ST / Mbed OS Cloud_IBM_MbedOS

Publisher for IBM Quickstart and Watson IoT cloud.

Dependencies:   MQTT NDefLib X_NUCLEO_IKS01A2 X_NUCLEO_NFC01A1

Fork of Cloud_IBM_MbedOS by ST Expansion SW Team

To start the demo the following expansion boards are required

X_NUCLEO_IDW01M1v2, X_NUCLEO_IKS01A2, X_NUCLEO_NFC01A1

and as MCU board the NUCLEO-L476RG as it include a True Random Number Generator needed for TLS.

After having mounted the board stack on the Nucleo board the below steps should be followed:

  • In case the X-NUCLEO-NFC-01A1 is on the board stack the WiFi SSID and password can be passed through the NFC tag by means of: 1) enabling the NFC support defining the X_NUCLEO_NFC01A1_PRESENT and recompiling, 2) when prompted on hyperterminal, programming the SSID and password to NFC using the Android app "NFCtools"
  • In case the NFC is not present, you local WiFi SSID and password can be programmed to mbed_app.json file and compiling and flashing the binary. Make sure the Wifi network has visible SSID.
  • Reset the Nucleo board and after few seconds the Nucleo green led will be on (it means the Nucleo is connected to the local Wifi and to the IBM cloud server)
  • Read the NFC tag with an Android device and the browser will be automatically opened and directed to the specific IBM quickstart demo page where the environmental values are displayed in form of a x-y graph. The values are updated every few seconds. On the Hyperterminal is possible to see the values sent to the IBM cloud server and the board mac address to be entered on the IBM quickstart web page if a manual connection is needed (eg. to connect from a PC browser).

In case of registered connection ( internetofthings.ibmcloud.com ) is needed ( no TLS ) comment the #define ORG_QUICKSTART than check in the mbed_app.json the following fields and change them according to your IBM MQTT broker account, MQTT_ORG_ID, MQTT_DEVICE_PASSWORD, MQTT_DEVICE_ID, MQTT_DEVICE_TYPE.

In case of registered connection ( internetofthings.ibmcloud.com ) with TLS encryption is needed, uncomment the #define TLS_EN and make sure the certificate (SSL_CA_PEM) is still valid.

In the default case the application connect to quickstart.internetofthings.ibmcloud.com without any encryption not authentication.

MQTTNetwork.h@7:d18775ea6734, 2018-02-21 (annotated)

Committer:
mapellil
Date:
Wed Feb 21 10:11:06 2018 +0100
Revision:
7:d18775ea6734
Parent:
5:efa13fc5d99a 
masked wifi passw

Who changed what in which revision?

