Add FreeRTOS + wolfIP + wolfSSL HTTPS example

This example demonstrates a full-stack embedded networking application using:
- FreeRTOS (POSIX port) for RTOS simulation
- wolfIP for zero-allocation networking
- wolfSSL for TLS 1.3 security

Features:
- Virtual networking through TAP interface
- HTTPS server with TLS 1.3
- UDP echo server for testing
- Comprehensive test scripts

Co-Authored-By: daniele@wolfssl.com <daniele@wolfssl.com>

fullstack/freertos-wolfip-wolfssl-https/.gitignore

@@ -2,6 +2,9 @@
 freertos/FreeRTOS/
 freertos/FreeRTOS-Kernel/
 
+# Certificate files
+certs/
+
 
 # Build directory
 build/

fullstack/freertos-wolfip-wolfssl-https/CMakeLists.txt

@@ -5,6 +5,9 @@ project(freertos_wolfssl_demo C)
 set(CMAKE_C_STANDARD 11)
 set(CMAKE_C_STANDARD_REQUIRED ON)
 
+# wolfSSL configuration
+add_definitions(-DWOLFSSL_USER_SETTINGS)
+
 # FreeRTOS Kernel source files for POSIX port
 set(FREERTOS_PORT_DIR ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/portable/ThirdParty/GCC/Posix)
 set(FREERTOS_HEAP_DIR ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/portable/MemMang)
@@ -14,8 +17,12 @@ include_directories(
     ${CMAKE_CURRENT_SOURCE_DIR}/include
     ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/include
     ${FREERTOS_PORT_DIR}
-    /home/ubuntu/repos/wolfip/src
-    /home/ubuntu/repos/wolfip
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/http
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/port
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfssl
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfssl/include
 )
 
 # FreeRTOS source files
@@ -33,7 +40,9 @@ set(FREERTOS_SOURCES
 
 # Add wolfIP library
 add_library(wolfip STATIC
-    /home/ubuntu/repos/wolfip/src/wolfip.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/wolfip.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/http/httpd.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/port/wolfssl_io.c
 )
 
 # Add the main application
@@ -41,9 +50,11 @@ add_executable(freertos_sim
     ${FREERTOS_SOURCES}
     src/main.c
     src/wolfip_freertos.c
+    src/https_server.c
 )
 
 target_link_libraries(freertos_sim
     pthread
     wolfip
+    wolfssl
 )

fullstack/freertos-wolfip-wolfssl-https/README.md

@@ -0,0 +1,87 @@
+# FreeRTOS + wolfIP + wolfSSL HTTPS Example
+
+This example demonstrates a full-stack embedded networking application using FreeRTOS, wolfIP, and wolfSSL. It implements a secure HTTPS server running on a simulated FreeRTOS environment with TLS 1.3 support.
+
+## Stack Components
+
+The example integrates the following components:
+- FreeRTOS (POSIX port) - Real-time operating system
+- wolfIP - TCP/IP networking stack
+- wolfSSL - TLS 1.3 security layer
+- TAP interface - Virtual network interface
+
+## Building and Running
+
+### Prerequisites
+- wolfSSL library
+- wolfIP library
+- CMake (>= 3.13)
+- GCC
+- Linux with TUN/TAP support
+
+### Setup
+1. Run the setup script to clone FreeRTOS repositories:
+```bash
+./setup.sh
+```
+
+2. Configure the network interface (requires root):
+```bash
+sudo ./setup_network.sh
+```
+
+3. Build the example:
+```bash
+mkdir -p build && cd build
+cmake ..
+make
+```
+
+4. Run the example (requires root):
+```bash
+sudo ./freertos_sim
+```
+
+### Testing
+Test the HTTPS server using curl:
+```bash
+sudo ./test_https.sh
+```
+
+Or manually:
+```bash
+curl -v --cacert /path/to/wolfssl/certs/ca-cert.pem \
+     --tlsv1.3 --insecure https://10.10.0.10:443/
+```
+
+## Software Bill of Materials (SBOM)
+
+| Component | Version | License | Source |
+|-----------|---------|----------|---------|
+| FreeRTOS | Latest | MIT | https://github.com/FreeRTOS/FreeRTOS |
+| FreeRTOS-Kernel | Latest | MIT | https://github.com/FreeRTOS/FreeRTOS-Kernel |
+| wolfSSL | Latest | GPLv2 | https://github.com/wolfSSL/wolfssl |
+| wolfIP | Latest | GPLv2 | https://github.com/wolfSSL/wolfip |
+
+## Features
+- TLS 1.3 support with wolfSSL
+- Zero dynamic memory allocation networking with wolfIP
+- Virtual networking through TAP interface
+- UDP echo server for testing
+- HTTPS server with demo page
+- FreeRTOS task management and scheduling
+
+## Network Configuration
+- TAP Interface: 10.10.0.1/24 (Host)
+- FreeRTOS IP: 10.10.0.10/24
+- Default Gateway: 10.10.0.1
+
+## Security Features
+- TLS 1.3 with modern cipher suites
+- Certificate-based authentication
+- Support for various cryptographic algorithms:
+  - AES (ECB, CBC, GCM)
+  - ChaCha20-Poly1305
+  - Curve25519
+  - ED25519
+  - SHA-2 and SHA-3 family

