37#if COAP_WITH_LIBMBEDTLS || COAP_WITH_LIBMBEDTLS_OSCORE
53#include <mbedtls/version.h>
56#if (MBEDTLS_VERSION_NUMBER < 0x03000000)
57#define MBEDTLS_2_X_COMPAT
60#ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS
61#define MBEDTLS_ALLOW_PRIVATE_ACCESS
65#include <mbedtls/platform.h>
66#include <mbedtls/net_sockets.h>
67#include <mbedtls/ssl.h>
68#include <mbedtls/version.h>
71#if MBEDTLS_VERSION_NUMBER >= 0x04000000
72#define COAP_USE_PSA_CRYPTO 1
74#define COAP_USE_PSA_CRYPTO 0
77#if COAP_USE_PSA_CRYPTO
78#include <psa/crypto.h>
80#include <mbedtls/entropy.h>
81#include <mbedtls/ctr_drbg.h>
82#include <mbedtls/sha256.h>
83#include <mbedtls/md.h>
84#include <mbedtls/cipher.h>
87#include <mbedtls/error.h>
88#include <mbedtls/timing.h>
89#include <mbedtls/ssl_cookie.h>
90#include <mbedtls/oid.h>
91#include <mbedtls/debug.h>
92#if defined(ESPIDF_VERSION) && defined(CONFIG_MBEDTLS_DEBUG)
93#include <mbedtls/esp_debug.h>
95#if !COAP_USE_PSA_CRYPTO && defined(MBEDTLS_PSA_CRYPTO_C)
96#include <psa/crypto.h>
102#if COAP_USE_PSA_CRYPTO
103typedef psa_hash_operation_t coap_crypto_sha256_ctx_t;
104typedef psa_algorithm_t coap_crypto_md_type_t;
106#define COAP_CRYPTO_MD_SHA1 PSA_ALG_SHA_1
107#define COAP_CRYPTO_MD_SHA256 PSA_ALG_SHA_256
108#define COAP_CRYPTO_MD_SHA384 PSA_ALG_SHA_384
109#define COAP_CRYPTO_MD_SHA512 PSA_ALG_SHA_512
110#define COAP_CRYPTO_MD_NONE PSA_ALG_NONE
113typedef mbedtls_sha256_context coap_crypto_sha256_ctx_t;
114typedef mbedtls_md_type_t coap_crypto_md_type_t;
116#define COAP_CRYPTO_MD_SHA1 MBEDTLS_MD_SHA1
117#define COAP_CRYPTO_MD_SHA256 MBEDTLS_MD_SHA256
118#define COAP_CRYPTO_MD_SHA384 MBEDTLS_MD_SHA384
119#define COAP_CRYPTO_MD_SHA512 MBEDTLS_MD_SHA512
120#define COAP_CRYPTO_MD_NONE MBEDTLS_MD_NONE
126 version.
version = mbedtls_version_get_number();
132#if COAP_WITH_LIBMBEDTLS_OSCORE
135#if COAP_USE_PSA_CRYPTO || defined(MBEDTLS_PSA_CRYPTO_C)
143#if COAP_USE_PSA_CRYPTO || defined(MBEDTLS_PSA_CRYPTO_C)
144 mbedtls_psa_crypto_free();
164#ifndef mbedtls_malloc
165#define mbedtls_malloc(a) malloc(a)
167#ifndef mbedtls_realloc
168#define mbedtls_realloc(a, b) realloc((a), (b))
171#define mbedtls_free(a) free(a)
174#if ! COAP_WITH_LIBMBEDTLS_OSCORE
176coap_mbedtls_strdup_alloc(
const char *s) {
184 copy = (
char *)mbedtls_malloc(len);
186 memcpy(copy, s, len);
192coap_mbedtls_strndup_alloc(
const char *s,
size_t n) {
200 copy = (
char *)mbedtls_malloc(len + 1);
202 memcpy(copy, s, len);
209#ifndef mbedtls_strdup
210#define mbedtls_strdup(a) coap_mbedtls_strdup_alloc(a)
212#ifndef mbedtls_strndup
213#define mbedtls_strndup(a, b) coap_mbedtls_strndup_alloc((a), (b))
216#ifndef MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
218#ifdef MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
219#define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
223#if ! COAP_SERVER_SUPPORT
224#undef MBEDTLS_SSL_SRV_C
226#if ! COAP_CLIENT_SUPPORT
227#undef MBEDTLS_SSL_CLI_C
231#define strcasecmp _stricmp
239#if COAP_SERVER_SUPPORT
243coap_crypto_sha256_init(coap_crypto_sha256_ctx_t *ctx) {
244#if COAP_USE_PSA_CRYPTO
245 *ctx = psa_hash_operation_init();
246 return (psa_hash_setup(ctx, PSA_ALG_SHA_256) == PSA_SUCCESS) ? 0 : -1;
248 mbedtls_sha256_init(ctx);
249#if (MBEDTLS_VERSION_NUMBER < 0x03000000)
250 return mbedtls_sha256_starts_ret(ctx, 0);
252 return mbedtls_sha256_starts(ctx, 0);
258coap_crypto_sha256_update(coap_crypto_sha256_ctx_t *ctx,
259 const uint8_t *data,
size_t len) {
260#if COAP_USE_PSA_CRYPTO
261 return (psa_hash_update(ctx, data, len) == PSA_SUCCESS) ? 0 : -1;
263#if (MBEDTLS_VERSION_NUMBER < 0x03000000)
264 return mbedtls_sha256_update_ret(ctx, data, len);
266 return mbedtls_sha256_update(ctx, data, len);
272coap_crypto_sha256_finish(coap_crypto_sha256_ctx_t *ctx, uint8_t *output) {
273#if COAP_USE_PSA_CRYPTO
275 return (psa_hash_finish(ctx, output, 32, &hash_len) == PSA_SUCCESS) ? 0 : -1;
277#if (MBEDTLS_VERSION_NUMBER < 0x03000000)
278 return mbedtls_sha256_finish_ret(ctx, output);
280 return mbedtls_sha256_finish(ctx, output);
286coap_crypto_sha256_free(coap_crypto_sha256_ctx_t *ctx) {
287#if COAP_USE_PSA_CRYPTO
290 mbedtls_sha256_free(ctx);
298coap_crypto_hash_size(coap_crypto_md_type_t md_type) {
299#if COAP_USE_PSA_CRYPTO
300 switch ((
int)md_type) {
303 case PSA_ALG_SHA_256:
305 case PSA_ALG_SHA_384:
307 case PSA_ALG_SHA_512:
313 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
314 return md_info ? mbedtls_md_get_size(md_info) : 0;
319coap_crypto_hash_compute(coap_crypto_md_type_t md_type,
320 const uint8_t *input,
size_t ilen,
321 uint8_t *output,
size_t output_size,
322 size_t *output_len) {
323#if COAP_USE_PSA_CRYPTO
325 psa_status_t status = psa_hash_compute(md_type, input, ilen,
326 output, output_size, &actual_len);
328 *output_len = actual_len;
329 return (status == PSA_SUCCESS) ? 0 : -1;
331 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
334 size_t hash_len = mbedtls_md_get_size(md_info);
335 if (hash_len > output_size)
338 *output_len = hash_len;
339 return mbedtls_md(md_info, input, ilen, output);
347#if COAP_WITH_LIBMBEDTLS
349#define IS_PSK (1 << 0)
350#define IS_PKI (1 << 1)
351#define IS_CLIENT (1 << 6)
352#define IS_SERVER (1 << 7)
354typedef struct coap_ssl_t {
365typedef struct coap_mbedtls_env_t {
366 mbedtls_ssl_context ssl;
367#if !COAP_USE_PSA_CRYPTO
368 mbedtls_entropy_context entropy;
369 mbedtls_ctr_drbg_context ctr_drbg;
371 mbedtls_ssl_config conf;
372 mbedtls_timing_delay_context timer;
373 mbedtls_x509_crt cacert;
374 mbedtls_x509_crt public_cert;
375 mbedtls_pk_context private_key;
376 mbedtls_ssl_cookie_ctx cookie_ctx;
380 int seen_client_hello;
383 unsigned int retry_scalar;
384 coap_ssl_t coap_ssl_data;
385 uint32_t server_hello_cnt;
388typedef struct pki_sni_entry {
391 mbedtls_x509_crt cacert;
392 mbedtls_x509_crt public_cert;
393 mbedtls_pk_context private_key;
396typedef struct psk_sni_entry {
401typedef struct coap_mbedtls_context_t {
403 size_t pki_sni_count;
404 pki_sni_entry *pki_sni_entry_list;
405 size_t psk_sni_count;
406 psk_sni_entry *psk_sni_entry_list;
409 int trust_store_defined;
411} coap_mbedtls_context_t;
413typedef enum coap_enc_method_t {
425} zephyr_timing_delay_context;
428zephyr_timing_set_delay(
void *data, uint32_t int_ms, uint32_t fin_ms) {
429 zephyr_timing_delay_context *ctx = (zephyr_timing_delay_context *)data;
435 ctx->start_time = k_uptime_get_32();
438 ctx->int_time = ctx->start_time + int_ms;
439 ctx->fin_time = ctx->start_time + fin_ms;
447zephyr_timing_get_delay(
void *data) {
448 zephyr_timing_delay_context *ctx = (zephyr_timing_delay_context *)data;
451 if (ctx ==
NULL || ctx->fin_time == 0) {
455 now = k_uptime_get_32();
457 if (now >= ctx->fin_time) {
461 if (now >= ctx->int_time) {
470#if !COAP_USE_PSA_CRYPTO
471#ifndef MBEDTLS_2_X_COMPAT
476coap_rng(
void *ctx
COAP_UNUSED,
unsigned char *buf,
size_t len) {
477 return coap_prng_lkd(buf, len) ? 0 : MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
483coap_dgram_read(
void *ctx,
unsigned char *out,
size_t outl) {
488 if (!c_session->
tls) {
490 return MBEDTLS_ERR_SSL_WANT_READ;
492 data = &((coap_mbedtls_env_t *)c_session->
tls)->coap_ssl_data;
495 if (data->pdu_len > 0) {
496 if (outl < data->pdu_len) {
497 memcpy(out, data->pdu, outl);
500 data->pdu_len -= outl;
502 memcpy(out, data->pdu, data->pdu_len);
504 if (!data->peekmode) {
510 ret = MBEDTLS_ERR_SSL_WANT_READ;
524coap_dgram_write(
void *ctx,
const unsigned char *send_buffer,
525 size_t send_buffer_length) {
530 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
534 && c_session->endpoint ==
NULL
542 send_buffer, send_buffer_length);
543 if (result != (ssize_t)send_buffer_length) {
544 int keep_errno = errno;
547 result, send_buffer_length);
550 if (errno == ENOTCONN || errno == ECONNREFUSED)
559 m_env->last_timeout = now;
567#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) && defined(MBEDTLS_SSL_SRV_C)
572psk_server_callback(
void *p_info, mbedtls_ssl_context *ssl,
573 const unsigned char *identity,
size_t identity_len) {
576 coap_mbedtls_env_t *m_env;
580 if (c_session ==
NULL)
584 lidentity.
