mirror of
https://github.com/FreeRTOS/FreeRTOS-Kernel.git
synced 2025-10-17 10:17:45 -04:00
Remove using_mbedtls folder and move its content to the parent folder (#717)
Move the contents of FreeRTOS/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/ to its parent folder i.e. FreeRTOS/FreeRTOS-Plus/Source/Application-Protocols/network_transport/. This removes one unnecessary folder in the hierarchy.
This commit is contained in:
parent
575acb8a1a
commit
426ad44c05
48 changed files with 179 additions and 157 deletions
File diff suppressed because it is too large
Load diff
|
@ -1,231 +0,0 @@
|
|||
/*
|
||||
* FreeRTOS V202111.00
|
||||
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||
* this software and associated documentation files (the "Software"), to deal in
|
||||
* the Software without restriction, including without limitation the rights to
|
||||
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
||||
* the Software, and to permit persons to whom the Software is furnished to do so,
|
||||
* subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
||||
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
*
|
||||
* https://www.FreeRTOS.org
|
||||
* https://github.com/FreeRTOS
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* @file tls_freertos_pkcs11.h
|
||||
* @brief TLS transport interface header.
|
||||
* @note This file is derived from the tls_freertos.h header file found in the mqtt
|
||||
* section of IoT Libraries source code. The file has been modified to support using
|
||||
* PKCS #11 when using TLS.
|
||||
*/
|
||||
|
||||
#ifndef USING_MBEDTLS_PKCS11
|
||||
#define USING_MBEDTLS_PKCS11
|
||||
|
||||
/**************************************************/
|
||||
/******* DO NOT CHANGE the following order ********/
|
||||
/**************************************************/
|
||||
|
||||
/* Logging related header files are required to be included in the following order:
|
||||
* 1. Include the header file "logging_levels.h".
|
||||
* 2. Define LIBRARY_LOG_NAME and LIBRARY_LOG_LEVEL.
|
||||
* 3. Include the header file "logging_stack.h".
|
||||
*/
|
||||
|
||||
/* Include header that defines log levels. */
|
||||
#include "logging_levels.h"
|
||||
|
||||
/* Logging configuration for the Sockets. */
|
||||
#ifndef LIBRARY_LOG_NAME
|
||||
#define LIBRARY_LOG_NAME "PkcsTlsTransport"
|
||||
#endif
|
||||
#ifndef LIBRARY_LOG_LEVEL
|
||||
#define LIBRARY_LOG_LEVEL LOG_ERROR
|
||||
#endif
|
||||
|
||||
/* Prototype for the function used to print to console on Windows simulator
|
||||
* of FreeRTOS.
|
||||
* The function prints to the console before the network is connected;
|
||||
* then a UDP port after the network has connected. */
|
||||
extern void vLoggingPrintf( const char * pcFormatString,
|
||||
... );
|
||||
|
||||
/* Map the SdkLog macro to the logging function to enable logging
|
||||
* on Windows simulator. */
|
||||
#ifndef SdkLog
|
||||
#define SdkLog( message ) vLoggingPrintf message
|
||||
#endif
|
||||
|
||||
#include "logging_stack.h"
|
||||
|
||||
/************ End of logging configuration ****************/
|
||||
|
||||
/* FreeRTOS+TCP include. */
|
||||
#include "FreeRTOS_Sockets.h"
|
||||
|
||||
/* Transport interface include. */
|
||||
#include "transport_interface.h"
|
||||
|
||||
/* mbed TLS includes. */
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/ssl.h"
|
||||
#include "mbedtls/threading.h"
|
||||
#include "mbedtls/x509.h"
|
||||
#include "mbedtls/pk.h"
|
||||
#include "mbedtls/pk_internal.h"
|
||||
#include "mbedtls/error.h"
|
||||
|
||||
/* PKCS #11 includes. */
|
||||
#include "core_pkcs11.h"
|
||||
|
||||
/**
|
||||
* @brief Secured connection context.
|
||||
*/
|
||||
typedef struct SSLContext
|
||||
{
|
||||
mbedtls_ssl_config config; /**< @brief SSL connection configuration. */
|
||||
mbedtls_ssl_context context; /**< @brief SSL connection context */
|
||||
mbedtls_x509_crt_profile certProfile; /**< @brief Certificate security profile for this connection. */
|
||||
mbedtls_x509_crt rootCa; /**< @brief Root CA certificate context. */
|
||||
mbedtls_x509_crt clientCert; /**< @brief Client certificate context. */
|
||||
mbedtls_pk_context privKey; /**< @brief Client private key context. */
|
||||
mbedtls_pk_info_t privKeyInfo; /**< @brief Client private key info. */
|
||||
|
||||
/* PKCS#11. */
|
||||
CK_FUNCTION_LIST_PTR pxP11FunctionList;
|
||||
CK_SESSION_HANDLE xP11Session;
|
||||
CK_OBJECT_HANDLE xP11PrivateKey;
|
||||
CK_KEY_TYPE xKeyType;
|
||||
} SSLContext_t;
|
||||
|
||||
/**
|
||||
* @brief Definition of the network context for the transport interface
|
||||
* implementation that uses mbedTLS and FreeRTOS+TLS sockets.
|
||||
*/
|
||||
typedef struct TlsTransportParams
|
||||
{
|
||||
Socket_t tcpSocket;
|
||||
SSLContext_t sslContext;
|
||||
} TlsTransportParams_t;
|
||||
|
||||
/**
|
||||
* @brief Contains the credentials necessary for tls connection setup.
|
||||
*/
|
||||
typedef struct NetworkCredentials
|
||||
{
|
||||
/**
|
||||
* @brief To use ALPN, set this to a NULL-terminated list of supported
|
||||
* protocols in decreasing order of preference.
|
||||
*
|
||||
* See [this link]
|
||||
* (https://aws.amazon.com/blogs/iot/mqtt-with-tls-client-authentication-on-port-443-why-it-is-useful-and-how-it-works/)
|
||||
* for more information.
|
||||
*/
|
||||
const char ** pAlpnProtos;
|
||||
|
||||
/**
|
||||
* @brief Disable server name indication (SNI) for a TLS session.
|
||||
*/
|
||||
BaseType_t disableSni;
|
||||
|
||||
const unsigned char * pRootCa; /**< @brief String representing a trusted server root certificate. */
|
||||
size_t rootCaSize; /**< @brief Size associated with #NetworkCredentials.pRootCa. */
|
||||
const unsigned char * pUserName; /**< @brief String representing the username for MQTT. */
|
||||
size_t userNameSize; /**< @brief Size associated with #NetworkCredentials.pUserName. */
|
||||
const unsigned char * pPassword; /**< @brief String representing the password for MQTT. */
|
||||
size_t passwordSize; /**< @brief Size associated with #NetworkCredentials.pPassword. */
|
||||
} NetworkCredentials_t;
|
||||
|
||||
/**
|
||||
* @brief TLS Connect / Disconnect return status.
