Ram Gandikota / Mbed OS ABCD

A metronome using the FRDM K64F board

mbed-client/mbed-client-mbed-tls/source/m2mconnectionsecuritypimpl.cpp@0:a7a43371b306, 2017-05-14 (annotated)

Committer:
ram54288
Date:
Sun May 14 18:40:18 2017 +0000
Revision:
0:a7a43371b306
Initial commit

Who changed what in which revision?

UserRevisionLine numberNew contents of line
ram54288 0:a7a43371b306 1 /*
ram54288 0:a7a43371b306 2 * Copyright (c) 2015 ARM Limited. All rights reserved.
ram54288 0:a7a43371b306 3 * SPDX-License-Identifier: Apache-2.0
ram54288 0:a7a43371b306 4 * Licensed under the Apache License, Version 2.0 (the License); you may
ram54288 0:a7a43371b306 5 * not use this file except in compliance with the License.
ram54288 0:a7a43371b306 6 * You may obtain a copy of the License at
ram54288 0:a7a43371b306 7 *
ram54288 0:a7a43371b306 8 * http://www.apache.org/licenses/LICENSE-2.0
ram54288 0:a7a43371b306 9 *
ram54288 0:a7a43371b306 10 * Unless required by applicable law or agreed to in writing, software
ram54288 0:a7a43371b306 11 * distributed under the License is distributed on an AS IS BASIS, WITHOUT
ram54288 0:a7a43371b306 12 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
ram54288 0:a7a43371b306 13 * See the License for the specific language governing permissions and
ram54288 0:a7a43371b306 14 * limitations under the License.
ram54288 0:a7a43371b306 15 */
ram54288 0:a7a43371b306 16
ram54288 0:a7a43371b306 17 #include "mbed-client/m2mconnectionhandler.h"
ram54288 0:a7a43371b306 18 #include "mbed-client-mbedtls/m2mconnectionsecuritypimpl.h"
ram54288 0:a7a43371b306 19 #include "mbed-client/m2mtimer.h"
ram54288 0:a7a43371b306 20 #include "mbed-client/m2msecurity.h"
ram54288 0:a7a43371b306 21 #include "mbed-trace/mbed_trace.h"
ram54288 0:a7a43371b306 22 #include "mbedtls/debug.h"
ram54288 0:a7a43371b306 23 #include <string.h>
ram54288 0:a7a43371b306 24
ram54288 0:a7a43371b306 25 #define TRACE_GROUP "mClt"
ram54288 0:a7a43371b306 26
ram54288 0:a7a43371b306 27 void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
ram54288 0:a7a43371b306 28 int mbedtls_timing_get_delay( void *data );
ram54288 0:a7a43371b306 29 int entropy_poll( void *data, unsigned char *output, size_t len, size_t *olen );
ram54288 0:a7a43371b306 30 //Point these back to M2MConnectionHandler!!!
ram54288 0:a7a43371b306 31 int f_send( void *ctx, const unsigned char *buf, size_t len );
ram54288 0:a7a43371b306 32 int f_recv(void *ctx, unsigned char *buf, size_t len);
ram54288 0:a7a43371b306 33 int f_recv_timeout(void *ctx, unsigned char *buf, size_t len, uint32_t some);
ram54288 0:a7a43371b306 34
ram54288 0:a7a43371b306 35 bool cancelled;
ram54288 0:a7a43371b306 36 random_number_cb __random_number_callback;
ram54288 0:a7a43371b306 37 entropy_cb __entropy_callback;
ram54288 0:a7a43371b306 38
ram54288 0:a7a43371b306 39 //Comment out following define to enable tracing from mbedtls
ram54288 0:a7a43371b306 40 //#define ENABLE_MBED_CLIENT_MBED_TLS_DEBUGS
ram54288 0:a7a43371b306 41 #ifdef ENABLE_MBED_CLIENT_MBED_TLS_DEBUGS
ram54288 0:a7a43371b306 42 static void mbedtls_debug( void *ctx, int level,
ram54288 0:a7a43371b306 43 const char *file, int line, const char *str )
ram54288 0:a7a43371b306 44 {
ram54288 0:a7a43371b306 45 ((void) level);
ram54288 0:a7a43371b306 46 tr_debug("%s", str);
ram54288 0:a7a43371b306 47 }
ram54288 0:a7a43371b306 48
