..
Revision 1:a6995e66c9f7, committed 2019-08-29
- Comitter:
- ImranBilalButt
- Date:
- Thu Aug 29 06:43:11 2019 +0000
- Parent:
- 0:5f745af3ec9b
- Commit message:
- ..;
Changed in this revision
--- a/TLSSocket.cpp Fri Aug 23 13:29:35 2019 +0000 +++ b/TLSSocket.cpp Thu Aug 29 06:43:11 2019 +0000 @@ -26,9 +26,21 @@ }*/ -nsapi_error_t TLSSocket::connect(const char *host, uint16_t port) +nsapi_error_t TLSSocket::connect1(const char *host, uint16_t port) { - printf("[.] Hello from TLSSocket::connect() \n"); + pc.printf("[.] Hello from TLSSocket::connect() \n"); + int ret; + + sock_addr.set_ip_address(host); + sock_addr.set_port(port); + set_hostname(host); + + return TLSSocketWrapper::connect(sock_addr); +} + +nsapi_error_t TLSSocket::connect2(const char *host, uint16_t port) +{ + pc.printf("[.] Hello from TLSSocket::connect() \n"); int ret; sock_addr.set_ip_address(host); @@ -40,18 +52,18 @@ /* Send a 'Client Hello' buffer in order to start a thread on the server */ const char* buffer = "Client Hello"; if ((ret = udp_socket.sendto(host, port, (const char*) buffer, strlen(buffer))) <= 0) - printf("Couldn't send 'Client Hello' \n"); + pc.printf("Couldn't send 'Client Hello' \n"); else - printf("sent 'Client Hello' \n"); + pc.printf("sent 'Client Hello' \n"); wait(1); final = osKernelGetTickCount(); TCPH = final - init; TTPH = TCPH/osKernelGetTickFreq(); - printf("\nTCPH: %d\n", TCPH); - printf("\nTTPH: %d\n", TTPH); - printf("\nTickFreq: %d\n", osKernelGetTickFreq()); + pc.printf("\nTCPH: %d\n", TCPH); + pc.printf("\nTTPH: %d\n", TTPH); + pc.printf("\nTickFreq: %d\n", osKernelGetTickFreq()); return TLSSocketWrapper::connect(sock_addr); -} +} \ No newline at end of file
--- a/TLSSocket.h Fri Aug 23 13:29:35 2019 +0000 +++ b/TLSSocket.h Thu Aug 29 06:43:11 2019 +0000 @@ -90,7 +90,8 @@ * @param port Port of the remote host * @return 0 on success, negative error code on failure */ - nsapi_error_t connect(const char *host, uint16_t port); + nsapi_error_t connect1(const char *host, uint16_t port); + nsapi_error_t connect2(const char *host, uint16_t port); //SocketAddress getsock(); SocketAddress sock_addr; private:
--- a/TLSSocketWrapper.cpp Fri Aug 23 13:29:35 2019 +0000 +++ b/TLSSocketWrapper.cpp Thu Aug 29 06:43:11 2019 +0000 @@ -47,7 +47,7 @@ void TLSSocketWrapper::set_hostname(const char *hostname) { if (is_tls_allocated()) { - printf("ssl hostname is set\n"); + pc.printf("ssl hostname is set\n"); mbedtls_ssl_set_hostname(_ssl, hostname); } } @@ -69,7 +69,7 @@ print_mbedtls_error("mbedtls_x509_crt_parse", ret); return NSAPI_ERROR_PARAMETER; } - printf("Root CA Certificate Setting ... OK\n"); + pc.printf("Root CA Certificate Setting ... OK\n"); return NSAPI_ERROR_OK; } @@ -98,23 +98,19 @@ print_mbedtls_error("mbedtls_x509_crt_parse", ret); return NSAPI_ERROR_PARAMETER; } - printf("Client Certificate Setting ... ok\n"); + pc.printf("Client Certificate Setting ... ok\n"); mbedtls_pk_init(_pkctx); if((ret = mbedtls_pk_parse_key(_pkctx, static_cast<const unsigned char *>(client_private_key_pem), client_private_key_len, NULL, 0)) != 0) { print_mbedtls_error("mbedtls_pk_parse_key", ret); return NSAPI_ERROR_PARAMETER; } - printf("Client pvt. Key Setting ... ok\n"); + pc.printf("Client pvt. Key Setting ... ok\n"); _client_auth = true; } return NSAPI_ERROR_OK; } -int TLSSocketWrapper::set_client_kpsa_kpsaID_cipher(){ - const unsigned char _kpsa[5] = { 0x05, 0x04, 0x03, 0x02, 0x01 }; - // const unsigned char *_kpsa = "1a2b3c4d5e1a2b3c4d5e"; // 4 Bytes PSK - const unsigned char *_kpsaID = "AE456-LOCK@in.provider.com"; // 15 Bytes PSK-ID /* The supported CERT ciphersuites are as follows: CipherSuite TLS_RSA_WITH_AES_128_CCM = {0xC0,0x9C} CipherSuite TLS_RSA_WITH_AES_256_CCM = {0xC0,0x9D) @@ -137,33 +133,41 @@ TLS_PSK_WITH_RC4_128_SHA = { 0x00, 0x8A }; TLS_PSK_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x8B }; TLS_PSK_WITH_AES_128_CBC_SHA = { 0x00, 0x8C }; - TLS_PSK_WITH_AES_256_CBC_SHA = { 0x00, 0x8D }; */ - /*int cipher[10]; - for(int i=0; i<4; i++) { - cipher[i*2]=0; - cipher[i*2+1]=0x8A+i; - } - cipher[8] = 0; - cipher[9] = 0; */ + TLS_PSK_WITH_AES_256_CBC_SHA = { 0x00, 0x8D }; */ + +int TLSSocketWrapper::set_client1_kpsa_kpsaID_cipher(){ + const unsigned char _kpsa[5] = { 0x01, 0x02, 0x03, 0x04, 0x05 }; + const unsigned char *_kpsaID = "AE123-LOCK@in.provider.com"; // 15 Bytes PSK-ID - /*mbedtls_ssl_conf_ciphersuites(_ssl_conf, cipher); - printf("mbedtls_ssl_conf_ciphersuites() .. ok\n"); - - int cipher; - const int *cipherPTR; - cipher = MBEDTLS_SSL_CIPHERSUITES; - cipherPTR = &cipher; */ - int kpsa_len = strlen((const char*) _kpsa); int kpsaID_len = strlen((const char*) _kpsaID); int ret; + mbedtls_ssl_set_hs_psk(_ssl, _kpsa, kpsa_len); if( (ret = mbedtls_ssl_conf_psk(_ssl_conf, _kpsa, kpsa_len , _kpsaID, kpsaID_len)) != 0){ print_mbedtls_error("mbedtls_psk_error", ret); // return NSAPI_ERROR_PARAMETER; return -1; } - printf("Ok.\n"); + pc.printf("Ok.\n"); + return 0; +} + +int TLSSocketWrapper::set_client2_kpsa_kpsaID_cipher(){ + const unsigned char _kpsa[5] = { 0x05, 0x04, 0x03, 0x02, 0x01 }; + const unsigned char *_kpsaID = "AE456-LOCK@in.provider.com"; // 15 Bytes PSK-ID + + int kpsa_len = strlen((const char*) _kpsa); + int kpsaID_len = strlen((const char*) _kpsaID); + int ret; + + mbedtls_ssl_set_hs_psk(_ssl, _kpsa, kpsa_len); + if( (ret = mbedtls_ssl_conf_psk(_ssl_conf, _kpsa, kpsa_len , _kpsaID, kpsaID_len)) != 0){ + print_mbedtls_error("mbedtls_psk_error", ret); + // return NSAPI_ERROR_PARAMETER; + return -1; + } + pc.printf("Ok.\n"); return 0; } @@ -173,19 +177,19 @@ const int *cipherArray; cipherArray = mbedtls_ssl_list_ciphersuites(); - printf("[+] The allowed ciphersuites are: \n"); + pc.printf("[+] The allowed ciphersuites are: \n"); int i = 0; while (cipherArray[i] != 0) { - printf("[.] cipherArray[%d] = %d\n", i, cipherArray[i]); + pc.printf("[.] cipherArray[%d] = %d\n", i, cipherArray[i]); i++; } if (!_transport) { - printf("[-] transport/socket not available\n"); + pc.printf("[-] transport/socket not available\n"); return NSAPI_ERROR_NO_SOCKET; } if (!is_tls_allocated()) { - printf("[-] no tls allocated\n"); + pc.printf("[-] no tls allocated\n"); return NSAPI_ERROR_NO_SOCKET; } @@ -202,7 +206,7 @@ return _error; } - printf("[+] Configuring a dtls-client session initiation ... "); + pc.printf("[+] Configuring a dtls-client session initiation ... "); mbedtls_ssl_conf_endpoint(_ssl_conf, MBEDTLS_SSL_IS_CLIENT); mbedtls_ssl_conf_transport(_ssl_conf, MBEDTLS_SSL_TRANSPORT_DATAGRAM); @@ -219,12 +223,12 @@ mbedtls_ssl_conf_ca_chain(_ssl_conf, _cacert, NULL); tr_info("mbedtls_ssl_conf_rng()"); mbedtls_ssl_conf_rng(_ssl_conf, mbedtls_ctr_drbg_random, _ctr_drbg); - printf("ok\n"); + pc.printf("ok\n"); /* It is possible to disable authentication by passing MBEDTLS_SSL_VERIFY_NONE in the call to mbedtls_ssl_conf_authmode() */ - printf("[+] Configuring the Session Information ... "); + pc.printf("[+] Configuring the Session Information ... "); tr_info("mbedtls_ssl_conf_authmode()"); mbedtls_ssl_conf_authmode(_ssl_conf, MBEDTLS_SSL_VERIFY_NONE); @@ -252,45 +256,45 @@ _error = ret; return _error; } - printf("ok\n"); + pc.printf("ok\n"); - printf("[+] Configuring