|
||||
*/
|
||||
typedef enum TlsTransportStatus
|
||||
{
|
||||
TLS_TRANSPORT_SUCCESS = 0, /**< Function successfully completed. */
|
||||
TLS_TRANSPORT_INVALID_PARAMETER, /**< At least one parameter was invalid. */
|
||||
TLS_TRANSPORT_INSUFFICIENT_MEMORY, /**< Insufficient memory required to establish connection. */
|
||||
TLS_TRANSPORT_INVALID_CREDENTIALS, /**< Provided credentials were invalid. */
|
||||
TLS_TRANSPORT_HANDSHAKE_FAILED, /**< Performing TLS handshake with server failed. */
|
||||
TLS_TRANSPORT_INTERNAL_ERROR, /**< A call to a system API resulted in an internal error. */
|
||||
TLS_TRANSPORT_CONNECT_FAILURE /**< Initial connection to the server failed. */
|
||||
} TlsTransportStatus_t;
|
||||
|
||||
/**
|
||||
* @brief Create a TLS connection with FreeRTOS sockets.
|
||||
*
|
||||
* @param[out] pNetworkContext Pointer to a network context to contain the
|
||||
* initialized socket handle.
|
||||
* @param[in] pHostName The hostname of the remote endpoint.
|
||||
* @param[in] port The destination port.
|
||||
* @param[in] pNetworkCredentials Credentials for the TLS connection.
|
||||
* @param[in] receiveTimeoutMs Receive socket timeout.
|
||||
* @param[in] sendTimeoutMs Send socket timeout.
|
||||
*
|
||||
* @return #TLS_TRANSPORT_SUCCESS, #TLS_TRANSPORT_INSUFFICIENT_MEMORY, #TLS_TRANSPORT_INVALID_CREDENTIALS,
|
||||
* #TLS_TRANSPORT_HANDSHAKE_FAILED, #TLS_TRANSPORT_INTERNAL_ERROR, or #TLS_TRANSPORT_CONNECT_FAILURE.
|
||||
*/
|
||||
TlsTransportStatus_t TLS_FreeRTOS_Connect( NetworkContext_t * pNetworkContext,
|
||||
const char * pHostName,
|
||||
uint16_t port,
|
||||
const NetworkCredentials_t * pNetworkCredentials,
|
||||
uint32_t receiveTimeoutMs,
|
||||
uint32_t sendTimeoutMs );
|
||||
|
||||
/**
|
||||
* @brief Gracefully disconnect an established TLS connection.
|
||||
*
|
||||
* @param[in] pNetworkContext Network context.
|
||||
*/
|
||||
void TLS_FreeRTOS_Disconnect( NetworkContext_t * pNetworkContext );
|
||||
|
||||
/**
|
||||
* @brief Receives data from an established TLS connection.
|
||||
*
|
||||
* This is the TLS version of the transport interface's
|
||||
* #TransportRecv_t function.
|
||||
*
|
||||
* @param[in] pNetworkContext The Network context.
|
||||
* @param[out] pBuffer Buffer to receive bytes into.
|
||||
* @param[in] bytesToRecv Number of bytes to receive from the network.
|
||||
*
|
||||
* @return Number of bytes (> 0) received if successful;
|
||||
* 0 if the socket times out without reading any bytes;
|
||||
* negative value on error.
|
||||
*/
|
||||
int32_t TLS_FreeRTOS_recv( NetworkContext_t * pNetworkContext,
|
||||
void * pBuffer,
|
||||
size_t bytesToRecv );
|
||||
|
||||
/**
|
||||
* @brief Sends data over an established TLS connection.
|
||||
*
|
||||
* This is the TLS version of the transport interface's
|
||||
* #TransportSend_t function.
|
||||
*
|
||||
* @param[in] pNetworkContext The network context.
|
||||
* @param[in] pBuffer Buffer containing the bytes to send.
|
||||
* @param[in] bytesToSend Number of bytes to send from the buffer.
|
||||
*
|
||||
* @return Number of bytes (> 0) sent on success;
|
||||
* 0 if the socket times out without sending any bytes;
|
||||
* else a negative value to represent error.
|
||||
*/
|
||||
int32_t TLS_FreeRTOS_send( NetworkContext_t * pNetworkContext,
|
||||
const void * pBuffer,
|
||||
size_t bytesToSend );
|
||||
|
||||
#endif /* ifndef USING_MBEDTLS_PKCS11 */
|
|
@ -1,199 +0,0 @@
|
|||
/*
|
||||
* FreeRTOS V202111.00
|
||||
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||
* this software and associated documentation files (the "Software"), to deal in
|
||||
* the Software without restriction, including without limitation the rights to
|
||||
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
||||
* the Software, and to permit persons to whom the Software is furnished to do so,
|
||||
* subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
||||
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
*
|
||||
* https://www.FreeRTOS.org
|
||||
* https://github.com/FreeRTOS
|
||||
*
|
||||
*/
|
||||
|
||||
/* Standard includes. */
|
||||
#include <string.h>
|
||||
|
||||
/* FreeRTOS includes. */
|
||||
#include "FreeRTOS.h"
|
||||
#if ( configUSE_PREEMPTION == 0 )
|
||||
#include "task.h"
|
||||
#endif
|
||||
|
||||
/* FreeRTOS+TCP includes. */
|
||||
#include "FreeRTOS_IP.h"
|
||||
#include "FreeRTOS_Sockets.h"
|
||||
|
||||
/* FreeRTOS Socket wrapper include. */
|
||||
#include "sockets_wrapper.h"
|
||||
|
||||
/* Transport interface include. */
|
||||
#include "using_plaintext.h"
|
||||
|
||||
/*-----------------------------------------------------------*/
|
||||
|
||||
/**
|
||||
* @brief Each compilation unit that consumes the NetworkContext must define it.
|
||||
* It should contain a single pointer as seen below whenever the header file
|
||||
* of this transport implementation is included to your project.
|
||||
*
|
||||
* @note When using multiple transports in the same compilation unit,
|
||||
* define this pointer as void *.
