20#ifdef COAP_WITH_LIBTINYDTLS
23#undef PACKAGE_BUGREPORT
31#include <tinydtls/tinydtls.h>
32#include <tinydtls/dtls.h>
33#include <tinydtls/dtls_debug.h>
34#include <tinydtls/dtls_time.h>
38#include <dtls_debug.h>
42typedef struct coap_tiny_context_t {
43 struct dtls_context_t *dtls_context;
50#if (DTLS_MAX_CID_LENGTH > 0)
55#if ! defined(DTLS_PSK) && ! defined(DTLS_ECC)
56#error Neither DTLS_PSK or DTLS_ECC defined
59static dtls_tick_t dtls_tick_0 = 0;
117#if (DTLS_MAX_CID_LENGTH > 0)
124#if COAP_CLIENT_SUPPORT
131#if (DTLS_MAX_CID_LENGTH > 0)
143dtls_map_logging(log_t d_level) {
158 case DTLS_LOG_NOTICE:
171#ifdef HAVE_DTLS_SET_LOG_HANDLER
174dtls_logging(log_t d_level,
const char *message) {
175 coap_log_t c_level = dtls_map_logging(d_level);
184 dtls_ticks(&dtls_tick_0);
186#ifdef HAVE_DTLS_SET_LOG_HANDLER
188 dtls_set_log_handler(dtls_logging);
204 const coap_tiny_context_t *t_context =
207 return t_context->dtls_context;
219 d_level = DTLS_LOG_EMERG;
222 d_level = DTLS_LOG_ALERT;
226 d_level = DTLS_LOG_CRIT;
229 d_level = DTLS_LOG_WARN;
232 d_level = DTLS_LOG_NOTICE;
235 d_level = DTLS_LOG_INFO;
241 d_level = DTLS_LOG_DEBUG;
244 dtls_set_log_level(d_level);
249 log_t d_level = dtls_get_log_level();
251 return dtls_map_logging(d_level);
256#if defined(WITH_CONTIKI) || defined(WITH_LWIP)
258 memset(&a->
addr, 0,
sizeof(a->
addr));
259 switch (s->addr.sa.sa_family) {
262 memcpy(&a->
addr, &s->
addr.
sin.sin_addr,
sizeof(s->addr.sin.sin_addr));
263 a->port = s->
addr.
sin.sin_port;
268 memcpy(&a->
addr, &s->
addr.
sin6.sin6_addr,
sizeof(s->addr.sin6.sin6_addr));
279#elif defined(WITH_RIOT_SOCK)
280 if (s->addr.family == AF_INET6) {
281 a->riot.family = s->
addr.family;
282 memcpy(&a->riot.
addr.ipv6, &s->
addr.ipv6,
283 sizeof(a->riot.
addr.ipv6));
284 a->riot.port = ntohs(s->addr.port);
287 }
else if (s->addr.family == AF_INET) {
288 a->riot.family = s->
addr.family;
289 memcpy(&a->riot.
addr.ipv4, &s->
addr.ipv4,
sizeof(a->riot.
addr.ipv4));
290 a->riot.port = ntohs(s->addr.port);
295 if (s->addr.sa.sa_family == AF_INET6) {
298 }
else if (s->addr.sa.sa_family == AF_INET) {
302 a->
size = (socklen_t)s->size;
310#if defined(WITH_CONTIKI) || defined(WITH_LWIP)
312#if LWIP_IPV6 && LWIP_IPV4
313 if (a->
addr.type == IPADDR_TYPE_V6) {
314 s->addr.sa.sa_family = AF_INET6;
315 s->size = (socklen_t)
sizeof(s->addr.sin6);
316 memcpy(&s->addr.sin6.sin6_addr, &a->
addr,
sizeof(s->addr.sin6.sin6_addr));
317 s->addr.sin6.sin6_port = a->port;
318 }
else if (a->
addr.type == IPADDR_TYPE_V4) {
319 s->
addr.
sa.sa_family = AF_INET;
320 s->size = (socklen_t)
sizeof(s->addr.sin);
321 memcpy(&s->addr.sin.sin_addr, &a->
addr,
sizeof(s->addr.sin.sin_addr));
322 s->addr.sin.sin_port = a->port;
327 s->
size = (
unsigned char)
sizeof(s->addr);
331#elif defined(WITH_RIOT_SOCK)
332 if (a->riot.family == AF_INET6) {
333 s->
size =
sizeof(s->addr.ipv6);
334 s->addr.family = a->riot.family;
335 memcpy(&s->addr.ipv6, &a->riot.
