Raspberry Pi Pico W || LwIP || MbedTLS: EP.2 HTTPS server Session management

本文章介紹Raspberry Pi Pico W使用LwIP & MbedTLS，利用Cookie建立Session管理。

實驗建立需要登入驗證的網頁與無須登入驗證的網頁兩類別。當開啟需要驗證的網頁時，若尚未登入，則重新導到驗證頁面。

將需要驗證後才能使用的uri存在list中。

軟體主要使用LwIP httpd application, 加入Cookies功能的patch後，利用cookie建立client與server的session管理。

logout 清除client 端session cookie，下次開啟需要驗證的網頁時，需再登入一次。

為了實現session management增加三個實作functions:

char *httpd_set_cookies(const void *connection, const char *uri);
執行上述patch後在httpd.c新增的function call,用於加入Set-Cookie: header。

void httpd_received_cookies(const void *connection, char **cookies);
執行上述patch後在httpd.c新增的function call，本專案修改cookies的parameter屬性，因為server在收到 client送來cookie中的session-id，若在server端已不存在（也許timeout), 將重設cookie為NULL。

void httpd_redirect_uri(char* uri, u16_t *uri_len);
若client的cookie為NULL，則server 將重新導到登入頁面。

每個session設有timeout時間，當在設定的timeout時間內沒有任何存取網頁，則清除server上該session object。當每次存取網頁時就會重設timeout時間。

流程如下圖所示：

本專案測試https與http service同時存在：

HTTPS:

HTTP:

當cookie設定 Secure ，則只能以https方式傳送cookie。因此以http開啟網頁時，因為cookie設定為Secure，即使登入成功，browser也不會送出cookie，因此server將認定為未登入。

詳細程式碼附於文章後面。實驗影片請參閱成果影片。

成果影片

程式碼

• picow_https_auth.c(main)

#include <stdio.h>
#include "pico/stdlib.h"
#include "pico/cyw43_arch.h"
#include "hardware/adc.h"
 
#include "lwip/altcp_tls.h"
#include "lwip/altcp_tcp.h"
#include "lwip/altcp.h"
#include "lwip/apps/httpd.h"
#include "lwip/apps/sntp.h"
 
#include "picow_https_cert.h"
#include "ff.h"
#include "pico_storage.h"
#include "mbedtls/ssl.h"
 
#define LIGHT_PIN 16
#define WIFI_SSID "your-ssid"
#define WIFI_PASSWORD "your-password"
 
struct altcp_tls_config {
  mbedtls_ssl_config conf;
  mbedtls_x509_crt *cert;
  mbedtls_pk_context *pkey;
  u8_t cert_count;
  u8_t cert_max;
  u8_t pkey_count;
  u8_t pkey_max;
  mbedtls_x509_crt *ca;
#if defined(MBEDTLS_SSL_CACHE_C) && ALTCP_MBEDTLS_USE_SESSION_CACHE
  /** Inter-connection cache for fast connection startup */
  struct mbedtls_ssl_cache_context cache;
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && ALTCP_MBEDTLS_USE_SESSION_TICKETS
  mbedtls_ssl_ticket_context ticket_ctx;
#endif
};
 
struct altcp_tls_config *tls_config = NULL;
 
void fs_ex_init(const char *httpd_root_dir);
 
void netif_status_cb(struct netif *netif) {
    if (netif_is_link_up(netif)) {
        ip_addr_t ipaddr;
        ip_addr_t netmask;
        ip_addr_t gateway;
        ipaddr_aton("192.168.1.70", &ipaddr); 
        ipaddr_aton("255.255.255.0", &netmask);
        ipaddr_aton("192.168.1.1", &gateway);
    
        netif_set_addr(netif, &ipaddr, &netmask, &gateway);
    }   
}
bool sntp_time_geted=false;
void sntp_set_system_time(uint32_t sec, uint32_t us)
{
  struct tm info;
  time_t tim = sec;
  struct timeval tmv;
  tmv.tv_sec=sec;
  tmv.tv_usec=us;
  settimeofday(&tmv, 0);
  printf("set time :%s\n", ctime(&tim));
  sntp_time_geted=true;
 
}
 
void ssi_handler_init();
void cgi_handler_init();
 
void format_current_time(char *time_str, uint8_t count) {
    while(!sntp_time_geted) {
      cyw43_arch_poll();
      tight_loop_contents();
    };
    time_t timer=time(NULL);
    struct tm *tm_info  = localtime(&timer);
    strftime(time_str, count, "%a, %d-%b-%Y %X %Z", tm_info);
}
 
#include <malloc.h>
 
uint32_t getTotalHeap(void) {
   extern char __StackLimit, __bss_end__; 
   return &__StackLimit  - &__bss_end__;
}
 
uint32_t getFreeHeap(void) {
   struct mallinfo m = mallinfo();
   return getTotalHeap() - m.uordblks;
}
 
DWORD get_sd_free_size() {
  FATFS *fs;
  DWORD fre_clust, fre_sect, tot_sect;
    /* Get volume information and free clusters of drive 1 */
    if (f_getfree(SDMMC_PATH, &fre_clust, &fs)!= FR_OK) return 0;
    /* Get total sectors and free sectors */
    tot_sect = (fs->n_fatent - 2) * fs->csize;
    fre_sect = fre_clust * fs->csize;
 
    /* Print the free space (assuming 512 bytes/sector) */
//    printf("%10lu KiB total drive space.\n%10lu KiB available.\n", tot_sect / 2, fre_sect / 2);
    return fre_sect / 2;
}
 
float read_onboard_temperature() {
    /* 12-bit conversion, assume max value == ADC_VREF == 3.3 V */
    const float conversionFactor = 3.3f / (1 << 12);
 
    float adc = (float)adc_read() * conversionFactor;
    float tempC = 27.0f - (adc - 0.706f) / 0.001721f;
    return tempC;
}
 
extern void check_timeout_sessions_timer();
 
void system_error_blink() {
  while(1) {
    cyw43_arch_gpio_put(CYW43_WL_GPIO_LED_PIN, !cyw43_arch_gpio_get(CYW43_WL_GPIO_LED_PIN));
    sleep_ms(500);
  }
}
 
int main()
{
    stdio_init_all();
    adc_init();
    adc_set_temp_sensor_enabled(true);
    adc_select_input(4);
 
    if (cyw43_arch_init()) {
        printf("cyw43 arch init error\n");
        system_error_blink();
    }
    gpio_init(LIGHT_PIN);
    gpio_set_dir(LIGHT_PIN, true);
    gpio_put(LIGHT_PIN, 0);
 
    //1. connect to WiFi network and set static IP
    cyw43_arch_enable_sta_mode();
    netif_set_status_callback(netif_default, netif_status_cb);
    int wifi_stat = cyw43_arch_wifi_connect_timeout_ms(WIFI_SSID, WIFI_PASSWORD, CYW43_AUTH_WPA2_AES_PSK, 30000);
    if (wifi_stat) {
        printf("wifi connect error:%d\n", wifi_stat);
        system_error_blink();
    }
    printf("Wifi connected\n");
    printf("get ip addr:%s\n",ipaddr_ntoa(&(cyw43_state.netif[0].ip_addr)));
    
    // 2. set SNTP
    sntp_setoperatingmode(SNTP_OPMODE_POLL);
    sntp_init();
 
    // 3. set TLS connection
    tls_config = altcp_tls_create_config_server_privkey_cert(SERVER_KEY, sizeof(SERVER_KEY), NULL, 0, SERVER_CERT, sizeof(SERVER_CERT));
    mbedtls_x509_crt_parse(tls_config->cert, CA_CERT, sizeof(CA_CERT));
    // for large file size
    mbedtls_ssl_conf_max_frag_len( &tls_config->conf, MBEDTLS_SSL_MAX_FRAG_LEN_4096 );
    //4. mount FS in SD card and start https server
    FATFS fs;
    FIL fil;
    FRESULT res;
    if (f_mount(&fs, SDMMC_PATH, 1) != FR_OK) {
      printf("mount error\n");
      system_error_blink();
    }
 
    int i;
    
    ssi_handler_init();
    cgi_handler_init();
    check_timeout_sessions_timer();
    fs_ex_init(SDMMC_PATH"/");
 
    httpd_inits(tls_config);
    //httpd_init();
 
    char buf[61];
    format_current_time(buf, 60);
    printf(buf);
 
  cyw43_arch_gpio_put(CYW43_WL_GPIO_LED_PIN,1);
    while(1) {
      cyw43_arch_poll();
      sleep_ms(50);
 
    }
    
    return 0;
}
 

• picow_https_ssi.c
  
  

#include <stdio.h>
#include "pico/stdlib.h"
#include "pico/cyw43_arch.h"
#include "lwip/altcp_tls.h"
#include "lwip/altcp_tcp.h"
#include "lwip/altcp.h"
#include "lwip/apps/httpd.h"
#include "lwip/apps/sntp.h"
#include "ff.h"
 
#define DOMAIN "httpsserver"
#define SESSION_TIMEOUT_SEC (10*60)
#define AUTH_USER   "picow"
#define AUTH_PASS   "passw0rd"
#define LIGHT_PIN 16
 
char* session_check_uri[]={
    "/light.shtml", 
    "/demo1.shtml",
    "/demo2.shtml",
    "/light.cgi"
  };
 
typedef struct _sess_id_t{
  uint8_t sess_id[26];
  absolute_time_t timeout;
  struct _sess_id_t *next;
} sess_id_t;
 
typedef struct _conn_t {
  void *connection;
  time_t start_time;
  enum {
    NORMAL_PAGE=0,
    LOGIN_PAGE=1,
    LOGIN_SUCCESSFUL=2,
    LOGOUT_PAGE=3,
  } verified;
  struct _conn_t *next;
} conn_t;
 
char light_img[20];
sess_id_t *sess_header=NULL;
conn_t * conn_header=NULL;
 
void gen_sess_cookie(char *sess_id, char* sess_cookie, uint8_t count) {
  char time_str[40];
  uint8_t sid[26];
 
  time_t timer=time(NULL);
  struct tm *tm_info = localtime(&timer);
 
  srand((unsigned)time(NULL));
  sprintf(sid, "sess_%04d%04d%04d",rand()%10000, rand()%10000, rand()%10000);
  printf("sess_id:%s\n", sid);
  sprintf(sess_id, sid);
  timer+=86400;  // 1 day
  tm_info = localtime(&timer);
 
  strftime(time_str, 40, "%a, %d-%b-%Y %X %Z", tm_info);
  sprintf(sess_cookie, "sess_id=%s; expires=%s; domain=%s; path=/;  Secure", sid, time_str, DOMAIN);
  //sprintf(sess_cookie, "sess_id=%s; expires=%s; domain=%s; path=/; SameSite=Lax", sid, time_str, DOMAIN);
}
 
void new_session_id(char *sid) {
  sess_id_t *newid = (sess_id_t*)calloc(1,sizeof(sess_id_t));
  newid->next = NULL;
  newid->timeout=make_timeout_time_ms(SESSION_TIMEOUT_SEC*1000); // 10 min
  strcpy(newid->sess_id, sid);
 
  sess_id_t *tidp;
 
  if (sess_header == NULL) {
      sess_header = newid;
      
      return;
  } else {
    tidp = sess_header;
    while (tidp->next != NULL) {
      tidp = tidp->next;
    }
  }
  
  tidp->next=newid;
 
  return;
}
 
extern DWORD get_sd_free_size();
extern float read_onboard_temperature();
extern uint32_t getFreeHeap(void);
 
 
/* ==== cgi begin ======*/
const char *
cgi_light_handler(int iIndex, int iNumParams, char *pcParam[], char *pcValue[]) {
    if (iIndex == 0 && iNumParams ==1) {
        if (strcmp(pcParam[0],"action") == 0) {
            strcpy(light_img,"");
            if (strcmp(pcValue[0], "ON")==0) {
              gpio_put(LIGHT_PIN, 1);
              strcpy(light_img, "/img/light_on.png");
            } 
            if (strcmp(pcValue[0],"OFF")==0) {
              gpio_put(LIGHT_PIN, 0);
              strcpy(light_img, "/img/light_off.png");
            } 
            
            return "/light.shtml";
        }
        
    }
    return "/404.html";  
}
 
static const tCGI cgi_handlers[] = {
    { 
        "/light.cgi", cgi_light_handler
    },
    