ram54288 0:a7a43371b306 49 static int verify_cert_chains(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags)
ram54288 0:a7a43371b306 50 {
ram54288 0:a7a43371b306 51 char buf[1024];
ram54288 0:a7a43371b306 52 (void) data;
ram54288 0:a7a43371b306 53
ram54288 0:a7a43371b306 54 printf("\nVerifying certificate at depth %d:\n", depth);
ram54288 0:a7a43371b306 55 mbedtls_x509_crt_info(buf, sizeof (buf) - 1, " ", crt);
ram54288 0:a7a43371b306 56 printf("%s", buf);
ram54288 0:a7a43371b306 57
ram54288 0:a7a43371b306 58 if (*flags == 0)
ram54288 0:a7a43371b306 59 printf("No verification issue for this certificate\n");
ram54288 0:a7a43371b306 60 else
ram54288 0:a7a43371b306 61 {
ram54288 0:a7a43371b306 62 mbedtls_x509_crt_verify_info(buf, sizeof (buf), " ! ", *flags);
ram54288 0:a7a43371b306 63 printf("%s\n", buf);
ram54288 0:a7a43371b306 64 }
ram54288 0:a7a43371b306 65
ram54288 0:a7a43371b306 66 return 0;
ram54288 0:a7a43371b306 67 }
ram54288 0:a7a43371b306 68 #endif
ram54288 0:a7a43371b306 69
ram54288 0:a7a43371b306 70 M2MConnectionSecurityPimpl::M2MConnectionSecurityPimpl(M2MConnectionSecurity::SecurityMode mode)
ram54288 0:a7a43371b306 71 : _flags(0),
ram54288 0:a7a43371b306 72 _sec_mode(mode)
ram54288 0:a7a43371b306 73 {
ram54288 0:a7a43371b306 74 _init_done = false;
ram54288 0:a7a43371b306 75 cancelled = true;
ram54288 0:a7a43371b306 76 _timer = new M2MTimer(*this);
ram54288 0:a7a43371b306 77 mbedtls_ssl_init( &_ssl );
ram54288 0:a7a43371b306 78 mbedtls_ssl_config_init( &_conf );
ram54288 0:a7a43371b306 79 mbedtls_x509_crt_init( &_cacert );
ram54288 0:a7a43371b306 80 mbedtls_x509_crt_init(&_owncert);
ram54288 0:a7a43371b306 81 mbedtls_pk_init(&_pkey);
ram54288 0:a7a43371b306 82 mbedtls_ctr_drbg_init( &_ctr_drbg );
ram54288 0:a7a43371b306 83 mbedtls_entropy_init( &_entropy );
ram54288 0:a7a43371b306 84 }
ram54288 0:a7a43371b306 85
ram54288 0:a7a43371b306 86 M2MConnectionSecurityPimpl::~M2MConnectionSecurityPimpl(){
ram54288 0:a7a43371b306 87 mbedtls_ssl_config_free(&_conf);
ram54288 0:a7a43371b306 88 mbedtls_ssl_free(&_ssl);
ram54288 0:a7a43371b306 89 mbedtls_x509_crt_free(&_cacert);
ram54288 0:a7a43371b306 90 mbedtls_x509_crt_free(&_owncert);
ram54288 0:a7a43371b306 91 mbedtls_pk_free(&_pkey);
ram54288 0:a7a43371b306 92 mbedtls_ctr_drbg_free( &_ctr_drbg );
ram54288 0:a7a43371b306 93 mbedtls_entropy_free( &_entropy );
ram54288 0:a7a43371b306 94 delete _timer;
ram54288 0:a7a43371b306 95 }
ram54288 0:a7a43371b306 96
ram54288 0:a7a43371b306 97 void M2MConnectionSecurityPimpl::timer_expired(M2MTimerObserver::Type type){
ram54288 0:a7a43371b306 98 tr_debug("M2MConnectionSecurityPimpl::timer_expired");
ram54288 0:a7a43371b306 99 if(type == M2MTimerObserver::Dtls && !cancelled){
ram54288 0:a7a43371b306 100 int error = continue_connecting();
ram54288 0:a7a43371b306 101 if(MBEDTLS_ERR_SSL_TIMEOUT == error || error == -1) {
ram54288 0:a7a43371b306 102 tr_error("M2MConnectionSecurityPimpl::timer_expired - handshake timeout");
ram54288 0:a7a43371b306 103 if(_ssl.p_bio) {
ram54288 0:a7a43371b306 104 M2MConnectionHandler* ptr = (M2MConnectionHandler*)_ssl.p_bio;
ram54288 0:a7a43371b306 105 ptr->handle_connection_error(M2MConnectionHandler::SSL_HANDSHAKE_ERROR);
ram54288 0:a7a43371b306 106 }
ram54288 0:a7a43371b306 107 reset();
ram54288 0:a7a43371b306 108 }
ram54288 0:a7a43371b306 109 }
ram54288 0:a7a43371b306 110 }
ram54288 0:a7a43371b306 111