addr.ipv6,
336 sizeof(s->addr.ipv6));
337 s->addr.port = htons(a->riot.port);
339 }
else if (a->r.family == AF_INET) {
340 s->size =
sizeof(s->addr.ipv4);
341 s->addr.family = a->r.family;
342 memcpy(&a->
addr.ipv4, &s->r.
addr.ipv4,
sizeof(a->
addr.ipv4));
343 s->addr.port = htons(a->r.port);
347 if (a->
addr.
sa.sa_family == AF_INET6) {
348 s->size = (socklen_t)
sizeof(s->addr.sin6);
350 }
else if (a->
addr.
sa.sa_family == AF_INET) {
351 s->size = (socklen_t)
sizeof(s->addr.sin);
354 s->size = (socklen_t)a->
size;
361dtls_send_to_peer(
struct dtls_context_t *dtls_context,
362 session_t *dtls_session, uint8 *data,
size_t len) {
363 coap_tiny_context_t *t_context =
364 (coap_tiny_context_t *)dtls_get_app_data(dtls_context);
365 coap_context_t *coap_context = t_context ? t_context->coap_context : NULL;
369 assert(coap_context);
370 get_session_addr(dtls_session, &remote_addr);
373 coap_log_warn(
"dtls_send_to_peer: cannot find local interface\n");
381dtls_application_data(
struct dtls_context_t *dtls_context,
382 session_t *dtls_session, uint8 *data,
size_t len) {
383 coap_tiny_context_t *t_context =
384 (coap_tiny_context_t *)dtls_get_app_data(dtls_context);
385 coap_context_t *coap_context = t_context ? t_context->coap_context : NULL;
389 assert(coap_context);
390 get_session_addr(dtls_session, &remote_addr);
393 coap_log_debug(
"dropped message that was received on invalid interface\n");
402static int coap_event_dtls = 0;
405dtls_event(
struct dtls_context_t *dtls_context,
406 session_t *dtls_session,
407 dtls_alert_level_t level,
408 unsigned short code) {
412 if (level == DTLS_ALERT_LEVEL_FATAL)
417 case DTLS_ALERT_CLOSE_NOTIFY: {
421 case DTLS_EVENT_CONNECTED: {
425#ifdef DTLS_EVENT_RENEGOTIATE
426 case DTLS_EVENT_RENEGOTIATE: {
443get_psk_info(
struct dtls_context_t *dtls_context,
444 const session_t *dtls_session,
445 dtls_credentials_type_t type,
446 const uint8_t *
id,
size_t id_len,
447 unsigned char *result,
size_t result_length) {
449 coap_tiny_context_t *t_context =
450 (coap_tiny_context_t *)dtls_get_app_data(dtls_context);
451 coap_context_t *coap_context = t_context ? t_context->coap_context : NULL;
453 int fatal_error = DTLS_ALERT_INTERNAL_ERROR;
455#if COAP_CLIENT_SUPPORT
461#if COAP_SERVER_SUPPORT
466 assert(coap_context);
467 get_session_addr(dtls_session, &remote_addr);
475 case DTLS_PSK_IDENTITY:
477#if COAP_CLIENT_SUPPORT
489 id ? (
const char *)
id :
"");
501 psk_identity = &cpsk_info->
identity;
510 if (psk_identity == NULL) {
512 fatal_error = DTLS_ALERT_CLOSE_NOTIFY;
515 if (psk_identity->
length > result_length) {
516 coap_log_warn(
"psk_identity too large, truncated to %zd bytes\n",
520 result_length = psk_identity->
length;
522 memcpy(result, psk_identity->
s, result_length);
523 return result_length;
529#if COAP_CLIENT_SUPPORT
532 if (psk_key == NULL) {
534 fatal_error = DTLS_ALERT_CLOSE_NOTIFY;
537 if (psk_key->
length > result_length) {
542 result_length = psk_key->
length;
544 memcpy(result, psk_key->
s, result_length);
545 return result_length;
548#if COAP_SERVER_SUPPORT
552 lidentity.
length =
id ? id_len : 0;
553 lidentity.
s =
id ? (
const uint8_t *)
id : (const uint8_t *)
"";
560 (
int)lidentity.
length, lidentity.