|
||||
*/
|
||||
struct NetworkContext
|
||||
{
|
||||
PlaintextTransportParams_t * pParams;
|
||||
};
|
||||
|
||||
/*-----------------------------------------------------------*/
|
||||
|
||||
PlaintextTransportStatus_t Plaintext_FreeRTOS_Connect( NetworkContext_t * pNetworkContext,
|
||||
const char * pHostName,
|
||||
uint16_t port,
|
||||
uint32_t receiveTimeoutMs,
|
||||
uint32_t sendTimeoutMs )
|
||||
{
|
||||
PlaintextTransportParams_t * pPlaintextTransportParams = NULL;
|
||||
PlaintextTransportStatus_t plaintextStatus = PLAINTEXT_TRANSPORT_SUCCESS;
|
||||
BaseType_t socketStatus = 0;
|
||||
|
||||
if( ( pNetworkContext == NULL ) || ( pNetworkContext->pParams == NULL ) || ( pHostName == NULL ) )
|
||||
{
|
||||
LogError( ( "Invalid input parameter(s): Arguments cannot be NULL. pNetworkContext=%p, "
|
||||
"pHostName=%p.",
|
||||
pNetworkContext,
|
||||
pHostName ) );
|
||||
plaintextStatus = PLAINTEXT_TRANSPORT_INVALID_PARAMETER;
|
||||
}
|
||||
else
|
||||
{
|
||||
pPlaintextTransportParams = pNetworkContext->pParams;
|
||||
/* Establish a TCP connection with the server. */
|
||||
socketStatus = Sockets_Connect( &( pPlaintextTransportParams->tcpSocket ),
|
||||
pHostName,
|
||||
port,
|
||||
receiveTimeoutMs,
|
||||
sendTimeoutMs );
|
||||
|
||||
/* A non zero status is an error. */
|
||||
if( socketStatus != 0 )
|
||||
{
|
||||
LogError( ( "Failed to connect to %s with error %d.",
|
||||
pHostName,
|
||||
socketStatus ) );
|
||||
plaintextStatus = PLAINTEXT_TRANSPORT_CONNECT_FAILURE;
|
||||
}
|
||||
}
|
||||
|
||||
return plaintextStatus;
|
||||
}
|
||||
|
||||
PlaintextTransportStatus_t Plaintext_FreeRTOS_Disconnect( const NetworkContext_t * pNetworkContext )
|
||||
{
|
||||
PlaintextTransportParams_t * pPlaintextTransportParams = NULL;
|
||||
PlaintextTransportStatus_t plaintextStatus = PLAINTEXT_TRANSPORT_SUCCESS;
|
||||
|
||||
if( ( pNetworkContext == NULL ) || ( pNetworkContext->pParams == NULL ) )
|
||||
{
|
||||
LogError( ( "pNetworkContext cannot be NULL." ) );
|
||||
plaintextStatus = PLAINTEXT_TRANSPORT_INVALID_PARAMETER;
|
||||
}
|
||||
else if( pNetworkContext->pParams->tcpSocket == FREERTOS_INVALID_SOCKET )
|
||||
{
|
||||
LogError( ( "pPlaintextTransportParams->tcpSocket cannot be an invalid socket." ) );
|
||||
plaintextStatus = PLAINTEXT_TRANSPORT_INVALID_PARAMETER;
|
||||
}
|
||||
else
|
||||
{
|
||||
pPlaintextTransportParams = pNetworkContext->pParams;
|
||||
/* Call socket disconnect function to close connection. */
|
||||
Sockets_Disconnect( pPlaintextTransportParams->tcpSocket );
|
||||
}
|
||||
|
||||
return plaintextStatus;
|
||||
}
|
||||
|
||||
int32_t Plaintext_FreeRTOS_recv( NetworkContext_t * pNetworkContext,
|
||||
void * pBuffer,
|
||||
size_t bytesToRecv )
|
||||
{
|
||||
PlaintextTransportParams_t * pPlaintextTransportParams = NULL;
|
||||
int32_t socketStatus = 1;
|
||||
|
||||
configASSERT( ( pNetworkContext != NULL ) && ( pNetworkContext->pParams != NULL ) );
|
||||
|
||||
pPlaintextTransportParams = pNetworkContext->pParams;
|
||||
|
||||
/* The TCP socket may have a receive block time. If bytesToRecv is greater
|
||||
* than 1 then a frame is likely already part way through reception and
|
||||
* blocking to wait for the desired number of bytes to be available is the
|
||||
* most efficient thing to do. If bytesToRecv is 1 then this may be a
|
||||
* speculative call to read to find the start of a new frame, in which case
|
||||
* blocking is not desirable as it could block an entire protocol agent
|
||||
* task for the duration of the read block time and therefore negatively
|
||||
* impact performance. So if bytesToRecv is 1 then don't call recv unless
|
||||
* it is known that bytes are already available. */
|
||||
if( bytesToRecv == 1 )
|
||||
{
|
||||
socketStatus = ( int32_t ) FreeRTOS_recvcount( pPlaintextTransportParams->tcpSocket );
|
||||
}
|
||||
|
||||
if( socketStatus > 0 )
|
||||
{
|
||||
socketStatus = FreeRTOS_recv( pPlaintextTransportParams->tcpSocket,
|
||||
pBuffer,
|
||||
bytesToRecv,
|
||||
0 );
|
||||
}
|
||||
|
||||
return socketStatus;
|
||||
}
|
||||
|
||||
int32_t Plaintext_FreeRTOS_send( NetworkContext_t * pNetworkContext,
|
||||
const void * pBuffer,
|
||||
size_t bytesToSend )
|
||||
{
|
||||
PlaintextTransportParams_t * pPlaintextTransportParams = NULL;
|
||||
int32_t socketStatus = 0;
|
||||
|
||||
configASSERT( ( pNetworkContext != NULL ) && ( pNetworkContext->pParams != NULL ) );
|
||||
|
||||
pPlaintextTransportParams = pNetworkContext->pParams;
|
||||
socketStatus = FreeRTOS_send( pPlaintextTransportParams->tcpSocket,
|
||||
pBuffer,
|
||||
bytesToSend,
|
||||
0 );
|
||||
|
||||
if( socketStatus == -pdFREERTOS_ERRNO_ENOSPC )
|
||||
{
|
||||
/* The TCP buffers could not accept any more bytes so zero bytes were sent.
|
||||
* This is not necessarily an error that should cause a disconnect
|
||||
* unless it persists. */
|
||||
socketStatus = 0;
|
||||
}
|
||||
|
||||
#if ( configUSE_PREEMPTION == 0 )
|
||||
{
|
||||
/* FreeRTOS_send adds the packet to be sent to the IP task's queue for later processing.
|
||||
* The packet is sent later by the IP task. When FreeRTOS is used in collaborative
|
||||
* mode (i.e. configUSE_PREEMPTION is 0), call taskYIELD to give IP task a chance to run
|
||||
* so that the packet is actually sent before this function returns. */
|
||||
taskYIELD();
|
||||
}
|
||||
#endif
|
||||
|
||||
return socketStatus;
|
||||
}
|
|
@ -1,152 +0,0 @@
|
|||
/*
|
||||
* FreeRTOS V202111.00
|
||||
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||
* this software and associated documentation files (the "Software"), to deal in
|
||||
* the Software without restriction, including without limitation the rights to
|
||||
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
||||
* the Software, and to permit persons to whom the Software is furnished to do so,
|
||||
* subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
||||
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
*
|
||||
* https://www.FreeRTOS.org
|
||||
* https://github.com/FreeRTOS
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef USING_PLAINTEXT_H
|
||||
#define USING_PLAINTEXT_H
|
||||
|
||||
/**************************************************/
|
||||
/******* DO NOT CHANGE the following order ********/
|
||||
/**************************************************/
|
||||
|
||||
/* Logging related header files are required to be included in the following order:
|
||||
* 1. Include the header file "logging_levels.h".
|
||||
* 2. Define LIBRARY_LOG_NAME and LIBRARY_LOG_LEVEL.
|
||||
* 3. Include the header file "logging_stack.h".
|
||||
*/
|
||||
|
||||
/* Include header that defines log levels. */
|
||||
#include "logging_levels.h"
|
||||
|
||||
/* Logging configuration for the Sockets. */
|
||||
#ifndef LIBRARY_LOG_NAME
|
||||
#define LIBRARY_LOG_NAME "PlaintextTransport"
|
||||
#endif
|
||||
#ifndef LIBRARY_LOG_LEVEL
|
||||
#define LIBRARY_LOG_LEVEL LOG_ERROR
|
||||
#endif
|
||||
|
||||
/* Prototype for the function used to print to console on Windows simulator
|
||||
* of FreeRTOS.
