Ram Gandikota
FRDM K64F Metronome
mbed-client/mbed-client-mbed-tls/mbed-client-mbedtls/m2mconnectionsecuritypimpl.h@0:a2cb7295a1f7, 2017-05-14 (annotated)
- Committer:
- ram54288
- Date:
- Sun May 14 18:35:07 2017 +0000
- Revision:
- 0:a2cb7295a1f7
Initial commit
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| ram54288 | 0:a2cb7295a1f7 | 1 | /* |
| ram54288 | 0:a2cb7295a1f7 | 2 | * Copyright (c) 2015 ARM Limited. All rights reserved. |
| ram54288 | 0:a2cb7295a1f7 | 3 | * SPDX-License-Identifier: Apache-2.0 |
| ram54288 | 0:a2cb7295a1f7 | 4 | * Licensed under the Apache License, Version 2.0 (the License); you may |
| ram54288 | 0:a2cb7295a1f7 | 5 | * not use this file except in compliance with the License. |
| ram54288 | 0:a2cb7295a1f7 | 6 | * You may obtain a copy of the License at |
| ram54288 | 0:a2cb7295a1f7 | 7 | * |
| ram54288 | 0:a2cb7295a1f7 | 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| ram54288 | 0:a2cb7295a1f7 | 9 | * |
| ram54288 | 0:a2cb7295a1f7 | 10 | * Unless required by applicable law or agreed to in writing, software |
| ram54288 | 0:a2cb7295a1f7 | 11 | * distributed under the License is distributed on an AS IS BASIS, WITHOUT |
| ram54288 | 0:a2cb7295a1f7 | 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| ram54288 | 0:a2cb7295a1f7 | 13 | * See the License for the specific language governing permissions and |
| ram54288 | 0:a2cb7295a1f7 | 14 | * limitations under the License. |
| ram54288 | 0:a2cb7295a1f7 | 15 | */ |
| ram54288 | 0:a2cb7295a1f7 | 16 | |
| ram54288 | 0:a2cb7295a1f7 | 17 | #ifndef __M2M_CONNECTION_SECURITY_PIMPL_H__ |
| ram54288 | 0:a2cb7295a1f7 | 18 | #define __M2M_CONNECTION_SECURITY_PIMPL_H__ |
| ram54288 | 0:a2cb7295a1f7 | 19 | |
| ram54288 | 0:a2cb7295a1f7 | 20 | #include "mbed-client/m2mconnectionsecurity.h" |
| ram54288 | 0:a2cb7295a1f7 | 21 | #include "mbed-client/m2mtimerobserver.h" |
| ram54288 | 0:a2cb7295a1f7 | 22 | #include "mbed-client/m2mconstants.h" |
| ram54288 | 0:a2cb7295a1f7 | 23 | #include "mbed-client/m2msecurity.h" |
| ram54288 | 0:a2cb7295a1f7 | 24 | |
| ram54288 | 0:a2cb7295a1f7 | 25 | #include "mbedtls/config.h" |
| ram54288 | 0:a2cb7295a1f7 | 26 | #include "mbedtls/platform.h" |
| ram54288 | 0:a2cb7295a1f7 | 27 | #include "mbedtls/debug.h" |
| ram54288 | 0:a2cb7295a1f7 | 28 | #include "mbedtls/ssl.h" |
| ram54288 | 0:a2cb7295a1f7 | 29 | #include "mbedtls/entropy.h" |
| ram54288 | 0:a2cb7295a1f7 | 30 | #include "mbedtls/ctr_drbg.h" |
| ram54288 | 0:a2cb7295a1f7 | 31 | #include "mbedtls/error.h" |
| ram54288 | 0:a2cb7295a1f7 | 32 | #include "mbedtls/certs.h" |
| ram54288 | 0:a2cb7295a1f7 | 33 | #include "mbedtls/entropy_poll.h" |
| ram54288 | 0:a2cb7295a1f7 | 34 | |
| ram54288 | 0:a2cb7295a1f7 | 35 | class M2MTimer; |