ram54288 0:a7a43371b306 112 void M2MConnectionSecurityPimpl::reset(){
ram54288 0:a7a43371b306 113 _init_done = false;
ram54288 0:a7a43371b306 114 cancelled = true;
ram54288 0:a7a43371b306 115 mbedtls_ssl_config_free(&_conf);
ram54288 0:a7a43371b306 116 mbedtls_ssl_free(&_ssl);
ram54288 0:a7a43371b306 117 mbedtls_x509_crt_free(&_cacert);
ram54288 0:a7a43371b306 118 mbedtls_x509_crt_free(&_owncert);
ram54288 0:a7a43371b306 119 mbedtls_pk_free(&_pkey);
ram54288 0:a7a43371b306 120 mbedtls_ctr_drbg_free( &_ctr_drbg );
ram54288 0:a7a43371b306 121 mbedtls_entropy_free( &_entropy );
ram54288 0:a7a43371b306 122 _timer->stop_timer();
ram54288 0:a7a43371b306 123 }
ram54288 0:a7a43371b306 124
ram54288 0:a7a43371b306 125 int M2MConnectionSecurityPimpl::init(const M2MSecurity *security)
ram54288 0:a7a43371b306 126 {
ram54288 0:a7a43371b306 127 tr_debug("M2MConnectionSecurityPimpl::init");
ram54288 0:a7a43371b306 128 int ret = -1;
ram54288 0:a7a43371b306 129 if (security != NULL) {
ram54288 0:a7a43371b306 130 const char *pers = "dtls_client";
ram54288 0:a7a43371b306 131 mbedtls_ssl_init( &_ssl );
ram54288 0:a7a43371b306 132 mbedtls_ssl_config_init( &_conf );
ram54288 0:a7a43371b306 133 mbedtls_x509_crt_init( &_cacert );
ram54288 0:a7a43371b306 134 mbedtls_x509_crt_init(&_owncert);
ram54288 0:a7a43371b306 135 mbedtls_pk_init(&_pkey);
ram54288 0:a7a43371b306 136 mbedtls_ctr_drbg_init( &_ctr_drbg );
ram54288 0:a7a43371b306 137 mbedtls_entropy_init( &_entropy );
ram54288 0:a7a43371b306 138
ram54288 0:a7a43371b306 139 int mode = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
ram54288 0:a7a43371b306 140 if( _sec_mode == M2MConnectionSecurity::TLS ){
ram54288 0:a7a43371b306 141 mode = MBEDTLS_SSL_TRANSPORT_STREAM;
ram54288 0:a7a43371b306 142 }
ram54288 0:a7a43371b306 143
ram54288 0:a7a43371b306 144 if( mbedtls_entropy_add_source( &_entropy, entropy_poll, NULL,
ram54288 0:a7a43371b306 145 128, 0 ) < 0 ){
ram54288 0:a7a43371b306 146 return -1;
ram54288 0:a7a43371b306 147 }
ram54288 0:a7a43371b306 148 if(__entropy_callback.entropy_source_ptr) {
ram54288 0:a7a43371b306 149 if( mbedtls_entropy_add_source( &_entropy, __entropy_callback.entropy_source_ptr,
ram54288 0:a7a43371b306 150 __entropy_callback.p_source,__entropy_callback.threshold,
ram54288 0:a7a43371b306 151 __entropy_callback.strong ) < 0 ){
ram54288 0:a7a43371b306 152 return -1;
ram54288 0:a7a43371b306 153 }
ram54288 0:a7a43371b306 154 }
ram54288 0:a7a43371b306 155
ram54288 0:a7a43371b306 156 if( mbedtls_ctr_drbg_seed( &_ctr_drbg, mbedtls_entropy_func, &_entropy,
ram54288 0:a7a43371b306 157 (const unsigned char *) pers,
ram54288 0:a7a43371b306 158 strlen( pers ) ) != 0 ) {
ram54288 0:a7a43371b306 159 return -1;
ram54288 0:a7a43371b306 160 }
ram54288 0:a7a43371b306 161
ram54288 0:a7a43371b306 162 if( mbedtls_ssl_config_defaults( &_conf,
ram54288 0:a7a43371b306 163 MBEDTLS_SSL_IS_CLIENT,
ram54288 0:a7a43371b306 164 mode, 0 ) != 0 ) {
ram54288 0:a7a43371b306 165 return -1;
ram54288 0:a7a43371b306 166 }
ram54288 0:a7a43371b306 167
ram54288 0:a7a43371b306 168 M2MSecurity::SecurityModeType cert_mode =
ram54288 0:a7a43371b306 169 (M2MSecurity::SecurityModeType)security->resource_value_int(M2MSecurity::SecurityMode);
ram54288 0:a7a43371b306 170
ram54288 0:a7a43371b306 171 // Note: these are relatively large buffers, no point to make copy of them here as mbedtls will make a copy of them.