s = identity ? (
const uint8_t *)identity : (const uint8_t *)
"";
585 lidentity.
length = identity ? identity_len : 0;
589 (
int)lidentity.
length, (
const char *)lidentity.
s);
591 m_env = (coap_mbedtls_env_t *)c_session->
tls;
592 setup_data = &c_session->
context->spsk_setup_data;
606 mbedtls_ssl_set_hs_psk(ssl, psk_key->
s, psk_key->
length);
607 m_env->seen_client_hello = 1;
613get_san_or_cn_from_cert(mbedtls_x509_crt *crt) {
615 const mbedtls_asn1_named_data *cn_data;
617 if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
618 mbedtls_asn1_sequence *seq = &crt->subject_alt_names;
619 while (seq && seq->buf.p ==
NULL) {
624 return mbedtls_strndup((
const char *)seq->buf.p,
629 cn_data = mbedtls_asn1_find_named_data(&crt->subject,
631 MBEDTLS_OID_SIZE(MBEDTLS_OID_AT_CN));
634 return mbedtls_strndup((
const char *)cn_data->val.p,
641#if COAP_MAX_LOGGING_LEVEL > 0
643get_error_string(
int ret) {
644 static char buf[128] = {0};
645 mbedtls_strerror(ret, buf,
sizeof(buf)-1);
651self_signed_cert_verify_callback_mbedtls(
void *data,
656 const coap_mbedtls_context_t *m_context =
660 if (*flags & MBEDTLS_X509_BADCERT_EXPIRED) {
662 *flags &= ~MBEDTLS_X509_BADCERT_EXPIRED;
673cert_verify_callback_mbedtls(
void *data, mbedtls_x509_crt *crt,
674 int depth, uint32_t *flags) {
676 coap_mbedtls_context_t *m_context =
681 cn = get_san_or_cn_from_cert(crt);
686 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
700 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
705 *flags |= MBEDTLS_X509_BADCERT_OTHER;
708 "The certificate's verify depth is too long",
709 cn ? cn :
"?", depth);
717 if (*flags & MBEDTLS_X509_BADCERT_EXPIRED) {
719 *flags &= ~MBEDTLS_X509_BADCERT_EXPIRED;
722 "The certificate has expired", cn ? cn :
"?", depth);
725 if (*flags & MBEDTLS_X509_BADCERT_FUTURE) {
727 *flags &= ~MBEDTLS_X509_BADCERT_FUTURE;
730 "The certificate has a future date", cn ? cn :
"?", depth);
733 if (*flags & MBEDTLS_X509_BADCERT_BAD_MD) {
735 *flags &= ~MBEDTLS_X509_BADCERT_BAD_MD;
738 "The certificate has a bad MD hash", cn ? cn :
"?", depth);
741 if (*flags & MBEDTLS_X509_BADCERT_BAD_KEY) {
743 *flags &= ~MBEDTLS_X509_BADCERT_BAD_KEY;
746 "The certificate has a short RSA length", cn ? cn :
"?", depth);
749 if (*flags & MBEDTLS_X509_BADCERT_CN_MISMATCH) {
751 *flags &= ~MBEDTLS_X509_BADCERT_CN_MISMATCH;
754 "The SNI does not match the returned CN",
756 cn ? cn :
"?", depth);
759 if (*flags & MBEDTLS_X509_BADCERT_NOT_TRUSTED) {
761 int self_signed = !mbedtls_x509_crt_verify(crt, crt,
NULL,
NULL, &lflags,
762 self_signed_cert_verify_callback_mbedtls,
764 if (self_signed && depth == 0) {
767 *flags &= ~MBEDTLS_X509_BADCERT_NOT_TRUSTED;
771 cn ? cn :
"?", depth);
773 }
else if (self_signed) {
775 *flags &= ~MBEDTLS_X509_BADCERT_NOT_TRUSTED;
778 "Self-signed", cn ? cn :
"?", depth);
782 *flags &= ~MBEDTLS_X509_BADCERT_NOT_TRUSTED;
785 "The certificate's CA is not trusted", cn ? cn :
"?", depth);
789 if (*flags & MBEDTLS_X509_BADCRL_EXPIRED) {
791 *flags &= ~MBEDTLS_X509_BADCRL_EXPIRED;
794 "The certificate's CRL has expired", cn ? cn :
"?", depth);
796 *flags &= ~MBEDTLS_X509_BADCRL_EXPIRED;
799 if (*flags & MBEDTLS_X509_BADCRL_FUTURE) {
801 *flags &= ~MBEDTLS_X509_BADCRL_FUTURE;
804 "The certificate's CRL has a future date", cn ? cn :
"?", depth);
806 *flags &= ~MBEDTLS_X509_BADCRL_FUTURE;
813 int ret = mbedtls_x509_crt_verify_info(buf,
sizeof(buf),
"", *flags);
816 tcp = strchr(buf,
'\n');
821 buf, *flags, cn ? cn :
"?", depth);
822 tcp = strchr(tcp+1,
'\n');
825 coap_log_err(
"mbedtls_x509_crt_verify_info returned -0x%x: '%s'\n",
826 -ret, get_error_string(ret));
837setup_pki_credentials(mbedtls_x509_crt *cacert,
838 mbedtls_x509_crt *public_cert,
839 mbedtls_pk_context *private_key,
840 coap_mbedtls_env_t *m_env,
841 coap_mbedtls_context_t *m_context,
847 int done_private_key = 0;
848 int done_public_cert = 0;
866#if defined(MBEDTLS_FS_IO)
867 mbedtls_pk_init(private_key);
868#if COAP_USE_PSA_CRYPTO
869 ret = mbedtls_pk_parse_keyfile(private_key,
871#elif defined(MBEDTLS_2_X_COMPAT)
872 ret = mbedtls_pk_parse_keyfile(private_key,
875 ret = mbedtls_pk_parse_keyfile(private_key,
877 NULL, coap_rng, (
void *)&m_env->ctr_drbg);
884 done_private_key = 1;
892 mbedtls_pk_init(private_key);
896 buffer = mbedtls_malloc(length + 1);
902 buffer[length] =
'\000';
904#if COAP_USE_PSA_CRYPTO
905 ret = mbedtls_pk_parse_key(private_key, buffer, length,
NULL, 0);
906#elif defined(MBEDTLS_2_X_COMPAT)
907 ret = mbedtls_pk_parse_key(private_key, buffer, length,
NULL, 0);
909 ret = mbedtls_pk_parse_key(private_key, buffer, length,
910 NULL, 0, coap_rng, (
void *)&m_env->ctr_drbg);
912 mbedtls_free(buffer);
914#if COAP_USE_PSA_CRYPTO
915 ret = mbedtls_pk_parse_key(private_key,
918#elif defined(MBEDTLS_2_X_COMPAT)
919 ret = mbedtls_pk_parse_key(private_key,
923 ret = mbedtls_pk_parse_key(private_key,
926 NULL, 0, coap_rng, (
void *)&m_env->ctr_drbg);
934 done_private_key = 1;
937 mbedtls_pk_init(private_key);
938#if COAP_USE_PSA_CRYPTO
939 ret = mbedtls_pk_parse_key(private_key,
942#elif defined(MBEDTLS_2_X_COMPAT)
943 ret = mbedtls_pk_parse_key(private_key,
947 ret = mbedtls_pk_parse_key(private_key,
950 (
void *)&m_env->ctr_drbg);
957 done_private_key = 1;
985#if defined(MBEDTLS_FS_IO)
986 mbedtls_x509_crt_init(public_cert);
987 ret = mbedtls_x509_crt_parse_file(public_cert,
994 done_public_cert = 1;
1002 mbedtls_x509_crt_init(public_cert);
1007 buffer = mbedtls_malloc(length + 1);
1013 buffer[length] =
'\000';
1015 ret = mbedtls_x509_crt_parse(public_cert, buffer, length);
1016 mbedtls_free(buffer);
1018 ret = mbedtls_x509_crt_parse(public_cert,
1027 done_public_cert = 1;
1034 mbedtls_x509_crt_init(public_cert);
1035 ret = mbedtls_x509_crt_parse(public_cert,
1043 done_public_cert = 1;
1061 if (done_private_key && done_public_cert) {
1062 ret = mbedtls_ssl_conf_own_cert(&m_env->conf, public_cert, private_key);
1064 coap_log_err(
"mbedtls_ssl_conf_own_cert returned -0x%x: '%s'\n",
1065 -ret, get_error_string(ret));
1080#if defined(MBEDTLS_FS_IO)
1081 mbedtls_x509_crt_init(cacert);
1082 ret = mbedtls_x509_crt_parse_file(cacert,
1089 mbedtls_ssl_conf_ca_chain(&m_env->conf, cacert,
NULL);
1097 mbedtls_x509_crt_init(cacert);
1101 buffer = mbedtls_malloc(length + 1);
1107 buffer[length] =
'\000';
1109 ret = mbedtls_x509_crt_parse(cacert, buffer, length);
1110 mbedtls_free(buffer);
1112 ret = mbedtls_x509_crt_parse(cacert,
1121 mbedtls_ssl_conf_ca_chain(&m_env->conf, cacert,
NULL);
1128 mbedtls_x509_crt_init(cacert);
1129 ret = mbedtls_x509_crt_parse(cacert,
1137 mbedtls_ssl_conf_ca_chain(&m_env->conf, cacert,
NULL);
1151#if defined(MBEDTLS_FS_IO)
1152 if (m_context->root_ca_file) {
1153 ret = mbedtls_x509_crt_parse_file(cacert, m_context->root_ca_file);
1160 mbedtls_ssl_conf_ca_chain(&m_env->conf, cacert,
NULL);
1162 if (m_context->root_ca_path) {
1163 ret = mbedtls_x509_crt_parse_path(cacert, m_context->root_ca_path);
1170 mbedtls_ssl_conf_ca_chain(&m_env->conf, cacert,
NULL);
1172#if MBEDTLS_VERSION_NUMBER >= 0x04000000
1173 if (m_context->trust_store_defined)
1175 if (m_context->trust_store_defined ||
1180 const char *trust_list[] = {
1181 "/etc/ssl/ca-bundle.pem",
1182 "/etc/ssl/certs/ca-certificates.crt",
1183 "/etc/pki/tls/cert.pem",
1184 "/usr/local/share/certs/ca-root-nss.crt",
1187 static const char *trust_file_found =
NULL;
1188 static int trust_file_done = 0;
1191 if (trust_file_found) {
1192 ret = mbedtls_x509_crt_parse_file(cacert, trust_file_found);
1194 mbedtls_ssl_conf_ca_chain(&m_env->conf, cacert,
NULL);
1199 }
else if (!trust_file_done) {
1200 trust_file_done = 1;
1201 for (i = 0; i <
sizeof(trust_list)/
sizeof(trust_list[0]); i++) {
1202 ret = mbedtls_x509_crt_parse_file(cacert, trust_list[i]);
1204 mbedtls_ssl_conf_ca_chain(&m_env->conf, cacert,
NULL);
1205 trust_file_found = trust_list[i];
1209 if (i ==
sizeof(trust_list)/
sizeof(trust_list[0])) {
1215 if (m_context->root_ca_file || m_context->root_ca_path ||
1216 m_context->trust_store_defined) {
1224#if defined(MBEDTLS_SSL_SRV_C)
1225 mbedtls_ssl_conf_cert_req_ca_list(&m_env->conf,
1227 MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED :
1228 MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED);
1231 MBEDTLS_SSL_VERIFY_REQUIRED :
1232 MBEDTLS_SSL_VERIFY_NONE);
1237 mbedtls_ssl_conf_verify(&m_env->conf,
1238 cert_verify_callback_mbedtls, c_session);
1243#if defined(MBEDTLS_SSL_SRV_C)
1248pki_sni_callback(
void *p_info, mbedtls_ssl_context *ssl,
1249 const unsigned char *uname,
