Contiki-NG
Loading...
Searching...
No Matches
mbedtls-support.c
Go to the documentation of this file.
1/*
2 * Copyright (c) 2022, RISE Research Institutes of Sweden AB
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * 3. Neither the name of the copyright holder nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
27 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
29 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
31 * OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34/**
35 * \file
36 * DTLS (Mbed TLS implementation) support for CoAP
37 *
38 * \author
39 * Jayendra Ellamathy <ejayen@gmail.com>
40 */
41
42#include "contiki.h"
43#include "contiki-net.h"
44#include "lib/csprng.h"
45#include "lib/heapmem.h"
46
47#include "mbedtls-support.h"
48
49#include "mbedtls/debug.h"
50#include "mbedtls/error.h"
51#include "mbedtls/net_sockets.h"
52#include "mbedtls/version.h"
53
54#if !defined(MBEDTLS_SSL_PROTO_DTLS) || \
55 !(defined(MBEDTLS_TIMING_C) || defined(MBEDTLS_TIMING_ALT)) || \
56 !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
57#error "Invalid MBEDTLS configuration."
58#endif
59
60#ifdef COAP_DTLS_CONF_WITH_CLIENT
61#if !defined(MBEDTLS_SSL_CLI_C)
62#error "MBEDTLS_SSL_CLI_C not defined.";
63#endif
64#endif /* COAP_DTLS_CONF_WITH_CLIENT */
65
66#ifdef COAP_DTLS_CONF_WITH_SERVER
67#if !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_COOKIE_C) || \
68 !defined(MBEDTLS_SSL_CACHE_C)
69#error "MBEDTLS_SSL_SRV_C and/or MBEDTLS_SSL_COOKIE_C and/or "
70 "MBEDTLS_SSL_CACHE_C not defined.";
71 return;
72#endif
73#endif /* COAP_DTLS_CONF_WITH_SERVER */
74
75#ifdef COAP_DTLS_CONF_WITH_PSK
76#if !defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
77#error "MBEDTLS_KEY_EXCHANGE_PSK_ENABLED not defined.";
78#endif
79#endif /* COAP_DTLS_CONF_WITH_PSK */
80
81#ifdef COAP_DTLS_CONF_WITH_CERT
82#if !defined(MBEDTLS_X509_CRT_PARSE_C) || \
83 !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
84 !defined(MBEDTLS_PEM_PARSE_C)
85#error "MBEDTLS_X509_CRT_PARSE_C and/or "
86 "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED and/or "
87 "MBEDTLS_PEM_PARSE_C not defined.\n");
88#endif
89#endif /* COAP_DTLS_CONF_WITH_CERT */
90
91#if !defined(COAP_DTLS_PRNG_INSECURE) && !CSPRNG_ENABLED
92#error CSPRNG module needs to be enabled for DTLS. Set CSPRNG_CONF_ENABLED to 1.
93#endif
94
95#if defined(MBEDTLS_ECDSA_VERIFY_ALT) || \
96 defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT)
97#include "nrf_crypto.h"
98#endif /* MBEDTLS_ECDSA_VERIFY_ALT ||
99 MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
100
101/* Log configuration */
102#include "sys/log.h"
103#define LOG_MODULE "DTLS"
104#define LOG_LEVEL LOG_LEVEL_DTLS
105
106MEMB(dtls_session_info_memb, coap_dtls_session_info_t,
107 COAP_DTLS_MAX_SESSIONS);
108
109static coap_dtls_context_t dtls_context;
110
111/*---------------------------------------------------------------------------*/
112#if defined(MBEDTLS_DEBUG_C)
113static void
114mbedtls_debug(void *ctx, int level,
115 const char *file, int line, const char *str)
116{
117 LOG_DBG("%s:%d: %s", file, line, str);
118}
119#endif /* MBEDTLS_DEBUG_C */
120/*---------------------------------------------------------------------------*/
121#if defined(MBEDTLS_NO_PLATFORM_ENTROPY)
122static int
123random_number_generator(void *ctx, unsigned char *buffer, size_t length)
124{
125#if COAP_DTLS_PRNG_INSECURE
126 /* This is an insecure PRNG for testing purposes only. */
127 uint16_t rand_num = 0;
128 size_t len = 0;
129
130 while(length < (len + sizeof(rand_num))) {
131 rand_num = random_rand();
132 memcpy(buffer + len, &rand_num, sizeof(rand_num));
133 len += sizeof(rand_num);
134 }
135 rand_num = random_rand();
136 memcpy(buffer, &rand_num, length - len);
137
138 LOG_WARN("Missing CSPRNG: using %zu bytes of possibly non-random values!\n",
139 length);
140
141 return 0;
142#else /* COAP_DTLS_PRNG_INSECURE */
143#if !CSPRNG_ENABLED
144#error CSPRNG module needs to be enabled for DTLS. Set CSPRNG_CONF_ENABLED to 1.
