37#if COAP_WITH_LIBMBEDTLS || COAP_WITH_LIBMBEDTLS_OSCORE
53#include <mbedtls/version.h>
56#if (MBEDTLS_VERSION_NUMBER < 0x03000000)
57#define MBEDTLS_2_X_COMPAT
60#ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS
61#define MBEDTLS_ALLOW_PRIVATE_ACCESS
65#include <mbedtls/platform.h>
66#include <mbedtls/net_sockets.h>
67#include <mbedtls/ssl.h>
68#include <mbedtls/version.h>
71#if MBEDTLS_VERSION_NUMBER >= 0x04000000
72#define COAP_USE_PSA_CRYPTO 1
74#define COAP_USE_PSA_CRYPTO 0
77#if COAP_USE_PSA_CRYPTO
78#include <psa/crypto.h>
80#include <mbedtls/entropy.h>
81#include <mbedtls/ctr_drbg.h>
82#include <mbedtls/sha256.h>
83#include <mbedtls/md.h>
84#include <mbedtls/cipher.h>
87#include <mbedtls/error.h>
88#include <mbedtls/timing.h>
89#include <mbedtls/ssl_cookie.h>
90#include <mbedtls/oid.h>
91#include <mbedtls/debug.h>
92#if defined(ESPIDF_VERSION) && defined(CONFIG_MBEDTLS_DEBUG)
93#include <mbedtls/esp_debug.h>
95#if !COAP_USE_PSA_CRYPTO && defined(MBEDTLS_PSA_CRYPTO_C)
96#include <psa/crypto.h>
102#if COAP_USE_PSA_CRYPTO
103typedef psa_hash_operation_t coap_crypto_sha256_ctx_t;
104typedef psa_algorithm_t coap_crypto_md_type_t;
106#define COAP_CRYPTO_MD_SHA1 PSA_ALG_SHA_1
107#define COAP_CRYPTO_MD_SHA256 PSA_ALG_SHA_256
108#define COAP_CRYPTO_MD_SHA384 PSA_ALG_SHA_384
109#define COAP_CRYPTO_MD_SHA512 PSA_ALG_SHA_512
110#define COAP_CRYPTO_MD_NONE PSA_ALG_NONE
113typedef mbedtls_sha256_context coap_crypto_sha256_ctx_t;
114typedef mbedtls_md_type_t coap_crypto_md_type_t;
116#define COAP_CRYPTO_MD_SHA1 MBEDTLS_MD_SHA1
117#define COAP_CRYPTO_MD_SHA256 MBEDTLS_MD_SHA256
118#define COAP_CRYPTO_MD_SHA384 MBEDTLS_MD_SHA384
119#define COAP_CRYPTO_MD_SHA512 MBEDTLS_MD_SHA512
120#define COAP_CRYPTO_MD_NONE MBEDTLS_MD_NONE
126 version.
version = mbedtls_version_get_number();
132#if COAP_WITH_LIBMBEDTLS_OSCORE
135#if COAP_USE_PSA_CRYPTO || defined(MBEDTLS_PSA_CRYPTO_C)
143#if COAP_USE_PSA_CRYPTO || defined(MBEDTLS_PSA_CRYPTO_C)
144 mbedtls_psa_crypto_free();
164#ifndef mbedtls_malloc
165#define mbedtls_malloc(a) malloc(a)
167#ifndef mbedtls_realloc
168#define mbedtls_realloc(a, b) realloc((a), (b))
171#define mbedtls_free(a) free(a)
174#if ! COAP_WITH_LIBMBEDTLS_OSCORE
176coap_mbedtls_strdup_alloc(
const char *s) {
184 copy = (
char *)mbedtls_malloc(len);
186 memcpy(copy, s, len);
192coap_mbedtls_strndup_alloc(
const char *s,
size_t n) {
200 copy = (
char *)mbedtls_malloc(len + 1);
202 memcpy(copy, s, len);
209#ifndef mbedtls_strdup
210#define mbedtls_strdup(a) coap_mbedtls_strdup_alloc(a)
212#ifndef mbedtls_strndup
213#define mbedtls_strndup(a, b) coap_mbedtls_strndup_alloc((a), (b))
216#ifndef MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
218#ifdef MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
219#define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
223#if ! COAP_SERVER_SUPPORT
224#undef MBEDTLS_SSL_SRV_C
226#if ! COAP_CLIENT_SUPPORT
227#undef MBEDTLS_SSL_CLI_C
231#define strcasecmp _stricmp
239#if COAP_SERVER_SUPPORT
243coap_crypto_sha256_init(coap_crypto_sha256_ctx_t *ctx) {
244#if COAP_USE_PSA_CRYPTO
245 *ctx = psa_hash_operation_init();
246 return (psa_hash_setup(ctx, PSA_ALG_SHA_256) == PSA_SUCCESS) ? 0 : -1;
248 mbedtls_sha256_init(ctx);
249#if (MBEDTLS_VERSION_NUMBER < 0x03000000)
250 return mbedtls_sha256_starts_ret(ctx, 0);
252 return mbedtls_sha256_starts(ctx, 0);
258coap_crypto_sha256_update(coap_crypto_sha256_ctx_t *ctx,
259 const uint8_t *data,
size_t len) {
260#if COAP_USE_PSA_CRYPTO
261 return (psa_hash_update(ctx, data, len) == PSA_SUCCESS) ? 0 : -1;
263#if (MBEDTLS_VERSION_NUMBER < 0x03000000)
264 return mbedtls_sha256_update_ret(ctx, data, len);
266 return mbedtls_sha256_update(ctx, data, len);
272coap_crypto_sha256_finish(coap_crypto_sha256_ctx_t *ctx, uint8_t *output) {
273#if COAP_USE_PSA_CRYPTO
275 return (psa_hash_finish(ctx, output, 32, &hash_len) == PSA_SUCCESS) ? 0 : -1;
277#if (MBEDTLS_VERSION_NUMBER < 0x03000000)
278 return mbedtls_sha256_finish_ret(ctx, output);
280 return mbedtls_sha256_finish(ctx, output);
286coap_crypto_sha256_free(coap_crypto_sha256_ctx_t *ctx) {
287#if COAP_USE_PSA_CRYPTO
290 mbedtls_sha256_free(ctx);
298coap_crypto_hash_size(coap_crypto_md_type_t md_type) {
299#if COAP_USE_PSA_CRYPTO
300 switch ((
int)md_type) {
303 case PSA_ALG_SHA_256:
305 case PSA_ALG_SHA_384:
307 case PSA_ALG_SHA_512:
313 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
314 return md_info ? mbedtls_md_get_size(md_info) : 0;
319coap_crypto_hash_compute(coap_crypto_md_type_t md_type,
320 const uint8_t *input,
size_t ilen,
321 uint8_t *output,
size_t output_size,
322 size_t *output_len) {
323#if COAP_USE_PSA_CRYPTO
325 psa_status_t status = psa_hash_compute(md_type, input, ilen,
326 output, output_size, &actual_len);
328 *output_len = actual_len;
329 return (status == PSA_SUCCESS) ? 0 : -1;
331 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
334 size_t hash_len = mbedtls_md_get_size(md_info);
335 if (hash_len > output_size)
338 *output_len = hash_len;
339 return mbedtls_md(md_info, input, ilen, output);
347#if COAP_WITH_LIBMBEDTLS
349#define IS_PSK (1 << 0)
350#define IS_PKI (1 << 1)
351#define IS_CLIENT (1 << 6)
352#define IS_SERVER (1 << 7)
354typedef struct coap_ssl_t {
365typedef struct coap_mbedtls_env_t {
366 mbedtls_ssl_context ssl;
367#if !COAP_USE_PSA_CRYPTO
368 mbedtls_entropy_context entropy;
369 mbedtls_ctr_drbg_context ctr_drbg;
371 mbedtls_ssl_config conf;
372 mbedtls_timing_delay_context timer;
373 mbedtls_x509_crt cacert;
374 mbedtls_x509_crt public_cert;
375 mbedtls_pk_context private_key;
376 mbedtls_ssl_cookie_ctx cookie_ctx;
380 int seen_client_hello;
383 unsigned int retry_scalar;
384 coap_ssl_t coap_ssl_data;
385 uint32_t server_hello_cnt;
388typedef struct pki_sni_entry {
391 mbedtls_x509_crt cacert;
392 mbedtls_x509_crt public_cert;
393 mbedtls_pk_context private_key;
396typedef struct psk_sni_entry {
401typedef struct coap_mbedtls_context_t {
403 size_t pki_sni_count;
404 pki_sni_entry *pki_sni_entry_list;
405 size_t psk_sni_count;
406 psk_sni_entry *psk_sni_entry_list;
409 int trust_store_defined;
411} coap_mbedtls_context_t;
413typedef enum coap_enc_method_t {
425} zephyr_timing_delay_context;
428zephyr_timing_set_delay(
void *data, uint32_t int_ms, uint32_t fin_ms) {
429 zephyr_timing_delay_context *ctx = (zephyr_timing_delay_context *)data;
435 ctx->start_time = k_uptime_get_32();
438 ctx->int_time = ctx->start_time + int_ms;
439 ctx->fin_time = ctx->start_time + fin_ms;
447zephyr_timing_get_delay(
void *data) {
448 zephyr_timing_delay_context *ctx = (zephyr_timing_delay_context *)data;
451 if (ctx ==
NULL || ctx->fin_time == 0) {
455 now = k_uptime_get_32();
457 if (now >= ctx->fin_time) {
461 if (now >= ctx->int_time) {
470#if !COAP_USE_PSA_CRYPTO
471#ifndef MBEDTLS_2_X_COMPAT
476coap_rng(
void *ctx
COAP_UNUSED,
unsigned char *buf,
size_t len) {
477 return coap_prng_lkd(buf, len) ? 0 : MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
483coap_dgram_read(
void *ctx,
unsigned char *out,
size_t outl) {
488 if (!c_session->
tls) {
490 return MBEDTLS_ERR_SSL_WANT_READ;
492 data = &((coap_mbedtls_env_t *)c_session->
tls)->coap_ssl_data;
495 if (data->pdu_len > 0) {
496 if (outl < data->pdu_len) {
497 memcpy(out, data->pdu, outl);
500 data->pdu_len -= outl;
502 memcpy(out, data->pdu, data->pdu_len);
504 if (!data->peekmode) {
510 ret = MBEDTLS_ERR_SSL_WANT_READ;
524coap_dgram_write(
void *ctx,
const unsigned char *send_buffer,
525 size_t send_buffer_length) {
530 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
534 && c_session->endpoint ==
NULL
542 send_buffer, send_buffer_length);
543 if (result != (ssize_t)send_buffer_length) {
544 int keep_errno = errno;
547 result, send_buffer_length);
550 if (errno == ENOTCONN || errno == ECONNREFUSED)
559 m_env->last_timeout = now;
567#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) && defined(MBEDTLS_SSL_SRV_C)
572psk_server_callback(
void *p_info, mbedtls_ssl_context *ssl,
573 const unsigned char *identity,
size_t identity_len) {
576 coap_mbedtls_env_t *m_env;
580 if (c_session ==
NULL)
584 lidentity.
