diff options
Diffstat (limited to 'FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls.h')
-rw-r--r-- | FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls.h | 218 |
1 files changed, 218 insertions, 0 deletions
diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls.h b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls.h new file mode 100644 index 000000000..a4c856a3e --- /dev/null +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls.h @@ -0,0 +1,218 @@ +/* + * FreeRTOS V202111.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ + +/** + * @file tls_freertos.h + * @brief TLS transport interface header. + */ + +#ifndef USING_MBEDTLS +#define USING_MBEDTLS + +/**************************************************/ +/******* DO NOT CHANGE the following order ********/ +/**************************************************/ + +/* Logging related header files are required to be included in the following order: + * 1. Include the header file "logging_levels.h". + * 2. Define LIBRARY_LOG_NAME and LIBRARY_LOG_LEVEL. + * 3. Include the header file "logging_stack.h". + */ + +/* Include header that defines log levels. */ +#include "logging_levels.h" + +/* Logging configuration for the Sockets. */ +#ifndef LIBRARY_LOG_NAME + #define LIBRARY_LOG_NAME "TlsTransport" +#endif +#ifndef LIBRARY_LOG_LEVEL + #define LIBRARY_LOG_LEVEL LOG_ERROR +#endif + +/* Prototype for the function used to print to console on Windows simulator + * of FreeRTOS. + * The function prints to the console before the network is connected; + * then a UDP port after the network has connected. */ +extern void vLoggingPrintf( const char * pcFormatString, + ... ); + +/* Map the SdkLog macro to the logging function to enable logging + * on Windows simulator. */ +#ifndef SdkLog + #define SdkLog( message ) vLoggingPrintf message +#endif + +#include "logging_stack.h" + +/************ End of logging configuration ****************/ + +/* FreeRTOS+TCP include. */ +#include "FreeRTOS_Sockets.h" + +/* Transport interface include. */ +#include "transport_interface.h" + +/* mbed TLS includes. */ +#include "mbedtls/ctr_drbg.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ssl.h" +#include "mbedtls/threading.h" +#include "mbedtls/x509.h" +#include "mbedtls/error.h" + +/** + * @brief Secured connection context. + */ +typedef struct SSLContext +{ + mbedtls_ssl_config config; /**< @brief SSL connection configuration. */ + mbedtls_ssl_context context; /**< @brief SSL connection context */ + mbedtls_x509_crt_profile certProfile; /**< @brief Certificate security profile for this connection. */ + mbedtls_x509_crt rootCa; /**< @brief Root CA certificate context. */ + mbedtls_x509_crt clientCert; /**< @brief Client certificate context. */ + mbedtls_pk_context privKey; /**< @brief Client private key context. */ + mbedtls_entropy_context entropyContext; /**< @brief Entropy context for random number generation. */ + mbedtls_ctr_drbg_context ctrDrgbContext; /**< @brief CTR DRBG context for random number generation. */ +} SSLContext_t; + +/** + * @brief Parameters for the network context of the transport interface + * implementation that uses mbedTLS and FreeRTOS+TCP sockets. + */ +typedef struct TlsTransportParams +{ + Socket_t tcpSocket; + SSLContext_t sslContext; +} TlsTransportParams_t; + +/** + * @brief Contains the credentials necessary for tls connection setup. + */ +typedef struct NetworkCredentials +{ + /** + * @brief To use ALPN, set this to a NULL-terminated list of supported + * protocols in decreasing order of preference. + * + * See [this link] + * (https://aws.amazon.com/blogs/iot/mqtt-with-tls-client-authentication-on-port-443-why-it-is-useful-and-how-it-works/) + * for more information. + */ + const char ** pAlpnProtos; + + /** + * @brief