forked from raspberrypi/pico-examples
-
Notifications
You must be signed in to change notification settings - Fork 1
/
tls_common.c
227 lines (191 loc) · 6.87 KB
/
tls_common.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
/*
* Copyright (c) 2023 Raspberry Pi (Trading) Ltd.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <string.h>
#include <time.h>
#include "pico/stdlib.h"
#include "pico/cyw43_arch.h"
#include "lwip/pbuf.h"
#include "lwip/altcp_tcp.h"
#include "lwip/altcp_tls.h"
#include "lwip/dns.h"
typedef struct TLS_CLIENT_T_ {
struct altcp_pcb *pcb;
bool complete;
int error;
const char *http_request;
int timeout;
} TLS_CLIENT_T;
static struct altcp_tls_config *tls_config = NULL;
static err_t tls_client_close(void *arg) {
TLS_CLIENT_T *state = (TLS_CLIENT_T*)arg;
err_t err = ERR_OK;
state->complete = true;
if (state->pcb != NULL) {
altcp_arg(state->pcb, NULL);
altcp_poll(state->pcb, NULL, 0);
altcp_recv(state->pcb, NULL);
altcp_err(state->pcb, NULL);
err = altcp_close(state->pcb);
if (err != ERR_OK) {
printf("close failed %d, calling abort\n", err);
altcp_abort(state->pcb);
err = ERR_ABRT;
}
state->pcb = NULL;
}
return err;
}
static err_t tls_client_connected(void *arg, struct altcp_pcb *pcb, err_t err) {
TLS_CLIENT_T *state = (TLS_CLIENT_T*)arg;
if (err != ERR_OK) {
printf("connect failed %d\n", err);
return tls_client_close(state);
}
printf("connected to server, sending request\n");
err = altcp_write(state->pcb, state->http_request, strlen(state->http_request), TCP_WRITE_FLAG_COPY);
if (err != ERR_OK) {
printf("error writing data, err=%d", err);
return tls_client_close(state);
}
return ERR_OK;
}
static err_t tls_client_poll(void *arg, struct altcp_pcb *pcb) {
TLS_CLIENT_T *state = (TLS_CLIENT_T*)arg;
printf("timed out\n");
state->error = PICO_ERROR_TIMEOUT;
return tls_client_close(arg);
}
static void tls_client_err(void *arg, err_t err) {
TLS_CLIENT_T *state = (TLS_CLIENT_T*)arg;
printf("tls_client_err %d\n", err);
tls_client_close(state);
state->error = PICO_ERROR_GENERIC;
}
static err_t tls_client_recv(void *arg, struct altcp_pcb *pcb, struct pbuf *p, err_t err) {
TLS_CLIENT_T *state = (TLS_CLIENT_T*)arg;
if (!p) {
printf("connection closed\n");
return tls_client_close(state);
}
if (p->tot_len > 0) {
/* For simplicity this examples creates a buffer on stack the size of the data pending here,
and copies all the data to it in one go.
Do be aware that the amount of data can potentially be a bit large (TLS record size can be 16 KB),
so you may want to use a smaller fixed size buffer and copy the data to it using a loop, if memory is a concern */
char buf[p->tot_len + 1];
pbuf_copy_partial(p, buf, p->tot_len, 0);
buf[p->tot_len] = 0;
printf("***\nnew data received from server:\n***\n\n%s\n", buf);
altcp_recved(pcb, p->tot_len);
}
pbuf_free(p);
return ERR_OK;
}
static void tls_client_connect_to_server_ip(const ip_addr_t *ipaddr, TLS_CLIENT_T *state)
{
err_t err;
u16_t port = 443;
printf("connecting to server IP %s port %d\n", ipaddr_ntoa(ipaddr), port);
err = altcp_connect(state->pcb, ipaddr, port, tls_client_connected);
if (err != ERR_OK)
{
fprintf(stderr, "error initiating connect, err=%d\n", err);
tls_client_close(state);
}
}
static void tls_client_dns_found(const char* hostname, const ip_addr_t *ipaddr, void *arg)
{
if (ipaddr)
{
printf("DNS resolving complete\n");
tls_client_connect_to_server_ip(ipaddr, (TLS_CLIENT_T *) arg);
}
else
{
printf("error resolving hostname %s\n", hostname);
tls_client_close(arg);
}
}
static bool tls_client_open(const char *hostname, void *arg) {
err_t err;
ip_addr_t server_ip;
TLS_CLIENT_T *state = (TLS_CLIENT_T*)arg;
state->pcb = altcp_tls_new(tls_config, IPADDR_TYPE_ANY);
if (!state->pcb) {
printf("failed to create pcb\n");
return false;
}
altcp_arg(state->pcb, state);
altcp_poll(state->pcb, tls_client_poll, state->timeout * 2);
altcp_recv(state->pcb, tls_client_recv);
altcp_err(state->pcb, tls_client_err);
/* Set SNI */
mbedtls_ssl_set_hostname(altcp_tls_context(state->pcb), hostname);
printf("resolving %s\n", hostname);
// cyw43_arch_lwip_begin/end should be used around calls into lwIP to ensure correct locking.
// You can omit them if you are in a callback from lwIP. Note that when using pico_cyw_arch_poll
// these calls are a no-op and can be omitted, but it is a good practice to use them in
// case you switch the cyw43_arch type later.
cyw43_arch_lwip_begin();
err = dns_gethostbyname(hostname, &server_ip, tls_client_dns_found, state);
if (err == ERR_OK)
{
/* host is in DNS cache */
tls_client_connect_to_server_ip(&server_ip, state);
}
else if (err != ERR_INPROGRESS)
{
printf("error initiating DNS resolving, err=%d\n", err);
tls_client_close(state->pcb);
}
cyw43_arch_lwip_end();
return err == ERR_OK || err == ERR_INPROGRESS;
}
// Perform initialisation
static TLS_CLIENT_T* tls_client_init(void) {
TLS_CLIENT_T *state = calloc(1, sizeof(TLS_CLIENT_T));
if (!state) {
printf("failed to allocate state\n");
return NULL;
}
return state;
}
bool run_tls_client_test(const uint8_t *cert, size_t cert_len, const char *server, const char *request, int timeout) {
/* No CA certificate checking */
tls_config = altcp_tls_create_config_client(cert, cert_len);
assert(tls_config);
//mbedtls_ssl_conf_authmode(&tls_config->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
TLS_CLIENT_T *state = tls_client_init();
if (!state) {
return false;
}
state->http_request = request;
state->timeout = timeout;
if (!tls_client_open(server, state)) {
return false;
}
while(!state->complete) {
// the following #ifdef is only here so this same example can be used in multiple modes;
// you do not need it in your code
#if PICO_CYW43_ARCH_POLL
// if you are using pico_cyw43_arch_poll, then you must poll periodically from your
// main loop (not from a timer) to check for Wi-Fi driver or lwIP work that needs to be done.
cyw43_arch_poll();
// you can poll as often as you like, however if you have nothing else to do you can
// choose to sleep until either a specified time, or cyw43_arch_poll() has work to do:
cyw43_arch_wait_for_work_until(make_timeout_time_ms(1000));
#else
// if you are not using pico_cyw43_arch_poll, then WiFI driver and lwIP work
// is done via interrupt in the background. This sleep is just an example of some (blocking)
// work you might be doing.
sleep_ms(1000);
#endif
}
int err = state->error;
free(state);
altcp_tls_free_config(tls_config);
return err == 0;
}