145#endif /* !CSPRNG_ENABLED */
146
147 if(!csprng_rand(buffer, length)) {
148 LOG_ERR("Failed to generate %zu bytes of random values\n", length);
149 return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
150 }
151 LOG_DBG("Generated %zu bytes of random values\n", length);
152
153 return 0;
154#endif /* COAP_DTLS_PRNG_INSECURE */
155}
156#endif /* defined(MBEDTLS_NO_PLATFORM_ENTROPY) */
157/*---------------------------------------------------------------------------*/
158void
159coap_dtls_init(void)
160{
161 /* The buffer should be at least 18 bytes to hold the full version string. */
162 char version[20];
163 mbedtls_version_get_string_full(version);
164 LOG_INFO("Initializing DTLS support with library \"%s\"\n", version);
165
166#if defined(MBEDTLS_DEBUG_C)
167 mbedtls_debug_set_threshold(COAP_MBEDTLS_LIB_DEBUG_LEVEL);
168#endif /* MBEDTLS_DEBUG_C */
169
170#if defined(MBEDTLS_ECDSA_VERIFY_ALT) || \
171 defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT)
172 if(nrf_crypto_init() != NRF_SUCCESS) {
173 LOG_ERR("Unable to initialize nRF Crypto\n");
174 return;
175 }
176#endif
177
178 LIST_STRUCT_INIT(&dtls_context, sessions);
179 LIST_STRUCT_INIT(&dtls_context, send_message_fifo);
180
181 /* DTLS context initialized and ready */
182 dtls_context.ready = 1;
183 return;
184}
185/*---------------------------------------------------------------------------*/
186void
187coap_dtls_conn_init(struct uip_udp_conn *udp_conn,
188 struct process *host_process)
189{
190 dtls_context.udp_conn = udp_conn;
191 dtls_context.host_process = host_process;
192}
193/*---------------------------------------------------------------------------*/
194bool
195coap_ep_is_dtls_peer(const coap_endpoint_t *ep)
196{
197 coap_dtls_session_info_t *info = NULL;
198
199 for(info = list_head(dtls_context.sessions); info; info = info->next) {
200 if(coap_endpoint_cmp(&info->ep, ep)) {
201 return true;
202 }
203 }
204 return false;
205}
206/*---------------------------------------------------------------------------*/
207#ifdef COAP_DTLS_CONF_WITH_SERVER
208coap_dtls_session_info_t *
209coap_get_free_server_session(void)
210{
211 coap_dtls_session_info_t *info = NULL;
212
213 for(info = list_head(dtls_context.sessions); info; info = info->next) {
214 if(info->role == COAP_MBEDTLS_ROLE_SERVER && !info->in_use) {
215 return info;
216 }
217 }
218
219 return NULL;
220}
221#endif /* COAP_DTLS_CONF_WITH_SERVER */
222/*---------------------------------------------------------------------------*/
223coap_dtls_session_info_t *
224coap_ep_get_dtls_session_info(const coap_endpoint_t *ep)
225{
226 coap_dtls_session_info_t *info = NULL;
227
228 for(info = list_head(dtls_context.sessions); info; info = info->next) {
229 if(coap_endpoint_cmp(&info->ep, ep)) {
230 break;
231 }
232 }
233 return info;
234}
235/*---------------------------------------------------------------------------*/
236bool
237coap_ep_is_dtls_connected(const coap_endpoint_t *ep)
238{
239 coap_dtls_session_info_t *info = coap_ep_get_dtls_session_info(ep);
240 return info != NULL ? mbedtls_ssl_is_handshake_over(&info->ssl) : 0;
241}
242/*---------------------------------------------------------------------------*/
243int
244coap_ep_get_dtls_state(const coap_endpoint_t *ep)
245{
246 coap_dtls_session_info_t *info = coap_ep_get_dtls_session_info(ep);
247 return info != NULL ? info->ssl.MBEDTLS_PRIVATE(state) : 0;
248}
249/*---------------------------------------------------------------------------*/
250static int
251perform_handshake(coap_dtls_session_info_t *session_info)
252{
253 int ret;
254
255 etimer_stop(&session_info->retransmission_et);
256 memset(&session_info->retransmission_et, 0, sizeof(struct etimer));
257
258#ifdef COAP_DTLS_CONF_WITH_SERVER
259 if(session_info->role == COAP_MBEDTLS_ROLE_SERVER) {
260 /* For HelloVerifyRequest cookies */
261 ret = mbedtls_ssl_set_client_transport_id(&session_info->ssl,
262 (const unsigned char *)&session_info->ep,
263 sizeof(coap_endpoint_t));
264 if(ret != 0) {
265 LOG_DBG("mbedtls_ssl_set_client_transport_id() returned -0x%x\n",
266 (unsigned int)-ret);
267 }
268 }
269#endif /* COAP_DTLS_CONF_WITH_SERVER */