UserRevisionLine numberNew contents of line
mapellil 0:e477c0f8b2e4 1 #ifndef _MQTTNETWORK_H_
mapellil 0:e477c0f8b2e4 2 #define _MQTTNETWORK_H_
mapellil 0:e477c0f8b2e4 3
mapellil 0:e477c0f8b2e4 4 #include "NetworkInterface.h"
mapellil 5:efa13fc5d99a 5 #include "mbedtls/platform.h"
mapellil 5:efa13fc5d99a 6 #include "mbedtls/ssl.h"
mapellil 5:efa13fc5d99a 7 #include "mbedtls/entropy.h"
mapellil 5:efa13fc5d99a 8 #include "mbedtls/ctr_drbg.h"
mapellil 5:efa13fc5d99a 9 #include "mbedtls/error.h"
mapellil 5:efa13fc5d99a 10
mapellil 5:efa13fc5d99a 11 /* Change to a number between 1 and 4 to debug the TLS connection */
mapellil 5:efa13fc5d99a 12 #define DEBUG_LEVEL 0
mapellil 5:efa13fc5d99a 13
mapellil 5:efa13fc5d99a 14 #if DEBUG_LEVEL > 0
mapellil 5:efa13fc5d99a 15 #include "mbedtls/debug.h"
mapellil 5:efa13fc5d99a 16 #endif
mapellil 5:efa13fc5d99a 17
mapellil 5:efa13fc5d99a 18 #define TLS_OFF 0
mapellil 5:efa13fc5d99a 19 #define TLS_ON 1
mapellil 5:efa13fc5d99a 20
mapellil 5:efa13fc5d99a 21 /* personalization string for the drbg */
mapellil 5:efa13fc5d99a 22 const char *DRBG_PERS = "mbed TLS Publisher for IBM Watson IoT";
mapellil 5:efa13fc5d99a 23
mapellil 5:efa13fc5d99a 24 /* List of trusted root CA certificates
mapellil 5:efa13fc5d99a 25 * currently only GlobalSign, the CA for os.mbed.com
mapellil 5:efa13fc5d99a 26 *
mapellil 5:efa13fc5d99a 27 * To add more than one root, just concatenate them.
mapellil 5:efa13fc5d99a 28 */
mapellil 5:efa13fc5d99a 29 mbedtls_entropy_context _entropy;
mapellil 5:efa13fc5d99a 30 mbedtls_ctr_drbg_context _ctr_drbg;
mapellil 5:efa13fc5d99a 31 mbedtls_x509_crt _cacert;
mapellil 5:efa13fc5d99a 32 mbedtls_ssl_context _ssl;
mapellil 5:efa13fc5d99a 33 mbedtls_ssl_config _ssl_conf;
mapellil 5:efa13fc5d99a 34
mapellil 0:e477c0f8b2e4 35 class MQTTNetwork {
mapellil 0:e477c0f8b2e4 36 public:
mapellil 5:efa13fc5d99a 37 MQTTNetwork(NetworkInterface *net_iface) : _network(net_iface) {
mapellil 5:efa13fc5d99a 38 _tcpsocket = new TCPSocket();
mapellil 5:efa13fc5d99a 39 _tcpsocket->set_blocking(false);
mapellil 5:efa13fc5d99a 40 _is_tcpsocket_connected = 0;
mapellil 0:e477c0f8b2e4 41 }
mapellil 0:e477c0f8b2e4 42
mapellil 0:e477c0f8b2e4 43 ~MQTTNetwork() {
mapellil 5:efa13fc5d99a 44 if (_is_tcpsocket_connected && _tls) {
mapellil 5:efa13fc5d99a 45 mbedtls_ssl_session_reset( &_ssl );
mapellil 5:efa13fc5d99a 46 mbedtls_entropy_free(&_entropy);
mapellil 5:efa13fc5d99a 47 mbedtls_ctr_drbg_free(&_ctr_drbg);
mapellil 5:efa13fc5d99a 48 mbedtls_x509_crt_free(&_cacert);
mapellil 5:efa13fc5d99a 49 mbedtls_ssl_free(&_ssl);
mapellil 5:efa13fc5d99a 50 mbedtls_ssl_config_free(&_ssl_conf);
mapellil 5:efa13fc5d99a 51 }