| ram54288 | 0:a2cb7295a1f7 | 36 | |
| ram54288 | 0:a2cb7295a1f7 | 37 | //TODO: Should we let application to select these or not?? |
| ram54288 | 0:a2cb7295a1f7 | 38 | const static int PSK_SUITES[] = { |
| ram54288 | 0:a2cb7295a1f7 | 39 | MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, |
| ram54288 | 0:a2cb7295a1f7 | 40 | MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, |
| ram54288 | 0:a2cb7295a1f7 | 41 | MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, |
| ram54288 | 0:a2cb7295a1f7 | 42 | 0 |
| ram54288 | 0:a2cb7295a1f7 | 43 | }; |
| ram54288 | 0:a2cb7295a1f7 | 44 | |
| ram54288 | 0:a2cb7295a1f7 | 45 | |
| ram54288 | 0:a2cb7295a1f7 | 46 | /** |
| ram54288 | 0:a2cb7295a1f7 | 47 | * @brief The M2MConnectionSecurityPimpl class |
| ram54288 | 0:a2cb7295a1f7 | 48 | */ |
| ram54288 | 0:a2cb7295a1f7 | 49 | class M2MConnectionSecurityPimpl : public M2MTimerObserver { |
| ram54288 | 0:a2cb7295a1f7 | 50 | |
| ram54288 | 0:a2cb7295a1f7 | 51 | private: |
| ram54288 | 0:a2cb7295a1f7 | 52 | |
| ram54288 | 0:a2cb7295a1f7 | 53 | // Prevents the use of assignment operator by accident. |
| ram54288 | 0:a2cb7295a1f7 | 54 | M2MConnectionSecurityPimpl& operator=( const M2MConnectionSecurityPimpl& /*other*/ ); |
| ram54288 | 0:a2cb7295a1f7 | 55 | // Prevents the use of copy constructor by accident |
| ram54288 | 0:a2cb7295a1f7 | 56 | M2MConnectionSecurityPimpl( const M2MConnectionSecurityPimpl& /*other*/ ); |
| ram54288 | 0:a2cb7295a1f7 | 57 | |
| ram54288 | 0:a2cb7295a1f7 | 58 | public: |
| ram54288 | 0:a2cb7295a1f7 | 59 | |
| ram54288 | 0:a2cb7295a1f7 | 60 | /** |
| ram54288 | 0:a2cb7295a1f7 | 61 | * @brief Constructor |
| ram54288 | 0:a2cb7295a1f7 | 62 | */ |
| ram54288 | 0:a2cb7295a1f7 | 63 | M2MConnectionSecurityPimpl(M2MConnectionSecurity::SecurityMode mode); |
| ram54288 | 0:a2cb7295a1f7 | 64 | |
| ram54288 | 0:a2cb7295a1f7 | 65 | /** |
| ram54288 | 0:a2cb7295a1f7 | 66 | * @brief Destructor |
| ram54288 | 0:a2cb7295a1f7 | 67 | */ |
| ram54288 | 0:a2cb7295a1f7 | 68 | virtual ~M2MConnectionSecurityPimpl(); |
| ram54288 | 0:a2cb7295a1f7 | 69 | |
| ram54288 | 0:a2cb7295a1f7 | 70 | /** |
| ram54288 | 0:a2cb7295a1f7 | 71 | * \brief Resets the socket connection states. |
| ram54288 | 0:a2cb7295a1f7 | 72 | */ |
| ram54288 | 0:a2cb7295a1f7 | 73 | void reset(); |
| ram54288 | 0:a2cb7295a1f7 | 74 | |
| ram54288 | 0:a2cb7295a1f7 | 75 | /** |
| ram54288 | 0:a2cb7295a1f7 | 76 | * \brief Initiatlizes the socket connection states. |
| ram54288 | 0:a2cb7295a1f7 | 77 | */ |
| ram54288 | 0:a2cb7295a1f7 | 78 | int init(const M2MSecurity *security); |
| ram54288 | 0:a2cb7295a1f7 | 79 | |
| ram54288 | 0:a2cb7295a1f7 | 80 | /** |
| ram54288 | 0:a2cb7295a1f7 | 81 | * \brief Starts the connection in non-blocking mode. |
