SSLClient  v1.4.7
Add TLS 1.2 functionality to any network library.
SSLClient.h
Go to the documentation of this file.
1 /* Copyright 2019 OSU OPEnS Lab
2  *
3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
4  * software and associated documentation files (the "Software"), to deal in the Software
5  * without restriction, including without limitation the rights to use, copy, modify,
6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
7  * permit persons to whom the Software is furnished to do so, subject to the following
8  * conditions:
9  *
10  * The above copyright notice and this permission notice shall be included in all
11  * copies or substantial portions of the Software.
12  *
13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19  */
20 
21 #include "Client.h"
22 #include "SSLSession.h"
23 #include "SSLClientParameters.h"
24 #include "SSLObj.h"
25 #include <vector>
26 
27 #ifndef SSLClient_H_
28 #define SSLClient_H_
29 
35 class SSLClient : public Client {
36 public:
45  enum Error {
46  SSL_OK = 0,
48  SSL_CLIENT_CONNECT_FAIL = 2,
50  SSL_BR_CONNECT_FAIL = 3,
52  SSL_CLIENT_WRTIE_ERROR = 4,
54  SSL_BR_WRITE_ERROR = 5,
56  SSL_INTERNAL_ERROR = 6,
58  SSL_OUT_OF_MEMORY = 7
59  };
60 
67  enum DebugLevel {
69  SSL_NONE = 0,
71  SSL_ERROR = 1,
73  SSL_WARN = 2,
75  SSL_INFO = 3,
76  };
77 
95  explicit SSLClient( Client& client,
96  const br_x509_trust_anchor *trust_anchors,
97  const size_t trust_anchors_num,
98  const int analog_pin,
99  const size_t max_sessions = 1,
100  const DebugLevel debug = SSL_WARN);
101 
102  //========================================
103  //= Functions implemented in SSLClient.cpp
104  //========================================
105 
145  int connect(IPAddress ip, uint16_t port) override;
146 
183  int connect(const char *host, uint16_t port) override;
184 
208  size_t write(const uint8_t *buf, size_t size) override;
210  size_t write(uint8_t b) override { return write(&b, 1); }
211 
230  int available() override;
231 
253  int read(uint8_t *buf, size_t size) override;
258  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
259 
268  int peek() override;
269 
277  void flush() override;
278 
287  void stop() override;
288 
302  uint8_t connected() override;
303 
304  //========================================
305  //= Functions Not in the Client Interface
306  //========================================
307 
316  void setMutualAuthParams(const SSLClientParameters* params);
317 
332  SSLSession* getSession(const char* host);
333 
342  void removeSession(const char* host);
343 
349  size_t getSessionCount() const { return m_sessions.size(); }
350 
356  operator bool() { return connected() > 0; }
357 
359  Client& getClient() { return m_client; }
360 
365  void setTimeout(unsigned int t) { m_timeout = t; }
366 
371  unsigned int getTimeout() const { return m_timeout; }
372 
373 private:
375  Client& get_arduino_client() { return m_client; }
376  const Client& get_arduino_client() const { return m_client; }
377 
379  bool m_soft_connected(const char* func_name);
381  int m_start_ssl(const char* host = nullptr, SSLSession* ssl_ses = nullptr);
383  int m_run_until(const unsigned target);
385  unsigned m_update_engine();
387  int m_get_session_index(const char* host) const;
388 
390  void m_print_prefix(const char* func_name, const DebugLevel level) const;
391 
393  void m_print_ssl_error(const int ssl_error, const DebugLevel level) const;
394 
396  void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const;
397 
399  template<typename T>
400  void m_print(const T str, const char* func_name, const DebugLevel level) const {
401  // check the current debug level and serial status
402  if (level > m_debug || !Serial) return;
403  // print prefix
404  m_print_prefix(func_name, level);
405  // print the message
406  Serial.println(str);
407  }
408 
410  template<typename T>
411  void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); }
412 
413  template<typename T>
414  void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); }
415 
416  template<typename T>
417  void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); }
418 
419  //============================================
420  //= Data Members
421  //============================================
422  // create a reference the client
423  Client& m_client;
424  // also store an array of SSLSessions, so we can resume communication with multiple websites
425  std::vector<SSLSession> m_sessions;
426  // as well as the maximmum number of sessions we can store
427  const size_t m_max_sessions;
428  // store the pin to fetch an RNG see from
429  const int m_analog_pin;
430  // store whether to enable debug logging
431  const DebugLevel m_debug;
432  // store if we are connected in bearssl or not
433  bool m_is_connected;
434  // store the timeout for SSL internals
435  unsigned int m_timeout;
436  // store the context values required for SSL
437  br_ssl_client_context m_sslctx;
438  br_x509_minimal_context m_x509ctx;
439  // use a mono-directional buffer by default to cut memory in half
440  // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI
441  // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically
442  // simply edit this value to change the buffer size to the desired value
443  // additionally, we need to correct buffer size based off of how many sessions we decide to cache
444  // since SSL takes so much memory if we don't it will cause the stack and heap to collide
452  unsigned char m_iobuf[2048];
453  // store the index of where we are writing in the buffer
454  // so we can send our records all at once to prevent
455  // weird timing issues
456  size_t m_write_idx;
457 };
458 
459 #endif
SSLClient::connected
uint8_t connected() override
Check if the device is connected.
