V.06 11/3
Dependencies: FT6206 SDFileSystem SPI_TFT_ILI9341 TFT_fonts
Fork of ATT_AWS_IoT_demo by
Diff: AWS_openssl/aws_iot_src/protocol/mqtt/aws_iot_embedded_client_wrapper/platform_mbed_os/mbedtls/network_mbedtls_wrapper.cpp
- Revision:
- 18:6370da1de572
- Parent:
- 15:6f2798e45099
- Child:
- 28:54d9a550adf1
diff -r 46780b2de3e4 -r 6370da1de572 AWS_openssl/aws_iot_src/protocol/mqtt/aws_iot_embedded_client_wrapper/platform_mbed_os/mbedtls/network_mbedtls_wrapper.cpp --- a/AWS_openssl/aws_iot_src/protocol/mqtt/aws_iot_embedded_client_wrapper/platform_mbed_os/mbedtls/network_mbedtls_wrapper.cpp Fri Dec 02 22:49:17 2016 +0000 +++ b/AWS_openssl/aws_iot_src/protocol/mqtt/aws_iot_embedded_client_wrapper/platform_mbed_os/mbedtls/network_mbedtls_wrapper.cpp Tue Dec 06 22:31:15 2016 +0000 @@ -16,7 +16,6 @@ #include <stdbool.h> #include <string.h> - #include "aws_iot_config.h" #include "aws_iot_error.h" #include "aws_iot_log.h" @@ -43,6 +42,22 @@ extern WNCTCPSocketConnection* _tcpsocket; #endif +// SD File System +#include "SDFileSystem.h" + +// SD defines +#define CERT_MAX_SIZE 4096 + +// SD file pointer/buffer +FILE *fp; +char fp_buffer[CERT_MAX_SIZE]; + +// From main.cpp +extern char HostAddress[255]; +extern char MqttClientID[32]; +extern char ThingName[32]; +extern char PortString[4]; + /* * This is a function to do further verification if needed on the cert received */ @@ -74,119 +89,145 @@ static mbedtls_pk_context pkey; static mbedtls_net_context server_fd; -// TODO: We can modify these functions to pull certs from an SD card -int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) +// Used to zero the given buffer +static void mbedtls_zeroize( char *v, size_t n ) { + volatile char *p = v; while( n-- ) *p++ = 0; +} + +// Parser sub function +int mqtt_parse_sub(std::string *search_str, char *param, const char *str_to_find) { - //FILE *f; - //long size; + int index_start, index_end; + mbedtls_zeroize(param, strlen(param)); + + index_start = search_str->find(str_to_find); + if (index_start < 0) + return -1; + + index_end = search_str->find("\n", index_start); + if (index_end < 0) + index_end = search_str->find("\0", index_start); + + if (index_end < 0) + return -1; + + index_start += strlen(str_to_find); + strcpy(param, search_str->substr(index_start, index_end-index_start-1).c_str()); + + return 0; +} + +// Read MQTT config info +int mbedtls_mqtt_config_parse_file(ShadowParameters_t *sp, const char *path ) +{ + int ret, size; + mbedtls_zeroize(fp_buffer, CERT_MAX_SIZE); - // Assign cert/key based on 'path' - /* - switch (path[0]) - { - case 'r': - *n = (size_t)(sizeof(AWS_IOT_ROOT_CA)/sizeof(AWS_IOT_ROOT_CA[0])); - *buf = AWS_IOT_ROOT_CA; - break; - case 'c': - *n = (size_t)(sizeof(AWS_IOT_CERTIFICATE)/sizeof(AWS_IOT_CERTIFICATE[0])); - *buf = AWS_IOT_CERTIFICATE; - break; - case 'p': - *n = (size_t)sizeof (AWS_IOT_PRIVATE_KEY); - *buf = (unsigned char *) AWS_IOT_PRIVATE_KEY; - - //ret = mbedtls_pk_parse_key(&pkey, (unsigned char *) AWS_IOT_PRIVATE_KEY, sizeof (AWS_IOT_PRIVATE_KEY), NULL, 0 ); - break; - default: - ERROR(" failed\n ! Unknown option for cert/key\n\r"); - }*/ - - /* - if( ( f = fopen( path, "rb" ) ) == NULL ) - return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); - - fseek( f, 0, SEEK_END ); - if( ( size = ftell( f ) ) == -1 ) - { - fclose( f ); - return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); + INFO("...Reading MQTT data from SD"); + fp = fopen(path, "r"); + if (fp != NULL) { + size = fread(fp_buffer, sizeof(char), CERT_MAX_SIZE, fp); + DEBUG("...Number of data read: %d, text from file: %s", size, fp_buffer); + fclose(fp); + } + else { + ERROR("Could not open file: %s", path); + return -1; + } + + std::string filestr(fp_buffer); + + ret = mqtt_parse_sub(&filestr, HostAddress, "AWS_IOT_MQTT_HOST="); + sp->pHost = HostAddress; + INFO("...Host=%s", sp->pHost); + if (ret < 0) { + ERROR("Could not parse AWS_IOT_MQTT_HOST string."); + return ret; } - fseek( f, 0, SEEK_SET ); - *n = (size_t) size; + ret = mqtt_parse_sub(&filestr, PortString, "AWS_IOT_MQTT_PORT="); + sp->port = atoi(PortString); + INFO("...Port=%d", sp->port); + if (ret < 0) { + ERROR("Could not parse AWS_IOT_MQTT_PORT string."); + return ret; + } - if( *n + 1 == 0 || - ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL ) - { - //fclose( f ); - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + ret = mqtt_parse_sub(&filestr, MqttClientID, "AWS_IOT_MQTT_CLIENT_ID="); + sp->pMqttClientId = MqttClientID; + INFO("...pMqttClientId=%s", sp->pMqttClientId); + if (ret < 0) { + ERROR("Could not parse