the Bio ... "); + pc.printf("[+] Configuring the Bio ... "); mbedtls_ssl_set_bio(_ssl, this, ssl_send, ssl_recv, NULL ); - printf("ok\n"); + pc.printf("ok\n"); if(_client_auth) { - printf("[+] Configuring Client's pvtKey & certKey ... "); + pc.printf("[+] Configuring Client's pvtKey & certKey ... "); if((ret = mbedtls_ssl_conf_own_cert(_ssl_conf, _clicert, _pkctx)) != 0) { print_mbedtls_error("mbedtls_ssl_conf_own_cert", ret); _error = ret; return _error; } - printf("ok\n"); + pc.printf("ok\n"); } - printf("[+] Timing Call-Back Setting ... "); + pc.printf("[+] Timing Call-Back Setting ... "); mbedtls_ssl_set_timer_cb(_ssl, _ssl_timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay); - printf("ok\n"); + pc.printf("ok\n"); /* Start the handshake, the rest will be done in onReceive() */ //uint32_t init, final, TCPH, TTPH; - printf("[+] DTLS Handshake Connecting \n"); + pc.printf("[+] DTLS Handshake Connecting \n"); //init = osKernelGetTickCount(); if ((ret = mbedtls_ssl_handshake(_ssl)) != 0) { - printf("[-] mbedtls_ssl_handshake error %d\n", ret); + pc.printf("[-] mbedtls_ssl_handshake error %d\n", ret); return ret; } else { //final = osKernelGetTickCount(); - printf("[+] DTLS Hanshake Connected \n"); + pc.printf("[+] DTLS Hanshake Connected \n"); } //TCPH = final - init; //TTPH = TCPH/osKernelGetTickFreq(); - //printf("\nTCPH: %d\n", TCPH); - //printf("\nTTPH: %d\n", TTPH); - //printf("\nTickFreq: %d\n", osKernelGetTickFreq()); + //pc.printf("\nTCPH: %d\n", TCPH); + //pc.printf("\nTTPH: %d\n", TTPH); + //pc.printf("\nTickFreq: %d\n", osKernelGetTickFreq()); /* It also means the handshake is done, time to print info */ tr_info("[+] TLS connection to %s established\r\n", _ssl->hostname); @@ -332,9 +336,9 @@ /*TCPH = final - init; TTPH = TCPH/osKernelGetTickFreq(); - printf("\nTCPH: %d\n", TCPH); - printf("\nTTPH: %d\n", TTPH); - printf("\nTickFreq: %d\n", osKernelGetTickFreq()); */ + pc.printf("\nTCPH: %d\n", TCPH); + pc.printf("\nTTPH: %d\n", TTPH); + pc.printf("\nTickFreq: %d\n", osKernelGetTickFreq()); */ if (ret == MBEDTLS_ERR_SSL_WANT_WRITE || ret == MBEDTLS_ERR_SSL_WANT_READ) { @@ -555,16 +559,16 @@ nsapi_error_t TLSSocketWrapper::connect(const SocketAddress &address) { - printf("Hello from TLSSocketWrapper::connect().\n"); + pc.printf("Hello from TLSSocketWrapper::connect().\n"); if (!_transport) { - printf("transport not available\n"); + pc.printf("transport not available\n"); return NSAPI_ERROR_NO_SOCKET; } //TODO: We could initiate the hanshake here, if there would be separate function call to set the target hostname nsapi_error_t ret = _transport->connect(address); if (ret) { - printf("transport->connect() failed, %d\n", ret); - printf("error return from TLSSocketWrapper::connect %d\n", ret); + pc.printf("transport->connect() failed, %d\n", ret); + pc.printf("error return from TLSSocketWrapper::connect %d\n", ret); return ret; } return do_handshake();
--- a/TLSSocketWrapper.h Fri Aug 23 13:29:35 2019 +0000 +++ b/TLSSocketWrapper.h Thu Aug 29 06:43:11 2019 +0000 @@ -28,6 +28,8 @@ #include "mbedtls/timing.h" #include <Timer.h> +static RawSerial pc(USBTX, USBRX); // tx, rx + //#include "timing_alt.h" /** * \brief TLSSocket a wrapper around Socket for interacting with TLS servers @@ -85,7 +87,8 @@ */ nsapi_error_t set_client_cert_key(const char *client_cert_pem, const char *client_private_key_pem); - int set_client_kpsa_kpsaID_cipher(); + int set_client1_kpsa_kpsaID_cipher(); + int set_client2_kpsa_kpsaID_cipher(); /** Initiates TLS Handshake * * Initiates a TLS hanshake to a remote speer