Donald Meyers
/
evan
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
mbed-client/mbed-client-mbed-tls/mbed-client-mbedtls/m2mconnectionsecuritypimpl.h@0:06ee5f8a484a, 2017-03-18 (annotated)
- Committer:
- djmeyers
- Date:
- Sat Mar 18 22:37:16 2017 +0000
- Revision:
- 0:06ee5f8a484a
Initial commit
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| djmeyers | 0:06ee5f8a484a | 1 | /* |
| djmeyers | 0:06ee5f8a484a | 2 | * Copyright (c) 2015 ARM Limited. All rights reserved. |
| djmeyers | 0:06ee5f8a484a | 3 | * SPDX-License-Identifier: Apache-2.0 |
| djmeyers | 0:06ee5f8a484a | 4 | * Licensed under the Apache License, Version 2.0 (the License); you may |
| djmeyers | 0:06ee5f8a484a | 5 | * not use this file except in compliance with the License. |
| djmeyers | 0:06ee5f8a484a | 6 | * You may obtain a copy of the License at |
| djmeyers | 0:06ee5f8a484a | 7 | * |
| djmeyers | 0:06ee5f8a484a | 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| djmeyers | 0:06ee5f8a484a | 9 | * |
| djmeyers | 0:06ee5f8a484a | 10 | * Unless required by applicable law or agreed to in writing, software |
| djmeyers | 0:06ee5f8a484a | 11 | * distributed under the License is distributed on an AS IS BASIS, WITHOUT |
| djmeyers | 0:06ee5f8a484a | 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| djmeyers | 0:06ee5f8a484a | 13 | * See the License for the specific language governing permissions and |
| djmeyers | 0:06ee5f8a484a | 14 | * limitations under the License. |
| djmeyers | 0:06ee5f8a484a | 15 | */ |
| djmeyers | 0:06ee5f8a484a | 16 | |
| djmeyers | 0:06ee5f8a484a | 17 | #ifndef __M2M_CONNECTION_SECURITY_PIMPL_H__ |
| djmeyers | 0:06ee5f8a484a | 18 | #define __M2M_CONNECTION_SECURITY_PIMPL_H__ |
| djmeyers | 0:06ee5f8a484a | 19 | |
| djmeyers | 0:06ee5f8a484a | 20 | #include "mbed-client/m2mconnectionsecurity.h" |
| djmeyers | 0:06ee5f8a484a | 21 | #include "mbed-client/m2mtimerobserver.h" |
| djmeyers | 0:06ee5f8a484a | 22 | #include "mbed-client/m2mconstants.h" |
| djmeyers | 0:06ee5f8a484a | 23 | #include "mbed-client/m2msecurity.h" |
| djmeyers | 0:06ee5f8a484a | 24 | |
| djmeyers | 0:06ee5f8a484a | 25 | #include "mbedtls/config.h" |
| djmeyers | 0:06ee5f8a484a | 26 | #include "mbedtls/platform.h" |
| djmeyers | 0:06ee5f8a484a | 27 | #include "mbedtls/debug.h" |
| djmeyers | 0:06ee5f8a484a | 28 | #include "mbedtls/ssl.h" |
| djmeyers | 0:06ee5f8a484a | 29 | #include "mbedtls/entropy.h" |
| djmeyers | 0:06ee5f8a484a | 30 | #include "mbedtls/ctr_drbg.h" |
| djmeyers | 0:06ee5f8a484a | 31 | #include "mbedtls/error.h" |
| djmeyers | 0:06ee5f8a484a | 32 | #include "mbedtls/certs.h" |
| djmeyers | 0:06ee5f8a484a | 33 | #include "mbedtls/entropy_poll.h" |
| djmeyers | 0:06ee5f8a484a | 34 | |
| djmeyers | 0:06ee5f8a484a | 35 | class M2MTimer; |
| djmeyers | 0:06ee5f8a484a | 36 | |
| djmeyers | 0:06ee5f8a484a | 37 | //TODO: Should we let application to select these or not?? |
| djmeyers | 0:06ee5f8a484a | 38 | const static int PSK_SUITES[] = { |
| djmeyers | 0:06ee5f8a484a | 39 | MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, |
| djmeyers | 0:06ee5f8a484a | 40 | MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, |
| djmeyers | 0:06ee5f8a484a | 41 | MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, |
| djmeyers | 0:06ee5f8a484a | 42 | 0 |
| djmeyers | 0:06ee5f8a484a | 43 | }; |
| djmeyers | 0:06ee5f8a484a | 44 | |
| djmeyers | 0:06ee5f8a484a | 45 | |
| djmeyers | 0:06ee5f8a484a | 46 | /** |
| djmeyers | 0:06ee5f8a484a | 47 | * @brief The M2MConnectionSecurityPimpl class |
| djmeyers | 0:06ee5f8a484a | 48 | */ |
| djmeyers | 0:06ee5f8a484a | 49 | class M2MConnectionSecurityPimpl : public M2MTimerObserver { |
