libcoap 4.3.5-develop-72190a8
Loading...
Searching...
No Matches
coap_dtls.c
Go to the documentation of this file.
1/*
2 * coap_dtls.c -- (D)TLS functions for libcoap
3 *
4 * Copyright (C) 2023-2024 Olaf Bergmann <bergmann@tzi.org>
5 * Copyright (C) 2023-2024 Jon Shallow <supjps-libcoap@jpshallow.com>
6 *
7 * SPDX-License-Identifier: BSD-2-Clause
8 *
9 * This file is part of the CoAP library libcoap. Please see README for terms
10 * of use.
11 */
12
19
20#ifdef _WIN32
21#define strcasecmp _stricmp
22#define strncasecmp _strnicmp
23#endif
24
25void
27 *key = setup_data->pki_key;
28
29 switch (key->key_type) {
32 key->key.define.ca.s_byte = setup_data->pki_key.key.pem.ca_file;
35
39 break;
42 key->key.define.ca.u_byte = setup_data->pki_key.key.asn1.ca_cert;
45
46 key->key.define.ca_len = setup_data->pki_key.key.asn1.ca_cert_len;
49
51
55 break;
58 key->key.define.ca.u_byte = setup_data->pki_key.key.pem_buf.ca_cert;
61
62 key->key.define.ca_len = setup_data->pki_key.key.pem_buf.ca_cert_len;
65
66 if (setup_data->is_rpk_not_cert) {
68 } else {
70 }
71 if (setup_data->is_rpk_not_cert) {
73 } else {
75 }
76 if (setup_data->is_rpk_not_cert) {
78 } else {
80 }
81 break;
84 key->key.define.ca.s_byte = setup_data->pki_key.key.pkcs11.ca;
87
88 key->key.define.user_pin = setup_data->pki_key.key.pkcs11.user_pin;
89
90 if (strncasecmp(key->key.pkcs11.ca, "pkcs11:", 7) == 0) {
91 if (setup_data->is_rpk_not_cert) {
93 } else {
95 }
96 } else {
97 if (setup_data->is_rpk_not_cert) {
99 } else {
101 }
102 }
103 if (strncasecmp(key->key.pkcs11.public_cert, "pkcs11:", 7) == 0) {
104 if (setup_data->is_rpk_not_cert) {
106 } else {
108 }
109 } else {
110 if (setup_data->is_rpk_not_cert) {
112 } else {
114 }
115 }
116 if (strncasecmp(key->key.pkcs11.private_key, "pkcs11:", 7) == 0) {
117 if (setup_data->is_rpk_not_cert) {
119 } else {
121 }
122 } else {
123 if (setup_data->is_rpk_not_cert) {
125 } else {
127 }
128 }
129 break;
131 /* Already configured */
132 break;
133 default:
134 break;
135 }
136}
137
138#if (COAP_MAX_LOGGING_LEVEL >= _COAP_LOG_ERR)
139static const char *
141 switch (def) {
143 return name.s_byte;
145 return "PEM_BUF";
147 return "RPK_BUF";
149 return name.s_byte;
151 return "DER_BUF";
153 return name.s_byte;
155 return name.s_byte;
157 return name.s_byte;
158 default:
159 return "???";
160 }
161}
162#endif /* COAP_MAX_LOGGING_LEVEL >= _COAP_LOG_ERR */
163
164int
166 coap_dtls_key_t *key, const coap_dtls_role_t role, int ret) {
167#if (COAP_MAX_LOGGING_LEVEL >= _COAP_LOG_ERR)
168 coap_pki_key_define_t define = key->key.define;
169 switch (type) {
171 switch (fail) {
173 coap_log_warn("*** setup_pki: (D)TLS: %s: %s CA configure failure\n",
174 coap_dtls_get_define_type(define.ca_def, define.ca),
175 role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
176 break;
178 coap_log_err("*** setup_pki: (D)TLS: %s: %s CA type not supported\n",
179 coap_dtls_get_define_type(define.ca_def, define.ca),
180 role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
181 break;
183 coap_log_err("*** setup_pki: (D)TLS: %s: %s CA not defined\n",
184 coap_dtls_get_define_type(define.ca_def, define.ca),
185 role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
186 break;
187 default:
188 break;
189 }
190 break;
192 switch (fail) {
194 coap_log_warn("*** setup_pki: (D)TLS: %s: %s Root CA configure failure\n",
195 coap_dtls_get_define_type(define.ca_def, define.ca),
196 role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
197 break;
199 coap_log_err("*** setup_pki: (D)TLS: %s: %s Root CA type not supported\n",
200 coap_dtls_get_define_type(define.ca_def, define.ca),
