Kenji Arai
mbed-os5 only for TYBLE16
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
features/netsocket/TLSSocketWrapper.h@1:9db0e321a9f4, 2019-12-31 (annotated)
- Committer:
- kenjiArai
- Date:
- Tue Dec 31 06:02:27 2019 +0000
- Revision:
- 1:9db0e321a9f4
- Parent:
- 0:5b88d5760320
updated based on mbed-os5.15.0
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| kenjiArai | 0:5b88d5760320 | 1 | /** @file TLSSocketWrapper.h TLSSocketWrapper */ |
| kenjiArai | 0:5b88d5760320 | 2 | /* |
| kenjiArai | 0:5b88d5760320 | 3 | * Copyright (c) 2018 ARM Limited |
| kenjiArai | 0:5b88d5760320 | 4 | * SPDX-License-Identifier: Apache-2.0 |
| kenjiArai | 0:5b88d5760320 | 5 | * |
| kenjiArai | 0:5b88d5760320 | 6 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| kenjiArai | 0:5b88d5760320 | 7 | * you may not use this file except in compliance with the License. |
| kenjiArai | 0:5b88d5760320 | 8 | * You may obtain a copy of the License at |
| kenjiArai | 0:5b88d5760320 | 9 | * |
| kenjiArai | 0:5b88d5760320 | 10 | * http://www.apache.org/licenses/LICENSE-2.0 |
| kenjiArai | 0:5b88d5760320 | 11 | * |
| kenjiArai | 0:5b88d5760320 | 12 | * Unless required by applicable law or agreed to in writing, software |
| kenjiArai | 0:5b88d5760320 | 13 | * distributed under the License is distributed on an "AS IS" BASIS, |
| kenjiArai | 0:5b88d5760320 | 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| kenjiArai | 0:5b88d5760320 | 15 | * See the License for the specific language governing permissions and |
| kenjiArai | 0:5b88d5760320 | 16 | * limitations under the License. |
| kenjiArai | 0:5b88d5760320 | 17 | */ |
| kenjiArai | 0:5b88d5760320 | 18 | /** @addtogroup netsocket |
| kenjiArai | 0:5b88d5760320 | 19 | * @{ |
| kenjiArai | 0:5b88d5760320 | 20 | */ |
| kenjiArai | 0:5b88d5760320 | 21 | |
| kenjiArai | 0:5b88d5760320 | 22 | #ifndef _MBED_HTTPS_TLS_SOCKET_WRAPPER_H_ |
| kenjiArai | 0:5b88d5760320 | 23 | #define _MBED_HTTPS_TLS_SOCKET_WRAPPER_H_ |
| kenjiArai | 0:5b88d5760320 | 24 | |
| kenjiArai | 0:5b88d5760320 | 25 | #include "netsocket/Socket.h" |
| kenjiArai | 0:5b88d5760320 | 26 | #include "rtos/EventFlags.h" |
| kenjiArai | 0:5b88d5760320 | 27 | #include "platform/Callback.h" |
| kenjiArai | 0:5b88d5760320 | 28 | #include "mbedtls/platform.h" |
| kenjiArai | 0:5b88d5760320 | 29 | #include "mbedtls/ssl.h" |
| kenjiArai | 0:5b88d5760320 | 30 | #include "mbedtls/entropy.h" |
| kenjiArai | 0:5b88d5760320 | 31 | #include "mbedtls/ctr_drbg.h" |
| kenjiArai | 0:5b88d5760320 | 32 | #include "mbedtls/error.h" |
| kenjiArai | 0:5b88d5760320 | 33 | |
| kenjiArai | 0:5b88d5760320 | 34 | // This class requires Mbed TLS SSL/TLS client code |
| kenjiArai | 0:5b88d5760320 | 35 | #if defined(MBEDTLS_SSL_CLI_C) || defined(DOXYGEN_ONLY) |
| kenjiArai | 0:5b88d5760320 | 36 | |
| kenjiArai | 0:5b88d5760320 | 37 | /** |
| kenjiArai | 0:5b88d5760320 | 38 | * TLSSocket is a wrapper around Socket for interacting with TLS servers. |
