mbed client lightswitch demo
Dependencies: mbed Socket lwip-eth lwip-sys lwip
Fork of mbed-client-classic-example-lwip by
mbed-client-mbedtls/source/m2mconnectionsecuritypimpl.cpp@11:cada08fc8a70, 2016-06-09 (annotated)
- Committer:
- mbedAustin
- Date:
- Thu Jun 09 17:08:36 2016 +0000
- Revision:
- 11:cada08fc8a70
Commit for public Consumption
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
mbedAustin | 11:cada08fc8a70 | 1 | /* |
mbedAustin | 11:cada08fc8a70 | 2 | * Copyright (c) 2015 ARM Limited. All rights reserved. |
mbedAustin | 11:cada08fc8a70 | 3 | * SPDX-License-Identifier: Apache-2.0 |
mbedAustin | 11:cada08fc8a70 | 4 | * Licensed under the Apache License, Version 2.0 (the License); you may |
mbedAustin | 11:cada08fc8a70 | 5 | * not use this file except in compliance with the License. |
mbedAustin | 11:cada08fc8a70 | 6 | * You may obtain a copy of the License at |
mbedAustin | 11:cada08fc8a70 | 7 | * |
mbedAustin | 11:cada08fc8a70 | 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
mbedAustin | 11:cada08fc8a70 | 9 | * |
mbedAustin | 11:cada08fc8a70 | 10 | * Unless required by applicable law or agreed to in writing, software |
mbedAustin | 11:cada08fc8a70 | 11 | * distributed under the License is distributed on an AS IS BASIS, WITHOUT |
mbedAustin | 11:cada08fc8a70 | 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
mbedAustin | 11:cada08fc8a70 | 13 | * See the License for the specific language governing permissions and |
mbedAustin | 11:cada08fc8a70 | 14 | * limitations under the License. |
mbedAustin | 11:cada08fc8a70 | 15 | */ |
mbedAustin | 11:cada08fc8a70 | 16 | |
mbedAustin | 11:cada08fc8a70 | 17 | #include "mbed-client/m2mconnectionhandler.h" |
mbedAustin | 11:cada08fc8a70 | 18 | #include "mbed-client-mbedtls/m2mconnectionsecuritypimpl.h" |
mbedAustin | 11:cada08fc8a70 | 19 | #include "mbed-client/m2mtimer.h" |
mbedAustin | 11:cada08fc8a70 | 20 | #include "mbed-client/m2msecurity.h" |
mbedAustin | 11:cada08fc8a70 | 21 | #include <string.h> |
mbedAustin | 11:cada08fc8a70 | 22 | |
mbedAustin | 11:cada08fc8a70 | 23 | void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ); |
mbedAustin | 11:cada08fc8a70 | 24 | int mbedtls_timing_get_delay( void *data ); |
mbedAustin | 11:cada08fc8a70 | 25 | int entropy_poll( void *data, unsigned char *output, size_t len, size_t *olen ); |
mbedAustin | 11:cada08fc8a70 | 26 | //Point these back to M2MConnectionHandler!!! |
mbedAustin | 11:cada08fc8a70 | 27 | int f_send( void *ctx, const unsigned char *buf, size_t len ); |
mbedAustin | 11:cada08fc8a70 | 28 | int f_recv(void *ctx, unsigned char *buf, size_t len); |
mbedAustin | 11:cada08fc8a70 | 29 | int f_recv_timeout(void *ctx, unsigned char *buf, size_t len, uint32_t some); |
mbedAustin | 11:cada08fc8a70 | 30 | |
mbedAustin | 11:cada08fc8a70 | 31 | bool cancelled; |
mbedAustin | 11:cada08fc8a70 | 32 | |
mbedAustin | 11:cada08fc8a70 | 33 | M2MConnectionSecurityPimpl::M2MConnectionSecurityPimpl(M2MConnectionSecurity::SecurityMode mode) |
mbedAustin | 11:cada08fc8a70 | 34 | : _flags(0), |
mbedAustin | 11:cada08fc8a70 | 35 | _sec_mode(mode), |
mbedAustin | 11:cada08fc8a70 | 36 | _is_blocking(false) |
mbedAustin | 11:cada08fc8a70 | 37 | { |
mbedAustin | 11:cada08fc8a70 | 38 | _init_done = false; |
mbedAustin | 11:cada08fc8a70 | 39 | cancelled = true; |
