OneM2M
/
DTLSSocketV01
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Revision 1:a6995e66c9f7, committed 2019-08-29
- Comitter:
- ImranBilalButt
- Date:
- Thu Aug 29 06:43:11 2019 +0000
- Parent:
- 0:5f745af3ec9b
- Commit message:
- ..;
Changed in this revision
--- a/TLSSocket.cpp Fri Aug 23 13:29:35 2019 +0000
+++ b/TLSSocket.cpp Thu Aug 29 06:43:11 2019 +0000
@@ -26,9 +26,21 @@
}*/
-nsapi_error_t TLSSocket::connect(const char *host, uint16_t port)
+nsapi_error_t TLSSocket::connect1(const char *host, uint16_t port)
{
- printf("[.] Hello from TLSSocket::connect() \n");
+ pc.printf("[.] Hello from TLSSocket::connect() \n");
+ int ret;
+
+ sock_addr.set_ip_address(host);
+ sock_addr.set_port(port);
+ set_hostname(host);
+
+ return TLSSocketWrapper::connect(sock_addr);
+}
+
+nsapi_error_t TLSSocket::connect2(const char *host, uint16_t port)
+{
+ pc.printf("[.] Hello from TLSSocket::connect() \n");
int ret;
sock_addr.set_ip_address(host);
@@ -40,18 +52,18 @@
/* Send a 'Client Hello' buffer in order to start a thread on the server */
const char* buffer = "Client Hello";
if ((ret = udp_socket.sendto(host, port, (const char*) buffer, strlen(buffer))) <= 0)
- printf("Couldn't send 'Client Hello' \n");
+ pc.printf("Couldn't send 'Client Hello' \n");
else
- printf("sent 'Client Hello' \n");
+ pc.printf("sent 'Client Hello' \n");
wait(1);
final = osKernelGetTickCount();
TCPH = final - init;
TTPH = TCPH/osKernelGetTickFreq();
- printf("\nTCPH: %d\n", TCPH);
- printf("\nTTPH: %d\n", TTPH);
- printf("\nTickFreq: %d\n", osKernelGetTickFreq());
+ pc.printf("\nTCPH: %d\n", TCPH);
+ pc.printf("\nTTPH: %d\n", TTPH);
+ pc.printf("\nTickFreq: %d\n", osKernelGetTickFreq());
return TLSSocketWrapper::connect(sock_addr);
-}
+}
\ No newline at end of file
--- a/TLSSocket.h Fri Aug 23 13:29:35 2019 +0000
+++ b/TLSSocket.h Thu Aug 29 06:43:11 2019 +0000
@@ -90,7 +90,8 @@
* @param port Port of the remote host
* @return 0 on success, negative error code on failure
*/
- nsapi_error_t connect(const char *host, uint16_t port);
+ nsapi_error_t connect1(const char *host, uint16_t port);
+ nsapi_error_t connect2(const char *host, uint16_t port);
//SocketAddress getsock();
SocketAddress sock_addr;
private:
--- a/TLSSocketWrapper.cpp Fri Aug 23 13:29:35 2019 +0000
+++ b/TLSSocketWrapper.cpp Thu Aug 29 06:43:11 2019 +0000
@@ -47,7 +47,7 @@
void TLSSocketWrapper::set_hostname(const char *hostname)
{
if (is_tls_allocated()) {
- printf("ssl hostname is set\n");
+ pc.printf("ssl hostname is set\n");
mbedtls_ssl_set_hostname(_ssl, hostname);
}
}
@@ -69,7 +69,7 @@
print_mbedtls_error("mbedtls_x509_crt_parse", ret);
return NSAPI_ERROR_PARAMETER;
}
- printf("Root CA Certificate Setting ... OK\n");
+ pc.printf("Root CA Certificate Setting ... OK\n");
return NSAPI_ERROR_OK;
}
@@ -98,23 +98,19 @@
print_mbedtls_error("mbedtls_x509_crt_parse", ret);
return NSAPI_ERROR_PARAMETER;
}
- printf("Client Certificate Setting ... ok\n");
+ pc.printf("Client Certificate Setting ... ok\n");
mbedtls_pk_init(_pkctx);
if((ret = mbedtls_pk_parse_key(_pkctx, static_cast<const unsigned char *>(client_private_key_pem),
client_private_key_len, NULL, 0)) != 0) {
print_mbedtls_error("mbedtls_pk_parse_key", ret);
return NSAPI_ERROR_PARAMETER;
}
- printf("Client pvt. Key Setting ... ok\n");
+ pc.printf("Client pvt. Key Setting ... ok\n");
_client_auth = true;
}
return NSAPI_ERROR_OK;
}
-int TLSSocketWrapper::set_client_kpsa_kpsaID_cipher(){
- const unsigned char _kpsa[5] = { 0x05, 0x04, 0x03, 0x02, 0x01 };
- // const unsigned char *_kpsa = "1a2b3c4d5e1a2b3c4d5e"; // 4 Bytes PSK