| ram54288 | 0:a2cb7295a1f7 | 82 | * \param connHandler The ConnectionHandler object that maintains the socket. |
| ram54288 | 0:a2cb7295a1f7 | 83 | * \return Returns the state of the connection. Successful or not. |
| ram54288 | 0:a2cb7295a1f7 | 84 | */ |
| ram54288 | 0:a2cb7295a1f7 | 85 | int start_connecting_non_blocking(M2MConnectionHandler* connHandler); |
| ram54288 | 0:a2cb7295a1f7 | 86 | |
| ram54288 | 0:a2cb7295a1f7 | 87 | /** |
| ram54288 | 0:a2cb7295a1f7 | 88 | * \brief Continues connectivity logic for secure connection. |
| ram54288 | 0:a2cb7295a1f7 | 89 | * \return Returns an error code if any while continuing the connection sequence. |
| ram54288 | 0:a2cb7295a1f7 | 90 | */ |
| ram54288 | 0:a2cb7295a1f7 | 91 | int continue_connecting(); |
| ram54288 | 0:a2cb7295a1f7 | 92 | |
| ram54288 | 0:a2cb7295a1f7 | 93 | /** |
| ram54288 | 0:a2cb7295a1f7 | 94 | * \brief Connects the client to the server. |
| ram54288 | 0:a2cb7295a1f7 | 95 | * \param connHandler The ConnectionHandler object that maintains the socket. |
| ram54288 | 0:a2cb7295a1f7 | 96 | * \return Returns the state of the connection. Successful or not. |
| ram54288 | 0:a2cb7295a1f7 | 97 | */ |
| ram54288 | 0:a2cb7295a1f7 | 98 | int connect(M2MConnectionHandler* connHandler); |
| ram54288 | 0:a2cb7295a1f7 | 99 | |
| ram54288 | 0:a2cb7295a1f7 | 100 | /** |
| ram54288 | 0:a2cb7295a1f7 | 101 | * \brief Sends data to the server. |
| ram54288 | 0:a2cb7295a1f7 | 102 | * \param message The data to be sent. |
| ram54288 | 0:a2cb7295a1f7 | 103 | * \param len The length of the data. |
| ram54288 | 0:a2cb7295a1f7 | 104 | * @return Indicates whether the data is sent successfully or not. |
| ram54288 | 0:a2cb7295a1f7 | 105 | */ |
| ram54288 | 0:a2cb7295a1f7 | 106 | int send_message(unsigned char *message, int len); |
| ram54288 | 0:a2cb7295a1f7 | 107 | |
| ram54288 | 0:a2cb7295a1f7 | 108 | /** |
| ram54288 | 0:a2cb7295a1f7 | 109 | * \brief Reads the data received from the server. |
| ram54288 | 0:a2cb7295a1f7 | 110 | * \param message The data to be read. |
| ram54288 | 0:a2cb7295a1f7 | 111 | * \param len The length of the data. |
| ram54288 | 0:a2cb7295a1f7 | 112 | * \return Indicates whether the data is read successfully or not. |
| ram54288 | 0:a2cb7295a1f7 | 113 | */ |
| ram54288 | 0:a2cb7295a1f7 | 114 | int read(unsigned char* buffer, uint16_t len); |
| ram54288 | 0:a2cb7295a1f7 | 115 | |
| ram54288 | 0:a2cb7295a1f7 | 116 | /** |
| ram54288 | 0:a2cb7295a1f7 | 117 | * \brief Sets the function callback that will be called by mbed-client for |
| ram54288 | 0:a2cb7295a1f7 | 118 | * fetching random number from application for ensuring strong entropy. |
| ram54288 | 0:a2cb7295a1f7 | 119 | * \param random_callback A function pointer that will be called by mbed-client |
