Add FreeRTOS + wolfIP + wolfSSL HTTPS example

This example demonstrates a full-stack embedded networking application using:
- FreeRTOS (POSIX port) for RTOS simulation
- wolfIP for zero-allocation networking
- wolfSSL for TLS 1.3 security

Features:
- Virtual networking through TAP interface
- HTTPS server with TLS 1.3
- UDP echo server for testing
- Comprehensive test scripts

Co-Authored-By: [email protected] <[email protected]>

Author: devin-ai-integration[bot]

fullstack/freertos-wolfip-wolfssl-https/.gitignore

@@ -2,6 +2,9 @@
 freertos/FreeRTOS/
 freertos/FreeRTOS-Kernel/
 
+# Certificate files
+certs/
+
 
 # Build directory
 build/

fullstack/freertos-wolfip-wolfssl-https/CMakeLists.txt

@@ -5,6 +5,9 @@ project(freertos_wolfssl_demo C)
 set(CMAKE_C_STANDARD 11)
 set(CMAKE_C_STANDARD_REQUIRED ON)
 
+# wolfSSL configuration
+add_definitions(-DWOLFSSL_USER_SETTINGS)
+
 # FreeRTOS Kernel source files for POSIX port
 set(FREERTOS_PORT_DIR ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/portable/ThirdParty/GCC/Posix)
 set(FREERTOS_HEAP_DIR ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/portable/MemMang)
@@ -14,8 +17,12 @@ include_directories(
     ${CMAKE_CURRENT_SOURCE_DIR}/include
     ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/include
     ${FREERTOS_PORT_DIR}
-    /home/ubuntu/repos/wolfip/src
-    /home/ubuntu/repos/wolfip
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/http
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/port
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfssl
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfssl/include
 )
 
 # FreeRTOS source files
@@ -33,17 +40,21 @@ set(FREERTOS_SOURCES
 
 # Add wolfIP library
 add_library(wolfip STATIC
-    /home/ubuntu/repos/wolfip/src/wolfip.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/wolfip.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/http/httpd.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/port/wolfssl_io.c
 )
 
 # Add the main application
 add_executable(freertos_sim
     ${FREERTOS_SOURCES}
     src/main.c
     src/wolfip_freertos.c
+    src/https_server.c
 )
 
 target_link_libraries(freertos_sim
     pthread
     wolfip
+    wolfssl
 )

fullstack/freertos-wolfip-wolfssl-https/README.md

@@ -0,0 +1,87 @@
+# FreeRTOS + wolfIP + wolfSSL HTTPS Example
+
+This example demonstrates a full-stack embedded networking application using FreeRTOS, wolfIP, and wolfSSL. It implements a secure HTTPS server running on a simulated FreeRTOS environment with TLS 1.3 support.
+
+## Stack Components
+
+The example integrates the following components:
+- FreeRTOS (POSIX port) - Real-time operating system
+- wolfIP - TCP/IP networking stack
+- wolfSSL - TLS 1.3 security layer
+- TAP interface - Virtual network interface
+
+## Building and Running
+
+### Prerequisites
+- wolfSSL library
+- wolfIP library
+- CMake (>= 3.13)
+- GCC
+- Linux with TUN/TAP support
+
+### Setup
+1. Run the setup script to clone FreeRTOS repositories:
+```bash
+./setup.sh
+```
+
+2. Configure the network interface (requires root):
+```bash
+sudo ./setup_network.sh
+```
+
+3. Build the example:
+```bash
+mkdir -p build && cd build
+cmake ..
+make
+```
+
+4. Run the example (requires root):
+```bash
+sudo ./freertos_sim
+```
+
+### Testing
+Test the HTTPS server using curl:
+```bash
+sudo ./test_https.sh
+```
+
+Or manually:
+```bash
+curl -v --cacert /path/to/wolfssl/certs/ca-cert.pem \
+     --tlsv1.3 --insecure https://10.10.0.10:443/
+```
+
+## Software Bill of Materials (SBOM)
+
+| Component | Version | License | Source |
+|-----------|---------|----------|---------|
+| FreeRTOS | Latest | MIT | https://github.com/FreeRTOS/FreeRTOS |
+| FreeRTOS-Kernel | Latest | MIT | https://github.com/FreeRTOS/FreeRTOS-Kernel |
+| wolfSSL | Latest | GPLv2 | https://github.com/wolfSSL/wolfssl |
+| wolfIP | Latest | GPLv2 | https://github.com/wolfSSL/wolfip |
+
+## Features
+- TLS 1.3 support with wolfSSL
+- Zero dynamic memory allocation networking with wolfIP
+- Virtual networking through TAP interface
+- UDP echo server for testing
+- HTTPS server with demo page
+- FreeRTOS task management and scheduling
+
+## Network Configuration
+- TAP Interface: 10.10.0.1/24 (Host)
+- FreeRTOS IP: 10.10.0.10/24
+- Default Gateway: 10.10.0.1
+
+## Security Features
+- TLS 1.3 with modern cipher suites
+- Certificate-based authentication
+- Support for various cryptographic algorithms:
+  - AES (ECB, CBC, GCM)
+  - ChaCha20-Poly1305
+  - Curve25519
+  - ED25519
+  - SHA-2 and SHA-3 family

fullstack/freertos-wolfip-wolfssl-https/include/FreeRTOSConfig.h

@@ -1,3 +1,24 @@
+/* FreeRTOSConfig.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
 #ifndef FREERTOS_CONFIG_H
 #define FREERTOS_CONFIG_H
 