| kenjiArai | 0:5b88d5760320 | 39 | * |
| kenjiArai | 0:5b88d5760320 | 40 | * TLSSocketWrapper can use any Socket as a transport. After |
| kenjiArai | 0:5b88d5760320 | 41 | * completing the TLS handshake, it can be used as any Socket would be used. |
| kenjiArai | 0:5b88d5760320 | 42 | * |
| kenjiArai | 0:5b88d5760320 | 43 | */ |
| kenjiArai | 0:5b88d5760320 | 44 | class TLSSocketWrapper : public Socket { |
| kenjiArai | 0:5b88d5760320 | 45 | public: |
| kenjiArai | 0:5b88d5760320 | 46 | /** Transport modes */ |
| kenjiArai | 0:5b88d5760320 | 47 | enum control_transport { |
| kenjiArai | 0:5b88d5760320 | 48 | TRANSPORT_KEEP, /**< Doesn't call connect() or close() on transport socket */ |
| kenjiArai | 0:5b88d5760320 | 49 | TRANSPORT_CONNECT_AND_CLOSE, /**< Does call connect() and close() on transport socket */ |
| kenjiArai | 0:5b88d5760320 | 50 | TRANSPORT_CONNECT, /**< Does call only connect() on transport socket */ |
| kenjiArai | 0:5b88d5760320 | 51 | TRANSPORT_CLOSE, /**< Does call close() on transport socket */ |
| kenjiArai | 0:5b88d5760320 | 52 | }; |
| kenjiArai | 0:5b88d5760320 | 53 | |
| kenjiArai | 0:5b88d5760320 | 54 | /** Create a TLSSocketWrapper. |
| kenjiArai | 0:5b88d5760320 | 55 | * |
| kenjiArai | 0:5b88d5760320 | 56 | * @param transport Underlying transport socket to wrap. |
| kenjiArai | 0:5b88d5760320 | 57 | * @param hostname Hostname of the remote host, used for certificate checking. |
| kenjiArai | 0:5b88d5760320 | 58 | * @param control Transport control mode. See @ref control_transport. |
| kenjiArai | 0:5b88d5760320 | 59 | */ |
| kenjiArai | 0:5b88d5760320 | 60 | TLSSocketWrapper(Socket *transport, const char *hostname = NULL, control_transport control = TRANSPORT_CONNECT_AND_CLOSE); |
| kenjiArai | 0:5b88d5760320 | 61 | |
| kenjiArai | 0:5b88d5760320 | 62 | /** Destroy a socket wrapper. |
| kenjiArai | 0:5b88d5760320 | 63 | * |
| kenjiArai | 0:5b88d5760320 | 64 | * Closes socket wrapper if the socket wrapper is still open. |
| kenjiArai | 0:5b88d5760320 | 65 | */ |
| kenjiArai | 0:5b88d5760320 | 66 | virtual ~TLSSocketWrapper(); |
| kenjiArai | 0:5b88d5760320 | 67 | |
| kenjiArai | 0:5b88d5760320 | 68 | /** Set hostname. |
| kenjiArai | 0:5b88d5760320 | 69 | * |
| kenjiArai | 0:5b88d5760320 | 70 | * TLSSocket requires hostname used to verify the certificate. |
| kenjiArai | 0:5b88d5760320 | 71 | * If hostname is not given in constructor, this function must be used before |
| kenjiArai | 0:5b88d5760320 | 72 | * starting the TLS handshake. |
| kenjiArai | 0:5b88d5760320 | 73 | * |
| kenjiArai | 0:5b88d5760320 | 74 | * @param hostname Hostname of the remote host, used for certificate checking. |
| kenjiArai | 0:5b88d5760320 | 75 | */ |
| kenjiArai | 0:5b88d5760320 | 76 | void set_hostname(const char *hostname); |
| kenjiArai | 0:5b88d5760320 | 77 | |