mapellil 5:efa13fc5d99a 52 _tcpsocket->close();
mapellil 5:efa13fc5d99a 53 delete _tcpsocket;
mapellil 0:e477c0f8b2e4 54 }
mapellil 5:efa13fc5d99a 55
mapellil 0:e477c0f8b2e4 56 int read(unsigned char* buffer, int len, int timeout) {
mapellil 5:efa13fc5d99a 57 size_t _bpos = 0; int offset = 0; int ret = 0;
mapellil 5:efa13fc5d99a 58 if (_tls) {
mapellil 5:efa13fc5d99a 59 //_tcpsocket->set_timeout(timeout);
mapellil 5:efa13fc5d99a 60 /* Read data out of the socket */
mapellil 5:efa13fc5d99a 61 offset = 0;
mapellil 5:efa13fc5d99a 62 Countdown timer;
mapellil 5:efa13fc5d99a 63 timer.countdown_ms(timeout);
mapellil 5:efa13fc5d99a 64
mapellil 5:efa13fc5d99a 65 do {
mapellil 5:efa13fc5d99a 66 ret = mbedtls_ssl_read(&_ssl, buffer + offset,
mapellil 5:efa13fc5d99a 67 len - offset );
mapellil 5:efa13fc5d99a 68 if (ret > 0) offset += ret;
mapellil 5:efa13fc5d99a 69 if (offset == len) return offset;
mapellil 5:efa13fc5d99a 70 if (timer.expired()) return 0;
mapellil 5:efa13fc5d99a 71 } while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
mapellil 5:efa13fc5d99a 72 ret == MBEDTLS_ERR_SSL_WANT_WRITE || ret == 0 );
mapellil 5:efa13fc5d99a 73 if (ret == MBEDTLS_ERR_SSL_CLIENT_RECONNECT) {
mapellil 5:efa13fc5d99a 74 print_mbedtls_error("MBEDTLS_ERR_SSL_CLIENT_RECONNECT\n\r", ret);
mapellil 5:efa13fc5d99a 75 // int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
mapellil 5:efa13fc5d99a 76 _tcpsocket->close();
mapellil 5:efa13fc5d99a 77 _is_tcpsocket_connected = 0;
mapellil 5:efa13fc5d99a 78 return ret;
mapellil 5:efa13fc5d99a 79 }
mapellil 5:efa13fc5d99a 80
mapellil 5:efa13fc5d99a 81 if (ret < 0) {
mapellil 5:efa13fc5d99a 82 print_mbedtls_error("mbedtls_ssl_read", ret);
mapellil 5:efa13fc5d99a 83 _tcpsocket->close();
mapellil 5:efa13fc5d99a 84 _is_tcpsocket_connected = 0;
mapellil 5:efa13fc5d99a 85 return ret;
mapellil 5:efa13fc5d99a 86 }
mapellil 5:efa13fc5d99a 87 return ret;
mapellil 5:efa13fc5d99a 88 } else {
mapellil 5:efa13fc5d99a 89 _tcpsocket->set_blocking(true);
mapellil 5:efa13fc5d99a 90 _tcpsocket->set_timeout(timeout);
mapellil 5:efa13fc5d99a 91 return _tcpsocket->recv(buffer, len);
mapellil 5:efa13fc5d99a 92 }
mapellil 5:efa13fc5d99a 93 }
mapellil 5:efa13fc5d99a 94
mapellil 5:efa13fc5d99a 95
mapellil 5:efa13fc5d99a 96 int write(unsigned char* buffer, int len, int timeout) {
mapellil 5:efa13fc5d99a 97
mapellil 5:efa13fc5d99a 98 size_t _bpos = len;
mapellil 5:efa13fc5d99a 99 int offset = 0; int ret = 0;
mapellil 5:efa13fc5d99a 100 if (_tls) {
mapellil 5:efa13fc5d99a 101 do {
mapellil 5:efa13fc5d99a 102 ret = mbedtls_ssl_write(&_ssl,
mapellil 5:efa13fc5d99a 103 (const unsigned char *) buffer + offset,
