Vergil Cola
Fork of Hello MQTT, using mbed TLS for secure mqtt transport
MQTTSNetwork.h@22:4d0628d13870, 2017-03-18 (annotated)
- Committer:
- vpcola
- Date:
- Sat Mar 18 01:54:50 2017 +0000
- Revision:
- 22:4d0628d13870
- Parent:
- 21:4534812bb94f
Output to serial only
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| vpcola | 21:4534812bb94f | 1 | #ifndef _MQTTSNETWORK_H_ |
| vpcola | 21:4534812bb94f | 2 | #define _MQTTSNETWORK_H_ |
| vpcola | 21:4534812bb94f | 3 | |
| vpcola | 21:4534812bb94f | 4 | #include "NetworkInterface.h" |
| vpcola | 21:4534812bb94f | 5 | #include "TCPSocket.h" |
| vpcola | 21:4534812bb94f | 6 | #include "mbedtls/platform.h" |
| vpcola | 21:4534812bb94f | 7 | #include "mbedtls/ssl.h" |
| vpcola | 21:4534812bb94f | 8 | #include "mbedtls/entropy.h" |
| vpcola | 21:4534812bb94f | 9 | #include "mbedtls/ctr_drbg.h" |
| vpcola | 21:4534812bb94f | 10 | #include "mbedtls/error.h" |
| vpcola | 21:4534812bb94f | 11 | |
| vpcola | 21:4534812bb94f | 12 | #if DEBUG_LEVEL > 0 |
| vpcola | 21:4534812bb94f | 13 | #include "mbedtls/debug.h" |
| vpcola | 21:4534812bb94f | 14 | #endif |
| vpcola | 21:4534812bb94f | 15 | |
| vpcola | 21:4534812bb94f | 16 | class MQTTSNetwork { |
| vpcola | 21:4534812bb94f | 17 | public: |
| vpcola | 21:4534812bb94f | 18 | |
| vpcola | 21:4534812bb94f | 19 | MQTTSNetwork() |
| vpcola | 21:4534812bb94f | 20 | : tcpsocket(NULL) |
| vpcola | 21:4534812bb94f | 21 | ,ssl_ca_pem(NULL) |
| vpcola | 21:4534812bb94f | 22 | ,keepalive(1) |
| vpcola | 21:4534812bb94f | 23 | { |
| vpcola | 21:4534812bb94f | 24 | DRBG_PERS = "mbed TLS MQTT client"; |
| vpcola | 21:4534812bb94f | 25 | |
| vpcola | 21:4534812bb94f | 26 | mbedtls_entropy_init(&_entropy); |
| vpcola | 21:4534812bb94f | 27 | mbedtls_ctr_drbg_init(&_ctr_drbg); |
| vpcola | 21:4534812bb94f | 28 | mbedtls_x509_crt_init(&_cacert); |
| vpcola | 21:4534812bb94f | 29 | mbedtls_ssl_init(&_ssl); |
| vpcola | 21:4534812bb94f | 30 | mbedtls_ssl_config_init(&_ssl_conf); |
| vpcola | 21:4534812bb94f | 31 | memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) ); |
| vpcola | 21:4534812bb94f | 32 | } |
| vpcola | 21:4534812bb94f | 33 | |
| vpcola | 21:4534812bb94f | 34 | ~MQTTSNetwork() |
| vpcola | 21:4534812bb94f | 35 | { |
| vpcola | 21:4534812bb94f | 36 | |
| vpcola | 21:4534812bb94f | 37 | mbedtls_entropy_free(&_entropy); |
| vpcola | 21:4534812bb94f | 38 | mbedtls_ctr_drbg_free(&_ctr_drbg); |
| vpcola | 21:4534812bb94f | 39 | mbedtls_x509_crt_free(&_cacert); |
| vpcola | 21:4534812bb94f | 40 | mbedtls_ssl_free(&_ssl); |
| vpcola | 21:4534812bb94f | 41 | mbedtls_ssl_config_free(&_ssl_conf); |
| vpcola | 21:4534812bb94f | 42 | |
| vpcola | 21:4534812bb94f | 43 | if (tcpsocket) |
| vpcola | 21:4534812bb94f | 44 | delete tcpsocket; |