mbedAustin | 11:cada08fc8a70 | 40 | _timmer = new M2MTimer(*this); |
mbedAustin | 11:cada08fc8a70 | 41 | mbedtls_ssl_init( &_ssl ); |
mbedAustin | 11:cada08fc8a70 | 42 | mbedtls_ssl_config_init( &_conf ); |
mbedAustin | 11:cada08fc8a70 | 43 | mbedtls_x509_crt_init( &_cacert ); |
mbedAustin | 11:cada08fc8a70 | 44 | mbedtls_x509_crt_init(&_owncert); |
mbedAustin | 11:cada08fc8a70 | 45 | mbedtls_pk_init(&_pkey); |
mbedAustin | 11:cada08fc8a70 | 46 | mbedtls_ctr_drbg_init( &_ctr_drbg ); |
mbedAustin | 11:cada08fc8a70 | 47 | mbedtls_entropy_init( &_entropy ); |
mbedAustin | 11:cada08fc8a70 | 48 | } |
mbedAustin | 11:cada08fc8a70 | 49 | |
mbedAustin | 11:cada08fc8a70 | 50 | M2MConnectionSecurityPimpl::~M2MConnectionSecurityPimpl(){ |
mbedAustin | 11:cada08fc8a70 | 51 | mbedtls_ssl_config_free(&_conf); |
mbedAustin | 11:cada08fc8a70 | 52 | mbedtls_ssl_free(&_ssl); |
mbedAustin | 11:cada08fc8a70 | 53 | mbedtls_x509_crt_free(&_cacert); |
mbedAustin | 11:cada08fc8a70 | 54 | mbedtls_x509_crt_free(&_owncert); |
mbedAustin | 11:cada08fc8a70 | 55 | mbedtls_pk_free(&_pkey); |
mbedAustin | 11:cada08fc8a70 | 56 | mbedtls_ctr_drbg_free( &_ctr_drbg ); |
mbedAustin | 11:cada08fc8a70 | 57 | mbedtls_entropy_free( &_entropy ); |
mbedAustin | 11:cada08fc8a70 | 58 | delete _timmer; |
mbedAustin | 11:cada08fc8a70 | 59 | } |
mbedAustin | 11:cada08fc8a70 | 60 | |
mbedAustin | 11:cada08fc8a70 | 61 | void M2MConnectionSecurityPimpl::timer_expired(M2MTimerObserver::Type type){ |
mbedAustin | 11:cada08fc8a70 | 62 | if(type == M2MTimerObserver::Dtls && !cancelled && !_is_blocking){ |
mbedAustin | 11:cada08fc8a70 | 63 | int error = continue_connecting(); |
mbedAustin | 11:cada08fc8a70 | 64 | if(MBEDTLS_ERR_SSL_TIMEOUT == error) { |
mbedAustin | 11:cada08fc8a70 | 65 | if(_ssl.p_bio) { |
mbedAustin | 11:cada08fc8a70 | 66 | M2MConnectionHandler* ptr = (M2MConnectionHandler*)_ssl.p_bio; |
mbedAustin | 11:cada08fc8a70 | 67 | ptr->handle_connection_error(4); |
mbedAustin | 11:cada08fc8a70 | 68 | } |
mbedAustin | 11:cada08fc8a70 | 69 | } |
mbedAustin | 11:cada08fc8a70 | 70 | } else { |
mbedAustin | 11:cada08fc8a70 | 71 | if(_ssl.p_bio) { |
mbedAustin | 11:cada08fc8a70 | 72 | M2MConnectionHandler* ptr = (M2MConnectionHandler*)_ssl.p_bio; |
mbedAustin | 11:cada08fc8a70 | 73 | ptr->handle_connection_error(4); |
mbedAustin | 11:cada08fc8a70 | 74 | } |
mbedAustin | 11:cada08fc8a70 | 75 | } |
mbedAustin | 11:cada08fc8a70 | 76 | } |
mbedAustin | 11:cada08fc8a70 | 77 | |
mbedAustin | 11:cada08fc8a70 | 78 | void M2MConnectionSecurityPimpl::reset(){ |
mbedAustin | 11:cada08fc8a70 | 79 | _init_done = false; |
mbedAustin | 11:cada08fc8a70 | 80 | cancelled = true; |
mbedAustin | 11:cada08fc8a70 | 81 | mbedtls_ssl_config_free(&_conf); |
mbedAustin | 11:cada08fc8a70 | 82 | mbedtls_ssl_free(&_ssl); |
mbedAustin | 11:cada08fc8a70 | 83 | mbedtls_x509_crt_free(&_cacert); |
mbedAustin | 11:cada08fc8a70 | 84 | mbedtls_x509_crt_free(&_owncert); |
mbedAustin | 11:cada08fc8a70 | 85 | mbedtls_pk_free(&_pkey); |
mbedAustin | 11:cada08fc8a70 | 86 | mbedtls_ctr_drbg_free( &_ctr_drbg ); |
mbedAustin | 11:cada08fc8a70 | 87 | mbedtls_entropy_free( &_entropy ); |
mbedAustin | 11:cada08fc8a70 | 88 | _timmer->stop_timer(); |
mbedAustin | 11:cada08fc8a70 | 89 | } |
mbedAustin | 11:cada08fc8a70 | 90 | |
mbedAustin | 11:cada08fc8a70 | 91 | int M2MConnectionSecurityPimpl::init(const M2MSecurity *security){ |