mapellil 5:efa13fc5d99a 104 _bpos - offset);
mapellil 5:efa13fc5d99a 105 if (ret > 0)
mapellil 5:efa13fc5d99a 106 offset += ret;
mapellil 5:efa13fc5d99a 107 } while (offset < _bpos && (ret > 0 || ret == MBEDTLS_ERR_SSL_WANT_READ ||
mapellil 5:efa13fc5d99a 108 ret == MBEDTLS_ERR_SSL_WANT_WRITE));
mapellil 5:efa13fc5d99a 109 if (ret < 0) {
mapellil 5:efa13fc5d99a 110 print_mbedtls_error("mbedtls_ssl_write", ret);
mapellil 5:efa13fc5d99a 111 _tcpsocket->close();
mapellil 5:efa13fc5d99a 112 _is_tcpsocket_connected = 0;
mapellil 5:efa13fc5d99a 113 return ret;
mapellil 5:efa13fc5d99a 114 }
mapellil 5:efa13fc5d99a 115 return ret;
mapellil 5:efa13fc5d99a 116 } else {
mapellil 5:efa13fc5d99a 117 _tcpsocket->set_blocking(true);
mapellil 5:efa13fc5d99a 118 _tcpsocket->set_timeout(timeout);
mapellil 5:efa13fc5d99a 119 return _tcpsocket->send(buffer, len);
mapellil 5:efa13fc5d99a 120 }
mapellil 0:e477c0f8b2e4 121 }
mapellil 0:e477c0f8b2e4 122
mapellil 5:efa13fc5d99a 123 int connect(const char* hostname, int port, unsigned int tls=TLS_OFF, const char * cert=NULL, unsigned int sizeof_cert=0) {
mapellil 5:efa13fc5d99a 124 _tls = tls;
mapellil 5:efa13fc5d99a 125 if (tls == TLS_ON) { printf ("--->TLS is ON\n\r"); assert (cert); };
mapellil 5:efa13fc5d99a 126 if (tls == TLS_ON) {
mapellil 5:efa13fc5d99a 127 mbedtls_entropy_init(&_entropy);
mapellil 5:efa13fc5d99a 128 mbedtls_ctr_drbg_init(&_ctr_drbg);
mapellil 5:efa13fc5d99a 129 mbedtls_x509_crt_init(&_cacert);
mapellil 5:efa13fc5d99a 130 mbedtls_ssl_init(&_ssl);
mapellil 5:efa13fc5d99a 131 mbedtls_ssl_config_init(&_ssl_conf);
mapellil 5:efa13fc5d99a 132 /*
mapellil 5:efa13fc5d99a 133 * Initialize TLS-related stuf.
mapellil 5:efa13fc5d99a 134 */
mapellil 5:efa13fc5d99a 135 int ret = 0;
mapellil 5:efa13fc5d99a 136 if ((ret = mbedtls_ctr_drbg_seed(&_ctr_drbg, mbedtls_entropy_func, &_entropy,
mapellil 5:efa13fc5d99a 137 (const unsigned char *) DRBG_PERS,
mapellil 5:efa13fc5d99a 138 sizeof (DRBG_PERS))) != 0) {
mapellil 5:efa13fc5d99a 139 print_mbedtls_error("mbedtls_crt_drbg_init", ret);
mapellil 5:efa13fc5d99a 140 return ret;
mapellil 5:efa13fc5d99a 141 }
mapellil 5:efa13fc5d99a 142 if ((ret = mbedtls_x509_crt_parse(&_cacert, (const unsigned char *) cert,
mapellil 5:efa13fc5d99a 143 sizeof_cert)) != 0) {
mapellil 5:efa13fc5d99a 144 print_mbedtls_error("mbedtls_x509_crt_parse", ret);
mapellil 5:efa13fc5d99a 145 return ret;
mapellil 5:efa13fc5d99a 146 }
mapellil 5:efa13fc5d99a 147 if ((ret = mbedtls_ssl_config_defaults(&_ssl_conf,
mapellil 5:efa13fc5d99a 148 MBEDTLS_SSL_IS_CLIENT,
mapellil 5:efa13fc5d99a 149 MBEDTLS_SSL_TRANSPORT_STREAM,
