240 lines
5.3 KiB
C
240 lines
5.3 KiB
C
/*
|
|
* Copyright (c) 2006-2018, RT-Thread Development Team
|
|
*
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*
|
|
* Change Logs:
|
|
* Date Author Notes
|
|
* 2018-11-12 ChenYong First version
|
|
*/
|
|
|
|
#include <rtthread.h>
|
|
|
|
#ifdef RT_USING_DFS
|
|
#include <dfs_posix.h>
|
|
#endif
|
|
|
|
#ifdef SAL_USING_TLS
|
|
#include <sal_tls.h>
|
|
#endif
|
|
#include <netdb.h>
|
|
#include <sal.h>
|
|
|
|
#ifdef SAL_USING_TLS
|
|
|
|
#if !defined(MBEDTLS_CONFIG_FILE)
|
|
#include <mbedtls/config.h>
|
|
#else
|
|
#include MBEDTLS_CONFIG_FILE
|
|
#endif
|
|
|
|
#include <tls_certificate.h>
|
|
#include <tls_client.h>
|
|
|
|
#ifndef SAL_MEBDTLS_BUFFER_LEN
|
|
#define SAL_MEBDTLS_BUFFER_LEN 1024
|
|
#endif
|
|
|
|
static void *mebdtls_socket(int socket)
|
|
{
|
|
MbedTLSSession *session = RT_NULL;
|
|
char *pers = "mbedtls";
|
|
|
|
if (socket < 0)
|
|
{
|
|
return RT_NULL;
|
|
}
|
|
|
|
session = (MbedTLSSession *) tls_calloc(1, sizeof(MbedTLSSession));
|
|
if (session == RT_NULL)
|
|
{
|
|
return RT_NULL;
|
|
}
|
|
|
|
session->buffer_len = SAL_MEBDTLS_BUFFER_LEN;
|
|
session->buffer = tls_calloc(1, session->buffer_len);
|
|
if (session->buffer == RT_NULL)
|
|
{
|
|
tls_free(session);
|
|
session = RT_NULL;
|
|
|
|
return RT_NULL;
|
|
}
|
|
|
|
/* initialize TLS Client sesison */
|
|
if (mbedtls_client_init(session, (void *) pers, rt_strlen(pers)) != RT_EOK)
|
|
{
|
|
mbedtls_client_close(session);
|
|
return RT_NULL;
|
|
}
|
|
session->server_fd.fd = socket;
|
|
|
|
return (void *)session;
|
|
}
|
|
|
|
int mbedtls_net_send_cb(void *ctx, const unsigned char *buf, size_t len)
|
|
{
|
|
struct sal_socket *sock;
|
|
int socket, ret;
|
|
|
|
RT_ASSERT(ctx);
|
|
RT_ASSERT(buf);
|
|
|
|
socket = ((mbedtls_net_context *) ctx)->fd;
|
|
sock = sal_get_socket(socket);
|
|
if (sock == RT_NULL)
|
|
{
|
|
return -1;
|
|
}
|
|
|
|
/* Register scoket sendto option to TLS send data callback */
|
|
ret = sock->ops->sendto((int) sock->user_data, (void *)buf, len, 0, RT_NULL, RT_NULL);
|
|
if (ret < 0)
|
|
{
|
|
#ifdef RT_USING_DFS
|
|
if ((fcntl(socket, F_GETFL) & O_NONBLOCK) == O_NONBLOCK)
|
|
return MBEDTLS_ERR_SSL_WANT_WRITE;
|
|
#endif
|
|
if (errno == ECONNRESET)
|
|
return MBEDTLS_ERR_NET_CONN_RESET;
|
|
if ( errno == EINTR)
|
|
return MBEDTLS_ERR_SSL_WANT_READ;
|
|
|
|
return MBEDTLS_ERR_NET_SEND_FAILED ;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
int mbedtls_net_recv_cb( void *ctx, unsigned char *buf, size_t len)
|
|
{
|
|
struct sal_socket *sock;
|
|
int socket, ret;
|
|
|
|
RT_ASSERT(ctx);
|
|
RT_ASSERT(buf);
|
|
|
|
socket = ((mbedtls_net_context *) ctx)->fd;
|
|
sock = sal_get_socket(socket);
|
|
if (sock == RT_NULL)
|
|
{
|
|
return -1;
|
|
}
|
|
|
|
/* Register scoket recvfrom option to TLS recv data callback */