s = identity ? (
const uint8_t *)identity : (const uint8_t *)
"";
585 lidentity.
length = identity ? identity_len : 0;
589 (
int)lidentity.
length, (
const char *)lidentity.
s);
591 m_env = (coap_mbedtls_env_t *)c_session->
tls;
592 setup_data = &c_session->
context->spsk_setup_data;
606 mbedtls_ssl_set_hs_psk(ssl, psk_key->
s, psk_key->
length);
607 m_env->seen_client_hello = 1;
613get_san_or_cn_from_cert(
coap_session_t *session, mbedtls_x509_crt *crt,
const char *sni_match) {
615 const mbedtls_asn1_named_data *cn_data;
618 if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
619 mbedtls_asn1_sequence *seq = &crt->subject_alt_names;
621 while (seq->buf.p ==
NULL) {
626 if (strlen(sni_match) != seq->buf.len ||
627 memcmp(seq->buf.p, sni_match, seq->buf.len)) {
633 return mbedtls_strndup((
const char *)seq->buf.p,
639 cn_data = mbedtls_asn1_find_named_data(&crt->subject,
641 MBEDTLS_OID_SIZE(MBEDTLS_OID_AT_CN));
647 (
int)cn_data->val.len, cn_data->val.p);
652 return mbedtls_strndup((
const char *)cn_data->val.p,
659 if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
660 mbedtls_asn1_sequence *seq = &crt->subject_alt_names;
664 while (seq->buf.p ==
NULL) {
670 (
int)seq->buf.len, seq->buf.p);
681#if COAP_MAX_LOGGING_LEVEL > 0
683get_error_string(
int ret) {
684 static char buf[128] = {0};
685 mbedtls_strerror(ret, buf,
sizeof(buf)-1);
691self_signed_cert_verify_callback_mbedtls(
void *data,
696 const coap_mbedtls_context_t *m_context =
700 if (*flags & MBEDTLS_X509_BADCERT_EXPIRED) {
702 *flags &= ~MBEDTLS_X509_BADCERT_EXPIRED;
713cert_verify_callback_mbedtls(
void *data, mbedtls_x509_crt *crt,
714 int depth, uint32_t *flags) {
716 coap_mbedtls_context_t *m_context =
724 cn = get_san_or_cn_from_cert(c_session, crt, setup_data->
client_sni);
728 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
732 cn = get_san_or_cn_from_cert(c_session, crt,
NULL);
748 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
753 *flags |= MBEDTLS_X509_BADCERT_OTHER;
756 "The certificate's verify depth is too long",
757 cn ? cn :
"?", depth);
765 if (*flags & MBEDTLS_X509_BADCERT_EXPIRED) {
767 *flags &= ~MBEDTLS_X509_BADCERT_EXPIRED;
770 "The certificate has expired", cn ? cn :
"?", depth);
773 if (*flags & MBEDTLS_X509_BADCERT_FUTURE) {
775 *flags &= ~MBEDTLS_X509_BADCERT_FUTURE;
778 "The certificate has a future date", cn ? cn :
"?", depth);
781 if (*flags & MBEDTLS_X509_BADCERT_BAD_MD) {
783 *flags &= ~MBEDTLS_X509_BADCERT_BAD_MD;
786 "The certificate has a bad MD hash", cn ? cn :
"?", depth);
789 if (*flags & MBEDTLS_X509_BADCERT_BAD_KEY) {
791 *flags &= ~MBEDTLS_X509_BADCERT_BAD_KEY;
794 "The certificate has a short RSA length", cn ? cn :
"?", depth);
797 if (*flags & MBEDTLS_X509_BADCERT_CN_MISMATCH) {
799 *flags &= ~MBEDTLS_X509_BADCERT_CN_MISMATCH;
802 "The SNI does not match the returned CN",
804 cn ? cn :
"?", depth);
807 if (*flags & MBEDTLS_X509_BADCERT_NOT_TRUSTED) {
809 int self_signed = !mbedtls_x509_crt_verify(crt, crt,
NULL,
NULL, &lflags,
810 self_signed_cert_verify_callback_mbedtls,
812 if (self_signed && depth == 0) {
815 *flags &= ~MBEDTLS_X509_BADCERT_NOT_TRUSTED;
819 cn ? cn :
"?", depth);
821 }
else if (self_signed) {
823 *flags &= ~MBEDTLS_X509_BADCERT_NOT_TRUSTED;
826 "Self-signed", cn ? cn :
"?", depth);
830 *flags &= ~MBEDTLS_X509_BADCERT_NOT_TRUSTED;
833 "The certificate's CA is not trusted", cn ? cn :
"?", depth);
837 if (*flags & MBEDTLS_X509_BADCRL_EXPIRED) {
839 *flags &= ~MBEDTLS_X509_BADCRL_EXPIRED;
842 "The certificate's CRL has expired", cn ? cn :
"?", depth);
844 *flags &= ~MBEDTLS_X509_BADCRL_EXPIRED;
847 if (*flags & MBEDTLS_X509_BADCRL_FUTURE) {
849 *flags &= ~MBEDTLS_X509_BADCRL_FUTURE;
852 "The certificate's CRL has a future date", cn ? cn :
"?", depth);
854 *flags &= ~MBEDTLS_X509_BADCRL_FUTURE;
861 int ret = mbedtls_x509_crt_verify_info(buf,
sizeof(buf),
"", *flags);
864 tcp = strchr(buf,
'\n');
869 buf, *flags, cn ? cn :
"?", depth);
870 tcp = strchr(tcp+1,
'\n');
873 coap_log_err(
"mbedtls_x509_crt_verify_info returned -0x%x: '%s'\n",
874 -ret, get_error_string(ret));
885setup_pki_credentials(mbedtls_x509_crt *cacert,
886 mbedtls_x509_crt *public_cert,
887 mbedtls_pk_context *private_key,
888 coap_mbedtls_env_t *m_env,
889 coap_mbedtls_context_t *m_context,
895 int done_private_key = 0;
896 int done_public_cert = 0;
914#if defined(MBEDTLS_FS_IO)
915 mbedtls_pk_init(private_key);
916#if COAP_USE_PSA_CRYPTO
917 ret = mbedtls_pk_parse_keyfile(private_key,
919#elif defined(MBEDTLS_2_X_COMPAT)
920 ret = mbedtls_pk_parse_keyfile(private_key,
923 ret = mbedtls_pk_parse_keyfile(private_key,
925 NULL, coap_rng, (
void *)&m_env->ctr_drbg);
932 done_private_key = 1;
940 mbedtls_pk_init(private_key);
944 buffer = mbedtls_malloc(length + 1);
950 buffer[length] =
'\000';
952#if COAP_USE_PSA_CRYPTO
953 ret = mbedtls_pk_parse_key(private_key, buffer, length,
NULL, 0);
954#elif defined(MBEDTLS_2_X_COMPAT)
955 ret = mbedtls_pk_parse_key(private_key, buffer, length,
NULL, 0);
957 ret = mbedtls_pk_parse_key(private_key, buffer, length,
958 NULL, 0, coap_rng, (
void *)&m_env->ctr_drbg);
960 mbedtls_free(buffer);
962#if COAP_USE_PSA_CRYPTO
963 ret = mbedtls_pk_parse_key(private_key,
966#elif defined(MBEDTLS_2_X_COMPAT)
967 ret = mbedtls_pk_parse_key(private_key,
971 ret = mbedtls_pk_parse_key(private_key,
974 NULL, 0, coap_rng, (
void *)&m_env->ctr_drbg);
982 done_private_key = 1;
985 mbedtls_pk_init(private_key);
986#if COAP_USE_PSA_CRYPTO
987 ret = mbedtls_pk_parse_key(private_key,
990#elif defined(MBEDTLS_2_X_COMPAT)
991 ret = mbedtls_pk_parse_key(private_key,
995 ret = mbedtls_pk_parse_key(private_key,
998 (
void *)&m_env->ctr_drbg);
1005 done_private_key = 1;
1033#if defined(MBEDTLS_FS_IO)
1034 mbedtls_x509_crt_init(public_cert);
1035 ret = mbedtls_x509_crt_parse_file(public_cert,
1042 done_public_cert = 1;
1050 mbedtls_x509_crt_init(public_cert);
1055 buffer = mbedtls_malloc(length + 1);
1061 buffer[length] =
'\000';
1063 ret = mbedtls_x509_crt_parse(public_cert, buffer, length);
1064 mbedtls_free(buffer);
1066 ret = mbedtls_x509_crt_parse(public_cert,
1075 done_public_cert = 1;
1082 mbedtls_x509_crt_init(public_cert);
1083 ret = mbedtls_x509_crt_parse(public_cert,
1091 done_public_cert = 1;
1109 if (done_private_key && done_public_cert) {
1110 ret = mbedtls_ssl_conf_own_cert(&m_env->conf, public_cert, private_key);
1112 coap_log_err(
"mbedtls_ssl_conf_own_cert returned -0x%x: '%s'\n",
1113 -ret, get_error_string(ret));
1128#if defined(MBEDTLS_FS_IO)
1129 mbedtls_x509_crt_init(cacert);
1130 ret = mbedtls_x509_crt_parse_file(cacert,
1137 mbedtls_ssl_conf_ca_chain(&m_env->conf, cacert,
NULL);
1145 mbedtls_x509_crt_init(cacert);
1149 buffer = mbedtls_malloc(length + 1);
1155 buffer[length] =
'\000';
1157 ret = mbedtls_x509_crt_parse(cacert, buffer, length);
1158 mbedtls_free(buffer);
1160 ret = mbedtls_x509_crt_parse(cacert,
1169 mbedtls_ssl_conf_ca_chain(&m_env->conf, cacert,
NULL);
1176 mbedtls_x509_crt_init(cacert);
1177 ret = mbedtls_x509_crt_parse(cacert,
1185 mbedtls_ssl_conf_ca_chain(&m_env->conf, cacert,
NULL);
1199#if defined(MBEDTLS_FS_IO)
1200 if (m_context->root_ca_file) {
1201 ret = mbedtls_x509_crt_parse_file(cacert, m_context->root_ca_file);
1208 mbedtls_ssl_conf_ca_chain(&m_env->conf, cacert,
NULL);
1210 if (m_context->root_ca_path) {
1211 ret = mbedtls_x509_crt_parse_path(cacert, m_context->root_ca_path);
1218 mbedtls_ssl_conf_ca_chain(&m_env->conf, cacert,
NULL);
1220#if MBEDTLS_VERSION_NUMBER >= 0x04000000
1221 if (m_context->trust_store_defined)
1223 if (m_context->trust_store_defined ||
1228 const char *trust_list[] = {
1229 "/etc/ssl/ca-bundle.pem",
1230 "/etc/ssl/certs/ca-certificates.crt",
1231 "/etc/pki/tls/cert.pem",
1232 "/usr/local/share/certs/ca-root-nss.crt",
1235 static const char *trust_file_found =
NULL;
1236 static int trust_file_done = 0;
1239 if (trust_file_found) {
1240 ret = mbedtls_x509_crt_parse_file(cacert, trust_file_found);
1242 mbedtls_ssl_conf_ca_chain(&m_env->conf, cacert,
NULL);
1247 }
else if (!trust_file_done) {
1248 trust_file_done = 1;
1249 for (i = 0; i <
sizeof(trust_list)/
sizeof(trust_list[0]); i++) {
1250 ret = mbedtls_x509_crt_parse_file(cacert, trust_list[i]);
1252 mbedtls_ssl_conf_ca_chain(&m_env->conf, cacert,
NULL);
1253 trust_file_found = trust_list[i];
1257 if (i ==
sizeof(trust_list)/
sizeof(trust_list[0])) {
1263 if (m_context->root_ca_file || m_context->root_ca_path ||
1264 m_context->trust_store_defined) {
1272#if defined(MBEDTLS_SSL_SRV_C)
1273 mbedtls_ssl_conf_cert_req_ca_list(&m_env->conf,
1275 MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED :
1276 MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED);
1279 MBEDTLS_SSL_VERIFY_REQUIRED :
1280 MBEDTLS_SSL_VERIFY_NONE);
1285 mbedtls_ssl_conf_verify(&m_env->conf,
1286 cert_verify_callback_mbedtls, c_session);
1291#if defined(MBEDTLS_SSL_SRV_C)
1296pki_sni_callback(
void *p_info, mbedtls_ssl_context *ssl,
1297 const unsigned char *uname,
size_t name_len) {
1301 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
1302 coap_mbedtls_context_t *m_context =
1306 name = mbedtls_malloc(name_len+1);
1310 memcpy(name, uname, name_len);
1311 name[name_len] =
'\000';
1314 for (i = 0; i < m_context->pki_sni_count; i++) {
1315 if (strcasecmp(name, m_context->pki_sni_entry_list[i].sni) == 0) {
1319 if (i == m_context->pki_sni_count) {
1324 pki_sni_entry *pki_sni_entry_list;
1327 m_context->setup_data.validate_sni_call_back(name,
1328 m_context->setup_data.sni_call_back_arg));
1334 pki_sni_entry_list = mbedtls_realloc(m_context->pki_sni_entry_list,
1335 (i+1)*
sizeof(pki_sni_entry));
1337 if (pki_sni_entry_list ==
NULL) {
1341 m_context->pki_sni_entry_list = pki_sni_entry_list;
1342 memset(&m_context->pki_sni_entry_list[i], 0,
1343 sizeof(m_context->pki_sni_entry_list[i]));
1344 m_context->pki_sni_entry_list[i].sni = name;
1345 m_context->pki_sni_entry_list[i].pki_key = *new_entry;
1346 sni_setup_data = m_context->setup_data;
1347 sni_setup_data.pki_key = *new_entry;
1348 if (setup_pki_credentials(&m_context->pki_sni_entry_list[i].cacert,
1349 &m_context->pki_sni_entry_list[i].public_cert,
1350 &m_context->pki_sni_entry_list[i].private_key,
1359 m_context->pki_sni_count++;
1364 mbedtls_ssl_set_hs_ca_chain(ssl, &m_context->pki_sni_entry_list[i].cacert,
1366 return mbedtls_ssl_set_hs_own_cert(ssl,
1367 &m_context->pki_sni_entry_list[i].public_cert,
1368 &m_context->pki_sni_entry_list[i].private_key);
1371#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1376psk_sni_callback(
void *p_info, mbedtls_ssl_context *ssl,
1377 const unsigned char *uname,
size_t name_len) {
1380 coap_mbedtls_context_t *m_context =
1384 name = mbedtls_malloc(name_len+1);
1388 memcpy(name, uname, name_len);
1389 name[name_len] =
'\000';
1392 for (i = 0; i < m_context->psk_sni_count; i++) {
1393 if (strcasecmp(name, m_context->psk_sni_entry_list[i].sni) == 0) {
1397 if (i == m_context->psk_sni_count) {
1402 psk_sni_entry *psk_sni_entry_list;
1405 c_session->
context->spsk_setup_data.validate_sni_call_back(name,
1407 c_session->
context->spsk_setup_data.sni_call_back_arg));
1413 psk_sni_entry_list = mbedtls_realloc(m_context->psk_sni_entry_list,
1414 (i+1)*
sizeof(psk_sni_entry));
1416 if (psk_sni_entry_list ==
NULL) {
1420 m_context->psk_sni_entry_list = psk_sni_entry_list;
1421 m_context->psk_sni_entry_list[i].sni = name;
1422 m_context->psk_sni_entry_list[i].psk_info = *new_entry;
1424 m_context->psk_sni_count++;
1430 &m_context->psk_sni_entry_list[i].psk_info.hint);
1432 &m_context->psk_sni_entry_list[i].psk_info.key);
1433#if MBEDTLS_VERSION_NUMBER >= 0x04000000
1437 return mbedtls_ssl_set_hs_psk(ssl,
1438 m_context->psk_sni_entry_list[i].psk_info.key.s,
1439 m_context->psk_sni_entry_list[i].psk_info.key.length);
1446 coap_mbedtls_env_t *m_env) {
1447 coap_mbedtls_context_t *m_context =
1450 m_context->psk_pki_enabled |= IS_SERVER;
1452 mbedtls_ssl_cookie_init(&m_env->cookie_ctx);
1453 if ((ret = mbedtls_ssl_config_defaults(&m_env->conf,
1454 MBEDTLS_SSL_IS_SERVER,
1456 MBEDTLS_SSL_TRANSPORT_DATAGRAM :
1457 MBEDTLS_SSL_TRANSPORT_STREAM,
1458 MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
1459 coap_log_err(
"mbedtls_ssl_config_defaults returned -0x%x: '%s'\n",
1460 -ret, get_error_string(ret));
1464#if !COAP_USE_PSA_CRYPTO
1465 mbedtls_ssl_conf_rng(&m_env->conf, mbedtls_ctr_drbg_random, &m_env->ctr_drbg);
1468#if defined(MBEDTLS_SSL_PROTO_DTLS)
1473 if (m_context->psk_pki_enabled & IS_PSK) {
1474#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1475 mbedtls_ssl_conf_psk_cb(&m_env->conf, psk_server_callback, c_session);
1476 if (c_session->
context->spsk_setup_data.validate_sni_call_back) {
1477 mbedtls_ssl_conf_sni(&m_env->conf, psk_sni_callback, c_session);
1479#ifdef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
1480 m_env->ec_jpake = c_session->
context->spsk_setup_data.ec_jpake;
1487 if (m_context->psk_pki_enabled & IS_PKI) {
1488 ret = setup_pki_credentials(&m_env->cacert, &m_env->public_cert,
1489 &m_env->private_key, m_env, m_context,
1490 c_session, &m_context->setup_data,
1496 if (m_context->setup_data.validate_sni_call_back) {
1497 mbedtls_ssl_conf_sni(&m_env->conf, pki_sni_callback, c_session);
1501#if COAP_USE_PSA_CRYPTO
1502 if ((ret = mbedtls_ssl_cookie_setup(&m_env->cookie_ctx)) != 0) {
1504 if ((ret = mbedtls_ssl_cookie_setup(&m_env->cookie_ctx,
1505 mbedtls_ctr_drbg_random,
1506 &m_env->ctr_drbg)) != 0) {
1508 coap_log_err(
"mbedtls_ssl_cookie_setup: returned -0x%x: '%s'\n",
1509 -ret, get_error_string(ret));
1513#if defined(MBEDTLS_SSL_PROTO_DTLS)
1514 mbedtls_ssl_conf_dtls_cookies(&m_env->conf, mbedtls_ssl_cookie_write,
1515 mbedtls_ssl_cookie_check,
1516 &m_env->cookie_ctx);
1517#if MBEDTLS_VERSION_NUMBER >= 0x02100100
1518 mbedtls_ssl_set_mtu(&m_env->ssl, (uint16_t)c_session->
mtu);
1521#ifdef MBEDTLS_SSL_DTLS_CONNECTION_ID
1536#if COAP_CLIENT_SUPPORT
1537static int *psk_ciphers =
NULL;
1538static int *pki_ciphers =
NULL;
1539static int *ecjpake_ciphers =
NULL;
1540static int processed_ciphers = 0;
1542#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1544coap_ssl_ciphersuite_uses_psk(
const mbedtls_ssl_ciphersuite_t *info) {
1545#if COAP_USE_PSA_CRYPTO
1546 switch (info->key_exchange) {
1547 case MBEDTLS_KEY_EXCHANGE_PSK:
1548 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
1550 case MBEDTLS_KEY_EXCHANGE_NONE:
1551 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1552 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1553 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
1557#elif MBEDTLS_VERSION_NUMBER >= 0x03060000
1558 switch (info->key_exchange) {
1559 case MBEDTLS_KEY_EXCHANGE_PSK:
1560 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1561 case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
1562 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
1564 case MBEDTLS_KEY_EXCHANGE_NONE:
1565 case MBEDTLS_KEY_EXCHANGE_RSA:
1566 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1567 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1568 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1569 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1570 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1571 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
1576 return mbedtls_ssl_ciphersuite_uses_psk(info);
1582set_ciphersuites(mbedtls_ssl_config *conf, coap_enc_method_t method) {
1583 if (!processed_ciphers) {
1584 const int *list = mbedtls_ssl_list_ciphersuites();
1585 const int *base = list;
1588#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1590 int ecjpake_count = 1;
1596 const mbedtls_ssl_ciphersuite_t *cur =
1597 mbedtls_ssl_ciphersuite_from_id(*list);
1600#if MBEDTLS_VERSION_NUMBER >= 0x03020000
1601 if (cur->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2) {
1605 if (cur->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_3) {
1609#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1610 else if (cur->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
1614#if MBEDTLS_VERSION_NUMBER >= 0x03060000
1615 else if (cur->min_tls_version >= MBEDTLS_SSL_VERSION_TLS1_3) {
1620#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1621 else if (coap_ssl_ciphersuite_uses_psk(cur)) {
1633 psk_ciphers = mbedtls_malloc(psk_count *
sizeof(psk_ciphers[0]));
1634 if (psk_ciphers ==
NULL) {
1635 coap_log_err(
"set_ciphers: mbedtls_malloc with count %d failed\n", psk_count);
1638 pki_ciphers = mbedtls_malloc(pki_count *
sizeof(pki_ciphers[0]));
1639 if (pki_ciphers ==
NULL) {
1640 coap_log_err(
"set_ciphers: mbedtls_malloc with count %d failed\n", pki_count);
1641 mbedtls_free(psk_ciphers);
1645#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1646 ecjpake_ciphers = mbedtls_malloc(ecjpake_count *
sizeof(ecjpake_ciphers[0]));
1647 if (ecjpake_ciphers ==
NULL) {
1648 coap_log_err(
"set_ciphers: mbedtls_malloc with count %d failed\n", pki_count);
1649 mbedtls_free(psk_ciphers);
1650 mbedtls_free(pki_ciphers);
1657 psk_list = psk_ciphers;
1658 pki_list = pki_ciphers;
1659#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1660 ecjpake_list = ecjpake_ciphers;
1664 const mbedtls_ssl_ciphersuite_t *cur =
1665 mbedtls_ssl_ciphersuite_from_id(*list);
1667#if MBEDTLS_VERSION_NUMBER >= 0x03020000