mapellil 5:efa13fc5d99a 150 MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
mapellil 5:efa13fc5d99a 151 print_mbedtls_error("mbedtls_ssl_config_defaults", ret);
mapellil 5:efa13fc5d99a 152 return ret;
mapellil 5:efa13fc5d99a 153 }
mapellil 5:efa13fc5d99a 154 mbedtls_ssl_conf_ca_chain(&_ssl_conf, &_cacert, NULL);
mapellil 5:efa13fc5d99a 155 mbedtls_ssl_conf_rng(&_ssl_conf, mbedtls_ctr_drbg_random, &_ctr_drbg);
mapellil 5:efa13fc5d99a 156 /* It is possible to disable authentication by passing
mapellil 5:efa13fc5d99a 157 * MBEDTLS_SSL_VERIFY_NONE in the call to mbedtls_ssl_conf_authmode()
mapellil 5:efa13fc5d99a 158 */
mapellil 5:efa13fc5d99a 159 mbedtls_ssl_conf_authmode(&_ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
mapellil 5:efa13fc5d99a 160 #if DEBUG_LEVEL > 0
mapellil 5:efa13fc5d99a 161 mbedtls_ssl_conf_verify(&_ssl_conf, my_verify, NULL);
mapellil 5:efa13fc5d99a 162 mbedtls_ssl_conf_dbg(&_ssl_conf, my_debug, NULL);
mapellil 5:efa13fc5d99a 163 mbedtls_debug_set_threshold(DEBUG_LEVEL);
mapellil 5:efa13fc5d99a 164 #endif
mapellil 5:efa13fc5d99a 165 if ((ret = mbedtls_ssl_setup(&_ssl, &_ssl_conf)) != 0) {
mapellil 5:efa13fc5d99a 166 print_mbedtls_error("mbedtls_ssl_setup", ret);
mapellil 5:efa13fc5d99a 167 return ret;
mapellil 5:efa13fc5d99a 168 }
mapellil 5:efa13fc5d99a 169 mbedtls_ssl_set_hostname(&_ssl, hostname);
mapellil 5:efa13fc5d99a 170
mapellil 5:efa13fc5d99a 171 mbedtls_ssl_set_bio(&_ssl, static_cast<void *>(_tcpsocket), ssl_send, ssl_recv, NULL );
mapellil 5:efa13fc5d99a 172 /* Connect to the server */
mapellil 5:efa13fc5d99a 173 _tcpsocket->open(_network);
mapellil 5:efa13fc5d99a 174 mbedtls_printf("Connecting with %s port: %d\n", hostname, port);
mapellil 5:efa13fc5d99a 175 ret = _tcpsocket->connect(hostname, port);
mapellil 5:efa13fc5d99a 176 if (ret != NSAPI_ERROR_OK) {
mapellil 5:efa13fc5d99a 177 mbedtls_printf("Failed to connect\n");
mapellil 5:efa13fc5d99a 178 printf("MBED: Socket Error: %d\n", ret);
mapellil 5:efa13fc5d99a 179 _tcpsocket->close();
mapellil 5:efa13fc5d99a 180 return ret;
mapellil 5:efa13fc5d99a 181 }
mapellil 5:efa13fc5d99a 182 printf ("--->TCP Connected\n\r");
mapellil 5:efa13fc5d99a 183 _is_tcpsocket_connected = 1;
mapellil 5:efa13fc5d99a 184
mapellil 5:efa13fc5d99a 185 /* Start the handshake, the rest will be done in onReceive() */
mapellil 5:efa13fc5d99a 186 mbedtls_printf("Starting the TLS handshake...\n");
mapellil 5:efa13fc5d99a 187 do {
mapellil 5:efa13fc5d99a 188 ret = mbedtls_ssl_handshake(&_ssl);
mapellil 5:efa13fc5d99a 189 } while (ret != 0 && (ret == MBEDTLS_ERR_SSL_WANT_READ ||
mapellil 5:efa13fc5d99a 190 ret == MBEDTLS_ERR_SSL_WANT_WRITE));
mapellil 5:efa13fc5d99a 191 if (ret < 0) {
