PR #492: Fix MQTT TLS certificate paths and add timing resistance

- Move certificate paths to user_settings.h
- Add security hardening options
- Fix circular dependency between mqtt headers

Co-Authored-By: [email protected] <[email protected]>

Author: devin-ai-integration[bot]

fullstack/freertos-wolfip-wolfmqtt/include/user_settings.h

@@ -26,6 +26,16 @@
 #define _GNU_SOURCE
 #endif
 
+/* Security hardening */
+#define WC_RSA_BLINDING
+#define ECC_TIMING_RESISTANT
+#define WC_TIMING_RESISTANT
+
+/* TLS Certificate Paths */
+#define MQTT_TLS_CA_CERT     "../../../wolfssl/certs/ca-cert.pem"
+#define MQTT_TLS_CLIENT_CERT "../../../wolfssl/certs/client-cert.pem"
+#define MQTT_TLS_CLIENT_KEY  "../../../wolfssl/certs/client-key.pem"
+
 /* wolfSSL TLS configuration */
 #define WOLFSSL_TLS13
 #define WOLFSSL_TLS13_NO_OLD_TLS

fullstack/freertos-wolfip-wolfmqtt/src/mqtt_client.h

@@ -38,11 +38,6 @@ word16 mqtt_get_packetid(void);
 #define MQTT_CLIENT_ID "FreeRTOS_Client"
 #define MQTT_TEST_TOPIC "test/topic"
 
-/* TLS Configuration */
-#define MQTT_TLS_CA_CERT     "../../../wolfssl/certs/ca-cert.pem"
-#define MQTT_TLS_CLIENT_CERT "../../../wolfssl/certs/client-cert.pem"
-#define MQTT_TLS_CLIENT_KEY  "../../../wolfssl/certs/client-key.pem"
-
 /* Task Configuration */
 #define MQTT_TASK_STACK_SIZE (16 * 1024)
 #define MQTT_TASK_PRIORITY (tskIDLE_PRIORITY + 2)

fullstack/freertos-wolfip-wolfmqtt/src/mqtt_net.h

@@ -22,6 +22,7 @@
 #ifndef MQTT_NET_H
 #define MQTT_NET_H
 
+#include "../include/user_settings.h"
 #include "wolfip.h"
 #include <wolfssl/ssl.h>
 #include <wolfmqtt/mqtt_client.h>