-
-
Notifications
You must be signed in to change notification settings - Fork 4
/
BSSL_TCP_Client.h
452 lines (363 loc) · 14.3 KB
/
BSSL_TCP_Client.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
/**
* BSSL_TCP_Client v2.0.14 for Arduino devices.
*
* Created June 27, 2024
*
* The MIT License (MIT)
* Copyright (c) 2023 K. Suwatchai (Mobizt)
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/*
WiFiClientSecure.h - Base class that provides Client SSL to ESP32
Copyright (c) 2011 Adrian McEwen. All right reserved.
Additions Copyright (C) 2017 Evandro Luis Copercini.
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef BSSL_TCP_CLIENT_H
#define BSSL_TCP_CLIENT_H
#pragma GCC diagnostic ignored "-Wunused-function"
#pragma GCC diagnostic ignored "-Wvla"
#include <Arduino.h>
#include "../ESP_SSLClient_FS.h"
#include "../ESP_SSLClient_Const.h"
#if defined(USE_LIB_SSL_ENGINE) || defined(USE_EMBED_SSL_ENGINE)
#include "BSSL_SSL_Client.h"
#include <string>
class BSSL_TCP_Client : public Client
{
protected:
bool _use_insecure;
public:
// The default class constructor
BSSL_TCP_Client();
// The class deconstructor
~BSSL_TCP_Client();
/**
* Set the client.
* @param client The pointer to Client interface.
* @param enableSSL The ssl option; true for enable, false for disable.
*
* Due to the client pointer is assigned, to avoid dangling pointer,
* client should be existed as long as it was used for transportation.
*/
void setClient(Client *client, bool enableSSL = true);
/**
* Set debug level.
* @param level The debug level or esp_ssl_client_debug_level.
* esp_ssl_debug_none = 0
* esp_ssl_debug_error = 1
* esp_ssl_debug_warn = 2
* esp_ssl_debug_info = 3
* esp_ssl_debug_dump = 4
*/
void setDebugLevel(int level);
/**
* Connect to server.
* @param ip The server IP to connect.
* @param port The server port to connecte.
* @return 1 for success or 0 for error.
*/
int connect(IPAddress ip, uint16_t port) override;
/**
* Connect to server.
* @param ip The server IP to connect.
* @param port The server port to connect.
* @param timeout The connection time out in miiliseconds.
* @return 1 for success or 0 for error.
*/
int connect(IPAddress ip, uint16_t port, int32_t timeout);
/**
* Connect to server.
* @param host The server host name.
* @param port The server port to connect.
* @return 1 for success or 0 for error.
*/
int connect(const char *host, uint16_t port) override;
/**
* Connect to server.
* @param host The server host name.
* @param port The server port to connect.
* @param timeout The connection time out in miiliseconds.
* @return 1 for success or 0 for error.
*/
int connect(const char *host, uint16_t port, int32_t timeout);
/**
* Get TCP connection status.
* @return 1 for connected or 0 for not connected.
*/
uint8_t connected() override;
/**
* Validate the last Client connection with these host and port.
* @param host The server host name.
* @param port The server port to connect.
* The Client connection will be closed when the provided host or port is not match with that of last connection.
*/
void validate(const char *host, uint16_t port);
/**
* Validate the last Client connection with these IP and port.
* @param ip The server IP to connect.
* @param port The server port to connect.
* The Client connection will be closed when the provided IP or port is not match with that of last connection.
*/
void validate(IPAddress ip, uint16_t port);
/**
* Get available data size to read.
* @return The avaiable data size.
* @note Get available data directly via lwIP for non-secure mode or via mbedTLS for secure mode.
*/
int available() override;
/**
* The TCP data read function.
* @return A byte data that was successfully read or -1 for error.
* @note Get data directly via lwIP for non-secure mode or via mbedTLS to deccrypt data for secure mode.
*/
int read() override;
/**
* The TCP data read function.
* @param buf The data buffer.