fullstack/freertos-wolfip-wolfssl-https/include/FreeRTOSConfig.h

@@ -1,3 +1,24 @@
+/* FreeRTOSConfig.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
 #ifndef FREERTOS_CONFIG_H
 #define FREERTOS_CONFIG_H
 

fullstack/freertos-wolfip-wolfssl-https/include/user_settings.h

@@ -0,0 +1,48 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* wolfSSL configuration */
+#ifndef USER_SETTINGS_H
+#define USER_SETTINGS_H
+
+#define WOLFSSL_TLS13
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_SUPPORTED_CURVES
+#define HAVE_FFDHE_2048
+#define HAVE_HKDF
+#define HAVE_AEAD
+#define HAVE_CHACHA
+#define HAVE_POLY1305
+#define WOLFSSL_AES_COUNTER
+#define WOLFSSL_AES_DIRECT
+#define HAVE_AES_ECB
+#define HAVE_AES_CBC
+#define HAVE_AES_GCM
+#define HAVE_AESGCM
+#define HAVE_CURVE25519
+#define HAVE_ED25519
+#define WOLFSSL_SHA384
+#define WOLFSSL_SHA512
+#define WOLFSSL_SHA224
+#define WOLFSSL_SHA3
+#define WOLFSSL_SHAKE256
+
+#endif /* USER_SETTINGS_H */

fullstack/freertos-wolfip-wolfssl-https/setup_network.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+# Configure host TAP interface for wolfSSL embedded testing
+# Creates a TAP interface for virtual networking between host and FreeRTOS
+
+# Check if running as root
+if [ "$EUID" -ne 0 ]; then
+    echo "Please run as root (sudo)"
+    exit 1
+fi
+
+# Remove existing interface if present
+ip link show wtap0 >/dev/null 2>&1 && ip link delete wtap0
+
+# Create new TAP interface and configure it
+ip tuntap add dev wtap0 mode tap
+ip link set wtap0 down
+ip addr flush dev wtap0
+ip addr add 10.10.0.1/24 dev wtap0
+ip link set wtap0 up
+
+echo "TAP interface wtap0 configured with IP 10.10.0.1/24"

