![](/media/cache/profiles/profile2.jpg.50x50_q85.jpg)
This software setup a central node of a star topology network
Dependencies: MQTT target_st_bluenrg
Fork of ble-star-mbed by
MQTTNetwork.h
- Committer:
- lorevee
- Date:
- 2018-04-04
- Revision:
- 5:5cfb069b2587
- Parent:
- 4:4af40af2530e
File content as of revision 5:5cfb069b2587:
#ifndef _MQTTNETWORK_H_ #define _MQTTNETWORK_H_ #include "NetworkInterface.h" #include "mbedtls/platform.h" #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/error.h" /* Change to a number between 1 and 4 to debug the TLS connection */ #define DEBUG_LEVEL 0 #if DEBUG_LEVEL > 0 #include "mbedtls/debug.h" #endif #define TLS_OFF 0 #define TLS_ON 1 /* personalization string for the drbg */ const char *DRBG_PERS = "mbed TLS Publisher for IBM Watson IoT"; /* List of trusted root CA certificates * currently only GlobalSign, the CA for os.mbed.com * * To add more than one root, just concatenate them. */ mbedtls_entropy_context _entropy; mbedtls_ctr_drbg_context _ctr_drbg; mbedtls_x509_crt _cacert; mbedtls_ssl_context _ssl; mbedtls_ssl_config _ssl_conf; class MQTTNetwork { public: MQTTNetwork(NetworkInterface *net_iface) : _network(net_iface) { _tcpsocket = new TCPSocket(); _tcpsocket->set_blocking(false); _is_tcpsocket_connected = 0; } ~MQTTNetwork() { if (_is_tcpsocket_connected && _tls) { mbedtls_ssl_session_reset( &_ssl ); mbedtls_entropy_free(&_entropy); mbedtls_ctr_drbg_free(&_ctr_drbg); mbedtls_x509_crt_free(&_cacert); mbedtls_ssl_free(&_ssl); mbedtls_ssl_config_free(&_ssl_conf); } _tcpsocket->close(); delete _tcpsocket; } int read(unsigned char* buffer, int len, int timeout) { size_t _bpos = 0; int offset = 0; int ret = 0; if (_tls) { //_tcpsocket->set_timeout(timeout); /* Read data out of the socket */ offset = 0; Countdown timer; timer.countdown_ms(timeout); do { ret = mbedtls_ssl_read(&_ssl, buffer + offset, len - offset ); if (ret > 0) offset += ret; if (offset == len) return offset; if (timer.expired()) return 0; } while (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE || ret == 0 ); if (ret == MBEDTLS_ERR_SSL_CLIENT_RECONNECT) { print_mbedtls_error("MBEDTLS_ERR_SSL_CLIENT_RECONNECT\n\r", ret); // int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ); _tcpsocket->close(); _is_tcpsocket_connected = 0; return ret; } if (ret < 0) { print_mbedtls_error("mbedtls_ssl_read", ret); _tcpsocket->close(); _is_tcpsocket_connected = 0; return ret; } return ret; } else { _tcpsocket->set_blocking(true); _tcpsocket->set_timeout(timeout); return _tcpsocket->recv(buffer, len); } } int write(unsigned char* buffer, int len, int timeout) { size_t _bpos = len; int offset = 0; int ret = 0; if (_tls) { do { ret = mbedtls_ssl_write(&_ssl, (const unsigned char *) buffer + offset, _bpos - offset); if (ret > 0) offset += ret; } while (offset < _bpos && (ret > 0 || ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE)); if (ret < 0) { print_mbedtls_error("mbedtls_ssl_write", ret); _tcpsocket->close(); _is_tcpsocket_connected = 0; return ret; } return ret; } else { _tcpsocket->set_blocking(true); _tcpsocket->set_timeout(timeout); return _tcpsocket->send(buffer, len); } } int connect(const char* hostname, int port, unsigned int tls=TLS_OFF, const char * cert=NULL, unsigned int sizeof_cert=0) { _tls = tls; if (tls == TLS_ON) { printf ("--->TLS is ON\n\r");}; if (tls == TLS_ON) { mbedtls_entropy_init(&_entropy); mbedtls_ctr_drbg_init(&_ctr_drbg); mbedtls_x509_crt_init(&_cacert); mbedtls_ssl_init(&_ssl); mbedtls_ssl_config_init(&_ssl_conf); /* * Initialize TLS-related stuf. */ int ret = 0; if ((ret = mbedtls_ctr_drbg_seed(&_ctr_drbg, mbedtls_entropy_func, &_entropy, (const unsigned char *) DRBG_PERS, sizeof (DRBG_PERS))) != 0) { print_mbedtls_error("mbedtls_crt_drbg_init", ret); return ret; } if ((ret = mbedtls_x509_crt_parse(&_cacert, (const unsigned char *) cert, sizeof_cert)) != 0) { print_mbedtls_error("mbedtls_x509_crt_parse", ret); return ret; } if ((ret = mbedtls_ssl_config_defaults(&_ssl_conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { print_mbedtls_error("mbedtls_ssl_config_defaults", ret); return ret; } mbedtls_ssl_conf_ca_chain(&_ssl_conf, &_cacert, NULL); mbedtls_ssl_conf_rng(&_ssl_conf, mbedtls_ctr_drbg_random, &_ctr_drbg); /* It is possible to disable authentication by passing * MBEDTLS_SSL_VERIFY_NONE in the call to mbedtls_ssl_conf_authmode() */ mbedtls_ssl_conf_authmode(&_ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED); #if DEBUG_LEVEL > 0 