Add MQTT client support for STM32H563 bare-metal operation

  - Add mqtt_client.c/h: Non-blocking MQTT client with state machine
    (IDLE -> CONNECTING -> TLS -> MQTT_CONNECT -> CONNECTED)
  - Add wolfmqtt_io.c: I/O glue layer for wolfIP sockets
  - Update Makefile: Add ENABLE_MQTT build option and wolfMQTT sources
  - Update user_settings.h: Add wolfMQTT configuration (WOLFMQTT_NONBLOCK,
    WOLFMQTT_USER_IO, WOLFMQTT_NO_STDIO, EWOULDBLOCK/EAGAIN defines)
  - Update main.c: Integrate MQTT client into main loop with periodic
    status publishing
  - Update README.md: Add MQTT documentation section

  Features:
  - TLS 1.3 encrypted connection to MQTT broker (port 8883)
  - Connects to test.mosquitto.org by default
  - Publishes status messages to wolfip/status topic
  - QoS 0 (fire and forget) for minimal overhead
  - 60 second keep-alive

  Build: make ENABLE_TLS=1 ENABLE_MQTT=1

Author: aidangarske

src/port/stm32h563/Makefile

@@ -17,9 +17,13 @@ ENABLE_HTTPS ?= 0
 # SSH support: set ENABLE_SSH=1 to include wolfSSH server (requires TLS)
 ENABLE_SSH ?= 0
 
+# MQTT support: set ENABLE_MQTT=1 to include wolfMQTT client (requires TLS)
+ENABLE_MQTT ?= 0
+
 # Library paths - default to sibling directories (clone alongside pattern)
 WOLFSSL_ROOT ?= $(ROOT)/../wolfssl
 WOLFSSH_ROOT ?= $(ROOT)/../wolfssh
+WOLFMQTT_ROOT ?= $(ROOT)/../wolfmqtt
 
 # Base compiler flags
 CFLAGS := -mcpu=cortex-m33 -mthumb -mcmse -Os -ffreestanding -fdata-sections -ffunction-sections
@@ -155,19 +159,59 @@ $(WOLFSSH_ROOT)/%.o: $(WOLFSSH_ROOT)/%.c
 
 endif # ENABLE_SSH
 
+# -----------------------------------------------------------------------------
+# MQTT Support (wolfMQTT) - requires TLS
+# -----------------------------------------------------------------------------
+ifeq ($(ENABLE_MQTT),1)
+
+# MQTT requires TLS
+ifeq ($(ENABLE_TLS),0)
+  $(error ENABLE_MQTT=1 requires ENABLE_TLS=1)
+endif
+
+# Validate wolfMQTT exists
+ifeq ($(wildcard $(WOLFMQTT_ROOT)/wolfmqtt/mqtt_client.h),)
+  $(error wolfMQTT not found at $(WOLFMQTT_ROOT). Clone it: git clone https://github.com/wolfSSL/wolfMQTT.git)
+endif
+
+CFLAGS += -DENABLE_MQTT
+CFLAGS += -DWOLFMQTT_USER_SETTINGS
+CFLAGS += -I$(WOLFMQTT_ROOT)
+
+# MQTT client and wolfMQTT-wolfIP glue
+SRCS += mqtt_client.c
+SRCS += $(ROOT)/src/port/wolfmqtt_io.c
+
+# wolfMQTT source files (minimal set for MQTT client)
+WOLFMQTT_SRCS := \
+    $(WOLFMQTT_ROOT)/src/mqtt_client.c \
+    $(WOLFMQTT_ROOT)/src/mqtt_packet.c \
+    $(WOLFMQTT_ROOT)/src/mqtt_socket.c
+
+SRCS += $(WOLFMQTT_SRCS)
+
+# wolfMQTT objects use relaxed warnings + MQTT/SSL include paths + user_settings.h
+$(WOLFMQTT_ROOT)/%.o: $(WOLFMQTT_ROOT)/%.c
+	$(CC) $(CFLAGS_WOLFSSL) -DENABLE_MQTT -DWOLFSSL_USER_SETTINGS -DWOLFMQTT_USER_SETTINGS -I$(WOLFMQTT_ROOT) -I$(WOLFSSL_ROOT) -c $< -o $@
+
+endif # ENABLE_MQTT
+
 # -----------------------------------------------------------------------------
 # Build rules
 # -----------------------------------------------------------------------------
 OBJS := $(patsubst %.c,%.o,$(SRCS))
 
 all: app.bin
-	@echo "Built with TZEN=$(TZEN) ENABLE_TLS=$(ENABLE_TLS) ENABLE_HTTPS=$(ENABLE_HTTPS) ENABLE_SSH=$(ENABLE_SSH)"
+	@echo "Built with TZEN=$(TZEN) ENABLE_TLS=$(ENABLE_TLS) ENABLE_HTTPS=$(ENABLE_HTTPS) ENABLE_SSH=$(ENABLE_SSH) ENABLE_MQTT=$(ENABLE_MQTT)"
 ifeq ($(ENABLE_TLS),1)
 	@echo "  wolfSSL: $(WOLFSSL_ROOT)"
 endif
 ifeq ($(ENABLE_SSH),1)
 	@echo "  wolfSSH: $(WOLFSSH_ROOT)"
 endif
+ifeq ($(ENABLE_MQTT),1)
+	@echo "  wolfMQTT: $(WOLFMQTT_ROOT)"
+endif
 
