Using SSL security with ESP32 and ESP8266

bigerror.png

The story so far…..

Robert has been trying to connect an ESP8266 embedded device to an Azure IoT Hub, something he has done many times with no problems. Except it no longer works. Having spent a day failing, perhaps it is time for Robert to have some success. Now read on…..

Yesterday was not a good day. Today was better. To summarise my problem: I want to use my embedded devices with Azure IoT hub so that I can exchange messages with services in the cloud. Azure IoT hub is a “proper service” in that it supports device registration and uses the Secure Sockets Layer (SSL) for connections. I’ve written my code so that it uses the secure WiFi client in the ESP8266 and it has worked before. But yesterday it broke and I couldn’t figure out why. Today I did. Go me.

It turns out that the solution is simple. Add the statement above to set your secure client to insecure mode. But why does this work and what does it do? Does it mean that my connection is no longer secure? Now read on again…..

There are two reasons for using SSL. The first is to make sure that the data that is being transferred securely. I don’t want someone to be able to peek into the packets and pull out passwords and data. The second reason for using SSL is to make sure that the devices is talking to the right host. Without this authentication it would be possible for someone to make a system that pretends to be Microsoft Azure, accept a device connection and then steal all my stuff.

The first part of the problem is solved by encryption. The systems each end of the connection use keys to encrypt and decrypt the data so that anyone watching it go past would just see gibberish.

The second part of the security, making sure my host is really Azure, is solved by certificates which are issued by certification authorities. Microsoft have a certificate for Azure and my my device can verify this. However, to make this work I have to make a copy of the public part of the certificate and store it in my device, which is not something I’ve bothered with in the past. It turns out that I’m not really concerned about someone spoofing Microsoft Azure just to see my data. There is always a balance to be struck between security and convenience, and this is where I draw the line. It may be the wrong place to draw it, but I’m OK with it so far.

This means that my devices don’t have local certificate copies. Up until recently (and with the ESP32 device) the lack of local validation doesn’t cause a problem. But something in the Arduino libraries has apparently changed (or I’m using a different library now). Anyhoo, to make it work now you have to tell the WiFiClientSecure instance created to manage the connection that you are using insecure mode. This doesn’t mean that your data is now being sent insecurely. What it means is that the device is not verifying the server any more. And then it works.

Azure IoT Hub for Free

orchids.png

Everything I achieved today I achieved before 9:30. It was all downhill after that. But I did achieve quite a bit. I’m making a bunch of connected devices and I want to use MQTT to link them together. I could set up my own MQTT broker on a local Raspberry Pi but that would only work around my house and I want these to work around the world. My weapon of choice for these things is Azure IoT hub which lets you connect remote devices to a central server (the clue is in the name).

It turns out that you can set up a Microsoft Azure account for free and then create an IoT hub which is also free and allows for up to 8,000 messages per day. I’m not sure how many messages I’ll need, but I’m hoping that will be enough for now.

Having created my free IoT hub the next thing I wanted to do was connect my devices to this. I’ve done it before and it worked just fine. I did it today and it didn’t. This was the cue to spend most of the day (or at least the portion up to the point where I gave up) trying t figure out why. Unsuccessfully. Wah.

Detecting different ESP devices in Arduino Code

This is one of these “Rob writes a blog post about something so that he can find it later when he forgets how to do it” moments. I’m writing some code using the Arduino platform that I’d like to run on both the ESP32 and the ESP8266. They both run C++ and have a lot in common. But some things are just different. For example they have different commands to ask a device for its unique ID is getFuseMac for the ESP32 and getChipId for the ESP8266.

Fortunately we can use the magic of conditional compilation to make our C++ code always do the right thing. The code below shows how it works.

#if defined(ARDUINO_ARCH_ESP32)
#define PROC_ID (unsigned int)ESP.getEfuseMac()
#endif

#if defined(ARDUINO_ARCH_ESP8266)
#define PROC_ID (unsigned int)ESP.getChipId()
#endif

The symbols ARDUINO_ARCH_ESP32 and ARDUINO_ARCHESP8266 are defined if the program is being built for the respective device. The C++ above defines a PROC_ID symbol that can be used in my code to get the right version.

Use OTADrive to remotely update your ESP devices

I’m making a bunch of devices that I’ve decided to call “clever little boxes”. I’ve taken the important first step and bought the domain name. Now I have to make everything else. I’ve decided that the best place to start is with the deployment. You might think that this is crazy, but actually it is the most important phase of your development. If I’m not able to easily update the devices in the field and manage their deployment I won’t have a product, just a demo. Also, modern product development is a continuous process. You don’t make something and ship it. You make version 1.0 and then create version 2.0 based on the feedback you get.

To help me with this I’ve started using otadrive. Once you have created an account you can store firmware images on the site and then your remote devices can download and install new firmware images from them. You’re given an access key and a web based interface for uploading firmware and managing the devices that need to be kept up to date.

