Nuvoton
NuMaker connection with AWS IoT thru MQTT/HTTPS
Dependencies: MQTT
Revision 17:6f0ff065cd76, committed 2018-12-13
- Comitter:
- ccli8
- Date:
- Thu Dec 13 13:08:21 2018 +0800
- Parent:
- 16:085ccdd153fe
- Child:
- 18:ff037d7b30f7
- Commit message:
- Fix TLSSocket name collision with mbed-os 5.11
Rename TLSSocket to MyTLSSocket
Changed in this revision
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/MyTLSSocket.h Thu Dec 13 13:08:21 2018 +0800
@@ -0,0 +1,422 @@
+#ifndef _MY_TLS_SOCKET_H_
+#define _MY_TLS_SOCKET_H_
+
+/* Change to a number between 1 and 4 to debug the TLS connection */
+#define DEBUG_LEVEL 0
+
+#include "mbedtls/platform.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+
+#if DEBUG_LEVEL > 0
+#include "mbedtls/debug.h"
+#endif
+
+#include "mbedtls_utils.h"
+
+/**
+ * \brief MyTLSSocket a wrapper around TCPSocket for interacting with TLS servers
+ */
+class MyTLSSocket {
+public:
+ MyTLSSocket(NetworkInterface* net_iface, const char* ssl_ca_pem, const char* ssl_owncert_pem, const char* ssl_own_priv_key_pem) {
+ _tcpsocket = new TCPSocket(net_iface);
+ _ssl_ca_pem = ssl_ca_pem;
+ _ssl_owncert_pem = ssl_owncert_pem;
+ _ssl_own_priv_key_pem = ssl_own_priv_key_pem;
+ _is_connected = false;
+ _debug = false;
+ _hostname = NULL;
+ _port = 0;
+ _error = 0;
+
+ DRBG_PERS = "mbed TLS helloword client";
+
+ mbedtls_entropy_init(&_entropy);
+ mbedtls_ctr_drbg_init(&_ctr_drbg);
+ mbedtls_x509_crt_init(&_cacert);
+ mbedtls_x509_crt_init(&_owncert);
+ mbedtls_pk_init(&_own_priv_key);
+ mbedtls_ssl_init(&_ssl);
+ mbedtls_ssl_config_init(&_ssl_conf);
+ }
+
+ ~MyTLSSocket() {
+ mbedtls_entropy_free(&_entropy);
+ mbedtls_ctr_drbg_free(&_ctr_drbg);
+ mbedtls_x509_crt_free(&_cacert);
+ mbedtls_x509_crt_free(&_owncert);
+ mbedtls_pk_free(&_own_priv_key);
+ mbedtls_ssl_free(&_ssl);
+ mbedtls_ssl_config_free(&_ssl_conf);
+
+ if (_tcpsocket) {
+ _tcpsocket->close();
+ delete _tcpsocket;
+ }
+
+ // @todo: free DRBG_PERS ?
+ }
+
+ /** Close the socket
+ *
+ * Closes any open connection and deallocates any memory associated
+ * with the socket. Called from destructor if socket is not closed.
+ *
+ * @return 0 on success, negative error code on failure
+ */
+ nsapi_error_t close() {
+ return _tcpsocket->close();
+ }
+
+ nsapi_error_t connect(const char *hostname, uint16_t port) {
+ _hostname = hostname;
+ _port = port;
+
+ /* Initialize the flags */
+ /*
+ * Initialize TLS-related stuf.