 app.elf: $(OBJS) $(LDSCRIPT)
 	$(CC) $(CFLAGS) $(OBJS) $(LDFLAGS) -Wl,--start-group -lc -lm -lgcc -lnosys -Wl,--end-group -o $@
@@ -193,6 +237,9 @@ endif
 ifeq ($(ENABLE_SSH),1)
 	rm -f $(WOLFSSH_ROOT)/src/*.o
 endif
+ifeq ($(ENABLE_MQTT),1)
+	rm -f $(WOLFMQTT_ROOT)/src/*.o
+endif
 
 .PHONY: all clean
 
@@ -214,20 +261,24 @@ help:
 	@echo "  ENABLE_TLS=1    Enable TLS server (requires wolfSSL)"
 	@echo "  ENABLE_HTTPS=1  Enable HTTPS web server (requires TLS)"
 	@echo "  ENABLE_SSH=1    Enable SSH server (requires TLS + wolfSSH)"
+	@echo "  ENABLE_MQTT=1   Enable MQTT client (requires TLS + wolfMQTT)"
 	@echo "  WOLFSSL_ROOT=   Path to wolfSSL (default: ../wolfssl)"
 	@echo "  WOLFSSH_ROOT=   Path to wolfSSH (default: ../wolfssh)"
+	@echo "  WOLFMQTT_ROOT=  Path to wolfMQTT (default: ../wolfmqtt)"
 	@echo ""
 	@echo "Examples:"
-	@echo "  make                                           # Basic TCP echo (port 7)"
-	@echo "  make ENABLE_TLS=1                              # TLS echo server (port 8443)"
-	@echo "  make ENABLE_TLS=1 ENABLE_HTTPS=1               # TLS + HTTPS web (port 443)"
-	@echo "  make ENABLE_TLS=1 ENABLE_SSH=1                 # TLS + SSH shell (port 22)"
-	@echo "  make ENABLE_TLS=1 ENABLE_HTTPS=1 ENABLE_SSH=1  # Full featured"
+	@echo "  make                                                        # Basic TCP echo (port 7)"
+	@echo "  make ENABLE_TLS=1                                           # TLS echo server (port 8443)"
+	@echo "  make ENABLE_TLS=1 ENABLE_HTTPS=1                            # TLS + HTTPS web (port 443)"
+	@echo "  make ENABLE_TLS=1 ENABLE_SSH=1                              # TLS + SSH shell (port 22)"
+	@echo "  make ENABLE_TLS=1 ENABLE_MQTT=1                             # TLS + MQTT client"
+	@echo "  make ENABLE_TLS=1 ENABLE_HTTPS=1 ENABLE_SSH=1 ENABLE_MQTT=1 # Full featured"
 	@echo ""
 	@echo "Testing:"
 	@echo "  nc <ip> 7                                      # TCP echo"
 	@echo "  echo 'Hello' | openssl s_client -connect <ip>:8443 -quiet  # TLS echo"
 	@echo "  curl -k https://<ip>/                          # HTTPS web server"
 	@echo "  ssh admin@<ip>                                 # SSH (password: wolfip)"
+	@echo "  mosquitto_sub -h test.mosquitto.org -t 'wolfip/status' -v  # MQTT subscribe"
 