201 role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
202 break;
204 coap_log_err("*** setup_pki: (D)TLS: %s: %s Root CA not defined\n",
205 coap_dtls_get_define_type(define.ca_def, define.ca),
206 role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
207 break;
208 default:
209 break;
210 }
211 break;
213 switch (fail) {
215 coap_log_warn("*** setup_pki: (D)TLS: %s: %s Certificate configure failure\n",
217 role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
218 break;
220 coap_log_err("*** setup_pki: (D)TLS: %s: %s Certificate type not supported\n",
222 role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
223 break;
225 coap_log_err("*** setup_pki: (D)TLS: %s: %s Certificate not defined\n",
227 role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
228 break;
229 default:
230 break;
231 }
232 break;
234 switch (fail) {
236 coap_log_warn("*** setup_pki: (D)TLS: %s: %s Private Key configure failure\n",
238 role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
239 break;
241 coap_log_err("*** setup_pki: (D)TLS: %s: %s Private Key type not supported\n",
243 role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
244 break;
246 coap_log_err("*** setup_pki: (D)TLS: %s: %s Private Key not defined\n",
248 role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
249 break;
250 default:
251 break;
252 }
253 default:
254 break;
255 }
256#else /* COAP_MAX_LOGGING_LEVEL >= _COAP_LOG_ERR */
257 (void)type;
258 (void)fail;
259 (void)key;
260 (void)role;
261#endif /* COAP_MAX_LOGGING_LEVEL < _COAP_LOG_ERR */
262 return ret;
263}
264
265void
268#if COAP_CLIENT_SUPPORT
269 if (session->type == COAP_SESSION_TYPE_CLIENT)
270 session->tls = coap_dtls_new_client_session(session);
271#endif /* COAP_CLIENT_SUPPORT */
272#if COAP_SERVER_SUPPORT
273 if (session->type != COAP_SESSION_TYPE_CLIENT)
274 session->tls = coap_dtls_new_server_session(session);
275#endif /* COAP_SERVER_SUPPORT */
276
277 if (!session->tls) {
279 return;
280 }
281 coap_ticks(&session->last_rx_tx);
282}
283
284void
286 if (session->tls) {
287 coap_dtls_free_session(session);
288 session->tls = NULL;
289 }
290 session->sock.lfunc[COAP_LAYER_TLS].l_close(session);
291}
292
293#if !COAP_DISABLE_TCP
294void
297#if COAP_CLIENT_SUPPORT
298 if (session->type == COAP_SESSION_TYPE_CLIENT)
299 session->tls = coap_tls_new_client_session(session);
300#endif /* COAP_CLIENT_SUPPORT */
301#if COAP_SERVER_SUPPORT
302 if (session->type != COAP_SESSION_TYPE_CLIENT)
303 session->tls = coap_tls_new_server_session(session);
304#endif /* COAP_SERVER_SUPPORT */
305
306 if (!session->tls) {
308 return;
309 }
310 coap_ticks(&session->last_rx_tx);
311}
312
313void
315 if (session->tls) {
316 coap_tls_free_session(session);
317 session->tls = NULL;
318 }
319 session->sock.lfunc[COAP_LAYER_TLS].l_close(session);
320}
321#endif /* !COAP_DISABLE_TCP */
static const char * coap_dtls_get_define_type(coap_pki_define_t def, coap_const_char_ptr_t name)
Definition coap_dtls.c:140
@ COAP_NACK_TLS_LAYER_FAILED
Definition coap_io.h:69
@ COAP_LAYER_TLS
Library specific build wrapper for coap_internal.h.
void coap_dtls_free_session(coap_session_t *coap_session COAP_UNUSED)
Definition coap_notls.c:199
void coap_tls_free_session(coap_session_t *coap_session COAP_UNUSED)
Definition coap_notls.c:275
void coap_ticks(coap_tick_t *)
Returns the current value of an internal tick counter.
void * coap_tls_new_server_session(coap_session_t *coap_session)
Create a TLS new server-side session.
int coap_dtls_define_issue(coap_define_issue_key_t type, coap_define_issue_fail_t fail, coap_dtls_key_t *key, const coap_dtls_role_t role, int ret)
Report PKI DEFINE type issue.
