2023-06-19 23:28:17 +02:00
|
|
|
/*
|
2024-02-08 20:11:30 +01:00
|
|
|
* SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
|
2023-06-19 23:28:17 +02:00
|
|
|
*
|
|
|
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
*/
|
|
|
|
|
#pragma once
|
|
|
|
|
|
|
|
|
|
#include <utility>
|
2023-09-20 09:13:39 +02:00
|
|
|
#include <memory>
|
2024-02-08 20:11:30 +01:00
|
|
|
#include <mbedtls/timing.h>
|
|
|
|
|
#include <mbedtls/ssl_cookie.h>
|
2023-06-19 23:28:17 +02:00
|
|
|
#include "mbedtls/ssl.h"
|
|
|
|
|
#include "mbedtls/entropy.h"
|
|
|
|
|
#include "mbedtls/ctr_drbg.h"
|
|
|
|
|
#include "mbedtls/error.h"
|
|
|
|
|
|
2024-02-08 20:11:30 +01:00
|
|
|
namespace idf::mbedtls_cxx {
|
2023-06-19 23:28:17 +02:00
|
|
|
|
2024-02-08 20:11:30 +01:00
|
|
|
using const_buf = std::pair<const unsigned char *, std::size_t>;
|
|
|
|
|
using buf = std::pair<unsigned char *, std::size_t>;
|
|
|
|
|
|
|
|
|
|
struct TlsConfig {
|
|
|
|
|
bool is_dtls;
|
|
|
|
|
uint32_t timeout;
|
|
|
|
|
const_buf client_id;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Application wrapper of (D)TLS for authentication and creating encrypted communication channels
|
|
|
|
|
*/
|
2023-06-19 23:28:17 +02:00
|
|
|
class Tls {
|
|
|
|
|
public:
|
2024-02-08 20:11:30 +01:00
|
|
|
/**
|
|
|
|
|
* High level configs for this class are per below: (server/client, with/out verification, TLS/DTLS)
|
|
|
|
|
*/
|
|
|
|
|
enum class is_server : bool {
|
|
|
|
|
};
|
|
|
|
|
enum class do_verify : bool {
|
|
|
|
|
};
|
|
|
|
|
enum class is_dtls : bool {
|
|
|
|
|
};
|
2023-06-28 21:42:27 +02:00
|
|
|
|
2023-06-19 23:28:17 +02:00
|
|
|
Tls();
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-06-28 21:42:27 +02:00
|
|
|
virtual ~Tls();
|
2024-02-08 20:11:30 +01:00
|
|
|
|
|
|
|
|
bool init(is_server server, do_verify verify, TlsConfig *config = nullptr);
|
|
|
|
|
|
|
|
|
|
bool init_dtls_cookies();
|
|
|
|
|
|
|
|
|
|
bool set_client_id();
|
|
|
|
|
|
2023-09-20 09:13:39 +02:00
|
|
|
bool deinit();
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-06-19 23:28:17 +02:00
|
|
|
int handshake();
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-06-19 23:28:17 +02:00
|
|
|
int write(const unsigned char *buf, size_t len);
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-06-19 23:28:17 +02:00
|
|
|
int read(unsigned char *buf, size_t len);
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-06-28 21:42:27 +02:00
|
|
|
[[nodiscard]] bool set_own_cert(const_buf crt, const_buf key);
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-06-28 21:42:27 +02:00
|
|
|
[[nodiscard]] bool set_ca_cert(const_buf crt);
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-11-27 20:04:04 +01:00
|
|
|
bool set_hostname(const char *name);
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-06-19 23:28:17 +02:00
|
|
|
virtual int send(const unsigned char *buf, size_t len) = 0;
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-06-19 23:28:17 +02:00
|
|
|
virtual int recv(unsigned char *buf, size_t len) = 0;
|