270
271 LOG_INFO("Handshake starting\n");
272 ret = mbedtls_ssl_handshake(&session_info->ssl);
273 LOG_INFO("Handshake in progress, ending with completed = %d\n",
274 mbedtls_ssl_is_handshake_over(&session_info->ssl));
275
276 if(ret == 0) {
277 LOG_INFO("DTLS handshake succesful\n");
278 } else if(ret < 0) {
279 /* Handshake error handling */
280 if(ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
281#ifdef COAP_DTLS_CONF_WITH_CLIENT
282 /* HS failed -- Clean up
283 * Call coap_ep_dtls_connect() again if a retry is needed */
284 if(session_info->role == COAP_MBEDTLS_ROLE_CLIENT) {
285 list_remove(dtls_context.sessions, session_info);
286 memb_free(&dtls_session_info_memb, session_info);
287 return ret;
288 }
289#endif /* COAP_DTLS_CONF_WITH_CLIENT */
290#ifdef COAP_DTLS_CONF_WITH_SERVER
291 if(session_info->role == COAP_MBEDTLS_ROLE_SERVER) {
292 /* For helloVerifyRequest, wait for ClientHello with Cookie,
293 * otherwise cleanup to allow other connections */
294 mbedtls_ssl_session_reset(&session_info->ssl);
295 if(ret != MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
296 session_info->in_use = false;
297 memset(&session_info->ep, 0, sizeof(coap_endpoint_t));
298 etimer_stop(&session_info->retransmission_et);
299 } else {
300 return ret;
301 }
302 }
303#endif /* COAP_DTLS_CONF_WITH_SERVER */
304 LOG_ERR("DTLS handshake failed\n");
305 }
306 }
307
308 return ret;
309}
310/*---------------------------------------------------------------------------*/
311/* TODO: Currently using MBEDTLS_PRIVATE to access now hidden timer internals */
312/*---------------------------------------------------------------------------*/
313void
314coap_dtls_event_handler(void)
315{
316 LOG_DBG("Call to %s\n", __func__);
317
318 /* Send DTLS message event */
319 coap_dtls_send_message_t *send_message = list_pop(dtls_context.send_message_fifo);
320 if(send_message == NULL) {
321 LOG_DBG("No message in the FIFO\n");
322 } else {
323 uip_udp_packet_sendto(dtls_context.udp_conn, send_message->send_buf,
324 send_message->len,
325 &send_message->ep.ipaddr, send_message->ep.port);
326 LOG_INFO("Sent DTLS message of len = %zu\n", send_message->len);
327 if(!heapmem_free(send_message)) {
328 LOG_ERR("Failed to free a sent message\n");
329 }
330
331 /* Update re-transmission timer */
332 /* TODO, please note that the current timer implementation
333 ignores the new mbedTLS default to hide the constituents,
334 which otherwise requires access through
335 timer.MBEDTLS_PRIVATE(<field>)
336 */
337
338 coap_dtls_session_info_t *info = coap_ep_get_dtls_session_info(&send_message->ep);
339 uint32_t elapsed_ms = mbedtls_timing_get_timer(&info->timer.MBEDTLS_PRIVATE(timer),
340 0);
341 if(info->timer.MBEDTLS_PRIVATE(fin_ms) > 0) {
342 uint32_t time_left_ms = info->timer.MBEDTLS_PRIVATE(fin_ms) - elapsed_ms;
343 if(time_left_ms > 0) {
344 LOG_DBG("Updating re-transmission timer to %u ms\n",
345 (unsigned int)time_left_ms);
346 etimer_set(&info->retransmission_et,
347 (time_left_ms * CLOCK_SECOND) / 1000);
348 }
349 }
350
351 if(list_head(dtls_context.send_message_fifo) != NULL) {
352 if(COAP_MBEDTLS_FRAGMENT_TIMER > 0) {
353 etimer_set(&dtls_context.fragmentation_et,
354 (CLOCK_SECOND * COAP_MBEDTLS_FRAGMENT_TIMER) / 1000);
355 LOG_DBG("Setting fragmentation timer to %u ms\n",
356 (unsigned int)COAP_MBEDTLS_FRAGMENT_TIMER);
357 } else {
358 process_poll(dtls_context.host_process);
359 }
360 }
361 }
362
363 /* DTLS re-transmission event */
364 for(coap_dtls_session_info_t *info = list_head(dtls_context.sessions);
365 info != NULL;
366 info = info->next) {
367 if(etimer_expiration_time(&info->retransmission_et) > 0 &&
368 etimer_expired(&info->retransmission_et)) {
369 LOG_INFO("Re-transmission timer expired\n");
370 LOG_DBG("HS retry, current process = %s\n", PROCESS_CURRENT()->name);
371 perform_handshake(info);
372 break;
373 }
374 }
375
376 return;
377}
378/*---------------------------------------------------------------------------*/
379static int
380coap_ep_mbedtls_sendto(void *ctx, const unsigned char *buf, size_t len)
381{
382 LOG_DBG("Call to %s\n", __func__);
383
384 if(ctx == NULL) {