| vpcola | 21:4534812bb94f | 45 | |
| vpcola | 21:4534812bb94f | 46 | } |
| vpcola | 21:4534812bb94f | 47 | |
| vpcola | 21:4534812bb94f | 48 | |
| vpcola | 21:4534812bb94f | 49 | |
| vpcola | 21:4534812bb94f | 50 | int setupTLS(NetworkInterface * net, const char * pem) |
| vpcola | 21:4534812bb94f | 51 | { |
| vpcola | 21:4534812bb94f | 52 | int ret; |
| vpcola | 21:4534812bb94f | 53 | |
| vpcola | 21:4534812bb94f | 54 | network = net; |
| vpcola | 21:4534812bb94f | 55 | ssl_ca_pem = pem; |
| vpcola | 21:4534812bb94f | 56 | |
| vpcola | 21:4534812bb94f | 57 | printf("Initializing TLS ...\r\n"); |
| vpcola | 21:4534812bb94f | 58 | printf("mbedtls_ctr_drdbg_seed ...\r\n"); |
| vpcola | 21:4534812bb94f | 59 | if ((ret = mbedtls_ctr_drbg_seed(&_ctr_drbg, mbedtls_entropy_func, &_entropy, |
| vpcola | 21:4534812bb94f | 60 | (const unsigned char *) DRBG_PERS, |
| vpcola | 21:4534812bb94f | 61 | sizeof (DRBG_PERS))) != 0) { |
| vpcola | 21:4534812bb94f | 62 | print_mbedtls_error("mbedtls_crt_drbg_init", ret); |
| vpcola | 21:4534812bb94f | 63 | _error = ret; |
| vpcola | 21:4534812bb94f | 64 | return -1; |
| vpcola | 21:4534812bb94f | 65 | } |
| vpcola | 21:4534812bb94f | 66 | printf("mbedtls_x509_crt_parse ...\r\n"); |
| vpcola | 21:4534812bb94f | 67 | if ((ret = mbedtls_x509_crt_parse(&_cacert, (const unsigned char *) ssl_ca_pem, |
| vpcola | 21:4534812bb94f | 68 | strlen(ssl_ca_pem) + 1)) != 0) { |
| vpcola | 21:4534812bb94f | 69 | print_mbedtls_error("mbedtls_x509_crt_parse", ret); |
| vpcola | 21:4534812bb94f | 70 | _error = ret; |
| vpcola | 21:4534812bb94f | 71 | return -1; |
| vpcola | 21:4534812bb94f | 72 | } |
| vpcola | 21:4534812bb94f | 73 | |
| vpcola | 21:4534812bb94f | 74 | printf("mbedtls_ssl_config_defaults ...\r\n"); |
| vpcola | 21:4534812bb94f | 75 | if ((ret = mbedtls_ssl_config_defaults(&_ssl_conf, |
| vpcola | 21:4534812bb94f | 76 | MBEDTLS_SSL_IS_CLIENT, |
| vpcola | 21:4534812bb94f | 77 | MBEDTLS_SSL_TRANSPORT_STREAM, |
| vpcola | 21:4534812bb94f | 78 | MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { |
| vpcola | 21:4534812bb94f | 79 | print_mbedtls_error("mbedtls_ssl_config_defaults", ret); |
| vpcola | 21:4534812bb94f | 80 | _error = ret; |
| vpcola | 21:4534812bb94f | 81 | return -1; |
| vpcola | 21:4534812bb94f | 82 | } |
| vpcola | 21:4534812bb94f | 83 | |
| vpcola | 21:4534812bb94f | 84 | printf("mbedtls_ssl_config_ca_chain ...\r\n"); |
| vpcola | 21:4534812bb94f | 85 | mbedtls_ssl_conf_ca_chain(&_ssl_conf, &_cacert, NULL); |
| vpcola | 21:4534812bb94f | 86 | printf("mbedtls_ssl_conf_rng ...\r\n"); |
| vpcola | 21:4534812bb94f | 87 | mbedtls_ssl_conf_rng(&_ssl_conf, mbedtls_ctr_drbg_random, &_ctr_drbg); |
| vpcola | 21:4534812bb94f | 88 | |