| kenjiArai | 0:5b88d5760320 | 78 | /** Sets the certification of Root CA. |
| kenjiArai | 0:5b88d5760320 | 79 | * |
| kenjiArai | 0:5b88d5760320 | 80 | * @note Must be called before calling connect() |
| kenjiArai | 0:5b88d5760320 | 81 | * |
| kenjiArai | 0:5b88d5760320 | 82 | * @param root_ca Root CA Certificate in any Mbed TLS-supported format. |
| kenjiArai | 0:5b88d5760320 | 83 | * @param len Length of certificate (including terminating 0 for PEM). |
| kenjiArai | 1:9db0e321a9f4 | 84 | * @retval NSAPI_ERROR_OK on success. |
| kenjiArai | 1:9db0e321a9f4 | 85 | * @retval NSAPI_ERROR_NO_MEMORY in case there is not enough memory to allocate certificate. |
| kenjiArai | 1:9db0e321a9f4 | 86 | * @retval NSAPI_ERROR_PARAMETER in case the provided root_ca parameter failed parsing. |
| kenjiArai | 0:5b88d5760320 | 87 | */ |
| kenjiArai | 0:5b88d5760320 | 88 | nsapi_error_t set_root_ca_cert(const void *root_ca, size_t len); |
| kenjiArai | 0:5b88d5760320 | 89 | |
| kenjiArai | 0:5b88d5760320 | 90 | /** Sets the certification of Root CA. |
| kenjiArai | 0:5b88d5760320 | 91 | * |
| kenjiArai | 0:5b88d5760320 | 92 | * @note Must be called before calling connect() |
| kenjiArai | 0:5b88d5760320 | 93 | * |
| kenjiArai | 0:5b88d5760320 | 94 | * @param root_ca_pem Root CA Certificate in PEM format. |
| kenjiArai | 1:9db0e321a9f4 | 95 | * @retval NSAPI_ERROR_OK on success. |
| kenjiArai | 1:9db0e321a9f4 | 96 | * @retval NSAPI_ERROR_NO_MEMORY in case there is not enough memory to allocate certificate. |
| kenjiArai | 1:9db0e321a9f4 | 97 | * @retval NSAPI_ERROR_PARAMETER in case the provided root_ca parameter failed parsing. |
| kenjiArai | 0:5b88d5760320 | 98 | */ |
| kenjiArai | 0:5b88d5760320 | 99 | nsapi_error_t set_root_ca_cert(const char *root_ca_pem); |
| kenjiArai | 0:5b88d5760320 | 100 | |
| kenjiArai | 0:5b88d5760320 | 101 | /** Sets client certificate, and client private key. |
| kenjiArai | 0:5b88d5760320 | 102 | * |
| kenjiArai | 0:5b88d5760320 | 103 | * @param client_cert Client certification in PEM or DER format. |
| kenjiArai | 0:5b88d5760320 | 104 | * @param client_cert_len Certificate size including the terminating null byte for PEM data. |
| kenjiArai | 0:5b88d5760320 | 105 | * @param client_private_key_pem Client private key in PEM or DER format. |
| kenjiArai | 0:5b88d5760320 | 106 | * @param client_private_key_len Key size including the terminating null byte for PEM data |
| kenjiArai | 1:9db0e321a9f4 | 107 | * @retval NSAPI_ERROR_OK on success. |
| kenjiArai | 1:9db0e321a9f4 | 108 | * @retval NSAPI_ERROR_PARAMETER in case the provided root_ca parameter failed parsing. |
| kenjiArai | 0:5b88d5760320 | 109 | */ |
| kenjiArai | 0:5b88d5760320 | 110 | nsapi_error_t set_client_cert_key(const void *client_cert, size_t client_cert_len, |
| kenjiArai | 0:5b88d5760320 | 111 | const void *client_private_key_pem, size_t client_private_key_len); |
| kenjiArai | 0:5b88d5760320 | 112 | |
