arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-08-18 17:42:23 +03:00
Code Activity

Allman now (#6080)

Browse Source 
* switch restyle script for CI

* remove confirmation

* restyle with allman
This commit is contained in:
Allman-astyler
2019-05-13 16:41:34 +02:00
committed by david gauchard
parent 625c3a62c4
commit 98125f8860
255 changed files with 51238 additions and 42984 deletions
Download Patch File Download Diff File Expand all files Collapse all files

176
libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h
View File

@@ -1,23 +1,23 @@
/*
WiFiClientBearSSL- SSL client/server for esp8266 using BearSSL libraries
- Mostly compatible with Arduino WiFi shield library and standard
WiFiClientBearSSL- SSL client/server for esp8266 using BearSSL libraries
- Mostly compatible with Arduino WiFi shield library and standard
WiFiClient/ServerSecure (except for certificate handling).
Copyright (c) 2018 Earle F. Philhower, III
Copyright (c) 2018 Earle F. Philhower, III
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
@@ -29,10 +29,12 @@
#include "BearSSLHelpers.h"
#include "CertStoreBearSSL.h"
namespace BearSSL {
namespace BearSSL
{
class WiFiClientSecure : public WiFiClient {
public:
class WiFiClientSecure : public WiFiClient
{
public:
WiFiClientSecure();
WiFiClientSecure(const WiFiClientSecure &rhs);
~WiFiClientSecure() override;
@@ -44,11 +46,13 @@ class WiFiClientSecure : public WiFiClient {
uint8_t connected() override;
size_t write(const uint8_t *buf, size_t size) override;
size_t write_P(PGM_P buf, size_t size) override;
size_t write(const char *buf) {
return write((const uint8_t*)buf, strlen(buf));
size_t write(const char *buf)
{
return write((const uint8_t*)buf, strlen(buf));
}
size_t write_P(const char *buf) {
return write_P((PGM_P)buf, strlen_P(buf));
size_t write_P(const char *buf)
{
return write_P((PGM_P)buf, strlen_P(buf));
}
size_t write(Stream& stream); // Note this is not virtual
int read(uint8_t *buf, size_t size) override;
@@ -58,44 +62,59 @@ class WiFiClientSecure : public WiFiClient {
size_t peekBytes(uint8_t *buffer, size_t length) override;
bool flush(unsigned int maxWaitMs);
bool stop(unsigned int maxWaitMs);
void flush() override { (void)flush(0); }
void stop() override { (void)stop(0); }
void flush() override
{
(void)flush(0);
}
void stop() override
{
(void)stop(0);
}
// Allow sessions to be saved/restored automatically to a memory area
void setSession(Session *session) { _session = session; }
void setSession(Session *session)
{
_session = session;
}
// Don't validate the chain, just accept whatever is given. VERY INSECURE!
void setInsecure() {
_clearAuthenticationSettings();
_use_insecure = true;
void setInsecure()
{
_clearAuthenticationSettings();
_use_insecure = true;
}
// Assume a given public key, don't validate or use cert info at all
void setKnownKey(const PublicKey *pk, unsigned usages = BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN) {
_clearAuthenticationSettings();
_knownkey = pk;
_knownkey_usages = usages;
void setKnownKey(const PublicKey *pk, unsigned usages = BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN)
{
_clearAuthenticationSettings();
_knownkey = pk;
_knownkey_usages = usages;
}
// Only check SHA1 fingerprint of certificate
bool setFingerprint(const uint8_t fingerprint[20]) {
_clearAuthenticationSettings();
_use_fingerprint = true;
memcpy_P(_fingerprint, fingerprint, 20);
return true;
bool setFingerprint(const uint8_t fingerprint[20])
{
_clearAuthenticationSettings();
_use_fingerprint = true;
memcpy_P(_fingerprint, fingerprint, 20);
return true;
}
bool setFingerprint(const char *fpStr);
// Accept any certificate that's self-signed
void allowSelfSignedCerts() {
_clearAuthenticationSettings();
_use_self_signed = true;
void allowSelfSignedCerts()
{
_clearAuthenticationSettings();
_use_self_signed = true;
}
// Install certificates of trusted CAs or specific site
void setTrustAnchors(const X509List *ta) {
_clearAuthenticationSettings();
_ta = ta;
void setTrustAnchors(const X509List *ta)
{
_clearAuthenticationSettings();
_ta = ta;
}
// In cases when NTP is not used, app must set a time manually to check cert validity
void setX509Time(time_t now) {
_now = now;
void setX509Time(time_t now)
{
_now = now;
}
// Install a client certificate for this connection, in case the server requires it (i.e. MQTT)
void setClientRSACert(const X509List *cert, const PrivateKey *sk);