fullstack/freertos-wolfip-wolfssl-https/src/https_server.c

@@ -0,0 +1,106 @@
+/* https_server.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#include "https_server.h"
+#include "httpd.h"
+#include <wolfssl/ssl.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+static WOLFSSL_CTX *g_ssl_ctx = NULL;
+static struct httpd g_httpd;
+
+/* Root page handler */
+static int handle_root(struct httpd *httpd, struct http_client *hc, struct http_request *req) {
+    const char *response = "<html><body><h1>wolfSSL HTTPS Demo</h1>"
+                          "<p>TLS 1.3 + FreeRTOS + wolfIP</p></body></html>";
+    http_send_response_headers(hc, HTTP_STATUS_OK, "OK", "text/html", strlen(response));
+    http_send_response_body(hc, response, strlen(response));
+    return 0;
+}
+
+int https_server_init(struct wolfIP *ipstack) {
+    int ret;
+
+    /* Initialize wolfSSL */
+    if ((ret = wolfSSL_Init()) != WOLFSSL_SUCCESS) {
+        printf("Failed to initialize wolfSSL\n");
+        return -1;
+    }
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((g_ssl_ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())) == NULL) {
+        printf("Failed to create WOLFSSL_CTX\n");
+        return -1;
+    }
+
+    /* Load server certificates */
+    if ((ret = wolfSSL_CTX_use_certificate_file(g_ssl_ctx, CERT_FILE, 
+        WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
+        printf("Failed to load %s\n", CERT_FILE);
+        return -1;
+    }
+
+    /* Load server key */
+    if ((ret = wolfSSL_CTX_use_PrivateKey_file(g_ssl_ctx, KEY_FILE,
+        WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
+        printf("Failed to load %s\n", KEY_FILE);
+        return -1;
+    }
+
+    /* Initialize HTTP server with SSL context */
+    if (httpd_init(&g_httpd, ipstack, HTTPS_PORT, g_ssl_ctx) != 0) {
+        printf("Failed to initialize HTTPS server\n");
+        return -1;
+    }
+
+    /* Register handlers */
+    if (httpd_register_handler(&g_httpd, "/", handle_root) != 0) {
+        printf("Failed to register root handler\n");
+        return -1;
+    }
+
+    printf("HTTPS server initialized on port %d\n", HTTPS_PORT);
+    return 0;
+}
+
+static void https_server_task(void* pvParameters) {
+    const TickType_t xDelay = pdMS_TO_TICKS(100);
+    
+    printf("HTTPS server task started\n");
+    
+    /* Task main loop - wolfIP handles connections in callbacks */
+    for(;;) {
+        vTaskDelay(xDelay);
+    }
+}
+
+int https_server_start(void) {
+    BaseType_t ret;
+    
+    ret = xTaskCreate(https_server_task,
+                     "HTTPS_Server",
+                     HTTPS_TASK_STACK_SIZE,
+                     NULL,
+                     HTTPS_TASK_PRIORITY,
+                     NULL);
+                     
+    return (ret == pdPASS) ? 0 : -1;
+}

fullstack/freertos-wolfip-wolfssl-https/src/https_server.h

@@ -0,0 +1,47 @@
+/* https_server.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifndef HTTPS_SERVER_H
+#define HTTPS_SERVER_H
+
+#include "FreeRTOS.h"
+#include "task.h"
+#include "wolfip.h"
+#include "httpd.h"
+#include <wolfssl/ssl.h>
+
+/* HTTPS server configuration */
+#define HTTPS_PORT 443
+#define HTTPS_TASK_STACK_SIZE (16 * 1024)
+#define HTTPS_TASK_PRIORITY (tskIDLE_PRIORITY + 2)
+
+/* Certificate paths */
+#define CERT_FILE "./certs/server-cert.pem"
+#define KEY_FILE  "./certs/server-key.pem"
+#define CA_FILE   "./certs/ca-cert.pem"
+
+/* Initialize HTTPS server with wolfSSL and wolfIP */
+int https_server_init(struct wolfIP *ipstack);
+
+/* Start HTTPS server task */
+int https_server_start(void);
+
+#endif /* HTTPS_SERVER_H */

fullstack/freertos-wolfip-wolfssl-https/src/main.c

@@ -1,7 +1,29 @@
+/* main.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
 #include <stdio.h>
 #include "FreeRTOS.h"
 #include "task.h"
 #include "wolfip_freertos.h"
+#include "https_server.h"
 
 static void testTask(void* pvParameters) {
     const TickType_t xDelay = 1000 / portTICK_PERIOD_MS;
@@ -27,8 +49,20 @@ static void testTask(void* pvParameters) {
         printf("Failed to start UDP echo server\n");
         return;
     }
+
+    printf("Starting HTTPS server...\n");
+    ret = https_server_init(g_wolfip);
+    if (ret != 0) {
+        printf("Failed to initialize HTTPS server\n");
+        return;
+    }
+    ret = https_server_start();
+    if (ret != 0) {
+        printf("Failed to start HTTPS server\n");
+        return;
+    }
     