ram54288 0:a7a43371b306 172 const uint8_t *srv_public_key = NULL;
ram54288 0:a7a43371b306 173 const uint8_t *public_key = NULL;
ram54288 0:a7a43371b306 174 const uint8_t *sec_key = NULL;
ram54288 0:a7a43371b306 175
ram54288 0:a7a43371b306 176 uint32_t srv_public_key_size = security->resource_value_buffer(M2MSecurity::ServerPublicKey, srv_public_key);
ram54288 0:a7a43371b306 177 uint32_t public_key_size = security->resource_value_buffer(M2MSecurity::PublicKey, public_key);
ram54288 0:a7a43371b306 178 uint32_t sec_key_size = security->resource_value_buffer(M2MSecurity::Secretkey, sec_key);
ram54288 0:a7a43371b306 179 if( srv_public_key == NULL || public_key == NULL || sec_key == NULL ||
ram54288 0:a7a43371b306 180 srv_public_key_size == 0 || public_key_size == 0 || sec_key_size == 0 ){
ram54288 0:a7a43371b306 181 return -1;
ram54288 0:a7a43371b306 182 }
ram54288 0:a7a43371b306 183
ram54288 0:a7a43371b306 184 if( cert_mode == M2MSecurity::Certificate ){
ram54288 0:a7a43371b306 185 if ( mbedtls_x509_crt_parse( &_cacert, (const unsigned char *) srv_public_key,
ram54288 0:a7a43371b306 186 srv_public_key_size + 1) < 0 ||
ram54288 0:a7a43371b306 187 mbedtls_x509_crt_parse( &_owncert, (const unsigned char *) public_key,
ram54288 0:a7a43371b306 188 public_key_size + 1) < 0 ||
ram54288 0:a7a43371b306 189 mbedtls_pk_parse_key(&_pkey, (const unsigned char *) sec_key,
ram54288 0:a7a43371b306 190 sec_key_size + 1, NULL, 0 ) < 0 ) {
ram54288 0:a7a43371b306 191 ret = -1;
ram54288 0:a7a43371b306 192 } else {
ram54288 0:a7a43371b306 193 ret = 0;
ram54288 0:a7a43371b306 194 }
ram54288 0:a7a43371b306 195
ram54288 0:a7a43371b306 196 if ( ret == 0 ) {
ram54288 0:a7a43371b306 197 mbedtls_ssl_conf_own_cert(&_conf, &_owncert, &_pkey);
ram54288 0:a7a43371b306 198 mbedtls_ssl_conf_authmode( &_conf, MBEDTLS_SSL_VERIFY_REQUIRED );
ram54288 0:a7a43371b306 199 mbedtls_ssl_conf_ca_chain( &_conf, &_cacert, NULL );
ram54288 0:a7a43371b306 200 }
ram54288 0:a7a43371b306 201
ram54288 0:a7a43371b306 202 } else if ( cert_mode == M2MSecurity::Psk ){
ram54288 0:a7a43371b306 203 if (mbedtls_ssl_conf_psk(&_conf, sec_key, sec_key_size, public_key, public_key_size) == 0) {
ram54288 0:a7a43371b306 204 ret = 0;
ram54288 0:a7a43371b306 205 }
ram54288 0:a7a43371b306 206 mbedtls_ssl_conf_ciphersuites(&_conf, PSK_SUITES);
ram54288 0:a7a43371b306 207 } else {
ram54288 0:a7a43371b306 208 ret = -1;
ram54288 0:a7a43371b306 209 }
ram54288 0:a7a43371b306 210
ram54288 0:a7a43371b306 211 #ifdef ENABLE_MBED_CLIENT_MBED_TLS_DEBUGS
ram54288 0:a7a43371b306 212 mbedtls_ssl_conf_dbg( &_conf, mbedtls_debug, stdout );
ram54288 0:a7a43371b306 213 mbedtls_debug_set_threshold(5);
ram54288 0:a7a43371b306 214 mbedtls_ssl_conf_verify(&_conf, verify_cert_chains, NULL);
ram54288 0:a7a43371b306 215 #endif
ram54288 0:a7a43371b306 216 }
ram54288 0:a7a43371b306 217
ram54288 0:a7a43371b306 218 if( ret == 0 ){
ram54288 0:a7a43371b306 219 _init_done = true;
ram54288 0:a7a43371b306 220 }
ram54288 0:a7a43371b306 221 tr_debug("M2MConnectionSecurityPimpl::init - ret %d", ret);