You get a tiny bit of Arduino code you can drop into your device to check for new versions. It works a treat. The only snag in my mind is that the site doesn’t seem to have a business model. At no point in the process of configuring and deploying versions have I been asked for any payment. This worries me for two reasons:

  • I might suddenly be hit with an enormous price list which makes the whole thing unviable.

  • The site might vanish overnight taking with it my entire network of devices.

I’m not that concerned just at the moment though. And if things get tough I can look at this on GitHub which might be where I end up putting everything.

Pin numbers are not port numbers

esp8266 pins.png

In a blog post last month I confidently asserted that the output pins on an ESP8266 didn’t have enough “oomph” to drive the neopixels on an Adafruit 8x8 panel. I’m sure you remember the post.

Anyhoo, it turns out that the post (rather presciently titled “Making Mistakes”) was wrong. What I should have written is that if you use the wrong pin on your device it won’t work. Just because a pin is labelled D1 doesn’t mean that it is connected to GPIO1, as the diagram above makes very clear.

So now I can use an ESP8266 to drive my panel, which is nice.

Using an Edge Triggered Serial Interface with the ESP8266

The Air Quality sensor that I’m working on uses a GPS receiver and particle sensor. Both these devices use a serial connection to deliver their values into the processor. This poses a problem, in that the esp8266 (the chip that I’m using) doesn’t have very many serial connections. The usual solution is to use a software simulation of a serial port instead of a “proper” hardware one. The difficulty with this approach is that software serial ports slow down the processor because the processor has to stop and wait for each incoming character.

To solve this problem I’ve written an interrupt driven serial port that uses the edges of the serial data stream to trigger readings, which means that it doesn’t hold things up as much. You can find out more in the video above. You can download the code and play with it here.

Adventures with the ESP8266

I love the esp8266, as far as I'm concerned it's the embedded processor with the mostest. 

But It does have one or two foibles. I ran into them today as I was trying to improve HullPixelbot reliability. My little robots work fine to start with, but then have an annoying habit of crashing or getting stuck after a while. 

Today I found out why. The HullPixelbot is a two-brained robot. The wheels are controlled by an Arduino Pro-mini device, and the esp8266 does the networking and stuff. The two devices are linked by a serial connection, so that commands received via WiFi can be passed into the motor controller which then makes things happen. 

I'm using the SoftwareSerial library to create a serial port on the esp8266 which then sends commands to the Arduino device. This is a software implementation of a hardware device, fast running code does the same task that is normally performed by a piece of dedicated hardware. 

And therein lies my problem. The SoftwareSerial driver was causing my network code to fail. It works fine sending data, but incoming messages cause interrupts in the esp8266 that seem to upset the  connection. I've changed to using the hardware serial port and everything seems to work a lot better. 

Oh, and one other thing I've discovered about the esp8266. Pin 18 (identified as D3 on the Wemos Pro-Mini board) controls whether or not the device can be flashed with a new program. If this line is held high it can stop your programs from downloading. I've been using D3 as a serial connection and having all kinds of problems. And now I know why. 

mDNS Manager for Windows 10 IoT Universal Apps

You know how it is. You have built a robot army that you're going to use to take over the world, but first you have to get them all under your control. And if you are using tcp/ip (the world domination network of choice) then you have to give them all an ip address and then put those addresses into your world domination program.

mDNS makes this much easier. It's how Apple's Bonjour network discovery works. A device running mDNS is discoverable on a local network. You can find all the hosts and their ip addresses, along with the services they are providing and the ports. Windows 10 provides a Watcher service that you can use to discover all the machines on a local network, but it is a bit of a pain to use.

So I've written a tiny mDNSManager class that you can use to create and manage a watcher object which will start a search for devices, tell you when it finds one and also present a list of all the devices it has found so far. It's very easy to use. 

You can find the source code for both the manager and a simple demonstration application on GitHub here

If you want to just use the manager in your programs you can install it from NuGet:

Install-Package RobMiles.mDNSManager 

It works on any Windows 10 device, including the Raspberry Pi, and it makes it much easier to connect to a large number of devices. There are mDNS samples available in the example applications for the ESP8266 devices in the Arduino IDE.

I'm using this to allow me to create a Universal Application that will control a bunch of HullPixelbot devices without needing to know their ip addresses in advance. 

Visual Micro Still Rocks

I bought Visual Micro a while back. Not that I really needed to. The free version is actually plenty powerful enough for day-to-day use. It was just that I thought the product was so good that I really should support it.

For a registration you get a key that works on three machines. I've been through a few machines over the years (as you do) and last week I found that my key didn't work for my desktop. I emailed them, they cleared the key and I'm back in business again. Thanks folks. 

If you are in any way serious about embedded development you should get this tool. The free Arduino SDK is OK for a while, but you'll fairly quickly hit limitations that will grate, and with Visual Micro you get all the lovely intellisense support and general niceness that comes with developing code in Visual Studio.

Visual Micro now works with all the esp devices and pretty much anything Arduino shaped as well. It's got some very interesting debugging support too, but I tend to rely on code instrumentation (print statements) when I'm writing embedded code, so I don't use it very much. Go get it.