|
|
ret = sock->ops->recvfrom((int) sock->user_data, (void *)buf, len, 0, RT_NULL, RT_NULL);
|
|
if (ret < 0)
|
|
{
|
|
#ifdef RT_USING_DFS
|
|
if ((fcntl(socket, F_GETFL) & O_NONBLOCK) == O_NONBLOCK)
|
|
return MBEDTLS_ERR_SSL_WANT_WRITE;
|
|
#endif
|
|
if (errno == ECONNRESET)
|
|
return MBEDTLS_ERR_NET_CONN_RESET;
|
|
if ( errno == EINTR)
|
|
return MBEDTLS_ERR_SSL_WANT_READ;
|
|
|
|
return MBEDTLS_ERR_NET_RECV_FAILED ;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
static int mbedtls_connect(void *sock)
|
|
{
|
|
MbedTLSSession *session = RT_NULL;
|
|
int ret = 0;
|
|
|
|
RT_ASSERT(sock);
|
|
|
|
session = (MbedTLSSession *) sock;
|
|
|
|
/* Set the SSL Configure infromation */
|
|
ret = mbedtls_client_context(session);
|
|
if (ret < 0)
|
|
{
|
|
goto __exit;
|
|
}
|
|
|
|
/* Set the underlying BIO callbacks for write, read and read-with-timeout. */
|
|
mbedtls_ssl_set_bio(&session->ssl, &session->server_fd, mbedtls_net_send_cb, mbedtls_net_recv_cb, RT_NULL);
|
|
|
|
while ((ret = mbedtls_ssl_handshake(&session->ssl)) != 0)
|
|
{
|
|
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE)
|
|
{
|
|
goto __exit;
|
|
}
|
|
}
|
|
|
|
/* Return the result of the certificate verification */
|
|
ret = mbedtls_ssl_get_verify_result(&session->ssl);
|
|
if (ret != 0)
|
|
{
|
|
rt_memset(session->buffer, 0x00, session->buffer_len);
|
|
mbedtls_x509_crt_verify_info((char *)session->buffer, session->buffer_len, " ! ", ret);
|
|
goto __exit;
|
|
}
|
|
|
|
return ret;
|
|
|
|
__exit:
|
|
if (session)
|
|
{
|
|
mbedtls_client_close(session);
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
static int mbedtls_closesocket(void *sock)
|
|
{
|
|
struct sal_socket *ssock;
|
|
int socket;
|
|
|
|
if (sock == RT_NULL)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
socket = ((MbedTLSSession *) sock)->server_fd.fd;
|
|
ssock = sal_get_socket(socket);
|
|
if (ssock == RT_NULL)
|
|
{
|
|
return -1;
|
|
}
|
|
|
|
/* Close TLS client session, and clean user-data in SAL socket */
|
|
mbedtls_client_close((MbedTLSSession *) sock);
|
|
ssock->user_data_tls = RT_NULL;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static const struct sal_proto_tls_ops mbedtls_proto_ops=
|
|
{
|
|
RT_NULL,
|
|
mebdtls_socket,
|
|
mbedtls_connect,
|
|
(int (*)(void *sock, const void *data, size_t size)) mbedtls_client_write,
|
|
(int (*)(void *sock, void *mem, size_t len)) mbedtls_client_read,
|
|
mbedtls_closesocket,
|
|
};
|
|
|
|
static const struct sal_proto_tls mbedtls_proto =
|
|
{
|
|
"mbedtls",
|
|
&mbedtls_proto_ops,
|
|
};
|
|
|
|
int sal_mbedtls_proto_init(void)
|
|
{
|
|
/* register MbedTLS protocol options to SAL */
|
|
sal_proto_tls_register(&mbedtls_proto);
|
|
|
|
return 0;
|
|
}
|
|
INIT_COMPONENT_EXPORT(sal_mbedtls_proto_init);
|
|
|
|
#endif /* SAL_USING_TLS */
|