size_t name_len) {
1253 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
1254 coap_mbedtls_context_t *m_context =
1258 name = mbedtls_malloc(name_len+1);
1262 memcpy(name, uname, name_len);
1263 name[name_len] =
'\000';
1266 for (i = 0; i < m_context->pki_sni_count; i++) {
1267 if (strcasecmp(name, m_context->pki_sni_entry_list[i].sni) == 0) {
1271 if (i == m_context->pki_sni_count) {
1276 pki_sni_entry *pki_sni_entry_list;
1279 m_context->setup_data.validate_sni_call_back(name,
1280 m_context->setup_data.sni_call_back_arg));
1286 pki_sni_entry_list = mbedtls_realloc(m_context->pki_sni_entry_list,
1287 (i+1)*
sizeof(pki_sni_entry));
1289 if (pki_sni_entry_list ==
NULL) {
1293 m_context->pki_sni_entry_list = pki_sni_entry_list;
1294 memset(&m_context->pki_sni_entry_list[i], 0,
1295 sizeof(m_context->pki_sni_entry_list[i]));
1296 m_context->pki_sni_entry_list[i].sni = name;
1297 m_context->pki_sni_entry_list[i].pki_key = *new_entry;
1298 sni_setup_data = m_context->setup_data;
1299 sni_setup_data.pki_key = *new_entry;
1300 if (setup_pki_credentials(&m_context->pki_sni_entry_list[i].cacert,
1301 &m_context->pki_sni_entry_list[i].public_cert,
1302 &m_context->pki_sni_entry_list[i].private_key,
1311 m_context->pki_sni_count++;
1316 mbedtls_ssl_set_hs_ca_chain(ssl, &m_context->pki_sni_entry_list[i].cacert,
1318 return mbedtls_ssl_set_hs_own_cert(ssl,
1319 &m_context->pki_sni_entry_list[i].public_cert,
1320 &m_context->pki_sni_entry_list[i].private_key);
1323#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1328psk_sni_callback(
void *p_info, mbedtls_ssl_context *ssl,
1329 const unsigned char *uname,
size_t name_len) {
1332 coap_mbedtls_context_t *m_context =
1336 name = mbedtls_malloc(name_len+1);
1340 memcpy(name, uname, name_len);
1341 name[name_len] =
'\000';
1344 for (i = 0; i < m_context->psk_sni_count; i++) {
1345 if (strcasecmp(name, m_context->psk_sni_entry_list[i].sni) == 0) {
1349 if (i == m_context->psk_sni_count) {
1354 psk_sni_entry *psk_sni_entry_list;
1357 c_session->
context->spsk_setup_data.validate_sni_call_back(name,
1359 c_session->
context->spsk_setup_data.sni_call_back_arg));
1365 psk_sni_entry_list = mbedtls_realloc(m_context->psk_sni_entry_list,
1366 (i+1)*
sizeof(psk_sni_entry));
1368 if (psk_sni_entry_list ==
NULL) {
1372 m_context->psk_sni_entry_list = psk_sni_entry_list;
1373 m_context->psk_sni_entry_list[i].sni = name;
1374 m_context->psk_sni_entry_list[i].psk_info = *new_entry;
1376 m_context->psk_sni_count++;
1382 &m_context->psk_sni_entry_list[i].psk_info.hint);
1384 &m_context->psk_sni_entry_list[i].psk_info.key);
1385#if MBEDTLS_VERSION_NUMBER >= 0x04000000
1389 return mbedtls_ssl_set_hs_psk(ssl,
1390 m_context->psk_sni_entry_list[i].psk_info.key.s,
1391 m_context->psk_sni_entry_list[i].psk_info.key.length);
1398 coap_mbedtls_env_t *m_env) {
1399 coap_mbedtls_context_t *m_context =
1402 m_context->psk_pki_enabled |= IS_SERVER;
1404 mbedtls_ssl_cookie_init(&m_env->cookie_ctx);
1405 if ((ret = mbedtls_ssl_config_defaults(&m_env->conf,
1406 MBEDTLS_SSL_IS_SERVER,
1408 MBEDTLS_SSL_TRANSPORT_DATAGRAM :
1409 MBEDTLS_SSL_TRANSPORT_STREAM,
1410 MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
1411 coap_log_err(
"mbedtls_ssl_config_defaults returned -0x%x: '%s'\n",
1412 -ret, get_error_string(ret));
1416#if !COAP_USE_PSA_CRYPTO
1417 mbedtls_ssl_conf_rng(&m_env->conf, mbedtls_ctr_drbg_random, &m_env->ctr_drbg);
1420#if defined(MBEDTLS_SSL_PROTO_DTLS)
1425 if (m_context->psk_pki_enabled & IS_PSK) {
1426#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1427 mbedtls_ssl_conf_psk_cb(&m_env->conf, psk_server_callback, c_session);
1428 if (c_session->
context->spsk_setup_data.validate_sni_call_back) {
1429 mbedtls_ssl_conf_sni(&m_env->conf, psk_sni_callback, c_session);
1431#ifdef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
1432 m_env->ec_jpake = c_session->
context->spsk_setup_data.ec_jpake;
1439 if (m_context->psk_pki_enabled & IS_PKI) {
1440 ret = setup_pki_credentials(&m_env->cacert, &m_env->public_cert,
1441 &m_env->private_key, m_env, m_context,
1442 c_session, &m_context->setup_data,
1448 if (m_context->setup_data.validate_sni_call_back) {
1449 mbedtls_ssl_conf_sni(&m_env->conf, pki_sni_callback, c_session);
1453#if COAP_USE_PSA_CRYPTO
1454 if ((ret = mbedtls_ssl_cookie_setup(&m_env->cookie_ctx)) != 0) {
1456 if ((ret = mbedtls_ssl_cookie_setup(&m_env->cookie_ctx,
1457 mbedtls_ctr_drbg_random,
1458 &m_env->ctr_drbg)) != 0) {
1460 coap_log_err(
"mbedtls_ssl_cookie_setup: returned -0x%x: '%s'\n",
1461 -ret, get_error_string(ret));
1465#if defined(MBEDTLS_SSL_PROTO_DTLS)
1466 mbedtls_ssl_conf_dtls_cookies(&m_env->conf, mbedtls_ssl_cookie_write,
1467 mbedtls_ssl_cookie_check,
1468 &m_env->cookie_ctx);
1469#if MBEDTLS_VERSION_NUMBER >= 0x02100100
1470 mbedtls_ssl_set_mtu(&m_env->ssl, (uint16_t)c_session->
mtu);
1473#ifdef MBEDTLS_SSL_DTLS_CONNECTION_ID
1488#if COAP_CLIENT_SUPPORT
1489static int *psk_ciphers =
NULL;
1490static int *pki_ciphers =
NULL;
1491static int *ecjpake_ciphers =
NULL;
1492static int processed_ciphers = 0;
1494#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1496coap_ssl_ciphersuite_uses_psk(
const mbedtls_ssl_ciphersuite_t *info) {
1497#if COAP_USE_PSA_CRYPTO
1498 switch (info->key_exchange) {
1499 case MBEDTLS_KEY_EXCHANGE_PSK:
1500 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
1502 case MBEDTLS_KEY_EXCHANGE_NONE:
1503 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1504 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1505 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
1509#elif MBEDTLS_VERSION_NUMBER >= 0x03060000
1510 switch (info->key_exchange) {
1511 case MBEDTLS_KEY_EXCHANGE_PSK:
1512 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1513 case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
1514 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
1516 case MBEDTLS_KEY_EXCHANGE_NONE:
1517 case MBEDTLS_KEY_EXCHANGE_RSA:
1518 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1519 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1520 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1521 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1522 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1523 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
1528 return mbedtls_ssl_ciphersuite_uses_psk(info);
1534set_ciphersuites(mbedtls_ssl_config *conf, coap_enc_method_t method) {
1535 if (!processed_ciphers) {
1536 const int *list = mbedtls_ssl_list_ciphersuites();
1537 const int *base = list;
1540#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1542 int ecjpake_count = 1;
1548 const mbedtls_ssl_ciphersuite_t *cur =
1549 mbedtls_ssl_ciphersuite_from_id(*list);
1552#if MBEDTLS_VERSION_NUMBER >= 0x03020000
1553 if (cur->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2) {
1557 if (cur->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_3) {
1561#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1562 else if (cur->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
1566#if MBEDTLS_VERSION_NUMBER >= 0x03060000
1567 else if (cur->min_tls_version >= MBEDTLS_SSL_VERSION_TLS1_3) {
1572#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1573 else if (coap_ssl_ciphersuite_uses_psk(cur)) {
1585 psk_ciphers = mbedtls_malloc(psk_count *
sizeof(psk_ciphers[0]));
1586 if (psk_ciphers ==
NULL) {
1587 coap_log_err(
"set_ciphers: mbedtls_malloc with count %d failed\n", psk_count);
1590 pki_ciphers = mbedtls_malloc(pki_count *
sizeof(pki_ciphers[0]));
1591 if (pki_ciphers ==
NULL) {
1592 coap_log_err(
"set_ciphers: mbedtls_malloc with count %d failed\n", pki_count);
1593 mbedtls_free(psk_ciphers);
1597#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1598 ecjpake_ciphers = mbedtls_malloc(ecjpake_count *
sizeof(ecjpake_ciphers[0]));
1599 if (ecjpake_ciphers ==
NULL) {
1600 coap_log_err(
"set_ciphers: mbedtls_malloc with count %d failed\n", pki_count);
1601 mbedtls_free(psk_ciphers);
1602 mbedtls_free(pki_ciphers);
1609 psk_list = psk_ciphers;
1610 pki_list = pki_ciphers;
1611#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1612 ecjpake_list = ecjpake_ciphers;
1616 const mbedtls_ssl_ciphersuite_t *cur =
1617 mbedtls_ssl_ciphersuite_from_id(*list);
1619#if MBEDTLS_VERSION_NUMBER >= 0x03020000
1620 if (cur->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2) {
1624 if (cur->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_3) {
1628#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1629 else if (cur->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