+ */
+ int ret;
+ if ((ret = mbedtls_ctr_drbg_seed(&_ctr_drbg, mbedtls_entropy_func, &_entropy,
+ (const unsigned char *) DRBG_PERS,
+ sizeof (DRBG_PERS))) != 0) {
+ print_mbedtls_error("mbedtls_crt_drbg_init", ret);
+ _error = ret;
+ return _error;
+ }
+
+ if ((ret = mbedtls_x509_crt_parse(&_cacert, (const unsigned char *)_ssl_ca_pem,
+ strlen(_ssl_ca_pem) + 1)) != 0) {
+ print_mbedtls_error("mbedtls_x509_crt_parse", ret);
+ _error = ret;
+ return _error;
+ }
+
+ if ((ret = mbedtls_x509_crt_parse(&_owncert, (const unsigned char *) _ssl_owncert_pem,
+ strlen(_ssl_owncert_pem) + 1)) != 0) {
+ print_mbedtls_error("mbedtls_x509_crt_parse", ret);
+ _error = ret;
+ return _error;
+ }
+
+ if ((ret = mbedtls_pk_parse_key(&_own_priv_key, (const unsigned char *) _ssl_own_priv_key_pem,
+ strlen(_ssl_own_priv_key_pem) + 1, NULL, 0)) != 0) {
+ print_mbedtls_error("mbedtls_pk_parse_key", ret);
+ _error = ret;
+ return _error;
+ }
+
+ if ((ret = mbedtls_ssl_config_defaults(&_ssl_conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ print_mbedtls_error("mbedtls_ssl_config_defaults", ret);
+ _error = ret;
+ return _error;
+ }
+
+ mbedtls_ssl_conf_ca_chain(&_ssl_conf, &_cacert, NULL);
+ mbedtls_ssl_conf_own_cert(&_ssl_conf, &_owncert, &_own_priv_key);
+ mbedtls_ssl_conf_rng(&_ssl_conf, mbedtls_ctr_drbg_random, &_ctr_drbg);
+
+ /* It is possible to disable authentication by passing
+ * MBEDTLS_SSL_VERIFY_NONE in the call to mbedtls_ssl_conf_authmode()
+ */
+ mbedtls_ssl_conf_authmode(&_ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+
+#if DEBUG_LEVEL > 0
+ mbedtls_ssl_conf_verify(&_ssl_conf, my_verify, NULL);
+ mbedtls_ssl_conf_dbg(&_ssl_conf, my_debug, NULL);
+ mbedtls_debug_set_threshold(DEBUG_LEVEL);
+#endif
+
+ if ((ret = mbedtls_ssl_setup(&_ssl, &_ssl_conf)) != 0) {
+ print_mbedtls_error("mbedtls_ssl_setup", ret);
+ _error = ret;
+ return _error;
+ }
+
+ mbedtls_ssl_set_hostname(&_ssl, _hostname);
+
+ mbedtls_ssl_set_bio(&_ssl, static_cast<void *>(_tcpsocket),
+ ssl_send, ssl_recv, NULL );
+
+ /* Connect to the server */
+ if (_debug) mbedtls_printf("Connecting to %s:%d\r\n", _hostname, _port);
+ ret = _tcpsocket->connect(_hostname, _port);
+ if (ret != NSAPI_ERROR_OK) {
+ if (_debug) mbedtls_printf("Failed to connect\r\n");
+ onError(_tcpsocket, -1);
+ return _error;
+ }
+
+ /* Start the handshake, the rest will be done in onReceive() */
+ if (_debug) mbedtls_printf("Starting the TLS handshake...\r\n");
+ do {
+ ret = mbedtls_ssl_handshake(&_ssl);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+ if (ret < 0) {
+ print_mbedtls_error("mbedtls_ssl_handshake", ret);
+ onError(_tcpsocket, ret);
+ return ret;
+ }
+
+ /* It also means the handshake is done, time to print info */
+ if (_debug) mbedtls_printf("TLS connection to %s:%d established\r\n", _hostname, _port);
+
+ const uint32_t buf_size = 1024;
+ char *buf = new char[buf_size];
+ mbedtls_x509_crt_info(buf, buf_size, "\r ",
+ mbedtls_ssl_get_peer_cert(&_ssl));
+ if (_debug) mbedtls_printf("Server certificate:\r\n%s\r", buf);
+
+ uint32_t flags = mbedtls_ssl_get_verify_result(&_ssl);
+ if( flags != 0 )
+ {
+ mbedtls_x509_crt_verify_info(buf, buf_size, "\r ! ", flags);
+ if (_debug) mbedtls_printf("Certificate verification failed:\r\n%s\r\r\n", buf);
+ }
+ else {
+ if (_debug) mbedtls_printf("Certificate verification passed\r\n\r\n");
+ }
+ delete [] buf;
+ buf = NULL;
+
+ _is_connected = true;
+
+ return 0;
+ }
+
+ /** Send data over a TCP socket
+ *
+ * The socket must be connected to a remote host. Returns the number of
+ * bytes sent from the buffer.