|
||||
* The function prints to the console before the network is connected;
|
||||
* then a UDP port after the network has connected. */
|
||||
extern void vLoggingPrintf( const char * pcFormatString,
|
||||
... );
|
||||
|
||||
/* Map the SdkLog macro to the logging function to enable logging
|
||||
* on Windows simulator. */
|
||||
#ifndef SdkLog
|
||||
#define SdkLog( message ) vLoggingPrintf message
|
||||
#endif
|
||||
|
||||
#include "logging_stack.h"
|
||||
|
||||
/************ End of logging configuration ****************/
|
||||
|
||||
/* FreeRTOS+TCP include. */
|
||||
#include "FreeRTOS_Sockets.h"
|
||||
|
||||
/* Transport interface include. */
|
||||
#include "transport_interface.h"
|
||||
|
||||
/**
|
||||
* @brief Parameters for the network context that uses FreeRTOS+TCP sockets.
|
||||
*/
|
||||
typedef struct PlaintextTransportParams
|
||||
{
|
||||
Socket_t tcpSocket;
|
||||
} PlaintextTransportParams_t;
|
||||
|
||||
/**
|
||||
* @brief Plain text transport Connect / Disconnect return status.
|
||||
*/
|
||||
typedef enum PlaintextTransportStatus
|
||||
{
|
||||
PLAINTEXT_TRANSPORT_SUCCESS = 1, /**< Function successfully completed. */
|
||||
PLAINTEXT_TRANSPORT_INVALID_PARAMETER = 2, /**< At least one parameter was invalid. */
|
||||
PLAINTEXT_TRANSPORT_CONNECT_FAILURE = 3 /**< Initial connection to the server failed. */
|
||||
} PlaintextTransportStatus_t;
|
||||
|
||||
/**
|
||||
* @brief Create a TCP connection with FreeRTOS sockets.
|
||||
*
|
||||
* @param[out] pNetworkContext Pointer to a network context to contain the
|
||||
* initialized socket handle.
|
||||
* @param[in] pHostName The hostname of the remote endpoint.
|
||||
* @param[in] port The destination port.
|
||||
* @param[in] receiveTimeoutMs Receive socket timeout.
|
||||
*
|
||||
* @return #PLAINTEXT_TRANSPORT_SUCCESS, #PLAINTEXT_TRANSPORT_INVALID_PARAMETER,
|
||||
* or #PLAINTEXT_TRANSPORT_CONNECT_FAILURE.
|
||||
*/
|
||||
PlaintextTransportStatus_t Plaintext_FreeRTOS_Connect( NetworkContext_t * pNetworkContext,
|
||||
const char * pHostName,
|
||||
uint16_t port,
|
||||
uint32_t receiveTimeoutMs,
|
||||
uint32_t sendTimeoutMs );
|
||||
|
||||
/**
|
||||
* @brief Gracefully disconnect an established TCP connection.
|
||||
*
|
||||
* @param[in] pNetworkContext Network context containing the TCP socket handle.
|
||||
*
|
||||
* @return #PLAINTEXT_TRANSPORT_SUCCESS, or #PLAINTEXT_TRANSPORT_INVALID_PARAMETER.
|
||||
*/
|
||||
PlaintextTransportStatus_t Plaintext_FreeRTOS_Disconnect( const NetworkContext_t * pNetworkContext );
|
||||
|
||||
/**
|
||||
* @brief Receives data from an established TCP connection.
|
||||
*
|
||||
* @note When the number of bytes requested is 1, the TCP socket's Rx stream
|
||||
* is checked for available bytes to read. If there are none, this function
|
||||
* immediately returns 0 without blocking.
|
||||
*
|
||||
* @param[in] pNetworkContext The network context containing the TCP socket
|
||||
* handle.
|
||||
* @param[out] pBuffer Buffer to receive bytes into.
|
||||
* @param[in] bytesToRecv Number of bytes to receive from the network.
|
||||
*
|
||||
* @return Number of bytes received if successful; 0 if the socket times out;
|
||||
* Negative value on error.
|
||||
*/
|
||||
int32_t Plaintext_FreeRTOS_recv( NetworkContext_t * pNetworkContext,
|
||||
void * pBuffer,
|
||||
size_t bytesToRecv );
|
||||
|
||||
/**
|
||||
* @brief Sends data over an established TCP connection.
|
||||
*
|
||||
* @param[in] pNetworkContext The network context containing the TCP socket
|
||||
* handle.
|
||||
* @param[in] pBuffer Buffer containing the bytes to send.
|
||||
* @param[in] bytesToSend Number of bytes to send from the buffer.
|
||||
*
|
||||
* @return Number of bytes sent on success; else a negative value.
|
||||
*/
|
||||
int32_t Plaintext_FreeRTOS_send( NetworkContext_t * pNetworkContext,
|
||||
const void * pBuffer,
|
||||
size_t bytesToSend );
|
||||
|
||||
#endif /* ifndef USING_PLAINTEXT_H */
|
|
@ -1,536 +0,0 @@
|
|||
/*
|
||||
* FreeRTOS V202111.00
|
||||
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||
* this software and associated documentation files (the "Software"), to deal in
|
||||
* the Software without restriction, including without limitation the rights to
|
||||
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
||||
* the Software, and to permit persons to whom the Software is furnished to do so,
|
||||
* subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
||||
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
*
|
||||
* https://www.FreeRTOS.org
|
||||
* https://github.com/FreeRTOS
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* @file using_wolfSSL.c
|
||||
* @brief TLS transport interface implementations. This implementation uses
|
||||
* wolfSSL.
|
||||
*/
|
||||
|
||||
/* Standard includes. */
|
||||
#include <string.h>
|
||||
|
||||
/* FreeRTOS includes. */
|
||||
#include "FreeRTOS.h"
|
||||
|
||||
/* FreeRTOS+TCP includes. */
|
||||
#include "FreeRTOS_IP.h"
|
||||
#include "FreeRTOS_Sockets.h"
|
||||
|
||||
/* TLS transport header. */
|
||||
#include "using_wolfSSL.h"
|
||||
|
||||
/* FreeRTOS Socket wrapper include. */
|
||||
#include "sockets_wrapper.h"
|
||||
|
||||
|
||||
/* wolfSSL user settings header */
|
||||
#include "user_settings.h"
|
||||
|
||||
/* Demo Specific configs. */
|
||||
#include "demo_config.h"
|
||||
|
||||
/**
|
||||
* @brief Initialize the TLS structures in a network connection.
|
||||
*
|
||||
* @param[in] pSslContext The SSL context to initialize.
|
||||
*/
|
||||
static void sslContextInit( SSLContext_t * pSslContext );
|
||||
|
||||
/**
|
||||
* @brief Free the TLS structures in a network connection.
|
||||
*
|
||||
* @param[in] pSslContext The SSL context to free.
|
||||
*/
|
||||
static void sslContextFree( SSLContext_t * pSslContext );
|
||||
|
||||
/**
|
||||
* @brief Set up TLS on a TCP connection.
|
||||
*
|
||||
* @param[in] pNetworkContext Network context.
|
||||
* @param[in] pHostName Remote host name, used for server name indication.
|
||||
* @param[in] pNetworkCredentials TLS setup parameters.