 .PHONY: help

src/port/stm32h563/README.md

@@ -587,6 +587,100 @@ xxd -i ssh_host_key.der > ssh_keys.h
 # Update the array name in ssh_keys.h to ssh_host_key_der
 ```
 
+## MQTT Client
+
+When built with `ENABLE_MQTT=1`, the device includes an MQTT client that publishes status messages to a broker.
+
+### Prerequisites
+
+Clone wolfMQTT alongside wolfip:
+
+```bash
+cd /path/to/parent
+git clone https://github.com/wolfSSL/wolfMQTT.git
+# wolfip should be at /path/to/parent/wolfip
+```
+
+### Building MQTT Mode
+
+```bash
+# MQTT requires TLS
+make ENABLE_TLS=1 ENABLE_MQTT=1
+```
+
+Or specify a custom wolfMQTT path:
+
+```bash
+make ENABLE_TLS=1 ENABLE_MQTT=1 WOLFMQTT_ROOT=/path/to/wolfmqtt
+```
+
+### Expected Serial Output (MQTT Mode)
+
+```
+=== wolfIP STM32H563 Echo Server ===
+...
+Initializing TLS server on port 8443...
+TLS: Server ready on port 8443
+Initializing MQTT client...
+MQTT: Initializing client
+MQTT: Initialized, connecting to 54.36.178.49:8883
+Entering main loop. Ready for connections!
+Loop starting...
+MQTT: Connecting...
+MQTT: TCP connected
+MQTT: TLS handshake...
+MQTT: TLS connected
+MQTT: Sending CONNECT...
+MQTT: Connected to broker
+```
+
+### MQTT Configuration
+
+| Setting | Default Value |
+|---------|--------------|
+| Broker IP | 54.36.178.49 (test.mosquitto.org) |
+| Broker Port | 8883 (TLS) |
+| Client ID | wolfip-stm32h563 |
+| Publish Topic | wolfip/status |
+| Keep-alive | 60 seconds |
+| QoS | 0 (fire and forget) |
+
+### Subscribing to Device Messages
+
+To see messages published by the device:
+
+```bash
+# Subscribe to the status topic
+mosquitto_sub -h test.mosquitto.org -t "wolfip/status" -v
+
+# Expected output (every 60 seconds):
+# wolfip/status STM32H563 online, uptime: 60s
+# wolfip/status STM32H563 online, uptime: 120s
+```
+
+### Full Featured Build
+
+Build with all features (TLS, HTTPS, SSH, and MQTT):
+
+```bash
+make ENABLE_TLS=1 ENABLE_HTTPS=1 ENABLE_SSH=1 ENABLE_MQTT=1
+```
+
+This provides:
+- TCP echo server on port 7
+- TLS echo server on port 8443
+- HTTPS web server on port 443
+- SSH shell on port 22
+- MQTT client publishing to test.mosquitto.org
+
+### MQTT Files
+
+| File | Description |
+|------|-------------|
+| `mqtt_client.c/h` | MQTT client state machine and API |
+| `../wolfmqtt_io.c` | wolfMQTT I/O glue layer for wolfIP sockets |
+| `user_settings.h` | wolfMQTT compile-time configuration |
+
 ## Files
 
 | File | Description |
@@ -608,6 +702,8 @@ xxd -i ssh_host_key.der > ssh_keys.h
 | `https_server.c/h` | HTTPS web server (HTTPS builds only) |
 | `ssh_server.c/h` | SSH shell server (SSH builds only) |
 | `ssh_keys.h` | Embedded SSH host key (SSH builds only) |
+| `mqtt_client.c/h` | MQTT client state machine (MQTT builds only) |
+| `../wolfmqtt_io.c` | wolfMQTT I/O callbacks for wolfIP (MQTT builds only) |
 
 ## Troubleshooting
 

src/port/stm32h563/main.c

@@ -40,6 +40,10 @@
 #define SSH_PORT 22
 #endif
 
+#ifdef ENABLE_MQTT
+#include "mqtt_client.h"
+#endif
+
 #ifdef ENABLE_TLS
 
 /* Google IP for TLS client test (run: dig +short google.com) */
@@ -584,6 +588,22 @@ int main(void)
     }
 #endif
 
+#ifdef ENABLE_MQTT
+    uart_puts("Initializing MQTT client...\n");
+    {
+        mqtt_client_config_t mqtt_config = {
+            .broker_ip = "54.36.178.49",  /* test.mosquitto.org IP (updated) */
+            .broker_port = 8883,           /* TLS port */
+            .client_id = "wolfip-stm32h563",
+            .publish_topic = "wolfip/status",
+            .keep_alive_sec = 60
+        };
+        if (mqtt_client_init(IPStack, &mqtt_config, uart_puts) < 0) {
+            uart_puts("ERROR: MQTT client init failed\n");
+        }
+    }
+#endif
+
     uart_puts("Entering main loop. Ready for connections!\n");
     uart_puts("Loop starting...\n");
 
@@ -607,6 +627,51 @@ int main(void)
         ssh_server_poll();
 #endif
 
+#ifdef ENABLE_MQTT
+        /* Poll MQTT client */
+        mqtt_client_poll();
+
+        /* Publish status periodically (every ~60 seconds) */
+        {
+            static uint64_t last_publish_tick = 0;
+            if (mqtt_client_is_connected() &&
+                (tick - last_publish_tick) > 60000) {
+                char status_msg[64];
+                ip4 ip = 0;
+                wolfIP_ipconfig_get(IPStack, &ip, NULL, NULL);
+
+                /* Format: "STM32H563 online, IP: x.x.x.x, uptime: XXXXX" */
+                strcpy(status_msg, "STM32H563 online, uptime: ");
+                {
+                    char num_buf[12];
+                    uint32_t uptime = (uint32_t)(tick / 1000);
+                    int i = 0, j;
+                    char tmp[12];
+
+                    if (uptime == 0) {
+                        num_buf[0] = '0';
+                        num_buf[1] = '\0';
+                    } else {
+                        while (uptime > 0 && i < 11) {
+                            tmp[i++] = '0' + (uptime % 10);
+                            uptime /= 10;
+                        }
+                        j = 0;
+                        while (i > 0) {
+                            num_buf[j++] = tmp[--i];
+                        }
+                        num_buf[j] = '\0';
+                    }
+                    strcat(status_msg, num_buf);
+                }
+                strcat(status_msg, "s");
+
+                mqtt_client_publish(status_msg);
+                last_publish_tick = tick;
+            }
+        }
+#endif
+
 #ifdef ENABLE_TLS
         /* TLS client test: connect to Google after network settles */
         if (!tls_client_test_started && tick > 5000) {