mbedAustin | 11:cada08fc8a70 | 92 | int ret=-1; |
mbedAustin | 11:cada08fc8a70 | 93 | if( security != NULL ){ |
mbedAustin | 11:cada08fc8a70 | 94 | const char *pers = "dtls_client"; |
mbedAustin | 11:cada08fc8a70 | 95 | mbedtls_ssl_init( &_ssl ); |
mbedAustin | 11:cada08fc8a70 | 96 | mbedtls_ssl_config_init( &_conf ); |
mbedAustin | 11:cada08fc8a70 | 97 | mbedtls_x509_crt_init( &_cacert ); |
mbedAustin | 11:cada08fc8a70 | 98 | mbedtls_x509_crt_init(&_owncert); |
mbedAustin | 11:cada08fc8a70 | 99 | mbedtls_pk_init(&_pkey); |
mbedAustin | 11:cada08fc8a70 | 100 | mbedtls_ctr_drbg_init( &_ctr_drbg ); |
mbedAustin | 11:cada08fc8a70 | 101 | |
mbedAustin | 11:cada08fc8a70 | 102 | mbedtls_entropy_init( &_entropy ); |
mbedAustin | 11:cada08fc8a70 | 103 | |
mbedAustin | 11:cada08fc8a70 | 104 | uint8_t *serPub = 0; |
mbedAustin | 11:cada08fc8a70 | 105 | uint32_t serPubSize = security->resource_value_buffer(M2MSecurity::ServerPublicKey, serPub); |
mbedAustin | 11:cada08fc8a70 | 106 | |
mbedAustin | 11:cada08fc8a70 | 107 | uint8_t *pubCert = 0; |
mbedAustin | 11:cada08fc8a70 | 108 | uint32_t pubCertSize = security->resource_value_buffer(M2MSecurity::PublicKey, pubCert); |
mbedAustin | 11:cada08fc8a70 | 109 | |
mbedAustin | 11:cada08fc8a70 | 110 | uint8_t *secKey = 0; |
mbedAustin | 11:cada08fc8a70 | 111 | uint32_t secKeySize = security->resource_value_buffer(M2MSecurity::Secretkey, secKey); |
mbedAustin | 11:cada08fc8a70 | 112 | |
mbedAustin | 11:cada08fc8a70 | 113 | |
mbedAustin | 11:cada08fc8a70 | 114 | if( serPub == NULL || pubCert == NULL || secKey == NULL || |
mbedAustin | 11:cada08fc8a70 | 115 | serPubSize == 0 || pubCertSize == 0 || secKeySize == 0 ){ |
mbedAustin | 11:cada08fc8a70 | 116 | return -1; |
mbedAustin | 11:cada08fc8a70 | 117 | } |
mbedAustin | 11:cada08fc8a70 | 118 | |
mbedAustin | 11:cada08fc8a70 | 119 | |
mbedAustin | 11:cada08fc8a70 | 120 | if( mbedtls_entropy_add_source( &_entropy, entropy_poll, NULL, |
mbedAustin | 11:cada08fc8a70 | 121 | 128, 0 ) < 0 ){ |
mbedAustin | 11:cada08fc8a70 | 122 | free(serPub); |
mbedAustin | 11:cada08fc8a70 | 123 | free(pubCert); |
mbedAustin | 11:cada08fc8a70 | 124 | free(secKey); |
mbedAustin | 11:cada08fc8a70 | 125 | return -1; |
mbedAustin | 11:cada08fc8a70 | 126 | } |
mbedAustin | 11:cada08fc8a70 | 127 | |
mbedAustin | 11:cada08fc8a70 | 128 | if( ( ret = mbedtls_ctr_drbg_seed( &_ctr_drbg, mbedtls_entropy_func, &_entropy, |
mbedAustin | 11:cada08fc8a70 | 129 | (const unsigned char *) pers, |
mbedAustin | 11:cada08fc8a70 | 130 | strlen( pers ) ) ) != 0 ) |
mbedAustin | 11:cada08fc8a70 | 131 | { |
mbedAustin | 11:cada08fc8a70 | 132 | free(serPub); |
mbedAustin | 11:cada08fc8a70 | 133 | free(pubCert); |
mbedAustin | 11:cada08fc8a70 | 134 | free(secKey); |
mbedAustin | 11:cada08fc8a70 | 135 | return -1; |
mbedAustin | 11:cada08fc8a70 | 136 | } |
mbedAustin | 11:cada08fc8a70 | 137 | |
mbedAustin | 11:cada08fc8a70 | 138 | int mode = MBEDTLS_SSL_TRANSPORT_DATAGRAM; |
mbedAustin | 11:cada08fc8a70 | 139 | if( _sec_mode == M2MConnectionSecurity::TLS ){ |
mbedAustin | 11:cada08fc8a70 | 140 | mode = MBEDTLS_SSL_TRANSPORT_STREAM; |
mbedAustin | 11:cada08fc8a70 | 141 | } |
mbedAustin | 11:cada08fc8a70 | 142 | |
mbedAustin | 11:cada08fc8a70 | 143 | if( ( ret = mbedtls_ssl_config_defaults( &_conf, |