+ *
+ * By default, send blocks until all data is sent. If socket is set to
+ * non-blocking or times out, a partial amount can be written.
+ * NSAPI_ERROR_WOULD_BLOCK is returned if no data was written.
+ *
+ * @param data Buffer of data to send to the host
+ * @param size Size of the buffer in bytes
+ * @return Number of sent bytes on success, negative error
+ * code on failure
+ */
+ nsapi_size_or_error_t send(const void *data, nsapi_size_t size) {
+ return mbedtls_ssl_write(&_ssl, (const uint8_t *) data, size);
+ }
+
+ /** Receive data over a TCP socket
+ *
+ * The socket must be connected to a remote host. Returns the number of
+ * bytes received into the buffer.
+ *
+ * By default, recv blocks until some data is received. If socket is set to
+ * non-blocking or times out, NSAPI_ERROR_WOULD_BLOCK can be returned to
+ * indicate no data.
+ *
+ * @param data Destination buffer for data received from the host
+ * @param size Size of the buffer in bytes
+ * @return Number of received bytes on success, negative error
+ * code on failure
+ */
+ nsapi_size_or_error_t recv(void *data, nsapi_size_t size) {
+ return mbedtls_ssl_read(&_ssl, (uint8_t *) data, size);
+ }
+
+ /** Set blocking or non-blocking mode of the socket
+ *
+ * Initially all sockets are in blocking mode. In non-blocking mode
+ * blocking operations such as send/recv/accept return
+ * NSAPI_ERROR_WOULD_BLOCK if they can not continue.
+ *
+ * set_blocking(false) is equivalent to set_timeout(-1)
+ * set_blocking(true) is equivalent to set_timeout(0)
+ *
+ * @param blocking true for blocking mode, false for non-blocking mode.
+ */
+ void set_blocking(bool blocking) {
+ _tcpsocket->set_blocking(blocking);
+ }
+
+ /** Set timeout on blocking socket operations
+ *
+ * Initially all sockets have unbounded timeouts. NSAPI_ERROR_WOULD_BLOCK
+ * is returned if a blocking operation takes longer than the specified
+ * timeout. A timeout of 0 removes the timeout from the socket. A negative
+ * value give the socket an unbounded timeout.
+ *
+ * set_timeout(0) is equivalent to set_blocking(false)
+ * set_timeout(-1) is equivalent to set_blocking(true)
+ *
+ * @param timeout Timeout in milliseconds
+ */
+ void set_timeout(int timeout) {
+ _tcpsocket->set_timeout(timeout);
+ }
+
+ bool connected() {
+ return _is_connected;
+ }
+
+ nsapi_error_t error() {
+ return _error;
+ }
+
+ TCPSocket* get_tcp_socket() {
+ return _tcpsocket;
+ }
+
+ mbedtls_ssl_context* get_ssl_context() {
+ return &_ssl;
+ }
+
+ /**
+ * Set the debug flag.
+ *
+ * If this flag is set, debug information from mbed TLS will be logged to stdout.