s);
571 if (psk_key == NULL) {
577 if (psk_key->
length > result_length) {
582 result_length = psk_key->
length;
584 memcpy(result, psk_key->
s, result_length);
585 return result_length;
591#if COAP_SERVER_SUPPORT
593 if (psk_hint == NULL)
595 if (psk_hint->
length > result_length) {
596 coap_log_warn(
"psk_hint too large, truncated to %zd bytes\n",
600 result_length = psk_hint->
length;
602 memcpy(result, psk_hint->
s, result_length);
603 return result_length;
613 return dtls_alert_fatal_create(fatal_error);
618dtls_update_user_parameters(
struct dtls_context_t *ctx,
619 session_t *session, dtls_user_parameters_t *user_parameters) {
622#if (DTLS_MAX_CID_LENGTH > 0)
623 coap_tiny_context_t *t_context =
624 (coap_tiny_context_t *)dtls_get_app_data(ctx);
625 user_parameters->support_cid = t_context ? t_context->use_cid : 0;
627 (void)user_parameters;
633get_ecdsa_key(
struct dtls_context_t *dtls_context,
635 const dtls_ecdsa_key_t **result) {
636 static dtls_ecdsa_key_t ecdsa_key;
637 coap_tiny_context_t *t_context =
638 (coap_tiny_context_t *)dtls_get_app_data(dtls_context);
640 ecdsa_key.curve = DTLS_ECDH_CURVE_SECP256R1;
641 ecdsa_key.priv_key = t_context->priv_key->s;
642 ecdsa_key.pub_key_x = t_context->pub_key->s;
643 ecdsa_key.pub_key_y = &t_context->pub_key->s[DTLS_EC_KEY_SIZE];
645 *result = &ecdsa_key;
650static const unsigned char cert_asn1_header[] = {
654 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01,
656 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07,
660#define DTLS_CE_LENGTH (sizeof(cert_asn1_header) + key_size + key_size)
663verify_ecdsa_key(
struct dtls_context_t *dtls_context
COAP_UNUSED,
665 const uint8_t *other_pub_x,
666 const uint8_t *other_pub_y,
668 coap_tiny_context_t *t_context =
669 (coap_tiny_context_t *)dtls_get_app_data(dtls_context);
672 if (t_context && t_context->setup_data.validate_cn_call_back) {
675 uint8 buf[DTLS_CE_LENGTH];
684 memcpy(p, &cert_asn1_header,
sizeof(cert_asn1_header));
685 p +=
sizeof(cert_asn1_header);
687 memcpy(p, other_pub_x, key_size);
690 memcpy(p, other_pub_y, key_size);
693 assert(p <= (buf +
sizeof(buf)));
695 get_session_addr(dtls_session, &remote_addr);
697 &remote_addr, dtls_session->ifindex);
702 buf, p-buf, c_session, 0, 1, t_context->setup_data.cn_call_back_arg));
710static dtls_handler_t ec_cb = {
711 .write = dtls_send_to_peer,
712 .read = dtls_application_data,
713 .get_user_parameters = dtls_update_user_parameters,
716 .get_psk_info = NULL,
718 .get_ecdsa_key = get_ecdsa_key,
719 .verify_ecdsa_key = verify_ecdsa_key
723static dtls_handler_t psk_cb = {
724 .write = dtls_send_to_peer,
725 .read = dtls_application_data,
726 .get_user_parameters = dtls_update_user_parameters,
729 .get_psk_info = get_psk_info,
732 .get_ecdsa_key = NULL,
733 .verify_ecdsa_key = NULL
740 struct dtls_context_t *dtls_context = t_context ? dtls_new_context(t_context) : NULL;
743 memset(t_context, 0,
sizeof(coap_tiny_context_t));
744 t_context->coap_context = coap_context;
745 t_context->dtls_context = dtls_context;
746 dtls_set_handler(dtls_context, &psk_cb);
759 coap_tiny_context_t *t_context = (coap_tiny_context_t *)handle;
761 if (t_context->priv_key) {
763 t_context->priv_key = NULL;
765 if (t_context->pub_key) {
767 t_context->pub_key = NULL;
770 if (t_context->dtls_context)
771 dtls_free_context(t_context->dtls_context);
783 dtls_session_init(dtls_session);
785 dtls_session->ifindex = session->
ifindex;
792#if COAP_SERVER_SUPPORT
795 return coap_dtls_new_session(session);
799#if COAP_CLIENT_SUPPORT
804 dtls_context_t *dtls_context = t_context ? t_context->dtls_context : NULL;
805 session_t *dtls_session = dtls_context ? coap_dtls_new_session(session) : NULL;
810 dtls_get_peer(dtls_context, dtls_session);
816 if (dtls_connect(dtls_context, dtls_session) >= 0) {