};
void cgi_handler_init() {
  http_set_cgi_handlers(cgi_handlers, LWIP_ARRAYSIZE(cgi_handlers));
}
/* ==== cgi end ======*/
 
/*  === ssi begin =====*/
const char*  ssi_tags[] = {
    "temp",
    "freeram",
    "freesd",
    "logout",
    "light",
};
 
u16_t __time_critical_func(ssi_handler)(int iIndex, char *pcInsert, int iInsertLen, u16_t current_tag_part, u16_t *next_tag_part)
{
    size_t printed;
    static uint32_t counter=0;
    switch (iIndex) { 
        case 0:     //temp, Temperature
            printed = snprintf(pcInsert, iInsertLen, "%.02f°C", read_onboard_temperature());
        
        break;
        case 1:    // free RAM
            printed = sniprintf(pcInsert, iInsertLen, "%d B", getFreeHeap());
            break;
        case 2:     // SD Free Size
            printed = sniprintf(pcInsert, iInsertLen, "%ld KB", get_sd_free_size());
        break;
        case 3:  // logout uri
        printed = snprintf(pcInsert, iInsertLen,
         "<button onClick='javascript:logout();'>Logout</button>");
         break;
        case 4:  // light
        printed = snprintf(pcInsert, iInsertLen,light_img);
        break;
 
        default: 
          printed = snprintf(pcInsert, iInsertLen, "");
    }
    return printed;
}
void ssi_handler_init() {
    http_set_ssi_handler(ssi_handler,
#if LWIP_HTTPD_SSI_RAW
    NULL, 0
#else
    ssi_tags, LWIP_ARRAYSIZE(ssi_tags)
#endif
    );
    if (gpio_get(LIGHT_PIN))
       strcpy(light_img, "/img/light_on.png");
    else 
      strcpy(light_img, "/img/light_off.png");
 
}
/*  === ssi end =====*/
 
/*===== post begin =====*/
#define USER_PASS_BUFSIZE 16
 
err_t
httpd_post_begin(void *connection, const char *uri, const char *http_request,
                 u16_t http_request_len, int content_len, char *response_uri,
                 u16_t response_uri_len, u8_t *post_auto_wnd)
{
  LWIP_UNUSED_ARG(connection);
  LWIP_UNUSED_ARG(http_request);
  LWIP_UNUSED_ARG(http_request_len);
  LWIP_UNUSED_ARG(content_len);
  LWIP_UNUSED_ARG(post_auto_wnd);
  conn_t *conn = (conn_t*)calloc(1, sizeof(conn_t));
  conn->connection = connection;
  conn->start_time = time(NULL);
  conn->verified = NORMAL_PAGE;
  conn->next=NULL;
  if (conn_header == NULL) {
    conn_header = conn;
  } else {
    conn->next=conn_header;
    conn_header = conn;
  }
 
  if (!memcmp(uri, "/login.cgi", 11)) {
      conn->verified = LOGIN_PAGE;
      snprintf(response_uri, response_uri_len, "/loginfail.html");
      *post_auto_wnd = 1;
      return ERR_OK;
  }
 
  return ERR_VAL;
}
 
err_t
httpd_post_receive_data(void *connection, struct pbuf *p)
{
  err_t ret;
 
  LWIP_ASSERT("NULL pbuf", p != NULL);
  ret = ERR_VAL;
  
  conn_t *start = conn_header;
  while(start != NULL) { 
    if (start->connection == connection) {
      if (start->verified == LOGIN_PAGE) {
      u16_t token_user = pbuf_memfind(p, "user=", 5, 0);
      u16_t token_pass = pbuf_memfind(p, "pass=", 5, 0);
      if ((token_user != 0xFFFF) && (token_pass != 0xFFFF)) {
        u16_t value_user = token_user + 5;
        u16_t value_pass = token_pass + 5;
        u16_t len_user = 0;
        u16_t len_pass = 0;
        u16_t tmp;
        /* find user len */
        tmp = pbuf_memfind(p, "&", 1, value_user);
        if (tmp != 0xFFFF) {
          len_user = tmp - value_user;
        } else {
          len_user = p->tot_len - value_user;
        }
        /* find pass len */
        tmp = pbuf_memfind(p, "&", 1, value_pass);
        if (tmp != 0xFFFF) {
          len_pass = tmp - value_pass;
        } else {
          len_pass = p->tot_len - value_pass;
        }
        if ((len_user > 0) && (len_user < USER_PASS_BUFSIZE) &&
            (len_pass > 0) && (len_pass < USER_PASS_BUFSIZE)) {
          /* provide contiguous storage if p is a chained pbuf */
          char buf_user[USER_PASS_BUFSIZE];
          char buf_pass[USER_PASS_BUFSIZE];
          char *user = (char *)pbuf_get_contiguous(p, buf_user, sizeof(buf_user), len_user, value_user);
          char *pass = (char *)pbuf_get_contiguous(p, buf_pass, sizeof(buf_pass), len_pass, value_pass);
          if (user && pass) {
            user[len_user] = 0;
            pass[len_pass] = 0;
            if (!strcmp(user, AUTH_USER) && !strcmp(pass, AUTH_PASS)) {
              /* user and password are correct, create a "session" */
              start->verified=LOGIN_SUCCESSFUL;
            }
          }
        }
      }
      /* not returning ERR_OK aborts the connection, so return ERR_OK unless the
        connection is unknown */
      ret = ERR_OK;
      break;
    }
  }
    start = start->next;
  }
 
  /* this function must ALWAYS free the pbuf it is passed or it will leak memory */
  pbuf_free(p);
 
  return ret;
}
 
void
httpd_post_finished(void *connection, char *response_uri, u16_t response_uri_len)
{
  /* default page is "login failed" */
  snprintf(response_uri, response_uri_len, "/loginfail.html");
  conn_t *start = conn_header;
  conn_t *pre_conn = conn_header;
  while (start != NULL) {
    if (start->connection == connection) {
        if (start->verified == LOGIN_SUCCESSFUL) {
          /* login succeeded */
          snprintf(response_uri, response_uri_len, "/session.html");
          break;
        }
        if (start == conn_header) { 
            conn_header = start->next;
        }
        else {
            pre_conn->next = start->next;
        }
 
        free(start);
        break;
 
    }
    pre_conn = start;
    start=start->next;
    break;
  }
}
/*===== post end =====*/
 
/* ==== Session manager ===*/
#define SET_COOKIE_SIZE 120
char setCookie[SET_COOKIE_SIZE];
 
char *httpd_set_cookies(const void *connection, const char *uri) {
  LWIP_UNUSED_ARG(uri);
  char cookie[SET_COOKIE_SIZE];
 
  conn_t *start = conn_header;
  conn_t *pre_conn = start;
 
  while(start!=NULL) {
    if (start->connection == connection && start->verified == LOGIN_SUCCESSFUL) {
      char sessid[26];
      gen_sess_cookie(sessid, cookie, SET_COOKIE_SIZE);
      new_session_id(sessid);
      snprintf(setCookie, SET_COOKIE_SIZE, HDR_HTTP_RES_SET_COOKIE "%s\r\n", cookie);
 
      if (start == conn_header) { 
            conn_header = start->next;
        }
        else {
            pre_conn->next = start->next;
        }
      free(start);
      return setCookie;
    }
    pre_conn = start;
    start=start->next;
  }
  return NULL;
}
 
void httpd_received_cookies(const void *connection, char **cookies) {
  char *session = strstr(*cookies, "sess_id=");
  if (session) session+=8;
  sess_id_t* start = sess_header;
  while (start!= NULL) {
    if (strcmp(start->sess_id, session) == 0) {
      // match!  reset timeout
      start->timeout = make_timeout_time_ms(SESSION_TIMEOUT_SEC*1000);
      return;
      break;
    } else {
      start = start->next;
    }
  }
  // not an avail connection cookie, reset cookie to NULL(invalid cookie)
  *cookies=NULL;
  
}
 
void httpd_redirect_uri(char* uri, u16_t *uri_len) {
  char new_uri[(*uri_len)+1];
  strncpy(new_uri, uri, *uri_len);
  new_uri[*uri_len]=0;
 
  for (int idx=0; idx < LWIP_ARRAYSIZE(session_check_uri); idx++) {
    if(strstr(new_uri, session_check_uri[idx])){
        // redirect to authenticate web page
        strcpy(uri, "/login.html");
        *uri_len = strlen("/login.html");
        break;
    }
    
  }
  return ;
}
 
repeating_timer_t timer;
 
bool check_timeout_sessions_isr(repeating_timer_t *t) {
  sess_id_t *start = sess_header;
  sess_id_t *pre_sess = start;
  while (start != NULL) {
    if (absolute_time_diff_us(get_absolute_time(), start->timeout) < 0) {
      if (start == sess_header) {
        sess_header = NULL;
        free(start);
        break;
      } else {
        pre_sess->next = start->next;
        free(start);
        start=pre_sess->next;
      }
      } else {
        pre_sess = start;
        start = start->next;
      }
  }
  return true;
}
 
void check_timeout_sessions_timer() {
    add_repeating_timer_ms(1000*60, check_timeout_sessions_isr, NULL, &timer);
}
 
/* ==== Session manager end ===*/

• picow_https_fs.c
  
  

 /**
 * @file
 * HTTPD custom file system example
 *
 * This file demonstrates how to add support for an external file system to httpd.
 * It provides access to the specified root directory and uses stdio.h file functions
 * to read files.
 *
 * ATTENTION: This implementation is *not* secure: no checks are added to ensure
 * files are only read below the specified root directory!
 */
 
 /*
 * Copyright (c) 2017 Simon Goldschmidt
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without modification, 
 * are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright notice,
 *    this list of conditions and the following disclaimer in the documentation
 *    and/or other materials provided with the distribution.
 * 3. The name of the author may not be used to endorse or promote products
 *    derived from this software without specific prior written permission. 
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
 * OF SUCH DAMAGE.
 *
 * This file is part of the lwIP TCP/IP stack.
 * 
 * Author: Simon Goldschmidt <goldsimon@gmx.de>
 *
 */
 
#include "lwip/opt.h"
 
#include "lwip/apps/fs.h"
#include "lwip/def.h"
#include "lwip/mem.h"
 
#include "stdio.h"
#include "string.h"
#include "ff.h"
#include "pico_storage.h"
 
/////////////////////////////////////////////////////////
 
#if !LWIP_HTTPD_CUSTOM_FILES
#error This needs LWIP_HTTPD_CUSTOM_FILES
#endif
//#if !LWIP_HTTPD_DYNAMIC_HEADERS
//#error This needs LWIP_HTTPD_DYNAMIC_HEADERS
//#endif
//#if !LWIP_HTTPD_DYNAMIC_FILE_READ
//#error This wants to demonstrate read-after-open, so LWIP_HTTPD_DYNAMIC_FILE_READ is required!
//#endif
//#if !LWIP_HTTPD_FS_ASYNC_READ
//#error This needs LWIP_HTTPD_FS_ASYNC_READ
//#endif
#if !LWIP_HTTPD_FILE_EXTENSION
#error This needs LWIP_HTTPD_FILE_EXTENSION
#endif
 
struct fs_custom_data {
  //FILE *f;
  FIL *f;
 
};
 
const char* fs_ex_root_dir;
 
void
fs_ex_init(const char *httpd_root_dir)
{
  fs_ex_root_dir = strdup(httpd_root_dir);
}
 
#if LWIP_HTTPD_CUSTOM_FILES
int
fs_open_custom(struct fs_file *file, const char *name)
{
  char full_filename[256];
  //FILE *f;
  FIL f;
  FRESULT res;
  snprintf(full_filename, 255, "%s%s", fs_ex_root_dir, name);
  full_filename[255] = 0;
 