1668 if (cur->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2) {
1672 if (cur->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_3) {
1676#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1677 else if (cur->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
1678 *ecjpake_list = *list;
1682#if MBEDTLS_VERSION_NUMBER >= 0x03060000
1683 else if (cur->min_tls_version >= MBEDTLS_SSL_VERSION_TLS1_3) {
1690#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1691 else if (coap_ssl_ciphersuite_uses_psk(cur)) {
1706 processed_ciphers = 1;
1710 mbedtls_ssl_conf_ciphersuites(conf, psk_ciphers);
1713 mbedtls_ssl_conf_ciphersuites(conf, pki_ciphers);
1715 case COAP_ENC_ECJPAKE:
1716 mbedtls_ssl_conf_ciphersuites(conf, ecjpake_ciphers);
1726 coap_mbedtls_env_t *m_env) {
1729 coap_mbedtls_context_t *m_context =
1732 m_context->psk_pki_enabled |= IS_CLIENT;
1734 if ((ret = mbedtls_ssl_config_defaults(&m_env->conf,
1735 MBEDTLS_SSL_IS_CLIENT,
1737 MBEDTLS_SSL_TRANSPORT_DATAGRAM :
1738 MBEDTLS_SSL_TRANSPORT_STREAM,
1739 MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
1740 coap_log_err(
"mbedtls_ssl_config_defaults returned -0x%x: '%s'\n",
1741 -ret, get_error_string(ret));
1745#if defined(MBEDTLS_SSL_PROTO_DTLS)
1750 mbedtls_ssl_conf_authmode(&m_env->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
1751#if !COAP_USE_PSA_CRYPTO
1752 mbedtls_ssl_conf_rng(&m_env->conf, mbedtls_ctr_drbg_random, &m_env->ctr_drbg);
1755 if (m_context->psk_pki_enabled & IS_PSK) {
1756#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1764 if (psk_key ==
NULL || psk_identity ==
NULL) {
1765 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
1769 if ((ret = mbedtls_ssl_conf_psk(&m_env->conf, psk_key->
s,
1770 psk_key->
length, psk_identity->
s,
1771 psk_identity->
length)) != 0) {
1772 coap_log_err(
"mbedtls_ssl_conf_psk returned -0x%x: '%s'\n",
1773 -ret, get_error_string(ret));
1777 if ((ret = mbedtls_ssl_set_hostname(&m_env->ssl,
1779 coap_log_err(
"mbedtls_ssl_set_hostname returned -0x%x: '%s'\n",
1780 -ret, get_error_string(ret));
1786#ifdef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
1788 m_env->ec_jpake = 1;
1789 set_ciphersuites(&m_env->conf, COAP_ENC_ECJPAKE);
1790#if MBEDTLS_VERSION_NUMBER >= 0x03020000
1791 mbedtls_ssl_conf_max_tls_version(&m_env->conf, MBEDTLS_SSL_VERSION_TLS1_2);
1794 set_ciphersuites(&m_env->conf, COAP_ENC_PSK);
1797 set_ciphersuites(&m_env->conf, COAP_ENC_PSK);
1802 }
else if ((m_context->psk_pki_enabled & IS_PKI) ||
1803 (m_context->psk_pki_enabled & (IS_PSK | IS_PKI)) == 0) {
1810 if (!(m_context->psk_pki_enabled & IS_PKI)) {
1824 mbedtls_ssl_conf_authmode(&m_env->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
1825 ret = setup_pki_credentials(&m_env->cacert, &m_env->public_cert,
1826 &m_env->private_key, m_env, m_context,
1827 c_session, setup_data,
1833#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_ALPN)
1836 static const char *alpn_list[] = {
"coap",
NULL };
1838 ret = mbedtls_ssl_conf_alpn_protocols(&m_env->conf, alpn_list);
1844 mbedtls_ssl_set_hostname(&m_env->ssl, m_context->setup_data.client_sni);
1845#if defined(MBEDTLS_SSL_PROTO_DTLS)
1846#if MBEDTLS_VERSION_NUMBER >= 0x02100100
1847 mbedtls_ssl_set_mtu(&m_env->ssl, (uint16_t)c_session->
mtu);
1850 set_ciphersuites(&m_env->conf, COAP_ENC_PKI);
1860mbedtls_cleanup(coap_mbedtls_env_t *m_env) {
1865 mbedtls_x509_crt_free(&m_env->cacert);
1866 mbedtls_x509_crt_free(&m_env->public_cert);
1867 mbedtls_pk_free(&m_env->private_key);
1868#if !COAP_USE_PSA_CRYPTO
1869 mbedtls_entropy_free(&m_env->entropy);
1870 mbedtls_ctr_drbg_free(&m_env->ctr_drbg);
1872 mbedtls_ssl_config_free(&m_env->conf);
1873 mbedtls_ssl_free(&m_env->ssl);
1874 mbedtls_ssl_cookie_free(&m_env->cookie_ctx);
1878coap_dtls_free_mbedtls_env(coap_mbedtls_env_t *m_env) {
1880 if (!m_env->sent_alert)
1881 mbedtls_ssl_close_notify(&m_env->ssl);
1882 mbedtls_cleanup(m_env);
1883 mbedtls_free(m_env);
1887#if COAP_MAX_LOGGING_LEVEL > 0
1889report_mbedtls_alert(
unsigned char alert) {
1891 case MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC:
1892 return ": Bad Record MAC";
1893 case MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE:
1894 return ": Handshake failure";
1895 case MBEDTLS_SSL_ALERT_MSG_NO_CERT:
1896 return ": No Certificate provided";
1897 case MBEDTLS_SSL_ALERT_MSG_BAD_CERT:
1898 return ": Certificate is bad";
1899 case MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN:
1900 return ": Certificate is unknown";
1901 case MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA:
1902 return ": CA is unknown";
1903 case MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED:
1904 return ": Access was denied";
1905 case MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR:
1906 return ": Decrypt error";
1920 coap_mbedtls_env_t *m_env) {
1924 ret = mbedtls_ssl_handshake(&m_env->ssl);
1927 m_env->established = 1;
1931#ifdef MBEDTLS_SSL_DTLS_CONNECTION_ID
1932#if COAP_CLIENT_SUPPORT
1935 coap_mbedtls_context_t *m_context;
1939 m_context->setup_data.use_cid) {
1940 unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];
1942 size_t peer_cid_len;
1945 if (mbedtls_ssl_get_peer_cid(&m_env->ssl, &enabled, peer_cid, &peer_cid_len) == 0 &&
1946 enabled == MBEDTLS_SSL_CID_ENABLED) {
1947 c_session->negotiated_cid = 1;
1950 c_session->negotiated_cid = 0;
1959 case MBEDTLS_ERR_SSL_WANT_READ:
1960 case MBEDTLS_ERR_SSL_WANT_WRITE:
1961 if (m_env->ssl.state == MBEDTLS_SSL_SERVER_HELLO
1962#
if MBEDTLS_VERSION_NUMBER >= 0x03030000
1963 || m_env->ssl.state == MBEDTLS_SSL_NEW_SESSION_TICKET
1966 if (++m_env->server_hello_cnt > 10) {
1974 case MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED:
1977 case MBEDTLS_ERR_SSL_INVALID_MAC:
1979#ifdef MBEDTLS_2_X_COMPAT
1980 case MBEDTLS_ERR_SSL_UNKNOWN_CIPHER:
1982 case MBEDTLS_ERR_SSL_DECODE_ERROR:
1985 case MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE:
1986 alert = MBEDTLS_SSL_ALERT_MSG_NO_CERT;
1988#ifdef MBEDTLS_2_X_COMPAT
1989 case MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO:
1990 case MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO:
1991 alert = MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE;
1994 case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
1996 case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
1997 if (m_env->ssl.in_msg[1] != MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY)
2000 report_mbedtls_alert(m_env->ssl.in_msg[1]));
2002 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
2003 case MBEDTLS_ERR_SSL_CONN_EOF:
2004 case MBEDTLS_ERR_NET_CONN_RESET:
2010 "returned -0x%x: '%s'\n",
2011 -ret, get_error_string(ret));
2018 mbedtls_ssl_send_alert_message(&m_env->ssl,
2019 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2021 m_env->sent_alert = 1;
2026 get_error_string(ret));
2028 mbedtls_ssl_session_reset(&m_env->ssl);
2029#ifdef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
2030 if (m_env->ec_jpake) {
2033#if COAP_CLIENT_SUPPORT && COAP_SERVER_SUPPORT
2039#elif COAP_CLIENT_SUPPORT
2045 mbedtls_ssl_set_hs_ecjpake_password(&m_env->ssl, psk_key->
s, psk_key->
length);
2053mbedtls_debug_out(
void *ctx
COAP_UNUSED,
int level,
2086#if !COAP_DISABLE_TCP
2094coap_sock_read(
void *ctx,
unsigned char *out,
size_t outl) {
2095 int ret = MBEDTLS_ERR_SSL_CONN_EOF;
2102 if (errno == ECONNRESET) {
2104 ret = MBEDTLS_ERR_SSL_CONN_EOF;
2106 ret = MBEDTLS_ERR_NET_RECV_FAILED;
2108 }
else if (ret == 0) {
2110 ret = MBEDTLS_ERR_SSL_WANT_READ;
2123coap_sock_write(
void *context,
const unsigned char *in,
size_t inl) {
2128 (
const uint8_t *)in,
2134 (errno == EPIPE || errno == ECONNRESET)) {
2149 int lasterror = WSAGetLastError();
2151 if (lasterror == WSAEWOULDBLOCK) {
2152 ret = MBEDTLS_ERR_SSL_WANT_WRITE;
2153 }
else if (lasterror == WSAECONNRESET) {
2154 ret = MBEDTLS_ERR_NET_CONN_RESET;
2157 if (errno == EAGAIN || errno == EINTR) {
2158 ret = MBEDTLS_ERR_SSL_WANT_WRITE;
2159 }
else if (errno == EPIPE || errno == ECONNRESET) {
2160 ret = MBEDTLS_ERR_NET_CONN_RESET;
2164 ret = MBEDTLS_ERR_NET_SEND_FAILED;
2173 ret = MBEDTLS_ERR_SSL_WANT_WRITE;
2179static coap_mbedtls_env_t *
2183#if !COAP_USE_PSA_CRYPTO
2186 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
2191 m_env = (coap_mbedtls_env_t *)mbedtls_malloc(
sizeof(coap_mbedtls_env_t));
2195 memset(m_env, 0,
sizeof(coap_mbedtls_env_t));
2197 mbedtls_ssl_init(&m_env->ssl);
2198#if !COAP_USE_PSA_CRYPTO
2199 mbedtls_ctr_drbg_init(&m_env->ctr_drbg);
2200 mbedtls_entropy_init(&m_env->entropy);
2202 mbedtls_ssl_config_init(&m_env->conf);
2204#if defined(ESPIDF_VERSION) && defined(CONFIG_MBEDTLS_DEBUG)