|
||||
*
|
||||
* @return #TLS_TRANSPORT_SUCCESS, #TLS_TRANSPORT_INSUFFICIENT_MEMORY, #TLS_TRANSPORT_INVALID_CREDENTIALS,
|
||||
* #TLS_TRANSPORT_HANDSHAKE_FAILED, or #TLS_TRANSPORT_INTERNAL_ERROR.
|
||||
*/
|
||||
static TlsTransportStatus_t tlsSetup( NetworkContext_t * pNetworkContext,
|
||||
const char * pHostName,
|
||||
const NetworkCredentials_t * pNetworkCredentials );
|
||||
|
||||
/**
|
||||
* @brief Initialize TLS component.
|
||||
*
|
||||
* @return #TLS_TRANSPORT_SUCCESS, #TLS_TRANSPORT_INSUFFICIENT_MEMORY, or #TLS_TRANSPORT_INTERNAL_ERROR.
|
||||
*/
|
||||
static TlsTransportStatus_t initTLS( void );
|
||||
|
||||
/*
|
||||
* @brief Receive date from the socket passed as the context
|
||||
*
|
||||
* @param[in] ssl WOLFSSL object.
|
||||
* @param[in] buf Buffer for received data
|
||||
* @param[in] sz Size to receive
|
||||
* @param[in] context Socket to be received from
|
||||
*
|
||||
* @return received size( > 0 ), #WOLFSSL_CBIO_ERR_CONN_CLOSE, #WOLFSSL_CBIO_ERR_WANT_READ.
|
||||
*/
|
||||
static int wolfSSL_IORecvGlue( WOLFSSL * ssl,
|
||||
char * buf,
|
||||
int sz,
|
||||
void * context );
|
||||
|
||||
/*
|
||||
* @brief Send date to the socket passed as the context
|
||||
*
|
||||
* @param[in] ssl WOLFSSL object.
|
||||
* @param[in] buf Buffer for data to be sent
|
||||
* @param[in] sz Size to send
|
||||
* @param[in] context Socket to be sent to
|
||||
*
|
||||
* @return received size( > 0 ), #WOLFSSL_CBIO_ERR_CONN_CLOSE, #WOLFSSL_CBIO_ERR_WANT_WRITE.
|
||||
*/
|
||||
static int wolfSSL_IOSendGlue( WOLFSSL * ssl,
|
||||
char * buf,
|
||||
int sz,
|
||||
void * context );
|
||||
|
||||
/*
|
||||
* @brief Load credentials from file/buffer
|
||||
*
|
||||
* @param[in] pNetCtx NetworkContext_t
|
||||
* @param[in] pNetCred NetworkCredentials_t
|
||||
*
|
||||
* @return #TLS_TRANSPORT_SUCCESS, #TLS_TRANSPORT_INVALID_CREDENTIALS.
|
||||
*/
|
||||
static TlsTransportStatus_t loadCredentials( NetworkContext_t * pNetCtx,
|
||||
const NetworkCredentials_t * pNetCred );
|
||||
|
||||
/*-----------------------------------------------------------*/
|
||||
static int wolfSSL_IORecvGlue( WOLFSSL * ssl,
|
||||
char * buf,
|
||||
int sz,
|
||||
void * context )
|
||||
{
|
||||
( void ) ssl; /* to prevent unused warning*/
|
||||
BaseType_t read = 0;
|
||||
|
||||
Socket_t xSocket = ( Socket_t ) context;
|
||||
|
||||
|
||||
read = FreeRTOS_recv( xSocket, ( void * ) buf, ( size_t ) sz, 0 );
|
||||
|
||||
if( ( read == 0 ) ||
|
||||
( read == -pdFREERTOS_ERRNO_EWOULDBLOCK ) )
|
||||
{
|
||||
read = WOLFSSL_CBIO_ERR_WANT_READ;
|
||||
}
|
||||
else if( read == -pdFREERTOS_ERRNO_ENOTCONN )
|
||||
{
|
||||
read = WOLFSSL_CBIO_ERR_CONN_CLOSE;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* do nothing */
|
||||
}
|
||||
|
||||
return ( int ) read;
|
||||
}
|
||||
/*-----------------------------------------------------------*/
|
||||
|
||||
static int wolfSSL_IOSendGlue( WOLFSSL * ssl,
|
||||
char * buf,
|
||||
int sz,
|
||||
void * context )
|
||||
{
|
||||
( void ) ssl; /* to prevent unused warning*/
|
||||
Socket_t xSocket = ( Socket_t ) context;
|
||||
BaseType_t sent = FreeRTOS_send( xSocket, ( void * ) buf, ( size_t ) sz, 0 );
|
||||
|
||||
if( sent == -pdFREERTOS_ERRNO_EWOULDBLOCK )
|
||||
{
|
||||
sent = WOLFSSL_CBIO_ERR_WANT_WRITE;
|
||||
}
|
||||
else if( sent == -pdFREERTOS_ERRNO_ENOTCONN )
|
||||
{
|
||||
sent = WOLFSSL_CBIO_ERR_CONN_CLOSE;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* do nothing */
|
||||
}
|
||||
|
||||
return ( int ) sent;
|
||||
}
|
||||
|
||||
/*-----------------------------------------------------------*/
|
||||
static TlsTransportStatus_t initTLS( void )
|
||||
{
|
||||
/* initialize wolfSSL */
|
||||
wolfSSL_Init();
|
||||
|
||||
#ifdef DEBUG_WOLFSSL
|
||||
wolfSSL_Debugging_ON();
|
||||
#endif
|
||||
|
||||
return TLS_TRANSPORT_SUCCESS;
|
||||
}
|
||||
|
||||
/*-----------------------------------------------------------*/
|
||||
static TlsTransportStatus_t loadCredentials( NetworkContext_t * pNetCtx,
|
||||
const NetworkCredentials_t * pNetCred )
|
||||
{
|
||||
TlsTransportStatus_t returnStatus = TLS_TRANSPORT_SUCCESS;
|
||||
|
||||
configASSERT( pNetCtx != NULL );
|
||||
configASSERT( pNetCred != NULL );
|
||||
|
||||
#if defined( democonfigCREDENTIALS_IN_BUFFER )
|
||||
if( wolfSSL_CTX_load_verify_buffer( pNetCtx->sslContext.ctx,
|
||||
( const byte * ) ( pNetCred->pRootCa ), ( long ) ( pNetCred->rootCaSize ),
|
||||
SSL_FILETYPE_PEM ) == SSL_SUCCESS )
|
||||
{
|
||||
if( wolfSSL_CTX_use_certificate_buffer( pNetCtx->sslContext.ctx,
|
||||
( const byte * ) ( pNetCred->pClientCert ), ( long ) ( pNetCred->clientCertSize ),
|
||||
SSL_FILETYPE_PEM ) == SSL_SUCCESS )
|
||||
{
|
||||
if( wolfSSL_CTX_use_PrivateKey_buffer( pNetCtx->sslContext.ctx,
|
||||
( const byte * ) ( pNetCred->pPrivateKey ), ( long ) ( pNetCred->privateKeySize ),
|
||||
SSL_FILETYPE_PEM ) == SSL_SUCCESS )
|
||||
{
|
||||
returnStatus = TLS_TRANSPORT_SUCCESS;
|
||||
}
|
||||
else
|
||||
{
|
||||
LogError( ( "Failed to load client-private-key from buffer" ) );
|
||||
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
LogError( ( "Failed to load client-certificate from buffer" ) );
|
||||
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
LogError( ( "Failed to load ca-certificate from buffer" ) );
|
||||
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
|
||||
}
|
||||
|
||||
return returnStatus;
|
||||
#else /* if defined( democonfigCREDENTIALS_IN_BUFFER ) */
