在iOS中使用不带TCP的mbed TLS创建TLS连接
我正在从事的项目包括使用EAF(外部附件框架)连接到MFI(为iPhone制造)设备,并通过USB电缆来回传递数据。我想使用TLS加密流量,但由于设备上没有可用的TCP,因此无法使其正常工作 我正在使用以下代码测试与web服务器的TLS握手。它很好用。我的问题是,我不知道如何创建到设备的连接,因为TCP不可用。有什么建议吗?谢谢在iOS中使用不带TCP的mbed TLS创建TLS连接,ios,tls1.2,external-accessory,polarssl,Ios,Tls1.2,External Accessory,Polarssl,我正在从事的项目包括使用EAF(外部附件框架)连接到MFI(为iPhone制造)设备,并通过USB电缆来回传递数据。我想使用TLS加密流量,但由于设备上没有可用的TCP,因此无法使其正常工作 我正在使用以下代码测试与web服务器的TLS握手。它很好用。我的问题是,我不知道如何创建到设备的连接,因为TCP不可用。有什么建议吗?谢谢 bool tlsHandshake( id param ) { mbedtls_entropy_context entropy; mbedtls_ctr_drbg_c
bool tlsHandshake( id param )
{
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_config conf;
mbedtls_ssl_context m_ssl;
mbedtls_net_context server_fd;
mbedtls_x509_crt cacert;
//initialise an SSL/TLS context
mbedtls_net_init( &server_fd );
mbedtls_ssl_init(&m_ssl);
mbedtls_ssl_config_init( &conf );
mbedtls_entropy_init( &entropy );
const char *pers = "BYOM2Plus";
mbedtls_debug_set_threshold( DEBUG_LEVEL );
int ret = 0;
ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *)pers, strlen(pers));
if( ret != 0 ) {
[param LogEvent:[NSString stringWithFormat:@"%@%@", @"failed!! mbedtls_ctr_drbg_seed returned 0x%x", [@(ret) stringValue]]];
return false;
}
else{
[param LogEvent:@"mbedtls_ctr_drbg_seed OK"];
}
//-------------------------- Initialize certificates --------------------------
[param LogEvent:@"Loading the CA root certificate"];
int ret2 = 0;
ret2 = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem, mbedtls_test_cas_pem_len );
if( ret2 < 0 )
{
[param LogEvent:[NSString stringWithFormat:@"%@%@", @" failed\n ! mbedtls_x509_crt_parse returned -", [@(ret2) stringValue] ]];
return false;
}
[param LogEvent:[NSString stringWithFormat:@"%@%@", @"x509 cert ok ", [@(ret2) stringValue]]];
//---------------------------- Start the connection -----------------------------
[param LogEvent:[NSString stringWithFormat:@"%@%s%@%s",@"Connecting to tcp ", SERVER_NAME, @":", SERVER_PORT]];
int ret3 = mbedtls_net_connect( &server_fd, SERVER_NAME, SERVER_PORT, MBEDTLS_NET_PROTO_TCP );
if( ret3 != 0 )
{
[param LogEvent:[NSString stringWithFormat:@"%@%@", @"Failed ! mbedtls_net_connect returned -", [@(ret3) stringValue]]];
return false;
}
[param LogEvent:[NSString stringWithFormat:@"%@%@", @"Connection started: ", [@(ret3) stringValue]]];
//---------------------------- SSL setup ----------------------------
int ret4 = 0;
ret4 = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT );
if( ret4 != 0 ) {
[param LogEvent:[NSString stringWithFormat:@"%@%@", @"failed!! mbedtls_ssl_config_defaults returned 0x%0x", [@(ret4) stringValue]]];
return false;
}
else{
[param LogEvent:@"mbedtls_ssl_config_defaults OK"];
}
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
int ret5 = 0;
ret5 = mbedtls_ssl_setup( &m_ssl, &conf );
if( ret5 != 0 ) {
[param LogEvent:[NSString stringWithFormat:@"%@%@", @"failed!! mbedtls_ssl_setup returned -", [@(ret5) stringValue]]];
return false;
}
int ret6 = 0;
ret6 = mbedtls_ssl_set_hostname( &m_ssl, "mbed TLS Server 1" );
if( ret6 != 0 )
{
[param LogEvent:[NSString stringWithFormat:@"%@%@", @" failed ! mbedtls_ssl_set_hostname returned -", [@(ret6) stringValue]]];
return false;
}
mbedtls_ssl_set_bio( &m_ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
[param LogEvent:@"Performing the SSL/TLS handshake"];
[param LogEvent:@"Waiting for Handshake"];
//#ifdef HANDSHAKING_TEST
//perform an SSL/TLS handshake
int ret7 = -1;
while(( ret7 = mbedtls_ssl_handshake( &m_ssl )) != 0 ) {
if( ret7 != MBEDTLS_ERR_SSL_WANT_READ && ret7 != MBEDTLS_ERR_SSL_WANT_WRITE ) {
[param LogEvent:[NSString stringWithFormat:@"%@%@", @"failed!! mbedtls_ssl_handshake returned ", [@(ret7) stringValue]]];