| vpcola | 21:4534812bb94f | 89 | /* It is possible to disable authentication by passing |
| vpcola | 21:4534812bb94f | 90 | * MBEDTLS_SSL_VERIFY_NONE in the call to mbedtls_ssl_conf_authmode() |
| vpcola | 21:4534812bb94f | 91 | */ |
| vpcola | 21:4534812bb94f | 92 | printf("mbedtls_ssl_conf_authmode ...\r\n"); |
| vpcola | 21:4534812bb94f | 93 | mbedtls_ssl_conf_authmode(&_ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED); |
| vpcola | 21:4534812bb94f | 94 | |
| vpcola | 21:4534812bb94f | 95 | #if DEBUG_LEVEL > 0 |
| vpcola | 21:4534812bb94f | 96 | mbedtls_ssl_conf_verify(&_ssl_conf, my_verify, NULL); |
| vpcola | 21:4534812bb94f | 97 | mbedtls_ssl_conf_dbg(&_ssl_conf, my_debug, NULL); |
| vpcola | 21:4534812bb94f | 98 | mbedtls_debug_set_threshold(DEBUG_LEVEL); |
| vpcola | 21:4534812bb94f | 99 | #endif |
| vpcola | 21:4534812bb94f | 100 | |
| vpcola | 21:4534812bb94f | 101 | printf("mbedtls_ssl_setup ...\r\n"); |
| vpcola | 21:4534812bb94f | 102 | if ((ret = mbedtls_ssl_setup(&_ssl, &_ssl_conf)) != 0) { |
| vpcola | 21:4534812bb94f | 103 | print_mbedtls_error("mbedtls_ssl_setup", ret); |
| vpcola | 21:4534812bb94f | 104 | _error = ret; |
| vpcola | 21:4534812bb94f | 105 | return -1; |
| vpcola | 21:4534812bb94f | 106 | } |
| vpcola | 21:4534812bb94f | 107 | |
| vpcola | 21:4534812bb94f | 108 | |
| vpcola | 21:4534812bb94f | 109 | return ret; |
| vpcola | 21:4534812bb94f | 110 | } |
| vpcola | 21:4534812bb94f | 111 | |
| vpcola | 21:4534812bb94f | 112 | int read(unsigned char* buffer, int len, int timeout) |
| vpcola | 21:4534812bb94f | 113 | { |
| vpcola | 21:4534812bb94f | 114 | int ret; |
| vpcola | 21:4534812bb94f | 115 | printf("MQTTS client read ...\r\n"); |
| vpcola | 21:4534812bb94f | 116 | |
| vpcola | 21:4534812bb94f | 117 | printf("read set timeout ... %d\r\n", timeout); |
| vpcola | 21:4534812bb94f | 118 | tcpsocket->set_timeout(timeout); |
| vpcola | 21:4534812bb94f | 119 | |
| vpcola | 21:4534812bb94f | 120 | ret = mbedtls_ssl_read(&_ssl, buffer, len); |
| vpcola | 21:4534812bb94f | 121 | printf("mbedtls_ssl_read returned %d\r\n", ret); |
| vpcola | 21:4534812bb94f | 122 | if (ret < 0) { |
| vpcola | 21:4534812bb94f | 123 | if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) |
| vpcola | 21:4534812bb94f | 124 | print_mbedtls_error("mbedtls_ssl_read", ret); |
| vpcola | 22:4d0628d13870 | 125 | else |
| vpcola | 21:4534812bb94f | 126 | printf("Timed out? ...\r\n"); |
| vpcola | 22:4d0628d13870 | 127 | |
| vpcola | 22:4d0628d13870 | 128 | _error = ret; |
| vpcola | 21:4534812bb94f | 129 | printf("MQTTS client read returns with error!!!...\r\n"); |
| vpcola | 22:4d0628d13870 | 130 | return ret; |
| vpcola | 21:4534812bb94f | 131 | } |
| vpcola | 21:4534812bb94f | 132 | printf("MQTS client read successfully!! ...\r\n"); |