mbedAustin | 11:cada08fc8a70 | 144 | MBEDTLS_SSL_IS_CLIENT, |
mbedAustin | 11:cada08fc8a70 | 145 | mode, 0 ) ) != 0 ) |
mbedAustin | 11:cada08fc8a70 | 146 | { |
mbedAustin | 11:cada08fc8a70 | 147 | free(serPub); |
mbedAustin | 11:cada08fc8a70 | 148 | free(pubCert); |
mbedAustin | 11:cada08fc8a70 | 149 | free(secKey); |
mbedAustin | 11:cada08fc8a70 | 150 | return -1; |
mbedAustin | 11:cada08fc8a70 | 151 | } |
mbedAustin | 11:cada08fc8a70 | 152 | |
mbedAustin | 11:cada08fc8a70 | 153 | if( security->resource_value_int(M2MSecurity::SecurityMode) == M2MSecurity::Certificate ){ |
mbedAustin | 11:cada08fc8a70 | 154 | |
mbedAustin | 11:cada08fc8a70 | 155 | ret = mbedtls_x509_crt_parse( &_cacert, (const unsigned char *) serPub, |
mbedAustin | 11:cada08fc8a70 | 156 | serPubSize ); |
mbedAustin | 11:cada08fc8a70 | 157 | if( ret < 0 ) |
mbedAustin | 11:cada08fc8a70 | 158 | { |
mbedAustin | 11:cada08fc8a70 | 159 | free(serPub); |
mbedAustin | 11:cada08fc8a70 | 160 | free(pubCert); |
mbedAustin | 11:cada08fc8a70 | 161 | free(secKey); |
mbedAustin | 11:cada08fc8a70 | 162 | return -1; |
mbedAustin | 11:cada08fc8a70 | 163 | } |
mbedAustin | 11:cada08fc8a70 | 164 | |
mbedAustin | 11:cada08fc8a70 | 165 | ret = mbedtls_x509_crt_parse( &_owncert, (const unsigned char *) pubCert, |
mbedAustin | 11:cada08fc8a70 | 166 | pubCertSize ); |
mbedAustin | 11:cada08fc8a70 | 167 | if( ret < 0 ) |
mbedAustin | 11:cada08fc8a70 | 168 | { |
mbedAustin | 11:cada08fc8a70 | 169 | |
mbedAustin | 11:cada08fc8a70 | 170 | free(serPub); |
mbedAustin | 11:cada08fc8a70 | 171 | free(pubCert); |
mbedAustin | 11:cada08fc8a70 | 172 | free(secKey); |
mbedAustin | 11:cada08fc8a70 | 173 | return -1; |
mbedAustin | 11:cada08fc8a70 | 174 | } |
mbedAustin | 11:cada08fc8a70 | 175 | |
mbedAustin | 11:cada08fc8a70 | 176 | ret = mbedtls_pk_parse_key(&_pkey, (const unsigned char *) secKey, secKeySize, NULL, 0); |
mbedAustin | 11:cada08fc8a70 | 177 | free(serPub); |
mbedAustin | 11:cada08fc8a70 | 178 | free(pubCert); |
mbedAustin | 11:cada08fc8a70 | 179 | free(secKey); |
mbedAustin | 11:cada08fc8a70 | 180 | |
mbedAustin | 11:cada08fc8a70 | 181 | if( ret < 0 ) |
mbedAustin | 11:cada08fc8a70 | 182 | { |
mbedAustin | 11:cada08fc8a70 | 183 | return -1; |
mbedAustin | 11:cada08fc8a70 | 184 | } |
mbedAustin | 11:cada08fc8a70 | 185 | |
mbedAustin | 11:cada08fc8a70 | 186 | mbedtls_ssl_conf_own_cert(&_conf, &_owncert, &_pkey); |
mbedAustin | 11:cada08fc8a70 | 187 | //TODO: use MBEDTLS_SSL_VERIFY_REQUIRED instead of optional |
mbedAustin | 11:cada08fc8a70 | 188 | //MBEDTLS_SSL_VERIFY_NONE to test without verification (was MBEDTLS_SSL_VERIFY_OPTIONAL) |
mbedAustin | 11:cada08fc8a70 | 189 | mbedtls_ssl_conf_authmode( &_conf, MBEDTLS_SSL_VERIFY_NONE ); |
mbedAustin | 11:cada08fc8a70 | 190 | mbedtls_ssl_conf_ca_chain( &_conf, &_cacert, NULL ); |
mbedAustin | 11:cada08fc8a70 | 191 | }else if(security->resource_value_int(M2MSecurity::SecurityMode) == M2MSecurity::Psk ){ |
mbedAustin | 11:cada08fc8a70 | 192 | ret = mbedtls_ssl_conf_psk(&_conf, secKey, secKeySize, pubCert, pubCertSize); |
mbedAustin | 11:cada08fc8a70 | 193 | mbedtls_ssl_conf_ciphersuites(&_conf, PSK_SUITES); |
mbedAustin | 11:cada08fc8a70 | 194 | free(serPub); |
mbedAustin | 11:cada08fc8a70 | 195 | free(pubCert); |
mbedAustin | 11:cada08fc8a70 | 196 | free(secKey); |