AWS_IOT_MQTT_CLIENT_ID string."); + return ret; + } + + ret = mqtt_parse_sub(&filestr, ThingName, "AWS_IOT_MY_THING_NAME="); + sp->pMyThingName = ThingName; + INFO("...pMyThingName=%s", sp->pMyThingName); + if (ret < 0) { + ERROR("Could not parse AWS_IOT_MY_THING_NAME string."); + return ret; } - if( fread( *buf, 1, *n, f ) != *n ) - { - fclose( f ); - mbedtls_free( *buf ); - return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); - } - - fclose( f ); - - (*buf)[*n] = '\0'; + return( ret ); +} - if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL ) - ++*n; - */ - - return( 0 ); -} -// Implementation that should never be optimized out by the compiler -static void mbedtls_zeroize( unsigned char *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} +// Override function: Parses CRT from SD int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ) { - int ret; - size_t n; - unsigned char *buf; - - if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) - return( ret ); + int ret, size; + mbedtls_zeroize(fp_buffer, CERT_MAX_SIZE); + + INFO("...Reading CERT data from SD"); + fp = fopen(path, "r"); + if (fp != NULL) { + size = fread(fp_buffer, sizeof(char), CERT_MAX_SIZE, fp); + DEBUG("...Number of data read: %d, text from file: %s", size, fp_buffer); + fclose(fp); + } + else { + ERROR("Could not open file: %s", path); + return -1; + } DEBUG("...CRT Parse"); - ret = mbedtls_x509_crt_parse( chain, buf, n ); - - //mbedtls_zeroize( buf, n ); - //mbedtls_free( buf ); - + ret = mbedtls_x509_crt_parse( chain, (unsigned char *)fp_buffer, size+2); + return( ret ); } + +// Override function: Parses KEY from SD int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, - const char *path, const char *pwd ) + const char *path, const char *pwd ) { - int ret; - size_t n; - unsigned char *buf; + int ret, size; + mbedtls_zeroize(fp_buffer, CERT_MAX_SIZE); - if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) - return( ret ); + INFO("...Reading KEY data from SD"); + fp = fopen(path, "r"); + if (fp != NULL) { + size = fread(fp_buffer, sizeof(char), CERT_MAX_SIZE, fp); + DEBUG("...Number of data read: %d, text from file: %s", size, fp_buffer); + fclose(fp); + } + else { + ERROR("Could not open file: %s", path); + return -1; + } DEBUG("...Key Parse"); if( pwd == NULL ) { DEBUG("...Using PWD"); - ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 ); + ret = mbedtls_pk_parse_key( ctx, (unsigned char *)fp_buffer, size+1, NULL, 0 ); } else { DEBUG("...No PWD"); - ret = mbedtls_pk_parse_key( ctx, buf, n, (const unsigned char *) pwd, strlen( pwd ) ); + ret = mbedtls_pk_parse_key( ctx, (unsigned char *)fp_buffer, size+1, (const unsigned char *) pwd, strlen( pwd ) ); } - - //mbedtls_zeroize( buf, n ); - //mbedtls_free( buf ); - + return( ret ); } -// TODO: File system functions end + /* personalization string for the drbg */ const char *DRBG_PERS = "mbed TLS helloword client"; @@ -232,10 +273,11 @@ const char *pers = "aws_iot_tls_wrapper"; DEBUG("...Loading the CA root certificate"); - // TODO: We can pull the cert from an SD card - //ret = mbedtls_x509_crt_parse_file(&cacert, params.pRootCALocation); +#ifdef USING_SD_CARD + ret = mbedtls_x509_crt_parse_file(&cacert, AWS_IOT_ROOT_CA_FILENAME); +#else ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *)AWS_IOT_ROOT_CA, strlen ((const char *)AWS_IOT_ROOT_CA)+1); - +#endif if (ret < 0) { ERROR(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret); return ret; @@ -244,26 +286,28 @@ DEBUG("...Loading the client cert"); - // TODO: We can pull the cert from an SD card - //ret = mbedtls_x509_crt_parse_file(&clicert, params.pDeviceCertLocation); +#ifdef USING_SD_CARD + ret = mbedtls_x509_crt_parse_file(&clicert, AWS_IOT_CERTIFICATE_FILENAME); +#else ret = mbedtls_x509_crt_parse(&clicert, (const unsigned char *)AWS_IOT_CERTIFICATE, strlen ((const char *)AWS_IOT_CERTIFICATE)+1); +#endif if (ret != 0) { ERROR(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret); return ret; } DEBUG(" ok"); - DEBUG("...Loading the client key"); - // TODO: We can pull the cert from an SD card - //ret = mbedtls_pk_parse_keyfile(&pkey, params.pDevicePrivateKeyLocation, ""); +#ifdef USING_SD_CARD + ret = mbedtls_pk_parse_keyfile(&pkey, AWS_IOT_PRIVATE_KEY_FILENAME, ""); +#else ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *)AWS_IOT_PRIVATE_KEY, strlen ((const char *)AWS_IOT_PRIVATE_KEY)+1, NULL, 0 ); +#endif if (ret != 0) { ERROR(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret); return ret; } DEBUG(" ok"); - char portBuffer[6]; sprintf(portBuffer, "%d", params.DestinationPort);