385 return MBEDTLS_ERR_NET_INVALID_CONTEXT;
386 }
387
388 coap_dtls_send_message_t *send_message = (coap_dtls_send_message_t *)heapmem_alloc(sizeof(coap_dtls_send_message_t));
389 if(send_message == NULL) {
390 LOG_ERR("Unable to allocate memory for DTLS message\n");
391 return MBEDTLS_ERR_NET_SEND_FAILED;
392 }
393
394 coap_dtls_session_info_t *session_info = (coap_dtls_session_info_t *)ctx;
395 memcpy(&send_message->ep, &session_info->ep, sizeof(coap_endpoint_t));
396 memcpy(send_message->send_buf, buf, len);
397 send_message->len = len;
398 list_add(dtls_context.send_message_fifo, send_message);
399
400 process_poll(dtls_context.host_process);
401
402 return len;
403}
404/*---------------------------------------------------------------------------*/
405static int
406coap_ep_mbedtls_recv(void *ctx, unsigned char *buf, size_t len)
407{
408 LOG_DBG("Call to %s\n", __func__);
409
410 if(uip_datalen() == 0) {
411 LOG_DBG("Input data length is 0\n");
412 return MBEDTLS_ERR_SSL_WANT_READ;
413 }
414
415 if(ctx == NULL) {
416 LOG_DBG("Session info is missing\n");
417 return MBEDTLS_ERR_NET_INVALID_CONTEXT;
418 }
419 coap_dtls_session_info_t *session_info = (coap_dtls_session_info_t *)ctx;
420 if(session_info->is_packet_consumed) {
421 LOG_DBG("The packet has been consumed\n");
422 return MBEDTLS_ERR_SSL_WANT_READ;
423 }
424
425 if(len < uip_datalen()) {
426 LOG_ERR("DTLS incoming buffer too small, len = %zu, uip_datalen = %d\n",
427 len, uip_datalen());
428 return 0;
429 }
430
431 memcpy(buf, uip_appdata, uip_datalen());
432 session_info->is_packet_consumed = true;
433
434 LOG_DBG("Read of %d bytes completed\n", uip_datalen());
435 return uip_datalen();
436}
437/*---------------------------------------------------------------------------*/
438static coap_dtls_session_info_t *
439setup_session(const coap_mbedtls_role_t role,
440 const coap_dtls_sec_mode_t sec_mode,
441 const void *keystore_entry)
442{
443 int ret;
444#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
445 const char *pers = "Contiki_DTLS";
446#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
447 coap_dtls_session_info_t *session_info = NULL;
448
449 /* Create and add to the linked list of sessions. */
450 session_info = memb_alloc(&dtls_session_info_memb);
451 if(!session_info) {
452 LOG_ERR("Unable to allocate memory for DTLS server session\n");
453 return NULL;
454 }
455 list_add(dtls_context.sessions, session_info);
456
457 session_info->role = role;
458
459 /* Initialize Mbed TLS structs */
460 mbedtls_ssl_init(&session_info->ssl);
461 mbedtls_ssl_config_init(&session_info->conf);
462
463#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
464 mbedtls_entropy_init(&session_info->entropy);
465#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
466 mbedtls_ctr_drbg_init(&session_info->ctr_drbg);
467
468#ifdef COAP_DTLS_CONF_WITH_CERT
469 if(sec_mode == COAP_DTLS_SEC_MODE_CERT) {
470 mbedtls_x509_crt_init(&session_info->ca_cert);
471 mbedtls_x509_crt_init(&session_info->own_cert);
472 mbedtls_pk_init(&session_info->pkey);
473 }
474#endif /* COAP_DTLS_CONF_WITH_CERT */
475
476#ifdef COAP_DTLS_CONF_WITH_SERVER
477 /* Initialization for server side only */
478 if(role == COAP_MBEDTLS_ROLE_SERVER) {
479 mbedtls_ssl_cookie_init(&session_info->cookie_ctx);
480#if defined(MBEDTLS_SSL_CACHE_C)
481 mbedtls_ssl_cache_init(&session_info->cache);
482#endif /* MBEDTLS_SSL_CACHE_C */
483 }
484#endif /* COAP_DTLS_CONF_WITH_SERVER */
485
486 /* Seed the random number generator -- Used when rng functionality is NOT
487 * provided by platform (Currently, Native platform) */
488#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
489 if((ret = mbedtls_ctr_drbg_seed(&session_info->ctr_drbg,
490 mbedtls_entropy_func,
491 &session_info->entropy,
492 (const unsigned char *)pers,
493 strlen(pers))) != 0) {
494 LOG_ERR("mbedtls_ctr_drbg_seed returned %d\n", ret);
495 goto clean_and_ret_err;
496 }
497#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
498
499 /* Configure protocol as DTLS and role as Client or Server */
500 if((ret = mbedtls_ssl_config_defaults(&session_info->conf,
501 role == COAP_MBEDTLS_ROLE_CLIENT ?
