• State Resolved
  • Locked Locked
  • Replies 1 reply
  • Subscribers 39 subscribers
  • Views 802 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

RTOS/CC3220SF-LAUNCHXL: How to implement HTTPS bidirectional authentication?

xinggang zheng
Intellectual 260 points
Part Number: CC3220SF-LAUNCHXL
Other Parts Discussed in Thread: CC3220SF

Tool/software: TI-RTOS

How to implement HTTPS bidirectional authentication with CC3220SF?

  • 0
    TI__Expert 8255 points

    Hi Xinggang,

    To implement https bidirectional authentication I'd recommend checking out the local_ota example project in the CC3220 SDK.  The local_ota_task includes a section on setting the file names used for SSL key exchange.  This requires that you load to the CC3220SF: server certificate file, root CA for client certificate, and the server private key.

    static void SetNetAppHttp(int32_t *retVal, const uint8_t Option, const uint8_t OptionLen, const uint8_t *pOptionValue)
{
    if(*retVal >= 0)
    {
        int32_t i;
        
        *retVal =  sl_NetAppSet(SL_NETAPP_HTTP_SERVER_ID, Option, OptionLen, pOptionValue);
        INFO_PRINT("_SetNetAppHttp:: option=%d len=%d (", Option, OptionLen);

        for (i=0; i<OptionLen; i++)
        {
            INFO_PRINT ("%2d ", pOptionValue[i]);
        }
        
        INFO_PRINT(")\n\r_SetNetAppHttp:: retval=%d\n\r", *retVal);
    }
}



//*****************************************************************************
//
//! \brief This function configures the HTTP server
//!
//! \param[in]  none
//!
//! \return NetApp error codes or 0 upon success.
//!
//*****************************************************************************
static int32_t ConfigureHttpServer()
{
    int32_t retVal = 0;
    uint8_t serverCACertificateFileName[] = "\0";
    uint8_t httpsPort[] = {0xBB, 0x01};  /* 0x1BB = 443 */
    uint8_t secondaryPort[] = {0x50, 0x00}; /* 0x050 = 80 */
    uint8_t secondaryPortEnable[] = {0x1};
    uint8_t securityMode = 1;
    
    UART_PRINT("[Local ota task] ConfigureHttpServer for secured mode...\n\r");

    /* Set the file names used for SSL key exchange */
    SetNetAppHttp(&retVal,
            SL_NETAPP_HTTP_DEVICE_CERTIFICATE_FILENAME,
            strlen((char *)SSL_SERVER_CERT),
            (const uint8_t *)SSL_SERVER_CERT);

    SetNetAppHttp(&retVal,
            SL_NETAPP_HTTP_PRIVATE_KEY_FILENAME,
            strlen((char *)SSL_SERVER_KEY),
            (const uint8_t *)SSL_SERVER_KEY);

    SetNetAppHttp(&retVal,
            SL_NETAPP_HTTP_CA_CERTIFICATE_FILE_NAME,
            sizeof(serverCACertificateFileName),
            serverCACertificateFileName);


    /* Activate SSL security on primary HTTP port and change it to
     443 (standard HTTPS port) */
    SetNetAppHttp(&retVal,
            SL_NETAPP_HTTP_PRIMARY_PORT_SECURITY_MODE,
            sizeof(securityMode),
            &securityMode);

    SetNetAppHttp(&retVal,
            SL_NETAPP_HTTP_PRIMARY_PORT_NUMBER,
            sizeof(httpsPort),
            httpsPort);

    /* Enable secondary HTTP port (can only be used for redirecting
     connections to the secure primary port) */
    SetNetAppHttp(&retVal,
            SL_NETAPP_HTTP_SECONDARY_PORT_NUMBER,
            sizeof(secondaryPort),
            secondaryPort);

    SetNetAppHttp(&retVal,
            SL_NETAPP_HTTP_SECONDARY_PORT_ENABLE,
            sizeof(secondaryPortEnable),
            secondaryPortEnable);


    if(retVal >= 0)
    {
        retVal = sl_NetAppStop(SL_NETAPP_HTTP_SERVER_ID);
        UART_PRINT("[Local ota task] HTTP Server Stopped\n\r");
        if(retVal >= 0)
        {
            retVal = sl_NetAppStart(SL_NETAPP_HTTP_SERVER_ID);
            UART_PRINT("[Local ota task] HTTP Server Re-started\n\r");
        }
    }
    return retVal;
}