9 #include "../mcl_tls_socket.h" 13 #include "mbedtls/ssl.h" 14 #include "mbedtls/entropy.h" 15 #include "mbedtls/net_sockets.h" 16 #include "mbedtls/ctr_drbg.h" 17 #include "mbedtls/debug.h" 19 #define PORT_STRING_BUFFER_SIZE 6 21 static const unsigned char entropy_string[] =
"MCL TLS socket wrapper using mbedTLS.";
38 #if defined MCL_MOCKSERVER_INTEGRATION 39 #if defined(WIN32) || defined(WIN64) 40 #pragma message("This callback function should not be enabled except for integration test with mock server!") 42 #warning This callback function should not be enabled except for integration test with mock server! 45 static int verify_callback(
void *context, mbedtls_x509_crt *certificate,
int remaining, uint32_t *flags)
47 const char issuer[] =
"www.mockserver.com";
51 (*flags) &= (~(MBEDTLS_X509_BADCERT_BAD_KEY | MBEDTLS_X509_BADCERT_CN_MISMATCH));
71 #if MCL_LOG_ENABLED_COMPILE_TIME(MCL_LOG_LEVEL_ERROR) 79 #if MCL_LOG_ENABLED_COMPILE_TIME(MCL_LOG_LEVEL_DEBUG) 88 #if MCL_LOG_ENABLED_COMPILE_TIME(MCL_LOG_LEVEL_VERBOSE) 106 MCL_DEBUG_ENTRY(
"mcl_tls_ca_chain_handle *tls_ca_chain_handle = <%p>", tls_ca_chain_handle);
112 if (NULL == *tls_ca_chain_handle)
118 mbedtls_x509_crt_init(&(*tls_ca_chain_handle)->certificate_chain);
131 MCL_DEBUG_ENTRY(
"mcl_tls_ca_chain_handle tls_ca_chain_handle = <%p>, const char *certificate = <%p>, mcl_bool_t is_file = <%u>", tls_ca_chain_handle, certificate, is_file);
136 mbedtls_code = mbedtls_x509_crt_parse_file(&tls_ca_chain_handle->certificate_chain, certificate);
144 mbedtls_code = mbedtls_x509_crt_parse(&tls_ca_chain_handle->certificate_chain, (
const unsigned char *)certificate, buffer_length);
147 switch (mbedtls_code)
153 case MBEDTLS_ERR_X509_ALLOC_FAILED:
168 MCL_DEBUG_ENTRY(
"mcl_tls_ca_chain_handle *tls_ca_chain_handle = <%p>", tls_ca_chain_handle);
170 if ((NULL != tls_ca_chain_handle) && (NULL != *tls_ca_chain_handle))
172 mbedtls_x509_crt_free(&(*tls_ca_chain_handle)->certificate_chain);
183 MCL_DEBUG_ENTRY(
"mcl_tls_socket_handle *tls_socket_handle = <%p>", tls_socket_handle);
197 (*tls_socket_handle)->timeout = 0;
198 mbedtls_net_init(&((*tls_socket_handle)->net_context));
199 mbedtls_ssl_init(&((*tls_socket_handle)->ssl_context));
200 mbedtls_ctr_drbg_init(&((*tls_socket_handle)->drbg_context));
201 mbedtls_entropy_init(&((*tls_socket_handle)->entropy_context));
202 mbedtls_ssl_config_init(&((*tls_socket_handle)->ssl_config));
203 mbedtls_ssl_conf_rng(&((*tls_socket_handle)->ssl_config), mbedtls_ctr_drbg_random, &((*tls_socket_handle)->drbg_context));
205 mbedtls_ssl_conf_authmode(&((*tls_socket_handle)->ssl_config), MBEDTLS_SSL_VERIFY_REQUIRED);
224 mbedtls_debug_set_threshold(mbedtls_debug);
226 #if defined MCL_MOCKSERVER_INTEGRATION 227 mbedtls_ssl_conf_verify(&((*tls_socket_handle)->ssl_config), verify_callback,
MCL_NULL);
231 if ((
MCL_OK == code) && (0 != mbedtls_ssl_config_defaults(&((*tls_socket_handle)->ssl_config), MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT)))
255 MCL_DEBUG_ENTRY(
"mcl_tls_socket_handle tls_socket_handle = <%p>", tls_socket_handle);
262 mbedtls_ssl_conf_ca_chain(&(tls_socket_handle->ssl_config), &((mcl_tls_ca_chain_handle) value)->certificate_chain,
MCL_NULL);
266 tls_socket_handle->timeout = *((
const int *) value);
283 MCL_DEBUG_ENTRY(
"mcl_tls_socket_handle tls_socket_handle = <%p>", tls_socket_handle);