| kenjiArai | 0:5b88d5760320 | 113 | /** Sets client certificate, and client private key. |
| kenjiArai | 0:5b88d5760320 | 114 | * |
| kenjiArai | 0:5b88d5760320 | 115 | * @param client_cert_pem Client certification in PEM format. |
| kenjiArai | 0:5b88d5760320 | 116 | * @param client_private_key_pem Client private key in PEM format. |
| kenjiArai | 1:9db0e321a9f4 | 117 | * @retval NSAPI_ERROR_OK on success. |
| kenjiArai | 1:9db0e321a9f4 | 118 | * @retval NSAPI_ERROR_PARAMETER in case the provided root_ca parameter failed parsing. |
| kenjiArai | 0:5b88d5760320 | 119 | */ |
| kenjiArai | 0:5b88d5760320 | 120 | nsapi_error_t set_client_cert_key(const char *client_cert_pem, const char *client_private_key_pem); |
| kenjiArai | 0:5b88d5760320 | 121 | |
| kenjiArai | 0:5b88d5760320 | 122 | /** Send data over a TLS socket. |
| kenjiArai | 0:5b88d5760320 | 123 | * |
| kenjiArai | 0:5b88d5760320 | 124 | * The socket must be connected to a remote host. Returns the number of |
| kenjiArai | 0:5b88d5760320 | 125 | * bytes sent from the buffer. |
| kenjiArai | 0:5b88d5760320 | 126 | * |
| kenjiArai | 0:5b88d5760320 | 127 | * @param data Buffer of data to send to the host. |
| kenjiArai | 0:5b88d5760320 | 128 | * @param size Size of the buffer in bytes. |
| kenjiArai | 1:9db0e321a9f4 | 129 | * @retval int Number of sent bytes on success |
| kenjiArai | 1:9db0e321a9f4 | 130 | * @retval NSAPI_ERROR_NO_SOCKET in case socket was not created correctly. |
| kenjiArai | 1:9db0e321a9f4 | 131 | * @retval NSAPI_ERROR_WOULD_BLOCK in case non-blocking mode is enabled |
| kenjiArai | 1:9db0e321a9f4 | 132 | * and send cannot be performed immediately. |
| kenjiArai | 1:9db0e321a9f4 | 133 | * @retval NSAPI_ERROR_DEVICE_ERROR in case of tls-related errors. |
| kenjiArai | 1:9db0e321a9f4 | 134 | * See @ref mbedtls_ssl_write. |
| kenjiArai | 0:5b88d5760320 | 135 | */ |
| kenjiArai | 0:5b88d5760320 | 136 | virtual nsapi_error_t send(const void *data, nsapi_size_t size); |
| kenjiArai | 0:5b88d5760320 | 137 | |
| kenjiArai | 0:5b88d5760320 | 138 | /** Receive data over a TLS socket. |
| kenjiArai | 0:5b88d5760320 | 139 | * |
| kenjiArai | 0:5b88d5760320 | 140 | * The socket must be connected to a remote host. Returns the number of |
| kenjiArai | 0:5b88d5760320 | 141 | * bytes received into the buffer. |
| kenjiArai | 0:5b88d5760320 | 142 | * |
| kenjiArai | 0:5b88d5760320 | 143 | * @param data Destination buffer for data received from the host. |
| kenjiArai | 0:5b88d5760320 | 144 | * @param size Size of the buffer in bytes. |
| kenjiArai | 1:9db0e321a9f4 | 145 | * @retval int Number of sent bytes on success |
| kenjiArai | 1:9db0e321a9f4 | 146 | * @retval NSAPI_ERROR_NO_SOCKET in case socket was not created correctly. |
| kenjiArai | 1:9db0e321a9f4 | 147 | * @retval NSAPI_ERROR_WOULD_BLOCK in case non-blocking mode is enabled |
| kenjiArai | 1:9db0e321a9f4 | 148 | * and send cannot be performed immediately. |