1630 *ecjpake_list = *list;
1634#if MBEDTLS_VERSION_NUMBER >= 0x03060000
1635 else if (cur->min_tls_version >= MBEDTLS_SSL_VERSION_TLS1_3) {
1642#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1643 else if (coap_ssl_ciphersuite_uses_psk(cur)) {
1658 processed_ciphers = 1;
1662 mbedtls_ssl_conf_ciphersuites(conf, psk_ciphers);
1665 mbedtls_ssl_conf_ciphersuites(conf, pki_ciphers);
1667 case COAP_ENC_ECJPAKE:
1668 mbedtls_ssl_conf_ciphersuites(conf, ecjpake_ciphers);
1678 coap_mbedtls_env_t *m_env) {
1681 coap_mbedtls_context_t *m_context =
1684 m_context->psk_pki_enabled |= IS_CLIENT;
1686 if ((ret = mbedtls_ssl_config_defaults(&m_env->conf,
1687 MBEDTLS_SSL_IS_CLIENT,
1689 MBEDTLS_SSL_TRANSPORT_DATAGRAM :
1690 MBEDTLS_SSL_TRANSPORT_STREAM,
1691 MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
1692 coap_log_err(
"mbedtls_ssl_config_defaults returned -0x%x: '%s'\n",
1693 -ret, get_error_string(ret));
1697#if defined(MBEDTLS_SSL_PROTO_DTLS)
1702 mbedtls_ssl_conf_authmode(&m_env->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
1703#if !COAP_USE_PSA_CRYPTO
1704 mbedtls_ssl_conf_rng(&m_env->conf, mbedtls_ctr_drbg_random, &m_env->ctr_drbg);
1707 if (m_context->psk_pki_enabled & IS_PSK) {
1708#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1716 if (psk_key ==
NULL || psk_identity ==
NULL) {
1717 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
1721 if ((ret = mbedtls_ssl_conf_psk(&m_env->conf, psk_key->
s,
1722 psk_key->
length, psk_identity->
s,
1723 psk_identity->
length)) != 0) {
1724 coap_log_err(
"mbedtls_ssl_conf_psk returned -0x%x: '%s'\n",
1725 -ret, get_error_string(ret));
1729 if ((ret = mbedtls_ssl_set_hostname(&m_env->ssl,
1731 coap_log_err(
"mbedtls_ssl_set_hostname returned -0x%x: '%s'\n",
1732 -ret, get_error_string(ret));
1738#ifdef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
1740 m_env->ec_jpake = 1;
1741 set_ciphersuites(&m_env->conf, COAP_ENC_ECJPAKE);
1742#if MBEDTLS_VERSION_NUMBER >= 0x03020000
1743 mbedtls_ssl_conf_max_tls_version(&m_env->conf, MBEDTLS_SSL_VERSION_TLS1_2);
1746 set_ciphersuites(&m_env->conf, COAP_ENC_PSK);
1749 set_ciphersuites(&m_env->conf, COAP_ENC_PSK);
1754 }
else if ((m_context->psk_pki_enabled & IS_PKI) ||
1755 (m_context->psk_pki_enabled & (IS_PSK | IS_PKI)) == 0) {
1762 if (!(m_context->psk_pki_enabled & IS_PKI)) {
1776 mbedtls_ssl_conf_authmode(&m_env->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
1777 ret = setup_pki_credentials(&m_env->cacert, &m_env->public_cert,
1778 &m_env->private_key, m_env, m_context,
1779 c_session, setup_data,
1785#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_ALPN)
1788 static const char *alpn_list[] = {
"coap",
NULL };
1790 ret = mbedtls_ssl_conf_alpn_protocols(&m_env->conf, alpn_list);
1796 mbedtls_ssl_set_hostname(&m_env->ssl, m_context->setup_data.client_sni);
1797#if defined(MBEDTLS_SSL_PROTO_DTLS)
1798#if MBEDTLS_VERSION_NUMBER >= 0x02100100
1799 mbedtls_ssl_set_mtu(&m_env->ssl, (uint16_t)c_session->
mtu);
1802 set_ciphersuites(&m_env->conf, COAP_ENC_PKI);
1812mbedtls_cleanup(coap_mbedtls_env_t *m_env) {
1817 mbedtls_x509_crt_free(&m_env->cacert);
1818 mbedtls_x509_crt_free(&m_env->public_cert);
1819 mbedtls_pk_free(&m_env->private_key);
1820#if !COAP_USE_PSA_CRYPTO
1821 mbedtls_entropy_free(&m_env->entropy);
1822 mbedtls_ctr_drbg_free(&m_env->ctr_drbg);
1824 mbedtls_ssl_config_free(&m_env->conf);
1825 mbedtls_ssl_free(&m_env->ssl);
1826 mbedtls_ssl_cookie_free(&m_env->cookie_ctx);
1830coap_dtls_free_mbedtls_env(coap_mbedtls_env_t *m_env) {
1832 if (!m_env->sent_alert)
1833 mbedtls_ssl_close_notify(&m_env->ssl);
1834 mbedtls_cleanup(m_env);
1835 mbedtls_free(m_env);
1839#if COAP_MAX_LOGGING_LEVEL > 0
1841report_mbedtls_alert(
unsigned char alert) {
1843 case MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC:
1844 return ": Bad Record MAC";
1845 case MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE:
1846 return ": Handshake failure";
1847 case MBEDTLS_SSL_ALERT_MSG_NO_CERT:
1848 return ": No Certificate provided";
1849 case MBEDTLS_SSL_ALERT_MSG_BAD_CERT:
1850 return ": Certificate is bad";
1851 case MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN:
1852 return ": Certificate is unknown";
1853 case MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA:
1854 return ": CA is unknown";
1855 case MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED:
1856 return ": Access was denied";
1857 case MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR:
1858 return ": Decrypt error";
1872 coap_mbedtls_env_t *m_env) {
1876 ret = mbedtls_ssl_handshake(&m_env->ssl);
1879 m_env->established = 1;
1883#ifdef MBEDTLS_SSL_DTLS_CONNECTION_ID
1884#if COAP_CLIENT_SUPPORT
1887 coap_mbedtls_context_t *m_context;
1891 m_context->setup_data.use_cid) {
1892 unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];
1894 size_t peer_cid_len;
1897 if (mbedtls_ssl_get_peer_cid(&m_env->ssl, &enabled, peer_cid, &peer_cid_len) == 0 &&
1898 enabled == MBEDTLS_SSL_CID_ENABLED) {
1899 c_session->negotiated_cid = 1;
1902 c_session->negotiated_cid = 0;
1911 case MBEDTLS_ERR_SSL_WANT_READ:
1912 case MBEDTLS_ERR_SSL_WANT_WRITE:
1913 if (m_env->ssl.state == MBEDTLS_SSL_SERVER_HELLO
1914#
if MBEDTLS_VERSION_NUMBER >= 0x03030000
1915 || m_env->ssl.state == MBEDTLS_SSL_NEW_SESSION_TICKET
1918 if (++m_env->server_hello_cnt > 10) {
1926 case MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED:
1929 case MBEDTLS_ERR_SSL_INVALID_MAC:
1931#ifdef MBEDTLS_2_X_COMPAT
1932 case MBEDTLS_ERR_SSL_UNKNOWN_CIPHER:
1934 case MBEDTLS_ERR_SSL_DECODE_ERROR:
1937 case MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE:
1938 alert = MBEDTLS_SSL_ALERT_MSG_NO_CERT;
1940#ifdef MBEDTLS_2_X_COMPAT
1941 case MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO:
1942 case MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO:
1943 alert = MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE;
1946 case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
1948 case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
1949 if (m_env->ssl.in_msg[1] != MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY)
1952 report_mbedtls_alert(m_env->ssl.in_msg[1]));
1954 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
1955 case MBEDTLS_ERR_SSL_CONN_EOF:
1956 case MBEDTLS_ERR_NET_CONN_RESET:
1962 "returned -0x%x: '%s'\n",
1963 -ret, get_error_string(ret));
1970 mbedtls_ssl_send_alert_message(&m_env->ssl,
1971 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1973 m_env->sent_alert = 1;
1978 get_error_string(ret));
1980 mbedtls_ssl_session_reset(&m_env->ssl);
1981#ifdef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
1982 if (m_env->ec_jpake) {
1985#if COAP_CLIENT_SUPPORT && COAP_SERVER_SUPPORT
1991#elif COAP_CLIENT_SUPPORT
1997 mbedtls_ssl_set_hs_ecjpake_password(&m_env->ssl, psk_key->
s, psk_key->
length);
2005mbedtls_debug_out(
void *ctx
COAP_UNUSED,
int level,
2038#if !COAP_DISABLE_TCP
2046coap_sock_read(
void *ctx,
unsigned char *out,
size_t outl) {
2047 int ret = MBEDTLS_ERR_SSL_CONN_EOF;
2054 if (errno == ECONNRESET) {
2056 ret = MBEDTLS_ERR_SSL_CONN_EOF;
2058 ret = MBEDTLS_ERR_NET_RECV_FAILED;
2060 }
else if (ret == 0) {
2062 ret = MBEDTLS_ERR_SSL_WANT_READ;
2075coap_sock_write(
void *context,
const unsigned char *in,
size_t inl) {
2080 (
const uint8_t *)in,
2086 (errno == EPIPE || errno == ECONNRESET)) {
2101 int lasterror = WSAGetLastError();
2103 if (lasterror == WSAEWOULDBLOCK) {
2104 ret = MBEDTLS_ERR_SSL_WANT_WRITE;
2105 }
else if (lasterror == WSAECONNRESET) {
2106 ret = MBEDTLS_ERR_NET_CONN_RESET;
2109 if (errno == EAGAIN || errno == EINTR) {
2110 ret = MBEDTLS_ERR_SSL_WANT_WRITE;
2111 }
else if (errno == EPIPE || errno == ECONNRESET) {
2112 ret = MBEDTLS_ERR_NET_CONN_RESET;
2116 ret = MBEDTLS_ERR_NET_SEND_FAILED;
2125 ret = MBEDTLS_ERR_SSL_WANT_WRITE;
2131static coap_mbedtls_env_t *
2135#if !COAP_USE_PSA_CRYPTO
2138 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
2143 m_env = (coap_mbedtls_env_t *)mbedtls_malloc(
sizeof(coap_mbedtls_env_t));
2147 memset(m_env, 0,
sizeof(coap_mbedtls_env_t));
2149 mbedtls_ssl_init(&m_env->ssl);
2150#if !COAP_USE_PSA_CRYPTO
2151 mbedtls_ctr_drbg_init(&m_env->ctr_drbg);
2152 mbedtls_entropy_init(&m_env->entropy);
2154 mbedtls_ssl_config_init(&m_env->conf);
2156#if defined(ESPIDF_VERSION) && defined(CONFIG_MBEDTLS_DEBUG)
2157 mbedtls_esp_enable_debug_log(&m_env->conf, CONFIG_MBEDTLS_DEBUG_LEVEL);
2160#if !COAP_USE_PSA_CRYPTO