| vpcola | 21:4534812bb94f | 133 | return ret ; |
| vpcola | 21:4534812bb94f | 134 | } |
| vpcola | 21:4534812bb94f | 135 | |
| vpcola | 21:4534812bb94f | 136 | int write(unsigned char* buffer, int len, int timeout) |
| vpcola | 21:4534812bb94f | 137 | { |
| vpcola | 21:4534812bb94f | 138 | int ret; |
| vpcola | 21:4534812bb94f | 139 | |
| vpcola | 21:4534812bb94f | 140 | printf("MQTTS client write ...\r\n"); |
| vpcola | 21:4534812bb94f | 141 | tcpsocket->set_timeout(timeout); |
| vpcola | 21:4534812bb94f | 142 | |
| vpcola | 21:4534812bb94f | 143 | ret = mbedtls_ssl_write(&_ssl, (const unsigned char *) buffer, len); |
| vpcola | 21:4534812bb94f | 144 | if (ret < 0) { |
| vpcola | 21:4534812bb94f | 145 | if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { |
| vpcola | 21:4534812bb94f | 146 | print_mbedtls_error("mbedtls_ssl_write", ret); |
| vpcola | 22:4d0628d13870 | 147 | //onError(tcpsocket, -1 ); |
| vpcola | 21:4534812bb94f | 148 | } |
| vpcola | 21:4534812bb94f | 149 | else { |
| vpcola | 21:4534812bb94f | 150 | _error = ret; |
| vpcola | 21:4534812bb94f | 151 | } |
| vpcola | 22:4d0628d13870 | 152 | return ret; |
| vpcola | 21:4534812bb94f | 153 | } |
| vpcola | 21:4534812bb94f | 154 | |
| vpcola | 21:4534812bb94f | 155 | return ret; |
| vpcola | 21:4534812bb94f | 156 | } |
| vpcola | 21:4534812bb94f | 157 | |
| vpcola | 21:4534812bb94f | 158 | int connect(const char* host, int port) |
| vpcola | 21:4534812bb94f | 159 | { |
| vpcola | 21:4534812bb94f | 160 | // Do the TLS handshake here ... |
| vpcola | 21:4534812bb94f | 161 | /* Initialize the flags */ |
| vpcola | 21:4534812bb94f | 162 | /* |
| vpcola | 21:4534812bb94f | 163 | * Initialize TLS-related stuf. |
| vpcola | 21:4534812bb94f | 164 | */ |
| vpcola | 21:4534812bb94f | 165 | int ret; |
| vpcola | 21:4534812bb94f | 166 | |
| vpcola | 21:4534812bb94f | 167 | // Save the hostname and port on first connect |
| vpcola | 21:4534812bb94f | 168 | // Create the socket |
| vpcola | 21:4534812bb94f | 169 | if (tcpsocket == NULL) |
| vpcola | 22:4d0628d13870 | 170 | { |
| vpcola | 22:4d0628d13870 | 171 | printf("Creating TCP socket ...\r\n"); |
| vpcola | 21:4534812bb94f | 172 | tcpsocket = new TCPSocket(network); |
| vpcola | 22:4d0628d13870 | 173 | } |
| vpcola | 21:4534812bb94f | 174 | |
| vpcola | 21:4534812bb94f | 175 | if (tcpsocket == NULL) |
| vpcola | 21:4534812bb94f | 176 | ret = -1; |
| vpcola | 21:4534812bb94f | 177 | |
| vpcola | 21:4534812bb94f | 178 | |
| vpcola | 21:4534812bb94f | 179 | printf("mbedtls_ssl_set_hostname ...\r\n"); |
| vpcola | 21:4534812bb94f | 180 | mbedtls_ssl_set_hostname(&_ssl, host); |
| vpcola | 21:4534812bb94f | 181 | printf("mbedtls_ssl_set_bio ...\r\n"); |
| vpcola | 21:4534812bb94f | 182 | mbedtls_ssl_set_bio(&_ssl, static_cast<void *>(tcpsocket), |