|
||||
if( wolfSSL_CTX_load_verify_locations( pNetCtx->sslContext.ctx,
|
||||
( const char * ) ( pNetCred->pRootCa ), NULL ) == SSL_SUCCESS )
|
||||
{
|
||||
if( wolfSSL_CTX_use_certificate_file( pNetCtx->sslContext.ctx,
|
||||
( const char * ) ( pNetCred->pClientCert ), SSL_FILETYPE_PEM )
|
||||
== SSL_SUCCESS )
|
||||
{
|
||||
if( wolfSSL_CTX_use_PrivateKey_file( pNetCtx->sslContext.ctx,
|
||||
( const char * ) ( pNetCred->pPrivateKey ), SSL_FILETYPE_PEM )
|
||||
== SSL_SUCCESS )
|
||||
{
|
||||
returnStatus = TLS_TRANSPORT_SUCCESS;
|
||||
}
|
||||
else
|
||||
{
|
||||
LogError( ( "Failed to load client-private-key file" ) );
|
||||
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
LogError( ( "Failed to load client-certificate file" ) );
|
||||
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
LogError( ( "Failed to load ca-certificate file" ) );
|
||||
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
|
||||
}
|
||||
return returnStatus;
|
||||
#endif /* if defined( democonfigCREDENTIALS_IN_BUFFER ) */
|
||||
}
|
||||
|
||||
/*-----------------------------------------------------------*/
|
||||
|
||||
static TlsTransportStatus_t tlsSetup( NetworkContext_t * pNetCtx,
|
||||
const char * pHostName,
|
||||
const NetworkCredentials_t * pNetCred )
|
||||
{
|
||||
TlsTransportStatus_t returnStatus = TLS_TRANSPORT_SUCCESS;
|
||||
Socket_t xSocket = { 0 };
|
||||
|
||||
configASSERT( pNetCtx != NULL );
|
||||
configASSERT( pHostName != NULL );
|
||||
configASSERT( pNetCred != NULL );
|
||||
configASSERT( pNetCred->pRootCa != NULL );
|
||||
configASSERT( pNetCtx->tcpSocket != NULL );
|
||||
|
||||
if( pNetCtx->sslContext.ctx == NULL )
|
||||
{
|
||||
/* Attempt to create a context that uses the TLS 1.3 or 1.2 */
|
||||
pNetCtx->sslContext.ctx =
|
||||
wolfSSL_CTX_new( wolfSSLv23_client_method_ex( NULL ) );
|
||||
}
|
||||
|
||||
if( pNetCtx->sslContext.ctx != NULL )
|
||||
{
|
||||
/* load credentials from file */
|
||||
if( loadCredentials( pNetCtx, pNetCred ) == TLS_TRANSPORT_SUCCESS )
|
||||
{
|
||||
/* create a ssl object */
|
||||
pNetCtx->sslContext.ssl =
|
||||
wolfSSL_new( pNetCtx->sslContext.ctx );
|
||||
|
||||
if( pNetCtx->sslContext.ssl != NULL )
|
||||
{
|
||||
xSocket = pNetCtx->tcpSocket;
|
||||
|
||||
/* set Recv/Send glue functions to the WOLFSSL object */
|
||||
wolfSSL_SSLSetIORecv( pNetCtx->sslContext.ssl,
|
||||
wolfSSL_IORecvGlue );
|
||||
wolfSSL_SSLSetIOSend( pNetCtx->sslContext.ssl,
|
||||
wolfSSL_IOSendGlue );
|
||||
|
||||
/* set socket as a context of read/send glue funcs */
|
||||
wolfSSL_SetIOReadCtx( pNetCtx->sslContext.ssl, xSocket );
|
||||
wolfSSL_SetIOWriteCtx( pNetCtx->sslContext.ssl, xSocket );
|
||||
|
||||
/* let wolfSSL perform tls handshake */
|
||||
if( wolfSSL_connect( pNetCtx->sslContext.ssl )
|
||||
== SSL_SUCCESS )
|
||||
{
|
||||
returnStatus = TLS_TRANSPORT_SUCCESS;
|
||||
}
|
||||
else
|
||||
{
|
||||
wolfSSL_shutdown( pNetCtx->sslContext.ssl );
|
||||
wolfSSL_free( pNetCtx->sslContext.ssl );
|
||||
pNetCtx->sslContext.ssl = NULL;
|
||||
wolfSSL_CTX_free( pNetCtx->sslContext.ctx );
|
||||
pNetCtx->sslContext.ctx = NULL;
|
||||
|
||||
LogError( ( "Failed to establish a TLS connection" ) );
|
||||
returnStatus = TLS_TRANSPORT_HANDSHAKE_FAILED;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
wolfSSL_CTX_free( pNetCtx->sslContext.ctx );
|
||||
pNetCtx->sslContext.ctx = NULL;
|
||||
|
||||
LogError( ( "Failed to create wolfSSL object" ) );
|
||||
returnStatus = TLS_TRANSPORT_INTERNAL_ERROR;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
wolfSSL_CTX_free( pNetCtx->sslContext.ctx );
|
||||
pNetCtx->sslContext.ctx = NULL;
|
||||
|
||||
LogError( ( "Failed to load credentials" ) );
|
||||
returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
LogError( ( "Failed to create a wolfSSL_CTX" ) );
|
||||
returnStatus = TLS_TRANSPORT_CONNECT_FAILURE;
|
||||
}
|
||||
|
||||
return returnStatus;
|
||||
}
|
||||
|
||||
/*-----------------------------------------------------------*/
|
||||
|
||||
|
||||
/*-----------------------------------------------------------*/
|
||||
|
||||
TlsTransportStatus_t TLS_FreeRTOS_Connect( NetworkContext_t * pNetworkContext,
|
||||
const char * pHostName,
|
||||
uint16_t port,
|
||||
const NetworkCredentials_t * pNetworkCredentials,
|
||||
uint32_t receiveTimeoutMs,
|
||||
uint32_t sendTimeoutMs )
|
||||
{
|
||||
TlsTransportStatus_t returnStatus = TLS_TRANSPORT_SUCCESS;
|
||||
BaseType_t socketStatus = 0;
|
||||
|
||||
|
||||
if( ( pNetworkContext == NULL ) ||
|
||||
( pHostName == NULL ) ||
|
||||
( pNetworkCredentials == NULL ) )
|
||||
{
|
||||
LogError( ( "Invalid input parameter(s): Arguments cannot be NULL. pNetworkContext=%p, "
|
||||
"pHostName=%p, pNetworkCredentials=%p.",
|
||||
pNetworkContext,
|
||||
pHostName,
|
||||
pNetworkCredentials ) );
|
||||
returnStatus = TLS_TRANSPORT_INVALID_PARAMETER;
|
||||
}
|
||||
else if( ( pNetworkCredentials->pRootCa == NULL ) )
|
||||
{
|
||||
LogError( ( "pRootCa cannot be NULL." ) );
|
||||
returnStatus = TLS_TRANSPORT_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
/* Establish a TCP connection with the server. */
|
||||
if( returnStatus == TLS_TRANSPORT_SUCCESS )
|
||||
{
|
||||
socketStatus = Sockets_Connect( &( pNetworkContext->tcpSocket ),
|
||||
pHostName,
|
||||
port,
|
||||
receiveTimeoutMs,
|
||||
sendTimeoutMs );
|
||||
|
||||
if( socketStatus != 0 )
|
||||
{
|
||||
LogError( ( "Failed to connect to %s with error %d.",