ram54288 0:a7a43371b306 222 return ret;
ram54288 0:a7a43371b306 223 }
ram54288 0:a7a43371b306 224
ram54288 0:a7a43371b306 225
ram54288 0:a7a43371b306 226 int M2MConnectionSecurityPimpl::start_handshake(){
ram54288 0:a7a43371b306 227 tr_debug("M2MConnectionSecurityPimpl::start_handshake");
ram54288 0:a7a43371b306 228 int ret = -1;
ram54288 0:a7a43371b306 229 do
ram54288 0:a7a43371b306 230 {
ram54288 0:a7a43371b306 231 ret = mbedtls_ssl_handshake( &_ssl );
ram54288 0:a7a43371b306 232 }
ram54288 0:a7a43371b306 233 while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ram54288 0:a7a43371b306 234 ret == MBEDTLS_ERR_SSL_WANT_WRITE);
ram54288 0:a7a43371b306 235
ram54288 0:a7a43371b306 236 if( ret != 0 ) {
ram54288 0:a7a43371b306 237 ret = -1;
ram54288 0:a7a43371b306 238 }else {
ram54288 0:a7a43371b306 239 if( ( _flags = mbedtls_ssl_get_verify_result( &_ssl ) ) != 0 ) {
ram54288 0:a7a43371b306 240 ret = -1;
ram54288 0:a7a43371b306 241 }
ram54288 0:a7a43371b306 242 }
ram54288 0:a7a43371b306 243 tr_debug("M2MConnectionSecurityPimpl::start_handshake - OUT");
ram54288 0:a7a43371b306 244 return ret;
ram54288 0:a7a43371b306 245 }
ram54288 0:a7a43371b306 246
ram54288 0:a7a43371b306 247 int M2MConnectionSecurityPimpl::connect(M2MConnectionHandler* connHandler){
ram54288 0:a7a43371b306 248
ram54288 0:a7a43371b306 249 tr_debug("M2MConnectionSecurityPimpl::connect");
ram54288 0:a7a43371b306 250 int ret=-1;
ram54288 0:a7a43371b306 251 if(!_init_done){
ram54288 0:a7a43371b306 252 return ret;
ram54288 0:a7a43371b306 253 }
ram54288 0:a7a43371b306 254
ram54288 0:a7a43371b306 255 mbedtls_ssl_conf_rng( &_conf, mbedtls_ctr_drbg_random, &_ctr_drbg );
ram54288 0:a7a43371b306 256
ram54288 0:a7a43371b306 257 if( ( ret = mbedtls_ssl_setup( &_ssl, &_conf ) ) != 0 ) {
ram54288 0:a7a43371b306 258 return -1;
ram54288 0:a7a43371b306 259 }
ram54288 0:a7a43371b306 260
ram54288 0:a7a43371b306 261 mbedtls_ssl_set_bio( &_ssl, connHandler,
ram54288 0:a7a43371b306 262 f_send, f_recv, f_recv_timeout );
ram54288 0:a7a43371b306 263
ram54288 0:a7a43371b306 264 mbedtls_ssl_set_timer_cb( &_ssl, _timer, mbedtls_timing_set_delay,
ram54288 0:a7a43371b306 265 mbedtls_timing_get_delay );
ram54288 0:a7a43371b306 266
ram54288 0:a7a43371b306 267 ret = start_handshake();
ram54288 0:a7a43371b306 268 _timer->stop_timer();
ram54288 0:a7a43371b306 269 tr_debug("M2MConnectionSecurityPimpl::connect - handshake ret: %d, ssl state: %d", ret, _ssl.state);
ram54288 0:a7a43371b306 270 return ret;
ram54288 0:a7a43371b306 271 }
ram54288 0:a7a43371b306 272
ram54288 0:a7a43371b306 273 int M2MConnectionSecurityPimpl::start_connecting_non_blocking(M2MConnectionHandler* connHandler)
ram54288 0:a7a43371b306 274 {
ram54288 0:a7a43371b306 275 tr_debug("M2MConnectionSecurityPimpl::start_connecting_non_blocking");
ram54288 0:a7a43371b306 276 int ret=-1;
ram54288 0:a7a43371b306 277 if(!_init_done){
ram54288 0:a7a43371b306 278 return ret;
ram54288 0:a7a43371b306 279 }
ram54288 0:a7a43371b306 280
ram54288 0:a7a43371b306 281 int mode = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