| vpcola | 21:4534812bb94f | 183 | ssl_send, ssl_recv, NULL ); |
| vpcola | 21:4534812bb94f | 184 | |
| vpcola | 21:4534812bb94f | 185 | printf("Connecting to %s:%d\r\n", host, port); |
| vpcola | 21:4534812bb94f | 186 | ret = tcpsocket->connect(host, port); |
| vpcola | 21:4534812bb94f | 187 | if (ret != NSAPI_ERROR_OK) { |
| vpcola | 21:4534812bb94f | 188 | if (_debug) mbedtls_printf("Failed to connect\r\n"); |
| vpcola | 21:4534812bb94f | 189 | onError(tcpsocket, -1); |
| vpcola | 21:4534812bb94f | 190 | return -1; |
| vpcola | 21:4534812bb94f | 191 | } |
| vpcola | 21:4534812bb94f | 192 | |
| vpcola | 21:4534812bb94f | 193 | /* Start the handshake, the rest will be done in onReceive() */ |
| vpcola | 21:4534812bb94f | 194 | printf("Starting the TLS handshake...\r\n"); |
| vpcola | 21:4534812bb94f | 195 | ret = mbedtls_ssl_handshake(&_ssl); |
| vpcola | 21:4534812bb94f | 196 | if (ret < 0) { |
| vpcola | 21:4534812bb94f | 197 | if (ret != MBEDTLS_ERR_SSL_WANT_READ && |
| vpcola | 21:4534812bb94f | 198 | ret != MBEDTLS_ERR_SSL_WANT_WRITE) { |
| vpcola | 21:4534812bb94f | 199 | print_mbedtls_error("mbedtls_ssl_handshake", ret); |
| vpcola | 21:4534812bb94f | 200 | onError(tcpsocket, -1); |
| vpcola | 21:4534812bb94f | 201 | } |
| vpcola | 21:4534812bb94f | 202 | else { |
| vpcola | 21:4534812bb94f | 203 | _error = ret; |
| vpcola | 21:4534812bb94f | 204 | } |
| vpcola | 21:4534812bb94f | 205 | return -1; |
| vpcola | 21:4534812bb94f | 206 | } |
| vpcola | 21:4534812bb94f | 207 | |
| vpcola | 21:4534812bb94f | 208 | /* Handshake done, time to print info */ |
| vpcola | 21:4534812bb94f | 209 | printf("TLS connection to %s:%d established\r\n", |
| vpcola | 21:4534812bb94f | 210 | host, port); |
| vpcola | 21:4534812bb94f | 211 | |
| vpcola | 21:4534812bb94f | 212 | const uint32_t buf_size = 1024; |
| vpcola | 21:4534812bb94f | 213 | char *buf = new char[buf_size]; |
| vpcola | 21:4534812bb94f | 214 | mbedtls_x509_crt_info(buf, buf_size, "\r ", |
| vpcola | 21:4534812bb94f | 215 | mbedtls_ssl_get_peer_cert(&_ssl)); |
| vpcola | 21:4534812bb94f | 216 | printf("Server certificate:\r\n%s\r", buf); |
| vpcola | 21:4534812bb94f | 217 | |
| vpcola | 21:4534812bb94f | 218 | uint32_t flags = mbedtls_ssl_get_verify_result(&_ssl); |
| vpcola | 21:4534812bb94f | 219 | if( flags != 0 ) |
| vpcola | 21:4534812bb94f | 220 | { |
| vpcola | 21:4534812bb94f | 221 | mbedtls_x509_crt_verify_info(buf, buf_size, "\r ! ", flags); |
| vpcola | 21:4534812bb94f | 222 | printf("Certificate verification failed:\r\n%s\r\r\n", buf); |
| vpcola | 21:4534812bb94f | 223 | return -1; |
| vpcola | 21:4534812bb94f | 224 | } |
| vpcola | 21:4534812bb94f | 225 | |