2205 mbedtls_esp_enable_debug_log(&m_env->conf, CONFIG_MBEDTLS_DEBUG_LEVEL);
2208#if !COAP_USE_PSA_CRYPTO
2209 if ((ret = mbedtls_ctr_drbg_seed(&m_env->ctr_drbg,
2210 mbedtls_entropy_func, &m_env->entropy,
NULL, 0)) != 0) {
2211 if (ret != MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) {
2212 coap_log_info(
"mbedtls_ctr_drbg_seed returned -0x%x: '%s'\n",
2213 -ret, get_error_string(ret));
2216 coap_log_err(
"mbedtls_ctr_drbg_seed returned -0x%x: '%s'\n",
2217 -ret, get_error_string(ret));
2222#if COAP_CLIENT_SUPPORT
2223 if (setup_client_ssl_session(c_session, m_env) != 0) {
2230#if defined(MBEDTLS_SSL_SRV_C)
2231 if (setup_server_ssl_session(c_session, m_env) != 0) {
2241#if MBEDTLS_VERSION_NUMBER >= 0x03020000
2242 mbedtls_ssl_conf_min_tls_version(&m_env->conf, MBEDTLS_SSL_VERSION_TLS1_2);
2244 mbedtls_ssl_conf_min_version(&m_env->conf, MBEDTLS_SSL_MAJOR_VERSION_3,
2245 MBEDTLS_SSL_MINOR_VERSION_3);
2248 if (mbedtls_ssl_setup(&m_env->ssl, &m_env->conf) != 0) {
2252 mbedtls_ssl_set_bio(&m_env->ssl, c_session, coap_dgram_write,
2253 coap_dgram_read,
NULL);
2254#ifdef MBEDTLS_SSL_DTLS_CONNECTION_ID
2257#if COAP_CLIENT_SUPPORT
2258 coap_mbedtls_context_t *m_context =
2262 m_context->setup_data.use_cid) {
2270 mbedtls_ssl_set_cid(&m_env->ssl, MBEDTLS_SSL_CID_ENABLED,
NULL, 0);
2274#if COAP_SERVER_SUPPORT
2284 mbedtls_ssl_set_cid(&m_env->ssl, MBEDTLS_SSL_CID_ENABLED, cid,
2292#if !COAP_DISABLE_TCP
2295 mbedtls_ssl_set_bio(&m_env->ssl, c_session, coap_sock_write,
2296 coap_sock_read,
NULL);
2299#ifdef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
2300 coap_mbedtls_context_t *m_context =
2302 if ((m_context->psk_pki_enabled & IS_PSK) &&
2306#if COAP_CLIENT_SUPPORT && COAP_SERVER_SUPPORT
2312#elif COAP_CLIENT_SUPPORT
2317 mbedtls_ssl_set_hs_ecjpake_password(&m_env->ssl, psk_key->
s, psk_key->
length);
2321 mbedtls_ssl_set_timer_cb(&m_env->ssl, &m_env->timer,
2322 zephyr_timing_set_delay,
2323 zephyr_timing_get_delay);
2325 mbedtls_ssl_set_timer_cb(&m_env->ssl, &m_env->timer,
2326 mbedtls_timing_set_delay,
2327 mbedtls_timing_get_delay);
2330 mbedtls_ssl_conf_dbg(&m_env->conf, mbedtls_debug_out, stdout);
2335 mbedtls_free(m_env);
2342#if defined(MBEDTLS_SSL_PROTO_DTLS)
2345 static int reported = 0;
2349 " - update Mbed TLS to include DTLS\n");
2357#if !COAP_DISABLE_TCP
2406#ifdef MBEDTLS_SSL_DTLS_CONNECTION_ID
2413#if COAP_CLIENT_SUPPORT
2416#ifdef MBEDTLS_SSL_DTLS_CONNECTION_ID
2417 c_context->testing_cids = every;
2429 coap_mbedtls_context_t *m_context;
2432 m_context = (coap_mbedtls_context_t *)mbedtls_malloc(
sizeof(coap_mbedtls_context_t));
2434 memset(m_context, 0,
sizeof(coap_mbedtls_context_t));
2439#if COAP_SERVER_SUPPORT
2448 coap_mbedtls_context_t *m_context =
2451#if !defined(MBEDTLS_SSL_SRV_C)
2453 " libcoap not compiled for Server Mode for Mbed TLS"
2454 " - update Mbed TLS to include Server Mode\n");
2457 if (!m_context || !setup_data)
2461#ifndef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
2462 coap_log_warn(
"Mbed TLS not compiled for EC-JPAKE support\n");
2466 coap_log_warn(
"CoAP Server with Mbed TLS does not support Identity Hint\n");
2468 m_context->psk_pki_enabled |= IS_PSK;
2473#if COAP_CLIENT_SUPPORT
2482#if !defined(MBEDTLS_SSL_CLI_C)
2487 " libcoap not compiled for Client Mode for Mbed TLS"
2488 " - update Mbed TLS to include Client Mode\n");
2491 coap_mbedtls_context_t *m_context =
2494 if (!m_context || !setup_data)
2498 coap_log_warn(
"CoAP Client with Mbed TLS does not support Identity Hint selection\n");
2501#ifndef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
2502 coap_log_warn(
"Mbed TLS not compiled for EC-JPAKE support\n");
2506#ifndef MBEDTLS_SSL_DTLS_CONNECTION_ID
2507 coap_log_warn(
"Mbed TLS not compiled for Connection-ID support\n");
2510 m_context->psk_pki_enabled |= IS_PSK;
2520 coap_mbedtls_context_t *m_context =
2523 m_context->setup_data = *setup_data;
2524 if (!m_context->setup_data.verify_peer_cert) {
2526 m_context->setup_data.check_common_ca = 0;
2528 m_context->setup_data.allow_self_signed = 1;
2529 m_context->setup_data.allow_expired_certs = 1;
2530 m_context->setup_data.cert_chain_validation = 1;
2531 m_context->setup_data.cert_chain_verify_depth = 10;
2532 m_context->setup_data.check_cert_revocation = 1;
2533 m_context->setup_data.allow_no_crl = 1;
2534 m_context->setup_data.allow_expired_crl = 1;
2535 m_context->setup_data.allow_bad_md_hash = 1;
2536 m_context->setup_data.allow_short_rsa_length = 1;
2538 m_context->psk_pki_enabled |= IS_PKI;
2540#ifndef MBEDTLS_SSL_DTLS_CONNECTION_ID
2541 coap_log_warn(
"Mbed TLS not compiled for Connection-ID support\n");
2549 const char *ca_file,
2550 const char *ca_path) {
2551 coap_mbedtls_context_t *m_context =
2555 coap_log_warn(
"coap_context_set_pki_root_cas: (D)TLS environment "
2560 if (ca_file ==
NULL && ca_path ==
NULL) {
2561 coap_log_warn(
"coap_context_set_pki_root_cas: ca_file and/or ca_path "
2565 if (m_context->root_ca_file) {
2566 mbedtls_free(m_context->root_ca_file);
2567 m_context->root_ca_file =
NULL;
2571 m_context->root_ca_file = mbedtls_strdup(ca_file);
2574 if (m_context->root_ca_path) {
2575 mbedtls_free(m_context->root_ca_path);
2576 m_context->root_ca_path =
NULL;
2580 m_context->root_ca_path = mbedtls_strdup(ca_path);
2591 coap_mbedtls_context_t *m_context =
2595 coap_log_warn(
"coap_context_load_pki_trust_store: (D)TLS environment "
2599 m_context->trust_store_defined = 1;
2608 coap_mbedtls_context_t *m_context =
2610 return m_context->psk_pki_enabled ? 1 : 0;
2615 coap_mbedtls_context_t *m_context = (coap_mbedtls_context_t *)dtls_context;
2618 for (i = 0; i < m_context->pki_sni_count; i++) {
2619 mbedtls_free(m_context->pki_sni_entry_list[i].sni);
2621 mbedtls_x509_crt_free(&m_context->pki_sni_entry_list[i].public_cert);
2623 mbedtls_pk_free(&m_context->pki_sni_entry_list[i].private_key);
2625 mbedtls_x509_crt_free(&m_context->pki_sni_entry_list[i].cacert);
2627 if (m_context->pki_sni_entry_list)
2628 mbedtls_free(m_context->pki_sni_entry_list);
2630 for (i = 0; i < m_context->psk_sni_count; i++) {
2631 mbedtls_free(m_context->psk_sni_entry_list[i].sni);
2633 if (m_context->psk_sni_entry_list)
2634 mbedtls_free(m_context->psk_sni_entry_list);
2636 if (m_context->root_ca_path)
2637 mbedtls_free(m_context->root_ca_path);
2638 if (m_context->root_ca_file)
2639 mbedtls_free(m_context->root_ca_file);
2641 mbedtls_free(m_context);
2644#if COAP_CLIENT_SUPPORT
2647#if !defined(MBEDTLS_SSL_CLI_C)
2650 " libcoap not compiled for Client Mode for Mbed TLS"
2651 " - update Mbed TLS to include Client Mode\n");
2654 coap_mbedtls_env_t *m_env = coap_dtls_new_mbedtls_env(c_session,
2663 m_env->last_timeout = now;
2664 ret = do_mbedtls_handshake(c_session, m_env);
2666 coap_dtls_free_mbedtls_env(m_env);
2675#if COAP_SERVER_SUPPORT
2678#if !defined(MBEDTLS_SSL_SRV_C)
2681 " libcoap not compiled for Server Mode for Mbed TLS"
2682 " - update Mbed TLS to include Server Mode\n");
2685 coap_mbedtls_env_t *m_env =
2686 (coap_mbedtls_env_t *)c_session->
tls;
2688#if defined(MBEDTLS_SSL_PROTO_DTLS)
2689#if MBEDTLS_VERSION_NUMBER >= 0x02100100
2690 mbedtls_ssl_set_mtu(&m_env->ssl, (uint16_t)c_session->
mtu);
2701 if (c_session && c_session->
context && c_session->
tls) {
2702 coap_dtls_free_mbedtls_env(c_session->
tls);
2711#if defined(MBEDTLS_SSL_PROTO_DTLS)
2712 coap_mbedtls_env_t *m_env =
2713 (coap_mbedtls_env_t *)c_session->
tls;
2715#if MBEDTLS_VERSION_NUMBER >= 0x02100100
2716 mbedtls_ssl_set_mtu(&m_env->ssl, (uint16_t)c_session->
mtu);
2726 const uint8_t *data,
size_t data_len) {
2728 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
2737 if (m_env->established) {
2738 ret = mbedtls_ssl_write(&m_env->ssl, (
const unsigned char *) data, data_len);
2741 case MBEDTLS_ERR_SSL_WANT_READ:
2742 case MBEDTLS_ERR_SSL_WANT_WRITE:
2745 case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
2751 "returned -0x%x: '%s'\n",
2752 -ret, get_error_string(ret));
2761 ret = do_mbedtls_handshake(c_session, m_env);
2791 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
2793 int ret = zephyr_timing_get_delay(&m_env->timer);
2795 int ret = mbedtls_timing_get_delay(&m_env->timer);
2797 unsigned int scalar = 1 << m_env->retry_scalar;
2807 m_env->last_timeout = now;
2820 m_env->last_timeout = now;
2838 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
2840 if (m_env ==
NULL) {
2845 m_env->retry_scalar++;
2847 (do_mbedtls_handshake(c_session, m_env) < 0)) {
2862 const uint8_t *data,
2867 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
2868 coap_ssl_t *ssl_data;
2870 if (m_env ==
NULL) {