ram54288 0:a7a43371b306 282 if( _sec_mode == M2MConnectionSecurity::TLS ){
ram54288 0:a7a43371b306 283 mode = MBEDTLS_SSL_TRANSPORT_STREAM;
ram54288 0:a7a43371b306 284 }
ram54288 0:a7a43371b306 285
ram54288 0:a7a43371b306 286 if( ( ret = mbedtls_ssl_config_defaults( &_conf,
ram54288 0:a7a43371b306 287 MBEDTLS_SSL_IS_CLIENT,
ram54288 0:a7a43371b306 288 mode, 0 ) ) != 0 )
ram54288 0:a7a43371b306 289 {
ram54288 0:a7a43371b306 290 return -1;
ram54288 0:a7a43371b306 291 }
ram54288 0:a7a43371b306 292
ram54288 0:a7a43371b306 293 // This is for non-blocking sockets total timeout is 1+2+4+8+16+29=60 seconds
ram54288 0:a7a43371b306 294 mbedtls_ssl_conf_handshake_timeout( &_conf, 10000, 29000 );
ram54288 0:a7a43371b306 295 mbedtls_ssl_conf_rng( &_conf, mbedtls_ctr_drbg_random, &_ctr_drbg );
ram54288 0:a7a43371b306 296
ram54288 0:a7a43371b306 297 if( ( ret = mbedtls_ssl_setup( &_ssl, &_conf ) ) != 0 )
ram54288 0:a7a43371b306 298 {
ram54288 0:a7a43371b306 299 return -1;
ram54288 0:a7a43371b306 300 }
ram54288 0:a7a43371b306 301
ram54288 0:a7a43371b306 302 mbedtls_ssl_set_bio( &_ssl, connHandler,
ram54288 0:a7a43371b306 303 f_send, f_recv, f_recv_timeout );
ram54288 0:a7a43371b306 304
ram54288 0:a7a43371b306 305 mbedtls_ssl_set_timer_cb( &_ssl, _timer, mbedtls_timing_set_delay,
ram54288 0:a7a43371b306 306 mbedtls_timing_get_delay );
ram54288 0:a7a43371b306 307
ram54288 0:a7a43371b306 308 ret = mbedtls_ssl_handshake_step( &_ssl );
ram54288 0:a7a43371b306 309 if( ret == 0 ){
ram54288 0:a7a43371b306 310 ret = mbedtls_ssl_handshake_step( &_ssl );
ram54288 0:a7a43371b306 311 }
ram54288 0:a7a43371b306 312
ram54288 0:a7a43371b306 313 if( ret >= 0){
ram54288 0:a7a43371b306 314 ret = 1;
ram54288 0:a7a43371b306 315 } else {
ram54288 0:a7a43371b306 316 ret = -1;
ram54288 0:a7a43371b306 317 }
ram54288 0:a7a43371b306 318 tr_debug("M2MConnectionSecurityPimpl::start_connecting_non_blocking - handshake ret: %d, ssl state: %d", ret, _ssl.state);
ram54288 0:a7a43371b306 319 return ret;
ram54288 0:a7a43371b306 320 }
ram54288 0:a7a43371b306 321
ram54288 0:a7a43371b306 322 int M2MConnectionSecurityPimpl::continue_connecting()
ram54288 0:a7a43371b306 323 {
ram54288 0:a7a43371b306 324 tr_debug("M2MConnectionSecurityPimpl::continue_connecting");
ram54288 0:a7a43371b306 325 int ret=-1;
ram54288 0:a7a43371b306 326 while( ret != M2MConnectionHandler::CONNECTION_ERROR_WANTS_READ ){
ram54288 0:a7a43371b306 327 ret = mbedtls_ssl_handshake_step( &_ssl );
ram54288 0:a7a43371b306 328 if( MBEDTLS_ERR_SSL_WANT_READ == ret ){
ram54288 0:a7a43371b306 329 ret = M2MConnectionHandler::CONNECTION_ERROR_WANTS_READ;
ram54288 0:a7a43371b306 330 }
ram54288 0:a7a43371b306 331 else if (ret != 0) {
ram54288 0:a7a43371b306 332 break;
ram54288 0:a7a43371b306 333 }
ram54288 0:a7a43371b306 334
ram54288 0:a7a43371b306 335 if( _ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER ){
ram54288 0:a7a43371b306 336 return 0;
ram54288 0:a7a43371b306 337 }
ram54288 0:a7a43371b306 338 }
ram54288 0:a7a43371b306 339 tr_debug("M2MConnectionSecurityPimpl::continue_connecting, ret: %d", ret);