| ram54288 | 0:a2cb7295a1f7 | 120 | * while performing secure handshake. |
| ram54288 | 0:a2cb7295a1f7 | 121 | * Function signature should be uint32_t (*random_number_callback)(void); |
| ram54288 | 0:a2cb7295a1f7 | 122 | */ |
| ram54288 | 0:a2cb7295a1f7 | 123 | void set_random_number_callback(random_number_cb callback); |
| ram54288 | 0:a2cb7295a1f7 | 124 | |
| ram54288 | 0:a2cb7295a1f7 | 125 | /** |
| ram54288 | 0:a2cb7295a1f7 | 126 | * \brief Sets the function callback that will be called by mbed-client for |
| ram54288 | 0:a2cb7295a1f7 | 127 | * providing entropy source from application for ensuring strong entropy. |
| ram54288 | 0:a2cb7295a1f7 | 128 | * \param entropy_callback A function pointer that will be called by mbed-client |
| ram54288 | 0:a2cb7295a1f7 | 129 | * while performing secure handshake. |
| ram54288 | 0:a2cb7295a1f7 | 130 | * Function signature , if using mbed-client-mbedtls should be |
| ram54288 | 0:a2cb7295a1f7 | 131 | * int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, |
| ram54288 | 0:a2cb7295a1f7 | 132 | * size_t len, size_t *olen); |
| ram54288 | 0:a2cb7295a1f7 | 133 | */ |
| ram54288 | 0:a2cb7295a1f7 | 134 | void set_entropy_callback(entropy_cb callback); |
| ram54288 | 0:a2cb7295a1f7 | 135 | |
| ram54288 | 0:a2cb7295a1f7 | 136 | protected: //From M2MTimerObserver |
| ram54288 | 0:a2cb7295a1f7 | 137 | |
| ram54288 | 0:a2cb7295a1f7 | 138 | virtual void timer_expired(M2MTimerObserver::Type type); |
| ram54288 | 0:a2cb7295a1f7 | 139 | |
| ram54288 | 0:a2cb7295a1f7 | 140 | private: |
| ram54288 | 0:a2cb7295a1f7 | 141 | |
| ram54288 | 0:a2cb7295a1f7 | 142 | int start_handshake(); |
| ram54288 | 0:a2cb7295a1f7 | 143 | |
| ram54288 | 0:a2cb7295a1f7 | 144 | private: |
| ram54288 | 0:a2cb7295a1f7 | 145 | |
| ram54288 | 0:a2cb7295a1f7 | 146 | bool _init_done; |
| ram54288 | 0:a2cb7295a1f7 | 147 | mbedtls_ssl_config _conf; |
| ram54288 | 0:a2cb7295a1f7 | 148 | mbedtls_ssl_context _ssl; |
| ram54288 | 0:a2cb7295a1f7 | 149 | mbedtls_x509_crt _cacert; |
| ram54288 | 0:a2cb7295a1f7 | 150 | mbedtls_x509_crt _owncert; |
| ram54288 | 0:a2cb7295a1f7 | 151 | mbedtls_pk_context _pkey; |
| ram54288 | 0:a2cb7295a1f7 | 152 | mbedtls_ctr_drbg_context _ctr_drbg; |
| ram54288 | 0:a2cb7295a1f7 | 153 | mbedtls_entropy_context _entropy; |
| ram54288 | 0:a2cb7295a1f7 | 154 | uint32_t _flags; |
| ram54288 | 0:a2cb7295a1f7 | 155 | M2MTimer *_timer; |
| ram54288 | 0:a2cb7295a1f7 | 156 | M2MConnectionSecurity::SecurityMode _sec_mode; |
| ram54288 | 0:a2cb7295a1f7 | 157 | |
| ram54288 | 0:a2cb7295a1f7 | 158 | friend class Test_M2MConnectionSecurityPimpl; |
| ram54288 | 0:a2cb7295a1f7 | 159 | }; |
| ram54288 | 0:a2cb7295a1f7 | 160 | |
| ram54288 | 0:a2cb7295a1f7 | 161 | #endif //__M2M_CONNECTION_SECURITY_PIMPL_H__ |