502 MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
503 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
504 MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
505 LOG_ERR("mbedtls_ssl_config_defaults returned %d\n", ret);
506 goto clean_and_ret_err;
507 }
508
509#ifndef COAP_MBEDTLS_CONF_USE_ALL_CIPHERSUITES
510#ifdef COAP_DTLS_CONF_WITH_CERT
511 if(sec_mode == COAP_DTLS_SEC_MODE_CERT) {
512 session_info->ciphersuite = MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
513 }
514#endif /* COAP_DTLS_CONF_WITH_CERT */
515#ifdef COAP_DTLS_CONF_WITH_PSK
516 if(sec_mode == COAP_DTLS_SEC_MODE_PSK) {
517 session_info->ciphersuite = MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8;
518 }
519#endif /* COAP_DTLS_CONF_WITH_PSK */
520 mbedtls_ssl_conf_ciphersuites(&session_info->conf,
521 (const int *)&session_info->ciphersuite);
522#endif /* COAP_MBEDTLS_CONF_USE_ALL_CIPHERSUITES */
523
524 /* For testing purposes MBEDTLS_SSL_VERIFY_OPTIONAL maybe used to skip the
525 * certificate check */
526 mbedtls_ssl_conf_authmode(&session_info->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
527 mbedtls_ssl_conf_rng(&session_info->conf,
528#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
529 mbedtls_ctr_drbg_random,
530#else /* !MBEDTLS_NO_PLATFORM_ENTROPY */
531 random_number_generator,
532#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
533 &session_info->ctr_drbg);
534#ifdef COAP_DTLS_CONF_WITH_CERT
535 if(sec_mode == COAP_DTLS_SEC_MODE_CERT) {
536 coap_keystore_cert_entry_t *ks =
537 (coap_keystore_cert_entry_t *)keystore_entry;
538 if(ks->ca_cert == NULL || ks->own_cert == NULL || ks->priv_key == NULL) {
539 LOG_ERR("Certificate or private key missing!\n");
540 goto clean_and_ret_err;
541 }
542
543 /* Load the root CA certificate */
544 ret = mbedtls_x509_crt_parse(&session_info->ca_cert,
545 (const unsigned char *)ks->ca_cert,
546 ks->ca_cert_len);
547 if(ret < 0) {
548 LOG_ERR("mbedtls_x509_crt_parse failed for CA cert (error %d)\n", ret);
549 goto clean_and_ret_err;
550 }
551
552 mbedtls_ssl_conf_ca_chain(&session_info->conf, &session_info->ca_cert,
553 NULL);
554
555 /* Load the client/server certificate and private key */
556 ret = mbedtls_x509_crt_parse(&session_info->own_cert,
557 (const unsigned char *)ks->own_cert,
558 ks->own_cert_len);
559 if(ret < 0) {
560 LOG_ERR("mbedtls_x509_crt_parse for own cert (error %d)\n", ret);
561 goto clean_and_ret_err;
562 }
563
564 ret = mbedtls_pk_parse_key(&session_info->pkey,
565 (const unsigned char *)ks->priv_key,
566 ks->priv_key_len, NULL, 0,
567 mbedtls_entropy_func, NULL); /* TODO: test */
568 if(ret < 0) {
569 LOG_DBG("mbedtls_pk_parse_key returned %d\n", ret);
570 goto clean_and_ret_err;
571 }
572
573 ret = mbedtls_ssl_conf_own_cert(&session_info->conf,
574 &session_info->own_cert,
575 &session_info->pkey);
576 if(ret != 0) {
577 LOG_ERR("mbedtls_ssl_conf_own_cert returned %d\n", ret);
578 goto clean_and_ret_err;
579 }
580 } else
581#endif /* COAP_DTLS_CONF_WITH_CERT */
582#ifdef COAP_DTLS_CONF_WITH_PSK
583 if(sec_mode == COAP_DTLS_SEC_MODE_PSK) {
584
585 coap_keystore_psk_entry_t *ks =
586 (coap_keystore_psk_entry_t *)keystore_entry;
587
588 if(ks->identity == NULL || ks->key == NULL) {
589 LOG_ERR("PSK identity or key missing\n");
590 goto clean_and_ret_err;
591 }
592
593 /* Load the PSK key and identity */
594 mbedtls_ssl_conf_psk(&session_info->conf,
595 (const unsigned char *)ks->key,
596 ks->key_len,
597 (const unsigned char *)ks->identity,