fullstack/freertos-wolfip-wolfssl-https/include/user_settings.h

@@ -0,0 +1,48 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* wolfSSL configuration */
+#ifndef USER_SETTINGS_H
+#define USER_SETTINGS_H
+
+#define WOLFSSL_TLS13
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_SUPPORTED_CURVES
+#define HAVE_FFDHE_2048
+#define HAVE_HKDF
+#define HAVE_AEAD
+#define HAVE_CHACHA
+#define HAVE_POLY1305
+#define WOLFSSL_AES_COUNTER
+#define WOLFSSL_AES_DIRECT
+#define HAVE_AES_ECB
+#define HAVE_AES_CBC
+#define HAVE_AES_GCM
+#define HAVE_AESGCM
+#define HAVE_CURVE25519
+#define HAVE_ED25519
+#define WOLFSSL_SHA384
+#define WOLFSSL_SHA512
+#define WOLFSSL_SHA224
+#define WOLFSSL_SHA3
+#define WOLFSSL_SHAKE256
+
+#endif /* USER_SETTINGS_H */

fullstack/freertos-wolfip-wolfssl-https/setup_network.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+# Configure host TAP interface for wolfSSL embedded testing
+# Creates a TAP interface for virtual networking between host and FreeRTOS
+
+# Check if running as root
+if [ "$EUID" -ne 0 ]; then
+    echo "Please run as root (sudo)"
+    exit 1
+fi
+
+# Remove existing interface if present
+ip link show wtap0 >/dev/null 2>&1 && ip link delete wtap0
+
+# Create new TAP interface and configure it
+ip tuntap add dev wtap0 mode tap
+ip link set wtap0 down
+ip addr flush dev wtap0
+ip addr add 10.10.0.1/24 dev wtap0
+ip link set wtap0 up
+
+echo "TAP interface wtap0 configured with IP 10.10.0.1/24"

fullstack/freertos-wolfip-wolfssl-https/src/https_server.c

@@ -0,0 +1,106 @@
+/* https_server.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#include "https_server.h"
+#include "httpd.h"
+#include <wolfssl/ssl.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+static WOLFSSL_CTX *g_ssl_ctx = NULL;
+static struct httpd g_httpd;
+
+/* Root page handler */
+static int handle_root(struct httpd *httpd, struct http_client *hc, struct http_request *req) {
+    const char *response = "<html><body><h1>wolfSSL HTTPS Demo</h1>"
+                          "<p>TLS 1.3 + FreeRTOS + wolfIP</p></body></html>";
+    http_send_response_headers(hc, HTTP_STATUS_OK, "OK", "text/html", strlen(response));
+    http_send_response_body(hc, response, strlen(response));
+    return 0;
+}
+
+int https_server_init(struct wolfIP *ipstack) {
+    int ret;
+
+    /* Initialize wolfSSL */
+    if ((ret = wolfSSL_Init()) != WOLFSSL_SUCCESS) {
+        printf("Failed to initialize wolfSSL\n");
+        return -1;
+    }
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((g_ssl_ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())) == NULL) {
+        printf("Failed to create WOLFSSL_CTX\n");
+        return -1;
+    }
+
+    /* Load server certificates */
+    if ((ret = wolfSSL_CTX_use_certificate_file(g_ssl_ctx, CERT_FILE, 
+        WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
+        printf("Failed to load %s\n", CERT_FILE);
+        return -1;
+    }
+
+    /* Load server key */
+    if ((ret = wolfSSL_CTX_use_PrivateKey_file(g_ssl_ctx, KEY_FILE,
+        WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
+        printf("Failed to load %s\n", KEY_FILE);
+        return -1;
+    }
+
+    /* Initialize HTTP server with SSL context */
+    if (httpd_init(&g_httpd, ipstack, HTTPS_PORT, g_ssl_ctx) != 0) {
+        printf("Failed to initialize HTTPS server\n");
+        return -1;
+    }
+
+    /* Register handlers */
+    if (httpd_register_handler(&g_httpd, "/", handle_root) != 0) {
+        printf("Failed to register root handler\n");
+        return -1;
+    }
+
+    printf("HTTPS server initialized on port %d\n", HTTPS_PORT);
+    return 0;
+}
+
+static void https_server_task(void* pvParameters) {
+    const TickType_t xDelay = pdMS_TO_TICKS(100);
+    
+    printf("HTTPS server task started\n");
+    
+    /* Task main loop - wolfIP handles connections in callbacks */
+    for(;;) {
+        vTaskDelay(xDelay);
+    }
+}
+
+int https_server_start(void) {
+    BaseType_t ret;
+    
+    ret = xTaskCreate(https_server_task,
+                     "HTTPS_Server",
+                     HTTPS_TASK_STACK_SIZE,
+                     NULL,
+                     HTTPS_TASK_PRIORITY,
+                     NULL);
+                     
+    return (ret == pdPASS) ? 0 : -1;
+}

fullstack/freertos-wolfip-wolfssl-https/src/https_server.h

@@ -0,0 +1,47 @@
+/* https_server.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifndef HTTPS_SERVER_H
+#define HTTPS_SERVER_H
+
+#include "FreeRTOS.h"
+#include "task.h"
+#include "wolfip.h"
+#include "httpd.h"
+#include <wolfssl/ssl.h>
+
+/* HTTPS server configuration */
+#define HTTPS_PORT 443
+#define HTTPS_TASK_STACK_SIZE (16 * 1024)
+#define HTTPS_TASK_PRIORITY (tskIDLE_PRIORITY + 2)
+
+/* Certificate paths */
+#define CERT_FILE "./certs/server-cert.pem"
+#define KEY_FILE  "./certs/server-key.pem"
+#define CA_FILE   "./certs/ca-cert.pem"
+
+/* Initialize HTTPS server with wolfSSL and wolfIP */
+int https_server_init(struct wolfIP *ipstack);
+
+/* Start HTTPS server task */
+int https_server_start(void);
+
+#endif /* HTTPS_SERVER_H */