* @param size The length of data that read.
* @return The size of data that was successfully read or 0 for error.
* @note Get data directly via lwIP for non-secure mode or via mbedTLS to deccrypt data for secure mode.
*/
int read(uint8_t *buf, size_t size) override;
/**
* The TCP data send function.
* @param data The data to send.
* @return The size of data that was successfully sent or 0 for error.
*/
int send(const char *data);
/**
* The TCP data print function.
* @param data The data to print.
* @return The size of data that was successfully print or 0 for error.
*/
int print(const char *data);
/**
* The TCP data print function.
* @param data The data to print.
* @return The size of data that was successfully print or 0 for error.
*/
int print(const String &data);
/**
* The TCP data print function.
* @param data The data to print.
* @return The size of data that was successfully print or 0 for error.
*/
int print(int data);
/**
* The TCP data print with new line function.
* @param data The data to print.
* @return The size of data that was successfully print or 0 for error.
*/
int println(const char *data);
/**
* The TCP data print with new line function.
* @param data The data to print.
* @return The size of data that was successfully print or 0 for error.
*/
int println(const String &data);
/**
* The TCP data print with new line function.
* @param data The data to print.
* @return The size of data that was successfully print or 0 for error.
*/
int println(int data);
/**
* The TCP data write function.
* @param buf The data to write.
* @param size The length of data to write.
* @return The size of data that was successfully written or 0 for error.
* @note Send data directly via lwIP for non-secure mode or via mbedTLS to encrypt for secure mode.
*/
size_t write(const uint8_t *buf, size_t size) override;
/**
* The TCP data write function.
* @param data The byte of data to write.
* @return The size of data that was successfully written (1) or 0 for error.
* @note Send data directly via lwIP for non-secure mode or via mbedTLS to encrypt for secure mode.
*/
size_t write(uint8_t data) override;
/**
* The TCP data write function.
* @param buf The PGM data to write.
* @param size The length of data to write.
* @return The size of data that was successfully written or 0 for error.
*/
size_t write_P(PGM_P buf, size_t size);
/**
* The TCP data write function.
* @param buf The string data to write.
* @return The size of data that was successfully written or 0 for error.
*/
size_t write(const char *buf);
/**
* The TCP data write function.
* @param stream The stream data to write.
* @return The size of data that was successfully written or 0 for error.
*/
size_t write(Stream &stream);
/**
* Read one byte from Stream with time out.
* @return The byte of data that was successfully read or -1 for timed out.
*/
int peek() override;
/**
* Disable certificate verification and ignore the authentication.
*/
void setInsecure(); // Don't validate the chain, just accept whatever is given. VERY INSECURE!
/**
* Enable/disable the SSL layer transport.
* @param enable The enable option; true for enable, false to disable.
*/
void enableSSL(bool enable);
/**
* Upgrade the current connection by setting up the SSL and perform the SSL handshake.
*
* @return operating result.
*/
bool connectSSL();
/**
* Upgrade the current connection by setting up the SSL and perform the SSL handshake.
* @param host The host to connect (unused).
* @param port The port to connect (unused).
* @return operating result.
*/
bool connectSSL(const String host, uint16_t port);
/**
* Stop the TCP connection and release resources.
*/
void stop() override;
/**
* Set the TCP connection timeout in seconds.
* @param seconds The TCP timeout in seconds.
*/
int setTimeout(uint32_t seconds);
/**
* Get the TCP connection timeout in seconds.
* @return The TCP timeout in seconds.
*/
int getTimeout();
/**
* Set the SSL handshake timeout in seconds.
* @param handshake_timeout The SSL handshake timeout in seconds.
*/
void setHandshakeTimeout(unsigned long handshake_timeout);
/**
* Set the TCP session timeout in seconds.
*
* @param seconds The TCP session timeout in seconds.
*
* The minimum session timeout value is 60 seconds.
* Set 0 to disable session timed out.