mbedAustin | 11:cada08fc8a70 | 197 | }else{ |
mbedAustin | 11:cada08fc8a70 | 198 | free(serPub); |
mbedAustin | 11:cada08fc8a70 | 199 | free(pubCert); |
mbedAustin | 11:cada08fc8a70 | 200 | free(secKey); |
mbedAustin | 11:cada08fc8a70 | 201 | } |
mbedAustin | 11:cada08fc8a70 | 202 | |
mbedAustin | 11:cada08fc8a70 | 203 | if( ret >= 0 ){ |
mbedAustin | 11:cada08fc8a70 | 204 | _init_done = true; |
mbedAustin | 11:cada08fc8a70 | 205 | } |
mbedAustin | 11:cada08fc8a70 | 206 | } |
mbedAustin | 11:cada08fc8a70 | 207 | |
mbedAustin | 11:cada08fc8a70 | 208 | return ret; |
mbedAustin | 11:cada08fc8a70 | 209 | } |
mbedAustin | 11:cada08fc8a70 | 210 | |
mbedAustin | 11:cada08fc8a70 | 211 | int M2MConnectionSecurityPimpl::connect(M2MConnectionHandler* connHandler){ |
mbedAustin | 11:cada08fc8a70 | 212 | int ret=-1; |
mbedAustin | 11:cada08fc8a70 | 213 | if(!_init_done){ |
mbedAustin | 11:cada08fc8a70 | 214 | return ret; |
mbedAustin | 11:cada08fc8a70 | 215 | } |
mbedAustin | 11:cada08fc8a70 | 216 | |
mbedAustin | 11:cada08fc8a70 | 217 | _is_blocking = true; |
mbedAustin | 11:cada08fc8a70 | 218 | |
mbedAustin | 11:cada08fc8a70 | 219 | // This is for blocking sockets timeout happens once at 60 seconds |
mbedAustin | 11:cada08fc8a70 | 220 | mbedtls_ssl_conf_handshake_timeout( &_conf, 60000, 61000 ); |
mbedAustin | 11:cada08fc8a70 | 221 | mbedtls_ssl_conf_rng( &_conf, mbedtls_ctr_drbg_random, &_ctr_drbg ); |
mbedAustin | 11:cada08fc8a70 | 222 | |
mbedAustin | 11:cada08fc8a70 | 223 | if( ( ret = mbedtls_ssl_setup( &_ssl, &_conf ) ) != 0 ) |
mbedAustin | 11:cada08fc8a70 | 224 | { |
mbedAustin | 11:cada08fc8a70 | 225 | return -1; |
mbedAustin | 11:cada08fc8a70 | 226 | } |
mbedAustin | 11:cada08fc8a70 | 227 | |
mbedAustin | 11:cada08fc8a70 | 228 | //TODO: check is this needed |
mbedAustin | 11:cada08fc8a70 | 229 | // if( ( ret = mbedtls_ssl_set_hostname( &_ssl, "linux-secure-endpoint" ) ) != 0 ) |
mbedAustin | 11:cada08fc8a70 | 230 | // { |
mbedAustin | 11:cada08fc8a70 | 231 | // return -1; |
mbedAustin | 11:cada08fc8a70 | 232 | // } |
mbedAustin | 11:cada08fc8a70 | 233 | |
mbedAustin | 11:cada08fc8a70 | 234 | mbedtls_ssl_set_bio( &_ssl, connHandler, |
mbedAustin | 11:cada08fc8a70 | 235 | f_send, f_recv, f_recv_timeout ); |
mbedAustin | 11:cada08fc8a70 | 236 | |
mbedAustin | 11:cada08fc8a70 | 237 | mbedtls_ssl_set_timer_cb( &_ssl, _timmer, mbedtls_timing_set_delay, |
mbedAustin | 11:cada08fc8a70 | 238 | mbedtls_timing_get_delay ); |
mbedAustin | 11:cada08fc8a70 | 239 | |
mbedAustin | 11:cada08fc8a70 | 240 | do ret = mbedtls_ssl_handshake( &_ssl ); |
mbedAustin | 11:cada08fc8a70 | 241 | while( ret == MBEDTLS_ERR_SSL_WANT_READ || |
mbedAustin | 11:cada08fc8a70 | 242 | ret == MBEDTLS_ERR_SSL_WANT_WRITE ); |
mbedAustin | 11:cada08fc8a70 | 243 | |
mbedAustin | 11:cada08fc8a70 | 244 | if( ret != 0 ) |
mbedAustin | 11:cada08fc8a70 | 245 | { |
mbedAustin | 11:cada08fc8a70 | 246 | ret = -1; |
mbedAustin | 11:cada08fc8a70 | 247 | }else{ |
mbedAustin | 11:cada08fc8a70 | 248 | if( ( _flags = mbedtls_ssl_get_verify_result( &_ssl ) ) != 0 ) |
mbedAustin | 11:cada08fc8a70 | 249 | { |
mbedAustin | 11:cada08fc8a70 | 250 | ret = -1; |
mbedAustin | 11:cada08fc8a70 | 251 | } |
mbedAustin | 11:cada08fc8a70 | 252 | } |
mbedAustin | 11:cada08fc8a70 | 253 | return ret; |
mbedAustin | 11:cada08fc8a70 | 254 | } |
mbedAustin | 11:cada08fc8a70 | 255 | |