| vpcola | 21:4534812bb94f | 226 | printf("Certificate verification passed\r\n\r\n"); |
| vpcola | 21:4534812bb94f | 227 | |
| vpcola | 21:4534812bb94f | 228 | // TODO: Save the session here for reconnect. |
| vpcola | 21:4534812bb94f | 229 | if( ( ret = mbedtls_ssl_get_session( &_ssl, &saved_session ) ) != 0 ) |
| vpcola | 21:4534812bb94f | 230 | { |
| vpcola | 21:4534812bb94f | 231 | printf( "mbedtls_ssl_get_session returned -0x%x\n\n", -ret ); |
| vpcola | 21:4534812bb94f | 232 | return -1; |
| vpcola | 21:4534812bb94f | 233 | } |
| vpcola | 21:4534812bb94f | 234 | printf("Session saved for reconnect ...\r\n"); |
| vpcola | 21:4534812bb94f | 235 | |
| vpcola | 21:4534812bb94f | 236 | // Set socket to non-blocking mode ... |
| vpcola | 21:4534812bb94f | 237 | |
| vpcola | 21:4534812bb94f | 238 | return 0; |
| vpcola | 21:4534812bb94f | 239 | } |
| vpcola | 21:4534812bb94f | 240 | |
| vpcola | 21:4534812bb94f | 241 | void disconnect() |
| vpcola | 21:4534812bb94f | 242 | { |
| vpcola | 21:4534812bb94f | 243 | if (tcpsocket) |
| vpcola | 21:4534812bb94f | 244 | { |
| vpcola | 21:4534812bb94f | 245 | tcpsocket->close(); |
| vpcola | 21:4534812bb94f | 246 | delete tcpsocket; |
| vpcola | 21:4534812bb94f | 247 | tcpsocket = NULL; |
| vpcola | 21:4534812bb94f | 248 | } |
| vpcola | 21:4534812bb94f | 249 | } |
| vpcola | 21:4534812bb94f | 250 | |
| vpcola | 21:4534812bb94f | 251 | protected: |
| vpcola | 21:4534812bb94f | 252 | /** |
| vpcola | 21:4534812bb94f | 253 | * Helper for pretty-printing mbed TLS error codes |
| vpcola | 21:4534812bb94f | 254 | */ |
| vpcola | 21:4534812bb94f | 255 | static void print_mbedtls_error(const char *name, int err) { |
| vpcola | 21:4534812bb94f | 256 | char buf[128]; |
| vpcola | 21:4534812bb94f | 257 | mbedtls_strerror(err, buf, sizeof (buf)); |
| vpcola | 21:4534812bb94f | 258 | mbedtls_printf("%s() failed: -0x%04x (%d): %s\r\n", name, -err, err, buf); |
| vpcola | 21:4534812bb94f | 259 | } |
| vpcola | 21:4534812bb94f | 260 | |
| vpcola | 21:4534812bb94f | 261 | #if DEBUG_LEVEL > 0 |
| vpcola | 21:4534812bb94f | 262 | /** |
| vpcola | 21:4534812bb94f | 263 | * Debug callback for mbed TLS |
| vpcola | 21:4534812bb94f | 264 | * Just prints on the USB serial port |
| vpcola | 21:4534812bb94f | 265 | */ |
| vpcola | 21:4534812bb94f | 266 | static void my_debug(void *ctx, int level, const char *file, int line, |
| vpcola | 21:4534812bb94f | 267 | const char *str) |
| vpcola | 21:4534812bb94f | 268 | { |
| vpcola | 21:4534812bb94f | 269 | const char *p, *basename; |
| vpcola | 21:4534812bb94f | 270 | (void) ctx; |
| vpcola | 21:4534812bb94f | 271 | |
| vpcola | 21:4534812bb94f | 272 | /* Extract basename from file */ |
| vpcola | 21:4534812bb94f | 273 | for(p = basename = file; *p != '\0'; p++) { |