+ */
+ void set_debug(bool debug) {
+ _debug = debug;
+ }
+
+ /**
+ * Timed recv for MQTT lib
+ */
+ int read(unsigned char* buffer, int len, int timeout) {
+ set_timeout(timeout);
+ int rc = recv(buffer, len);
+ return (rc == MBEDTLS_ERR_SSL_WANT_READ || rc == MBEDTLS_ERR_SSL_WANT_WRITE) ? 0 : rc;
+ }
+
+ /**
+ * Timed send for MQTT lib
+ */
+ int write(unsigned char* buffer, int len, int timeout) {
+ set_timeout(timeout);
+ int rc = send(buffer, len);
+ return (rc == MBEDTLS_ERR_SSL_WANT_READ || rc == MBEDTLS_ERR_SSL_WANT_WRITE) ? 0 : rc;
+ }
+
+protected:
+
+#if DEBUG_LEVEL > 0
+ /**
+ * Debug callback for mbed TLS
+ * Just prints on the USB serial port
+ */
+ static void my_debug(void *ctx, int level, const char *file, int line,
+ const char *str)
+ {
+ const char *p, *basename;
+ (void) ctx;
+
+ /* Extract basename from file */
+ for(p = basename = file; *p != '\0'; p++) {
+ if(*p == '/' || *p == '\\') {
+ basename = p + 1;
+ }
+ }
+
+ if (_debug) {
+ mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str);
+ }
+ }
+
+ /**
+ * Certificate verification callback for mbed TLS
+ * Here we only use it to display information on each cert in the chain
+ */
+ static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags)
+ {
+ const uint32_t buf_size = 1024;
+ char *buf = new char[buf_size];
+ (void) data;
+
+ if (_debug) mbedtls_printf("\nVerifying certificate at depth %d:\n", depth);
+ mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt);
+ if (_debug) mbedtls_printf("%s", buf);
+
+ if (*flags == 0)
+ if (_debug) mbedtls_printf("No verification issue for this certificate\n");
+ else
+ {
+ mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags);
+ if (_debug) mbedtls_printf("%s\n", buf);
+ }
+
+ delete[] buf;
+ return 0;
+ }
+#endif
+
+ /**
+ * Receive callback for mbed TLS
+ */
+ static int ssl_recv(void *ctx, unsigned char *buf, size_t len) {
+ int recv = -1;
+ TCPSocket *socket = static_cast<TCPSocket *>(ctx);
+ recv = socket->recv(buf, len);
+
+ if (NSAPI_ERROR_WOULD_BLOCK == recv) {
+ return MBEDTLS_ERR_SSL_WANT_READ;
+ }
+ else if (recv < 0) {
+ return -1;
+ }
+ else {
+ return recv;
+ }
+ }
+
+ /**
+ * Send callback for mbed TLS
+ */
+ static int ssl_send(void *ctx, const unsigned char *buf, size_t len) {
+ int size = -1;
+ TCPSocket *socket = static_cast<TCPSocket *>(ctx);
+ size = socket->send(buf, len);
+
+ if(NSAPI_ERROR_WOULD_BLOCK == size) {
+ return MBEDTLS_ERR_SSL_WANT_WRITE;
+ }
+ else if (size < 0){
+ return -1;
+ }
+ else {
+ return size;
+ }
+ }
+
+private:
+ void onError(TCPSocket *s, int error) {
+ s->close();
+ _error = error;
+ }
+
+ TCPSocket* _tcpsocket;
+
+ const char* DRBG_PERS;
+ const char* _ssl_ca_pem;
+ const char* _ssl_owncert_pem;
+ const char* _ssl_own_priv_key_pem;
+ const char* _hostname;
+ uint16_t _port;
+
+ bool _debug;
+ bool _is_connected;
+
+ nsapi_error_t _error;
+
+ mbedtls_entropy_context _entropy;
+ mbedtls_ctr_drbg_context _ctr_drbg;
+ mbedtls_x509_crt _cacert;
+ mbedtls_x509_crt _owncert;
+ mbedtls_pk_context _own_priv_key;
+ mbedtls_ssl_context _ssl;
+ mbedtls_ssl_config _ssl_conf;
+};
+
+#endif // _MY_TLS_SOCKET_H_
--- a/TLSSocket.h Fri Oct 12 17:57:02 2018 +0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,422 +0,0 @@
-#ifndef _TLS_SOCKET_H_
-#define _TLS_SOCKET_H_
-
-/* Change to a number between 1 and 4 to debug the TLS connection */
-#define DEBUG_LEVEL 0
-
-#include "mbedtls/platform.h"