mbedAustin | 11:cada08fc8a70 | 256 | int M2MConnectionSecurityPimpl::start_connecting_non_blocking(M2MConnectionHandler* connHandler) |
mbedAustin | 11:cada08fc8a70 | 257 | { |
mbedAustin | 11:cada08fc8a70 | 258 | int ret=-1; |
mbedAustin | 11:cada08fc8a70 | 259 | if(!_init_done){ |
mbedAustin | 11:cada08fc8a70 | 260 | return ret; |
mbedAustin | 11:cada08fc8a70 | 261 | } |
mbedAustin | 11:cada08fc8a70 | 262 | |
mbedAustin | 11:cada08fc8a70 | 263 | _is_blocking = false; |
mbedAustin | 11:cada08fc8a70 | 264 | int mode = MBEDTLS_SSL_TRANSPORT_DATAGRAM; |
mbedAustin | 11:cada08fc8a70 | 265 | if( _sec_mode == M2MConnectionSecurity::TLS ){ |
mbedAustin | 11:cada08fc8a70 | 266 | mode = MBEDTLS_SSL_TRANSPORT_STREAM; |
mbedAustin | 11:cada08fc8a70 | 267 | } |
mbedAustin | 11:cada08fc8a70 | 268 | |
mbedAustin | 11:cada08fc8a70 | 269 | if( ( ret = mbedtls_ssl_config_defaults( &_conf, |
mbedAustin | 11:cada08fc8a70 | 270 | MBEDTLS_SSL_IS_CLIENT, |
mbedAustin | 11:cada08fc8a70 | 271 | mode, 0 ) ) != 0 ) |
mbedAustin | 11:cada08fc8a70 | 272 | { |
mbedAustin | 11:cada08fc8a70 | 273 | return -1; |
mbedAustin | 11:cada08fc8a70 | 274 | } |
mbedAustin | 11:cada08fc8a70 | 275 | |
mbedAustin | 11:cada08fc8a70 | 276 | // This is for non-blocking sockets total timeout is 1+2+4+8+16+29=60 seconds |
mbedAustin | 11:cada08fc8a70 | 277 | mbedtls_ssl_conf_handshake_timeout( &_conf, 10000, 29000 ); |
mbedAustin | 11:cada08fc8a70 | 278 | mbedtls_ssl_conf_rng( &_conf, mbedtls_ctr_drbg_random, &_ctr_drbg ); |
mbedAustin | 11:cada08fc8a70 | 279 | |
mbedAustin | 11:cada08fc8a70 | 280 | if( ( ret = mbedtls_ssl_setup( &_ssl, &_conf ) ) != 0 ) |
mbedAustin | 11:cada08fc8a70 | 281 | { |
mbedAustin | 11:cada08fc8a70 | 282 | return -1; |
mbedAustin | 11:cada08fc8a70 | 283 | } |
mbedAustin | 11:cada08fc8a70 | 284 | |
mbedAustin | 11:cada08fc8a70 | 285 | mbedtls_ssl_set_bio( &_ssl, connHandler, |
mbedAustin | 11:cada08fc8a70 | 286 | f_send, f_recv, f_recv_timeout ); |
mbedAustin | 11:cada08fc8a70 | 287 | |
mbedAustin | 11:cada08fc8a70 | 288 | mbedtls_ssl_set_timer_cb( &_ssl, _timmer, mbedtls_timing_set_delay, |
mbedAustin | 11:cada08fc8a70 | 289 | mbedtls_timing_get_delay ); |
mbedAustin | 11:cada08fc8a70 | 290 | |
mbedAustin | 11:cada08fc8a70 | 291 | ret = mbedtls_ssl_handshake_step( &_ssl ); |
mbedAustin | 11:cada08fc8a70 | 292 | if( ret == 0 ){ |
mbedAustin | 11:cada08fc8a70 | 293 | ret = mbedtls_ssl_handshake_step( &_ssl ); |
mbedAustin | 11:cada08fc8a70 | 294 | } |
mbedAustin | 11:cada08fc8a70 | 295 | |
mbedAustin | 11:cada08fc8a70 | 296 | if( ret >= 0){ |
mbedAustin | 11:cada08fc8a70 | 297 | ret = 1; |
mbedAustin | 11:cada08fc8a70 | 298 | }else |
mbedAustin | 11:cada08fc8a70 | 299 | { |
mbedAustin | 11:cada08fc8a70 | 300 | ret = -1; |
mbedAustin | 11:cada08fc8a70 | 301 | } |
mbedAustin | 11:cada08fc8a70 | 302 | return ret; |
mbedAustin | 11:cada08fc8a70 | 303 | } |
mbedAustin | 11:cada08fc8a70 | 304 | |
mbedAustin | 11:cada08fc8a70 | 305 | int M2MConnectionSecurityPimpl::continue_connecting() |
mbedAustin | 11:cada08fc8a70 | 306 | { |
mbedAustin | 11:cada08fc8a70 | 307 | int ret=-1; |
mbedAustin | 11:cada08fc8a70 | 308 | while( ret != M2MConnectionHandler::CONNECTION_ERROR_WANTS_READ){ |
mbedAustin | 11:cada08fc8a70 | 309 | ret = mbedtls_ssl_handshake_step( &_ssl ); |