2875 ssl_data = &m_env->coap_ssl_data;
2876 if (ssl_data->pdu_len) {
2877 coap_log_err(
"** %s: Previous data not read %u bytes\n",
2880 ssl_data->pdu = data;
2881 ssl_data->pdu_len = (unsigned)data_len;
2883 if (m_env->established) {
2884#if COAP_CONSTRAINED_STACK
2891 ret = mbedtls_ssl_read(&m_env->ssl, pdu,
sizeof(pdu));
2896 if (!c_session->
tls) {
2904 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
2905 case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
2908 case MBEDTLS_ERR_SSL_WANT_READ:
2912 "returned -0x%x: '%s' (length %" PRIdS ")\n",
2913 -ret, get_error_string(ret), data_len);
2918 ret = do_mbedtls_handshake(c_session, m_env);
2923 if (ssl_data->pdu_len) {
2925 ret = do_mbedtls_handshake(c_session, m_env);
2944 if (ssl_data && ssl_data->pdu_len) {
2946 coap_log_debug(
"coap_dtls_receive: ret %d: remaining data %u\n", ret, ssl_data->pdu_len);
2947 ssl_data->pdu_len = 0;
2948 ssl_data->pdu =
NULL;
2953#if COAP_SERVER_SUPPORT
2961 const uint8_t *data,
2963#if !defined(MBEDTLS_SSL_PROTO_DTLS) || !defined(MBEDTLS_SSL_SRV_C)
2968 " libcoap not compiled for DTLS or Server Mode for Mbed TLS"
2969 " - update Mbed TLS to include DTLS and Server Mode\n");
2972 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
2973 coap_ssl_t *ssl_data;
2980 c_session->
tls = m_env;
2987 if ((ret = mbedtls_ssl_set_client_transport_id(&m_env->ssl,
2990 coap_log_err(
"mbedtls_ssl_set_client_transport_id() returned -0x%x: '%s'\n",
2991 -ret, get_error_string(ret));
2995 ssl_data = &m_env->coap_ssl_data;
2996 if (ssl_data->pdu_len) {
2997 coap_log_err(
"** %s: Previous data not read %u bytes\n",
3000 ssl_data->pdu = data;
3001 ssl_data->pdu_len = (unsigned)data_len;
3003 ret = do_mbedtls_handshake(c_session, m_env);
3004 if (ret == 0 || m_env->seen_client_hello) {
3010 m_env->seen_client_hello = 0;
3016 if (ssl_data->pdu_len) {
3018 coap_log_debug(
"coap_dtls_hello: ret %d: remaining data %u\n", ret, ssl_data->pdu_len);
3019 ssl_data->pdu_len = 0;
3020 ssl_data->pdu =
NULL;
3029 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
3030 int expansion = mbedtls_ssl_get_record_expansion(&m_env->ssl);
3032 if (expansion == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) {
3038#if !COAP_DISABLE_TCP
3039#if COAP_CLIENT_SUPPORT
3042#if !defined(MBEDTLS_SSL_CLI_C)
3046 " libcoap not compiled for Client Mode for Mbed TLS"
3047 " - update Mbed TLS to include Client Mode\n");
3050 coap_mbedtls_env_t *m_env = coap_dtls_new_mbedtls_env(c_session,
3059 m_env->last_timeout = now;
3060 c_session->
tls = m_env;
3061 do_mbedtls_handshake(c_session, m_env);
3067#if COAP_SERVER_SUPPORT
3070#if !defined(MBEDTLS_SSL_SRV_C)
3075 " libcoap not compiled for Server Mode for Mbed TLS"
3076 " - update Mbed TLS to include Server Mode\n");
3079 coap_mbedtls_env_t *m_env = coap_dtls_new_mbedtls_env(c_session,
3086 c_session->
tls = m_env;
3087 do_mbedtls_handshake(c_session, m_env);
3108 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
3109 size_t amount_sent = 0;
3116 if (m_env->established) {
3117 while (amount_sent < data_len) {
3118 ret = mbedtls_ssl_write(&m_env->ssl, &data[amount_sent],
3119 data_len - amount_sent);
3122 case MBEDTLS_ERR_SSL_WANT_READ:
3123 case MBEDTLS_ERR_SSL_WANT_WRITE:
3130 case MBEDTLS_ERR_NET_CONN_RESET:
3131 case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
3136 "returned -0x%x: '%s'\n",
3137 -ret, get_error_string(ret));
3149 ret = do_mbedtls_handshake(c_session, m_env);
3163 if (ret == (ssize_t)data_len)
3182 coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->
tls;
3191 if (!m_env->established && !m_env->sent_alert) {
3192 ret = do_mbedtls_handshake(c_session, m_env);
3196 ret = mbedtls_ssl_read(&m_env->ssl, data, data_len);
3200 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
3204 case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
3206 m_env->sent_alert = 1;
3209#if MBEDTLS_VERSION_NUMBER >= 0x03060000
3210 case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET:
3212 case MBEDTLS_ERR_SSL_WANT_READ:
3218 "returned -0x%x: '%s' (length %" PRIdS ")\n",
3219 -ret, get_error_string(ret), data_len);
3223 }
else if (ret < (
int)data_len) {
3246#if COAP_USE_PSA_CRYPTO || defined(MBEDTLS_PSA_CRYPTO_C)
3253#if COAP_CLIENT_SUPPORT
3254 mbedtls_free(psk_ciphers);
3255 mbedtls_free(pki_ciphers);
3256 mbedtls_free(ecjpake_ciphers);
3259 ecjpake_ciphers =
NULL;
3260 processed_ciphers = 0;
3263#if COAP_USE_PSA_CRYPTO || defined(MBEDTLS_PSA_CRYPTO_C)
3264 mbedtls_psa_crypto_free();
3274 if (c_session && c_session->
tls) {
3275 coap_mbedtls_env_t *m_env;
3278 memcpy(&m_env, &c_session->
tls,
sizeof(m_env));
3280 return (
void *)&m_env->ssl;
3289#if !defined(ESPIDF_VERSION)
3299 switch ((
int)level) {
3320 mbedtls_debug_set_threshold(use_level);
3322 keep_log_level = level;
3327 return keep_log_level;
3332#if COAP_WITH_LIBMBEDTLS || COAP_WITH_LIBMBEDTLS_OSCORE
3334#if COAP_SERVER_SUPPORT
3336coap_digest_setup(
void) {
3337 coap_crypto_sha256_ctx_t *digest_ctx = mbedtls_malloc(
sizeof(coap_crypto_sha256_ctx_t));
3340 if (coap_crypto_sha256_init(digest_ctx) != 0) {
3341 coap_digest_free(digest_ctx);
3349coap_digest_free(coap_digest_ctx_t *digest_ctx) {
3351 coap_crypto_sha256_free(digest_ctx);
3352 mbedtls_free(digest_ctx);
3357coap_digest_update(coap_digest_ctx_t *digest_ctx,
3358 const uint8_t *data,
3360 return coap_crypto_sha256_update(digest_ctx, data, data_len) == 0;
3364coap_digest_final(coap_digest_ctx_t *digest_ctx,
3365 coap_digest_t *digest_buffer) {
3366 int ret = coap_crypto_sha256_finish(digest_ctx, (uint8_t *)digest_buffer) == 0;
3367 coap_digest_free(digest_ctx);
3377 coap_crypto_md_type_t md_type;
3382 md_type = COAP_CRYPTO_MD_SHA1;
3385 md_type = COAP_CRYPTO_MD_SHA256;
3388 md_type = COAP_CRYPTO_MD_SHA512;
3391 coap_log_debug(
"coap_crypto_hash: algorithm %d not supported\n", alg);
3395 hash_len = coap_crypto_hash_size(md_type);
3403 if (coap_crypto_hash_compute(md_type, data->
s, data->
length,
3416#if COAP_OSCORE_SUPPORT
3418coap_crypto_hmac_compute(coap_crypto_md_type_t md_type,
3419 const uint8_t *key,
size_t key_len,
3420 const uint8_t *input,
size_t ilen,
3421 uint8_t *output,
size_t output_size,
3422 size_t *output_len) {
3423#if COAP_USE_PSA_CRYPTO
3424 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3425 psa_key_id_t key_id;
3426 psa_algorithm_t psa_alg = PSA_ALG_HMAC(md_type);
3428 psa_status_t status;
3430 psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
3431 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
3432 psa_set_key_algorithm(&attributes, psa_alg);
3434 if (psa_import_key(&attributes, key, key_len, &key_id) != PSA_SUCCESS) {
3438 status = psa_mac_compute(key_id, psa_alg, input, ilen,
3439 output, output_size, &mac_len);
3440 psa_destroy_key(key_id);
3443 *output_len = mac_len;
3444 return (status == PSA_SUCCESS) ? 0 : -1;
3446 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
3449 size_t mac_size = mbedtls_md_get_size(md_info);
3450 if (mac_size > output_size)
3453 *output_len = mac_size;
3454 return mbedtls_md_hmac(md_info, key, key_len, input, ilen, output);
3461coap_crypto_aead_encrypt_ccm(
const uint8_t *key,
size_t key_len,
3462 const uint8_t *nonce,
size_t nonce_len,
3463 const uint8_t *aad,
size_t aad_len,
3464 const uint8_t *plaintext,
size_t plaintext_len,
3465 uint8_t *ciphertext,
size_t ciphertext_size,
3466 size_t *ciphertext_len,
size_t tag_len) {
3467#if COAP_USE_PSA_CRYPTO
3468 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3469 psa_key_id_t key_id;
3470 psa_algorithm_t psa_alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, tag_len);
3472 psa_status_t status;
3474 psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
3475 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
3476 psa_set_key_algorithm(&attributes, psa_alg);
3477 psa_set_key_bits(&attributes, key_len * 8);
3479 if (psa_import_key(&attributes, key, key_len, &key_id) != PSA_SUCCESS) {
3483 status = psa_aead_encrypt(key_id, psa_alg,
3486 plaintext, plaintext_len,
3487 ciphertext, ciphertext_size, &output_len);
3488 psa_destroy_key(key_id);
3491 *ciphertext_len = output_len;
3492 return (status == PSA_SUCCESS) ? 0 : -1;
3494 mbedtls_cipher_context_t ctx;
3495 const mbedtls_cipher_info_t *cipher_info;
3496 mbedtls_cipher_type_t cipher_type;
3498 size_t result_len = ciphertext_size;
3500 if (key_len == 16) {
3501 cipher_type = MBEDTLS_CIPHER_AES_128_CCM;
3502 }
else if (key_len == 32) {
3503 cipher_type = MBEDTLS_CIPHER_AES_256_CCM;
3508 cipher_info = mbedtls_cipher_info_from_type(cipher_type);
3512 mbedtls_cipher_init(&ctx);
3513 if (mbedtls_cipher_setup(&ctx, cipher_info) != 0)