-    printf("Network stack and UDP echo server running...\n");
+    printf("Network stack, UDP echo server, and HTTPS server running...\n");
     for(;;) {
         vTaskDelay(xDelay);
     }

fullstack/freertos-wolfip-wolfssl-https/src/wolfip_freertos.c

@@ -1,3 +1,24 @@
+/* wolfip_freertos.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
 #include "wolfip_freertos.h"
 #include <stdio.h>
 #include <string.h>
@@ -20,7 +41,7 @@ uint32_t wolfIP_getrandom(void) {
     return ret;
 }
 
-static struct wolfIP *g_wolfip = NULL;
+struct wolfIP *g_wolfip = NULL;
 static TaskHandle_t g_network_task = NULL;
 static int tap_fd = -1;
 
@@ -76,24 +97,6 @@ static int tap_init(struct ll *dev, const char *ifname) {
         return -1;
     }
 
-    /* Configure IP address */
-    struct sockaddr_in *addr = (struct sockaddr_in *)&ifr.ifr_addr;
-    addr->sin_family = AF_INET;
-    addr->sin_addr.s_addr = inet_addr("192.168.1.10");
-    if (ioctl(sock_fd, SIOCSIFADDR, &ifr) < 0) {
-        perror("ioctl SIOCSIFADDR");
-        close(sock_fd);
-        return -1;
-    }
-
-    /* Configure netmask */
-    addr->sin_addr.s_addr = inet_addr("255.255.255.0");
-    if (ioctl(sock_fd, SIOCSIFNETMASK, &ifr) < 0) {
-        perror("ioctl SIOCSIFNETMASK");
-        close(sock_fd);
-        return -1;
-    }
-
     close(sock_fd);
     return 0;
 }
@@ -172,9 +175,9 @@ int wolfIP_FreeRTOS_Init(void) {
     
     /* Configure IP settings */
     wolfIP_ipconfig_set(g_wolfip, 
-        atoip4("192.168.1.10"),     /* IP */
+        atoip4("10.10.0.10"),     /* IP */
         atoip4("255.255.255.0"),    /* Netmask */
-        atoip4("192.168.1.1"));     /* Gateway */
+        atoip4("10.10.0.1"));     /* Gateway */
         
     return 0;
 }

fullstack/freertos-wolfip-wolfssl-https/src/wolfip_freertos.h

@@ -1,3 +1,24 @@
+/* wolfip_freertos.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
 #ifndef WOLFIP_FREERTOS_H
 #define WOLFIP_FREERTOS_H
 
@@ -5,6 +26,9 @@
 #include "task.h"
 #include "wolfip.h"
 
+/* Global wolfIP instance */
+extern struct wolfIP *g_wolfip;
+
 /* Network task configuration */
 #define WOLFIP_TASK_PRIORITY (tskIDLE_PRIORITY + 2)
 #define WOLFIP_TASK_STACK_SIZE (8 * 1024)

fullstack/freertos-wolfip-wolfssl-https/test_https.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# Test HTTPS server with curl using wolfSSL test certificates
+
+# Check if running as root
+if [ "$EUID" -ne 0 ]; then
+    echo "Please run as root (sudo)"
+    exit 1
+fi
+
+# Ensure TAP interface is up
+if ! ip link show wtap0 >/dev/null 2>&1; then
+    echo "TAP interface wtap0 not found. Please run setup_network.sh first."
+    exit 1
+fi
+
+echo "Testing HTTPS server with curl..."
+curl -v --cacert ./certs/ca-cert.pem \
+     --tlsv1.3 --insecure https://10.10.0.10:443/
+
+# Check if curl command succeeded
+if [ $? -eq 0 ]; then
+    echo "HTTPS test successful!"
+else
+    echo "HTTPS test failed!"
+    exit 1
+fi