818 dtls_get_peer(dtls_context, dtls_session);
839 coap_tiny_context_t *t_context =
841 dtls_context_t *dtls_context = t_context ? t_context->dtls_context : NULL;
843 if (dtls_context == NULL)
845 if (coap_session->
tls && dtls_context) {
846 dtls_peer_t *peer = dtls_get_peer(dtls_context, (session_t *)coap_session->
tls);
848 dtls_reset_peer(dtls_context, peer);
850 dtls_close(dtls_context, (session_t *)coap_session->
tls);
853 coap_session->
tls = NULL;
865 dtls_context_t *dtls_context = t_context ? t_context->dtls_context : NULL;
867 assert(dtls_context);
869 coap_event_dtls = -1;
873 memcpy(&data_rw, &data,
sizeof(data_rw));
874 res = dtls_write(dtls_context,
875 (session_t *)session->
tls, data_rw, data_len);
880 if (coap_event_dtls >= 0) {
885#if (DTLS_MAX_CID_LENGTH > 0) && COAP_CLIENT_SUPPORT
887 dtls_peer_t *peer = dtls_get_peer(dtls_context, (session_t *)session->
tls);
888 dtls_security_parameters_t *security = dtls_security_params(peer);
890 if (security->write_cid_length > 0) {
914 clock_time_t next = 0;
915 coap_tiny_context_t *t_context = (coap_tiny_context_t *)tiny_context;
916 dtls_context_t *dtls_context = t_context ? t_context->dtls_context : NULL;
918 dtls_check_retransmit(dtls_context, &next);
947 session_t *dtls_session = (session_t *)session->
tls;
951 dtls_context_t *dtls_context = t_context ? t_context->dtls_context : NULL;
953 assert(dtls_context);
954 coap_event_dtls = -1;
956 memcpy(&data_rw, &data,
sizeof(data_rw));
957 err = dtls_handle_message(dtls_context, dtls_session, data_rw, (
int)data_len);
963 if (coap_event_dtls >= 0) {
969#if (DTLS_MAX_CID_LENGTH > 0) && COAP_CLIENT_SUPPORT
971 dtls_peer_t *peer = dtls_get_peer(dtls_context, (session_t *)session->
tls);
972 dtls_security_parameters_t *security = dtls_security_params(peer);
974 if (security->write_cid_length > 0) {
990#if COAP_SERVER_SUPPORT
996 session_t dtls_session;
998 dtls_context_t *dtls_context = t_context ? t_context->dtls_context : NULL;
1001 assert(dtls_context);
1002 dtls_session_init(&dtls_session);
1004 dtls_session.ifindex = session->
ifindex;
1006 memcpy(&data_rw, &data,
sizeof(data_rw));
1007 int res = dtls_handle_message(dtls_context, &dtls_session,
1008 data_rw, (
int)data_len);
1010 if (dtls_get_peer(dtls_context, &dtls_session))
1033 const char *vers = dtls_package_version();
1037 long int p1, p2 = 0, p3 = 0;
1040 p1 = strtol(vers, &endptr, 10);
1041 if (*endptr ==
'.') {
1042 p2 = strtol(endptr+1, &endptr, 10);
1043 if (*endptr ==
'.') {
1044 p3 = strtol(endptr+1, &endptr, 10);
1047 version.
version = (p1 << 16) | (p2 << 8) | p3;
1055static const uint8_t b64_6[256] = {
1056 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
1057 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
1059 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 62, 64, 64, 64, 63,
1061 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 64, 64, 64, 64, 64, 64,
1063 64, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
1065 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 64, 64, 64, 64, 64,
1067 64, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
1069 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 64, 64, 64, 64, 64,
1070 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
1071 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
1072 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
1073 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
1074 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
1075 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
1076 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
1077 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64
1082pem_base64_decode(
const uint8_t *data,
size_t size) {
1084 size_t nbytesdecoded;
1089 size_t nb64bytes = 0;
1091 for (i = 0; i < size; i++) {
1099 if (b64_6[data[i]] == 64)