-#include "mbedtls/ssl.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/error.h"
-
-#if DEBUG_LEVEL > 0
-#include "mbedtls/debug.h"
-#endif
-
-#include "mbedtls_utils.h"
-
-/**
- * \brief TLSSocket a wrapper around TCPSocket for interacting with TLS servers
- */
-class TLSSocket {
-public:
- TLSSocket(NetworkInterface* net_iface, const char* ssl_ca_pem, const char* ssl_owncert_pem, const char* ssl_own_priv_key_pem) {
- _tcpsocket = new TCPSocket(net_iface);
- _ssl_ca_pem = ssl_ca_pem;
- _ssl_owncert_pem = ssl_owncert_pem;
- _ssl_own_priv_key_pem = ssl_own_priv_key_pem;
- _is_connected = false;
- _debug = false;
- _hostname = NULL;
- _port = 0;
- _error = 0;
-
- DRBG_PERS = "mbed TLS helloword client";
-
- mbedtls_entropy_init(&_entropy);
- mbedtls_ctr_drbg_init(&_ctr_drbg);
- mbedtls_x509_crt_init(&_cacert);
- mbedtls_x509_crt_init(&_owncert);
- mbedtls_pk_init(&_own_priv_key);
- mbedtls_ssl_init(&_ssl);
- mbedtls_ssl_config_init(&_ssl_conf);
- }
-
- ~TLSSocket() {
- mbedtls_entropy_free(&_entropy);
- mbedtls_ctr_drbg_free(&_ctr_drbg);
- mbedtls_x509_crt_free(&_cacert);
- mbedtls_x509_crt_free(&_owncert);
- mbedtls_pk_free(&_own_priv_key);
- mbedtls_ssl_free(&_ssl);
- mbedtls_ssl_config_free(&_ssl_conf);
-
- if (_tcpsocket) {
- _tcpsocket->close();
- delete _tcpsocket;
- }
-
- // @todo: free DRBG_PERS ?
- }
-
- /** Close the socket
- *
- * Closes any open connection and deallocates any memory associated
- * with the socket. Called from destructor if socket is not closed.
- *
- * @return 0 on success, negative error code on failure
- */
- nsapi_error_t close() {
- return _tcpsocket->close();
- }
-
- nsapi_error_t connect(const char *hostname, uint16_t port) {
- _hostname = hostname;
- _port = port;
-
- /* Initialize the flags */
- /*
- * Initialize TLS-related stuf.
- */
- int ret;
- if ((ret = mbedtls_ctr_drbg_seed(&_ctr_drbg, mbedtls_entropy_func, &_entropy,
- (const unsigned char *) DRBG_PERS,
- sizeof (DRBG_PERS))) != 0) {
- print_mbedtls_error("mbedtls_crt_drbg_init", ret);
- _error = ret;
- return _error;
- }
-
- if ((ret = mbedtls_x509_crt_parse(&_cacert, (const unsigned char *)_ssl_ca_pem,
- strlen(_ssl_ca_pem) + 1)) != 0) {
- print_mbedtls_error("mbedtls_x509_crt_parse", ret);
- _error = ret;
- return _error;
- }
-
- if ((ret = mbedtls_x509_crt_parse(&_owncert, (const unsigned char *) _ssl_owncert_pem,
- strlen(_ssl_owncert_pem) + 1)) != 0) {
- print_mbedtls_error("mbedtls_x509_crt_parse", ret);
- _error = ret;
- return _error;
- }
-
- if ((ret = mbedtls_pk_parse_key(&_own_priv_key, (const unsigned char *) _ssl_own_priv_key_pem,
- strlen(_ssl_own_priv_key_pem) + 1, NULL, 0)) != 0) {
- print_mbedtls_error("mbedtls_pk_parse_key", ret);
- _error = ret;
- return _error;
- }
-
- if ((ret = mbedtls_ssl_config_defaults(&_ssl_conf,
- MBEDTLS_SSL_IS_CLIENT,
- MBEDTLS_SSL_TRANSPORT_STREAM,
- MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
- print_mbedtls_error("mbedtls_ssl_config_defaults", ret);
- _error = ret;
- return _error;
- }
-
- mbedtls_ssl_conf_ca_chain(&_ssl_conf, &_cacert, NULL);
- mbedtls_ssl_conf_own_cert(&_ssl_conf, &_owncert, &_own_priv_key);
- mbedtls_ssl_conf_rng(&_ssl_conf, mbedtls_ctr_drbg_random, &_ctr_drbg);
-
- /* It is possible to disable authentication by passing
- * MBEDTLS_SSL_VERIFY_NONE in the call to mbedtls_ssl_conf_authmode()
- */
- mbedtls_ssl_conf_authmode(&_ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
-
-#if DEBUG_LEVEL > 0