598 ks->identity_len);
599 } else
600#endif /* COAP_DTLS_CONF_WITH_PSK */
601 {
602 LOG_ERR("DTLS Security mode NOT specified!\n");
603 goto clean_and_ret_err;
604 }
605
606#if defined(MBEDTLS_DEBUG_C)
607 mbedtls_ssl_conf_dbg(&session_info->conf, mbedtls_debug, stdout);
608#endif /* MBEDTLS_DEBUG_C */
609 mbedtls_ssl_conf_handshake_timeout(&session_info->conf,
610 COAP_MBEDTLS_HANDSHAKE_MIN_TIMEOUT_MS,
611 COAP_MBEDTLS_HANDSHAKE_MAX_TIMEOUT_MS);
612
613 mbedtls_ssl_conf_max_frag_len(&session_info->conf,
614 COAP_MBEDTLS_MAX_FRAG_LEN);
615
616#ifdef COAP_DTLS_CONF_WITH_SERVER
617 if(role == COAP_MBEDTLS_ROLE_SERVER) {
618#if defined(MBEDTLS_SSL_CACHE_C)
619 mbedtls_ssl_conf_session_cache(&session_info->conf, &session_info->cache,
620 mbedtls_ssl_cache_get,
621 mbedtls_ssl_cache_set);
622#endif /* MBEDTLS_SSL_CACHE_C */
623
624 ret = mbedtls_ssl_cookie_setup(&session_info->cookie_ctx,
625 mbedtls_ctr_drbg_random,
626 &session_info->ctr_drbg);
627 if(ret != 0) {
628 LOG_ERR("mbedtls_ssl_cookie_setup returned %d\n", ret);
629 goto clean_and_ret_err;
630 }
631
632 mbedtls_ssl_conf_dtls_cookies(&session_info->conf,
633 mbedtls_ssl_cookie_write,
634 mbedtls_ssl_cookie_check,
635 &session_info->cookie_ctx);
636 }
637#endif /* COAP_DTLS_CONF_WITH_SERVER */
638
639 ret = mbedtls_ssl_setup(&session_info->ssl, &session_info->conf);
640 if(ret != 0) {
641 LOG_ERR("mbedtls_ssl_setup returned -0x%x\n", (unsigned int)-ret);
642 goto clean_and_ret_err;
643 }
644
645#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
646 /* Used for SNI extension -- Currently unused. Could be used when
647 * DTLS server contains multiple certificates. */
648 ret = mbedtls_ssl_set_hostname(&session_info->ssl,
649 hostname);
650 if(ret != 0) {
651 LOG_ERR("mbedtls_ssl_set_hostname returned %d\n", ret);
652 }
653#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
654
655 mbedtls_ssl_set_bio(&session_info->ssl, session_info, coap_ep_mbedtls_sendto,
656 coap_ep_mbedtls_recv, NULL);
657 mbedtls_ssl_set_timer_cb(&session_info->ssl, &session_info->timer,
658 mbedtls_timing_set_delay, mbedtls_timing_get_delay);
659 mbedtls_ssl_set_mtu(&session_info->ssl, COAP_MBEDTLS_MTU);
660 return session_info;
661
662 clean_and_ret_err:
663 list_remove(dtls_context.sessions, session_info);
664 memb_free(&dtls_session_info_memb, session_info);
665 return NULL;
666}
667/*---------------------------------------------------------------------------*/
668/* TODO: One usage of MBEDTLS_PRIVATE to access now state */
669/*---------------------------------------------------------------------------*/
670
671#ifdef COAP_DTLS_CONF_WITH_CLIENT
672int
673coap_ep_dtls_connect(const coap_endpoint_t *ep,
674 const coap_dtls_sec_mode_t sec_mode,
675 const void *keystore_entry)
676{
677 if(!dtls_context.ready) {
678 LOG_WARN("DTLS not initialized but %s called!\n", __func__);
679 return 0;
680 }
681
682 /* Create and setup session info if it does not exist already */
683 coap_dtls_session_info_t *session_info = coap_ep_get_dtls_session_info(ep);
684 if(session_info == NULL) {
685 session_info = setup_session(COAP_MBEDTLS_ROLE_CLIENT,
686 sec_mode, keystore_entry);
687 if(session_info == NULL) {
688 return 0;
689 }
690 memcpy(&session_info->ep, ep, sizeof(coap_endpoint_t));
691 } else {
692 /*
693 * The session already exists. If this func is called again, we
694 * may want to retry handshake. But, first check if DTLS is in a
695 * valid state and the re-transmission timer is expired.