Disable server name indication (SNI) for a TLS session. + */ + BaseType_t disableSni; + + const uint8_t * pRootCa; /**< @brief String representing a trusted server root certificate. */ + size_t rootCaSize; /**< @brief Size associated with #NetworkCredentials.pRootCa. */ + const uint8_t * pClientCert; /**< @brief String representing the client certificate. */ + size_t clientCertSize; /**< @brief Size associated with #NetworkCredentials.pClientCert. */ + const uint8_t * pPrivateKey; /**< @brief String representing the client certificate's private key. */ + size_t privateKeySize; /**< @brief Size associated with #NetworkCredentials.pPrivateKey. */ +} NetworkCredentials_t; + +/** + * @brief TLS Connect / Disconnect return status. + */ +typedef enum TlsTransportStatus +{ + TLS_TRANSPORT_SUCCESS = 0, /**< Function successfully completed. */ + TLS_TRANSPORT_INVALID_PARAMETER, /**< At least one parameter was invalid. */ + TLS_TRANSPORT_INSUFFICIENT_MEMORY, /**< Insufficient memory required to establish connection. */ + TLS_TRANSPORT_INVALID_CREDENTIALS, /**< Provided credentials were invalid. */ + TLS_TRANSPORT_HANDSHAKE_FAILED, /**< Performing TLS handshake with server failed. */ + TLS_TRANSPORT_INTERNAL_ERROR, /**< A call to a system API resulted in an internal error. */ + TLS_TRANSPORT_CONNECT_FAILURE /**< Initial connection to the server failed. */ +} TlsTransportStatus_t; + +/** + * @brief Create a TLS connection with FreeRTOS sockets. + * + * @param[out] pNetworkContext Pointer to a network context to contain the + * initialized socket handle. + * @param[in] pHostName The hostname of the remote endpoint. + * @param[in] port The destination port. + * @param[in] pNetworkCredentials Credentials for the TLS connection. + * @param[in] receiveTimeoutMs Receive socket timeout. + * @param[in] sendTimeoutMs Send socket timeout. + * + * @return #TLS_TRANSPORT_SUCCESS, #TLS_TRANSPORT_INSUFFICIENT_MEMORY, #TLS_TRANSPORT_INVALID_CREDENTIALS, + * #TLS_TRANSPORT_HANDSHAKE_FAILED, #TLS_TRANSPORT_INTERNAL_ERROR, or #TLS_TRANSPORT_CONNECT_FAILURE. + */ +TlsTransportStatus_t TLS_FreeRTOS_Connect( NetworkContext_t * pNetworkContext, + const char * pHostName, + uint16_t port, + const NetworkCredentials_t * pNetworkCredentials, + uint32_t receiveTimeoutMs, + uint32_t sendTimeoutMs ); + +/** + * @brief Gracefully disconnect an established TLS connection. + * + * @param[in] pNetworkContext Network context. + */ +void TLS_FreeRTOS_Disconnect( NetworkContext_t * pNetworkContext ); + +/** + * @brief Receives data from an established TLS connection. + * + * This is the TLS version of the transport interface's + * #TransportRecv_t function. + * + * @param[in] pNetworkContext The Network context. + * @param[out] pBuffer Buffer to receive bytes into. + * @param[in] bytesToRecv Number of bytes to receive from the network. + * + * @return Number of bytes (> 0) received if successful; + * 0 if the socket times out without reading any bytes; + * negative value on error. + */ +int32_t TLS_FreeRTOS_recv( NetworkContext_t * pNetworkContext, + void * pBuffer, + size_t bytesToRecv ); + +/** + * @brief Sends data over an established TLS connection. + * + * This is the TLS version of the transport interface's + * #TransportSend_t function. + * + * @param[in] pNetworkContext The network context. + * @param[in] pBuffer Buffer containing the bytes to send. + * @param[in] bytesToSend Number of bytes to send from the buffer. + * + * @return Number of bytes (> 0) sent on success; + * 0 if the socket times out without sending any bytes; + * else a negative value to represent error. + */ +int32_t TLS_FreeRTOS_send( NetworkContext_t * pNetworkContext, + const void * pBuffer, + size_t bytesToSend ); + +#endif /* ifndef USING_MBEDTLS */ |