2161 if ((ret = mbedtls_ctr_drbg_seed(&m_env->ctr_drbg,
2162 mbedtls_entropy_func, &m_env->entropy,
NULL, 0)) != 0) {
2163 if (ret != MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) {
2164 coap_log_info(
"mbedtls_ctr_drbg_seed returned -0x%x: '%s'\n",
2165 -ret, get_error_string(ret));
2168 coap_log_err(
"mbedtls_ctr_drbg_seed returned -0x%x: '%s'\n",
2169 -ret, get_error_string(ret));
2174#if COAP_CLIENT_SUPPORT
2175 if (setup_client_ssl_session(c_session, m_env) != 0) {
2182#if defined(MBEDTLS_SSL_SRV_C)
2183 if (setup_server_ssl_session(c_session, m_env) != 0) {
2193#if MBEDTLS_VERSION_NUMBER >= 0x03020000
2194 mbedtls_ssl_conf_min_tls_version(&m_env->conf, MBEDTLS_SSL_VERSION_TLS1_2);
2196 mbedtls_ssl_conf_min_version(&m_env->conf, MBEDTLS_SSL_MAJOR_VERSION_3,
2197 MBEDTLS_SSL_MINOR_VERSION_3);
2200 if (mbedtls_ssl_setup(&m_env->ssl, &m_env->conf) != 0) {
2204 mbedtls_ssl_set_bio(&m_env->ssl, c_session, coap_dgram_write,
2205 coap_dgram_read,
NULL);
2206#ifdef MBEDTLS_SSL_DTLS_CONNECTION_ID
2209#if COAP_CLIENT_SUPPORT
2210 coap_mbedtls_context_t *m_context =
2214 m_context->setup_data.use_cid) {
2222 mbedtls_ssl_set_cid(&m_env->ssl, MBEDTLS_SSL_CID_ENABLED,
NULL, 0);
2226#if COAP_SERVER_SUPPORT
2236 mbedtls_ssl_set_cid(&m_env->ssl, MBEDTLS_SSL_CID_ENABLED, cid,
2244#if !COAP_DISABLE_TCP
2247 mbedtls_ssl_set_bio(&m_env->ssl, c_session, coap_sock_write,
2248 coap_sock_read,
NULL);
2251#ifdef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
2252 coap_mbedtls_context_t *m_context =
2254 if ((m_context->psk_pki_enabled & IS_PSK) &&
2258#if COAP_CLIENT_SUPPORT && COAP_SERVER_SUPPORT
2264#elif COAP_CLIENT_SUPPORT
2269 mbedtls_ssl_set_hs_ecjpake_password(&m_env->ssl, psk_key->
s, psk_key->
length);
2273 mbedtls_ssl_set_timer_cb(&m_env->ssl, &m_env->timer,
2274 zephyr_timing_set_delay,
2275 zephyr_timing_get_delay);
2277 mbedtls_ssl_set_timer_cb(&m_env->ssl, &m_env->timer,
2278 mbedtls_timing_set_delay,
2279 mbedtls_timing_get_delay);
2282 mbedtls_ssl_conf_dbg(&m_env->conf, mbedtls_debug_out, stdout);
2287 mbedtls_free(m_env);
2294#if defined(MBEDTLS_SSL_PROTO_DTLS)
2297 static int reported = 0;
2301 " - update Mbed TLS to include DTLS\n");
2309#if !COAP_DISABLE_TCP
2358#ifdef MBEDTLS_SSL_DTLS_CONNECTION_ID
2365#if COAP_CLIENT_SUPPORT
2368#ifdef MBEDTLS_SSL_DTLS_CONNECTION_ID
2369 c_context->testing_cids = every;
2381 coap_mbedtls_context_t *m_context;
2384 m_context = (coap_mbedtls_context_t *)mbedtls_malloc(
sizeof(coap_mbedtls_context_t));
2386 memset(m_context, 0,
sizeof(coap_mbedtls_context_t));
2391#if COAP_SERVER_SUPPORT
2400 coap_mbedtls_context_t *m_context =
2403#if !defined(MBEDTLS_SSL_SRV_C)
2405 " libcoap not compiled for Server Mode for Mbed TLS"
2406 " - update Mbed TLS to include Server Mode\n");
2409 if (!m_context || !setup_data)
2413#ifndef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
2414 coap_log_warn(
"Mbed TLS not compiled for EC-JPAKE support\n");
2418 coap_log_warn(
"CoAP Server with Mbed TLS does not support Identity Hint\n");
2420 m_context->psk_pki_enabled |= IS_PSK;
2425#if COAP_CLIENT_SUPPORT
2434#if !defined(MBEDTLS_SSL_CLI_C)
2439 " libcoap not compiled for Client Mode for Mbed TLS"
2440 " - update Mbed TLS to include Client Mode\n");
2443 coap_mbedtls_context_t *m_context =
2446 if (!m_context || !setup_data)
2450 coap_log_warn(
"CoAP Client with Mbed TLS does not support Identity Hint selection\n");
2453#ifndef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
2454 coap_log_warn(
"Mbed TLS not compiled for EC-JPAKE support\n");
2458#ifndef MBEDTLS_SSL_DTLS_CONNECTION_ID
2459 coap_log_warn(
"Mbed TLS not compiled for Connection-ID support\n");
2462 m_context->psk_pki_enabled |= IS_PSK;
2472 coap_mbedtls_context_t *m_context =
2475 m_context->setup_data = *setup_data;
2476 if (!m_context->setup_data.verify_peer_cert) {
2478 m_context->setup_data.check_common_ca = 0;
2480 m_context->setup_data.allow_self_signed = 1;
2481 m_context->setup_data.allow_expired_certs = 1;
2482 m_context->setup_data.cert_chain_validation = 1;
2483 m_context->setup_data.cert_chain_verify_depth = 10;
2484 m_context->setup_data.check_cert_revocation = 1;
2485 m_context->setup_data.allow_no_crl = 1;
2486 m_context->setup_data.allow_expired_crl = 1;
2487 m_context->setup_data.allow_bad_md_hash = 1;
2488 m_context->setup_data.allow_short_rsa_length = 1;
2490 m_context->psk_pki_enabled |= IS_PKI;
2492#ifndef MBEDTLS_SSL_DTLS_CONNECTION_ID
2493 coap_log_warn(
"Mbed TLS not compiled for Connection-ID support\n");
2501 const char *ca_file,
2502 const char *ca_path) {
2503 coap_mbedtls_context_t *m_context =
2507 coap_log_warn(
"coap_context_set_pki_root_cas: (D)TLS environment "
2512 if (ca_file ==
NULL && ca_path ==
NULL) {
2513 coap_log_warn(
"coap_context_set_pki_root_cas: ca_file and/or ca_path "
2517 if (m_context->root_ca_file) {
2518 mbedtls_free(m_context->root_ca_file);
2519 m_context->root_ca_file =
NULL;
2523 m_context->root_ca_file = mbedtls_strdup(ca_file);
2526 if (m_context->root_ca_path) {
2527 mbedtls_free(m_context->root_ca_path);
2528 m_context->root_ca_path =
NULL;
2532 m_context->root_ca_path = mbedtls_strdup(ca_path);
2543 coap_mbedtls_context_t *m_context =
2547 coap_log_warn(
"coap_context_load_pki_trust_store: (D)TLS environment "
2551 m_context->trust_store_defined = 1;
2560 coap_mbedtls_context_t *m_context =
2562 return m_context->psk_pki_enabled ? 1 : 0;
2567 coap_mbedtls_context_t *m_context = (coap_mbedtls_context_t *)dtls_context;
2570 for (i = 0; i < m_context->pki_sni_count; i++) {
2571 mbedtls_free(m_context->pki_sni_entry_list[i].sni);
2573 mbedtls_x509_crt_free(&m_context->pki_sni_entry_list[i].public_cert);
2575 mbedtls_pk_free(&m_context->pki_sni_entry_list[i].private_key);
2577 mbedtls_x509_crt_free(&m_context->pki_sni_entry_list[i].cacert);
2579 if (m_context->pki_sni_entry_list)
2580 mbedtls_free(m_context->pki_sni_entry_list);
2582 for (i = 0; i < m_context->psk_sni_count; i++) {
2583 mbedtls_free(m_context->psk_sni_entry_list[i].sni);
2585 if (m_context->psk_sni_entry_list)
2586 mbedtls_free(m_context->psk_sni_entry_list);
2588 if (m_context->root_ca_path)
2589 mbedtls_free(m_context->root_ca_path);
2590 if (m_context->root_ca_file)
2591 mbedtls_free(m_context->root_ca_file);
2593 mbedtls_free(m_context);
2596#if COAP_CLIENT_SUPPORT
2599#if !defined(MBEDTLS_SSL_CLI_C)
2602 " libcoap not compiled for Client Mode for Mbed TLS"
2603 " - update Mbed TLS to include Client Mode\n");
2606 coap_mbedtls_env_t *m_env = coap_dtls_new_mbedtls_env(c_session,
2615 m_env->last_timeout = now;
2616 ret = do_mbedtls_handshake(c_session, m_env);
2618 coap_dtls_free_mbedtls_env(m_env);
2627#if COAP_SERVER_SUPPORT
2630#if !defined(MBEDTLS_SSL_SRV_C)
2633 " libcoap not compiled for Server Mode for Mbed TLS"
2634 " - update Mbed TLS to include Server Mode\n");
2637 coap_mbedtls_env_t *m_env =
2638 (coap_mbedtls_env_t *)c_session->
tls;
2640#if defined(MBEDTLS_SSL_PROTO_DTLS)
2641#if MBEDTLS_VERSION_NUMBER >= 0x02100100
2642 mbedtls_ssl_set_mtu(&m_env->ssl, (uint16_t)c_session->
mtu);
2653 if (c_session && c_session->
context && c_session->
tls) {
2654 coap_dtls_free_mbedtls_env(c_session->
tls);
2663#if defined(MBEDTLS_SSL_PROTO_DTLS)
2664 coap_mbedtls_env_t *m_env =
2665 (coap_mbedtls_env_t *)c_session->
tls;
2667#if MBEDTLS_VERSION_NUMBER >= 0x02100100
2668 mbedtls_ssl_set_mtu(&m_env->ssl, (uint16_t)c_session->
mtu);
2678 const uint8_t *data,
size_t data_len) {
2680 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
2689 if (m_env->established) {
2690 ret = mbedtls_ssl_write(&m_env->ssl, (
const unsigned char *) data, data_len);
2693 case MBEDTLS_ERR_SSL_WANT_READ:
2694 case MBEDTLS_ERR_SSL_WANT_WRITE:
2697 case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
2703 "returned -0x%x: '%s'\n",
2704 -ret, get_error_string(ret));
2713 ret = do_mbedtls_handshake(c_session, m_env);
2743 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
2745 int ret = zephyr_timing_get_delay(&m_env->timer);
2747 int ret = mbedtls_timing_get_delay(&m_env->timer);
2749 unsigned int scalar = 1 << m_env->retry_scalar;
2759 m_env->last_timeout = now;
2772 m_env->last_timeout = now;
2790 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
2792 if (m_env ==
NULL) {
2797 m_env->retry_scalar++;
2799 (do_mbedtls_handshake(c_session, m_env) < 0)) {
2814 const uint8_t *data,
2819 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
2820 coap_ssl_t *ssl_data;
2822 if (m_env ==
NULL) {
2827 ssl_data = &m_env->coap_ssl_data;