| kenjiArai | 1:9db0e321a9f4 | 149 | * @retval NSAPI_ERROR_DEVICE_ERROR in case of tls-related errors. |
| kenjiArai | 1:9db0e321a9f4 | 150 | * See @ref mbedtls_ssl_read. |
| kenjiArai | 1:9db0e321a9f4 | 151 | * @return 0 if no data is available to be received |
| kenjiArai | 1:9db0e321a9f4 | 152 | * and the peer has performed an orderly shutdown. |
| kenjiArai | 0:5b88d5760320 | 153 | */ |
| kenjiArai | 0:5b88d5760320 | 154 | virtual nsapi_size_or_error_t recv(void *data, nsapi_size_t size); |
| kenjiArai | 0:5b88d5760320 | 155 | |
| kenjiArai | 0:5b88d5760320 | 156 | /* = Functions inherited from Socket = */ |
| kenjiArai | 0:5b88d5760320 | 157 | virtual nsapi_error_t close(); |
| kenjiArai | 1:9db0e321a9f4 | 158 | /** |
| kenjiArai | 1:9db0e321a9f4 | 159 | * Connect the transport socket and start handshake. |
| kenjiArai | 1:9db0e321a9f4 | 160 | * |
| kenjiArai | 0:5b88d5760320 | 161 | * @note: In case connect() returns an error, the state of the socket is |
| kenjiArai | 0:5b88d5760320 | 162 | * unspecified. A new socket should be created before reconnecting. |
| kenjiArai | 1:9db0e321a9f4 | 163 | * |
| kenjiArai | 1:9db0e321a9f4 | 164 | * See @ref Socket::connect and @ref start_handshake |
| kenjiArai | 0:5b88d5760320 | 165 | */ |
| kenjiArai | 0:5b88d5760320 | 166 | virtual nsapi_error_t connect(const SocketAddress &address = SocketAddress()); |
| kenjiArai | 0:5b88d5760320 | 167 | virtual nsapi_size_or_error_t sendto(const SocketAddress &address, const void *data, nsapi_size_t size); |
| kenjiArai | 0:5b88d5760320 | 168 | virtual nsapi_size_or_error_t recvfrom(SocketAddress *address, |
| kenjiArai | 0:5b88d5760320 | 169 | void *data, nsapi_size_t size); |
| kenjiArai | 0:5b88d5760320 | 170 | virtual nsapi_error_t bind(const SocketAddress &address); |
| kenjiArai | 0:5b88d5760320 | 171 | virtual void set_blocking(bool blocking); |
| kenjiArai | 0:5b88d5760320 | 172 | virtual void set_timeout(int timeout); |
| kenjiArai | 0:5b88d5760320 | 173 | virtual void sigio(mbed::Callback<void()> func); |
| kenjiArai | 0:5b88d5760320 | 174 | virtual nsapi_error_t setsockopt(int level, int optname, const void *optval, unsigned optlen); |
| kenjiArai | 0:5b88d5760320 | 175 | virtual nsapi_error_t getsockopt(int level, int optname, void *optval, unsigned *optlen); |
| kenjiArai | 0:5b88d5760320 | 176 | virtual Socket *accept(nsapi_error_t *error = NULL); |
| kenjiArai | 0:5b88d5760320 | 177 | virtual nsapi_error_t listen(int backlog = 1); |
| kenjiArai | 0:5b88d5760320 | 178 | virtual nsapi_error_t getpeername(SocketAddress *address); |
| kenjiArai | 0:5b88d5760320 | 179 | |
| kenjiArai | 0:5b88d5760320 | 180 | #if defined(MBEDTLS_X509_CRT_PARSE_C) || defined(DOXYGEN_ONLY) |
| kenjiArai | 0:5b88d5760320 | 181 | /** Get own certificate directly from Mbed TLS. |
| kenjiArai | 0:5b88d5760320 | 182 | * |
| kenjiArai | 0:5b88d5760320 | 183 | * @return Internal Mbed TLS X509 structure. |