Definition coap_dtls.c:165
coap_define_issue_key_t
void * coap_dtls_new_client_session(coap_session_t *coap_session)
Create a new client-side session.
void coap_tls_establish(coap_session_t *session)
Layer function interface for layer below TLS accept/connect being established.
Definition coap_dtls.c:295
void coap_dtls_establish(coap_session_t *session)
Layer function interface for layer below DTLS connect being established.
Definition coap_dtls.c:266
void * coap_dtls_new_server_session(coap_session_t *coap_session)
Create a new DTLS server-side session.
coap_define_issue_fail_t
void * coap_tls_new_client_session(coap_session_t *coap_session)
Create a new TLS client-side session.
void coap_dtls_map_key_type_to_define(const coap_dtls_pki_t *setup_data, coap_dtls_key_t *key)
Map the PKI key definitions to the new DEFINE format.
Definition coap_dtls.c:26
void coap_tls_close(coap_session_t *session)
Layer function interface for TLS close for a session.
Definition coap_dtls.c:314
void coap_dtls_close(coap_session_t *session)
Layer function interface for DTLS close for a session.
Definition coap_dtls.c:285
@ COAP_DEFINE_KEY_PRIVATE
@ COAP_DEFINE_KEY_ROOT_CA
@ COAP_DEFINE_KEY_CA
@ COAP_DEFINE_KEY_PUBLIC
@ COAP_DEFINE_FAIL_NONE
@ COAP_DEFINE_FAIL_NOT_SUPPORTED
@ COAP_DEFINE_FAIL_BAD
coap_pki_define_t
The enum to define the format of the key parameter definition.
Definition coap_dtls.h:233
coap_dtls_role_t
Definition coap_dtls.h:44
@ COAP_PKI_KEY_DEF_PKCS11
The PKI key type is PKCS11 (pkcs11:...).
Definition coap_dtls.h:245
@ COAP_PKI_KEY_DEF_DER_BUF
The PKI key type is DER buffer (ASN.1).
Definition coap_dtls.h:242
@ COAP_PKI_KEY_DEF_PEM_BUF
The PKI key type is PEM buffer.
Definition coap_dtls.h:236
@ COAP_PKI_KEY_DEF_PEM
The PKI key type is PEM file.
Definition coap_dtls.h:234
@ COAP_PKI_KEY_DEF_ENGINE
The PKI key type is to be passed to ENGINE.
Definition coap_dtls.h:251
@ COAP_PKI_KEY_DEF_RPK_BUF
The PKI key type is RPK in buffer.
Definition coap_dtls.h:238
@ COAP_PKI_KEY_DEF_DER
The PKI key type is DER file.
Definition coap_dtls.h:240
@ COAP_PKI_KEY_DEF_PKCS11_RPK
The PKI key type is PKCS11 w/ RPK (pkcs11:...).
Definition coap_dtls.h:248
@ COAP_DTLS_ROLE_SERVER
Internal function invoked for server.
Definition coap_dtls.h:46
@ COAP_PKI_KEY_PKCS11
The PKI key type is PKCS11 (DER)
Definition coap_dtls.h:171
@ COAP_PKI_KEY_PEM_BUF
The PKI key type is PEM buffer.
Definition coap_dtls.h:170
@ COAP_PKI_KEY_DEFINE
The individual PKI key types are Definable.
Definition coap_dtls.h:172
@ COAP_PKI_KEY_PEM
The PKI key type is PEM file.
Definition coap_dtls.h:168
@ COAP_PKI_KEY_ASN1
The PKI key type is ASN.1 (DER) buffer.
Definition coap_dtls.h:169
#define coap_log_warn(...)
Definition coap_debug.h:102
#define coap_log_err(...)
Definition coap_debug.h:96
void coap_session_disconnected_lkd(coap_session_t *session, coap_nack_reason_t reason)
Notify session that it has failed.
@ COAP_SESSION_TYPE_CLIENT
client-side
@ COAP_SESSION_STATE_HANDSHAKE
The structure that holds the PKI key information.
Definition coap_dtls.h:279
coap_pki_key_define_t define
for definable type keys
Definition coap_dtls.h:286
coap_pki_key_pem_t pem
for PEM file keys
Definition coap_dtls.h:282
coap_pki_key_pkcs11_t pkcs11
for PKCS11 keys
Definition coap_dtls.h:285
union coap_dtls_key_t::@3 key
coap_pki_key_pem_buf_t pem_buf
for PEM memory keys
Definition coap_dtls.h:283
coap_pki_key_t key_type
key format type
Definition coap_dtls.h:280
coap_pki_key_asn1_t asn1
for ASN.1 (DER) memory keys
Definition coap_dtls.h:284
The structure used for defining the PKI setup data to be used.