- const unsigned char *_kpsaID = "AE456-LOCK@in.provider.com"; // 15 Bytes PSK-ID
/* The supported CERT ciphersuites are as follows:
CipherSuite TLS_RSA_WITH_AES_128_CCM = {0xC0,0x9C}
CipherSuite TLS_RSA_WITH_AES_256_CCM = {0xC0,0x9D)
@@ -137,33 +133,41 @@
TLS_PSK_WITH_RC4_128_SHA = { 0x00, 0x8A };
TLS_PSK_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x8B };
TLS_PSK_WITH_AES_128_CBC_SHA = { 0x00, 0x8C };
- TLS_PSK_WITH_AES_256_CBC_SHA = { 0x00, 0x8D }; */
- /*int cipher[10];
- for(int i=0; i<4; i++) {
- cipher[i*2]=0;
- cipher[i*2+1]=0x8A+i;
- }
- cipher[8] = 0;
- cipher[9] = 0; */
+ TLS_PSK_WITH_AES_256_CBC_SHA = { 0x00, 0x8D }; */
+
+int TLSSocketWrapper::set_client1_kpsa_kpsaID_cipher(){
+ const unsigned char _kpsa[5] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
+ const unsigned char *_kpsaID = "AE123-LOCK@in.provider.com"; // 15 Bytes PSK-ID
- /*mbedtls_ssl_conf_ciphersuites(_ssl_conf, cipher);
- printf("mbedtls_ssl_conf_ciphersuites() .. ok\n");
-
- int cipher;
- const int *cipherPTR;
- cipher = MBEDTLS_SSL_CIPHERSUITES;
- cipherPTR = &cipher; */
-
int kpsa_len = strlen((const char*) _kpsa);
int kpsaID_len = strlen((const char*) _kpsaID);
int ret;
+
mbedtls_ssl_set_hs_psk(_ssl, _kpsa, kpsa_len);
if( (ret = mbedtls_ssl_conf_psk(_ssl_conf, _kpsa, kpsa_len , _kpsaID, kpsaID_len)) != 0){
print_mbedtls_error("mbedtls_psk_error", ret);
// return NSAPI_ERROR_PARAMETER;
return -1;
}
- printf("Ok.\n");
+ pc.printf("Ok.\n");
+ return 0;
+}
+
+int TLSSocketWrapper::set_client2_kpsa_kpsaID_cipher(){
+ const unsigned char _kpsa[5] = { 0x05, 0x04, 0x03, 0x02, 0x01 };
+ const unsigned char *_kpsaID = "AE456-LOCK@in.provider.com"; // 15 Bytes PSK-ID
+
+ int kpsa_len = strlen((const char*) _kpsa);
+ int kpsaID_len = strlen((const char*) _kpsaID);
+ int ret;
+
+ mbedtls_ssl_set_hs_psk(_ssl, _kpsa, kpsa_len);
+ if( (ret = mbedtls_ssl_conf_psk(_ssl_conf, _kpsa, kpsa_len , _kpsaID, kpsaID_len)) != 0){
+ print_mbedtls_error("mbedtls_psk_error", ret);
+ // return NSAPI_ERROR_PARAMETER;
+ return -1;
+ }
+ pc.printf("Ok.\n");
return 0;
}
@@ -173,19 +177,19 @@
const int *cipherArray;
cipherArray = mbedtls_ssl_list_ciphersuites();
- printf("[+] The allowed ciphersuites are: \n");
+ pc.printf("[+] The allowed ciphersuites are: \n");
int i = 0;
while (cipherArray[i] != 0) {
- printf("[.] cipherArray[%d] = %d\n", i, cipherArray[i]);
+ pc.printf("[.] cipherArray[%d] = %d\n", i, cipherArray[i]);
i++;
}
if (!_transport) {
- printf("[-] transport/socket not available\n");
+ pc.printf("[-] transport/socket not available\n");
return NSAPI_ERROR_NO_SOCKET;
}
if (!is_tls_allocated()) {
- printf("[-] no tls allocated\n");
+ pc.printf("[-] no tls allocated\n");
return NSAPI_ERROR_NO_SOCKET;
}
@@ -202,7 +206,7 @@
return _error;
}
- printf("[+] Configuring a dtls-client session initiation ... ");
+ pc.printf("[+] Configuring a dtls-client session initiation ... ");
mbedtls_ssl_conf_endpoint(_ssl_conf, MBEDTLS_SSL_IS_CLIENT);
mbedtls_ssl_conf_transport(_ssl_conf, MBEDTLS_SSL_TRANSPORT_DATAGRAM);
@@ -219,12 +223,12 @@
mbedtls_ssl_conf_ca_chain(_ssl_conf, _cacert, NULL);
tr_info("mbedtls_ssl_conf_rng()");
mbedtls_ssl_conf_rng(_ssl_conf, mbedtls_ctr_drbg_random, _ctr_drbg);
- printf("ok\n");
+ pc.printf("ok\n");
/* It is possible to disable authentication by passing
MBEDTLS_SSL_VERIFY_NONE in the call to mbedtls_ssl_conf_authmode()
*/
- printf("[+] Configuring the Session Information ... ");
+ pc.printf("[+] Configuring the Session Information ... ");
tr_info("mbedtls_ssl_conf_authmode()");
mbedtls_ssl_conf_authmode(_ssl_conf, MBEDTLS_SSL_VERIFY_NONE);
@@ -252,45 +256,45 @@
_error = ret;
return _error;
}
- printf("ok\n");
