mchapman/nina-fw
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

set the cert/key given a known socket within startClientTCP

Browse Source
This commit is contained in:
brentru
2019-10-08 13:32:24 -04:00
parent 33bfa15fc8
commit 8be4f3dbed
2 changed files with 19 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
arduino/libraries/WiFi/src/WiFiSSLClient.cpp
View File

@@ -74,7 +74,6 @@ int WiFiSSLClient::connect(const char* host, uint16_t port, const char* client_c
mbedtls_ctr_drbg_init(&_ctrDrbgContext); mbedtls_ctr_drbg_init(&_ctrDrbgContext);
mbedtls_ssl_config_init(&_sslConfig); mbedtls_ssl_config_init(&_sslConfig);
mbedtls_net_init(&_netContext); mbedtls_net_init(&_netContext);
ets_printf("*** connect inited\n"); ets_printf("*** connect inited\n");
@@ -113,7 +112,6 @@ int WiFiSSLClient::connect(const char* host, uint16_t port, const char* client_c
mbedtls_x509_crt_init(&_caCrt); mbedtls_x509_crt_init(&_caCrt);
mbedtls_ssl_conf_authmode(&_sslConfig, MBEDTLS_SSL_VERIFY_REQUIRED); mbedtls_ssl_conf_authmode(&_sslConfig, MBEDTLS_SSL_VERIFY_REQUIRED);
ets_printf("\n***Free internal heap before certs_data %u\n", heap_caps_get_free_size(MALLOC_CAP_8BIT));
// setting up CA certificates from partition // setting up CA certificates from partition
spi_flash_mmap_handle_t handle; spi_flash_mmap_handle_t handle;
const unsigned char* certs_data = {}; const unsigned char* certs_data = {};
@@ -142,7 +140,6 @@ int WiFiSSLClient::connect(const char* host, uint16_t port, const char* client_c
stop(); stop();
return 0; return 0;
} }
ets_printf("***Free internal heap after certs_data %u\n", heap_caps_get_free_size(MALLOC_CAP_8BIT));
ets_printf("*** check for client_cert and client_key\n"); ets_printf("*** check for client_cert and client_key\n");
if (client_cert != NULL && client_key != NULL) { if (client_cert != NULL && client_key != NULL) {
@@ -150,22 +147,19 @@ int WiFiSSLClient::connect(const char* host, uint16_t port, const char* client_c
mbedtls_pk_init(&_clientKey); mbedtls_pk_init(&_clientKey);
ets_printf("*** Loading client certificate.\n"); ets_printf("*** Loading client certificate.\n");
ets_printf("Client Certificate: %s\n", _clientCrt);
// note: +1 added for line ending // note: +1 added for line ending
ret = mbedtls_x509_crt_parse(&_clientCrt, (const unsigned char *)client_cert, strlen(client_cert) + 1); ret = mbedtls_x509_crt_parse(&_clientCrt, (const unsigned char *)client_cert, strlen(client_cert) + 1);
if (ret != 0) { if (ret != 0) {
ets_printf("ERROR: Client cert not parsed, %d\n", ret); ets_printf("ERROR: Client cert not parsed properly(%d)\n", ret);
ets_printf("Cert: \n %s", &_clientCrt);
stop(); stop();
return 0; return 0;
} }
ets_printf("*** Loading private key.\n"); ets_printf("*** Loading private key.\n");
ets_printf("Private Key: %s\n", &_clientKey);
