NOISSUE - Validate Zephyr COAP DTLS SuperMQ client

targets/zephyr/coap-dtls/CMakeLists.txt

@@ -0,0 +1,7 @@
+cmake_minimum_required(VERSION 3.20.0)
+
+find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
+project(coap_client)
+
+FILE(GLOB app_sources src/*.c)
+target_sources(app PRIVATE ${app_sources})

targets/zephyr/coap-dtls/prj.conf

@@ -0,0 +1,64 @@
+# Wi-Fi Configuration
+CONFIG_WIFI=y
+
+# Network Configuration
+CONFIG_NET_CONFIG_AUTO_INIT=n
+CONFIG_NET_CONNECTION_MANAGER=y
+CONFIG_NET_DHCPV4=y
+CONFIG_NET_IF_MAX_IPV4_COUNT=2
+CONFIG_NET_IF_MAX_IPV6_COUNT=2
+CONFIG_NET_IPV4=y
+CONFIG_NET_L2_ETHERNET=y
+CONFIG_NET_L2_WIFI_MGMT=y
+CONFIG_NET_MGMT=y
+CONFIG_NET_MGMT_EVENT=y
+CONFIG_NET_MGMT_EVENT_INFO=y
+CONFIG_NET_MGMT_EVENT_QUEUE_SIZE=10
+CONFIG_NET_MGMT_EVENT_STACK_SIZE=4096
+CONFIG_NET_PKT_RX_COUNT=16
+CONFIG_NET_PKT_TX_COUNT=16
+CONFIG_NET_SOCKETS_SERVICE_STACK_SIZE=4096
+CONFIG_NET_TCP=y
+CONFIG_NET_UDP=y
+CONFIG_NETWORKING=y
+CONFIG_ESP32_WIFI_STA_AUTO_DHCPV4=y
+
+CONFIG_REQUIRES_FULL_LIBC=y
+CONFIG_NET_IPV6=y
+CONFIG_NET_SOCKETS=y
+CONFIG_ZVFS_POLL_MAX=4
+CONFIG_POSIX_API=y
+CONFIG_COAP=y
+CONFIG_CBPRINTF_FP_SUPPORT=y
+
+# LOG Configuration
+CONFIG_NET_LOG=y
+CONFIG_NET_DHCPV4_SERVER_LOG_LEVEL_DBG=y
+
+# Enable DTLS support for CoAP
+CONFIG_NET_SOCKETS_ENABLE_DTLS=y
+CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
+
+# Enable mbedTLS with comprehensive configuration
+CONFIG_MBEDTLS=y
+CONFIG_MBEDTLS_BUILTIN=y
+CONFIG_MBEDTLS_ENABLE_HEAP=y
+CONFIG_MBEDTLS_HEAP_SIZE=65536
+CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=16384
+CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT=y
+CONFIG_MBEDTLS_SERVER_NAME_INDICATION=y
+CONFIG_MBEDTLS_AES_ROM_TABLES=y
+CONFIG_MBEDTLS_TLS_VERSION_1_2=y
+CONFIG_MBEDTLS_MEMORY_DEBUG=y
+CONFIG_MBEDTLS_HAVE_TIME_DATE=y
+
+# Enable TLS credentials
+CONFIG_TLS_CREDENTIALS=y
+CONFIG_TLS_CREDENTIAL_FILENAMES=y
+
+# DTLS socket configurations
+CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=4
+CONFIG_NET_SOCKETS_TLS_MAX_CREDENTIALS=8
+
+CONFIG_ENTROPY_GENERATOR=y
+CONFIG_TEST_RANDOM_GENERATOR=y