3515 if (mbedtls_cipher_setkey(&ctx, key, key_len * 8, MBEDTLS_ENCRYPT) != 0)
3518#if (MBEDTLS_VERSION_NUMBER < 0x02150000)
3520 unsigned char tag[16];
3521 if (mbedtls_cipher_auth_encrypt(&ctx,
3524 plaintext, plaintext_len,
3525 ciphertext, &result_len,
3526 tag, tag_len) != 0) {
3529 if ((result_len + tag_len) > ciphertext_size)
3531 memcpy(ciphertext + result_len, tag, tag_len);
3532 result_len += tag_len;
3535 if (mbedtls_cipher_auth_encrypt_ext(&ctx,
3538 plaintext, plaintext_len,
3539 ciphertext, ciphertext_size,
3540 &result_len, tag_len) != 0) {
3546 *ciphertext_len = result_len;
3550 mbedtls_cipher_free(&ctx);
3556coap_crypto_aead_decrypt_ccm(
const uint8_t *key,
size_t key_len,
3557 const uint8_t *nonce,
size_t nonce_len,
3558 const uint8_t *aad,
size_t aad_len,
3559 const uint8_t *ciphertext,
size_t ciphertext_len,
3560 uint8_t *plaintext,
size_t plaintext_size,
3561 size_t *plaintext_len,
size_t tag_len) {
3562#if COAP_USE_PSA_CRYPTO
3563 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3564 psa_key_id_t key_id;
3565 psa_algorithm_t psa_alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, tag_len);
3567 psa_status_t status;
3569 psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
3570 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
3571 psa_set_key_algorithm(&attributes, psa_alg);
3572 psa_set_key_bits(&attributes, key_len * 8);
3574 if (psa_import_key(&attributes, key, key_len, &key_id) != PSA_SUCCESS) {
3578 status = psa_aead_decrypt(key_id, psa_alg,
3581 ciphertext, ciphertext_len,
3582 plaintext, plaintext_size, &output_len);
3583 psa_destroy_key(key_id);
3586 *plaintext_len = output_len;
3587 return (status == PSA_SUCCESS) ? 0 : -1;
3589 mbedtls_cipher_context_t ctx;
3590 const mbedtls_cipher_info_t *cipher_info;
3591 mbedtls_cipher_type_t cipher_type;
3593 size_t result_len = plaintext_size;
3595 if (key_len == 16) {
3596 cipher_type = MBEDTLS_CIPHER_AES_128_CCM;
3597 }
else if (key_len == 32) {
3598 cipher_type = MBEDTLS_CIPHER_AES_256_CCM;
3603 cipher_info = mbedtls_cipher_info_from_type(cipher_type);
3607 mbedtls_cipher_init(&ctx);
3608 if (mbedtls_cipher_setup(&ctx, cipher_info) != 0)
3610 if (mbedtls_cipher_setkey(&ctx, key, key_len * 8, MBEDTLS_DECRYPT) != 0)
3613#if (MBEDTLS_VERSION_NUMBER < 0x02150000)
3615 const unsigned char *tag = ciphertext + ciphertext_len - tag_len;
3616 if (mbedtls_cipher_auth_decrypt(&ctx,
3619 ciphertext, ciphertext_len - tag_len,
3620 plaintext, &result_len,
3621 tag, tag_len) != 0) {
3626 if (mbedtls_cipher_auth_decrypt_ext(&ctx,
3629 ciphertext, ciphertext_len,
3630 plaintext, plaintext_size,
3631 &result_len, tag_len) != 0) {
3637 *plaintext_len = result_len;
3641 mbedtls_cipher_free(&ctx);
3657get_cipher_key_size(
cose_alg_t alg,
size_t *key_size) {
3668 coap_log_debug(
"get_cipher_key_size: COSE cipher %d not supported\n", alg);
3678 coap_crypto_md_type_t *md_type,
3680 switch ((
int)hmac_alg) {
3683 *md_type = COAP_CRYPTO_MD_SHA256;
3689 *md_type = COAP_CRYPTO_MD_SHA384;
3695 *md_type = COAP_CRYPTO_MD_SHA512;
3700 coap_log_debug(
"get_hmac_params: COSE HMAC %d not supported\n", hmac_alg);
3707 return get_cipher_key_size(alg,
NULL);
3716 return get_hmac_params(hmac_alg,
NULL,
NULL);
3724 size_t *max_result_len) {
3730 assert(params !=
NULL);
3736 if (!get_cipher_key_size(params->
alg,
NULL)) {
3737 coap_log_debug(
"coap_crypto_aead_encrypt: algorithm %d not supported\n",
3744 if (coap_crypto_aead_encrypt_ccm(ccm->
key.
s, ccm->
key.
length,
3748 result, *max_result_len, max_result_len,
3762 size_t *max_result_len) {
3768 assert(params !=
NULL);
3774 if (!get_cipher_key_size(params->
alg,
NULL)) {
3775 coap_log_debug(
"coap_crypto_aead_decrypt: algorithm %d not supported\n",
3787 if (coap_crypto_aead_decrypt_ccm(ccm->
key.
s, ccm->
key.
length,
3791 result, *max_result_len, max_result_len,
3805 coap_crypto_md_type_t md_type;
3813 if (!get_hmac_params(hmac_alg, &md_type, &mac_len)) {
3814 coap_log_debug(
"coap_crypto_hmac: algorithm %d not supported\n", hmac_alg);
3822 if (coap_crypto_hmac_compute(md_type, key->
s, key->
length,
3842#pragma GCC diagnostic ignored "-Wunused-function"
static size_t strnlen(const char *s, size_t maxlen)
A length-safe strlen() fake.
#define COAP_SERVER_SUPPORT
const char * coap_socket_strerror(void)
#define COAP_RXBUFFER_SIZE
#define COAP_SOCKET_WANT_WRITE
non blocking socket is waiting for writing
#define COAP_SOCKET_CAN_READ
non blocking socket can now read without blocking
Library specific build wrapper for coap_internal.h.
int coap_dtls_context_set_pki(coap_context_t *ctx COAP_UNUSED, const coap_dtls_pki_t *setup_data COAP_UNUSED, const coap_dtls_role_t role COAP_UNUSED)
coap_tick_t coap_dtls_get_timeout(coap_session_t *session COAP_UNUSED, coap_tick_t now COAP_UNUSED)
ssize_t coap_tls_read(coap_session_t *session COAP_UNUSED, uint8_t *data COAP_UNUSED, size_t data_len COAP_UNUSED)
coap_tick_t coap_dtls_get_context_timeout(void *dtls_context COAP_UNUSED)
int coap_dtls_receive(coap_session_t *session COAP_UNUSED, const uint8_t *data COAP_UNUSED, size_t data_len COAP_UNUSED)
void * coap_dtls_get_tls(const coap_session_t *c_session COAP_UNUSED, coap_tls_library_t *tls_lib)
unsigned int coap_dtls_get_overhead(coap_session_t *session COAP_UNUSED)
int coap_dtls_context_load_pki_trust_store(coap_context_t *ctx COAP_UNUSED)
int coap_dtls_context_check_keys_enabled(coap_context_t *ctx COAP_UNUSED)
ssize_t coap_dtls_send(coap_session_t *session COAP_UNUSED, const uint8_t *data COAP_UNUSED, size_t data_len COAP_UNUSED)
ssize_t coap_tls_write(coap_session_t *session COAP_UNUSED, const uint8_t *data COAP_UNUSED, size_t data_len COAP_UNUSED)
void coap_dtls_session_update_mtu(coap_session_t *session COAP_UNUSED)
int coap_dtls_context_set_pki_root_cas(coap_context_t *ctx COAP_UNUSED, const char *ca_file COAP_UNUSED, const char *ca_path COAP_UNUSED)
int coap_dtls_handle_timeout(coap_session_t *session COAP_UNUSED)
void coap_dtls_free_context(void *handle COAP_UNUSED)
void coap_dtls_free_session(coap_session_t *coap_session COAP_UNUSED)
void * coap_dtls_new_context(coap_context_t *coap_context COAP_UNUSED)
void coap_tls_free_session(coap_session_t *coap_session COAP_UNUSED)
uint64_t coap_tick_t
This data type represents internal timer ticks with COAP_TICKS_PER_SECOND resolution.
int coap_prng_lkd(void *buf, size_t len)
Fills buf with len random bytes using the default pseudo random number generator.
int coap_handle_event_lkd(coap_context_t *context, coap_event_t event, coap_session_t *session)
Invokes the event handler of context for the given event and data.
int coap_handle_dgram(coap_context_t *ctx, coap_session_t *session, uint8_t *msg, size_t msg_len)
Parses and interprets a CoAP datagram with context ctx.
void coap_ticks(coap_tick_t *t)
Returns the current value of an internal tick counter.
int coap_crypto_hmac(cose_hmac_alg_t hmac_alg, coap_bin_const_t *key, coap_bin_const_t *data, coap_bin_const_t **hmac)
Create a HMAC hash of the provided data.
int coap_crypto_aead_decrypt(const coap_crypto_param_t *params, coap_bin_const_t *data, coap_bin_const_t *aad, uint8_t *result, size_t *max_result_len)
Decrypt the provided encrypted data into plaintext.
int coap_crypto_aead_encrypt(const coap_crypto_param_t *params, coap_bin_const_t *data, coap_bin_const_t *aad, uint8_t *result, size_t *max_result_len)
Encrypt the provided plaintext data.
int coap_crypto_hash(cose_alg_t alg, const coap_bin_const_t *data, coap_bin_const_t **hash)
Create a hash of the provided data.
int coap_crypto_check_hkdf_alg(cose_hkdf_alg_t hkdf_alg)
Check whether the defined hkdf algorithm is supported by the underlying crypto library.
int coap_crypto_check_cipher_alg(cose_alg_t alg)
Check whether the defined cipher algorithm is supported by the underlying crypto library.
const coap_bin_const_t * coap_get_session_client_psk_identity(const coap_session_t *coap_session)
Get the current client's PSK identity.
void coap_dtls_startup(void)
Initialize the underlying (D)TLS Library layer.
#define COAP_DTLS_RETRANSMIT_MS
int coap_dtls_define_issue(coap_define_issue_key_t type, coap_define_issue_fail_t fail, coap_dtls_key_t *key, const coap_dtls_role_t role, int ret)
Report PKI DEFINE type issue.
int coap_pki_name_match_sni(const char *name_entry, size_t name_length, const char *sni_match)
Check if the PKI name entry is a (wildcard) match for the requested SNI.
void coap_dtls_thread_shutdown(void)
Close down the underlying (D)TLS Library layer.
int coap_dtls_set_cid_tuple_change(coap_context_t *context, uint8_t every)
Set the Connection ID client tuple frequency change for testing CIDs.