|
||||
pHostName,
|
||||
socketStatus ) );
|
||||
returnStatus = TLS_TRANSPORT_CONNECT_FAILURE;
|
||||
}
|
||||
}
|
||||
|
||||
/* Initialize tls. */
|
||||
if( returnStatus == TLS_TRANSPORT_SUCCESS )
|
||||
{
|
||||
returnStatus = initTLS();
|
||||
}
|
||||
|
||||
/* Perform TLS handshake. */
|
||||
if( returnStatus == TLS_TRANSPORT_SUCCESS )
|
||||
{
|
||||
returnStatus = tlsSetup( pNetworkContext, pHostName, pNetworkCredentials );
|
||||
}
|
||||
|
||||
/* Clean up on failure. */
|
||||
if( returnStatus != TLS_TRANSPORT_SUCCESS )
|
||||
{
|
||||
if( pNetworkContext->tcpSocket != FREERTOS_INVALID_SOCKET )
|
||||
{
|
||||
FreeRTOS_closesocket( pNetworkContext->tcpSocket );
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
LogInfo( ( "(Network connection %p) Connection to %s established.",
|
||||
pNetworkContext,
|
||||
pHostName ) );
|
||||
}
|
||||
|
||||
return returnStatus;
|
||||
}
|
||||
|
||||
/*-----------------------------------------------------------*/
|
||||
|
||||
void TLS_FreeRTOS_Disconnect( NetworkContext_t * pNetworkContext )
|
||||
{
|
||||
WOLFSSL * pSsl = pNetworkContext->sslContext.ssl;
|
||||
WOLFSSL_CTX * pCtx = NULL;
|
||||
|
||||
/* shutdown an active TLS connection */
|
||||
wolfSSL_shutdown( pSsl );
|
||||
|
||||
/* cleanup WOLFSSL object */
|
||||
wolfSSL_free( pSsl );
|
||||
pNetworkContext->sslContext.ssl = NULL;
|
||||
|
||||
/* Call socket shutdown function to close connection. */
|
||||
Sockets_Disconnect( pNetworkContext->tcpSocket );
|
||||
|
||||
/* free WOLFSSL_CTX object*/
|
||||
pCtx = pNetworkContext->sslContext.ctx;
|
||||
|
||||
wolfSSL_CTX_free( pCtx );
|
||||
pNetworkContext->sslContext.ctx = NULL;
|
||||
|
||||
wolfSSL_Cleanup();
|
||||
}
|
||||
|
||||
/*-----------------------------------------------------------*/
|
||||
|
||||
int32_t TLS_FreeRTOS_recv( NetworkContext_t * pNetworkContext,
|
||||
void * pBuffer,
|
||||
size_t bytesToRecv )
|
||||
{
|
||||
int32_t tlsStatus = 0;
|
||||
int iResult = 0;
|
||||
WOLFSSL * pSsl = pNetworkContext->sslContext.ssl;
|
||||
|
||||
iResult = wolfSSL_read( pSsl, pBuffer, bytesToRecv );
|
||||
|
||||
if( iResult > 0 )
|
||||
{
|
||||
tlsStatus = iResult;
|
||||
}
|
||||
else if( wolfSSL_want_read( pSsl ) == 1 )
|
||||
{
|
||||
tlsStatus = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
tlsStatus = wolfSSL_state( pSsl );
|
||||
LogError( ( "Error from wolfSSL_read %d : %s ",
|
||||
iResult, wolfSSL_ERR_reason_error_string( tlsStatus ) ) );
|
||||
}
|
||||
|
||||
return tlsStatus;
|
||||
}
|
||||
|
||||
/*-----------------------------------------------------------*/
|
||||
|
||||
int32_t TLS_FreeRTOS_send( NetworkContext_t * pNetworkContext,
|
||||
const void * pBuffer,
|
||||
size_t bytesToSend )
|
||||
{
|
||||
int32_t tlsStatus = 0;
|
||||
int iResult = 0;
|
||||
WOLFSSL * pSsl = pNetworkContext->sslContext.ssl;
|
||||
|
||||
iResult = wolfSSL_write( pSsl, pBuffer, bytesToSend );
|
||||
|
||||
if( iResult > 0 )
|
||||
{
|
||||
tlsStatus = iResult;
|
||||
}
|
||||
else if( wolfSSL_want_write( pSsl ) == 1 )
|
||||
{
|
||||
tlsStatus = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
tlsStatus = wolfSSL_state( pSsl );
|
||||
LogError( ( "Error from wolfSL_write %d : %s ",
|
||||
iResult, wolfSSL_ERR_reason_error_string( tlsStatus ) ) );
|
||||
}
|
||||
|
||||
return tlsStatus;
|
||||
}
|
||||
/*-----------------------------------------------------------*/
|
|
@ -1,199 +0,0 @@
|
|||
/*
|
||||
* FreeRTOS V202111.00
|
||||
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||
* this software and associated documentation files (the "Software"), to deal in
|
||||
* the Software without restriction, including without limitation the rights to
|
||||
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
||||
* the Software, and to permit persons to whom the Software is furnished to do so,
|
||||
* subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
||||
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
*
|
||||
* https://www.FreeRTOS.org
|
||||
* https://github.com/FreeRTOS
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* @file using_wolfSSL.h
|
||||
* @brief TLS transport interface header.
|
||||
*/
|
||||
|
||||
#ifndef USING_WOLFSSL_H
|
||||
#define USING_WOLFSSL_H
|
||||
|
||||
/**************************************************/
|
||||
/******* DO NOT CHANGE the following order ********/
|
||||
/**************************************************/
|
||||
|
||||
/* Logging related header files are required to be included in the following order:
|
||||
* 1. Include the header file "logging_levels.h".
|
||||
* 2. Define LIBRARY_LOG_NAME and LIBRARY_LOG_LEVEL.
|
||||
* 3. Include the header file "logging_stack.h".
|
||||
*/
|
||||
|
||||
/* Include header that defines log levels. */
|
||||
#include "logging_levels.h"
|
||||
|
||||
/* Logging configuration for the Sockets. */
|
||||
#ifndef LIBRARY_LOG_NAME
|
||||
#define LIBRARY_LOG_NAME "TlsTransport"
|
||||
#endif
|
||||
#ifndef LIBRARY_LOG_LEVEL
|
||||
#define LIBRARY_LOG_LEVEL LOG_INFO
|
||||
#endif
|
||||
|
||||
#include "logging_stack.h"
|
||||
|
||||
/************ End of logging configuration ****************/
|
||||
|
||||
/* FreeRTOS+TCP include. */
|
||||
#include "FreeRTOS_Sockets.h"
|
||||
|
||||
/* Transport interface include. */
|
||||
#include "transport_interface.h"
|
||||
|
||||
/* wolfSSL interface include. */
|
||||
#include "wolfssl/ssl.h"
|
||||
|
||||
/**
|
||||
* @brief Secured connection context.