  //f = fopen(full_filename, "rb");
  res =f_open(&f, full_filename, FA_READ);
  //if (f != NULL) {
  if (res == FR_OK) {
    //if (!fseek(f, 0, SEEK_END)) {
    if (f_lseek(&f, 0) == FR_OK) { 
      //int len = (int)ftell(f);
      int len = (int)f_size(&f);
      //if(!fseek(f, 0, SEEK_SET)) {
        struct fs_custom_data *data = (struct fs_custom_data *)mem_malloc(sizeof(struct fs_custom_data));
        LWIP_ASSERT("out of memory?", data != NULL);
        memset(file, 0, sizeof(struct fs_file));
 
        file->len = len;
 
        file->flags = FS_FILE_FLAGS_HEADER_PERSISTENT;
        
        data->f = &f;
        file->pextension = data;
        return 1;
      //}
    } else {
      printf("open file error:%s\n", name);
    }
    //fclose(f);
    f_close(&f);
  }
  return 0;
}
 
void
fs_close_custom(struct fs_file *file)
{
  //FRESULT res;
  if (file && file->pextension) {
    struct fs_custom_data *data = (struct fs_custom_data *)file->pextension;
    if (data->f != NULL) {
      //fclose(data->f);
      f_close(data->f);
      data->f = NULL;
    }
    mem_free(data);
  }
}
 
#if LWIP_HTTPD_FS_ASYNC_READ
u8_t
fs_canread_custom(struct fs_file *file)
{
  /* This function is only necessary for asynchronous I/O:
     If reading would block, return 0 and implement fs_wait_read_custom() to call the
     supplied callback if reading works. */
 
  LWIP_UNUSED_ARG(file);
  return 1;
}
 
 
 
u8_t
fs_wait_read_custom(struct fs_file *file, fs_wait_cb callback_fn, void *callback_arg)
{
 
  //LWIP_ASSERT("not implemented in this example configuration", 0);
 
  LWIP_UNUSED_ARG(file);
  LWIP_UNUSED_ARG(callback_fn);
  LWIP_UNUSED_ARG(callback_arg);
  /* Return
     - 0 if ready to read (at least one byte)
     - 1 if reading should be delayed (call 'tcpip_callback(callback_fn, callback_arg)' when ready) */
  return 1;
}
 
int
fs_read_async_custom(struct fs_file *file, char *buffer, int count, fs_wait_cb callback_fn, void *callback_arg)
{
  struct fs_custom_data *data = (struct fs_custom_data *)file->pextension;
  //FILE *f;
  FIL *f;
  int len;
  int read_count = count;
  LWIP_ASSERT("data not set", data != NULL);
 
  f = data->f;
  //len = (int)fread(buffer, 1, read_count, f);
 
  f_read(f, buffer,read_count, &len);
 
 
  LWIP_UNUSED_ARG(callback_fn);
  LWIP_UNUSED_ARG(callback_arg);
 
  file->index += len;
 
  /* Return
     - FS_READ_EOF if all bytes have been read
     - FS_READ_DELAYED if reading is delayed (call 'tcpip_callback(callback_fn, callback_arg)' when done) */
  if (len == 0) {
    /* all bytes read already */
    return FS_READ_EOF;
  }
  return len;
}
 
#else /* LWIP_HTTPD_FS_ASYNC_READ */
int
fs_read_custom(struct fs_file *file, char *buffer, int count)
{
  struct fs_custom_data *data = (struct fs_custom_data *)file->pextension;
  //FILE *f;
  FIL *f;
  int len;
  int read_count = count;
  LWIP_ASSERT("data not set", data != NULL);
 
 
 
  f = data->f;
  //len = (int)fread(buffer, 1, read_count, f);
 
  f_read(f, buffer, read_count, &len);
 
  file->index += len;
 
  /* Return FS_READ_EOF if all bytes have been read */
  return len;
}
 
#endif /* LWIP_HTTPD_FS_ASYNC_READ */
#endif /* LWIP_HTTPD_CUSTOM_FILES */
 
 

• CMakeLists.txt
  
  

# Generated Cmake Pico project file
 
cmake_minimum_required(VERSION 3.13)
 
set(CMAKE_C_STANDARD 11)
set(CMAKE_CXX_STANDARD 17)
 
# Initialise pico_sdk from installed location
# (note this can come from environment, CMake cache etc)
set(PICO_SDK_PATH "/home/duser/pico/pico-sdk")
 
set(PICO_BOARD pico_w CACHE STRING "Board type")
 
# Pull in Raspberry Pi Pico SDK (must be before project)
include(pico_sdk_import.cmake)
 
if (PICO_SDK_VERSION_STRING VERSION_LESS "1.4.0")
  message(FATAL_ERROR "Raspberry Pi Pico SDK version 1.4.0 (or later) required. Your version is ${PICO_SDK_VERSION_STRING}")
endif()
 
project(picow_https_auth C CXX ASM)
 
# Initialise the Raspberry Pi Pico SDK
pico_sdk_init()
 
# Add executable. Default name is the project name, version 0.1
 
add_executable(picow_https_auth 
    picow_https_auth.c 
    picow_https_ssi.c
    picow_httpd_fs.c
    )
 
pico_set_program_name(picow_https_auth "picow_https_auth")
pico_set_program_version(picow_https_auth "0.1")
 
pico_enable_stdio_uart(picow_https_auth 1)
pico_enable_stdio_usb(picow_https_auth 0)
 
# Add the standard library to the build
target_link_libraries(picow_https_auth
        pico_stdlib
        hardware_adc)
 
# Add the standard include files to the build
target_include_directories(picow_https_auth PRIVATE
  ${CMAKE_CURRENT_LIST_DIR}
  ${CMAKE_CURRENT_LIST_DIR}/.. # for our common lwipopts or any other standard includes, if required
)
 
# Add any user requested libraries
target_link_libraries(picow_https_auth 
        pico_cyw43_arch_lwip_poll
        pico_lwip_sntp
        pico_lwip_http
        pico_mbedtls
        pico_lwip_mbedtls
        )
 
add_subdirectory(pico_storage_drv)
target_link_libraries(picow_https_auth
        pico_storage_drv
        )
 
pico_add_extra_outputs(picow_https_auth)
 
# Ignore warnings from lwip code
set_source_files_properties(
        ${PICO_LWIP_PATH}/src/apps/altcp_tls/altcp_tls_mbedtls.c
        PROPERTIES
        COMPILE_OPTIONS "-Wno-unused-result"
        )
add_definitions(
  -DSNTP_SERVER_DNS=1
  -DSNTP_SERVER_ADDRESS="pool.ntp.org"
  -DSNTP_SET_SYSTEM_TIME=sntp_set_system_time
  -DSNTP_STARTUP_DELAY=0
  )
  

• lwipopts.h
  
  

#ifndef __LWIPOPTS_H__
#define __LWIPOPTS_H__
 
// Common settings used in most of the pico_w examples
// (see https://www.nongnu.org/lwip/2_1_x/group__lwip__opts.html for details)
 
// allow override in some examples
#ifndef NO_SYS
#define NO_SYS                      1
#endif
// allow override in some examples
#ifndef LWIP_SOCKET
#define LWIP_SOCKET                 0
#endif
#if PICO_CYW43_ARCH_POLL
#define MEM_LIBC_MALLOC             1
#else
// MEM_LIBC_MALLOC is incompatible with non polling versions
#define MEM_LIBC_MALLOC             0
#endif
#define MEM_ALIGNMENT               4
#define MEM_SIZE                    4000
#define MEMP_NUM_TCP_SEG            32
#define MEMP_NUM_ARP_QUEUE          10
#define PBUF_POOL_SIZE              24
#define LWIP_ARP                    1
#define LWIP_ETHERNET               1
#define LWIP_ICMP                   1
#define LWIP_RAW                    1
#define TCP_WND                     (8 * TCP_MSS)
#define TCP_MSS                     1460
#define TCP_SND_BUF                 (8 * TCP_MSS)
#define TCP_SND_QUEUELEN            ((4 * (TCP_SND_BUF) + (TCP_MSS - 1)) / (TCP_MSS))
#define LWIP_NETIF_STATUS_CALLBACK  1
#define LWIP_NETIF_LINK_CALLBACK    1
#define LWIP_NETIF_HOSTNAME         1
#define LWIP_NETCONN                0
#define MEM_STATS                   0
#define SYS_STATS                   0
#define MEMP_STATS                  0
#define LINK_STATS                  0
// #define ETH_PAD_SIZE                2
#define LWIP_CHKSUM_ALGORITHM       3
#define LWIP_DHCP                   1
#define LWIP_IPV4                   1
#define LWIP_TCP                    1
#define LWIP_UDP                    1
#define LWIP_DNS                    1
#define LWIP_TCP_KEEPALIVE          1
#define LWIP_NETIF_TX_SINGLE_PBUF   1
#define DHCP_DOES_ARP_CHECK         0
#define LWIP_DHCP_DOES_ACD_CHECK    0
 
#ifndef NDEBUG
#define LWIP_DEBUG                  1
#define LWIP_STATS                  1
#define LWIP_STATS_DISPLAY          1
#endif
 
#define ETHARP_DEBUG                LWIP_DBG_OFF
#define NETIF_DEBUG                 LWIP_DBG_OFF
#define PBUF_DEBUG                  LWIP_DBG_OFF
#define API_LIB_DEBUG               LWIP_DBG_OFF
#define API_MSG_DEBUG               LWIP_DBG_OFF
#define SOCKETS_DEBUG               LWIP_DBG_OFF
#define ICMP_DEBUG                  LWIP_DBG_OFF
#define INET_DEBUG                  LWIP_DBG_OFF
#define IP_DEBUG                    LWIP_DBG_OFF
#define IP_REASS_DEBUG              LWIP_DBG_OFF
#define RAW_DEBUG                   LWIP_DBG_OFF
#define MEM_DEBUG                   LWIP_DBG_OFF
#define MEMP_DEBUG                  LWIP_DBG_OFF
#define SYS_DEBUG                   LWIP_DBG_OFF
#define TCP_DEBUG                   LWIP_DBG_OFF
#define TCP_INPUT_DEBUG             LWIP_DBG_OFF
#define TCP_OUTPUT_DEBUG            LWIP_DBG_OFF
#define TCP_RTO_DEBUG               LWIP_DBG_OFF
#define TCP_CWND_DEBUG              LWIP_DBG_OFF
#define TCP_WND_DEBUG               LWIP_DBG_OFF
#define TCP_FR_DEBUG                LWIP_DBG_OFF
#define TCP_QLEN_DEBUG              LWIP_DBG_OFF
#define TCP_RST_DEBUG               LWIP_DBG_OFF
#define UDP_DEBUG                   LWIP_DBG_OFF
#define TCPIP_DEBUG                 LWIP_DBG_OFF
#define PPP_DEBUG                   LWIP_DBG_OFF
#define SLIP_DEBUG                  LWIP_DBG_OFF
#define DHCP_DEBUG                  LWIP_DBG_OFF
 
/*  in Pico-SDK above 1.5.0 */
#define MEMP_NUM_SYS_TIMEOUT            (LWIP_NUM_SYS_TIMEOUT_INTERNAL+1)
/* TCP WND must be at least 16 kb to match TLS record size
   or you will get a warning "altcp_tls: TCP_WND is smaller than the RX decrypion buffer, connection RX might stall!" */
// tls
#undef TCP_WND
#define TCP_WND  16384
 
#define LWIP_ALTCP               1
#define LWIP_ALTCP_TLS           1
#define LWIP_ALTCP_TLS_MBEDTLS   1
 
//#define LWIP_DEBUG               1
#define ALTCP_MBEDTLS_DEBUG  LWIP_DBG_ON
 
/* set authmode */
#define ALTCP_MBEDTLS_AUTHMODE MBEDTLS_SSL_VERIFY_NONE
//#define ALTCP_MBEDTLS_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED
 
// httpd
#define HTTPD_ENABLE_HTTPS          1   // enable https
 
#define LWIP_HTTPD 1
#define LWIP_HTTPD_SSI 1
#define LWIP_HTTPD_CGI 1
#define LWIP_HTTPD_SSI_MULTIPART 1
#define LWIP_HTTPD_SUPPORT_POST 1
#define LWIP_HTTPD_SSI_INCLUDE_TAG 0
// extern wbe page files
#define LWIP_HTTPD_CUSTOM_FILES 1
#define LWIP_HTTPD_DYNAMIC_HEADERS 1
#define LWIP_HTTPD_FS_ASYNC_READ 1
#define LWIP_HTTPD_DYNAMIC_FILE_READ 1
#define LWIP_HTTPD_FILE_EXTENSION 1
 
#define LWIP_HTTPD_SUPPORT_COOKIES 1
 
#endif /* __LWIPOPTS_H__ */
 

• mbedtls_config.h
  
  

  /* Workaround for some mbedtls source files using INT_MAX without including limits.h */
#include <limits.h>
 