| djmeyers | 0:06ee5f8a484a | 50 | |
| djmeyers | 0:06ee5f8a484a | 51 | private: |
| djmeyers | 0:06ee5f8a484a | 52 | |
| djmeyers | 0:06ee5f8a484a | 53 | // Prevents the use of assignment operator by accident. |
| djmeyers | 0:06ee5f8a484a | 54 | M2MConnectionSecurityPimpl& operator=( const M2MConnectionSecurityPimpl& /*other*/ ); |
| djmeyers | 0:06ee5f8a484a | 55 | // Prevents the use of copy constructor by accident |
| djmeyers | 0:06ee5f8a484a | 56 | M2MConnectionSecurityPimpl( const M2MConnectionSecurityPimpl& /*other*/ ); |
| djmeyers | 0:06ee5f8a484a | 57 | |
| djmeyers | 0:06ee5f8a484a | 58 | public: |
| djmeyers | 0:06ee5f8a484a | 59 | |
| djmeyers | 0:06ee5f8a484a | 60 | /** |
| djmeyers | 0:06ee5f8a484a | 61 | * @brief Constructor |
| djmeyers | 0:06ee5f8a484a | 62 | */ |
| djmeyers | 0:06ee5f8a484a | 63 | M2MConnectionSecurityPimpl(M2MConnectionSecurity::SecurityMode mode); |
| djmeyers | 0:06ee5f8a484a | 64 | |
| djmeyers | 0:06ee5f8a484a | 65 | /** |
| djmeyers | 0:06ee5f8a484a | 66 | * @brief Destructor |
| djmeyers | 0:06ee5f8a484a | 67 | */ |
| djmeyers | 0:06ee5f8a484a | 68 | virtual ~M2MConnectionSecurityPimpl(); |
| djmeyers | 0:06ee5f8a484a | 69 | |
| djmeyers | 0:06ee5f8a484a | 70 | /** |
| djmeyers | 0:06ee5f8a484a | 71 | * \brief Resets the socket connection states. |
| djmeyers | 0:06ee5f8a484a | 72 | */ |
| djmeyers | 0:06ee5f8a484a | 73 | void reset(); |
| djmeyers | 0:06ee5f8a484a | 74 | |
| djmeyers | 0:06ee5f8a484a | 75 | /** |
| djmeyers | 0:06ee5f8a484a | 76 | * \brief Initiatlizes the socket connection states. |
| djmeyers | 0:06ee5f8a484a | 77 | */ |
| djmeyers | 0:06ee5f8a484a | 78 | int init(const M2MSecurity *security); |
| djmeyers | 0:06ee5f8a484a | 79 | |
| djmeyers | 0:06ee5f8a484a | 80 | /** |
| djmeyers | 0:06ee5f8a484a | 81 | * \brief Starts the connection in non-blocking mode. |
| djmeyers | 0:06ee5f8a484a | 82 | * \param connHandler The ConnectionHandler object that maintains the socket. |
| djmeyers | 0:06ee5f8a484a | 83 | * \return Returns the state of the connection. Successful or not. |
| djmeyers | 0:06ee5f8a484a | 84 | */ |
| djmeyers | 0:06ee5f8a484a | 85 | int start_connecting_non_blocking(M2MConnectionHandler* connHandler); |
| djmeyers | 0:06ee5f8a484a | 86 | |
| djmeyers | 0:06ee5f8a484a | 87 | /** |
| djmeyers | 0:06ee5f8a484a | 88 | * \brief Continues connectivity logic for secure connection. |
| djmeyers | 0:06ee5f8a484a | 89 | * \return Returns an error code if any while continuing the connection sequence. |
| djmeyers | 0:06ee5f8a484a | 90 | */ |
| djmeyers | 0:06ee5f8a484a | 91 | int continue_connecting(); |
| djmeyers | 0:06ee5f8a484a | 92 | |
| djmeyers | 0:06ee5f8a484a | 93 | /** |
| djmeyers | 0:06ee5f8a484a | 94 | * \brief Connects the client to the server. |
| djmeyers | 0:06ee5f8a484a | 95 | * \param connHandler The ConnectionHandler object that maintains the socket. |
| djmeyers | 0:06ee5f8a484a | 96 | * \return Returns the state of the connection. Successful or not. |
| djmeyers | 0:06ee5f8a484a | 97 | */ |
| djmeyers | 0:06ee5f8a484a | 98 | int connect(M2MConnectionHandler* connHandler); |
| djmeyers | 0:06ee5f8a484a | 99 | |
| djmeyers | 0:06ee5f8a484a | 100 | /** |
| djmeyers | 0:06ee5f8a484a | 101 | * \brief Sends data to the server. |
| djmeyers | 0:06ee5f8a484a | 102 | * \param message The data to be sent. |
| djmeyers | 0:06ee5f8a484a | 103 | * \param len The length of the data. |
| djmeyers | 0:06ee5f8a484a | 104 | * @return Indicates whether the data is sent successfully or not. |
| djmeyers | 0:06ee5f8a484a | 105 | */ |
| djmeyers | 0:06ee5f8a484a | 106 | int send_message(unsigned char *message, int len); |
| djmeyers | 0:06ee5f8a484a | 107 | |
