfSSL 实现 HT

下图是一个简单版本的 https 通讯过程 , 这里不详细讲解了
二、 简单介绍 2.1是什么?
嵌入式 SSL库 是用 ANSI C 编写的轻量级 SSL / TLS 库,主要针对嵌入式,RTOS 和资源受限的环境——主要是因为其体积小,速度快和功能集丰富 。由于其免版税定价和出色的跨平台支持,它也通常用于标准操作环境 。支持高达当前 TLS 1.3 和 DTLS 1.2 级别的行业标准,比小多达20倍,并提供诸如 ,,NTRU 和之类的渐进密码 。在通过 使用时,用户基准测试和反馈报告可显着提高性能 。
2.2 获取官方 SDK
官网
三、STM32 Cube 配置 3.1 Cube 配置
3.2 修改 PHY 地址

【嵌入式实战】STM32+FreeRTOS+LWIP+WolfSSL 实现 HT

文章插图
本项目使用的是芯片,需要修改 PHY为 0
四、生成工程的简单测试 4.1 手动修改 MAC 地址
Cube 生成的 MAC 地址是固定的,防止和测试环境中的其他设备相撞 , 需要打开文件 .c 手动修改 MAC 地址,我这里提取了 芯片ID作为MAC地址的最后几位 , 这里是的芯片ID的地址
【【嵌入式实战】STM32+FreeRTOS+LWIP+WolfSSL 实现 HT】uint32_t sn0 = *(uint32_t *)(0x1FF0F420);//STM32 cpu idMACAddr[3] = (sn0 >> 16) & 0xFF;MACAddr[4] = (sn0 >> 8) & 0xFFF;MACAddr[5] = sn0 & 0xFF;
4.2 Ping 测试
编译 -> 烧录 到单片机里面,拿一条和 PC 在同一局域网内的网线,根据 ()函数下面设置的 IP 测试 ping 功能,下面是成功的结果图:
五、使用 Lwip +实现 HTTPs 5.1 引入库
#define WOLFSSL_USER_SETTINGS//使用自定义配置
/* Example wolfSSL user settings for STM32F7 with CubeMX */#ifndef WOLFSSL_USER_SETTINGS_H#define WOLFSSL_USER_SETTINGS_H#ifdef __cplusplusextern "C" {#endif/* ------------------------------------------------------------------------- *//* Platform *//* ------------------------------------------------------------------------- */#undefWOLFSSL_GENERAL_ALIGNMENT#define WOLFSSL_GENERAL_ALIGNMENT4#undefSINGLE_THREADED#define SINGLE_THREADED#undefWOLFSSL_SMALL_STACK#define WOLFSSL_SMALL_STACK#undefWOLFSSL_STM32F7#define WOLFSSL_STM32F7#undefWOLFSSL_STM32_CUBEMX#define WOLFSSL_STM32_CUBEMX/* Optionally Disable Hardware Hashing Support */#define NO_STM32_HASH//#define NO_STM32_RNG#define NO_STM32_CRYPTO#undefFREERTOS#define FREERTOS#undefWOLFSSL_LWIP#define WOLFSSL_LWIP//#define HAVE_LWIP_NATIVE/* ------------------------------------------------------------------------- *//* Math Configuration *//* ------------------------------------------------------------------------- */#undefUSE_FAST_MATH#define USE_FAST_MATH#ifdef USE_FAST_MATH#undefTFM_TIMING_RESISTANT#define TFM_TIMING_RESISTANT#undefTFM_NO_ASM//#define TFM_NO_ASM/* Optimizations (TFM_ARM, TFM_ASM or none) *///#define TFM_ASM#endif/* ------------------------------------------------------------------------- *//* Crypto *//* ------------------------------------------------------------------------- *//* ECC */#if 1#undefHAVE_ECC#define HAVE_ECC/* Manually define enabled curves */#undefECC_USER_CURVES#define ECC_USER_CURVES//#define HAVE_ECC192//#define HAVE_ECC224#undef NO_ECC256//#define HAVE_ECC384//#define HAVE_ECC521/* Fixed point cache (speeds repeated operations against same private key) */#undefFP_ECC//#define FP_ECC#ifdef FP_ECC/* Bits / Entries */#undefFP_ENTRIES#define FP_ENTRIES2#undefFP_LUT#define FP_LUT4#endif/* Optional ECC calculation method *//* Note: doubles heap usage, but slightly faster */#undefECC_SHAMIR#define ECC_SHAMIR/* Reduces heap usage, but slower */#undefECC_TIMING_RESISTANT#define ECC_TIMING_RESISTANT#ifdef USE_FAST_MATH/* use reduced size math buffers for ecc points */#undefALT_ECC_SIZE#define ALT_ECC_SIZE/* optionally override the default max ecc bits *///#undefFP_MAX_BITS_ECC//#define FP_MAX_BITS_ECC512/* Enable TFM optimizations for ECC *///#define TFM_ECC192//#define TFM_ECC224//#define TFM_ECC256//#define