2828 if (ssl_data->pdu_len) {
2829 coap_log_err(
"** %s: Previous data not read %u bytes\n",
2832 ssl_data->pdu = data;
2833 ssl_data->pdu_len = (unsigned)data_len;
2835 if (m_env->established) {
2836#if COAP_CONSTRAINED_STACK
2843 ret = mbedtls_ssl_read(&m_env->ssl, pdu,
sizeof(pdu));
2848 if (!c_session->
tls) {
2856 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
2857 case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
2860 case MBEDTLS_ERR_SSL_WANT_READ:
2864 "returned -0x%x: '%s' (length %" PRIdS ")\n",
2865 -ret, get_error_string(ret), data_len);
2870 ret = do_mbedtls_handshake(c_session, m_env);
2875 if (ssl_data->pdu_len) {
2877 ret = do_mbedtls_handshake(c_session, m_env);
2896 if (ssl_data && ssl_data->pdu_len) {
2898 coap_log_debug(
"coap_dtls_receive: ret %d: remaining data %u\n", ret, ssl_data->pdu_len);
2899 ssl_data->pdu_len = 0;
2900 ssl_data->pdu =
NULL;
2905#if COAP_SERVER_SUPPORT
2913 const uint8_t *data,
2915#if !defined(MBEDTLS_SSL_PROTO_DTLS) || !defined(MBEDTLS_SSL_SRV_C)
2920 " libcoap not compiled for DTLS or Server Mode for Mbed TLS"
2921 " - update Mbed TLS to include DTLS and Server Mode\n");
2924 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
2925 coap_ssl_t *ssl_data;
2932 c_session->
tls = m_env;
2939 if ((ret = mbedtls_ssl_set_client_transport_id(&m_env->ssl,
2942 coap_log_err(
"mbedtls_ssl_set_client_transport_id() returned -0x%x: '%s'\n",
2943 -ret, get_error_string(ret));
2947 ssl_data = &m_env->coap_ssl_data;
2948 if (ssl_data->pdu_len) {
2949 coap_log_err(
"** %s: Previous data not read %u bytes\n",
2952 ssl_data->pdu = data;
2953 ssl_data->pdu_len = (unsigned)data_len;
2955 ret = do_mbedtls_handshake(c_session, m_env);
2956 if (ret == 0 || m_env->seen_client_hello) {
2962 m_env->seen_client_hello = 0;
2968 if (ssl_data->pdu_len) {
2970 coap_log_debug(
"coap_dtls_hello: ret %d: remaining data %u\n", ret, ssl_data->pdu_len);
2971 ssl_data->pdu_len = 0;
2972 ssl_data->pdu =
NULL;
2981 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
2982 int expansion = mbedtls_ssl_get_record_expansion(&m_env->ssl);
2984 if (expansion == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) {
2990#if !COAP_DISABLE_TCP
2991#if COAP_CLIENT_SUPPORT
2994#if !defined(MBEDTLS_SSL_CLI_C)
2998 " libcoap not compiled for Client Mode for Mbed TLS"
2999 " - update Mbed TLS to include Client Mode\n");
3002 coap_mbedtls_env_t *m_env = coap_dtls_new_mbedtls_env(c_session,
3011 m_env->last_timeout = now;
3012 c_session->
tls = m_env;
3013 do_mbedtls_handshake(c_session, m_env);
3019#if COAP_SERVER_SUPPORT
3022#if !defined(MBEDTLS_SSL_SRV_C)
3027 " libcoap not compiled for Server Mode for Mbed TLS"
3028 " - update Mbed TLS to include Server Mode\n");
3031 coap_mbedtls_env_t *m_env = coap_dtls_new_mbedtls_env(c_session,
3038 c_session->
tls = m_env;
3039 do_mbedtls_handshake(c_session, m_env);
3060 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
3061 size_t amount_sent = 0;
3068 if (m_env->established) {
3069 while (amount_sent < data_len) {
3070 ret = mbedtls_ssl_write(&m_env->ssl, &data[amount_sent],
3071 data_len - amount_sent);
3074 case MBEDTLS_ERR_SSL_WANT_READ:
3075 case MBEDTLS_ERR_SSL_WANT_WRITE:
3082 case MBEDTLS_ERR_NET_CONN_RESET:
3083 case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
3088 "returned -0x%x: '%s'\n",
3089 -ret, get_error_string(ret));
3101 ret = do_mbedtls_handshake(c_session, m_env);
3115 if (ret == (ssize_t)data_len)
3134 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
3143 if (!m_env->established && !m_env->sent_alert) {
3144 ret = do_mbedtls_handshake(c_session, m_env);
3148 ret = mbedtls_ssl_read(&m_env->ssl, data, data_len);
3152 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
3156 case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
3158 m_env->sent_alert = 1;
3161#if MBEDTLS_VERSION_NUMBER >= 0x03060000
3162 case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET:
3164 case MBEDTLS_ERR_SSL_WANT_READ:
3170 "returned -0x%x: '%s' (length %" PRIdS ")\n",
3171 -ret, get_error_string(ret), data_len);
3175 }
else if (ret < (
int)data_len) {
3198#if COAP_USE_PSA_CRYPTO || defined(MBEDTLS_PSA_CRYPTO_C)
3205#if COAP_CLIENT_SUPPORT
3206 mbedtls_free(psk_ciphers);
3207 mbedtls_free(pki_ciphers);
3208 mbedtls_free(ecjpake_ciphers);
3211 ecjpake_ciphers =
NULL;
3212 processed_ciphers = 0;
3215#if COAP_USE_PSA_CRYPTO || defined(MBEDTLS_PSA_CRYPTO_C)
3216 mbedtls_psa_crypto_free();
3226 if (c_session && c_session->
tls) {
3227 coap_mbedtls_env_t *m_env;
3230 memcpy(&m_env, &c_session->
tls,
sizeof(m_env));
3232 return (
void *)&m_env->ssl;
3241#if !defined(ESPIDF_VERSION)
3251 switch ((
int)level) {
3272 mbedtls_debug_set_threshold(use_level);
3274 keep_log_level = level;
3279 return keep_log_level;
3284#if COAP_WITH_LIBMBEDTLS || COAP_WITH_LIBMBEDTLS_OSCORE
3286#if COAP_SERVER_SUPPORT
3288coap_digest_setup(
void) {
3289 coap_crypto_sha256_ctx_t *digest_ctx = mbedtls_malloc(
sizeof(coap_crypto_sha256_ctx_t));
3292 if (coap_crypto_sha256_init(digest_ctx) != 0) {
3293 coap_digest_free(digest_ctx);
3301coap_digest_free(coap_digest_ctx_t *digest_ctx) {
3303 coap_crypto_sha256_free(digest_ctx);
3304 mbedtls_free(digest_ctx);
3309coap_digest_update(coap_digest_ctx_t *digest_ctx,
3310 const uint8_t *data,
3312 return coap_crypto_sha256_update(digest_ctx, data, data_len) == 0;
3316coap_digest_final(coap_digest_ctx_t *digest_ctx,
3317 coap_digest_t *digest_buffer) {
3318 int ret = coap_crypto_sha256_finish(digest_ctx, (uint8_t *)digest_buffer) == 0;
3319 coap_digest_free(digest_ctx);
3329 coap_crypto_md_type_t md_type;
3334 md_type = COAP_CRYPTO_MD_SHA1;
3337 md_type = COAP_CRYPTO_MD_SHA256;
3340 md_type = COAP_CRYPTO_MD_SHA512;
3343 coap_log_debug(
"coap_crypto_hash: algorithm %d not supported\n", alg);
3347 hash_len = coap_crypto_hash_size(md_type);
3355 if (coap_crypto_hash_compute(md_type, data->
s, data->
length,
3368#if COAP_OSCORE_SUPPORT
3370coap_crypto_hmac_compute(coap_crypto_md_type_t md_type,
3371 const uint8_t *key,
size_t key_len,
3372 const uint8_t *input,
size_t ilen,
3373 uint8_t *output,
size_t output_size,
3374 size_t *output_len) {
3375#if COAP_USE_PSA_CRYPTO
3376 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3377 psa_key_id_t key_id;
3378 psa_algorithm_t psa_alg = PSA_ALG_HMAC(md_type);
3380 psa_status_t status;
3382 psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
3383 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
3384 psa_set_key_algorithm(&attributes, psa_alg);
3386 if (psa_import_key(&attributes, key, key_len, &key_id) != PSA_SUCCESS) {
3390 status = psa_mac_compute(key_id, psa_alg, input, ilen,
3391 output, output_size, &mac_len);
3392 psa_destroy_key(key_id);
3395 *output_len = mac_len;
3396 return (status == PSA_SUCCESS) ? 0 : -1;
3398 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
3401 size_t mac_size = mbedtls_md_get_size(md_info);
3402 if (mac_size > output_size)
3405 *output_len = mac_size;
3406 return mbedtls_md_hmac(md_info, key, key_len, input, ilen, output);
3413coap_crypto_aead_encrypt_ccm(
const uint8_t *key,
size_t key_len,
3414 const uint8_t *nonce,
size_t nonce_len,
3415 const uint8_t *aad,
size_t aad_len,
3416 const uint8_t *plaintext,
size_t plaintext_len,
3417 uint8_t *ciphertext,
size_t ciphertext_size,
3418 size_t *ciphertext_len,
size_t tag_len) {
3419#if COAP_USE_PSA_CRYPTO
3420 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3421 psa_key_id_t key_id;
3422 psa_algorithm_t psa_alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, tag_len);
3424 psa_status_t status;
3426 psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
3427 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
3428 psa_set_key_algorithm(&attributes, psa_alg);
3429 psa_set_key_bits(&attributes, key_len * 8);
3431 if (psa_import_key(&attributes, key, key_len, &key_id) != PSA_SUCCESS) {
3435 status = psa_aead_encrypt(key_id, psa_alg,
3438 plaintext, plaintext_len,
3439 ciphertext, ciphertext_size, &output_len);
3440 psa_destroy_key(key_id);
3443 *ciphertext_len = output_len;
3444 return (status == PSA_SUCCESS) ? 0 : -1;
3446 mbedtls_cipher_context_t ctx;
3447 const mbedtls_cipher_info_t *cipher_info;
3448 mbedtls_cipher_type_t cipher_type;
3450 size_t result_len = ciphertext_size;
3452 if (key_len == 16) {
3453 cipher_type = MBEDTLS_CIPHER_AES_128_CCM;
3454 }
else if (key_len == 32) {
3455 cipher_type = MBEDTLS_CIPHER_AES_256_CCM;
3460 cipher_info = mbedtls_cipher_info_from_type(cipher_type);
3464 mbedtls_cipher_init(&ctx);