696 */
697
698 if((session_info->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HELLO_REQUEST)
699 || mbedtls_ssl_is_handshake_over(&session_info->ssl)
700 || mbedtls_timing_get_delay(&session_info->timer) != 2) {
701 return 0;
702 }
703
704 /* Re-transmission event invoked by application process */
705 LOG_INFO("Re-transmission timer expired\n");
706 LOG_DBG("HS retry, current process = %s\n", PROCESS_CURRENT()->name);
707 }
708
709 /* Client initiate handshake */
710 perform_handshake(session_info);
711 return 1;
712}
713#endif /* COAP_DTLS_CONF_WITH_CLIENT */
714/*---------------------------------------------------------------------------*/
715#ifdef COAP_DTLS_CONF_WITH_SERVER
716int
717coap_mbedtls_server_setup(const coap_dtls_sec_mode_t sec_mode,
718 const void *keystore_entry)
719{
720 /* Create and setup session info. */
721 coap_dtls_session_info_t *session_info = setup_session(COAP_MBEDTLS_ROLE_SERVER,
722 sec_mode, keystore_entry);
723 if(session_info == NULL) {
724 LOG_ERR("Unable to setup DTLS server\n");
725 return 0;
726 }
727
728 LOG_INFO("DTLS server setup complete, ready to accept connections\n");
729 return 1;
730}
731#endif /* COAP_DTLS_CONF_WITH_SERVER */
732/*---------------------------------------------------------------------------*/
733int
734coap_ep_dtls_write(const coap_endpoint_t *ep,
735 const unsigned char *message, int len)
736{
737 if(!dtls_context.ready) {
738 LOG_WARN("DTLS not initialized but %s called!\n", __func__);
739 return -1;
740 }
741 coap_dtls_session_info_t *info = coap_ep_get_dtls_session_info(ep);
742 if(info == NULL) {
743 LOG_ERR("Unable to find DTLS peer ");
744 LOG_ERR_6ADDR(&ep->ipaddr);
745 LOG_ERR_("\n");
746 return -1;
747 }
748
749 if(!mbedtls_ssl_is_handshake_over(&info->ssl)) {
750 LOG_ERR("DTLS handshake not complete yet, but %s called!\n", __func__);
751 return -1;
752 }
753
754 int ret = mbedtls_ssl_get_max_out_record_payload(&info->ssl);
755 if(ret < len && ret >= 0) {
756 /* Note: payload limit dependent on MTU, Max. Frag len, or I/O buffers */
757 LOG_ERR("Payload too large to handle, Max allowed = %d, Given = %d\n",
758 ret, len);
759 return -1;
760 }
761
762 ret = mbedtls_ssl_write(&info->ssl, message, len);
763 if(ret < 0) {
764 LOG_ERR("mbedtls_ssl_write returned 0x%x\n", ret);
765 return -1;
766 }
767
768 return len;
769}
770/*---------------------------------------------------------------------------*/
771int
772coap_ep_dtls_handle_message(const coap_endpoint_t *ep)
773{
774 if(!dtls_context.ready) {
775 LOG_WARN("Called %s without DTLS being initialized; dropping message\n",
776 __func__);
777 return -1;
778 }
779
780 LOG_INFO("Recieved DTLS message of len = %d\n", uip_datalen());
781
782 /* First check and process handshake messages. If the session
783 already exists, there maybe an ongoing handshake. */
784 coap_dtls_session_info_t *session_info = coap_ep_get_dtls_session_info(ep);
785 if(session_info != NULL) {
786 /* For both server/client check if handshake is not complete.
787 Otherwise it maybe a DTLS record layer message. */
788 if(!mbedtls_ssl_is_handshake_over(&session_info->ssl)) {
789 goto perform_handshake;
790 }
791 } else {
792#ifdef COAP_DTLS_CONF_WITH_SERVER
793 /* If the session does not exist already, a new handshake maybe
794 initated by a client endpoint. */
795 if((session_info = coap_get_free_server_session()) != NULL) {
796 memcpy(&session_info->ep, ep, sizeof(coap_endpoint_t));
797 goto perform_handshake;
798 } else
799#endif /* COAP_DTLS_CONF_WITH_SERVER */
800 {
801 LOG_WARN("DTLS message recvd from ");
802 LOG_WARN_6ADDR(&ep->ipaddr);
803 LOG_WARN(" without a session\n");
804 return -1;
805 }
806 }
807
808 session_info->is_packet_consumed = false;
809
810 int ret = mbedtls_ssl_read(&session_info->ssl, uip_appdata,
811 UIP_CONF_BUFFER_SIZE);
812 if(ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
813 LOG_INFO("DTLS peer closed connection\n");
814 coap_ep_dtls_disconnect(ep);
815 } else if(ret <= 0) {
816 LOG_DBG("mbedtls_ssl_read returned %d\n", ret);
817 } else {
818 LOG_DBG("Read %d application data bytes\n", ret);
819 }
820
821 return ret;
822
823perform_handshake:
824 session_info->is_packet_consumed = false;
825 perform_handshake(session_info);
826 return 0;
827}
828/*---------------------------------------------------------------------------*/
829void
830coap_ep_dtls_disconnect(const coap_endpoint_t *ep)
831{
832 coap_dtls_session_info_t *info = coap_ep_get_dtls_session_info(ep);
833 if(info != NULL) {
834 mbedtls_ssl_close_notify(&info->ssl);
835#ifdef COAP_DTLS_CONF_WITH_CLIENT
836 if(info->role == COAP_MBEDTLS_ROLE_CLIENT) {
837 list_remove(dtls_context.sessions, info);
838 memb_free(&dtls_session_info_memb, info);
839 }
840#endif /* COAP_DTLS_CONF_WITH_CLIENT */
841#ifdef COAP_DTLS_CONF_WITH_SERVER
842 if(info->role == COAP_MBEDTLS_ROLE_SERVER) {
843 mbedtls_ssl_session_reset(&info->ssl);
844 info->in_use = false;
845 memset(&info->ep, 0, sizeof(coap_endpoint_t));
846 etimer_stop(&info->retransmission_et);
847 }
848#endif /* COAP_DTLS_CONF_WITH_SERVER */
849 }
850}
csprng.h
An OFB-AES-128-based CSPRNG.
random_rand
unsigned short random_rand(void)
Generates a new random number using the cc2538 RNG.
Definition random.c:58
CLOCK_SECOND
#define CLOCK_SECOND
A second, measured in system clock time.