300 MCL_DEBUG_ENTRY(
"mcl_tls_socket_handle tls_socket_handle = <%p>, const char *host = <%s>, mcl_uint16_t port = <%u>", tls_socket_handle, host, (
unsigned int) port);
302 if (NULL == tls_socket_handle)
313 mbedtls_code = mbedtls_net_connect(&tls_socket_handle->net_context, host, port_string, MBEDTLS_NET_PROTO_TCP);
315 if (0 != mbedtls_code)
317 MCL_ERROR(
"mbedtls_net_connect returned: -0x%x", (0 - mbedtls_code));
319 switch (mbedtls_code)
321 case MBEDTLS_ERR_NET_UNKNOWN_HOST:
325 case MBEDTLS_ERR_NET_CONNECT_FAILED:
338 mbedtls_code = mbedtls_ssl_setup(&tls_socket_handle->ssl_context, &tls_socket_handle->ssl_config);
340 if (0 != mbedtls_code)
342 MCL_ERROR(
"mbedtls_ssl_setup returned: -0x%x", (0 - mbedtls_code));
349 mbedtls_code = mbedtls_ssl_set_hostname(&tls_socket_handle->ssl_context, host);
350 if (0 != mbedtls_code)
352 MCL_ERROR(
"mbedtls_ssl_set_hostname returned: -0x%x", (0 - mbedtls_code));
354 switch (mbedtls_code)
356 case MBEDTLS_ERR_SSL_ALLOC_FAILED:
360 case MBEDTLS_ERR_SSL_BAD_INPUT_DATA:
373 mbedtls_ssl_set_bio(&tls_socket_handle->ssl_context, &tls_socket_handle->net_context, mbedtls_net_send, mbedtls_net_recv,
MCL_NULL);
377 mbedtls_code = mbedtls_ssl_handshake(&tls_socket_handle->ssl_context);
378 }
while ((MBEDTLS_ERR_SSL_WANT_READ == mbedtls_code) || (MBEDTLS_ERR_SSL_WANT_WRITE == mbedtls_code));
380 if (0 != mbedtls_code)
382 MCL_ERROR(
"mbedtls_ssl_handshake returned: -0x%x", (0 - mbedtls_code));
384 switch (mbedtls_code)
386 case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
390 case MBEDTLS_ERR_X509_ALLOC_FAILED:
394 case MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE:
395 case MBEDTLS_ERR_X509_UNKNOWN_OID:
396 case MBEDTLS_ERR_X509_FATAL_ERROR:
397 case MBEDTLS_ERR_X509_FILE_IO_ERROR:
416 MCL_VERBOSE_ENTRY(
"mcl_tls_socket_handle tls_socket_handle = <%p>, const mcl_uint8_t *buffer = <%p>, mcl_size_t *size = <%p>", tls_socket_handle, buffer, size);
418 if ((NULL == tls_socket_handle) || (NULL == size))
432 mbedtls_code = mbedtls_ssl_write(&tls_socket_handle->ssl_context, buffer, *size);
433 }
while ((MBEDTLS_ERR_SSL_WANT_READ == mbedtls_code) || (MBEDTLS_ERR_SSL_WANT_WRITE == mbedtls_code));
435 if (0 > mbedtls_code)
437 MCL_ERROR(
"mbedtls_ssl_write returned: -0x%x", (0 - mbedtls_code));
442 *size = mbedtls_code;
455 MCL_VERBOSE_ENTRY(
"mcl_tls_socket_handle tls_socket_handle = <%p>, const mcl_uint8_t *buffer = <%p>, mcl_size_t *size = <%p>", tls_socket_handle, buffer, size);
457 if ((NULL == tls_socket_handle) || (NULL == size))
471 mbedtls_code = mbedtls_ssl_read(&tls_socket_handle->ssl_context, buffer, *size);
472 }
while ((MBEDTLS_ERR_SSL_WANT_READ == mbedtls_code) || (MBEDTLS_ERR_SSL_WANT_WRITE == mbedtls_code));
474 if (0 >= mbedtls_code)
476 MCL_ERROR(
"mbedtls_ssl_read returned: -0x%x", (0 - mbedtls_code));
481 *size = mbedtls_code;
491 MCL_DEBUG_ENTRY(
"mcl_tls_socket_handle *tls_socket_handle = <%p>", tls_socket_handle);
495 mbedtls_net_free(&(*tls_socket_handle)->net_context);
496 mbedtls_ssl_free(&(*tls_socket_handle)->ssl_context);
497 mbedtls_ssl_config_free(&(*tls_socket_handle)->ssl_config);
498 mbedtls_ctr_drbg_free(&(*tls_socket_handle)->drbg_context);
499 mbedtls_entropy_free(&(*tls_socket_handle)->entropy_context);
mbedtls_entropy_context entropy_context
mbedtls_ssl_config ssl_config
MCL failed to connect to the host or proxy.