3465 if (mbedtls_cipher_setup(&ctx, cipher_info) != 0)
3467 if (mbedtls_cipher_setkey(&ctx, key, key_len * 8, MBEDTLS_ENCRYPT) != 0)
3470#if (MBEDTLS_VERSION_NUMBER < 0x02150000)
3472 unsigned char tag[16];
3473 if (mbedtls_cipher_auth_encrypt(&ctx,
3476 plaintext, plaintext_len,
3477 ciphertext, &result_len,
3478 tag, tag_len) != 0) {
3481 if ((result_len + tag_len) > ciphertext_size)
3483 memcpy(ciphertext + result_len, tag, tag_len);
3484 result_len += tag_len;
3487 if (mbedtls_cipher_auth_encrypt_ext(&ctx,
3490 plaintext, plaintext_len,
3491 ciphertext, ciphertext_size,
3492 &result_len, tag_len) != 0) {
3498 *ciphertext_len = result_len;
3502 mbedtls_cipher_free(&ctx);
3508coap_crypto_aead_decrypt_ccm(
const uint8_t *key,
size_t key_len,
3509 const uint8_t *nonce,
size_t nonce_len,
3510 const uint8_t *aad,
size_t aad_len,
3511 const uint8_t *ciphertext,
size_t ciphertext_len,
3512 uint8_t *plaintext,
size_t plaintext_size,
3513 size_t *plaintext_len,
size_t tag_len) {
3514#if COAP_USE_PSA_CRYPTO
3515 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3516 psa_key_id_t key_id;
3517 psa_algorithm_t psa_alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, tag_len);
3519 psa_status_t status;
3521 psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
3522 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
3523 psa_set_key_algorithm(&attributes, psa_alg);
3524 psa_set_key_bits(&attributes, key_len * 8);
3526 if (psa_import_key(&attributes, key, key_len, &key_id) != PSA_SUCCESS) {
3530 status = psa_aead_decrypt(key_id, psa_alg,
3533 ciphertext, ciphertext_len,
3534 plaintext, plaintext_size, &output_len);
3535 psa_destroy_key(key_id);
3538 *plaintext_len = output_len;
3539 return (status == PSA_SUCCESS) ? 0 : -1;
3541 mbedtls_cipher_context_t ctx;
3542 const mbedtls_cipher_info_t *cipher_info;
3543 mbedtls_cipher_type_t cipher_type;
3545 size_t result_len = plaintext_size;
3547 if (key_len == 16) {
3548 cipher_type = MBEDTLS_CIPHER_AES_128_CCM;
3549 }
else if (key_len == 32) {
3550 cipher_type = MBEDTLS_CIPHER_AES_256_CCM;
3555 cipher_info = mbedtls_cipher_info_from_type(cipher_type);
3559 mbedtls_cipher_init(&ctx);
3560 if (mbedtls_cipher_setup(&ctx, cipher_info) != 0)
3562 if (mbedtls_cipher_setkey(&ctx, key, key_len * 8, MBEDTLS_DECRYPT) != 0)
3565#if (MBEDTLS_VERSION_NUMBER < 0x02150000)
3567 const unsigned char *tag = ciphertext + ciphertext_len - tag_len;
3568 if (mbedtls_cipher_auth_decrypt(&ctx,
3571 ciphertext, ciphertext_len - tag_len,
3572 plaintext, &result_len,
3573 tag, tag_len) != 0) {
3578 if (mbedtls_cipher_auth_decrypt_ext(&ctx,
3581 ciphertext, ciphertext_len,
3582 plaintext, plaintext_size,
3583 &result_len, tag_len) != 0) {
3589 *plaintext_len = result_len;
3593 mbedtls_cipher_free(&ctx);
3609get_cipher_key_size(
cose_alg_t alg,
size_t *key_size) {
3620 coap_log_debug(
"get_cipher_key_size: COSE cipher %d not supported\n", alg);
3630 coap_crypto_md_type_t *md_type,
3632 switch ((
int)hmac_alg) {
3635 *md_type = COAP_CRYPTO_MD_SHA256;
3641 *md_type = COAP_CRYPTO_MD_SHA384;
3647 *md_type = COAP_CRYPTO_MD_SHA512;
3652 coap_log_debug(
"get_hmac_params: COSE HMAC %d not supported\n", hmac_alg);
3659 return get_cipher_key_size(alg,
NULL);
3668 return get_hmac_params(hmac_alg,
NULL,
NULL);
3676 size_t *max_result_len) {
3682 assert(params !=
NULL);
3688 if (!get_cipher_key_size(params->
alg,
NULL)) {
3689 coap_log_debug(
"coap_crypto_aead_encrypt: algorithm %d not supported\n",
3696 if (coap_crypto_aead_encrypt_ccm(ccm->
key.
s, ccm->
key.
length,
3700 result, *max_result_len, max_result_len,
3714 size_t *max_result_len) {
3720 assert(params !=
NULL);
3726 if (!get_cipher_key_size(params->
alg,
NULL)) {
3727 coap_log_debug(
"coap_crypto_aead_decrypt: algorithm %d not supported\n",
3739 if (coap_crypto_aead_decrypt_ccm(ccm->
key.
s, ccm->
key.
length,
3743 result, *max_result_len, max_result_len,
3757 coap_crypto_md_type_t md_type;
3765 if (!get_hmac_params(hmac_alg, &md_type, &mac_len)) {
3766 coap_log_debug(
"coap_crypto_hmac: algorithm %d not supported\n", hmac_alg);
3774 if (coap_crypto_hmac_compute(md_type, key->
s, key->
length,
3794#pragma GCC diagnostic ignored "-Wunused-function"
static size_t strnlen(const char *s, size_t maxlen)
A length-safe strlen() fake.
#define COAP_SERVER_SUPPORT
const char * coap_socket_strerror(void)
#define COAP_RXBUFFER_SIZE
#define COAP_SOCKET_WANT_WRITE
non blocking socket is waiting for writing
#define COAP_SOCKET_CAN_READ
non blocking socket can now read without blocking
Library specific build wrapper for coap_internal.h.
int coap_dtls_context_set_pki(coap_context_t *ctx COAP_UNUSED, const coap_dtls_pki_t *setup_data COAP_UNUSED, const coap_dtls_role_t role COAP_UNUSED)
coap_tick_t coap_dtls_get_timeout(coap_session_t *session COAP_UNUSED, coap_tick_t now COAP_UNUSED)
ssize_t coap_tls_read(coap_session_t *session COAP_UNUSED, uint8_t *data COAP_UNUSED, size_t data_len COAP_UNUSED)
coap_tick_t coap_dtls_get_context_timeout(void *dtls_context COAP_UNUSED)
int coap_dtls_receive(coap_session_t *session COAP_UNUSED, const uint8_t *data COAP_UNUSED, size_t data_len COAP_UNUSED)
void * coap_dtls_get_tls(const coap_session_t *c_session COAP_UNUSED, coap_tls_library_t *tls_lib)
unsigned int coap_dtls_get_overhead(coap_session_t *session COAP_UNUSED)
int coap_dtls_context_load_pki_trust_store(coap_context_t *ctx COAP_UNUSED)
int coap_dtls_context_check_keys_enabled(coap_context_t *ctx COAP_UNUSED)
ssize_t coap_dtls_send(coap_session_t *session COAP_UNUSED, const uint8_t *data COAP_UNUSED, size_t data_len COAP_UNUSED)
ssize_t coap_tls_write(coap_session_t *session COAP_UNUSED, const uint8_t *data COAP_UNUSED, size_t data_len COAP_UNUSED)
void coap_dtls_session_update_mtu(coap_session_t *session COAP_UNUSED)
int coap_dtls_context_set_pki_root_cas(coap_context_t *ctx COAP_UNUSED, const char *ca_file COAP_UNUSED, const char *ca_path COAP_UNUSED)
int coap_dtls_handle_timeout(coap_session_t *session COAP_UNUSED)
void coap_dtls_free_context(void *handle COAP_UNUSED)
void coap_dtls_free_session(coap_session_t *coap_session COAP_UNUSED)
void * coap_dtls_new_context(coap_context_t *coap_context COAP_UNUSED)
void coap_tls_free_session(coap_session_t *coap_session COAP_UNUSED)
uint64_t coap_tick_t
This data type represents internal timer ticks with COAP_TICKS_PER_SECOND resolution.
int coap_prng_lkd(void *buf, size_t len)
Fills buf with len random bytes using the default pseudo random number generator.
int coap_handle_event_lkd(coap_context_t *context, coap_event_t event, coap_session_t *session)
Invokes the event handler of context for the given event and data.
int coap_handle_dgram(coap_context_t *ctx, coap_session_t *session, uint8_t *msg, size_t msg_len)
Parses and interprets a CoAP datagram with context ctx.
void coap_ticks(coap_tick_t *t)
Returns the current value of an internal tick counter.
int coap_crypto_hmac(cose_hmac_alg_t hmac_alg, coap_bin_const_t *key, coap_bin_const_t *data, coap_bin_const_t **hmac)
Create a HMAC hash of the provided data.
int coap_crypto_aead_decrypt(const coap_crypto_param_t *params, coap_bin_const_t *data, coap_bin_const_t *aad, uint8_t *result, size_t *max_result_len)
Decrypt the provided encrypted data into plaintext.
int coap_crypto_aead_encrypt(const coap_crypto_param_t *params, coap_bin_const_t *data, coap_bin_const_t *aad, uint8_t *result, size_t *max_result_len)
Encrypt the provided plaintext data.
int coap_crypto_hash(cose_alg_t alg, const coap_bin_const_t *data, coap_bin_const_t **hash)
Create a hash of the provided data.
int coap_crypto_check_hkdf_alg(cose_hkdf_alg_t hkdf_alg)
Check whether the defined hkdf algorithm is supported by the underlying crypto library.
int coap_crypto_check_cipher_alg(cose_alg_t alg)
Check whether the defined cipher algorithm is supported by the underlying crypto library.
const coap_bin_const_t * coap_get_session_client_psk_identity(const coap_session_t *coap_session)
Get the current client's PSK identity.
void coap_dtls_startup(void)
Initialize the underlying (D)TLS Library layer.
#define COAP_DTLS_RETRANSMIT_MS
int coap_dtls_define_issue(coap_define_issue_key_t type, coap_define_issue_fail_t fail, coap_dtls_key_t *key, const coap_dtls_role_t role, int ret)
Report PKI DEFINE type issue.
void coap_dtls_thread_shutdown(void)
Close down the underlying (D)TLS Library layer.
int coap_dtls_set_cid_tuple_change(coap_context_t *context, uint8_t every)
Set the Connection ID client tuple frequency change for testing CIDs.