Definition clock.h:103
coap_endpoint_cmp
int coap_endpoint_cmp(const coap_endpoint_t *e1, const coap_endpoint_t *e2)
Compare two CoAP endpoints.
Definition coap-uip.c:168
csprng_rand
bool csprng_rand(uint8_t *result, size_t len)
Generates a cryptographic random number.
Definition csprng.c:81
etimer_stop
void etimer_stop(struct etimer *et)
Stop a pending event timer.
Definition etimer.c:237
etimer_expired
static bool etimer_expired(struct etimer *et)
Check if an event timer has expired.
Definition etimer.h:201
etimer_set
void etimer_set(struct etimer *et, clock_time_t interval)
Set an event timer.
Definition etimer.c:177
etimer_expiration_time
clock_time_t etimer_expiration_time(struct etimer *et)
Get the expiration time for the event timer.
Definition etimer.c:213
heapmem_alloc
#define heapmem_alloc(size)
Allocate a chunk of memory in the general zone of the heap.
Definition heapmem.h:147
heapmem_free
bool heapmem_free(void *ptr)
Deallocate a chunk of memory.
list_add
void list_add(list_t list, void *item)
Add an item at the end of a list.
Definition list.c:71
list_remove
void list_remove(list_t list, const void *item)
Remove a specific element from a list.
Definition list.c:134
list_pop
void * list_pop(list_t list)
Remove the first object on a list.
Definition list.c:122
LIST_STRUCT_INIT
#define LIST_STRUCT_INIT(struct_ptr, name)
Initialize a linked list that is part of a structure.
Definition list.h:126
list_head
static void * list_head(const_list_t list)
Get a pointer to the first element of a list.
Definition list.h:169
memb_free
int memb_free(struct memb *m, void *ptr)
Deallocate a memory block from a memory block previously declared with MEMB().
Definition memb.c:78
memb_alloc
void * memb_alloc(struct memb *m)
Allocate a memory block from a block of memory declared with MEMB().
Definition memb.c:59
MEMB
#define MEMB(name, structure, num)
Declare a memory block.
Definition memb.h:91
PROCESS_CURRENT
#define PROCESS_CURRENT()
Get a pointer to the currently running process.
Definition process.h:404
process_poll
void process_poll(struct process *p)
Request a process to be polled.
Definition process.c:366
uip_appdata
void * uip_appdata
Pointer to the application data in the packet buffer.
Definition uip6.c:148
uip_datalen
#define uip_datalen()
The length of any incoming data that is currently available (if available) in the uip_appdata buffer.
Definition uip.h:593
heapmem.h
Header file for the dynamic heap memory allocator.
log.h
Header file for the logging system.
coap_dtls_conn_init
void coap_dtls_conn_init(struct uip_udp_conn *udp_conn, struct process *host_process)
Registers, 1.
Definition mbedtls-support.c:187
coap_ep_get_dtls_state
int coap_ep_get_dtls_state(const coap_endpoint_t *ep)
Check in what DTLS state the peer is in.
Definition mbedtls-support.c:244
coap_ep_dtls_write
int coap_ep_dtls_write(const coap_endpoint_t *ep, const unsigned char *message, int len)
Encrypt app.
Definition mbedtls-support.c:734
coap_ep_is_dtls_peer
bool coap_ep_is_dtls_peer(const coap_endpoint_t *ep)
Check if a CoAP endpoint is a peer in the list of DTLS sessions.
Definition mbedtls-support.c:195
coap_ep_is_dtls_connected
bool coap_ep_is_dtls_connected(const coap_endpoint_t *ep)
Check if a peer has completed the handshake successfully.
Definition mbedtls-support.c:237
coap_dtls_init
void coap_dtls_init(void)
Initializes CoAP-MbedTLS global info.
Definition mbedtls-support.c:159
coap_ep_dtls_disconnect
void coap_ep_dtls_disconnect(const coap_endpoint_t *ep)
Disconnect a peer.
Definition mbedtls-support.c:830
coap_dtls_event_handler
void coap_dtls_event_handler(void)
Handler for timer, and process-poll events.
Definition mbedtls-support.c:314
coap_ep_dtls_handle_message
int coap_ep_dtls_handle_message(const coap_endpoint_t *ep)
Handler for new DTLS messages.
Definition mbedtls-support.c:772
coap_ep_get_dtls_session_info
coap_dtls_session_info_t * coap_ep_get_dtls_session_info(const coap_endpoint_t *ep)
Get session struct associated with CoAP endpoint.
Definition mbedtls-support.c:224
mbedtls-support.h
DTLS (Mbed TLS implementation) support for CoAP.
coap_keystore_cert_entry_t
The structure of a CoAP PKI certificate info.
Definition coap-keystore.h:71
coap_keystore_psk_entry_t
The structure of a CoAP pre-shared key info.
Definition coap-keystore.h:59
etimer
A timer.
Definition etimer.h:79
timer
A timer.
Definition timer.h:84
uip_udp_conn
Representation of a uIP UDP connection.
Definition uip.h:1309