targets/zephyr/coap-dtls/src/ca.crt

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICNTCCAdygAwIBAgIPAQIDBAUGBwgJCgsMDQ4PMAoGCCqGSM49BAMCMFMxCzAJ
+BgNVBAYTAkJSMQ8wDQYDVQQIEwZQYXJhbmExETAPBgNVBAcTCEN1cml0aWJhMQ0w
+CwYDVQQKEwRUZXN0MREwDwYDVQQDEwh0ZXN0LmNvbTAeFw0yNTA5MDkyMzQ3MDZa
+Fw0yNTA5MTAwMDQ3MDZaMFMxCzAJBgNVBAYTAkJSMQ8wDQYDVQQIEwZQYXJhbmEx
+ETAPBgNVBAcTCEN1cml0aWJhMQ0wCwYDVQQKEwRUZXN0MREwDwYDVQQDEwh0ZXN0
+LmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFFcPW6545a5BNP+yn9U/c0M
+wemXvzddylFa0KbDtANfRTa+OlDzGPv5pUdZAqIhUCvvDVfgjFOyzApW8X2fk1Sj
+gZIwgY8wDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF
+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRCaYiUMeMTGWb8r2pFcUGU
+PtLDWzAuBgNVHREEJzAlgQtjYUB0ZXN0LmNvbYcEfwAAAYcQAAAAAAAAAAAAAAAA
+AAAAATAKBggqhkjOPQQDAgNHADBEAiBlvAwjskQ1iXY2yTwLWbDaT5TGLJGknCE4
+HD8jclkGggIgVwkjkA0tNSf/bDFuiNtBcCxBnrGbRGETVQkK1tAVJmw=
+-----END CERTIFICATE-----

targets/zephyr/coap-dtls/src/certs.h

@@ -0,0 +1,109 @@
+#ifndef CERTS_H
+#define CERTS_H
+
+#include <zephyr/kernel.h>
+#include <zephyr/logging/log.h>
+#include <zephyr/net/tls_credentials.h>
+
+// TLS security tags for mutual TLS authentication
+#define TLS_TAG_CA_CERT 1
+#define TLS_TAG_CLIENT_CERT 2
+#define TLS_TAG_CLIENT_KEY 3
+
+// CA Certificate
+static const char ca_cert[] = 
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIICNTCCAdygAwIBAgIPAQIDBAUGBwgJCgsMDQ4PMAoGCCqGSM49BAMCMFMxCzAJ\n"
+    "BgNVBAYTAkJSMQ8wDQYDVQQIEwZQYXJhbmExETAPBgNVBAcTCEN1cml0aWJhMQ0w\n"
+    "CwYDVQQKEwRUZXN0MREwDwYDVQQDEwh0ZXN0LmNvbTAeFw0yNTA5MTAwODEwMjZa\n"
+    "Fw0yNTA5MTAwOTEwMjZaMFMxCzAJBgNVBAYTAkJSMQ8wDQYDVQQIEwZQYXJhbmEx\n"
+    "ETAPBgNVBAcTCEN1cml0aWJhMQ0wCwYDVQQKEwRUZXN0MREwDwYDVQQDEwh0ZXN0\n"
+    "LmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFFcPW6545a5BNP+yn9U/c0M\n"
+    "wemXvzddylFa0KbDtANfRTa+OlDzGPv5pUdZAqIhUCvvDVfgjFOyzApW8X2fk1Sj\n"
+    "gZIwgY8wDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF\n"
+    "BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRCaYiUMeMTGWb8r2pFcUGU\n"
+    "PtLDWzAuBgNVHREEJzAlgQtjYUB0ZXN0LmNvbYcEfwAAAYcQAAAAAAAAAAAAAAAA\n"
+    "AAAAATAKBggqhkjOPQQDAgNHADBEAiBL3l0pOMOv/JRYhaMW5tYAANaCVuV8UxHb\n"
+    "GhaWkIDS5AIgRpVFWY9yUjPBqpkaBKJ6HfxAVtYidpM7Ix0QtX1jgJw=\n"
+    "-----END CERTIFICATE-----\n";
+
+static const size_t ca_cert_len = sizeof(ca_cert);
+
+// Client Certificate
+static const char client_cert[] = 
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIICGTCCAb+gAwIBAgIQPxyp2HjLMSgTPQWGI/rX5DAKBggqhkjOPQQDAjBTMQsw\n"
+    "CQYDVQQGEwJCUjEPMA0GA1UECBMGUGFyYW5hMREwDwYDVQQHEwhDdXJpdGliYTEN\n"
+    "MAsGA1UEChMEVGVzdDERMA8GA1UEAxMIdGVzdC5jb20wHhcNMjUwOTEwMDgxMDI2\n"
+    "WhcNMjUwOTEwMDkxMDI2WjBTMQswCQYDVQQGEwJCUjEPMA0GA1UECBMGUGFyYW5h\n"
+    "MREwDwYDVQQHEwhDdXJpdGliYTENMAsGA1UEChMEVGVzdDERMA8GA1UEAxMIdGVz\n"
+    "dC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASn3z2iLvgsONyy3YLwFtAG\n"
+    "SJ1F/7n5b2aMtv9YqOF0QTLBZ+EzLv9tzws6CN8ldlD83QgD9fLkz+rXXfOWrNRf\n"
+    "o3UwczAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUF\n"
+    "BwMBMA4GA1UdDgQHBAUBAgMEBjAyBgNVHREEKzApgQ9jbGllbnRAdGVzdC5jb22H\n"
+    "BH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDSAAwRQIgJbCP2/mR\n"
+    "V080adSG+7AkoCny2WWbS8datU0x8kFOvi0CIQCf3N8uYY7eCVZSzPrWpBSDwJLG\n"
+    "Ky05u7yja8m88wQayA==\n"
+    "-----END CERTIFICATE-----\n";
+
+static const size_t client_cert_len = sizeof(client_cert);
+
+// Client Private Key
+static const char client_key[] =
+    "-----BEGIN EC PRIVATE KEY-----\n"
+    "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg4b9jAE6iNA3Nsm04\n"
+    "gkLWq4FaGVmtuUM2SfMcgfsYArmhRANCAASn3z2iLvgsONyy3YLwFtAGSJ1F/7n5\n"
+    "b2aMtv9YqOF0QTLBZ+EzLv9tzws6CN8ldlD83QgD9fLkz+rXXfOWrNRf\n"
+    "-----END EC PRIVATE KEY-----\n";
+static const size_t client_key_len = sizeof(client_key);
+
+static bool certs_initialized = false;
+
+/**
+ * @brief Initialize TLS certificates for mutual authentication
+ */
+static inline int certs_init(void)
+{
+    int ret;
+
+    if (certs_initialized) {
+        LOG_INF("Certificates already initialized");
+        return 0;
+    }
+
+    LOG_INF("Initializing mutual TLS certificates...");
+
+    // Add the CA certificate
+    ret = tls_credential_add(TLS_TAG_CA_CERT, TLS_CREDENTIAL_NONE,
+                            ca_cert, ca_cert_len);
+    if (ret < 0) {
+        LOG_ERR("Failed to add CA certificate: %d", ret);
+        return ret;
+    }
+    LOG_INF("CA certificate added successfully");
+
+    // Add the client certificate
+    ret = tls_credential_add(TLS_TAG_CLIENT_CERT, TLS_CREDENTIAL_SERVER_CERTIFICATE,
+                            client_cert, client_cert_len);
+    if (ret < 0) {
+        LOG_ERR("Failed to add client certificate: %d", ret);
+        return ret;
+    }
+    LOG_INF("Client certificate added successfully");
+
+    // Add the client private key
+    ret = tls_credential_add(TLS_TAG_CLIENT_KEY, TLS_CREDENTIAL_PRIVATE_KEY,
+                            client_key, client_key_len);
+    if (ret < 0) {
+        LOG_ERR("Failed to add client private key: %d", ret);
+        return ret;
+    }
+    LOG_INF("Client private key added successfully");
+
+    certs_initialized = true;
+    LOG_INF("Mutual TLS certificates initialized successfully");
+
+    return 0;
+}
+
+#endif /* CERTS_H */