mapellil 5:efa13fc5d99a 192 print_mbedtls_error("mbedtls_ssl_handshake", ret);
mapellil 5:efa13fc5d99a 193 _tcpsocket->close();
mapellil 5:efa13fc5d99a 194 return ret;
mapellil 5:efa13fc5d99a 195 }
mapellil 5:efa13fc5d99a 196 /* const uint32_t buf_size = 1024;
mapellil 5:efa13fc5d99a 197 char *buf = new char[buf_size];
mapellil 5:efa13fc5d99a 198 mbedtls_x509_crt_info(buf, buf_size, "\r ",
mapellil 5:efa13fc5d99a 199 mbedtls_ssl_get_peer_cert(&_ssl));
mapellil 5:efa13fc5d99a 200 mbedtls_printf("Server certificate:\n%s", buf);
mapellil 5:efa13fc5d99a 201
mapellil 5:efa13fc5d99a 202 uint32_t flags = mbedtls_ssl_get_verify_result(&_ssl);
mapellil 5:efa13fc5d99a 203 if( flags != 0 )
mapellil 5:efa13fc5d99a 204 {
mapellil 5:efa13fc5d99a 205 mbedtls_x509_crt_verify_info(buf, buf_size, "\r ! ", flags);
mapellil 5:efa13fc5d99a 206 printf("Certificate verification failed:\n%s\n", buf);
mapellil 5:efa13fc5d99a 207 }
mapellil 5:efa13fc5d99a 208 else
mapellil 5:efa13fc5d99a 209 printf("Certificate verification passed\n\n");
mapellil 5:efa13fc5d99a 210 */
mapellil 5:efa13fc5d99a 211 _is_tcpsocket_connected = 1;
mapellil 5:efa13fc5d99a 212 return ret;
mapellil 5:efa13fc5d99a 213
mapellil 5:efa13fc5d99a 214 } else { // tls off
mapellil 5:efa13fc5d99a 215 printf ("--->TLS is OFF\n\r");
mapellil 5:efa13fc5d99a 216 _tcpsocket->open(_network);
mapellil 5:efa13fc5d99a 217 int ret = _tcpsocket->connect(hostname, port);
mapellil 5:efa13fc5d99a 218 if (ret != NSAPI_ERROR_OK) {
mapellil 5:efa13fc5d99a 219 mbedtls_printf("Failed to connect\n");
mapellil 5:efa13fc5d99a 220 printf("MBED: Socket Error: %d\n", ret);
mapellil 5:efa13fc5d99a 221 _tcpsocket->close();
mapellil 5:efa13fc5d99a 222 return ret;
mapellil 5:efa13fc5d99a 223 }
mapellil 5:efa13fc5d99a 224 printf ("--->TCP Connected\n\r");
mapellil 5:efa13fc5d99a 225 _is_tcpsocket_connected = 1;
mapellil 5:efa13fc5d99a 226 return ret;
mapellil 5:efa13fc5d99a 227 }
mapellil 0:e477c0f8b2e4 228 }
mapellil 0:e477c0f8b2e4 229
mapellil 0:e477c0f8b2e4 230 int disconnect() {
mapellil 5:efa13fc5d99a 231 if (_is_tcpsocket_connected && _tls == TLS_ON) {
mapellil 5:efa13fc5d99a 232 mbedtls_ssl_session_reset( &_ssl );
mapellil 5:efa13fc5d99a 233 mbedtls_entropy_free(&_entropy);
mapellil 5:efa13fc5d99a 234 mbedtls_ctr_drbg_free(&_ctr_drbg);
mapellil 5:efa13fc5d99a 235 mbedtls_x509_crt_free(&_cacert);
mapellil 5:efa13fc5d99a 236 mbedtls_ssl_free(&_ssl);
mapellil 5:efa13fc5d99a 237 mbedtls_ssl_config_free(&_ssl_conf);
mapellil 5:efa13fc5d99a 238 }
mapellil 5:efa13fc5d99a 239 _is_tcpsocket_connected = 0;
mapellil 5:efa13fc5d99a 240 return _tcpsocket->close();
mapellil 0:e477c0f8b2e4 241 }