| kenjiArai | 0:5b88d5760320 | 184 | */ |
| kenjiArai | 0:5b88d5760320 | 185 | mbedtls_x509_crt *get_own_cert(); |
| kenjiArai | 0:5b88d5760320 | 186 | |
| kenjiArai | 0:5b88d5760320 | 187 | /** Set own certificate directly to Mbed TLS. |
| kenjiArai | 0:5b88d5760320 | 188 | * |
| kenjiArai | 0:5b88d5760320 | 189 | * @param crt Mbed TLS X509 certificate chain. |
| kenjiArai | 0:5b88d5760320 | 190 | * @return error code from mbedtls_ssl_conf_own_cert(). |
| kenjiArai | 0:5b88d5760320 | 191 | */ |
| kenjiArai | 0:5b88d5760320 | 192 | int set_own_cert(mbedtls_x509_crt *crt); |
| kenjiArai | 0:5b88d5760320 | 193 | |
| kenjiArai | 0:5b88d5760320 | 194 | /** Get CA chain structure. |
| kenjiArai | 0:5b88d5760320 | 195 | * |
| kenjiArai | 0:5b88d5760320 | 196 | * @return Mbed TLS X509 certificate chain. |
| kenjiArai | 0:5b88d5760320 | 197 | */ |
| kenjiArai | 0:5b88d5760320 | 198 | mbedtls_x509_crt *get_ca_chain(); |
| kenjiArai | 0:5b88d5760320 | 199 | |
| kenjiArai | 0:5b88d5760320 | 200 | /** Set CA chain directly to Mbed TLS. |
| kenjiArai | 0:5b88d5760320 | 201 | * |
| kenjiArai | 0:5b88d5760320 | 202 | * @param crt Mbed TLS X509 certificate chain. |
| kenjiArai | 0:5b88d5760320 | 203 | */ |
| kenjiArai | 0:5b88d5760320 | 204 | void set_ca_chain(mbedtls_x509_crt *crt); |
| kenjiArai | 0:5b88d5760320 | 205 | #endif |
| kenjiArai | 0:5b88d5760320 | 206 | |
| kenjiArai | 0:5b88d5760320 | 207 | /** Get internal Mbed TLS configuration structure. |
| kenjiArai | 0:5b88d5760320 | 208 | * |
| kenjiArai | 0:5b88d5760320 | 209 | * @return Mbed TLS SSL config. |
| kenjiArai | 0:5b88d5760320 | 210 | */ |
| kenjiArai | 0:5b88d5760320 | 211 | mbedtls_ssl_config *get_ssl_config(); |
| kenjiArai | 0:5b88d5760320 | 212 | |
| kenjiArai | 0:5b88d5760320 | 213 | /** Override Mbed TLS configuration. |
| kenjiArai | 0:5b88d5760320 | 214 | * |
| kenjiArai | 0:5b88d5760320 | 215 | * @param conf Mbed TLS SSL configuration structure. |
| kenjiArai | 0:5b88d5760320 | 216 | */ |
| kenjiArai | 0:5b88d5760320 | 217 | void set_ssl_config(mbedtls_ssl_config *conf); |
| kenjiArai | 0:5b88d5760320 | 218 | |
| kenjiArai | 0:5b88d5760320 | 219 | /** Get internal Mbed TLS context structure. |
| kenjiArai | 0:5b88d5760320 | 220 | * |
| kenjiArai | 0:5b88d5760320 | 221 | * @return SSL context. |
| kenjiArai | 0:5b88d5760320 | 222 | */ |
| kenjiArai | 0:5b88d5760320 | 223 | mbedtls_ssl_context *get_ssl_context(); |
| kenjiArai | 0:5b88d5760320 | 224 | |
| kenjiArai | 0:5b88d5760320 | 225 | protected: |
| kenjiArai | 0:5b88d5760320 | 226 | #ifndef DOXYGEN_ONLY |
| kenjiArai | 0:5b88d5760320 | 227 | /** Initiates TLS Handshake. |
| kenjiArai | 0:5b88d5760320 | 228 | * |
| kenjiArai | 0:5b88d5760320 | 229 | * Initiates a TLS handshake to a remote peer. |
| kenjiArai | 0:5b88d5760320 | 230 | * Underlying transport socket should already be connected. |
| kenjiArai | 0:5b88d5760320 | 231 | * |