targets/zephyr/coap-dtls/src/config.h

@@ -0,0 +1,18 @@
+#ifndef CONFIG_H
+#define CONFIG_H
+
+/* STA Mode Configuration */
+#define WIFI_SSID "SSID"    // Replace `SSID` with WiFi ssid
+#define WIFI_PSK "PASSWORD" // Replace `PASSWORD` with Router password
+
+/* Magistrala Configuration */
+#define MAGISTRALA_IP                                                          \
+  "192.168.8.126" // Replace with your Magistrala instance IP
+#define MAGISTRALA_COAP_PORT 5688  // DTLS port for CoAPS (CoAP over DTLS)
+#define DOMAIN_ID "37e191d5-0e57-4d27-b384-26f3c1439561"         // Replace with your Domain ID
+#define CLIENT_ID "c658801e-ef14-4aca-a024-7fa034e95624"         // Replace with your Client ID
+#define CLIENT_SECRET "316377fe-a105-4afa-85fb-ca020255c5dc" // Replace with your Client secret
+#define CHANNEL_ID "6f81fcb4-0751-414e-a1ce-912045d0a1c7"       // Replace with your Channel ID
+#define MQTT_CLIENTID "c658801e-ef14-4aca-a024-7fa034e95624" // Replace with your actual client ID
+
+#endif