mapellil 0:e477c0f8b2e4 242
mapellil 5:efa13fc5d99a 243 bool isConnected () { return _is_tcpsocket_connected; }
mapellil 5:efa13fc5d99a 244
mapellil 0:e477c0f8b2e4 245 private:
mapellil 5:efa13fc5d99a 246 NetworkInterface* _network;
mapellil 5:efa13fc5d99a 247 unsigned int _is_tcpsocket_connected;
mapellil 5:efa13fc5d99a 248
mapellil 5:efa13fc5d99a 249 protected:
mapellil 5:efa13fc5d99a 250 /**
mapellil 5:efa13fc5d99a 251 * Helper for pretty-printing mbed TLS error codes
mapellil 5:efa13fc5d99a 252 */
mapellil 5:efa13fc5d99a 253 static void print_mbedtls_error(const char *name, int err) {
mapellil 5:efa13fc5d99a 254 char buf[128];
mapellil 5:efa13fc5d99a 255 mbedtls_strerror(err, buf, sizeof (buf));
mapellil 5:efa13fc5d99a 256 mbedtls_printf("%s() failed: -0x%04x (%d): %s\n", name, -err, err, buf);
mapellil 5:efa13fc5d99a 257 }
mapellil 5:efa13fc5d99a 258
mapellil 5:efa13fc5d99a 259 #if DEBUG_LEVEL > 0
mapellil 5:efa13fc5d99a 260 /**
mapellil 5:efa13fc5d99a 261 * Debug callback for Mbed TLS
mapellil 5:efa13fc5d99a 262 * Just prints on the USB serial port
mapellil 5:efa13fc5d99a 263 */
mapellil 5:efa13fc5d99a 264 static void my_debug(void *ctx, int level, const char *file, int line,
mapellil 5:efa13fc5d99a 265 const char *str)
mapellil 5:efa13fc5d99a 266 {
mapellil 5:efa13fc5d99a 267 const char *p, *basename;
mapellil 5:efa13fc5d99a 268 (void) ctx;
mapellil 5:efa13fc5d99a 269
mapellil 5:efa13fc5d99a 270 /* Extract basename from file */
mapellil 5:efa13fc5d99a 271 for(p = basename = file; *p != '\0'; p++) {
mapellil 5:efa13fc5d99a 272 if(*p == '/' || *p == '\\') {
mapellil 5:efa13fc5d99a 273 basename = p + 1;
mapellil 5:efa13fc5d99a 274 }
mapellil 5:efa13fc5d99a 275 }
mapellil 5:efa13fc5d99a 276
mapellil 5:efa13fc5d99a 277 mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str);
mapellil 5:efa13fc5d99a 278 }
mapellil 5:efa13fc5d99a 279
mapellil 5:efa13fc5d99a 280 /**
mapellil 5:efa13fc5d99a 281 * Certificate verification callback for Mbed TLS
mapellil 5:efa13fc5d99a 282 * Here we only use it to display information on each cert in the chain
mapellil 5:efa13fc5d99a 283 */
mapellil 5:efa13fc5d99a 284 static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags)
mapellil 5:efa13fc5d99a 285 {
mapellil 5:efa13fc5d99a 286 const uint32_t buf_size = 1024;
mapellil 5:efa13fc5d99a 287 char *buf = new char[buf_size];
mapellil 5:efa13fc5d99a 288 (void) data;
mapellil 5:efa13fc5d99a 289
mapellil 5:efa13fc5d99a 290 mbedtls_printf("\nVerifying certificate at depth %d:\n", depth);
mapellil 5:efa13fc5d99a 291 mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt);
mapellil 5:efa13fc5d99a 292 mbedtls_printf("%s", buf);