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_ENTROPY_HARDWARE_ALT
 
#define MBEDTLS_SSL_OUT_CONTENT_LEN    2048
 
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_HAVE_TIME_DATE
 
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_SHA256_SMALLER
#define MBEDTLS_SSL_SERVER_NAME_INDICATION
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_ERROR_C
#define MBEDTLS_MD_C
#define MBEDTLS_MD5_C
#define MBEDTLS_OID_C
#define MBEDTLS_PKCS5_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_RSA_C
#define MBEDTLS_SHA1_C
#define MBEDTLS_SHA224_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA512_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_AES_FEWER_TABLES
 
/* TLS 1.2 */
#define MBEDTLS_SSL_PROTO_TLS1_2
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_GCM_C
#define MBEDTLS_ECDH_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ASN1_WRITE_C
 
// The following is needed to parse a certificate
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_BASE64_C
 
// for large file size
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 
 



• index.shtml
  
  

<html lang="en">
<head><title>Raspberry Pi Pico W - HTTPS Session</title></head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<Script>
function logout() {
    const cookies = document.cookie.split(";");
 
    for (let i = 0; i < cookies.length; i++) {
        const cookie = cookies[i];
        const eqPos = cookie.indexOf("=");
        const name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
        if (name=="sess_id"){
            document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
        }
    }
}
</Script>
<body bgcolor="white" text="black">
<h1><strong>Raspberry Pi Pico W - </strong>HTTPS Session</h1>
<table style="border-collapse: collapse; width: 1000; height: 127px;" border="1">
<tbody>
<tr style="height: 18px;">
<td style="width: 36.5145%; height: 18px;">
<p><a title="System Info" href="index.shtml">Sysem Info</a></p>
<p><button onClick="location.href='login.html'">Login</button>
<p>Login Require:</p>
<ul>
<li><a title="Light Control" href="light.shtml">Light control</a></li>
<li><a title="Demo Page 1" href="demo1.shtml">Demo page 1</a></li>
<li><a title="Demo Page 2" href="demo2.shtml">Demo Page2</a></li>
</ul>
<p>Login not required:</p>
<ul>
<li><a title="Demo Page 3" href="demo3.html">Demo page 3</a></li>
<li><a title="Demo page 4" href="demo4.html">Demo Page 4</a></li>
</ul>
<!--#logout-->
</td>
<td style="width: 63.4855%; height: 18px;">
<p style="text-align: center;"><span style="color: #0000ff; font-size: 24px;"><strong>System information</strong></span></p>
<div style="margin-left:20px;">
<p>Onboard Temp.:<font color=red><!--#temp--></font></p>
<p>Free RAM Size:<font color=red><!--#freeram--></font></p>
<p>Free SD Size:<font color=red><!--#freesd--></font></p>
</div>
</td>
</tr>
</tbody>
</table>
</body></html>
 

• login.html
  
  

<html lang="en">
<head><title>Raspberry Pi Pico W - HTTPS Session</title></head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<Script>
function logout() {
    const cookies = document.cookie.split(";");
 
    for (let i = 0; i < cookies.length; i++) {
        const cookie = cookies[i];
        const eqPos = cookie.indexOf("=");
        const name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
    
       if (name=="sess_id"){
            document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
        }
 
        document.location.href="index.shtml";
    }
}
</Script>
<body bgcolor="white" text="black">
<h1><strong>Raspberry Pi Pico W - </strong>HTTPS Session</h1>
<table style="border-collapse: collapse; width: 1000; height: 127px;" border="1">
<tbody>
<tr style="height: 18px;">
<td style="width: 400; height: 18px;">
<p><a title="System Info" href="index.shtml">Sysem Info</a></p>
<p><button onClick="location.href='login.html'">Login</button>
<p>Login Require:</p>
<ul>
<li><a title="Light Control" href="light.shtml">Light control</a></li>
<li><a title="Demo Page 1" href="demo1.shtml">Demo page 1</a></li>
<li><a title="Demo Page 2" href="demo2.shtml">Demo Page2</a></li>
</ul>
<p>Login not required:</p>
<ul>
<li><a title="Demo Page 3" href="demo3.html">Demo page 3</a></li>
<li><a title="Demo page 4" href="demo4.html">Demo Page 4</a></li>
</ul>
<button onClick='javascript:logout();'>Logout</button>
</td>
<td style="width: 600; height: 18px;">
   <h1>Login</h1>
   <form name="login" action="login.cgi" method="post">
    <div align="center">
     <label><b>Username:</b></label>
     <input type="text" placeholder="Enter Username" name="user" required><br><br>
     <label><b>Password:</b></label>
     <input type="password" placeholder="Enter Password" name="pass" required><br><br>
     
     <button type="submit">Login</button>
    </div>
   </form> 
  </td>
  
 </tr>
</table>
</body>
</html>
 

Raspberry Pi Pico W || LwIP || MbedTLS: EP.1 HTTPS server self-signed Certificate setup & web page files in SD

 本篇文章介紹使用Pico-SDK 結合LwIP and MbedTLS 在Raspberry Pi Pico W上建立HTTPS(Secure HTTP) server。本專案會使用LwIP 中SNTP and HTTP Application。詳細步驟如下說明：

一、連線WiFi並設定static IP:

cyw43_arch_enable_sta_mode();
netif_set_status_callback(netif_default, netif_status_cb);
cyw43_arch_wifi_connect_timeout_ms(WIFI_SSID, WIFI_PASSWORD, CYW43_AUTH_WPA2_AES_PSK, 30000); 

使用netif_set_status_callback當成功連上WiFi時呼叫netif_status_cb設定Static IP。

二、以LwIP SNTP application設定系統時間。
在CMakeLists.txt加入：

add_definitions(
        -DSNTP_SERVER_DNS=1
        -DSNTP_SERVER_ADDRESS="pool.ntp.org"
        -DSNTP_SET_SYSTEM_TIME=sntp_set_system_time
        -DSNTP_STARTUP_DELAY=0
)

sntp_set_system_time為SNTP client取得資料時呼叫的callback function。

在程式中呼叫

sntp_setoperatingmode(SNTP_OPMODE_POLL);
sntp_init();

以啟用SNTP client。

三、建立self-signed Server Side Certificates:

1. openssl genrsa -des3 -out ca.key 2048:
   建立Root CA key。
2. openssl req -new -x509 -days 3650 -key ca.key -out ca.cert:
   建立self-signed root Certificate。
3. openssl genrsa -out server.key 2048:
   建立server side private key。
   
4. openssl req -new -out server.csr -key server.key
   使用server key製作server憑證需求(certificate request)
5. openssl x509 -req -in server.csr -CA ca.cert -CAkey ca.key -CAcreateserial -out server.cert -days 365
   使用root CA ca.cert簽署server side certificate。

四、設定MbedTLS的TLS connection參數：

1. 將ca.cert, server.cert與server.key加入在專案picow_https_cert.h中。
2. CMakeLists.txt加入：
   target_link_libraries(picow_https_server
           pico_cyw43_arch_lwip_poll
           pico_lwip_sntp
           pico_lwip_http
           pico_mbedtls
           pico_lwip_mbedtls
           )
3. 在lwipopts.conf加入：
   

   /*  in Pico-SDK above 1.5.0 */
   #define MEMP_NUM_SYS_TIMEOUT            (LWIP_NUM_SYS_TIMEOUT_INTERNAL+1)
   /* TCP WND must be at least 16 kb to match TLS record size
      or you will get a warning "altcp_tls: TCP_WND is smaller than the RX decrypion buffer, connection RX might stall!" */
   // tls
   #undef TCP_WND
   #define TCP_WND  16384
    
   #define LWIP_ALTCP               1
   #define LWIP_ALTCP_TLS           1
   #define LWIP_ALTCP_TLS_MBEDTLS   1
    
   #define LWIP_DEBUG 1
   #define ALTCP_MBEDTLS_DEBUG  LWIP_DBG_ON
    
   /* set authmode */
   #define ALTCP_MBEDTLS_AUTHMODE MBEDTLS_SSL_VERIFY_NONE
   //#define ALTCP_MBEDTLS_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED
   

   
   
4. 設定tls config:
   加入self-signed root CA certificate, server certificate and server private key
   tls_config = altcp_tls_create_config_server_privkey_cert(SERVER_KEY, sizeof(SERVER_KEY), NULL, 0, SERVER_CERT, sizeof(SERVER_CERT));
   mbedtls_x509_crt_parse(tls_config->cert, CA_CERT, sizeof(CA_CERT));

五、設定https server:

這個專案將web page files放在SD卡上，先mount SD在設定root path
有關pico SD storage driver請參閱前面文章
https server如何讀取page file,修改自LwIP的fs_example.c範例程式。

1. mount SD:
   if (f_mount(&fs, SDMMC_PATH, 1) != FR_OK) {
         printf("mount error\n");
         return 0;
       }
2. 設定web server root path:
       fs_ex_init(SDMMC_PATH"/");
3. 啟用https:
   httpd_inits(tls_config);

使用broswer, curl與wget使令測試，過程如下列影片。

六、成果影片

七、程式碼

• CMakeLists.txt

 
# Generated Cmake Pico project file
 
cmake_minimum_required(VERSION 3.13)
 
set(CMAKE_C_STANDARD 11)
set(CMAKE_CXX_STANDARD 17)
 
# Initialise pico_sdk from installed location
# (note this can come from environment, CMake cache etc)
set(PICO_SDK_PATH "/home/duser/pico/pico-sdk")
 
set(PICO_BOARD pico_w CACHE STRING "Board type")
 
# Pull in Raspberry Pi Pico SDK (must be before project)
include(pico_sdk_import.cmake)
 
if (PICO_SDK_VERSION_STRING VERSION_LESS "1.4.0")
  message(FATAL_ERROR "Raspberry Pi Pico SDK version 1.4.0 (or later) required. Your version is ${PICO_SDK_VERSION_STRING}")
endif()
 
project(picow_https_server C CXX ASM)
 
# Initialise the Raspberry Pi Pico SDK
pico_sdk_init()
 
# Add executable. Default name is the project name, version 0.1
 
add_executable(picow_https_server 
        picow_https_server.c 
        fs_example.c)
 
add_definitions(
        -DSNTP_SERVER_DNS=1
        -DSNTP_SERVER_ADDRESS="pool.ntp.org"
        -DSNTP_SET_SYSTEM_TIME=sntp_set_system_time
        -DSNTP_STARTUP_DELAY=0
)
 
pico_set_program_name(picow_https_server "picow_https_server")
pico_set_program_version(picow_https_server "0.1")
 
pico_enable_stdio_uart(picow_https_server 1)
pico_enable_stdio_usb(picow_https_server 0)
 
# Add the standard library to the build
target_link_libraries(picow_https_server
        pico_stdlib)
 
# Add the standard include files to the build
target_include_directories(picow_https_server PRIVATE
  ${CMAKE_CURRENT_LIST_DIR}
  ${CMAKE_CURRENT_LIST_DIR}/.. # for our common lwipopts or any other standard includes, if required
)
 
# Add any user requested libraries
target_link_libraries(picow_https_server 
        pico_cyw43_arch_lwip_poll
        pico_lwip_sntp
        pico_lwip_http
        pico_mbedtls
        pico_lwip_mbedtls
        )
 
add_subdirectory(pico_storage_drv)
target_link_libraries(picow_https_server
        pico_storage_drv
        )
 
pico_add_extra_outputs(picow_https_server)

• picow_https_server.c

 
#include < stdio.h >
#include "pico/stdlib.h"
#include "pico/cyw43_arch.h"
 
#include "lwip/altcp_tls.h"
#include "lwip/altcp_tcp.h"
#include "lwip/altcp.h"
#include "lwip/apps/httpd.h"
#include "lwip/apps/sntp.h"
 
#include "picow_https_cert.h"
#include "ff.h"
#include "pico_storage.h"
 