TFM_ECC384//#define TFM_ECC521#endif#endif/* RSA */#undef NO_RSA#if 1#ifdef USE_FAST_MATH/* Maximum math bits (Max RSA key bits * 2) */#undefFP_MAX_BITS#define FP_MAX_BITS4096#endif/* half as much memory but twice as slow */#undefRSA_LOW_MEM//#define RSA_LOW_MEM/* Enables blinding mode, to prevent timing attacks */#undefWC_RSA_BLINDING#define WC_RSA_BLINDING#else#define NO_RSA#endif/* AES */#undef NO_AES#if 1#undefHAVE_AESGCM#define HAVE_AESGCM#ifdef HAVE_AESGCM/* GCM with hardware acceleration requires AES counter/direct for unaligned sizes */#undefWOLFSSL_AES_COUNTER#define WOLFSSL_AES_COUNTER#undefWOLFSSL_AES_DIRECT#define WOLFSSL_AES_DIRECT#endif/* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */#undefGCM_SMALL#define GCM_SMALL#else#define NO_AES#endif/* ChaCha20 / Poly1305 */#undef HAVE_CHACHA#undef HAVE_POLY1305#if 0#define HAVE_CHACHA#define HAVE_POLY1305/* Needed for Poly1305 */#undefHAVE_ONE_TIME_AUTH#define HAVE_ONE_TIME_AUTH#endif/* Ed25519 / Curve25519 */#undef HAVE_CURVE25519#undef HAVE_ED25519#if 0#define HAVE_CURVE25519#define HAVE_ED25519/* Optionally use small math (less flash usage, but much slower) */#if 0#define CURVED25519_SMALL#endif#endif/* ------------------------------------------------------------------------- *//* Hashing *//* ------------------------------------------------------------------------- *//* Sha */#undef NO_SHA#if 1/* 1k smaller, but 25% slower *///#define USE_SLOW_SHA#else#define NO_SHA#endif/* Sha256 */#undef NO_SHA256#if 1#if 1#define WOLFSSL_SHA224#endif#else#define NO_SHA256#endif/* Sha512 */#undef WOLFSSL_SHA512#if 1#define WOLFSSL_SHA512/* Sha384 */#undefWOLFSSL_SHA384#if 1#define WOLFSSL_SHA384#endif/* over twice as small, but 50% slower *///#define USE_SLOW_SHA2#endif/* MD5 */// #undefNO_MD5// #if 1///* enabled */// #else//#define NO_MD5// #endif/* ------------------------------------------------------------------------- *//* HW Crypto Acceleration *//* ------------------------------------------------------------------------- */// See settings.h STM32F4 section/* ------------------------------------------------------------------------- *//* Benchmark / Test *//* ------------------------------------------------------------------------- *//* Use reduced benchmark / test sizes *///#undefBENCH_EMBEDDED//#define BENCH_EMBEDDED//#undefUSE_CERT_BUFFERS_2048//#define USE_CERT_BUFFERS_2048//#undefUSE_CERT_BUFFERS_256//#define USE_CERT_BUFFERS_256/* ------------------------------------------------------------------------- *//* Debugging *//* ------------------------------------------------------------------------- */#undefWOLFSSL_DEBUG#define WOLFSSL_DEBUG#ifdef WOLFSSL_DEBUG/* Use this to measure / print heap usage */#if 0#undefUSE_WOLFSSL_MEMORY#define USE_WOLFSSL_MEMORY#undefWOLFSSL_TRACK_MEMORY#define WOLFSSL_TRACK_MEMORY#endif#else//#undefNO_WOLFSSL_MEMORY//#define NO_WOLFSSL_MEMORY#undefNO_ERROR_STRINGS//#define NO_ERROR_STRINGS#endif#ifdef DEBUG_WOLFSSL#undefWOLFSSL_DEBUG_ERRORS_ONLY#include "dbg_tools.h"#define WOLFSSL_USER_LOG(x) do { DbgPrint(x); DbgPrint("\n"); } while(0);#endif/* ------------------------------------------------------------------------- *//* Port *//* ------------------------------------------------------------------------- *//* Override Current Time *//* Allows custom "custom_time()" function to be used for benchmark */#define WOLFSSL_USER_CURRTIME/* ------------------------------------------------------------------------- *//* RNG *//* ------------------------------------------------------------------------- *//* Size of returned HW RNG value */#define CUSTOM_RAND_TYPEunsigned int#define NO_OLD_RNGNAME/* Choose RNG method */#if 1/* Use built-in P-RNG (SHA256 based) with HW RNG *//* P-RNG + HW RNG (P-RNG is ~8K) */#undefHAVE_HASHDRBG#define HAVE_HASHDRBG#if 0extern unsigned int custom_rand_generate(void);#undefCUSTOM_RAND_GENERATE#define CUSTOM_RAND_GENERATEcustom_rand_generate#endif#else/* Bypass P-RNG and use only HW RNG */extern int custom_rand_generate_block(unsigned char* output, unsigned int sz);#undefCUSTOM_RAND_GENERATE_BLOCK#define CUSTOM_RAND_GENERATE_BLOCKcustom_rand_generate_block#endif/* ------------------------------------------------------------------------- *//* Enable Features *//* ------------------------------------------------------------------------- */#undefKEEP_PEER_CERT//#define KEEP_PEER_CERT#undefHAVE_COMP_KEY//#define HAVE_COMP_KEY#undefHAVE_TLS_EXTENSIONS#define HAVE_TLS_EXTENSIONS#undefHAVE_SUPPORTED_CURVES#define HAVE_SUPPORTED_CURVES#undefWOLFSSL_BASE64_ENCODE#define WOLFSSL_BASE64_ENCODE/* TLS Session Cache */#if 0#define SMALL_SESSION_CACHE#else#define NO_SESSION_CACHE#endif#undefUSER_TIME#define USER_TIME//需要在应用层定义自己的 time_t XTIME(time_t * timer) 函数,直接定义即可/* ------------------------------------------------------------------------- *//* Disable Features *//* ------------------------------------------------------------------------- *///#undefNO_WOLFSSL_SERVER#define NO_WOLFSSL_SERVER//#undefNO_WOLFSSL_CLIENT#define NO_WOLFSSL_CLIENT//#undefNO_CRYPT_TEST#define NO_CRYPT_TEST//#undefNO_CRYPT_BENCHMARK#define NO_CRYPT_BENCHMARK///* In-lining of misc.c functions *////* If defined, must include wolfcrypt/src/misc.c in build *////* Slower, but about 1k smaller *///#undefNO_INLINE#define NO_INLINE//#undefNO_FILESYSTEM//#define NO_FILESYSTEM//#undefNO_WRITEV//#define NO_WRITEV//#undefNO_MAIN_DRIVER//#define NO_MAIN_DRIVER#undefNO_DEV_RANDOM#define NO_DEV_RANDOM//#undefNO_DSA//#define NO_DSA//#undefNO_DH//#define NO_DH//#undefNO_DES3//#define NO_DES3//#undefNO_RC4//#define NO_RC4//#undefNO_OLD_TLS//#define NO_OLD_TLS//#undefNO_HC128//#define NO_HC128//#undefNO_RABBIT//#define NO_RABBIT//#undefNO_PSK//#define NO_PSK//#undefNO_MD4//#define NO_MD4//#undefNO_PWDBASED//#define NO_PWDBASED#ifdef __cplusplus}#endif#endif /* WOLFSSL_USER_SETTINGS_H */
/* wolfssl includes. */#include #include /*!* @brief 重写 wolfssl 的时间获取函数*执行条件:无** @retval: 返回时间戳*/time_t XTIME(time_t * timer){time_t timestamp = get_timestamp(); // 没有实现 SNTP 的话,先使用网上获取的最新时间的时间戳 , 例如:1595836376return timestamp;}
5.2 开启打印 Log 信息
在 .h 中定义宏定义
//开启 wolfssl 的log输出#define DEBUG_WOLFSSL#ifdef DEBUG_WOLFSSL#undefWOLFSSL_DEBUG_ERRORS_ONLY#include "bsp_printlog.h"#define WOLFSSL_USER_LOG(x) do { print_log(x); print_log("\n"); } while(0);//需要自己实现 print_log 函数#endif
在 程序开始之前 , 加入函数接口
wolfSSL_Debugging_ON();