- mbedtls_ssl_conf_verify(&_ssl_conf, my_verify, NULL);
- mbedtls_ssl_conf_dbg(&_ssl_conf, my_debug, NULL);
- mbedtls_debug_set_threshold(DEBUG_LEVEL);
-#endif
-
- if ((ret = mbedtls_ssl_setup(&_ssl, &_ssl_conf)) != 0) {
- print_mbedtls_error("mbedtls_ssl_setup", ret);
- _error = ret;
- return _error;
- }
-
- mbedtls_ssl_set_hostname(&_ssl, _hostname);
-
- mbedtls_ssl_set_bio(&_ssl, static_cast<void *>(_tcpsocket),
- ssl_send, ssl_recv, NULL );
-
- /* Connect to the server */
- if (_debug) mbedtls_printf("Connecting to %s:%d\r\n", _hostname, _port);
- ret = _tcpsocket->connect(_hostname, _port);
- if (ret != NSAPI_ERROR_OK) {
- if (_debug) mbedtls_printf("Failed to connect\r\n");
- onError(_tcpsocket, -1);
- return _error;
- }
-
- /* Start the handshake, the rest will be done in onReceive() */
- if (_debug) mbedtls_printf("Starting the TLS handshake...\r\n");
- do {
- ret = mbedtls_ssl_handshake(&_ssl);
- } while (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE);
- if (ret < 0) {
- print_mbedtls_error("mbedtls_ssl_handshake", ret);
- onError(_tcpsocket, ret);
- return ret;
- }
-
- /* It also means the handshake is done, time to print info */
- if (_debug) mbedtls_printf("TLS connection to %s:%d established\r\n", _hostname, _port);
-
- const uint32_t buf_size = 1024;
- char *buf = new char[buf_size];
- mbedtls_x509_crt_info(buf, buf_size, "\r ",
- mbedtls_ssl_get_peer_cert(&_ssl));
- if (_debug) mbedtls_printf("Server certificate:\r\n%s\r", buf);
-
- uint32_t flags = mbedtls_ssl_get_verify_result(&_ssl);
- if( flags != 0 )
- {
- mbedtls_x509_crt_verify_info(buf, buf_size, "\r ! ", flags);
- if (_debug) mbedtls_printf("Certificate verification failed:\r\n%s\r\r\n", buf);
- }
- else {
- if (_debug) mbedtls_printf("Certificate verification passed\r\n\r\n");
- }
- delete [] buf;
- buf = NULL;
-
- _is_connected = true;
-
- return 0;
- }
-
- /** Send data over a TCP socket
- *
- * The socket must be connected to a remote host. Returns the number of
- * bytes sent from the buffer.
- *
- * By default, send blocks until all data is sent. If socket is set to
- * non-blocking or times out, a partial amount can be written.
- * NSAPI_ERROR_WOULD_BLOCK is returned if no data was written.
- *
- * @param data Buffer of data to send to the host
- * @param size Size of the buffer in bytes
- * @return Number of sent bytes on success, negative error
- * code on failure
- */
- nsapi_size_or_error_t send(const void *data, nsapi_size_t size) {
- return mbedtls_ssl_write(&_ssl, (const uint8_t *) data, size);
- }
-
- /** Receive data over a TCP socket
- *
- * The socket must be connected to a remote host. Returns the number of
- * bytes received into the buffer.
- *
- * By default, recv blocks until some data is received. If socket is set to
- * non-blocking or times out, NSAPI_ERROR_WOULD_BLOCK can be returned to
- * indicate no data.
- *
- * @param data Destination buffer for data received from the host
- * @param size Size of the buffer in bytes
- * @return Number of received bytes on success, negative error
- * code on failure
- */
- nsapi_size_or_error_t recv(void *data, nsapi_size_t size) {
- return mbedtls_ssl_read(&_ssl, (uint8_t *) data, size);
- }
-
- /** Set blocking or non-blocking mode of the socket
- *
- * Initially all sockets are in blocking mode. In non-blocking mode
- * blocking operations such as send/recv/accept return
- * NSAPI_ERROR_WOULD_BLOCK if they can not continue.