 
#define WIFI_SSID "your-ssid"
#define WIFI_PASSWORD "your-password"
 
struct altcp_tls_config {
  mbedtls_ssl_config conf;
  mbedtls_x509_crt *cert;
  mbedtls_pk_context *pkey;
  u8_t cert_count;
  u8_t cert_max;
  u8_t pkey_count;
  u8_t pkey_max;
  mbedtls_x509_crt *ca;
#if defined(MBEDTLS_SSL_CACHE_C) && ALTCP_MBEDTLS_USE_SESSION_CACHE
  /** Inter-connection cache for fast connection startup */
  struct mbedtls_ssl_cache_context cache;
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && ALTCP_MBEDTLS_USE_SESSION_TICKETS
  mbedtls_ssl_ticket_context ticket_ctx;
#endif
};
 
struct altcp_tls_config *tls_config = NULL;
 
void fs_ex_init(const char *httpd_root_dir);
 
void netif_status_cb(struct netif *netif) {
    if (netif_is_link_up(netif)) {
        ip_addr_t ipaddr;
        ip_addr_t netmask;
        ip_addr_t gateway;
        ipaddr_aton("192.168.1.70", &ipaddr); 
        ipaddr_aton("255.255.255.0", &netmask);
        ipaddr_aton("192.168.1.1", &gateway);
    
        netif_set_addr(netif, &ipaddr, &netmask, &gateway);
    }   
}
 
void sntp_set_system_time(uint32_t sec, uint32_t us)
{
  struct tm info;
  time_t tim = sec;
  struct timeval tmv;
  tmv.tv_sec=sec;
  tmv.tv_usec=us;
  settimeofday(&tmv, 0);
  printf("set time :%s\n", ctime(&tim));
  sntp_stop();
}
 
int main()
{
    stdio_init_all();
 
    if (cyw43_arch_init()) {
        printf("cyw43 arch init error\n");
        return 0;
    }
    //1. connect to WiFi network and set static IP
    cyw43_arch_enable_sta_mode();
    netif_set_status_callback(netif_default, netif_status_cb);
    int wifi_stat = cyw43_arch_wifi_connect_timeout_ms(WIFI_SSID, WIFI_PASSWORD, CYW43_AUTH_WPA2_AES_PSK, 30000);
    if (wifi_stat) {
        printf("wifi connect error:%d\n", wifi_stat);
        return 0;
    }
    printf("Wifi connected\n");
    printf("get ip addr:%s\n",ipaddr_ntoa(&(cyw43_state.netif[0].ip_addr)));
    
    // 2. set SNTP
    sntp_setoperatingmode(SNTP_OPMODE_POLL);
    sntp_init();
 
    // 3. set TLS connection
    tls_config = altcp_tls_create_config_server_privkey_cert(SERVER_KEY, sizeof(SERVER_KEY), NULL, 0, SERVER_CERT, sizeof(SERVER_CERT));
    mbedtls_x509_crt_parse(tls_config->cert, CA_CERT, sizeof(CA_CERT));
    
    //4. mount FS in SD card and start https server
    FATFS fs;
    FIL fil;
    FRESULT res;
    if (f_mount(&fs, SDMMC_PATH, 1) != FR_OK) {
      printf("mount error\n");
      return 0;
    }
    fs_ex_init(SDMMC_PATH"/");
    httpd_inits(tls_config);
    
    time_t tm;
    while(1) {
      cyw43_arch_poll();
      sleep_ms(50);
 
    }
 
 
    return 0;
}
 

• fs_example.c

 
/**
 * @file
 * HTTPD custom file system example
 *
 * This file demonstrates how to add support for an external file system to httpd.
 * It provides access to the specified root directory and uses stdio.h file functions
 * to read files.
 *
 * ATTENTION: This implementation is *not* secure: no checks are added to ensure
 * files are only read below the specified root directory!
 */
 
 /*
 * Copyright (c) 2017 Simon Goldschmidt
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without modification, 
 * are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright notice,
 *    this list of conditions and the following disclaimer in the documentation
 *    and/or other materials provided with the distribution.
 * 3. The name of the author may not be used to endorse or promote products
 *    derived from this software without specific prior written permission. 
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
 * OF SUCH DAMAGE.
 *
 * This file is part of the lwIP TCP/IP stack.
 * 
 * Author: Simon Goldschmidt < goldsimon@gmx.de > 
 *
 */
 
#include "lwip/opt.h"
 
 
#include "lwip/apps/fs.h"
#include "lwip/def.h"
#include "lwip/mem.h"
 
#include "stdio.h"
#include "string.h"
#include "ff.h"
#include "pico_storage.h"
 
/** define LWIP_HTTPD_EXAMPLE_CUSTOMFILES to 1 to enable this file system */
#ifndef LWIP_HTTPD_EXAMPLE_CUSTOMFILES
#define LWIP_HTTPD_EXAMPLE_CUSTOMFILES 1
#endif
 
/** define LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED to 1 to delay open and read
 * as if e.g. reading from external SPI flash */
#ifndef LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED
#define LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED 0
#endif
 
/** define LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ to the number of bytes
 * to read to emulate limited transfer buffers and don't read whole files in
 * one chunk.
 * WARNING: lowering this slows down the connection!
 */
#ifndef LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ
#define LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ 0
#endif
 
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES
 
#if !LWIP_HTTPD_CUSTOM_FILES
#error This needs LWIP_HTTPD_CUSTOM_FILES
#endif
#if !LWIP_HTTPD_DYNAMIC_HEADERS
#error This needs LWIP_HTTPD_DYNAMIC_HEADERS
#endif
#if !LWIP_HTTPD_DYNAMIC_FILE_READ
#error This wants to demonstrate read-after-open, so LWIP_HTTPD_DYNAMIC_FILE_READ is required!
#endif
#if !LWIP_HTTPD_FS_ASYNC_READ
#error This needs LWIP_HTTPD_FS_ASYNC_READ
#endif
#if !LWIP_HTTPD_FILE_EXTENSION
#error This needs LWIP_HTTPD_FILE_EXTENSION
#endif
 
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED
#include "lwip/tcpip.h"
#endif
 
struct fs_custom_data {
  //FILE *f;
  FIL *f;
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED
  int delay_read;
  fs_wait_cb callback_fn;
  void *callback_arg;
#endif
};
 
const char* fs_ex_root_dir;
 
void
fs_ex_init(const char *httpd_root_dir)
{
  fs_ex_root_dir = strdup(httpd_root_dir);
}
 
#if LWIP_HTTPD_CUSTOM_FILES
int
fs_open_custom(struct fs_file *file, const char *name)
{
  char full_filename[256];
  //FILE *f;
  FIL f;
  FRESULT res;
  snprintf(full_filename, 255, "%s%s", fs_ex_root_dir, name);
  full_filename[255] = 0;
 
  //f = fopen(full_filename, "rb");
  res =f_open(&f, full_filename, FA_READ);
  //if (f != NULL) {
  if (res == FR_OK) {
    //if (!fseek(f, 0, SEEK_END)) {
    if (f_lseek(&f, 0) == FR_OK) { 
      //int len = (int)ftell(f);
      int len = (int)f_size(&f);
      //if(!fseek(f, 0, SEEK_SET)) {
        struct fs_custom_data *data = (struct fs_custom_data *)mem_malloc(sizeof(struct fs_custom_data));
        LWIP_ASSERT("out of memory?", data != NULL);
        memset(file, 0, sizeof(struct fs_file));
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED
        file->len = 0; /* read size delayed */
        data->delay_read = 3;
        LWIP_UNUSED_ARG(len);
#else
        file->len = len;
#endif
        file->flags = FS_FILE_FLAGS_HEADER_PERSISTENT;
        data->f = &f;
        file->pextension = data;
        return 1;
      //}
    }
    //fclose(f);
    f_close(&f);
  }
  return 0;
}
 
void
fs_close_custom(struct fs_file *file)
{
  if (file && file->pextension) {
    struct fs_custom_data *data = (struct fs_custom_data *)file->pextension;
    if (data->f != NULL) {
      //fclose(data->f);
      f_close(data->f);
      data->f = NULL;
    }
    mem_free(data);
  }
}
 
#if LWIP_HTTPD_FS_ASYNC_READ
u8_t
fs_canread_custom(struct fs_file *file)
{
  /* This function is only necessary for asynchronous I/O:
     If reading would block, return 0 and implement fs_wait_read_custom() to call the
     supplied callback if reading works. */
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED
  struct fs_custom_data *data;
  LWIP_ASSERT("file != NULL", file != NULL);
  data = (struct fs_custom_data *)file->pextension;
  if (data == NULL) {
    /* file transfer has been completed already */
    LWIP_ASSERT("transfer complete", file->index == file->len);
    return 1;
  }
  LWIP_ASSERT("data != NULL", data != NULL);
  /* This just simulates a simple delay. This delay would normally come e.g. from SPI transfer */
  if (data->delay_read == 3) {
    /* delayed file size mode */
    data->delay_read = 1;
    LWIP_ASSERT("", file->len == 0);
    if (!fseek(data->f, 0, SEEK_END)) {
      int len = (int)ftell(data->f);
      if(!fseek(data->f, 0, SEEK_SET)) {
        file->len = len; /* read size delayed */
        data->delay_read = 1;
        return 0;
      }
    }
    /* if we come here, something is wrong with the file */
    LWIP_ASSERT("file error", 0);
  }
  if (data->delay_read == 1) {
    /* tell read function to delay further */
  }
#endif
  LWIP_UNUSED_ARG(file);
  return 1;
}
 
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED
static void
fs_example_read_cb(void *arg)
{
  struct fs_custom_data *data = (struct fs_custom_data *)arg;
  fs_wait_cb callback_fn = data->callback_fn;
  void *callback_arg = data->callback_arg;
  data->callback_fn = NULL;
  data->callback_arg = NULL;
 
  LWIP_ASSERT("no callback_fn", callback_fn != NULL);
 
  callback_fn(callback_arg);
}
#endif
 
u8_t
fs_wait_read_custom(struct fs_file *file, fs_wait_cb callback_fn, void *callback_arg)
{
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED
  err_t err;
  struct fs_custom_data *data = (struct fs_custom_data *)file->pextension;
  LWIP_ASSERT("data not set", data != NULL);
  data->callback_fn = callback_fn;
  data->callback_arg = callback_arg;
  err = tcpip_try_callback(fs_example_read_cb, data);
  LWIP_ASSERT("out of queue elements?", err == ERR_OK);
  LWIP_UNUSED_ARG(err);
#else
  LWIP_ASSERT("not implemented in this example configuration", 0);
#endif
  LWIP_UNUSED_ARG(file);
  LWIP_UNUSED_ARG(callback_fn);
  LWIP_UNUSED_ARG(callback_arg);
  /* Return
     - 0 if ready to read (at least one byte)
     - 1 if reading should be delayed (call 'tcpip_callback(callback_fn, callback_arg)' when ready) */
  return 1;
}
 
int
fs_read_async_custom(struct fs_file *file, char *buffer, int count, fs_wait_cb callback_fn, void *callback_arg)
{
  struct fs_custom_data *data = (struct fs_custom_data *)file->pextension;
  //FILE *f;
  FIL *f;
  int len;
  int read_count = count;
  LWIP_ASSERT("data not set", data != NULL);
 
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED
  /* This just simulates a delay. This delay would normally come e.g. from SPI transfer */
  LWIP_ASSERT("invalid state", data->delay_read >= 0 && data->delay_read <= 2);
  if (data->delay_read == 2) {
    /* no delay next time */
    data->delay_read = 0;
    return FS_READ_DELAYED;
  } else if (data->delay_read == 1) {
    err_t err;
    /* execute requested delay */
    data->delay_read = 2;
    LWIP_ASSERT("duplicate callback request", data->callback_fn == NULL);
    data->callback_fn = callback_fn;
    data->callback_arg = callback_arg;
    err = tcpip_try_callback(fs_example_read_cb, data);
    LWIP_ASSERT("out of queue elements?", err == ERR_OK);
    LWIP_UNUSED_ARG(err);
    return FS_READ_DELAYED;
  }
  /* execute this read but delay the next one */
  data->delay_read = 1;
#endif
 
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ
  read_count = LWIP_MIN(read_count, LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ);
#endif
 
  f = data->f;
  //len = (int)fread(buffer, 1, read_count, f);
  f_read(f, buffer,read_count, &len);
 
  LWIP_UNUSED_ARG(callback_fn);
  LWIP_UNUSED_ARG(callback_arg);
 
  file->index += len;
 
  /* Return
     - FS_READ_EOF if all bytes have been read
     - FS_READ_DELAYED if reading is delayed (call 'tcpip_callback(callback_fn, callback_arg)' when done) */
  if (len == 0) {
    /* all bytes read already */
    return FS_READ_EOF;
  }
  return len;
}
 