| vpcola | 21:4534812bb94f | 274 | if(*p == '/' || *p == '\\') { |
| vpcola | 21:4534812bb94f | 275 | basename = p + 1; |
| vpcola | 21:4534812bb94f | 276 | } |
| vpcola | 21:4534812bb94f | 277 | } |
| vpcola | 21:4534812bb94f | 278 | |
| vpcola | 21:4534812bb94f | 279 | if (_debug) { |
| vpcola | 21:4534812bb94f | 280 | mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str); |
| vpcola | 21:4534812bb94f | 281 | } |
| vpcola | 21:4534812bb94f | 282 | } |
| vpcola | 21:4534812bb94f | 283 | |
| vpcola | 21:4534812bb94f | 284 | /** |
| vpcola | 21:4534812bb94f | 285 | * Certificate verification callback for mbed TLS |
| vpcola | 21:4534812bb94f | 286 | * Here we only use it to display information on each cert in the chain |
| vpcola | 21:4534812bb94f | 287 | */ |
| vpcola | 21:4534812bb94f | 288 | static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags) |
| vpcola | 21:4534812bb94f | 289 | { |
| vpcola | 21:4534812bb94f | 290 | const uint32_t buf_size = 1024; |
| vpcola | 21:4534812bb94f | 291 | char *buf = new char[buf_size]; |
| vpcola | 21:4534812bb94f | 292 | (void) data; |
| vpcola | 21:4534812bb94f | 293 | |
| vpcola | 21:4534812bb94f | 294 | if (_debug) mbedtls_printf("\nVerifying certificate at depth %d:\n", depth); |
| vpcola | 21:4534812bb94f | 295 | mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt); |
| vpcola | 21:4534812bb94f | 296 | if (_debug) mbedtls_printf("%s", buf); |
| vpcola | 21:4534812bb94f | 297 | |
| vpcola | 21:4534812bb94f | 298 | if (*flags == 0) |
| vpcola | 21:4534812bb94f | 299 | if (_debug) mbedtls_printf("No verification issue for this certificate\n"); |
| vpcola | 21:4534812bb94f | 300 | else |
| vpcola | 21:4534812bb94f | 301 | { |
| vpcola | 21:4534812bb94f | 302 | mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags); |
| vpcola | 21:4534812bb94f | 303 | if (_debug) mbedtls_printf("%s\n", buf); |
| vpcola | 21:4534812bb94f | 304 | } |
| vpcola | 21:4534812bb94f | 305 | |
| vpcola | 21:4534812bb94f | 306 | delete[] buf; |
| vpcola | 21:4534812bb94f | 307 | return 0; |
| vpcola | 21:4534812bb94f | 308 | } |
| vpcola | 21:4534812bb94f | 309 | #endif |
| vpcola | 21:4534812bb94f | 310 | |
| vpcola | 21:4534812bb94f | 311 | /** |
| vpcola | 21:4534812bb94f | 312 | * Receive callback for mbed TLS |
| vpcola | 21:4534812bb94f | 313 | */ |
| vpcola | 21:4534812bb94f | 314 | static int ssl_recv(void *ctx, unsigned char *buf, size_t len) { |
| vpcola | 21:4534812bb94f | 315 | int recv = -1; |
| vpcola | 21:4534812bb94f | 316 | TCPSocket *socket = static_cast<TCPSocket *>(ctx); |
| vpcola | 21:4534812bb94f | 317 | recv = socket->recv(buf, len); |
| vpcola | 21:4534812bb94f | 318 | |
| vpcola | 21:4534812bb94f | 319 | if (NSAPI_ERROR_WOULD_BLOCK == recv) { |