ram54288 0:a7a43371b306 340 return ret;
ram54288 0:a7a43371b306 341 }
ram54288 0:a7a43371b306 342
ram54288 0:a7a43371b306 343 int M2MConnectionSecurityPimpl::send_message(unsigned char *message, int len){
ram54288 0:a7a43371b306 344 tr_debug("M2MConnectionSecurityPimpl::send_message");
ram54288 0:a7a43371b306 345 int ret=-1;
ram54288 0:a7a43371b306 346 if(!_init_done){
ram54288 0:a7a43371b306 347 return ret;
ram54288 0:a7a43371b306 348 }
ram54288 0:a7a43371b306 349
ram54288 0:a7a43371b306 350 do ret = mbedtls_ssl_write( &_ssl, (unsigned char *) message, len );
ram54288 0:a7a43371b306 351 while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ram54288 0:a7a43371b306 352 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
ram54288 0:a7a43371b306 353
ram54288 0:a7a43371b306 354 tr_debug("M2MConnectionSecurityPimpl::send_message - ret: %d", ret);
ram54288 0:a7a43371b306 355 return ret; //bytes written
ram54288 0:a7a43371b306 356 }
ram54288 0:a7a43371b306 357
ram54288 0:a7a43371b306 358 int M2MConnectionSecurityPimpl::read(unsigned char* buffer, uint16_t len){
ram54288 0:a7a43371b306 359 int ret=-1;
ram54288 0:a7a43371b306 360 if(!_init_done){
ram54288 0:a7a43371b306 361 tr_error("M2MConnectionSecurityPimpl::read - init not done!");
ram54288 0:a7a43371b306 362 return ret;
ram54288 0:a7a43371b306 363 }
ram54288 0:a7a43371b306 364
ram54288 0:a7a43371b306 365 memset( buffer, 0, len );
ram54288 0:a7a43371b306 366 do ret = mbedtls_ssl_read( &_ssl, buffer, len-1 );
ram54288 0:a7a43371b306 367 while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ram54288 0:a7a43371b306 368 ret == MBEDTLS_ERR_SSL_WANT_WRITE );
ram54288 0:a7a43371b306 369
ram54288 0:a7a43371b306 370 return ret; //bytes read
ram54288 0:a7a43371b306 371 }
ram54288 0:a7a43371b306 372
ram54288 0:a7a43371b306 373 int f_send( void *ctx, const unsigned char *buf, size_t len){
ram54288 0:a7a43371b306 374 M2MConnectionHandler* handler = ((M2MConnectionHandler *) ctx);
ram54288 0:a7a43371b306 375 return handler->send_to_socket(buf, len);
ram54288 0:a7a43371b306 376 }
ram54288 0:a7a43371b306 377
ram54288 0:a7a43371b306 378 int f_recv(void *ctx, unsigned char *buf, size_t len){
ram54288 0:a7a43371b306 379 M2MConnectionHandler* handler = ((M2MConnectionHandler *) ctx);
ram54288 0:a7a43371b306 380 return handler->receive_from_socket(buf, len);
ram54288 0:a7a43371b306 381 }
ram54288 0:a7a43371b306 382
ram54288 0:a7a43371b306 383 int f_recv_timeout(void *ctx, unsigned char *buf, size_t len, uint32_t /*some*/){
ram54288 0:a7a43371b306 384 return f_recv(ctx, buf, len);
ram54288 0:a7a43371b306 385 }
ram54288 0:a7a43371b306 386
ram54288 0:a7a43371b306 387 int entropy_poll( void *, unsigned char *output, size_t len,
ram54288 0:a7a43371b306 388 size_t *olen )
ram54288 0:a7a43371b306 389 {
ram54288 0:a7a43371b306 390 uint32_t rdm = 0;
ram54288 0:a7a43371b306 391 if(__random_number_callback) {
ram54288 0:a7a43371b306 392 rdm = __random_number_callback();
ram54288 0:a7a43371b306 393 } else {
ram54288 0:a7a43371b306 394 rdm = time(NULL);