#define COAP_DTLS_CID_LENGTH
int coap_dtls_is_context_timeout(void)
Check if timeout is handled per CoAP session or per CoAP context.
void coap_dtls_shutdown(void)
Close down the underlying (D)TLS Library layer.
const coap_bin_const_t * coap_get_session_client_psk_key(const coap_session_t *coap_session)
Get the current client's PSK key.
#define COAP_DTLS_RETRANSMIT_COAP_TICKS
void coap_dtls_map_key_type_to_define(const coap_dtls_pki_t *setup_data, coap_dtls_key_t *key)
Map the PKI key definitions to the new DEFINE format.
const coap_bin_const_t * coap_get_session_server_psk_key(const coap_session_t *coap_session)
Get the current server's PSK key.
#define COAP_DTLS_RETRANSMIT_TOTAL_MS
@ COAP_DEFINE_KEY_PRIVATE
@ COAP_DEFINE_KEY_ROOT_CA
@ COAP_DEFINE_FAIL_NOT_SUPPORTED
coap_tls_version_t * coap_get_tls_library_version(void)
Determine the type and version of the underlying (D)TLS library.
struct coap_dtls_key_t coap_dtls_key_t
The structure that holds the PKI key information.
struct coap_dtls_spsk_info_t coap_dtls_spsk_info_t
The structure that holds the Server Pre-Shared Key and Identity Hint information.
struct coap_dtls_pki_t coap_dtls_pki_t
@ COAP_PKI_KEY_DEF_PKCS11
The PKI key type is PKCS11 (pkcs11:...).
@ COAP_PKI_KEY_DEF_DER_BUF
The PKI key type is DER buffer (ASN.1).
@ COAP_PKI_KEY_DEF_PEM_BUF
The PKI key type is PEM buffer.
@ COAP_PKI_KEY_DEF_PEM
The PKI key type is PEM file.
@ COAP_PKI_KEY_DEF_ENGINE
The PKI key type is to be passed to ENGINE.
@ COAP_PKI_KEY_DEF_RPK_BUF
The PKI key type is RPK in buffer.
@ COAP_PKI_KEY_DEF_DER
The PKI key type is DER file.
@ COAP_PKI_KEY_DEF_PKCS11_RPK
The PKI key type is PKCS11 w/ RPK (pkcs11:...).
@ COAP_DTLS_ROLE_SERVER
Internal function invoked for server.
@ COAP_DTLS_ROLE_CLIENT
Internal function invoked for client.
@ COAP_PKI_KEY_DEFINE
The individual PKI key types are Definable.
@ COAP_TLS_LIBRARY_MBEDTLS
Using Mbed TLS library.
@ COAP_EVENT_DTLS_CLOSED
Triggerred when (D)TLS session closed.
@ COAP_EVENT_DTLS_CONNECTED
Triggered when (D)TLS session connected.
@ COAP_EVENT_DTLS_ERROR
Triggered when (D)TLS error occurs.
#define coap_lock_callback_ret(r, func)
Dummy for no thread-safe code.
#define coap_log_debug(...)
#define coap_log_emerg(...)
coap_log_t coap_dtls_get_log_level(void)
Get the current (D)TLS logging.
#define coap_dtls_log(level,...)
Logging function.
void coap_dtls_set_log_level(coap_log_t level)
Sets the (D)TLS logging level to the specified level.
const char * coap_session_str(const coap_session_t *session)
Get session description.
#define coap_log_info(...)
#define coap_log_warn(...)
#define coap_log_err(...)
int coap_netif_available(coap_session_t *session)
Function interface to check whether netif for session is still available.
int cose_get_hmac_alg_for_hkdf(cose_hkdf_alg_t hkdf_alg, cose_hmac_alg_t *hmac_alg)
@ COSE_HMAC_ALG_HMAC384_384
@ COSE_HMAC_ALG_HMAC256_256
@ COSE_HMAC_ALG_HMAC512_512
@ COSE_ALGORITHM_SHA_256_256
@ COSE_ALGORITHM_AES_CCM_16_64_128
@ COSE_ALGORITHM_AES_CCM_16_64_256
coap_proto_t
CoAP protocol types Note: coap_layers_coap[] needs updating if extended.
int coap_session_refresh_psk_hint(coap_session_t *session, const coap_bin_const_t *psk_hint)
Refresh the session's current Identity Hint (PSK).
int coap_session_refresh_psk_key(coap_session_t *session, const coap_bin_const_t *psk_key)
Refresh the session's current pre-shared key (PSK).
void coap_session_connected(coap_session_t *session)
Notify session that it has just connected or reconnected.
int coap_session_refresh_psk_identity(coap_session_t *session, const coap_bin_const_t *psk_identity)
Refresh the session's current pre-shared identity (PSK).
void coap_session_disconnected_lkd(coap_session_t *session, coap_nack_reason_t reason)
Notify session that it has failed.
#define COAP_PROTO_NOT_RELIABLE(p)
@ COAP_SESSION_TYPE_CLIENT
client-side
@ COAP_SESSION_STATE_HANDSHAKE
@ COAP_SESSION_STATE_NONE
coap_binary_t * coap_new_binary(size_t size)
Returns a new binary object with at least size bytes storage allocated.
coap_bin_const_t * coap_new_bin_const(const uint8_t *data, size_t size)
Take the specified byte array (text) and create a coap_bin_const_t * Returns a new const binary objec...
void coap_delete_binary(coap_binary_t *s)
Deletes the given coap_binary_t object and releases any memory allocated.
int coap_dtls_cid_is_supported(void)
Check whether (D)TLS CID is available.
int coap_dtls_psk_is_supported(void)
Check whether (D)TLS PSK is available.
int coap_tls_is_supported(void)
Check whether TLS is available.
int coap_oscore_is_supported(void)
Check whether OSCORE is available.
int coap_dtls_is_supported(void)
Check whether DTLS is available.
int coap_dtls_pki_is_supported(void)
Check whether (D)TLS PKI is available.
int coap_dtls_rpk_is_supported(void)
Check whether (D)TLS RPK is available.
int coap_dtls_pkcs11_is_supported(void)
Check whether (D)TLS PKCS11 is available.
coap_address_t remote
remote address and port
CoAP binary data definition with const data.
size_t length
length of binary data
const uint8_t * s
read-only binary data
CoAP binary data definition.
The CoAP stack's global state is stored in a coap_context_t object.
The structure that holds the AES Crypto information.
size_t l
The number of bytes in the length field.
const uint8_t * nonce
must be exactly 15 - l bytes
coap_crypto_key_t key
The Key to use.
size_t tag_len
The size of the Tag.
The common structure that holds the Crypto information.
union coap_crypto_param_t::@272265134031075325070141043013053227266325315157 params
coap_crypto_aes_ccm_t aes
Used if AES type encryption.
cose_alg_t alg
The COSE algorith to use.
The structure used for defining the Client PSK setup data to be used.
uint8_t use_cid
Set to 1 if DTLS Connection ID is to be used.
char * client_sni
If not NULL, SNI to use in client TLS setup.
coap_dtls_ih_callback_t validate_ih_call_back
Identity Hint check callback function.
uint8_t ec_jpake
Set to COAP_DTLS_CPSK_SETUP_VERSION to support this version of the struct.
The structure that holds the PKI key information.
coap_pki_key_define_t define
for definable type keys
union coap_dtls_key_t::@001264106130320137001066062232232162011046201342 key
coap_pki_key_t key_type
key format type
The structure used for defining the PKI setup data to be used.
uint8_t allow_no_crl
1 ignore if CRL not there
void * cn_call_back_arg
Passed in to the CN callback function.
uint8_t allow_short_rsa_length
1 if small RSA keysizes are allowed
uint8_t allow_sni_cn_mismatch
1 if SNI and returnd CN allowed to mismatch (Client only).
uint8_t cert_chain_validation
1 if to check cert_chain_verify_depth
uint8_t allow_bad_md_hash
1 if unsupported MD hashes are allowed
uint8_t use_cid
1 if DTLS Connection ID is to be used (Client only, server always enabled) if supported
uint8_t check_cert_revocation
1 if revocation checks wanted
uint8_t cert_chain_verify_depth
recommended depth is 3
uint8_t allow_expired_certs
1 if expired certs are allowed
uint8_t verify_peer_cert
Set to COAP_DTLS_PKI_SETUP_VERSION to support this version of the struct.
char * client_sni
If not NULL, SNI to use in client TLS setup.
uint8_t allow_self_signed
1 if self-signed certs are allowed.
coap_dtls_cn_callback_t validate_cn_call_back
CN check callback function.
uint8_t allow_expired_crl
1 if expired crl is allowed
uint8_t is_rpk_not_cert
1 is RPK instead of Public Certificate.
uint8_t check_common_ca
1 if peer cert is to be signed by the same CA as the local cert
The structure that holds the Server Pre-Shared Key and Identity Hint information.
The structure used for defining the Server PSK setup data to be used.
coap_dtls_id_callback_t validate_id_call_back
Identity check callback function.
void * id_call_back_arg
Passed in to the Identity callback function.
uint8_t ec_jpake
Set to COAP_DTLS_SPSK_SETUP_VERSION to support this version of the struct.
coap_dtls_spsk_info_t psk_info
Server PSK definition.
coap_layer_write_t l_write
coap_layer_establish_t l_establish
coap_const_char_ptr_t public_cert
define: Public Cert
coap_const_char_ptr_t private_key
define: Private Key
coap_const_char_ptr_t ca
define: Common CA Certificate
size_t public_cert_len
define Public Cert length (if needed)
size_t ca_len
define CA Cert length (if needed)
coap_pki_define_t private_key_def
define: Private Key type definition
size_t private_key_len
define Private Key length (if needed)
coap_pki_define_t ca_def
define: Common CA type definition
coap_pki_define_t public_cert_def
define: Public Cert type definition
Abstraction of virtual session that can be attached to coap_context_t (client) or coap_endpoint_t (se...
unsigned int dtls_timeout_count
dtls setup retry counter
coap_socket_t sock
socket object for the session, if any
coap_session_state_t state
current state of relationship with peer
coap_addr_tuple_t addr_info
remote/local address info
coap_proto_t proto
protocol used
coap_dtls_cpsk_t cpsk_setup_data
client provided PSK initial setup data
size_t mtu
path or CSM mtu (xmt)
int dtls_event
Tracking any (D)TLS events on this session.
void * tls
security parameters
uint16_t max_retransmit
maximum re-transmit count (default 4)
coap_session_type_t type
client or server side socket
coap_context_t * context
session's context
coap_layer_func_t lfunc[COAP_LAYER_LAST]
Layer functions to use.
coap_socket_flags_t flags
1 or more of COAP_SOCKET* flag values
The structure used for returning the underlying (D)TLS library information.
uint64_t built_version
(D)TLS Built against Library Version
coap_tls_library_t type
Library type.
uint64_t version
(D)TLS runtime Library Version
const char * s_byte
signed char ptr
const uint8_t * u_byte
unsigned char ptr
1.15.0