| vpcola | 21:4534812bb94f | 320 | return MBEDTLS_ERR_SSL_WANT_READ; |
| vpcola | 21:4534812bb94f | 321 | } |
| vpcola | 21:4534812bb94f | 322 | else if (recv < 0) { |
| vpcola | 21:4534812bb94f | 323 | return -1; |
| vpcola | 21:4534812bb94f | 324 | } |
| vpcola | 21:4534812bb94f | 325 | else { |
| vpcola | 21:4534812bb94f | 326 | return recv; |
| vpcola | 21:4534812bb94f | 327 | } |
| vpcola | 21:4534812bb94f | 328 | } |
| vpcola | 21:4534812bb94f | 329 | |
| vpcola | 21:4534812bb94f | 330 | /** |
| vpcola | 21:4534812bb94f | 331 | * Send callback for mbed TLS |
| vpcola | 21:4534812bb94f | 332 | */ |
| vpcola | 21:4534812bb94f | 333 | static int ssl_send(void *ctx, const unsigned char *buf, size_t len) { |
| vpcola | 21:4534812bb94f | 334 | int sent = -1; |
| vpcola | 21:4534812bb94f | 335 | TCPSocket *socket = static_cast<TCPSocket *>(ctx); |
| vpcola | 21:4534812bb94f | 336 | sent = socket->send(buf, len); |
| vpcola | 21:4534812bb94f | 337 | |
| vpcola | 21:4534812bb94f | 338 | if(NSAPI_ERROR_WOULD_BLOCK == sent) { |
| vpcola | 21:4534812bb94f | 339 | return MBEDTLS_ERR_SSL_WANT_WRITE; |
| vpcola | 21:4534812bb94f | 340 | } |
| vpcola | 21:4534812bb94f | 341 | else if (sent < 0){ |
| vpcola | 21:4534812bb94f | 342 | return -1; |
| vpcola | 21:4534812bb94f | 343 | } |
| vpcola | 21:4534812bb94f | 344 | else { |
| vpcola | 21:4534812bb94f | 345 | return sent; |
| vpcola | 21:4534812bb94f | 346 | } |
| vpcola | 21:4534812bb94f | 347 | } |
| vpcola | 21:4534812bb94f | 348 | |
| vpcola | 21:4534812bb94f | 349 | void onError(TCPSocket *s, int error) { |
| vpcola | 21:4534812bb94f | 350 | s->close(); |
| vpcola | 21:4534812bb94f | 351 | _error = error; |
| vpcola | 21:4534812bb94f | 352 | } |
| vpcola | 21:4534812bb94f | 353 | |
| vpcola | 21:4534812bb94f | 354 | private: |
| vpcola | 21:4534812bb94f | 355 | NetworkInterface * network; |
| vpcola | 21:4534812bb94f | 356 | TCPSocket* tcpsocket; |
| vpcola | 21:4534812bb94f | 357 | const char * ssl_ca_pem; |
| vpcola | 21:4534812bb94f | 358 | bool _debug; |
| vpcola | 21:4534812bb94f | 359 | nsapi_error_t _error; |
| vpcola | 21:4534812bb94f | 360 | const char *DRBG_PERS; |
| vpcola | 21:4534812bb94f | 361 | int keepalive; |
| vpcola | 21:4534812bb94f | 362 | mbedtls_entropy_context _entropy; |
| vpcola | 21:4534812bb94f | 363 | mbedtls_ctr_drbg_context _ctr_drbg; |
| vpcola | 21:4534812bb94f | 364 | mbedtls_x509_crt _cacert; |
| vpcola | 21:4534812bb94f | 365 | mbedtls_ssl_context _ssl; |
| vpcola | 21:4534812bb94f | 366 | mbedtls_ssl_config _ssl_conf; |
| vpcola | 21:4534812bb94f | 367 | mbedtls_ssl_session saved_session; |
| vpcola | 21:4534812bb94f | 368 | |
| vpcola | 21:4534812bb94f | 369 | }; |
| vpcola | 21:4534812bb94f | 370 | |
| vpcola | 21:4534812bb94f | 371 | #endif // _MQTTNETWORK_H_ |