mbedAustin | 11:cada08fc8a70 | 310 | if( MBEDTLS_ERR_SSL_WANT_READ == ret ){ |
mbedAustin | 11:cada08fc8a70 | 311 | ret = M2MConnectionHandler::CONNECTION_ERROR_WANTS_READ; |
mbedAustin | 11:cada08fc8a70 | 312 | } |
mbedAustin | 11:cada08fc8a70 | 313 | if(MBEDTLS_ERR_SSL_TIMEOUT == ret || |
mbedAustin | 11:cada08fc8a70 | 314 | MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO == ret || |
mbedAustin | 11:cada08fc8a70 | 315 | MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE == ret || |
mbedAustin | 11:cada08fc8a70 | 316 | MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST == ret || |
mbedAustin | 11:cada08fc8a70 | 317 | MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE == ret || |
mbedAustin | 11:cada08fc8a70 | 318 | MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE == ret || |
mbedAustin | 11:cada08fc8a70 | 319 | MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC == ret || |
mbedAustin | 11:cada08fc8a70 | 320 | MBEDTLS_ERR_SSL_BAD_HS_FINISHED == ret) { |
mbedAustin | 11:cada08fc8a70 | 321 | return MBEDTLS_ERR_SSL_TIMEOUT; |
mbedAustin | 11:cada08fc8a70 | 322 | } |
mbedAustin | 11:cada08fc8a70 | 323 | if( _ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER ){ |
mbedAustin | 11:cada08fc8a70 | 324 | return 0; |
mbedAustin | 11:cada08fc8a70 | 325 | } |
mbedAustin | 11:cada08fc8a70 | 326 | } |
mbedAustin | 11:cada08fc8a70 | 327 | return ret; |
mbedAustin | 11:cada08fc8a70 | 328 | } |
mbedAustin | 11:cada08fc8a70 | 329 | |
mbedAustin | 11:cada08fc8a70 | 330 | int M2MConnectionSecurityPimpl::send_message(unsigned char *message, int len){ |
mbedAustin | 11:cada08fc8a70 | 331 | int ret=-1; |
mbedAustin | 11:cada08fc8a70 | 332 | if(!_init_done){ |
mbedAustin | 11:cada08fc8a70 | 333 | return ret; |
mbedAustin | 11:cada08fc8a70 | 334 | } |
mbedAustin | 11:cada08fc8a70 | 335 | |
mbedAustin | 11:cada08fc8a70 | 336 | do ret = mbedtls_ssl_write( &_ssl, (unsigned char *) message, len ); |
mbedAustin | 11:cada08fc8a70 | 337 | while( ret == MBEDTLS_ERR_SSL_WANT_READ || |
mbedAustin | 11:cada08fc8a70 | 338 | ret == MBEDTLS_ERR_SSL_WANT_WRITE ); |
mbedAustin | 11:cada08fc8a70 | 339 | |
mbedAustin | 11:cada08fc8a70 | 340 | return ret; //bytes written |
mbedAustin | 11:cada08fc8a70 | 341 | } |
mbedAustin | 11:cada08fc8a70 | 342 | |
mbedAustin | 11:cada08fc8a70 | 343 | int M2MConnectionSecurityPimpl::read(unsigned char* buffer, uint16_t len){ |
mbedAustin | 11:cada08fc8a70 | 344 | int ret=-1; |
mbedAustin | 11:cada08fc8a70 | 345 | if(!_init_done){ |
mbedAustin | 11:cada08fc8a70 | 346 | return 0; |
mbedAustin | 11:cada08fc8a70 | 347 | } |
mbedAustin | 11:cada08fc8a70 | 348 | |
mbedAustin | 11:cada08fc8a70 | 349 | memset( buffer, 0, len ); |
mbedAustin | 11:cada08fc8a70 | 350 | do ret = mbedtls_ssl_read( &_ssl, buffer, len-1 ); |
mbedAustin | 11:cada08fc8a70 | 351 | while( ret == MBEDTLS_ERR_SSL_WANT_READ || |
mbedAustin | 11:cada08fc8a70 | 352 | ret == MBEDTLS_ERR_SSL_WANT_WRITE ); |
mbedAustin | 11:cada08fc8a70 | 353 | |
mbedAustin | 11:cada08fc8a70 | 354 | return ret; //bytes read |
mbedAustin | 11:cada08fc8a70 | 355 | } |
mbedAustin | 11:cada08fc8a70 | 356 | |
mbedAustin | 11:cada08fc8a70 | 357 | int f_send( void *ctx, const unsigned char *buf, size_t len){ |
mbedAustin | 11:cada08fc8a70 | 358 | M2MConnectionHandler* handler = ((M2MConnectionHandler *) ctx); |