Definition coap_dtls.h:312
uint8_t is_rpk_not_cert
1 is RPK instead of Public Certificate.
Definition coap_dtls.h:330
coap_dtls_key_t pki_key
PKI key definition.
Definition coap_dtls.h:373
coap_layer_close_t l_close
const uint8_t * private_key
ASN1 (DER) Private Key.
Definition coap_dtls.h:211
coap_asn1_privatekey_type_t private_key_type
Private Key Type.
Definition coap_dtls.h:215
size_t public_cert_len
ASN1 Public Cert length.
Definition coap_dtls.h:213
size_t private_key_len
ASN1 Private Key length.
Definition coap_dtls.h:214
const uint8_t * ca_cert
ASN1 (DER) Common CA Cert.
Definition coap_dtls.h:209
size_t ca_cert_len
ASN1 CA Cert length.
Definition coap_dtls.h:212
const uint8_t * public_cert
ASN1 (DER) Public Cert, or Public Key if RPK.
Definition coap_dtls.h:210
The structure that holds the PKI Definable key type definitions.
Definition coap_dtls.h:259
coap_const_char_ptr_t public_cert
define: Public Cert
Definition coap_dtls.h:261
coap_asn1_privatekey_type_t private_key_type
define: ASN1 Private Key Type (if needed)
Definition coap_dtls.h:269
const char * user_pin
define: User pin to access type PKCS11.
Definition coap_dtls.h:271
coap_const_char_ptr_t private_key
define: Private Key
Definition coap_dtls.h:262
coap_const_char_ptr_t ca
define: Common CA Certificate
Definition coap_dtls.h:260
size_t public_cert_len
define Public Cert length (if needed)
Definition coap_dtls.h:264
size_t ca_len
define CA Cert length (if needed)
Definition coap_dtls.h:263
coap_pki_define_t private_key_def
define: Private Key type definition
Definition coap_dtls.h:268
size_t private_key_len
define Private Key length (if needed)
Definition coap_dtls.h:265
coap_pki_define_t ca_def
define: Common CA type definition
Definition coap_dtls.h:266
coap_pki_define_t public_cert_def
define: Public Cert type definition
Definition coap_dtls.h:267
size_t ca_cert_len
PEM buffer CA Cert length.
Definition coap_dtls.h:200
const uint8_t * ca_cert
PEM buffer Common CA Cert.
Definition coap_dtls.h:195
size_t private_key_len
PEM buffer Private Key length.
Definition coap_dtls.h:202
const uint8_t * private_key
PEM buffer Private Key If RPK and 'EC PRIVATE KEY' this can be used for both the public_cert and priv...
Definition coap_dtls.h:197
size_t public_cert_len
PEM buffer Public Cert length.
Definition coap_dtls.h:201
const uint8_t * public_cert
PEM buffer Public Cert, or Public Key if RPK.
Definition coap_dtls.h:196
const char * ca_file
File location of Common CA (and any intermediates) in PEM format.
Definition coap_dtls.h:179
const char * public_cert
File location of Public Cert.
Definition coap_dtls.h:181
const char * private_key
File location of Private Key in PEM format.
Definition coap_dtls.h:182
const char * private_key
pkcs11: URI for Private Key
Definition coap_dtls.h:224
const char * ca
pkcs11: URI for Common CA Certificate
Definition coap_dtls.h:222
const char * user_pin
User pin to access PKCS11.
Definition coap_dtls.h:225
const char * public_cert
pkcs11: URI for Public Cert
Definition coap_dtls.h:223
Abstraction of virtual session that can be attached to coap_context_t (client) or coap_endpoint_t (se...
coap_socket_t sock
socket object for the session, if any
coap_session_state_t state
current state of relationship with peer
void * tls
security parameters
coap_session_type_t type
client or server side socket
coap_layer_func_t lfunc[COAP_LAYER_LAST]
Layer functions to use.
CoAP union for handling signed / unsigned chars.
Definition coap_str.h:72
const char * s_byte
signed char ptr
Definition coap_str.h:73
const uint8_t * u_byte
unsigned char ptr
Definition coap_str.h:74