m2mconnectionsecuritypimpl.h

00001 /*
00002  * Copyright (c) 2015 ARM Limited. All rights reserved.
00003  * SPDX-License-Identifier: Apache-2.0
00004  * Licensed under the Apache License, Version 2.0 (the License); you may
00005  * not use this file except in compliance with the License.
00006  * You may obtain a copy of the License at
00007  *
00008  * http://www.apache.org/licenses/LICENSE-2.0
00009  *
00010  * Unless required by applicable law or agreed to in writing, software
00011  * distributed under the License is distributed on an AS IS BASIS, WITHOUT
00012  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00013  * See the License for the specific language governing permissions and
00014  * limitations under the License.
00015  */
00016 
00017 #ifndef __M2M_CONNECTION_SECURITY_PIMPL_H__
00018 #define __M2M_CONNECTION_SECURITY_PIMPL_H__
00019 
00020 #include "mbed-client/m2mconnectionsecurity.h"
00021 #include "mbed-client/m2mtimerobserver.h"
00022 #include "mbed-client/m2mconstants.h"
00023 #include "mbed-client/m2msecurity.h"
00024 
00025 #include "mbedtls/config.h"
00026 #include "mbedtls/platform.h"
00027 #include "mbedtls/debug.h"
00028 #include "mbedtls/ssl.h"
00029 #include "mbedtls/entropy.h"
00030 #include "mbedtls/ctr_drbg.h"
00031 #include "mbedtls/error.h"
00032 #include "mbedtls/certs.h"
00033 #include "mbedtls/entropy_poll.h"
00034 
00035 class M2MTimer;
00036 
00037 //TODO: Should we let application to select these or not??
00038 const static int PSK_SUITES[] = {
00039     MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
00040     MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
00041     MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
00042     0
00043 };
00044 
00045 
00046 /**
00047  * @brief The M2MConnectionSecurityPimpl class
00048  */
00049 class M2MConnectionSecurityPimpl : public M2MTimerObserver {
00050 
00051 private:
00052 
00053     // Prevents the use of assignment operator by accident.
00054     M2MConnectionSecurityPimpl& operator=( const M2MConnectionSecurityPimpl& /*other*/ );
00055     // Prevents the use of copy constructor by accident
00056     M2MConnectionSecurityPimpl( const M2MConnectionSecurityPimpl& /*other*/ );
00057 
00058 public:
00059 
00060     /**
00061      * @brief Constructor
00062      */
00063     M2MConnectionSecurityPimpl(M2MConnectionSecurity::SecurityMode mode);
00064 
00065     /**
00066     * @brief Destructor
00067     */
00068     virtual ~M2MConnectionSecurityPimpl();
00069 
00070     /**
00071      * \brief Resets the socket connection states.
00072      */
00073     void reset();
00074 
00075     /**
00076      * \brief Initiatlizes the socket connection states.
00077      */
00078     int init(const M2MSecurity *security);
00079 
00080     /**
00081      * \brief Starts the connection in non-blocking mode.
00082      * \param connHandler The ConnectionHandler object that maintains the socket.
00083      * \return Returns the state of the connection. Successful or not.
00084      */
00085     int start_connecting_non_blocking(M2MConnectionHandler* connHandler);
00086 
00087     /**
00088      * \brief Continues connectivity logic for secure connection.
00089      * \return Returns an error code if any while continuing the connection sequence.
00090      */
00091     int continue_connecting();
00092 
00093     /**
00094      * \brief Connects the client to the server.
00095      * \param connHandler The ConnectionHandler object that maintains the socket.
00096      * \return Returns the state of the connection. Successful or not.
00097      */
00098     int connect(M2MConnectionHandler* connHandler);
00099 
00100     /**
00101      * \brief Sends data to the server.
00102      * \param message The data to be sent.
00103      * \param len The length of the data.
00104      * @return Indicates whether the data is sent successfully or not.
00105      */
00106     int send_message(unsigned char *message, int len);
00107 
00108     /**
00109      * \brief Reads the data received from the server.
00110      * \param message The data to be read.
00111      * \param len The length of the data.
00112      * \return Indicates whether the data is read successfully or not.
00113      */
00114     int read(unsigned char* buffer, uint16_t len);
00115 
00116     /**
00117      * \brief Sets the function callback that will be called by mbed-client for
00118      * fetching random number from application for ensuring strong entropy.
00119      * \param random_callback A function pointer that will be called by mbed-client
00120      * while performing secure handshake.
00121      * Function signature should be uint32_t (*random_number_callback)(void);
00122      */
00123     void set_random_number_callback(random_number_cb callback);
00124 
00125     /**
00126      * \brief Sets the function callback that will be called by mbed-client for
00127      * providing entropy source from application for ensuring strong entropy.
00128      * \param entropy_callback A function pointer that will be called by mbed-client
00129      * while performing secure handshake.
00130      * Function signature , if using mbed-client-mbedtls should be
00131      * int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output,
00132      *                                     size_t len, size_t *olen);
00133      */
00134     void set_entropy_callback(entropy_cb callback);
00135 
00136 protected: //From M2MTimerObserver
00137 
00138     virtual void timer_expired(M2MTimerObserver::Type type);
00139 
00140 private:
00141 
00142     int start_handshake();
00143 
00144 private:
00145 
00146     bool                        _init_done;
00147     mbedtls_ssl_config          _conf;
00148     mbedtls_ssl_context         _ssl;
00149     mbedtls_x509_crt            _cacert;
00150     mbedtls_x509_crt            _owncert;
00151     mbedtls_pk_context          _pkey;
00152     mbedtls_ctr_drbg_context    _ctr_drbg;
00153     mbedtls_entropy_context     _entropy;
00154     uint32_t                    _flags;
00155     M2MTimer                    *_timer;
00156     M2MConnectionSecurity::SecurityMode _sec_mode;
00157 
00158     friend class Test_M2MConnectionSecurityPimpl;
00159 };
00160 
00161 #endif //__M2M_CONNECTION_SECURITY_PIMPL_H__