+ pc.printf("ok\n");
- printf("[+] Configuring the Bio ... ");
+ pc.printf("[+] Configuring the Bio ... ");
mbedtls_ssl_set_bio(_ssl, this, ssl_send, ssl_recv, NULL );
- printf("ok\n");
+ pc.printf("ok\n");
if(_client_auth) {
- printf("[+] Configuring Client's pvtKey & certKey ... ");
+ pc.printf("[+] Configuring Client's pvtKey & certKey ... ");
if((ret = mbedtls_ssl_conf_own_cert(_ssl_conf, _clicert, _pkctx)) != 0) {
print_mbedtls_error("mbedtls_ssl_conf_own_cert", ret);
_error = ret;
return _error;
}
- printf("ok\n");
+ pc.printf("ok\n");
}
- printf("[+] Timing Call-Back Setting ... ");
+ pc.printf("[+] Timing Call-Back Setting ... ");
mbedtls_ssl_set_timer_cb(_ssl, _ssl_timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay);
- printf("ok\n");
+ pc.printf("ok\n");
/* Start the handshake, the rest will be done in onReceive() */
//uint32_t init, final, TCPH, TTPH;
- printf("[+] DTLS Handshake Connecting \n");
+ pc.printf("[+] DTLS Handshake Connecting \n");
//init = osKernelGetTickCount();
if ((ret = mbedtls_ssl_handshake(_ssl)) != 0) {
- printf("[-] mbedtls_ssl_handshake error %d\n", ret);
+ pc.printf("[-] mbedtls_ssl_handshake error %d\n", ret);
return ret;
}
else {
//final = osKernelGetTickCount();
- printf("[+] DTLS Hanshake Connected \n");
+ pc.printf("[+] DTLS Hanshake Connected \n");
}
//TCPH = final - init;
//TTPH = TCPH/osKernelGetTickFreq();
- //printf("\nTCPH: %d\n", TCPH);
- //printf("\nTTPH: %d\n", TTPH);
- //printf("\nTickFreq: %d\n", osKernelGetTickFreq());
+ //pc.printf("\nTCPH: %d\n", TCPH);
+ //pc.printf("\nTTPH: %d\n", TTPH);
+ //pc.printf("\nTickFreq: %d\n", osKernelGetTickFreq());
/* It also means the handshake is done, time to print info */
tr_info("[+] TLS connection to %s established\r\n", _ssl->hostname);
@@ -332,9 +336,9 @@
/*TCPH = final - init;
TTPH = TCPH/osKernelGetTickFreq();
- printf("\nTCPH: %d\n", TCPH);
- printf("\nTTPH: %d\n", TTPH);
- printf("\nTickFreq: %d\n", osKernelGetTickFreq()); */
+ pc.printf("\nTCPH: %d\n", TCPH);
+ pc.printf("\nTTPH: %d\n", TTPH);
+ pc.printf("\nTickFreq: %d\n", osKernelGetTickFreq()); */
if (ret == MBEDTLS_ERR_SSL_WANT_WRITE ||
ret == MBEDTLS_ERR_SSL_WANT_READ) {
@@ -555,16 +559,16 @@
nsapi_error_t TLSSocketWrapper::connect(const SocketAddress &address)
{
- printf("Hello from TLSSocketWrapper::connect().\n");
+ pc.printf("Hello from TLSSocketWrapper::connect().\n");
if (!_transport) {
- printf("transport not available\n");
+ pc.printf("transport not available\n");
return NSAPI_ERROR_NO_SOCKET;
}
//TODO: We could initiate the hanshake here, if there would be separate function call to set the target hostname
nsapi_error_t ret = _transport->connect(address);
if (ret) {
- printf("transport->connect() failed, %d\n", ret);
- printf("error return from TLSSocketWrapper::connect %d\n", ret);
+ pc.printf("transport->connect() failed, %d\n", ret);
+ pc.printf("error return from TLSSocketWrapper::connect %d\n", ret);
return ret;
}
return do_handshake();
--- a/TLSSocketWrapper.h Fri Aug 23 13:29:35 2019 +0000
+++ b/TLSSocketWrapper.h Thu Aug 29 06:43:11 2019 +0000
@@ -28,6 +28,8 @@
#include "mbedtls/timing.h"
#include <Timer.h>
+static RawSerial pc(USBTX, USBRX); // tx, rx
+
//#include "timing_alt.h"
/**
* \brief TLSSocket a wrapper around Socket for interacting with TLS servers
@@ -85,7 +87,8 @@
*/
nsapi_error_t set_client_cert_key(const char *client_cert_pem, const char *client_private_key_pem);
- int set_client_kpsa_kpsaID_cipher();
+ int set_client1_kpsa_kpsaID_cipher();
+ int set_client2_kpsa_kpsaID_cipher();
/** Initiates TLS Handshake
*
* Initiates a TLS hanshake to a remote speer