ret = mbedtls_pk_parse_key(&_clientKey, (const unsigned char *)client_key, strlen(client_key)+1, ret = mbedtls_pk_parse_key(&_clientKey, (const unsigned char *)client_key, strlen(client_key)+1,
NULL, 0); NULL, 0);
if (ret != 0) { if (ret != 0) {
ets_printf("ERROR: Private key not parsed properly: %d\n", ret); ets_printf("ERROR: Private key not parsed properly:(%d)\n", ret);
stop(); stop();
return 0; return 0;
} }
@@ -175,7 +169,7 @@ int WiFiSSLClient::connect(const char* host, uint16_t port, const char* client_c
if (ret == -0x7f00) { if (ret == -0x7f00) {
ets_printf("ERROR: Memory allocation failed, MBEDTLS_ERR_SSL_ALLOC_FAILED"); ets_printf("ERROR: Memory allocation failed, MBEDTLS_ERR_SSL_ALLOC_FAILED");
} }
ets_printf("Private key not parsed properly: %d\n", ret); ets_printf("Private key not parsed properly(%d)\n", ret);
stop(); stop();
return 0; return 0;
} }
@@ -191,7 +185,7 @@ int WiFiSSLClient::connect(const char* host, uint16_t port, const char* client_c
if ((ret = mbedtls_ssl_setup(&_sslContext, &_sslConfig)) != 0) { if ((ret = mbedtls_ssl_setup(&_sslContext, &_sslConfig)) != 0) {
if (ret == -0x7f00){ if (ret == -0x7f00){
ets_printf("%s", &_clientCrt); ets_printf("%s", &_clientCrt);
ets_printf("MBEDTLS_ERR_SSL_ALLOC_FAILED\n"); ets_printf("Memory allocation failed (MBEDTLS_ERR_SSL_ALLOC_FAILED)\n");
ets_printf("Free internal heap: %u\n", heap_caps_get_free_size(MALLOC_CAP_8BIT)); ets_printf("Free internal heap: %u\n", heap_caps_get_free_size(MALLOC_CAP_8BIT));
} }
ets_printf("Unable to connect ssl setup %d\n", ret); ets_printf("Unable to connect ssl setup %d\n", ret);
@@ -211,7 +205,6 @@ int WiFiSSLClient::connect(const char* host, uint16_t port, const char* client_c
mbedtls_ssl_set_bio(&_sslContext, &_netContext, mbedtls_net_send, mbedtls_net_recv, NULL); mbedtls_ssl_set_bio(&_sslContext, &_netContext, mbedtls_net_send, mbedtls_net_recv, NULL);
ets_printf("*** start SSL/TLS handshake...\n"); ets_printf("*** start SSL/TLS handshake...\n");
ets_printf("Free internal heap after TLS %u\n", heap_caps_get_free_size(MALLOC_CAP_8BIT));
unsigned long start_handshake = millis(); unsigned long start_handshake = millis();
// ref: https://tls.mbed.org/api/ssl_8h.html#a4a37e497cd08c896870a42b1b618186e // ref: https://tls.mbed.org/api/ssl_8h.html#a4a37e497cd08c896870a42b1b618186e
while ((ret = mbedtls_ssl_handshake(&_sslContext)) !=0) { while ((ret = mbedtls_ssl_handshake(&_sslContext)) !=0) {
@@ -246,7 +239,7 @@ int WiFiSSLClient::connect(const char* host, uint16_t port, const char* client_c
mbedtls_net_set_nonblock(&_netContext); mbedtls_net_set_nonblock(&_netContext);
ets_printf("Free internal heap before cleanup: %u\n", heap_caps_get_free_size(MALLOC_CAP_8BIT)); ets_printf("Free internal heap before cleanup: %u\n", heap_caps_get_free_size(MALLOC_CAP_8BIT));
// free up the heap // free the heap
if (certs_data != NULL) { if (certs_data != NULL) {
mbedtls_x509_crt_free(&_caCrt); mbedtls_x509_crt_free(&_caCrt);
} }

