m2mconnectionsecuritypimpl.h

00001 /*
00002  * Copyright (c) 2015 - 2017 ARM Limited. All rights reserved.
00003  * SPDX-License-Identifier: Apache-2.0
00004  * Licensed under the Apache License, Version 2.0 (the License); you may
00005  * not use this file except in compliance with the License.
00006  * You may obtain a copy of the License at
00007  *
00008  * http://www.apache.org/licenses/LICENSE-2.0
00009  *
00010  * Unless required by applicable law or agreed to in writing, software
00011  * distributed under the License is distributed on an AS IS BASIS, WITHOUT
00012  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00013  * See the License for the specific language governing permissions and
00014  * limitations under the License.
00015  */
00016 
00017 #ifndef __M2M_CONNECTION_SECURITY_PIMPL_H__
00018 #define __M2M_CONNECTION_SECURITY_PIMPL_H__
00019 
00020 #include "mbed-client/m2mconnectionsecurity.h"
00021 #include "mbed-client/m2mtimerobserver.h"
00022 #include "mbed-client/m2mconstants.h"
00023 #include "mbed-client/m2msecurity.h"
00024 #include "mbed-client/m2mconfig.h"
00025 
00026 #include "pal.h"
00027 
00028 #include <time.h>
00029 
00030 /**
00031  * @brief The M2MConnectionSecurityPimpl class
00032  */
00033 class M2MConnectionSecurityPimpl{
00034 
00035 private:
00036 
00037     enum{
00038         INIT_NOT_STARTED = 0,
00039         INIT_CONFIGURING,
00040         INIT_DONE
00041     };
00042 
00043     // Prevents the use of assignment operator by accident.
00044     M2MConnectionSecurityPimpl& operator=( const M2MConnectionSecurityPimpl& /*other*/ );
00045     // Prevents the use of copy constructor by accident
00046     M2MConnectionSecurityPimpl( const M2MConnectionSecurityPimpl& /*other*/ );
00047 
00048 public:
00049 
00050     /**
00051      * @brief Constructor
00052      */
00053     M2MConnectionSecurityPimpl(M2MConnectionSecurity::SecurityMode mode);
00054 
00055     /**
00056     * @brief Destructor
00057     */
00058     virtual ~M2MConnectionSecurityPimpl();
00059 
00060     /**
00061      * \brief Resets the socket connection states.
00062      */
00063     void reset();
00064 
00065     /**
00066      * \brief Initiatlizes the socket connection states.
00067      */
00068     int init(const M2MSecurity *security, uint16_t security_instance_id);
00069 
00070     /**
00071      * \brief Connects the client to the server.
00072      * \param connHandler The ConnectionHandler object that maintains the socket.
00073      * \return Returns the state of the connection. Successful or not.
00074      *         If 2MConnectionHandler::CONNECTION_ERROR_WANTS_READ is returned
00075      *         this function must be called again later to continue the handshake.
00076      */
00077     int connect(M2MConnectionHandler* connHandler);
00078 
00079     /**
00080      * \brief Sends data to the server.
00081      * \param message The data to be sent.
00082      * \param len The length of the data.
00083      * @return Indicates whether the data is sent successfully or not.
00084      */
00085     int send_message(unsigned char *message, int len);
00086 
00087     /**
00088      * \brief Reads the data received from the server.
00089      * \param message The data to be read.
00090      * \param len The length of the data.
00091      * \return Indicates whether the data is read successfully or not.
00092      */
00093     int read(unsigned char* buffer, uint16_t len);
00094 
00095     /**
00096      * This function is no longer used.
00097      */
00098     void set_random_number_callback(random_number_cb callback);
00099 
00100     /**
00101      * \brief Sets the function callback that will be called by mbed-client for
00102      * providing entropy source from application for ensuring strong entropy.
00103      * \param entropy_callback A function pointer that will be called by mbed-client
00104      * while performing secure handshake.
00105      * Function signature , if using mbed-client-mbedtls should be
00106      * int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output,
00107      *                                     size_t len, size_t *olen);
00108      *
00109      * NOTE: This function is only used if MBED_CLOUD_CLIENT_CUSTOM_MBEDTLS_ENTROPY is defined
00110      *       and mbed TLS is used.
00111      */
00112     void set_entropy_callback(entropy_cb callback);
00113 
00114     /**
00115      * \brief Set socket information for this secure connection.
00116      * \param socket Socket used with this TLS session.
00117      * \param address Pointer to the address of the server.
00118      * \return Indicates whether the data is read successfully or not.
00119      */
00120     void set_socket(palSocket_t socket, palSocketAddress_t *address);
00121 
00122 private:
00123 
00124     int start_handshake();
00125 
00126     /**
00127     *  \brief Returns certificate expiration time in epoch format.
00128     *  \param certificate, The certificate to be extracted.
00129     *  \param cert_len, Length of the certificate.
00130     *  \return epoch time or 0 if failure.
00131     */
00132     uint32_t certificate_expiration_time(const unsigned char *certificate, const uint32_t cert_len);
00133 
00134     /**
00135     *  \brief Returns certificate validFrom time in epoch format.
00136     *  \param certificate, The certificate to be extracted.
00137     *  \param cert_len, Length of the certificate.
00138     *  \return epoch time or 0 if failure.
00139     */
00140     uint32_t certificate_validfrom_time(const unsigned char *certificate, const uint32_t cert_len);
00141 
00142 private:
00143 
00144     uint8_t                             _init_done;
00145     palTLSConfHandle_t                  _conf;
00146     palTLSHandle_t                      _ssl;
00147     M2MConnectionSecurity::SecurityMode _sec_mode;
00148     palTLSSocket_t                      _tls_socket;
00149     entropy_cb                          _entropy;
00150 
00151     friend class Test_M2MConnectionSecurityPimpl;
00152 };
00153 
00154 #endif //__M2M_CONNECTION_SECURITY_PIMPL_H__