return false;
}
else{
[param LogEvent:@"SSL/TLS handshake succeeded"];
}
}
[param LogEvent:[NSString stringWithFormat:@"%@%@", @"Handshake return value: ", [@(ret7) stringValue]]];
return true;
}
bool-tlsHandshake(id参数)
{
mbedtls_熵_上下文熵;
mbedtls\u ctr\u drbg\u上下文ctr\u drbg;
mbedtls_ssl_config conf;
mbedtls_ssl_上下文m_ssl;
mbedtls_net_context server_fd;
mbedtls_x509_crt cacert;
//初始化SSL/TLS上下文
mbedtls_net_init(&server_fd);
mbedtls_ssl_init(&m_ssl);
mbedtls\u ssl\u config\u init(&conf);
mbedtls_熵_初始(&熵);
const char*pers=“BYOM2Plus”;
mbedtls_调试_设置_阈值(调试级);
int-ret=0;
ret=mbedtls_ctr_drbg_seed(&ctr_drbg,mbedtls_entropy_func,&entropy,(常量无符号字符*)pers,strlen(pers));
如果(ret!=0){
[param LogEvent:[NSString stringWithFormat:@“%@%@”,“@”失败!!mbedtls\u ctr\u drbg\u seed返回0x%x”,“[@(ret)stringValue]];
返回false;
}
否则{
[参数日志事件:@“mbedtls\U ctr\U drbg\U seed OK”];
}
//--------------------------初始化证书--------------------------
[param LogEvent:@“加载CA根证书”];
int-ret2=0;
ret2=mbedtls_x509_crt_解析(&cacert,(常量无符号字符*)mbedtls_测试_cas_pem,mbedtls_测试_cas_pem);
如果(ret2<0)
{
[param LogEvent:[NSString stringWithFormat:@“%@%@”,@“失败\n!mbedtls_x509_crt_parse返回-”,[@(ret2)stringValue]];
返回false;
}
[param LogEvent:[NSString stringWithFormat:@“%@%@”,“x509证书正常”,“[@(ret2)stringValue]];
//----------------------------启动连接-----------------------------
[param LogEvent:[NSString stringWithFormat:@“%@%s%@%s”,“连接到tcp”,服务器名称,服务器端口];
int ret3=mbedtls\u net\u connect(服务器fd、服务器名称、服务器端口、mbedtls\u net\u协议TCP);
如果(ret3!=0)
{
[param LogEvent:[NSString stringWithFormat:@“%@%@”,@“失败!mbedtls_net_connect返回-”,[@(ret3)stringValue]];
返回false;
}
[param LogEvent:[NSString stringWithFormat:@“%@%@”,“连接已启动:”,[@(ret3)stringValue]];
//----------------------------SSL设置----------------------------
int-ret4=0;
ret4=mbedtls\u ssl\u config\u默认值(&conf,
MBEDTLS\u SSL\u是\u客户端,
MBEDTLS\u SSL\u传输流,
MBEDTLS\u SSL\u预设值\u默认值);
如果(ret4!=0){
[param LogEvent:[NSString stringWithFormat:@“%@%@”,“@”失败!!mbedtls_ssl_配置_默认值返回0x%0x”,“[@(ret4)stringValue]];
返回false;
}
否则{
[参数LogEvent:@“mbedtls_ssl_配置_默认值正常”];
}
mbedtls\u ssl\u conf\u authmode(&conf,mbedtls\u ssl\u VERIFY\u NONE);
mbedtls\u ssl\u conf\u ca\u chain(&conf,&cacert,NULL);
mbedtls_ssl_conf_rng(&conf,mbedtls_ctr_drbg_random,&ctr_drbg);
mbedtls\u ssl\u conf\u dbg(&conf,my\u debug,stdout);
int-ret5=0;
ret5=mbedtls\u ssl\u设置(&m\u ssl,&conf);
如果(ret5!=0){
[param LogEvent:[NSString stringWithFormat:@“%@%@”,“@”失败!!mbedtls_ssl_安装程序返回-”,[@(ret5)stringValue]];
返回false;
}
int-ret6=0;
ret6=mbedtls_ssl_set_主机名(&m_ssl,“mbed TLS服务器1”);
如果(ret6!=0)
{
[param LogEvent:[NSString stringWithFormat:@“%@%@”失败!mbedtls_ssl_set_主机名返回-”,[@(ret6)stringValue]];
返回false;
}
mbedtls\u ssl\u set\u bio(&m\u ssl,&server\u fd,mbedtls\u net\u send,mbedtls\u net\u recv,NULL);
[param LogEvent:@“执行SSL/TLS握手”];
[param LogEvent:@“等待握手”];
//#ifdef握手测试
//执行SSL/TLS握手
int-ret7=-1;
而((ret7=mbedtls_ssl_握手(&m_ssl))!=0){
if(ret7!=MBEDTLS\u ERR\u SSL\u WANT\u READ&&ret7!=MBEDTLS\u ERR\u SSL\u WANT\u WRITE){
[param LogEvent:[NSString stringWithFormat:@“%@%@”,“@”失败!!mbedtls_ssl_握手返回“,[@(ret7)stringValue]];
返回false;
}
否则{
[param LogEvent:@“SSL/TLS握手成功”];
}
}
[param LogEvent:[NSString stringWithFormat:@“%@%@”,“握手返回值:”,[@(ret7)stringValue]];
返回true;
}
struct mbedtls\u ssl\u上下文
指的是p_bio
(实际上是套接字/文件描述符的包装器)mbedtls\u net\u上下文
这是一种用于网络发送的回调方法f_send
这是一种用于网络接收的回调方法f_recv
mbedtls\u ssl\u set\u bio()set_bio()include/mbedtls/ssl.hlibrary/ssl\u tls.c
用于检查此问题的版本:mbedtls-2.16.6即使这是一个老问题,我也会给出一些提示
struct mbedtls\u ssl\u上下文
指的是p_bio
(实际上是套接字/文件描述符的包装器)mbedtls\u net\u上下文
这是一种用于网络发送的回调方法f_send
这是一种用于网络接收的回调方法f_recv
mbedtls\u ssl\u set\u bio()set_bio()