31
main/CommandHandler.cpp
View File

@@ -32,9 +32,11 @@ const char FIRMWARE_VERSION[6] = "1.4.0";
// Optional, user-defined X.509 certificate // Optional, user-defined X.509 certificate
char CERT_BUF[1300]; char CERT_BUF[1300];
bool setCert = 0;
// Optional, user-defined RSA private key // Optional, user-defined RSA private key
char PK_BUFF[1700]; char PK_BUFF[1700];
bool setPSK = 0;
/*IPAddress*/uint32_t resolvedHostname; /*IPAddress*/uint32_t resolvedHostname;
@@ -554,7 +556,6 @@ int startClientTcp(const uint8_t command[], uint8_t response[])
if (type == 0x00) { if (type == 0x00) {
int result; int result;
ets_printf("*** Commandhandler L551, .connect init'd\n");
if (host[0] != '\0') { if (host[0] != '\0') {
result = tcpClients[socket].connect(host, port); result = tcpClients[socket].connect(host, port);
} else { } else {
@@ -598,10 +599,17 @@ int startClientTcp(const uint8_t command[], uint8_t response[])
} }
} else if (type == 0x02) { } else if (type == 0x02) {
int result; int result;
ets_printf("*** Commandhandler 595, .connect init'd\n");
if (host[0] != '\0') { if (host[0] != '\0') {
if (setCert && setPSK) {
tlsClients[socket].setCertificate(CERT_BUF);
tlsClients[socket].setPrivateKey(PK_BUFF);
}
result = tlsClients[socket].connect(host, port); result = tlsClients[socket].connect(host, port);
} else { } else {
if (setCert && setPSK) {
tlsClients[socket].setCertificate(CERT_BUF);
tlsClients[socket].setPrivateKey(PK_BUFF);
}
result = tlsClients[socket].connect(ip, port); result = tlsClients[socket].connect(ip, port);
} }
@@ -1057,42 +1065,31 @@ int wpa2EntEnable(const uint8_t command[], uint8_t response[]) {
int setClientCert(const uint8_t command[], uint8_t response[]){ int setClientCert(const uint8_t command[], uint8_t response[]){
ets_printf("*** Called setClientCert\n"); ets_printf("*** Called setClientCert\n");
ets_printf("\nFree internal heap: %u\n", heap_caps_get_free_size(MALLOC_CAP_8BIT));
memset(CERT_BUF, 0x00, sizeof(CERT_BUF)); memset(CERT_BUF, 0x00, sizeof(CERT_BUF));
memcpy(CERT_BUF, &command[4], sizeof(CERT_BUF)); memcpy(CERT_BUF, &command[4], sizeof(CERT_BUF));
ets_printf("\nCertificate Data (from CircuitPython): \n %s", CERT_BUF);
// TODO: add statement for allocation failing.
ets_printf("\nFree internal heap: %u\n", heap_caps_get_free_size(MALLOC_CAP_8BIT));
tlsClients[0].setCertificate(CERT_BUF);
ets_printf("\nFree internal heap: %u\n", heap_caps_get_free_size(MALLOC_CAP_8BIT));
response[2] = 1; // number of parameters response[2] = 1; // number of parameters
response[3] = 1; // parameter 1 length response[3] = 1; // parameter 1 length
response[4] = 1; response[4] = 1;
setCert = 1;
return 6; return 6;
} }
int setCertKey(const uint8_t command[], uint8_t response[]){ int setCertKey(const uint8_t command[], uint8_t response[]){
ets_printf("*** Called setCertKey\n"); ets_printf("*** Called setCertKey\n");
ets_printf("\nFree internal heap: %u\n", heap_caps_get_free_size(MALLOC_CAP_8BIT));
ets_printf("\nCertificate Data (from CircuitPython): \n %s", PK_BUFF);
memset(PK_BUFF, 0x00, sizeof(PK_BUFF)); memset(PK_BUFF, 0x00, sizeof(PK_BUFF));
memcpy(PK_BUFF, &command[4], sizeof(PK_BUFF)); memcpy(PK_BUFF, &command[4], sizeof(PK_BUFF));
tlsClients[0].setPrivateKey(PK_BUFF);
ets_printf("\nFree internal heap: %u\n", heap_caps_get_free_size(MALLOC_CAP_8BIT));
response[2] = 1; // number of parameters response[2] = 1; // number of parameters
response[3] = 1; // parameter 1 length response[3] = 1; // parameter 1 length
response[4] = 1; response[4] = 1;
setPSK = 1;
return 6; return 6;
} }