- *
- * set_blocking(false) is equivalent to set_timeout(-1)
- * set_blocking(true) is equivalent to set_timeout(0)
- *
- * @param blocking true for blocking mode, false for non-blocking mode.
- */
- void set_blocking(bool blocking) {
- _tcpsocket->set_blocking(blocking);
- }
-
- /** Set timeout on blocking socket operations
- *
- * Initially all sockets have unbounded timeouts. NSAPI_ERROR_WOULD_BLOCK
- * is returned if a blocking operation takes longer than the specified
- * timeout. A timeout of 0 removes the timeout from the socket. A negative
- * value give the socket an unbounded timeout.
- *
- * set_timeout(0) is equivalent to set_blocking(false)
- * set_timeout(-1) is equivalent to set_blocking(true)
- *
- * @param timeout Timeout in milliseconds
- */
- void set_timeout(int timeout) {
- _tcpsocket->set_timeout(timeout);
- }
-
- bool connected() {
- return _is_connected;
- }
-
- nsapi_error_t error() {
- return _error;
- }
-
- TCPSocket* get_tcp_socket() {
- return _tcpsocket;
- }
-
- mbedtls_ssl_context* get_ssl_context() {
- return &_ssl;
- }
-
- /**
- * Set the debug flag.
- *
- * If this flag is set, debug information from mbed TLS will be logged to stdout.
- */
- void set_debug(bool debug) {
- _debug = debug;
- }
-
- /**
- * Timed recv for MQTT lib
- */
- int read(unsigned char* buffer, int len, int timeout) {
- set_timeout(timeout);
- int rc = recv(buffer, len);
- return (rc == MBEDTLS_ERR_SSL_WANT_READ || rc == MBEDTLS_ERR_SSL_WANT_WRITE) ? 0 : rc;
- }
-
- /**
- * Timed send for MQTT lib
- */
- int write(unsigned char* buffer, int len, int timeout) {
- set_timeout(timeout);
- int rc = send(buffer, len);
- return (rc == MBEDTLS_ERR_SSL_WANT_READ || rc == MBEDTLS_ERR_SSL_WANT_WRITE) ? 0 : rc;
- }
-
-protected:
-
-#if DEBUG_LEVEL > 0
- /**
- * Debug callback for mbed TLS
- * Just prints on the USB serial port
- */
- static void my_debug(void *ctx, int level, const char *file, int line,
- const char *str)
- {
- const char *p, *basename;
- (void) ctx;
-
- /* Extract basename from file */
- for(p = basename = file; *p != '\0'; p++) {
- if(*p == '/' || *p == '\\') {
- basename = p + 1;
- }
- }
-
- if (_debug) {
- mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str);
- }
- }
-
- /**
- * Certificate verification callback for mbed TLS
- * Here we only use it to display information on each cert in the chain
- */
- static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags)
- {
- const uint32_t buf_size = 1024;
- char *buf = new char[buf_size];
- (void) data;
-
- if (_debug) mbedtls_printf("\nVerifying certificate at depth %d:\n", depth);
- mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt);
- if (_debug) mbedtls_printf("%s", buf);
-
- if (*flags == 0)
- if (_debug) mbedtls_printf("No verification issue for this certificate\n");
- else
- {
- mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags);
- if (_debug) mbedtls_printf("%s\n", buf);
- }
-
- delete[] buf;
- return 0;
- }
-#endif
-
- /**
- * Receive callback for mbed TLS
- */
- static int ssl_recv(void *ctx, unsigned char *buf, size_t len) {
- int recv = -1;
- TCPSocket *socket = static_cast<TCPSocket *>(ctx);