Definition: SSLClient.cpp:251
SSLClient::SSL_OUT_OF_MEMORY
Definition: SSLClient.h:58
SSLSession
This class stores values which allow SSLClient to save and resume SSL sessions.
Definition: SSLSession.h:51
SSLClient::setTimeout
void setTimeout(unsigned int t)
Set the timeout when waiting for an SSL response.
Definition: SSLClient.h:365
SSLClient::SSL_CLIENT_CONNECT_FAIL
Definition: SSLClient.h:48
SSLClient::SSL_INFO
Definition: SSLClient.h:75
SSLClient::SSL_BR_WRITE_ERROR
Definition: SSLClient.h:54
SSLClient::SSLClient
SSLClient(Client &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const size_t max_sessions=1, const DebugLevel debug=SSL_WARN)
Initialize SSLClient with all of the prerequisites needed.
Definition: SSLClient.cpp:55
SSLClient::flush
void flush() override
Force writing the buffered bytes from SSLClient::write to the network.
Definition: SSLClient.cpp:218
SSLClient::getSession
SSLSession * getSession(const char *host)
Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
Definition: SSLClient.cpp:282
SSLClientParameters
This struct stores data required for SSLClient to use mutual authentication.
Definition: SSLClientParameters.h:52
SSLClient::setMutualAuthParams
void setMutualAuthParams(const SSLClientParameters *params)
Add a client certificate and enable support for mutual auth.
Definition: SSLClient.cpp:306
SSLClient::available
int available() override
Returns the number of bytes available to read from the data that has been received and decrypted.
Definition: SSLClient.cpp:170
SSLClient
The main SSLClient class. Check out README.md for more info.
Definition: SSLClient.h:35
SSLClient::SSL_WARN
Definition: SSLClient.h:73
SSLClient::stop
void stop() override
Close the connection.
Definition: SSLClient.cpp:224
SSLClient::SSL_ERROR
Definition: SSLClient.h:71
SSLClient::connect
int connect(IPAddress ip, uint16_t port) override
Connect over SSL to a host specified by an IP address.
Definition: SSLClient.cpp:82
SSLClient::write
size_t write(const uint8_t *buf, size_t size) override
Write some bytes to the SSL connection.
Definition: SSLClient.cpp:127
SSLClient::read
int read() override
Read a single byte, or -1 if none is available.
Definition: SSLClient.h:258
SSLClient::Error
Error
Static constants defining the possible errors encountered.
Definition: SSLClient.h:45
SSLClient::SSL_CLIENT_WRTIE_ERROR
Definition: SSLClient.h:52
SSLClient::DebugLevel
DebugLevel
Level of verbosity used in logging for SSLClient.
Definition: SSLClient.h:67
SSLClient::getSessionCount
size_t getSessionCount() const
Get the maximum number of SSL sessions that can be stored at once.
Definition: SSLClient.h:349
SSLClient::peek
int peek() override
View the first byte of the buffer, without removing it from the SSLClient Buffer.
Definition: SSLClient.cpp:206
SSLClientParameters.h
SSLClient::SSL_BR_CONNECT_FAIL
Definition: SSLClient.h:50
SSLSession.h
SSLClient::write
size_t write(uint8_t b) override
Definition: SSLClient.h:210
SSLClient::getClient
Client & getClient()
Returns a reference to the client object stored in this class. Take care not to break it.
Definition: SSLClient.h:359
SSLClient::removeSession
void removeSession(const char *host)
Clear the session corresponding to a host and IP.
Definition: SSLClient.cpp:295
SSLClient::getTimeout
unsigned int getTimeout() const
Get the timeout when waiting for an SSL response.
Definition: SSLClient.h:371
SSLObj.h
SSLClient::SSL_NONE
Definition: SSLClient.h:69
SSLClient::SSL_OK
Definition: SSLClient.h:46
SSLClient::SSL_INTERNAL_ERROR
Definition: SSLClient.h:56