2024-02-08 20:11:30 +01:00
|
|
|
|
|
|
|
|
virtual int recv_timeout(unsigned char *buf, size_t len, int timeout)
|
|
|
|
|
{
|
|
|
|
|
return recv(buf, len);
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-19 23:28:17 +02:00
|
|
|
size_t get_available_bytes();
|
|
|
|
|
|
2023-06-28 21:42:27 +02:00
|
|
|
protected:
|
2024-02-08 20:11:30 +01:00
|
|
|
/**
|
|
|
|
|
* mbedTLS internal structures (available after inheritance)
|
|
|
|
|
*/
|
2023-06-19 23:28:17 +02:00
|
|
|
mbedtls_ssl_context ssl_{};
|
|
|
|
|
mbedtls_x509_crt public_cert_{};
|
|
|
|
|
mbedtls_pk_context pk_key_{};
|
|
|
|
|
mbedtls_x509_crt ca_cert_{};
|
|
|
|
|
mbedtls_ssl_config conf_{};
|
|
|
|
|
mbedtls_ctr_drbg_context ctr_drbg_{};
|
|
|
|
|
mbedtls_entropy_context entropy_{};
|
2024-02-08 20:11:30 +01:00
|
|
|
mbedtls_timing_delay_context timer_{};
|
|
|
|
|
mbedtls_ssl_cookie_ctx cookie_{};
|
|
|
|
|
const_buf client_id_{};
|
|
|
|
|
|
2023-06-28 21:42:27 +02:00
|
|
|
virtual void delay() {}
|
2023-06-19 23:28:17 +02:00
|
|
|
|
2024-02-08 20:11:30 +01:00
|
|
|
bool is_server_{false};
|
|
|
|
|
bool is_dtls_{false};
|
|
|
|
|
|
2023-09-20 09:13:39 +02:00
|
|
|
bool set_session();
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-09-20 09:13:39 +02:00
|
|
|
bool get_session();
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-09-20 09:13:39 +02:00
|
|
|
void reset_session();
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-09-20 09:13:39 +02:00
|
|
|
bool is_session_loaded();
|
|
|
|
|
|
2023-06-28 21:42:27 +02:00
|
|
|
private:
|
2023-06-19 23:28:17 +02:00
|
|
|
static void print_error(const char *function, int error_code);
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-06-19 23:28:17 +02:00
|
|
|
static int bio_write(void *ctx, const unsigned char *buf, size_t len);
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-06-19 23:28:17 +02:00
|
|
|
static int bio_read(void *ctx, unsigned char *buf, size_t len);
|
2024-02-08 20:11:30 +01:00
|
|
|
|
|
|
|
|
static int bio_read_tout(void *ctx, unsigned char *buf, size_t len, uint32_t timeout);
|
|
|
|
|
|
|
|
|
|
int mbedtls_pk_parse_key(mbedtls_pk_context *ctx,
|
|
|
|
|
const unsigned char *key, size_t keylen,
|
|
|
|
|
const unsigned char *pwd, size_t pwdlen);
|
|
|
|
|
|
2023-09-20 09:13:39 +02:00
|
|
|
struct unique_session {
|
|
|
|
|
unique_session()
|
|
|
|
|
{
|
|
|
|
|
::mbedtls_ssl_session_init(&s);
|
|
|
|
|
}
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-09-20 09:13:39 +02:00
|
|
|
~unique_session()
|
|
|
|
|
{
|
|
|
|
|
::mbedtls_ssl_session_free(&s);
|
|
|
|
|
}
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-09-20 09:13:39 +02:00
|
|
|
mbedtls_ssl_session *ptr()
|
|
|
|
|
{
|
|
|
|
|
return &s;
|
|
|
|
|
}
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-09-20 09:13:39 +02:00
|
|
|
mbedtls_ssl_session s;
|
|
|
|
|
};
|
2024-02-08 20:11:30 +01:00
|
|
|
|
2023-09-20 09:13:39 +02:00
|
|
|
std::unique_ptr<unique_session> session_;
|
2023-06-19 23:28:17 +02:00
|
|
|
|
|
|
|
|
};
|
2024-02-08 20:11:30 +01:00
|
|
|
}
|
