Group Actions
Engagement
  • Author Author: Jan Cumps
  • Date Created: Date Created
  • Views 1107 views
  • Likes 3 likes
  • Comments 5 comments
Related
Recommended

MSP432 and CC3100: Can We Make the MQTT Example Safe?

Jan Cumps

MSP432Ware comes with an MQTT Demo. And with loads of room for safety improvement.

image

image

My dream is that one day all example code will be safe from the start on.

This one isn't, but let's make it so.

We'll view the code and see where we can improve.

Leave your solutions in the comments

 

MQTT Example Project

The example is called CC3100BOOST MQTT Twitter LED Example. You can load the source code in Code Composer Studio from the Resource Explorer.

For this project, you need an MSP432 LaunchPad with a CC3100 BoosterPack mounted.

Both have to be connected via USB (The MSP432 to program and debug it, the BoosterPack for power via USB only).

Warning: if you have created WiFi connection profiles on your CC3100 in the past, this example wipes them. You can recreate them later.

 

Open the README.txt file and follow the instructions to set up connection parameters.

Compile and start the Debugger.

Open a terminal program and connect to the LaunchPad. 9600, 8, 1, N

Execute in the debugger.

 

You'll see the following in the terminal:

image

 

You can test the program in two ways:

 

  • by annoying all your twitter friends and publicly tweeting:
    RGB(red_value, green_value, blue_value) #MSP432LaunchPad
    (replace each value by a number between 0 and 255)
  • or (less annoying to your tweetiverse) by using an MQTT GUI and submitting a MQTT topic:
    Get hold of a MQTT client program (I used MQTT Lens today)
    Connect to this host (leave *all* other values as is):
    iot.eclipse.org
    Then publish the following topic:
    topic: /msp/cc3100/demo
    message: red_value green_value blue_value
    (replace each value by a number between 0 and 255)

 

image

The result, whatever the method you have chosen, is that you can control the brightness of the three LEDs on the LaunchPad.

 

Room for Improvement

This example has a number of possible improvements:

 

1: SSID and Password in Source Code

 

#define SSID_NAME       "<Your_AP's_SSID>"       /* Access point name to connect to. */
#define SEC_TYPE        SL_SEC_TYPE_WPA_WPA2     /* Security type of the Access piont */
#define PASSKEY         "<Your_AP's_Password>"   /* Password in case of secure AP */ 
#define PASSKEY_LEN     pal_Strlen(PASSKEY)      /* Password length in case of secure AP */

 

The instructions of the example ask you to put the WiFi password in the example.

The CC3100 can save the logon profile in persistent storage.

What would need to change in the example to use that?

 

2: WiFi Profiles of the CC3100 are Deleted

 

    /*
     * Following function configures the device to default state by cleaning
     * the persistent settings stored in NVMEM (viz. connection profiles &
     * policies, power policy etc)
     *
     * Applications may choose to skip this step if the developer is sure
     * that the device is in its default state at start of application
     *
     * Note that all profiles and persistent settings that were done on the
     * device will be lost
     */
    retVal = configureSimpleLinkToDefaultState(); 
    if(retVal < 0)
    {
        if (DEVICE_NOT_IN_STATION_MODE == retVal)
            CLI_Write(" Failed to configure the device in its default state \n\r");

        LOOP_FOREVER();
    }

    CLI_Write(" Device is configured in default state \n\r");

 

What can we do to keep the profiles intact. It's a good mechanism to connect to your home access point without putting credentials in source code.

 

3: Connect with Hardcoded SSID and Password

 

static _i32 establishConnectionWithAP()
{
    SlSecParams_t secParams = {0};
    _i32 retVal = 0;

    secParams.Key = PASSKEY;
    secParams.KeyLen = PASSKEY_LEN;
    secParams.Type = SEC_TYPE;

    retVal = sl_WlanConnect(SSID_NAME, pal_Strlen(SSID_NAME), 0, &secParams, 0);
    ASSERT_ON_ERROR(retVal);

    /* Wait */
    while((!IS_CONNECTED(g_Status)) || (!IS_IP_ACQUIRED(g_Status))) { _SlNonOsMainLoopTask(); }

    return SUCCESS;
}

 

How would you change this code to use another mechanism?

 

4: Plain Text Connection and Communication to MQTT Server, no Credentials

 

   rc = ConnectNetwork(&n, MQTT_BROKER_SERVER, 1883);

 

We're not passing any credentials to connect to the MQTT server.

The MQTT library has other connection methods. Any one knows how to change the code to step away from TCP?

And what additional infrastructure would be needed (certificates, a MQTT server that supports a protocol better than TCP, ...)?

 

image

 

Home Sending Message

The nature of this example isn't different from what's available for other development boards.

It's focused on explaning MQTT functionality. And like the other examples around, it bypasses security.

Excellent for demo purposes. But for Computer Security Day, Let's Do Better!

 

Please help to turn this into a safe baseline for others. I hope to see a solution provided for the 4 points above.

Thanks in advance!