#else /* LWIP_HTTPD_FS_ASYNC_READ */
int
fs_read_custom(struct fs_file *file, char *buffer, int count)
{
  struct fs_custom_data *data = (struct fs_custom_data *)file->pextension;
  FILE *f;
  int len;
  int read_count = count;
  LWIP_ASSERT("data not set", data != NULL);
 
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ
  read_count = LWIP_MIN(read_count, LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ);
#endif
 
  f = data->f;
  len = (int)fread(buffer, 1, read_count, f);
 
  file->index += len;
 
  /* Return FS_READ_EOF if all bytes have been read */
  return len;
}
 
#endif /* LWIP_HTTPD_FS_ASYNC_READ */
#endif /* LWIP_HTTPD_CUSTOM_FILES */
 
#endif /* LWIP_HTTPD_EXAMPLE_CUSTOMFILES */
 

• lwipopts.h

 
#ifndef __LWIPOPTS_H__
#define __LWIPOPTS_H__
 
// Common settings used in most of the pico_w examples
// (see https://www.nongnu.org/lwip/2_1_x/group__lwip__opts.html for details)
 
// allow override in some examples
#ifndef NO_SYS
#define NO_SYS                      1
#endif
// allow override in some examples
#ifndef LWIP_SOCKET
#define LWIP_SOCKET                 0
#endif
#if PICO_CYW43_ARCH_POLL
#define MEM_LIBC_MALLOC             1
#else
// MEM_LIBC_MALLOC is incompatible with non polling versions
#define MEM_LIBC_MALLOC             0
#endif
#define MEM_ALIGNMENT               4
#define MEM_SIZE                    4000
#define MEMP_NUM_TCP_SEG            32
#define MEMP_NUM_ARP_QUEUE          10
#define PBUF_POOL_SIZE              24
#define LWIP_ARP                    1
#define LWIP_ETHERNET               1
#define LWIP_ICMP                   1
#define LWIP_RAW                    1
#define TCP_WND                     (8 * TCP_MSS)
#define TCP_MSS                     1460
#define TCP_SND_BUF                 (8 * TCP_MSS)
#define TCP_SND_QUEUELEN            ((4 * (TCP_SND_BUF) + (TCP_MSS - 1)) / (TCP_MSS))
#define LWIP_NETIF_STATUS_CALLBACK  1
#define LWIP_NETIF_LINK_CALLBACK    1
#define LWIP_NETIF_HOSTNAME         1
#define LWIP_NETCONN                0
#define MEM_STATS                   0
#define SYS_STATS                   0
#define MEMP_STATS                  0
#define LINK_STATS                  0
// #define ETH_PAD_SIZE                2
#define LWIP_CHKSUM_ALGORITHM       3
#define LWIP_DHCP                   1
#define LWIP_IPV4                   1
#define LWIP_TCP                    1
#define LWIP_UDP                    1
#define LWIP_DNS                    1
#define LWIP_TCP_KEEPALIVE          1
#define LWIP_NETIF_TX_SINGLE_PBUF   1
#define DHCP_DOES_ARP_CHECK         0
#define LWIP_DHCP_DOES_ACD_CHECK    0
 
#ifndef NDEBUG
#define LWIP_DEBUG                  1
#define LWIP_STATS                  1
#define LWIP_STATS_DISPLAY          1
#endif
 
#define ETHARP_DEBUG                LWIP_DBG_OFF
#define NETIF_DEBUG                 LWIP_DBG_OFF
#define PBUF_DEBUG                  LWIP_DBG_OFF
#define API_LIB_DEBUG               LWIP_DBG_OFF
#define API_MSG_DEBUG               LWIP_DBG_OFF
#define SOCKETS_DEBUG               LWIP_DBG_OFF
#define ICMP_DEBUG                  LWIP_DBG_OFF
#define INET_DEBUG                  LWIP_DBG_OFF
#define IP_DEBUG                    LWIP_DBG_OFF
#define IP_REASS_DEBUG              LWIP_DBG_OFF
#define RAW_DEBUG                   LWIP_DBG_OFF
#define MEM_DEBUG                   LWIP_DBG_OFF
#define MEMP_DEBUG                  LWIP_DBG_OFF
#define SYS_DEBUG                   LWIP_DBG_OFF
#define TCP_DEBUG                   LWIP_DBG_OFF
#define TCP_INPUT_DEBUG             LWIP_DBG_OFF
#define TCP_OUTPUT_DEBUG            LWIP_DBG_OFF
#define TCP_RTO_DEBUG               LWIP_DBG_OFF
#define TCP_CWND_DEBUG              LWIP_DBG_OFF
#define TCP_WND_DEBUG               LWIP_DBG_OFF
#define TCP_FR_DEBUG                LWIP_DBG_OFF
#define TCP_QLEN_DEBUG              LWIP_DBG_OFF
#define TCP_RST_DEBUG               LWIP_DBG_OFF
#define UDP_DEBUG                   LWIP_DBG_OFF
#define TCPIP_DEBUG                 LWIP_DBG_OFF
#define PPP_DEBUG                   LWIP_DBG_OFF
#define SLIP_DEBUG                  LWIP_DBG_OFF
#define DHCP_DEBUG                  LWIP_DBG_OFF
 
/*  in Pico-SDK above 1.5.0 */
#define MEMP_NUM_SYS_TIMEOUT            (LWIP_NUM_SYS_TIMEOUT_INTERNAL+1)
/* TCP WND must be at least 16 kb to match TLS record size
   or you will get a warning "altcp_tls: TCP_WND is smaller than the RX decrypion buffer, connection RX might stall!" */
// tls
#undef TCP_WND
#define TCP_WND  16384
 
#define LWIP_ALTCP               1
#define LWIP_ALTCP_TLS           1
#define LWIP_ALTCP_TLS_MBEDTLS   1
 
#define LWIP_DEBUG 1
#define ALTCP_MBEDTLS_DEBUG  LWIP_DBG_ON
 
/* set authmode */
#define ALTCP_MBEDTLS_AUTHMODE MBEDTLS_SSL_VERIFY_NONE
//#define ALTCP_MBEDTLS_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED
 
// httpd
#define HTTPD_ENABLE_HTTPS          1   // enable https
 
#define LWIP_HTTPD 1
//#define LWIP_HTTPD_SSI 1
//#define LWIP_HTTPD_CGI 1
//#define LWIP_HTTPD_SSI_MULTIPART 1
//#define LWIP_HTTPD_SUPPORT_POST 1
//#define LWIP_HTTPD_SSI_INCLUDE_TAG 0
// extern wbe page files
#define LWIP_HTTPD_CUSTOM_FILES 1
#define LWIP_HTTPD_DYNAMIC_HEADERS 1
#define LWIP_HTTPD_FS_ASYNC_READ 1
#define LWIP_HTTPD_DYNAMIC_FILE_READ 1
#define LWIP_HTTPD_FILE_EXTENSION 1
 
#endif /* __LWIPOPTS_H__ */
 

• mbedtls_config.h

 
/* Workaround for some mbedtls source files using INT_MAX without including limits.h */
#include <limits.h>
 
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_ENTROPY_HARDWARE_ALT
 
#define MBEDTLS_SSL_OUT_CONTENT_LEN    2048
 
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_HAVE_TIME_DATE
 
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_SHA256_SMALLER
#define MBEDTLS_SSL_SERVER_NAME_INDICATION
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_ERROR_C
#define MBEDTLS_MD_C
#define MBEDTLS_MD5_C
#define MBEDTLS_OID_C
#define MBEDTLS_PKCS5_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_RSA_C
#define MBEDTLS_SHA1_C
#define MBEDTLS_SHA224_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA512_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_AES_FEWER_TABLES
 
/* TLS 1.2 */
#define MBEDTLS_SSL_PROTO_TLS1_2
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_GCM_C
#define MBEDTLS_ECDH_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ASN1_WRITE_C
 
// The following is needed to parse a certificate
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_BASE64_C
 
 
 

Raspberry Pi || Node-RED || Pico W || TLS: Ep2. MQTT (mosquitto) 2wayauth

 本文章介紹在Raspberry Pi 3B+上建立Mosquitto MQTT Broker。並在Node-RED 與Pico W上互相Publish 與subscribe message。mosquitto 設定需要user name與password。並啟用TLS 2 way authentication功能。

有關Mosquitto MQTT Broker詳細設定步驟請參閱「MQTT 簡介：使用Mosquitto Broker」文章介紹。

本專案詳細設定步驟請參閱下列影片。

成果影片：

程式碼：

主程式：

• picow_tls_mqtt.c

 
#include "stdio.h"
#include "pico/stdlib.h"
#include "pico/cyw43_arch.h"
#include "picow_tls_mqtt.h"
#include "picow_tls_cert.h"
#include "lwip/apps/mqtt.h"
#include "lwip/altcp.h"
 
#include "pio_rotary_encoder.h"
#include "ws2812.h"
 
#define WS2812_TOTAL_PIXELS 12
#define WIFI_SSID           "your-ssid"
#define WIFI_PASSWORD       "your-password"
#define SERVER_IP           "your-mqtt-broker-ip"
 
static mqtt_client_instance_t mqtt_client;
static int8_t rotary_value=0;
static uint32_t ws2812_color=0;
uint8_t pub_buff[1024];
 
void update_ws2812_color() {
    for (int i=0; i < rotary_value; i++) {
      ws2812_put_pixel_rgb(ws2812_color);
    }
    for (int i=rotary_value; i < WS2812_TOTAL_PIXELS; i++) {
      ws2812_put_pixel_rgb(0x0);
    }
}
 
void mqtt_incoming_data_cb(void *arg, const u8_t *data, u16_t len, u8_t flags)
{
  mqtt_client_instance_t* client_inst = (mqtt_client_instance_t*)arg;
  LWIP_UNUSED_ARG(data);
  memcpy(client_inst->sub_message+client_inst->sub_message_offset, data, len);
  client_inst->sub_message_offset += len;
  if (flags == MQTT_DATA_FLAG_LAST) {
      client_inst->sub_message_recved = true;
      client_inst->sub_message[client_inst->sub_message_offset]=0;
      ws2812_color = strtol(client_inst->sub_message, NULL, 16);
      update_ws2812_color();
  }
 
}
 
void mqtt_incoming_publish_cb(void *arg, const char *topic, u32_t tot_len)
{
    mqtt_client_instance_t* client_inst = (mqtt_client_instance_t*)arg;
    client_inst->sub_message_offset=0;
    client_inst->sub_message_recved=false;
    strcpy(client_inst->sub_topic, topic);
}
 
void mqtt_request_cb(void *arg, err_t err)
{
  mqtt_client_instance_t* client_inst = (mqtt_client_instance_t*)arg;
  client_inst->connected=true;
  //LWIP_PLATFORM_DIAG(("MQTT client \"%s\" request cb: err %d\n", client_inst->mqtt_connect_client_info.client_id, (int)err));
}
 
void mqtt_pub_request_cb(void *arg, err_t err)
{
  mqtt_client_instance_t* client_inst = (mqtt_client_instance_t*)arg;
  //LWIP_PLATFORM_DIAG(("MQTT client \"%s\" pub request cb: err %d\n", client_inst->mqtt_connect_client_info.client_id, (int)err));
}
 
void mqtt_connection_cb(mqtt_client_t *client, void *arg, mqtt_connection_status_t status)
{
    mqtt_client_instance_t* client_inst = (mqtt_client_instance_t*)arg;
    if (status == MQTT_CONNECT_ACCEPTED) {
      mqtt_sub_unsub(client,
            "ws2812_color", 1,
            mqtt_request_cb, LWIP_CONST_CAST(void*, client_inst),
            1);
      
    }
}
 
void rotary_encoder_cb(uint8_t action) {
  if (action == PIO_RE_CLOCKWISE || action == PIO_RE_COUNTERCLOCKWISE) {
    if (action == PIO_RE_CLOCKWISE) {
      rotary_value -= 1;
      if (rotary_value < 0) rotary_value=0;
    }
    if (action == PIO_RE_COUNTERCLOCKWISE) {
      rotary_value += 1;
      if (rotary_value > 12) rotary_value=12;
    }
  }
}
 
int main()
{
    int wifi_stat;
    err_t mqtt_stat;
    stdio_init_all();
    if (cyw43_arch_init()) {
        printf("cyw43 init error\n");
        return 0;
    }
    pio_rotary_encoder_default_init();
    pio_rotary_encoder_set_callback(rotary_encoder_cb);
    ws2812_default_pio_init();
 
    for (int i=0; i < WS2812_TOTAL_PIXELS; i++) ws2812_put_pixel(0x0);
    sleep_ms(50);
    //led: red
    ws2812_put_pixel_rgb(0xff0000);
 