*
* If There is no data to send (write) within this period,
* the current connection will be closed and reconnect.
*
* This requires when ESP32 WiFiClient was used.
*/
void setSessionTimeout(uint32_t seconds);
/**
* Wait for all receive buffer data read.
*/
void flush() override;
/**
* Sets the requested buffer size for transmit and receive
* @param recv The receive buffer size.
* @param xmit The transmit buffer size.
*/
void setBufferSizes(int recv, int xmit);
operator bool() override { return connected(); }
int availableForWrite() override;
void setSession(BearSSL_Session *session);
void setKnownKey(const PublicKey *pk, unsigned usages = BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN);
/**
* Verify certificate's SHA256 fingerprint.
*
* @param fingerprint The certificate's SHA256 fingerprint data to compare with server certificate's SHA256 fingerprint.
* @return verification result.
*/
bool setFingerprint(const uint8_t fingerprint[20]);
bool setFingerprint(const char *fpStr);
void allowSelfSignedCerts();
void setTrustAnchors(const X509List *ta);
void setX509Time(time_t now);
void setClientRSACert(const X509List *cert, const PrivateKey *sk);
void setClientECCert(const X509List *cert, const PrivateKey *sk, unsigned allowed_usages, unsigned cert_issuer_key_type);
int getMFLNStatus();
int getLastSSLError(char *dest = NULL, size_t len = 0);
#if defined(ESP_SSL_FS_SUPPORTED)
void setCertStore(CertStoreBase *certStore);
#endif
bool setCiphers(const uint16_t *cipherAry, int cipherCount);
bool setCiphers(const std::vector<uint16_t> &list);
bool setCiphersLessSecure();
bool setSSLVersion(uint32_t min = BR_TLS10, uint32_t max = BR_TLS12);
bool probeMaxFragmentLength(IPAddress ip, uint16_t port, uint16_t len);
bool probeMaxFragmentLength(const char *hostname, uint16_t port, uint16_t len);
bool probeMaxFragmentLength(const String &host, uint16_t port, uint16_t len);
bool hasPeekBufferAPI() const EMBED_SSL_ENGINE_BASE_OVERRIDE;
size_t peekAvailable() EMBED_SSL_ENGINE_BASE_OVERRIDE;
const char *peekBuffer() EMBED_SSL_ENGINE_BASE_OVERRIDE;
void peekConsume(size_t consume) EMBED_SSL_ENGINE_BASE_OVERRIDE;
/**
* Set the Root CA or CA certificate.
* @param rootCA The Root CA or CA certificate.
*/
void setCACert(const char *rootCA);
void setCertificate(const char *client_ca);
void setPrivateKey(const char *private_key);
/**
* Read and set CA cert from file (Stream).
* @param stream The Stream interface.
* @param size The size of data to read.
* @return The operating result.
*/
bool loadCACert(Stream &stream, size_t size);
bool loadCertificate(Stream &stream, size_t size);
bool loadPrivateKey(Stream &stream, size_t size);
int connect(IPAddress ip, uint16_t port, const char *rootCABuff, const char *cli_cert, const char *cli_key);
int connect(const char *host, uint16_t port, const char *rootCABuff, const char *cli_cert, const char *cli_key);
BSSL_TCP_Client &operator=(const BSSL_TCP_Client &other);
bool operator==(const bool value) { return bool() == value; }
bool operator!=(const bool value) { return bool() != value; }
bool operator==(const BSSL_TCP_Client &);
bool operator!=(const BSSL_TCP_Client &rhs) { return !this->operator==(rhs); };
private:
String _host;
uint16_t _port;
BSSL_SSL_Client _ssl_client;
Client *_basic_client = nullptr;
// Renameing from _timeout which also defined in parent's Stream class.
unsigned long _timeout_ms = 15000;
unsigned long _handshake_timeout = 60000;
unsigned long _tcp_session_timeout = 0;
char *mStreamLoad(Stream &stream, size_t size);
};
#endif
#endif