ram54288 0:a7a43371b306 395 }
ram54288 0:a7a43371b306 396 for(uint16_t i=0; i < len; i++){
ram54288 0:a7a43371b306 397 srand(rdm);
ram54288 0:a7a43371b306 398 output[i] = rand() % 256;
ram54288 0:a7a43371b306 399 }
ram54288 0:a7a43371b306 400 *olen = len;
ram54288 0:a7a43371b306 401
ram54288 0:a7a43371b306 402 return( 0 );
ram54288 0:a7a43371b306 403 }
ram54288 0:a7a43371b306 404
ram54288 0:a7a43371b306 405 void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ){
ram54288 0:a7a43371b306 406 tr_debug("mbedtls_timing_set_delay - intermediate: %d", int_ms);
ram54288 0:a7a43371b306 407 tr_debug("mbedtls_timing_set_delay - final: %d", fin_ms);
ram54288 0:a7a43371b306 408 M2MTimer* timer = static_cast<M2MTimer*> (data);
ram54288 0:a7a43371b306 409 if(!timer) {
ram54288 0:a7a43371b306 410 return;
ram54288 0:a7a43371b306 411 }
ram54288 0:a7a43371b306 412 if( int_ms > 0 && fin_ms > 0 ){
ram54288 0:a7a43371b306 413 tr_debug("mbedtls_timing_set_delay - start");
ram54288 0:a7a43371b306 414 cancelled = false;
ram54288 0:a7a43371b306 415 timer->stop_timer();
ram54288 0:a7a43371b306 416 timer->start_dtls_timer(int_ms, fin_ms);
ram54288 0:a7a43371b306 417 }else{
ram54288 0:a7a43371b306 418 tr_debug("mbedtls_timing_set_delay - stop");
ram54288 0:a7a43371b306 419 cancelled = true;
ram54288 0:a7a43371b306 420 timer->stop_timer();
ram54288 0:a7a43371b306 421 }
ram54288 0:a7a43371b306 422 }
ram54288 0:a7a43371b306 423
ram54288 0:a7a43371b306 424 int mbedtls_timing_get_delay( void *data ){
ram54288 0:a7a43371b306 425 tr_debug("mbedtls_timing_get_delay");
ram54288 0:a7a43371b306 426 M2MTimer* timer = static_cast<M2MTimer*> (data);
ram54288 0:a7a43371b306 427 if(!timer){
ram54288 0:a7a43371b306 428 return 0;
ram54288 0:a7a43371b306 429 }
ram54288 0:a7a43371b306 430 if(true == cancelled) {
ram54288 0:a7a43371b306 431 tr_debug("mbedtls_timing_get_delay - ret -1");
ram54288 0:a7a43371b306 432 return -1;
ram54288 0:a7a43371b306 433 } else if( timer->is_total_interval_passed() ){
ram54288 0:a7a43371b306 434 tr_debug("mbedtls_timing_get_delay - ret 2");
ram54288 0:a7a43371b306 435 return 2;
ram54288 0:a7a43371b306 436 }else if( timer->is_intermediate_interval_passed() ){
ram54288 0:a7a43371b306 437 tr_debug("mbedtls_timing_get_delay - ret 1");
ram54288 0:a7a43371b306 438 return 1;
ram54288 0:a7a43371b306 439 }else{
ram54288 0:a7a43371b306 440 tr_debug("mbedtls_timing_get_delay - ret 0");
ram54288 0:a7a43371b306 441 return 0;
ram54288 0:a7a43371b306 442 }
ram54288 0:a7a43371b306 443 }
ram54288 0:a7a43371b306 444
ram54288 0:a7a43371b306 445 void M2MConnectionSecurityPimpl::set_random_number_callback(random_number_cb callback)
ram54288 0:a7a43371b306 446 {
ram54288 0:a7a43371b306 447 __random_number_callback = callback;
ram54288 0:a7a43371b306 448 }
ram54288 0:a7a43371b306 449
ram54288 0:a7a43371b306 450 void M2MConnectionSecurityPimpl::set_entropy_callback(entropy_cb callback)
ram54288 0:a7a43371b306 451 {
ram54288 0:a7a43371b306 452 __entropy_callback = callback;
ram54288 0:a7a43371b306 453 }
ram54288 0:a7a43371b306 454