mbedAustin | 11:cada08fc8a70 | 359 | return handler->send_to_socket(buf, len); |
mbedAustin | 11:cada08fc8a70 | 360 | } |
mbedAustin | 11:cada08fc8a70 | 361 | |
mbedAustin | 11:cada08fc8a70 | 362 | int f_recv(void *ctx, unsigned char *buf, size_t len){ |
mbedAustin | 11:cada08fc8a70 | 363 | M2MConnectionHandler* handler = ((M2MConnectionHandler *) ctx); |
mbedAustin | 11:cada08fc8a70 | 364 | return handler->receive_from_socket(buf, len); |
mbedAustin | 11:cada08fc8a70 | 365 | } |
mbedAustin | 11:cada08fc8a70 | 366 | |
mbedAustin | 11:cada08fc8a70 | 367 | int f_recv_timeout(void *ctx, unsigned char *buf, size_t len, uint32_t /*some*/){ |
mbedAustin | 11:cada08fc8a70 | 368 | return f_recv(ctx, buf, len); |
mbedAustin | 11:cada08fc8a70 | 369 | } |
mbedAustin | 11:cada08fc8a70 | 370 | |
mbedAustin | 11:cada08fc8a70 | 371 | int entropy_poll( void *, unsigned char *output, size_t len, |
mbedAustin | 11:cada08fc8a70 | 372 | size_t *olen ) |
mbedAustin | 11:cada08fc8a70 | 373 | { |
mbedAustin | 11:cada08fc8a70 | 374 | srand(time(NULL)); |
mbedAustin | 11:cada08fc8a70 | 375 | char *c = (char*)malloc(len); |
mbedAustin | 11:cada08fc8a70 | 376 | memset(c, 0, len); |
mbedAustin | 11:cada08fc8a70 | 377 | for(uint16_t i=0; i < len; i++){ |
mbedAustin | 11:cada08fc8a70 | 378 | c[i] = rand() % 256; |
mbedAustin | 11:cada08fc8a70 | 379 | } |
mbedAustin | 11:cada08fc8a70 | 380 | memmove(output, c, len); |
mbedAustin | 11:cada08fc8a70 | 381 | *olen = len; |
mbedAustin | 11:cada08fc8a70 | 382 | |
mbedAustin | 11:cada08fc8a70 | 383 | free(c); |
mbedAustin | 11:cada08fc8a70 | 384 | return( 0 ); |
mbedAustin | 11:cada08fc8a70 | 385 | } |
mbedAustin | 11:cada08fc8a70 | 386 | |
mbedAustin | 11:cada08fc8a70 | 387 | void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ){ |
mbedAustin | 11:cada08fc8a70 | 388 | M2MTimer* timer = (M2MTimer*) data; |
mbedAustin | 11:cada08fc8a70 | 389 | if(!timer) { |
mbedAustin | 11:cada08fc8a70 | 390 | return; |
mbedAustin | 11:cada08fc8a70 | 391 | } |
mbedAustin | 11:cada08fc8a70 | 392 | if( int_ms > 0 && fin_ms > 0 ){ |
mbedAustin | 11:cada08fc8a70 | 393 | cancelled = false; |
mbedAustin | 11:cada08fc8a70 | 394 | timer->start_dtls_timer(int_ms, fin_ms); |
mbedAustin | 11:cada08fc8a70 | 395 | }else{ |
mbedAustin | 11:cada08fc8a70 | 396 | cancelled = true; |
mbedAustin | 11:cada08fc8a70 | 397 | timer->stop_timer(); |
mbedAustin | 11:cada08fc8a70 | 398 | } |
mbedAustin | 11:cada08fc8a70 | 399 | } |
mbedAustin | 11:cada08fc8a70 | 400 | |
mbedAustin | 11:cada08fc8a70 | 401 | int mbedtls_timing_get_delay( void *data ){ |
mbedAustin | 11:cada08fc8a70 | 402 | M2MTimer* timer = (M2MTimer*) data; |
mbedAustin | 11:cada08fc8a70 | 403 | if(!timer){ |
mbedAustin | 11:cada08fc8a70 | 404 | return 0; |
mbedAustin | 11:cada08fc8a70 | 405 | } |
mbedAustin | 11:cada08fc8a70 | 406 | if(true == cancelled) { |
mbedAustin | 11:cada08fc8a70 | 407 | return -1; |
mbedAustin | 11:cada08fc8a70 | 408 | } else if( timer->is_total_interval_passed() ){ |
mbedAustin | 11:cada08fc8a70 | 409 | return 2; |
mbedAustin | 11:cada08fc8a70 | 410 | }else if( timer->is_intermediate_interval_passed() ){ |
mbedAustin | 11:cada08fc8a70 | 411 | return 1; |
mbedAustin | 11:cada08fc8a70 | 412 | }else{ |
mbedAustin | 11:cada08fc8a70 | 413 | return 0; |
mbedAustin | 11:cada08fc8a70 | 414 | } |
mbedAustin | 11:cada08fc8a70 | 415 | } |