- recv = socket->recv(buf, len);
-
- if (NSAPI_ERROR_WOULD_BLOCK == recv) {
- return MBEDTLS_ERR_SSL_WANT_READ;
- }
- else if (recv < 0) {
- return -1;
- }
- else {
- return recv;
- }
- }
-
- /**
- * Send callback for mbed TLS
- */
- static int ssl_send(void *ctx, const unsigned char *buf, size_t len) {
- int size = -1;
- TCPSocket *socket = static_cast<TCPSocket *>(ctx);
- size = socket->send(buf, len);
-
- if(NSAPI_ERROR_WOULD_BLOCK == size) {
- return MBEDTLS_ERR_SSL_WANT_WRITE;
- }
- else if (size < 0){
- return -1;
- }
- else {
- return size;
- }
- }
-
-private:
- void onError(TCPSocket *s, int error) {
- s->close();
- _error = error;
- }
-
- TCPSocket* _tcpsocket;
-
- const char* DRBG_PERS;
- const char* _ssl_ca_pem;
- const char* _ssl_owncert_pem;
- const char* _ssl_own_priv_key_pem;
- const char* _hostname;
- uint16_t _port;
-
- bool _debug;
- bool _is_connected;
-
- nsapi_error_t _error;
-
- mbedtls_entropy_context _entropy;
- mbedtls_ctr_drbg_context _ctr_drbg;
- mbedtls_x509_crt _cacert;
- mbedtls_x509_crt _owncert;
- mbedtls_pk_context _own_priv_key;
- mbedtls_ssl_context _ssl;
- mbedtls_ssl_config _ssl_conf;
-};
-
-#endif // _TLS_SOCKET_H_
--- a/main.cpp Fri Oct 12 17:57:02 2018 +0800
+++ b/main.cpp Thu Dec 13 13:08:21 2018 +0800
@@ -15,8 +15,8 @@
#include "mbed.h"
-/* TLSSocket = Mbed TLS over TCPSocket */
-#include "TLSSocket.h"
+/* MyTLSSocket = Mbed TLS over TCPSocket */
+#include "MyTLSSocket.h"
/* Measure memory footprint */
#include "mbed_stats.h"
@@ -239,13 +239,13 @@
*/
AWS_IoT_MQTT_Test(const char * domain, const uint16_t port, NetworkInterface *net_iface) :
_domain(domain), _port(port) {
- _tlssocket = new TLSSocket(net_iface, SSL_CA_CERT_PEM, SSL_USER_CERT_PEM, SSL_USER_PRIV_KEY_PEM);
+ _tlssocket = new MyTLSSocket(net_iface, SSL_CA_CERT_PEM, SSL_USER_CERT_PEM, SSL_USER_PRIV_KEY_PEM);
/* Blocking mode */
_tlssocket->set_blocking(true);
/* Print Mbed TLS handshake log */
_tlssocket->set_debug(true);
- _mqtt_client = new MQTT::Client<TLSSocket, Countdown, MAX_MQTT_PACKET_SIZE>(*_tlssocket);
+ _mqtt_client = new MQTT::Client<MyTLSSocket, Countdown, MAX_MQTT_PACKET_SIZE>(*_tlssocket);
}
/**
@@ -435,8 +435,8 @@
}
protected:
- TLSSocket * _tlssocket;
- MQTT::Client<TLSSocket, Countdown, MAX_MQTT_PACKET_SIZE> * _mqtt_client;
+ MyTLSSocket * _tlssocket;
+ MQTT::Client<MyTLSSocket, Countdown, MAX_MQTT_PACKET_SIZE> * _mqtt_client;
const char *_domain; /**< Domain name of the MQTT server */
const uint16_t _port; /**< Port number of the MQTT server */
@@ -482,7 +482,7 @@
AWS_IoT_HTTPS_Test(const char * domain, const uint16_t port, NetworkInterface *net_iface) :
_domain(domain), _port(port) {
- _tlssocket = new TLSSocket(net_iface, SSL_CA_CERT_PEM, SSL_USER_CERT_PEM, SSL_USER_PRIV_KEY_PEM);
+ _tlssocket = new MyTLSSocket(net_iface, SSL_CA_CERT_PEM, SSL_USER_CERT_PEM, SSL_USER_PRIV_KEY_PEM);
/* Non-blocking mode */
_tlssocket->set_blocking(false);
/* Print Mbed TLS handshake log */
@@ -687,7 +687,7 @@
}
protected:
- TLSSocket * _tlssocket;
+ MyTLSSocket * _tlssocket;
const char *_domain; /**< Domain name of the HTTPS server */
const uint16_t _port; /**< Port number of the HTTPS server */