| kenjiArai | 0:5b88d5760320 | 232 | * Root CA certification must be set by set_ssl_ca_pem() before |
| kenjiArai | 0:5b88d5760320 | 233 | * calling this function. |
| kenjiArai | 0:5b88d5760320 | 234 | * |
| kenjiArai | 0:5b88d5760320 | 235 | * For non-blocking purposes, this functions needs to know whether this |
| kenjiArai | 0:5b88d5760320 | 236 | * was a first call to Socket::connect() API so that NSAPI_ERROR_INPROGRESS |
| kenjiArai | 0:5b88d5760320 | 237 | * does not happen twice. |
| kenjiArai | 0:5b88d5760320 | 238 | * |
| kenjiArai | 0:5b88d5760320 | 239 | * @param first_call is this a first call to Socket::connect() API. |
| kenjiArai | 1:9db0e321a9f4 | 240 | * @retval NSAPI_ERROR_OK if we happen to complete the request on the first call. |
| kenjiArai | 1:9db0e321a9f4 | 241 | * @retval NSAPI_ERROR_IN_PROGRESS if the first call did not complete the request. |
| kenjiArai | 1:9db0e321a9f4 | 242 | * @retval NSAPI_ERROR_NO_SOCKET in case the transport socket was not created correctly. |
| kenjiArai | 1:9db0e321a9f4 | 243 | * @retval NSAPI_ERROR_AUTH_FAILURE in case of tls-related authentication errors. |
| kenjiArai | 1:9db0e321a9f4 | 244 | * See @ref mbedtls_ctr_drbg_seed, @ref mbedtls_ssl_setup. @ref mbedtls_ssl_handshake. |
| kenjiArai | 0:5b88d5760320 | 245 | */ |
| kenjiArai | 0:5b88d5760320 | 246 | nsapi_error_t start_handshake(bool first_call); |
| kenjiArai | 0:5b88d5760320 | 247 | |
| kenjiArai | 0:5b88d5760320 | 248 | bool is_handshake_started() const; |
| kenjiArai | 0:5b88d5760320 | 249 | |
| kenjiArai | 0:5b88d5760320 | 250 | void event(); |
| kenjiArai | 0:5b88d5760320 | 251 | #endif |
| kenjiArai | 0:5b88d5760320 | 252 | |
| kenjiArai | 0:5b88d5760320 | 253 | |
| kenjiArai | 0:5b88d5760320 | 254 | |
| kenjiArai | 0:5b88d5760320 | 255 | private: |
| kenjiArai | 0:5b88d5760320 | 256 | /** Continue already initialized handshake */ |
| kenjiArai | 0:5b88d5760320 | 257 | nsapi_error_t continue_handshake(); |
| kenjiArai | 0:5b88d5760320 | 258 | /** |
| kenjiArai | 0:5b88d5760320 | 259 | * Helper for pretty-printing Mbed TLS error codes |
| kenjiArai | 0:5b88d5760320 | 260 | */ |
| kenjiArai | 0:5b88d5760320 | 261 | static void print_mbedtls_error(const char *name, int err); |
| kenjiArai | 0:5b88d5760320 | 262 | |
| kenjiArai | 0:5b88d5760320 | 263 | #if MBED_CONF_TLS_SOCKET_DEBUG_LEVEL > 0 |
| kenjiArai | 0:5b88d5760320 | 264 | /** |
| kenjiArai | 0:5b88d5760320 | 265 | * Debug callback for Mbed TLS |
| kenjiArai | 0:5b88d5760320 | 266 | * Just prints on the USB serial port |
| kenjiArai | 0:5b88d5760320 | 267 | */ |
| kenjiArai | 0:5b88d5760320 | 268 | static void my_debug(void *ctx, int level, const char *file, int line, |
| kenjiArai | 0:5b88d5760320 | 269 | const char *str); |
| kenjiArai | 0:5b88d5760320 | 270 | |
| kenjiArai | 0:5b88d5760320 | 271 | /** |
| kenjiArai | 0:5b88d5760320 | 272 | * Certificate verification callback for Mbed TLS |