mbedtls_ssl_conf_verify(&_ssl_conf, my_verify, NULL); mbedtls_ssl_conf_dbg(&_ssl_conf, my_debug, NULL); mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif if ((ret = mbedtls_ssl_setup(&_ssl, &_ssl_conf)) != 0) { print_mbedtls_error("mbedtls_ssl_setup", ret); return ret; } mbedtls_ssl_set_hostname(&_ssl, hostname); mbedtls_ssl_set_bio(&_ssl, static_cast<void *>(_tcpsocket), ssl_send, ssl_recv, NULL ); /* Connect to the server */ _tcpsocket->open(_network); mbedtls_printf("Connecting with %s port: %d\n", hostname, port); ret = _tcpsocket->connect(hostname, port); if (ret != NSAPI_ERROR_OK) { mbedtls_printf("Failed to connect\n"); printf("MBED: Socket Error: %d\n", ret); _tcpsocket->close(); return ret; } printf ("--->TCP Connected\n\r"); _is_tcpsocket_connected = 1; /* Start the handshake, the rest will be done in onReceive() */ mbedtls_printf("Starting the TLS handshake...\n"); do { ret = mbedtls_ssl_handshake(&_ssl); } while (ret != 0 && (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE)); if (ret < 0) { print_mbedtls_error("mbedtls_ssl_handshake", ret); _tcpsocket->close(); return ret; } /* const uint32_t buf_size = 1024; char *buf = new char[buf_size]; mbedtls_x509_crt_info(buf, buf_size, "\r ", mbedtls_ssl_get_peer_cert(&_ssl)); mbedtls_printf("Server certificate:\n%s", buf); uint32_t flags = mbedtls_ssl_get_verify_result(&_ssl); if( flags != 0 ) { mbedtls_x509_crt_verify_info(buf, buf_size, "\r ! ", flags); printf("Certificate verification failed:\n%s\n", buf); } else printf("Certificate verification passed\n\n"); */ _is_tcpsocket_connected = 1; return ret; } else { // tls off printf ("\r\n--->TLS is OFF\n"); _tcpsocket->open(_network); int ret = _tcpsocket->connect(hostname, port); if (ret != NSAPI_ERROR_OK) { mbedtls_printf("\r\nFailed to connect\n"); printf("\r\nMBED: Socket Error: %d\n", ret); _tcpsocket->close(); return ret; } printf ("\r\n--->TCP Connected\n"); _is_tcpsocket_connected = 1; return ret; } } int disconnect() { if (_is_tcpsocket_connected && _tls == TLS_ON) { mbedtls_ssl_session_reset( &_ssl ); mbedtls_entropy_free(&_entropy); mbedtls_ctr_drbg_free(&_ctr_drbg); mbedtls_x509_crt_free(&_cacert); mbedtls_ssl_free(&_ssl); mbedtls_ssl_config_free(&_ssl_conf); } _is_tcpsocket_connected = 0; return _tcpsocket->close(); } bool isConnected () { return _is_tcpsocket_connected; } private: NetworkInterface* _network; unsigned int _is_tcpsocket_connected; protected: /** * Helper for pretty-printing mbed TLS error codes */ static void print_mbedtls_error(const char *name, int err) { char buf[128]; mbedtls_strerror(err, buf, sizeof (buf)); mbedtls_printf("%s() failed: -0x%04x (%d): %s\n", name, -err, err, buf); } #if DEBUG_LEVEL > 0 /** * Debug callback for Mbed TLS * Just prints on the USB serial port */ static void my_debug(void *ctx, int level, const char *file, int line, const char *str) { const char *p, *basename; (void) ctx; /* Extract basename from file */ for(p = basename = file; *p != '\0'; p++) { if(*p == '/' || *p == '\\') { basename = p + 1; } } mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str); } /** * Certificate verification callback for Mbed TLS * Here we only use it to display information on each cert in the chain */ static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags) { const uint32_t buf_size = 1024; char *buf = new char[buf_size]; (void) data; mbedtls_printf("\nVerifying certificate at depth %d:\n", depth); mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt); mbedtls_printf("%s", buf); if (*flags == 0) mbedtls_printf("No verification issue for this certificate\n"); else { mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags); mbedtls_printf("%s\n", buf); } delete[] buf; return 0; } #endif /** * Receive callback for Mbed TLS */ static int ssl_recv(void *ctx, unsigned char *buf, size_t len) { int recv = -1; TCPSocket *socket = static_cast<TCPSocket *>(ctx); recv = socket->recv(buf, len); if(NSAPI_ERROR_WOULD_BLOCK == recv){ return MBEDTLS_ERR_SSL_WANT_READ; }else if(recv < 0){ mbedtls_printf("Socket recv error %d\n", recv); return -1; }else{ return recv; } } /** * Send callback for Mbed TLS */ static int ssl_send(void *ctx, const unsigned char *buf, size_t len) { int size = -1; TCPSocket *socket = static_cast<TCPSocket *>(ctx); size = socket->send(buf, len); if(NSAPI_ERROR_WOULD_BLOCK == size){ return MBEDTLS_ERR_SSL_WANT_WRITE; }else if(size < 0){ mbedtls_printf("Socket send error %d\n", size); return -1; }else{ return size; } } TCPSocket* _tcpsocket; volatile bool _disconnected; unsigned int _tls; }; #endif // _MQTTNETWORK_H_