#define COAP_DTLS_CID_LENGTH
int coap_dtls_is_context_timeout(void)
Check if timeout is handled per CoAP session or per CoAP context.
void coap_dtls_shutdown(void)
Close down the underlying (D)TLS Library layer.
const coap_bin_const_t * coap_get_session_client_psk_key(const coap_session_t *coap_session)
Get the current client's PSK key.
#define COAP_DTLS_RETRANSMIT_COAP_TICKS
void coap_dtls_map_key_type_to_define(const coap_dtls_pki_t *setup_data, coap_dtls_key_t *key)
Map the PKI key definitions to the new DEFINE format.
const coap_bin_const_t * coap_get_session_server_psk_key(const coap_session_t *coap_session)
Get the current server's PSK key.
#define COAP_DTLS_RETRANSMIT_TOTAL_MS
@ COAP_DEFINE_KEY_PRIVATE
@ COAP_DEFINE_KEY_ROOT_CA
@ COAP_DEFINE_FAIL_NOT_SUPPORTED
coap_tls_version_t * coap_get_tls_library_version(void)
Determine the type and version of the underlying (D)TLS library.
struct coap_dtls_key_t coap_dtls_key_t
The structure that holds the PKI key information.
struct coap_dtls_spsk_info_t coap_dtls_spsk_info_t
The structure that holds the Server Pre-Shared Key and Identity Hint information.
struct coap_dtls_pki_t coap_dtls_pki_t
@ COAP_PKI_KEY_DEF_PKCS11
The PKI key type is PKCS11 (pkcs11:...).
@ COAP_PKI_KEY_DEF_DER_BUF
The PKI key type is DER buffer (ASN.1).
@ COAP_PKI_KEY_DEF_PEM_BUF
The PKI key type is PEM buffer.
@ COAP_PKI_KEY_DEF_PEM
The PKI key type is PEM file.
@ COAP_PKI_KEY_DEF_ENGINE
The PKI key type is to be passed to ENGINE.
@ COAP_PKI_KEY_DEF_RPK_BUF
The PKI key type is RPK in buffer.
@ COAP_PKI_KEY_DEF_DER
The PKI key type is DER file.
@ COAP_PKI_KEY_DEF_PKCS11_RPK
The PKI key type is PKCS11 w/ RPK (pkcs11:...).
@ COAP_DTLS_ROLE_SERVER
Internal function invoked for server.
@ COAP_DTLS_ROLE_CLIENT
Internal function invoked for client.
@ COAP_PKI_KEY_DEFINE
The individual PKI key types are Definable.
@ COAP_TLS_LIBRARY_MBEDTLS
Using Mbed TLS library.
@ COAP_EVENT_DTLS_CLOSED
Triggerred when (D)TLS session closed.
@ COAP_EVENT_DTLS_CONNECTED
Triggered when (D)TLS session connected.
@ COAP_EVENT_DTLS_ERROR
Triggered when (D)TLS error occurs.
#define coap_lock_callback_ret(r, func)
Dummy for no thread-safe code.
#define coap_log_debug(...)
#define coap_log_emerg(...)
coap_log_t coap_dtls_get_log_level(void)
Get the current (D)TLS logging.
#define coap_dtls_log(level,...)
Logging function.
void coap_dtls_set_log_level(coap_log_t level)
Sets the (D)TLS logging level to the specified level.
const char * coap_session_str(const coap_session_t *session)
Get session description.
#define coap_log_info(...)
#define coap_log_warn(...)
#define coap_log_err(...)
int coap_netif_available(coap_session_t *session)
Function interface to check whether netif for session is still available.
int cose_get_hmac_alg_for_hkdf(cose_hkdf_alg_t hkdf_alg, cose_hmac_alg_t *hmac_alg)
@ COSE_HMAC_ALG_HMAC384_384
@ COSE_HMAC_ALG_HMAC256_256
@ COSE_HMAC_ALG_HMAC512_512
@ COSE_ALGORITHM_SHA_256_256
@ COSE_ALGORITHM_AES_CCM_16_64_128
@ COSE_ALGORITHM_AES_CCM_16_64_256
coap_proto_t
CoAP protocol types Note: coap_layers_coap[] needs updating if extended.
int coap_session_refresh_psk_hint(coap_session_t *session, const coap_bin_const_t *psk_hint)
Refresh the session's current Identity Hint (PSK).
int coap_session_refresh_psk_key(coap_session_t *session, const coap_bin_const_t *psk_key)
Refresh the session's current pre-shared key (PSK).
void coap_session_connected(coap_session_t *session)
Notify session that it has just connected or reconnected.
int coap_session_refresh_psk_identity(coap_session_t *session, const coap_bin_const_t *psk_identity)
Refresh the session's current pre-shared identity (PSK).
void coap_session_disconnected_lkd(coap_session_t *session, coap_nack_reason_t reason)
Notify session that it has failed.
#define COAP_PROTO_NOT_RELIABLE(p)
@ COAP_SESSION_TYPE_CLIENT
client-side
@ COAP_SESSION_STATE_HANDSHAKE
@ COAP_SESSION_STATE_NONE
coap_binary_t * coap_new_binary(size_t size)
Returns a new binary object with at least size bytes storage allocated.
coap_bin_const_t * coap_new_bin_const(const uint8_t *data, size_t size)
Take the specified byte array (text) and create a coap_bin_const_t * Returns a new const binary objec...
void coap_delete_binary(coap_binary_t *s)
Deletes the given coap_binary_t object and releases any memory allocated.
int coap_dtls_cid_is_supported(void)
Check whether (D)TLS CID is available.
int coap_dtls_psk_is_supported(void)
Check whether (D)TLS PSK is available.
int coap_tls_is_supported(void)
Check whether TLS is available.
int coap_oscore_is_supported(void)
Check whether OSCORE is available.
int coap_dtls_is_supported(void)
Check whether DTLS is available.
int coap_dtls_pki_is_supported(void)
Check whether (D)TLS PKI is available.
int coap_dtls_rpk_is_supported(void)
Check whether (D)TLS RPK is available.
int coap_dtls_pkcs11_is_supported(void)
Check whether (D)TLS PKCS11 is available.
coap_address_t remote
remote address and port
CoAP binary data definition with const data.
size_t length
length of binary data
const uint8_t * s
read-only binary data
CoAP binary data definition.
The CoAP stack's global state is stored in a coap_context_t object.
The structure that holds the AES Crypto information.
size_t l
The number of bytes in the length field.
const uint8_t * nonce
must be exactly 15 - l bytes
coap_crypto_key_t key
The Key to use.
size_t tag_len
The size of the Tag.
The common structure that holds the Crypto information.
coap_crypto_aes_ccm_t aes
Used if AES type encryption.
cose_alg_t alg
The COSE algorith to use.
union coap_crypto_param_t::@127375133034013360062164022213074075037225051156 params
The structure used for defining the Client PSK setup data to be used.
uint8_t use_cid
Set to 1 if DTLS Connection ID is to be used.
char * client_sni
If not NULL, SNI to use in client TLS setup.
coap_dtls_ih_callback_t validate_ih_call_back
Identity Hint check callback function.
uint8_t ec_jpake
Set to COAP_DTLS_CPSK_SETUP_VERSION to support this version of the struct.
The structure that holds the PKI key information.
coap_pki_key_define_t define
for definable type keys
union coap_dtls_key_t::@206067364111071227257047077347013260174107036042 key
coap_pki_key_t key_type
key format type
The structure used for defining the PKI setup data to be used.
uint8_t allow_no_crl
1 ignore if CRL not there
void * cn_call_back_arg
Passed in to the CN callback function.
uint8_t allow_short_rsa_length
1 if small RSA keysizes are allowed
uint8_t allow_sni_cn_mismatch
1 if SNI and returnd CN allowed to mismatch (Client only).
uint8_t cert_chain_validation
1 if to check cert_chain_verify_depth
uint8_t allow_bad_md_hash
1 if unsupported MD hashes are allowed
uint8_t use_cid
1 if DTLS Connection ID is to be used (Client only, server always enabled) if supported
uint8_t check_cert_revocation
1 if revocation checks wanted
uint8_t cert_chain_verify_depth
recommended depth is 3
uint8_t allow_expired_certs
1 if expired certs are allowed
uint8_t verify_peer_cert
Set to COAP_DTLS_PKI_SETUP_VERSION to support this version of the struct.
char * client_sni
If not NULL, SNI to use in client TLS setup.
uint8_t allow_self_signed
1 if self-signed certs are allowed.
coap_dtls_cn_callback_t validate_cn_call_back
CN check callback function.
uint8_t allow_expired_crl
1 if expired crl is allowed
uint8_t is_rpk_not_cert
1 is RPK instead of Public Certificate.
uint8_t check_common_ca
1 if peer cert is to be signed by the same CA as the local cert
The structure that holds the Server Pre-Shared Key and Identity Hint information.
The structure used for defining the Server PSK setup data to be used.
coap_dtls_id_callback_t validate_id_call_back
Identity check callback function.
void * id_call_back_arg
Passed in to the Identity callback function.
uint8_t ec_jpake
Set to COAP_DTLS_SPSK_SETUP_VERSION to support this version of the struct.
coap_dtls_spsk_info_t psk_info
Server PSK definition.
coap_layer_write_t l_write
coap_layer_establish_t l_establish
coap_const_char_ptr_t public_cert
define: Public Cert
coap_const_char_ptr_t private_key
define: Private Key
coap_const_char_ptr_t ca
define: Common CA Certificate
size_t public_cert_len
define Public Cert length (if needed)
size_t ca_len
define CA Cert length (if needed)
coap_pki_define_t private_key_def
define: Private Key type definition
size_t private_key_len
define Private Key length (if needed)
coap_pki_define_t ca_def
define: Common CA type definition
coap_pki_define_t public_cert_def
define: Public Cert type definition
Abstraction of virtual session that can be attached to coap_context_t (client) or coap_endpoint_t (se...
unsigned int dtls_timeout_count
dtls setup retry counter
coap_socket_t sock
socket object for the session, if any
coap_session_state_t state
current state of relationship with peer
coap_addr_tuple_t addr_info
remote/local address info
coap_proto_t proto
protocol used
coap_dtls_cpsk_t cpsk_setup_data
client provided PSK initial setup data
size_t mtu
path or CSM mtu (xmt)
int dtls_event
Tracking any (D)TLS events on this session.
void * tls
security parameters
uint16_t max_retransmit
maximum re-transmit count (default 4)
coap_session_type_t type
client or server side socket
coap_context_t * context
session's context
coap_layer_func_t lfunc[COAP_LAYER_LAST]
Layer functions to use.
coap_socket_flags_t flags
1 or more of COAP_SOCKET* flag values
The structure used for returning the underlying (D)TLS library information.
uint64_t built_version
(D)TLS Built against Library Version
coap_tls_library_t type
Library type.
uint64_t version
(D)TLS runtime Library Version
const char * s_byte
signed char ptr
const uint8_t * u_byte
unsigned char ptr