| djmeyers | 0:06ee5f8a484a | 108 | /** |
| djmeyers | 0:06ee5f8a484a | 109 | * \brief Reads the data received from the server. |
| djmeyers | 0:06ee5f8a484a | 110 | * \param message The data to be read. |
| djmeyers | 0:06ee5f8a484a | 111 | * \param len The length of the data. |
| djmeyers | 0:06ee5f8a484a | 112 | * \return Indicates whether the data is read successfully or not. |
| djmeyers | 0:06ee5f8a484a | 113 | */ |
| djmeyers | 0:06ee5f8a484a | 114 | int read(unsigned char* buffer, uint16_t len); |
| djmeyers | 0:06ee5f8a484a | 115 | |
| djmeyers | 0:06ee5f8a484a | 116 | /** |
| djmeyers | 0:06ee5f8a484a | 117 | * \brief Sets the function callback that will be called by mbed-client for |
| djmeyers | 0:06ee5f8a484a | 118 | * fetching random number from application for ensuring strong entropy. |
| djmeyers | 0:06ee5f8a484a | 119 | * \param random_callback A function pointer that will be called by mbed-client |
| djmeyers | 0:06ee5f8a484a | 120 | * while performing secure handshake. |
| djmeyers | 0:06ee5f8a484a | 121 | * Function signature should be uint32_t (*random_number_callback)(void); |
| djmeyers | 0:06ee5f8a484a | 122 | */ |
| djmeyers | 0:06ee5f8a484a | 123 | void set_random_number_callback(random_number_cb callback); |
| djmeyers | 0:06ee5f8a484a | 124 | |
| djmeyers | 0:06ee5f8a484a | 125 | /** |
| djmeyers | 0:06ee5f8a484a | 126 | * \brief Sets the function callback that will be called by mbed-client for |
| djmeyers | 0:06ee5f8a484a | 127 | * providing entropy source from application for ensuring strong entropy. |
| djmeyers | 0:06ee5f8a484a | 128 | * \param entropy_callback A function pointer that will be called by mbed-client |
| djmeyers | 0:06ee5f8a484a | 129 | * while performing secure handshake. |
| djmeyers | 0:06ee5f8a484a | 130 | * Function signature , if using mbed-client-mbedtls should be |
| djmeyers | 0:06ee5f8a484a | 131 | * int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, |
| djmeyers | 0:06ee5f8a484a | 132 | * size_t len, size_t *olen); |
| djmeyers | 0:06ee5f8a484a | 133 | */ |
| djmeyers | 0:06ee5f8a484a | 134 | void set_entropy_callback(entropy_cb callback); |
| djmeyers | 0:06ee5f8a484a | 135 | |
| djmeyers | 0:06ee5f8a484a | 136 | protected: //From M2MTimerObserver |
| djmeyers | 0:06ee5f8a484a | 137 | |
| djmeyers | 0:06ee5f8a484a | 138 | virtual void timer_expired(M2MTimerObserver::Type type); |
| djmeyers | 0:06ee5f8a484a | 139 | |
| djmeyers | 0:06ee5f8a484a | 140 | private: |
| djmeyers | 0:06ee5f8a484a | 141 | |
| djmeyers | 0:06ee5f8a484a | 142 | int start_handshake(); |
| djmeyers | 0:06ee5f8a484a | 143 | |
| djmeyers | 0:06ee5f8a484a | 144 | private: |
| djmeyers | 0:06ee5f8a484a | 145 | |
| djmeyers | 0:06ee5f8a484a | 146 | bool _init_done; |
| djmeyers | 0:06ee5f8a484a | 147 | mbedtls_ssl_config _conf; |
| djmeyers | 0:06ee5f8a484a | 148 | mbedtls_ssl_context _ssl; |
| djmeyers | 0:06ee5f8a484a | 149 | mbedtls_x509_crt _cacert; |
| djmeyers | 0:06ee5f8a484a | 150 | mbedtls_x509_crt _owncert; |
| djmeyers | 0:06ee5f8a484a | 151 | mbedtls_pk_context _pkey; |
| djmeyers | 0:06ee5f8a484a | 152 | mbedtls_ctr_drbg_context _ctr_drbg; |
| djmeyers | 0:06ee5f8a484a | 153 | mbedtls_entropy_context _entropy; |
| djmeyers | 0:06ee5f8a484a | 154 | uint32_t _flags; |
| djmeyers | 0:06ee5f8a484a | 155 | M2MTimer *_timer; |
| djmeyers | 0:06ee5f8a484a | 156 | M2MConnectionSecurity::SecurityMode _sec_mode; |
| djmeyers | 0:06ee5f8a484a | 157 | |
| djmeyers | 0:06ee5f8a484a | 158 | friend class Test_M2MConnectionSecurityPimpl; |
| djmeyers | 0:06ee5f8a484a | 159 | }; |
| djmeyers | 0:06ee5f8a484a | 160 | |
| djmeyers | 0:06ee5f8a484a | 161 | #endif //__M2M_CONNECTION_SECURITY_PIMPL_H__ |