    // connect to WiFi
    cyw43_arch_enable_sta_mode();
    wifi_stat = cyw43_arch_wifi_connect_timeout_ms(WIFI_SSID, WIFI_PASSWORD, CYW43_AUTH_WPA2_AES_PSK, 30000);
    if (wifi_stat) {
        printf("wifi connect error:%d\n", wifi_stat);
        return 0;
    }
    printf("Wifi connected\n");
    //led: blue
    ws2812_put_pixel_rgb(0xff);
 
    //mqtt_client.tls_config = altcp_tls_create_config_client(ca_cert, sizeof(ca_cert));  
    mqtt_client.tls_config = altcp_tls_create_config_client_2wayauth(ca_cert, sizeof(ca_cert), mqtt_client_key, sizeof(mqtt_client_key), NULL, 0, mqtt_client_cert, sizeof(mqtt_client_cert));
    assert(mqtt_client.tls_config);
 
    /*
    // if DNS query
    mbedtls_ssl_set_hostname(altcp_tls_context(tls_client->tpcb), SERVER_NAME);
    tls_client->dns_found=false;
    cyw43_arch_lwip_begin();
    
    tcp_stat = dns_gethostbyname(SERVER_NAME, &tls_client->server_addr, tls_client_dns_found, tls_client);     
    if (tcp_stat == ERR_OK) printf("dns err ok\n");
    if (tcp_stat == ERR_INPROGRESS) printf("dns inprogress...\n");
    while(!tls_client->dns_found && tcp_stat != ERR_OK) {
         cyw43_arch_poll();
        sleep_ms(10);
    }
 
    */
    // if not by dns
    ipaddr_aton(SERVER_IP, &mqtt_client.ipaddr);
   
    // connect to mqtt server;
    mqtt_client.mqtt_connect_client_info = (struct mqtt_connect_client_info_t){
      "clientid", //client_id;
      "username", //client_user;
      "password", //client_pass;
      100,//keep_alive;
      NULL, // will_topic;
      NULL, // will_msg;
      0, //will_qos;
      0,// will_retain;
#if LWIP_ALTCP && LWIP_ALTCP_TLS
      mqtt_client.tls_config //tls_config;
#endif
    };
 
    mqtt_client.client = mqtt_client_new();
    //mbedtls_ssl_set_hostname(altcp_tls_context(conn)), SERVER_NAME);
 
    mqtt_set_inpub_callback(mqtt_client.client,
          mqtt_incoming_publish_cb,
          mqtt_incoming_data_cb,
          LWIP_CONST_CAST(void*, &mqtt_client.mqtt_connect_client_info));
    mqtt_client.connected=false;
    cyw43_arch_lwip_begin();
    mqtt_stat = mqtt_client_connect(mqtt_client.client,
          &mqtt_client.ipaddr, LWIP_IANA_PORT_SECURE_MQTT,
          mqtt_connection_cb, LWIP_CONST_CAST(void*, &mqtt_client),
          &mqtt_client.mqtt_connect_client_info);
    cyw43_arch_lwip_end();
   
    absolute_time_t timeout = make_timeout_time_ms(10000);
    while(!mqtt_client.connected && absolute_time_diff_us(get_absolute_time(), timeout) > 0) {
        sleep_ms(10);
        cyw43_arch_poll();
        printf(".");
    }
    printf("\n");
    if (!mqtt_client.connected) {
      printf("connect mqtt server:timeout\n");
      return 0;
    }
    
    printf("mqtt connected\n");
    // led : green
    ws2812_put_pixel_rgb(0x00ff00);
    ws2812_color = 0x00ff00;
    rotary_value = 1;
   
    sprintf(pub_buff, "%02d", rotary_value);
    mqtt_publish(mqtt_client.client, "ROTARY", pub_buff, 2, 1, 0, mqtt_pub_request_cb, &mqtt_client);
 
    uint8_t pre_rotary_value=rotary_value;
    uint32_t pre_ws2812_color=ws2812_color;
    
    while(1) {
 
        cyw43_arch_poll();
        sleep_ms(10);
        if (pre_rotary_value != rotary_value) {
          sprintf(pub_buff, "%02d", rotary_value);
          mqtt_publish(mqtt_client.client, "ROTARY", pub_buff, 2, 1, 0, mqtt_pub_request_cb, &mqtt_client);
          update_ws2812_color();
          pre_rotary_value = rotary_value;
        }
    }
    cyw43_arch_deinit();
    return 0;
}
 

• picow_tls_mqtt.h

 
#ifndef __PICOW_TLS_CLIENT_H__
#define __PICOW_TLS_CLIENT_H__
#include "lwip/pbuf.h"
#include "lwip/altcp_tcp.h"
#include "lwip/altcp_tcp.h"
#include "lwip/altcp_tls.h"
#include "lwip/dns.h"
#include "lwip/apps/mqtt.h"
#define RECV_BUFF_MAX_LEN   1024
 
typedef struct {
    mqtt_client_t *client;
    struct altcp_tls_config *tls_config;
    ip_addr_t ipaddr;
    struct mqtt_connect_client_info_t mqtt_connect_client_info;
    bool connected;
    uint8_t sub_topic[256];
    uint8_t sub_message[RECV_BUFF_MAX_LEN];
    uint16_t sub_message_offset;
    bool sub_message_recved;
} mqtt_client_instance_t;
 
#endif

• picow_tls_cert.h

 
#define ca_cert "-----BEGIN CERTIFICATE-----\n\
...
-----END CERTIFICATE-----\n"
 
#define mqtt_client_cert "-----BEGIN CERTIFICATE-----\n\
...
-----END CERTIFICATE-----"
 
#define mqtt_client_key "-----BEGIN RSA PRIVATE KEY-----\n\
...
-----END RSA PRIVATE KEY-----"
 

• CMakeLists.txt

 
# Generated Cmake Pico project file
 
cmake_minimum_required(VERSION 3.13)
 
set(CMAKE_C_STANDARD 11)
set(CMAKE_CXX_STANDARD 17)
 
# Initialise pico_sdk from installed location
# (note this can come from environment, CMake cache etc)
set(PICO_SDK_PATH "/home/duser/pico/pico-sdk")
 
set(PICO_BOARD pico_w CACHE STRING "Board type")
 
# Pull in Raspberry Pi Pico SDK (must be before project)
include(pico_sdk_import.cmake)
 
if (PICO_SDK_VERSION_STRING VERSION_LESS "1.4.0")
  message(FATAL_ERROR "Raspberry Pi Pico SDK version 1.4.0 (or later) required. Your version is ${PICO_SDK_VERSION_STRING}")
endif()
 
project(picow_tls_mqtt C CXX ASM)
 
# Initialise the Raspberry Pi Pico SDK
pico_sdk_init()
 
# Add executable. Default name is the project name, version 0.1
 
add_executable(picow_tls_mqtt picow_tls_mqtt.c)
 
pico_set_program_name(picow_tls_mqtt "picow_tls_client")
pico_set_program_version(picow_tls_mqtt "0.1")
 
pico_enable_stdio_uart(picow_tls_mqtt 1)
pico_enable_stdio_usb(picow_tls_mqtt 0)
 
# Add the standard library to the build
target_link_libraries(picow_tls_mqtt
        pico_stdlib)
 
# Add the standard include files to the build
target_include_directories(picow_tls_mqtt PRIVATE
  ${CMAKE_CURRENT_LIST_DIR}
  ${CMAKE_CURRENT_LIST_DIR}/.. # for our common lwipopts or any other standard includes, if required
)
 
# Add any user requested libraries
target_link_libraries(picow_tls_mqtt 
        pico_cyw43_arch_lwip_poll
        pico_lwip_mqtt
        pico_lwip_mbedtls
        pico_mbedtls
        )
add_subdirectory(rotary_encoder) 
target_link_libraries(picow_tls_mqtt
  rotary_encoder
)
 
add_subdirectory(ws2812) 
target_link_libraries(picow_tls_mqtt
ws2812
)
 
pico_add_extra_outputs(picow_tls_mqtt)

• lwipopts.h

 
#ifndef __LWIPOPTS_H__
#define __LWIPOPTS_H__
 
 
// Common settings used in most of the pico_w examples
// (see https://www.nongnu.org/lwip/2_1_x/group__lwip__opts.html for details)
 
// allow override in some examples
#ifndef NO_SYS
#define NO_SYS                      1
#endif
// allow override in some examples
#ifndef LWIP_SOCKET
#define LWIP_SOCKET                 0
#endif
#if PICO_CYW43_ARCH_POLL
#define MEM_LIBC_MALLOC             1
#else
// MEM_LIBC_MALLOC is incompatible with non polling versions
#define MEM_LIBC_MALLOC             0
#endif
#define MEM_ALIGNMENT               4
#define MEM_SIZE                    4000
#define MEMP_NUM_TCP_SEG            32
#define MEMP_NUM_ARP_QUEUE          10
#define PBUF_POOL_SIZE              24
#define LWIP_ARP                    1
#define LWIP_ETHERNET               1
#define LWIP_ICMP                   1
#define LWIP_RAW                    1
#define TCP_WND                     (8 * TCP_MSS)
#define TCP_MSS                     1460
#define TCP_SND_BUF                 (8 * TCP_MSS)
#define TCP_SND_QUEUELEN            ((4 * (TCP_SND_BUF) + (TCP_MSS - 1)) / (TCP_MSS))
#define LWIP_NETIF_STATUS_CALLBACK  1
#define LWIP_NETIF_LINK_CALLBACK    1
#define LWIP_NETIF_HOSTNAME         1
#define LWIP_NETCONN                0
#define MEM_STATS                   0
#define SYS_STATS                   0
#define MEMP_STATS                  0
#define LINK_STATS                  0
// #define ETH_PAD_SIZE                2
#define LWIP_CHKSUM_ALGORITHM       3
#define LWIP_DHCP                   1
#define LWIP_IPV4                   1
#define LWIP_TCP                    1
#define LWIP_UDP                    1
#define LWIP_DNS                    1
#define LWIP_TCP_KEEPALIVE          1
#define LWIP_NETIF_TX_SINGLE_PBUF   1
#define DHCP_DOES_ARP_CHECK         0
#define LWIP_DHCP_DOES_ACD_CHECK    0
 
#ifndef NDEBUG
#define LWIP_DEBUG                  1
#define LWIP_STATS                  1
#define LWIP_STATS_DISPLAY          1
#endif
 
#define ETHARP_DEBUG                LWIP_DBG_OFF
#define NETIF_DEBUG                 LWIP_DBG_OFF
#define PBUF_DEBUG                  LWIP_DBG_OFF
#define API_LIB_DEBUG               LWIP_DBG_OFF
#define API_MSG_DEBUG               LWIP_DBG_OFF
#define SOCKETS_DEBUG               LWIP_DBG_OFF
#define ICMP_DEBUG                  LWIP_DBG_OFF
#define INET_DEBUG                  LWIP_DBG_OFF
#define IP_DEBUG                    LWIP_DBG_OFF
#define IP_REASS_DEBUG              LWIP_DBG_OFF
#define RAW_DEBUG                   LWIP_DBG_OFF
#define MEM_DEBUG                   LWIP_DBG_OFF
#define MEMP_DEBUG                  LWIP_DBG_OFF
#define SYS_DEBUG                   LWIP_DBG_OFF
#define TCP_DEBUG                   LWIP_DBG_OFF
#define TCP_INPUT_DEBUG             LWIP_DBG_OFF
#define TCP_OUTPUT_DEBUG            LWIP_DBG_OFF
#define TCP_RTO_DEBUG               LWIP_DBG_OFF
#define TCP_CWND_DEBUG              LWIP_DBG_OFF
#define TCP_WND_DEBUG               LWIP_DBG_OFF
#define TCP_FR_DEBUG                LWIP_DBG_OFF
#define TCP_QLEN_DEBUG              LWIP_DBG_OFF
#define TCP_RST_DEBUG               LWIP_DBG_OFF
#define UDP_DEBUG                   LWIP_DBG_OFF
#define TCPIP_DEBUG                 LWIP_DBG_OFF
#define PPP_DEBUG                   LWIP_DBG_OFF
#define SLIP_DEBUG                  LWIP_DBG_OFF
#define DHCP_DEBUG                  LWIP_DBG_OFF
 