mapellil 5:efa13fc5d99a 293
mapellil 5:efa13fc5d99a 294 if (*flags == 0)
mapellil 5:efa13fc5d99a 295 mbedtls_printf("No verification issue for this certificate\n");
mapellil 5:efa13fc5d99a 296 else
mapellil 5:efa13fc5d99a 297 {
mapellil 5:efa13fc5d99a 298 mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags);
mapellil 5:efa13fc5d99a 299 mbedtls_printf("%s\n", buf);
mapellil 5:efa13fc5d99a 300 }
mapellil 5:efa13fc5d99a 301
mapellil 5:efa13fc5d99a 302 delete[] buf;
mapellil 5:efa13fc5d99a 303 return 0;
mapellil 5:efa13fc5d99a 304 }
mapellil 5:efa13fc5d99a 305 #endif
mapellil 5:efa13fc5d99a 306
mapellil 5:efa13fc5d99a 307 /**
mapellil 5:efa13fc5d99a 308 * Receive callback for Mbed TLS
mapellil 5:efa13fc5d99a 309 */
mapellil 5:efa13fc5d99a 310 static int ssl_recv(void *ctx, unsigned char *buf, size_t len) {
mapellil 5:efa13fc5d99a 311 int recv = -1;
mapellil 5:efa13fc5d99a 312 TCPSocket *socket = static_cast<TCPSocket *>(ctx);
mapellil 5:efa13fc5d99a 313 recv = socket->recv(buf, len);
mapellil 5:efa13fc5d99a 314
mapellil 5:efa13fc5d99a 315 if(NSAPI_ERROR_WOULD_BLOCK == recv){
mapellil 5:efa13fc5d99a 316 return MBEDTLS_ERR_SSL_WANT_READ;
mapellil 5:efa13fc5d99a 317 }else if(recv < 0){
mapellil 5:efa13fc5d99a 318 mbedtls_printf("Socket recv error %d\n", recv);
mapellil 5:efa13fc5d99a 319 return -1;
mapellil 5:efa13fc5d99a 320 }else{
mapellil 5:efa13fc5d99a 321 return recv;
mapellil 5:efa13fc5d99a 322 }
mapellil 5:efa13fc5d99a 323 }
mapellil 5:efa13fc5d99a 324
mapellil 5:efa13fc5d99a 325 /**
mapellil 5:efa13fc5d99a 326 * Send callback for Mbed TLS
mapellil 5:efa13fc5d99a 327 */
mapellil 5:efa13fc5d99a 328 static int ssl_send(void *ctx, const unsigned char *buf, size_t len) {
mapellil 5:efa13fc5d99a 329 int size = -1;
mapellil 5:efa13fc5d99a 330 TCPSocket *socket = static_cast<TCPSocket *>(ctx);
mapellil 5:efa13fc5d99a 331 size = socket->send(buf, len);
mapellil 5:efa13fc5d99a 332
mapellil 5:efa13fc5d99a 333 if(NSAPI_ERROR_WOULD_BLOCK == size){
mapellil 5:efa13fc5d99a 334 return MBEDTLS_ERR_SSL_WANT_WRITE;
mapellil 5:efa13fc5d99a 335 }else if(size < 0){
mapellil 5:efa13fc5d99a 336 mbedtls_printf("Socket send error %d\n", size);
mapellil 5:efa13fc5d99a 337 return -1;
mapellil 5:efa13fc5d99a 338 }else{
mapellil 5:efa13fc5d99a 339 return size;
mapellil 5:efa13fc5d99a 340 }
mapellil 5:efa13fc5d99a 341 }
mapellil 5:efa13fc5d99a 342
mapellil 5:efa13fc5d99a 343 TCPSocket* _tcpsocket;
mapellil 5:efa13fc5d99a 344 volatile bool _disconnected;
mapellil 5:efa13fc5d99a 345 unsigned int _tls;
mapellil 0:e477c0f8b2e4 346 };
mapellil 0:e477c0f8b2e4 347
mapellil 5:efa13fc5d99a 348
mapellil 0:e477c0f8b2e4 349 #endif // _MQTTNETWORK_H_