#define MCL_LOG_ENABLED_COMPILE_TIME(level)
#define MCL_FUNCTION_LEAVE_LABEL
E_MCL_TLS_SOCKET_PARAMETER
mbedtls_x509_crt certificate_chain
mcl_error_t mcl_tls_socket_send(mcl_tls_socket_handle tls_socket_handle, const mcl_uint8_t *buffer, mcl_size_t *size)
Received parameter is null.
#define PORT_STRING_BUFFER_SIZE
A problem occured during SSL/TLS handshake.
#define MCL_DEBUG_ENTRY(...)
Requested operation is not supported.
MCL_CORE_EXPORT mcl_size_t mcl_string_util_strlen(const char *buffer)
#define MCL_LOG_ENABLED_RUN_TIME(level)
#define MCL_LOG_LEVEL_VERBOSE
Mindsphere certificate was not verified.
#define MCL_VERBOSE_LEAVE(...)
mcl_error_t mcl_tls_socket_connect(mcl_tls_socket_handle tls_socket_handle, const char *host, mcl_uint16_t port)
Host name given as a configuration parameter could not be resolved.
mcl_error_t mcl_tls_ca_chain_add_certificate(mcl_tls_ca_chain_handle tls_ca_chain_handle, const char *certificate, mcl_bool_t is_file)
static void mbedtls_debug_function(void *ctx, int level, const char *file, int line, const char *str)
mcl_error_t mcl_tls_socket_set_parameter(mcl_tls_socket_handle tls_socket_handle, E_MCL_TLS_SOCKET_PARAMETER parameter, const void *value)
MCL_CORE_EXPORT mcl_log_util_callback_t mcl_log_util_function
static const unsigned char entropy_string[]
mbedtls_ctr_drbg_context drbg_context
#define MCL_ASSERT_NOT_NULL(argument, return_variable)
MCL_CORE_EXPORT void * mcl_log_util_user_context
mcl_error_t mcl_tls_ca_chain_init(mcl_tls_ca_chain_handle *tls_ca_chain_handle)
MCL_CORE_EXPORT mcl_error_t mcl_string_util_snprintf(char *string, mcl_size_t length, const char *format,...)
#define MCL_ERROR_RETURN(return_value,...)
mcl_error_t mcl_tls_socket_receive(mcl_tls_socket_handle tls_socket_handle, mcl_uint8_t *buffer, mcl_size_t *size)
The server certificate provided is in improper format and it can not be parsed.
Log utility module interface header file.
String utility module interface header file.
void mcl_tls_ca_chain_destroy(mcl_tls_ca_chain_handle *tls_ca_chain_handle)
mbedtls_net_context net_context
#define MCL_LOG_LEVEL_ERROR
#define MCL_NULL_CHAR_SIZE
#define MCL_MALLOC(bytes)
mbedtls_ssl_context ssl_context
mcl_error_t mcl_tls_socket_open(mcl_tls_socket_handle tls_socket_handle)
General invalid parameter fail.
MCL_CORE_EXPORT mcl_bool_t mcl_string_util_memcmp(const void *block_1, const void *block_2, mcl_size_t count)
void mcl_tls_socket_destroy(mcl_tls_socket_handle *tls_socket_handle)
#define MCL_DEBUG_LEAVE(...)
#define MCL_VERBOSE_ENTRY(...)
mcl_error_t mcl_tls_socket_init(mcl_tls_socket_handle *tls_socket_handle)
#define MCL_LOG_LEVEL_DEBUG
Memory module interface header file.