|
||||
*/
|
||||
typedef struct SSLContext
|
||||
{
|
||||
WOLFSSL_CTX* ctx; /**< @brief wolfSSL context */
|
||||
WOLFSSL* ssl; /**< @brief wolfSSL ssl session context */
|
||||
} SSLContext_t;
|
||||
|
||||
/**
|
||||
* @brief Definition of the network context for the transport interface
|
||||
* implementation that uses mbedTLS and FreeRTOS+TLS sockets.
|
||||
*/
|
||||
struct NetworkContext
|
||||
{
|
||||
Socket_t tcpSocket;
|
||||
SSLContext_t sslContext;
|
||||
};
|
||||
|
||||
/**
|
||||
* @brief Contains the credentials necessary for tls connection setup.
|
||||
*/
|
||||
typedef struct NetworkCredentials
|
||||
{
|
||||
/**
|
||||
* @brief Set this to a non-NULL value to use ALPN.
|
||||
*
|
||||
* This string must be NULL-terminated.
|
||||
*
|
||||
* See [this link]
|
||||
* (https://aws.amazon.com/blogs/iot/mqtt-with-tls-client-authentication-on-port-443-why-it-is-useful-and-how-it-works/)
|
||||
* for more information.
|
||||
*/
|
||||
const char * pAlpnProtos;
|
||||
|
||||
/**
|
||||
* @brief Disable server name indication (SNI) for a TLS session.
|
||||
*/
|
||||
BaseType_t disableSni;
|
||||
|
||||
const unsigned char * pRootCa; /**< @brief String representing a trusted server root certificate. */
|
||||
size_t rootCaSize; /**< @brief Size associated with #IotNetworkCredentials.pRootCa. */
|
||||
const unsigned char * pClientCert; /**< @brief String representing the client certificate. */
|
||||
size_t clientCertSize; /**< @brief Size associated with #IotNetworkCredentials.pClientCert. */
|
||||
const unsigned char * pPrivateKey; /**< @brief String representing the client certificate's private key. */
|
||||
size_t privateKeySize; /**< @brief Size associated with #IotNetworkCredentials.pPrivateKey. */
|
||||
const unsigned char * pUserName; /**< @brief String representing the username for MQTT. */
|
||||
size_t userNameSize; /**< @brief Size associated with #IotNetworkCredentials.pUserName. */
|
||||
const unsigned char * pPassword; /**< @brief String representing the password for MQTT. */
|
||||
size_t passwordSize; /**< @brief Size associated with #IotNetworkCredentials.pPassword. */
|
||||
} NetworkCredentials_t;
|
||||
|
||||
/**
|
||||
* @brief TLS Connect / Disconnect return status.
|
||||
*/
|
||||
typedef enum TlsTransportStatus
|
||||
{
|
||||
TLS_TRANSPORT_SUCCESS = 0, /**< Function successfully completed. */
|
||||
TLS_TRANSPORT_INVALID_PARAMETER, /**< At least one parameter was invalid. */
|
||||
TLS_TRANSPORT_INSUFFICIENT_MEMORY, /**< Insufficient memory required to establish connection. */
|
||||
TLS_TRANSPORT_INVALID_CREDENTIALS, /**< Provided credentials were invalid. */
|
||||
TLS_TRANSPORT_HANDSHAKE_FAILED, /**< Performing TLS handshake with server failed. */
|
||||
TLS_TRANSPORT_INTERNAL_ERROR, /**< A call to a system API resulted in an internal error. */
|
||||
TLS_TRANSPORT_CONNECT_FAILURE /**< Initial connection to the server failed. */
|
||||
} TlsTransportStatus_t;
|
||||
|
||||
/**
|
||||
* @brief Create a TLS connection with FreeRTOS sockets.
|
||||
*
|
||||
* @param[out] pNetworkContext Pointer to a network context to contain the
|
||||
* initialized socket handle.
|
||||
* @param[in] pHostName The hostname of the remote endpoint.
|
||||
* @param[in] port The destination port.
|
||||
* @param[in] pNetworkCredentials Credentials for the TLS connection.
|
||||
* @param[in] receiveTimeoutMs Receive socket timeout.
|
||||
* @param[in] sendTimeoutMs Send socket timeout.
|
||||
*
|
||||
* @return #TLS_TRANSPORT_SUCCESS, #TLS_TRANSPORT_INSUFFICIENT_MEMORY, #TLS_TRANSPORT_INVALID_CREDENTIALS,
|
||||
* #TLS_TRANSPORT_HANDSHAKE_FAILED, #TLS_TRANSPORT_INTERNAL_ERROR, or #TLS_TRANSPORT_CONNECT_FAILURE.
|
||||
*/
|
||||
TlsTransportStatus_t TLS_FreeRTOS_Connect( NetworkContext_t * pNetworkContext,
|
||||
const char * pHostName,
|
||||
uint16_t port,
|
||||
const NetworkCredentials_t * pNetworkCredentials,
|
||||
uint32_t receiveTimeoutMs,
|
||||
uint32_t sendTimeoutMs );
|
||||
|
||||
/**
|
||||
* @brief Gracefully disconnect an established TLS connection.
|
||||
*
|
||||
* @param[in] pNetworkContext Network context.
|
||||
*/
|
||||
void TLS_FreeRTOS_Disconnect( NetworkContext_t * pNetworkContext );
|
||||
|
||||
/**
|
||||
* @brief Receives data from an established TLS connection.
|
||||
*
|
||||
* This is the TLS version of the transport interface's
|
||||
* #TransportRecv_t function.
|
||||
*
|
||||
* @param[in] pNetworkContext The Network context.
|
||||
* @param[out] pBuffer Buffer to receive bytes into.
|
||||
* @param[in] bytesToRecv Number of bytes to receive from the network.
|
||||
*
|
||||
* @return Number of bytes (> 0) received if successful;
|
||||
* 0 if the socket times out without reading any bytes;
|
||||
* negative value on error.
|
||||
*/
|
||||
int32_t TLS_FreeRTOS_recv( NetworkContext_t * pNetworkContext,
|
||||
void * pBuffer,
|
||||
size_t bytesToRecv );
|
||||
|
||||
/**
|
||||
* @brief Sends data over an established TLS connection.
|
||||
*
|
||||
* This is the TLS version of the transport interface's
|
||||
* #TransportSend_t function.
|
||||
*
|
||||
* @param[in] pNetworkContext The network context.
|
||||
* @param[in] pBuffer Buffer containing the bytes to send.
|
||||
* @param[in] bytesToSend Number of bytes to send from the buffer.
|
||||
*
|
||||
* @return Number of bytes (> 0) sent on success;
|
||||
* 0 if the socket times out without sending any bytes;
|
||||
* else a negative value to represent error.
|
||||
*/
|
||||
int32_t TLS_FreeRTOS_send( NetworkContext_t * pNetworkContext,
|
||||
const void * pBuffer,
|
||||
size_t bytesToSend );
|
||||
|
||||
#endif /* ifndef USING_WOLFSSL_H */
|
Loading…
Add table
Add a link
Reference in a new issue