| kenjiArai | 0:5b88d5760320 | 273 | * Here we only use it to display information on each cert in the chain |
| kenjiArai | 0:5b88d5760320 | 274 | */ |
| kenjiArai | 0:5b88d5760320 | 275 | static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags); |
| kenjiArai | 0:5b88d5760320 | 276 | |
| kenjiArai | 0:5b88d5760320 | 277 | #endif /* MBED_CONF_TLS_SOCKET_DEBUG_LEVEL > 0 */ |
| kenjiArai | 0:5b88d5760320 | 278 | |
| kenjiArai | 0:5b88d5760320 | 279 | /** |
| kenjiArai | 0:5b88d5760320 | 280 | * Receive callback for Mbed TLS |
| kenjiArai | 0:5b88d5760320 | 281 | */ |
| kenjiArai | 0:5b88d5760320 | 282 | static int ssl_recv(void *ctx, unsigned char *buf, size_t len); |
| kenjiArai | 0:5b88d5760320 | 283 | |
| kenjiArai | 0:5b88d5760320 | 284 | /** |
| kenjiArai | 0:5b88d5760320 | 285 | * Send callback for Mbed TLS |
| kenjiArai | 0:5b88d5760320 | 286 | */ |
| kenjiArai | 0:5b88d5760320 | 287 | static int ssl_send(void *ctx, const unsigned char *buf, size_t len); |
| kenjiArai | 0:5b88d5760320 | 288 | |
| kenjiArai | 0:5b88d5760320 | 289 | mbedtls_ssl_context _ssl; |
| kenjiArai | 0:5b88d5760320 | 290 | #ifdef MBEDTLS_X509_CRT_PARSE_C |
| kenjiArai | 0:5b88d5760320 | 291 | mbedtls_pk_context _pkctx; |
| kenjiArai | 0:5b88d5760320 | 292 | #endif |
| kenjiArai | 0:5b88d5760320 | 293 | mbedtls_ctr_drbg_context _ctr_drbg; |
| kenjiArai | 0:5b88d5760320 | 294 | mbedtls_entropy_context _entropy; |
| kenjiArai | 0:5b88d5760320 | 295 | |
| kenjiArai | 0:5b88d5760320 | 296 | rtos::EventFlags _event_flag; |
| kenjiArai | 0:5b88d5760320 | 297 | mbed::Callback<void()> _sigio; |
| kenjiArai | 0:5b88d5760320 | 298 | Socket *_transport; |
| kenjiArai | 0:5b88d5760320 | 299 | int _timeout; |
| kenjiArai | 0:5b88d5760320 | 300 | |
| kenjiArai | 0:5b88d5760320 | 301 | #ifdef MBEDTLS_X509_CRT_PARSE_C |
| kenjiArai | 0:5b88d5760320 | 302 | mbedtls_x509_crt *_cacert; |
| kenjiArai | 0:5b88d5760320 | 303 | mbedtls_x509_crt *_clicert; |
| kenjiArai | 0:5b88d5760320 | 304 | #endif |
| kenjiArai | 0:5b88d5760320 | 305 | mbedtls_ssl_config *_ssl_conf; |
| kenjiArai | 0:5b88d5760320 | 306 | |
| kenjiArai | 0:5b88d5760320 | 307 | bool _connect_transport: 1; |
| kenjiArai | 0:5b88d5760320 | 308 | bool _close_transport: 1; |
| kenjiArai | 0:5b88d5760320 | 309 | bool _tls_initialized: 1; |
| kenjiArai | 0:5b88d5760320 | 310 | bool _handshake_completed: 1; |
| kenjiArai | 0:5b88d5760320 | 311 | bool _cacert_allocated: 1; |
| kenjiArai | 0:5b88d5760320 | 312 | bool _clicert_allocated: 1; |
| kenjiArai | 0:5b88d5760320 | 313 | bool _ssl_conf_allocated: 1; |
| kenjiArai | 0:5b88d5760320 | 314 | |
| kenjiArai | 0:5b88d5760320 | 315 | }; |
| kenjiArai | 0:5b88d5760320 | 316 | |
| kenjiArai | 0:5b88d5760320 | 317 | #endif /* MBEDTLS_SSL_CLI_C */ |
| kenjiArai | 0:5b88d5760320 | 318 | #endif // _MBED_HTTPS_TLS_SOCKET_WRAPPER_H_ |
| kenjiArai | 0:5b88d5760320 | 319 | /** @} */ |