/*  in Pico-SDK above 1.5.0 */
#define MEMP_NUM_SYS_TIMEOUT            (LWIP_NUM_SYS_TIMEOUT_INTERNAL+1)
 
/* TCP WND must be at least 16 kb to match TLS record size
   or you will get a warning "altcp_tls: TCP_WND is smaller than the RX decrypion buffer, connection RX might stall!" */
// tls
#undef TCP_WND
#define TCP_WND  16384
 
#define LWIP_ALTCP               1
#define LWIP_ALTCP_TLS           1
#define LWIP_ALTCP_TLS_MBEDTLS   1
 
#define LWIP_DEBUG 1
#define ALTCP_MBEDTLS_DEBUG  LWIP_DBG_ON
 
/* set authmode */
#define ALTCP_MBEDTLS_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED
 
#endif /* __LWIPOPTS_H__ */
 

• mbedtls_config.h

 
/* Workaround for some mbedtls source files using INT_MAX without including limits.h */
#include < limits.h >
 
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_ENTROPY_HARDWARE_ALT
 
#define MBEDTLS_SSL_OUT_CONTENT_LEN    2048
 
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#define MBEDTLS_HAVE_TIME
 
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_SHA256_SMALLER
#define MBEDTLS_SSL_SERVER_NAME_INDICATION
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_ERROR_C
#define MBEDTLS_MD_C
#define MBEDTLS_MD5_C
#define MBEDTLS_OID_C
#define MBEDTLS_PKCS5_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_RSA_C
#define MBEDTLS_SHA1_C
#define MBEDTLS_SHA224_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA512_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_AES_FEWER_TABLES
 
/* TLS 1.2 */
#define MBEDTLS_SSL_PROTO_TLS1_2
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_GCM_C
#define MBEDTLS_ECDH_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ASN1_WRITE_C
 
// The following is needed to parse a certificate
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_BASE64_C
 

Rotary Encoder:

• pio_rotary_encoder.c

 
#include "pico/stdio.h"
#include "pico/stdlib.h"
#include "hardware/pio.h"
#include "hardware/gpio.h"
 
#include "pio_rotary_encoder.h"
#include "rotary_encoder.pio.h"
#include "hardware/clocks.h"
 
void (*pio_callback)(uint8_t action);
 
void rotary_encoder_irq_handler() {
    if (pio_interrupt_get(RE_PIO, ROTARY_INT_NUM)) { // 1: clockwise, 2: countclockwise
        pio_interrupt_clear(RE_PIO, ROTARY_INT_NUM); 
        uint32_t act = pio_sm_get_blocking(RE_PIO, RE_SM_ROTARY);
        if (act == PIO_RE_CLOCKWISE || act == PIO_RE_COUNTERCLOCKWISE) { //PIO_RE_CLOCKWISE;
            pio_callback((uint8_t)act);
        } else {
            pio_callback(PIO_RE_UNKNOW);
        }
    }
    if (pio_interrupt_get(RE_PIO, SWITCH_INT_NUM)) {
        pio_interrupt_clear(RE_PIO, SWITCH_INT_NUM);
        uint8_t action  = PIO_RE_SWPRESS;
 
        pio_callback(action);
    }
    
    
}
 
void pio_rotary_switch_init(PIO pio, uint sm, uint in_base, uint freq) {
    gpio_pull_up(in_base);  // software pull-up
 
    pio_sm_config c;
    uint offset = pio_add_program(pio, &rotary_switch_program);
 
    c = rotary_switch_program_get_default_config(offset);
    
    pio_gpio_init(pio, in_base);
 
    pio_sm_set_consecutive_pindirs(pio, sm, in_base,  1,false);
     
    sm_config_set_in_pins(&c, in_base);
    sm_config_set_in_shift(&c, false, false, 1);
 
    float div = clock_get_hz(clk_sys)/freq;
    sm_config_set_clkdiv(&c, div);
    
    uint pio_irq_num = (pio==pio0) ? PIO0_IRQ_0: PIO1_IRQ_0;
    pio_set_irq0_source_enabled(pio, pis_interrupt0, true);
    pio_set_irq0_source_enabled(pio, pis_interrupt1, true);
    irq_add_shared_handler(pio_irq_num, rotary_encoder_irq_handler, PICO_SHARED_IRQ_HANDLER_DEFAULT_ORDER_PRIORITY);
    irq_set_enabled(pio_irq_num, true);
    pio_sm_init(pio, sm, offset, &c);
    pio_sm_set_enabled(pio, sm, true);
}
 
void pio_rotary_encoder_init(PIO pio, uint sm, uint in_base, uint freq) {
    pio_sm_config c;
    uint offset = pio_add_program(pio, &rotary_encoder_program);
 
    c = rotary_encoder_program_get_default_config(offset);
    
    for (int i=0; i < 2; i++) pio_gpio_init(pio, in_base+i);
 
    pio_sm_set_consecutive_pindirs(pio, sm, in_base,  2,false);
     
    sm_config_set_in_pins(&c, in_base);
    sm_config_set_in_shift(&c, false, false, 2);
 
    float div = clock_get_hz(clk_sys)/freq;
    sm_config_set_clkdiv(&c, div);
    
    uint pio_irq_num = (pio==pio0) ? PIO0_IRQ_0: PIO1_IRQ_0;
    pio_set_irq0_source_enabled(pio, pis_interrupt0, true);
  
    irq_add_shared_handler(pio_irq_num, rotary_encoder_irq_handler, PICO_SHARED_IRQ_HANDLER_DEFAULT_ORDER_PRIORITY);
    irq_set_enabled(pio_irq_num, true);
    pio_sm_init(pio, sm, offset, &c);
    pio_sm_set_enabled(pio, sm, true);
}
 
 
 
void pio_rotary_encoder_default_init() {
    pio_rotary_switch_init(RE_PIO, RE_SM_SWITCH, RE_SW_PIN, 2000);
    pio_rotary_encoder_init(RE_PIO, RE_SM_ROTARY, RE_CLK_DT_PIN, RE_SM_FREQ);
}
void pio_rotary_encoder_set_callback(void (*cb)(uint8_t action)) {
    pio_callback=cb;
}

• pio_rotary_encoder.h

 
#ifndef _PIO_ROTARY_ENCODER_H_
#define _PIO_ROTARY_ENCODER_H_
#include "hardware/pio.h"
 
#define RE_PIO          pio0
#define RE_CLK_DT_PIN  16
#define RE_SW_PIN      18
#define RE_PIO      pio0
#define RE_SM_ROTARY      (0)
#define RE_SM_SWITCH      (1)
#define RE_SM_FREQ  100000
enum PIO_RE_ACTION{
    PIO_RE_CLOCKWISE=1,
    PIO_RE_COUNTERCLOCKWISE=2,
    PIO_RE_SWPRESS=3,
    PIO_RE_UNKNOW=4
};
 
void pio_rotary_switch_init(PIO pio, uint sm, uint in_base, uint freq);
void pio_rotary_encoder_init(PIO pio, uint sm, uint in_base, uint freq);
void pio_rotary_encoder_default_init();
void pio_rotary_encoder_set_callback(void (*cb)(uint8_t action));
 
 
#endif 

• rotary_encoder.pio

 
.define public ROTARY_INT_NUM 0
.define public SWITCH_INT_NUM 1
.program rotary_encoder
start:
in pins, 2 [31]
mov x, isr          ; CLK, DT present state
mov y, osr          ; CLK, DT previous state
jmp x!=y, rotary    ; not eaqual, rotary occure
jmp saveoldvalue    ; clear ISR
rotary:
set y, 0b01         ;
jmp x!=y, pos10
jmp check_dir
pos10:
set y, 0b10
jmp x!=y, saveoldvalue
jmp check_dir
saveoldvalue:
mov osr, isr 
in NULL, 32  ;; imporant to clear ISR
jmp start 
 
check_dir:
out y,1     ; previous state DT bit
mov osr,x   ; save oldvalue
in NULL, 32 ; clear ISR
in x, 1     ; shift in present state DT bit 
mov x, isr  ; present state DT bit
jmp x!=y counterclockwise
jmp clockwise
 
clockwise:
set y,1         ; clockwise: value = 1
jmp output
counterclockwise:
set y,2         ; counterclockwise: value = 2
output:
mov isr, y
push
irq wait ROTARY_INT_NUM
jmp start  
 
.program rotary_switch
wait 0 pin 0 [31]       ; Switch PIN is initially pulled up 
irq wait SWITCH_INT_NUM              ; [31] wait for button bounce
wait 1 pin 0 [31]
 
 
 

• CMakeLists.txt

 
add_library(rotary_encoder INTERFACE)
pico_generate_pio_header(rotary_encoder ${CMAKE_CURRENT_LIST_DIR}/rotary_encoder.pio)
target_sources(rotary_encoder INTERFACE
    ${CMAKE_CURRENT_LIST_DIR}/pio_rotary_encoder.c
)
 
target_include_directories(rotary_encoder INTERFACE
    ${CMAKE_CURRENT_LIST_DIR}
 
)
 
target_link_libraries(rotary_encoder INTERFACE
        hardware_pio
)
 

ws2812:

• ws2812.c

 
#include "pico/stdio.h"
#include "pico/stdlib.h"
#include "hardware/pio.h"
#include "hardware/clocks.h"
#include "ws2812.pio.h"
#include "ws2812.h"
 
void ws2812_pio_init(PIO pio, uint sm, uint pin, float freq) {
    pio_gpio_init(pio, pin);
    pio_sm_set_consecutive_pindirs(pio, sm, pin, 1, true);
 
    uint offset = pio_add_program(pio, &ws2812_program);
 
    pio_sm_config c = ws2812_program_get_default_config(offset);
    sm_config_set_sideset_pins(&c, pin);
    sm_config_set_out_shift(&c, false, true, 24);
    sm_config_set_fifo_join(&c, PIO_FIFO_JOIN_TX);
 
    int cycles_per_bit = 6;
    float div = clock_get_hz(clk_sys) / (freq * cycles_per_bit);
    sm_config_set_clkdiv(&c, div);
 
    pio_sm_init(pio, sm, offset, &c);
    pio_sm_set_enabled(pio, sm, true);
}
 
void ws2812_put_pixel(uint32_t pixel_grb) {
    pio_sm_put_blocking(WS2812_PIO, WS2812_SM, pixel_grb << 8u);
}
void ws2812_put_pixel_rgb(uint32_t pixel_rgb) {
    uint32_t grb = ((pixel_rgb & 0xff00) >> 8) << 16 | ((pixel_rgb & 0xff0000) >> 16) << 8 | pixel_rgb &0xff; 
    ws2812_put_pixel(grb);
}
void ws2812_default_pio_init() {
    ws2812_pio_init(WS2812_PIO, WS2812_SM, WS2812_PIN, WS2812_PIO_FREQ);
}

• ws2812.h

 
#ifndef _WS2812_H_
#define _WS2812_H_
 
#include "hardware/pio.h"
 
#define WS2812_PIO pio1
#define WS2812_SM   (1)
#define WS2812_PIN  (19)
#define WS2812_PIO_FREQ (800000)
 
void ws2812_pio_init(PIO pio, uint sm, uint pin, float freq);
void ws2812_default_pio_init();
void ws2812_put_pixel(uint32_t pixel_grb);
void ws2812_put_pixel_rgb(uint32_t pixel_rgb);
#endif

• ws2812.pio

 
.program ws2812
.side_set 1
 
.wrap_target
bitloop:
    out x, 1       side 0 [1]
    jmp !x do_zero side 1 [1]
do_one:
    jmp  bitloop   side 1 [1]
do_zero:
    nop            side 0 [1]
.wrap

• CMakeLists.txt

 
add_library(ws2812 INTERFACE)
pico_generate_pio_header(ws2812 ${CMAKE_CURRENT_LIST_DIR}/ws2812.pio)
target_sources(ws2812 INTERFACE
    ${CMAKE_CURRENT_LIST_DIR}/ws2812.c
)
 
target_include_directories(ws2812 INTERFACE
    ${CMAKE_CURRENT_LIST_DIR}
 
)
 
target_link_libraries(ws2812 INTERFACE
        hardware_pio
)