@@ -106,16 +125,18 @@ class WiFiClientSecure : public WiFiClient {
void setBufferSizes(int recv, int xmit);
// Returns whether MFLN negotiation for the above buffer sizes succeeded (after connection)
int getMFLNStatus() {
return connected() && br_ssl_engine_get_mfln_negotiated(_eng);
int getMFLNStatus()
{
return connected() && br_ssl_engine_get_mfln_negotiated(_eng);
}
// Return an error code and possibly a text string in a passed-in buffer with last SSL failure
int getLastSSLError(char *dest = NULL, size_t len = 0);
// Attach a preconfigured certificate store
void setCertStore(CertStore *certStore) {
_certStore = certStore;
void setCertStore(CertStore *certStore)
{
_certStore = certStore;
}
// Select specific ciphers (i.e. optimize for speed over security)
@@ -132,7 +153,7 @@ class WiFiClientSecure : public WiFiClient {
////////////////////////////////////////////////////
// AxTLS API deprecated warnings to help upgrading
#define AXTLS_DEPRECATED \
#define AXTLS_DEPRECATED \
__attribute__((deprecated( \
"This is deprecated AxTLS API, " \
"check https://github.com/esp8266/Arduino/blob/master/libraries/ESP8266WiFi/src/WiFiClientSecure.h#L25-L99")))
@@ -148,57 +169,66 @@ class WiFiClientSecure : public WiFiClient {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
bool setCACert_P(PGM_VOID_P pk, size_t size) AXTLS_DEPRECATED {
return setCACert((const uint8_t *)pk, size);
bool setCACert_P(PGM_VOID_P pk, size_t size) AXTLS_DEPRECATED
{
return setCACert((const uint8_t *)pk, size);
}
bool setCertificate_P(PGM_VOID_P pk, size_t size) AXTLS_DEPRECATED {
return setCertificate((const uint8_t *)pk, size);
bool setCertificate_P(PGM_VOID_P pk, size_t size) AXTLS_DEPRECATED
{
return setCertificate((const uint8_t *)pk, size);
}
bool setPrivateKey_P(PGM_VOID_P pk, size_t size) AXTLS_DEPRECATED {
return setPrivateKey((const uint8_t *)pk, size);
bool setPrivateKey_P(PGM_VOID_P pk, size_t size) AXTLS_DEPRECATED
{
return setPrivateKey((const uint8_t *)pk, size);
}
#pragma GCC diagnostic pop
template<typename TFile>
bool loadCertificate(TFile& file) {
return loadCertificate(file, file.size());
bool loadCertificate(TFile& file)
{
return loadCertificate(file, file.size());
}
template<typename TFile>
bool loadPrivateKey(TFile& file) {
return loadPrivateKey(file, file.size());
bool loadPrivateKey(TFile& file)
{
return loadPrivateKey(file, file.size());
}
template<typename TFile>
bool loadCACert(TFile& file) {
return loadCACert(file, file.size());
bool loadCACert(TFile& file)
{
return loadCACert(file, file.size());
}
bool verify(const char* fingerprint, const char* domain_name) AXTLS_DEPRECATED {
(void)fingerprint;
(void)domain_name;
return connected();
bool verify(const char* fingerprint, const char* domain_name) AXTLS_DEPRECATED
{
(void)fingerprint;
(void)domain_name;
return connected();
}
bool verifyCertChain(const char* domain_name) AXTLS_DEPRECATED {
(void)domain_name;
return connected();
bool verifyCertChain(const char* domain_name) AXTLS_DEPRECATED
{
(void)domain_name;
return connected();
}
// AxTLS API deprecated section end
/////////////////////////////////////
private:
private:
void _clear();
void _clearAuthenticationSettings();
// Only one of the following two should ever be != nullptr!
std::shared_ptr<br_ssl_client_context> _sc;
std::shared_ptr<br_ssl_server_context> _sc_svr;
inline bool ctx_present() {
return (_sc != nullptr) || (_sc_svr != nullptr);
inline bool ctx_present()
{
return (_sc != nullptr) || (_sc_svr != nullptr);
}
br_ssl_engine_context *_eng; // &_sc->eng, to allow for client or server contexts
std::shared_ptr<br_x509_minimal_context> _x509_minimal;
@@ -256,9 +286,9 @@ class WiFiClientSecure : public WiFiClient {
// Methods for handling server.available() call which returns a client connection.
friend class WiFiServerSecure; // Server needs to access these constructors
WiFiClientSecure(ClientContext *client, const X509List *chain, unsigned cert_issuer_key_type,
const PrivateKey *sk, int iobuf_in_size, int iobuf_out_size, const X509List *client_CA_ta);
const PrivateKey *sk, int iobuf_in_size, int iobuf_out_size, const X509List *client_CA_ta);
WiFiClientSecure(ClientContext* client, const X509List *chain, const PrivateKey *sk,
int iobuf_in_size, int iobuf_out_size, const X509List *client_CA_ta);
int iobuf_in_size, int iobuf_out_size, const X509List *client_CA_ta);
// RSA keyed server
bool _connectSSLServerRSA(const X509List *chain, const PrivateKey *sk, const X509List *client_CA_ta);