1101 tbuf[nb64bytes++] = data[i];
1107 nbytesdecoded = ((nb64bytes + 3) / 4) * 3;
1115 while (nb64bytes > 4) {
1116 *(out++) = b64_6[ptr[0]] << 2 | b64_6[ptr[1]] >> 4;
1117 *(out++) = b64_6[ptr[1]] << 4 | b64_6[ptr[2]] >> 2;
1118 *(out++) = b64_6[ptr[2]] << 6 | b64_6[ptr[3]];
1124 if (nb64bytes > 1) {
1125 *(out++) = b64_6[ptr[0]] << 2 | b64_6[ptr[1]] >> 4;
1127 if (nb64bytes > 2) {
1128 *(out++) = b64_6[ptr[1]] << 4 | b64_6[ptr[2]] >> 2;
1130 if (nb64bytes > 3) {
1131 *(out++) = b64_6[ptr[2]] << 6 | b64_6[ptr[3]];
1134 decoded->
length = nbytesdecoded - ((4 - nb64bytes) & 3);
1139typedef coap_binary_t *(*asn1_callback)(
const uint8_t *data,
size_t size);
1142asn1_verify_privkey(
const uint8_t *data,
size_t size) {
1145 if (size - 1 == DTLS_EC_KEY_SIZE && *data ==
'\000') {
1151 if (size != DTLS_EC_KEY_SIZE)
1158asn1_verify_pubkey(
const uint8_t *data,
size_t size) {
1163 if (size - 2 != 2 * DTLS_EC_KEY_SIZE)
1170asn1_verify_curve(
const uint8_t *data,
size_t size) {
1171 static uint8_t prime256v1_oid[] =
1173 { 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 };
1176 if (size !=
sizeof(prime256v1_oid) ||
1177 memcmp(data, prime256v1_oid, size) != 0)
1184asn1_verify_pkcs8_version(
const uint8_t *data,
size_t size) {
1186 if (size != 1 || *data != 0)
1193asn1_verify_ec_identifier(
const uint8_t *data,
size_t size) {
1194 static uint8_t ec_public_key_oid[] =
1196 { 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01 };
1199 if (size !=
sizeof(ec_public_key_oid) ||
1200 memcmp(data, ec_public_key_oid, size) != 0)
1207asn1_verify_ec_key(
const uint8_t *data,
size_t size) {
1217asn1_derive_keys(coap_tiny_context_t *t_context,
1218 const uint8_t *priv_data,
size_t priv_len,
1219 const uint8_t *pub_data,
size_t pub_len,
1224 priv_len, asn1_verify_privkey);
1225 if (!t_context->priv_key) {
1230 if (t_context->priv_key->length - 1 == DTLS_EC_KEY_SIZE &&
1231 t_context->priv_key->s[0] ==
'\000') {
1232 t_context->priv_key->length--;
1233 t_context->priv_key->s++;
1241 coap_log_info(
"EC Private Key (RPK) invalid elliptic curve\n");
1243 t_context->priv_key = NULL;
1250 asn1_verify_pubkey);
1251 if (!t_context->pub_key) {
1254 t_context->priv_key = NULL;
1258 t_context->pub_key->s += 2;
1259 t_context->pub_key->length -= 2;
1260 dtls_set_handler(t_context->dtls_context, &ec_cb);
1265ec_abstract_pkcs8_asn1(
const uint8_t *asn1_ptr,
size_t asn1_length) {
1269 asn1_verify_pkcs8_version);
1276 asn1_verify_ec_identifier);
1284 coap_log_info(
"EC Private Key (RPK) invalid elliptic curve\n");
1290 asn1_verify_ec_key);
1295pem_decode_mem_asn1(
const char *begstr,
const uint8_t *str) {
1296 char *bcp = str ? strstr((
const char *)str, begstr) : NULL;
1297 char *tcp = bcp ? strstr(bcp,
"-----END ") : NULL;
1300 bcp += strlen(begstr);
1301 return pem_base64_decode((
const uint8_t *)bcp, tcp - bcp);
1313 coap_tiny_context_t *t_context;
1330 if (t_context->priv_key) {
1332 t_context->priv_key = NULL;
1334 if (t_context->pub_key) {
1336 t_context->pub_key = NULL;
1338 t_context->setup_data = *setup_data;
1353 asn1_priv = pem_decode_mem_asn1(
"-----BEGIN EC PRIVATE KEY-----",
1356 asn1_priv = pem_decode_mem_asn1(
"-----BEGIN PRIVATE KEY-----",
1363 asn1_temp = ec_abstract_pkcs8_asn1(asn1_priv->
s, asn1_priv->
length);
1365 coap_log_info(
"*** setup_pki: (D)TLS: PKCS#8 Private Key (RPK) invalid\n");
1372 asn1_priv = asn1_temp;
1375 asn1_pub = pem_decode_mem_asn1(
"-----BEGIN PUBLIC KEY-----",
1378 asn1_pub = pem_decode_mem_asn1(
"-----BEGIN EC PRIVATE KEY-----",
1381 asn1_pub = pem_decode_mem_asn1(
"-----BEGIN PRIVATE KEY-----",
1384 coap_log_info(
"*** setup_pki: (D)TLS: Public Key (RPK) invalid\n");
1390 asn1_temp = ec_abstract_pkcs8_asn1(asn1_pub->
s, asn1_pub->
length);
1392 coap_log_info(
"*** setup_pki: (D)TLS: PKCS#8 Private Key (RPK) invalid\n");
1400 asn1_pub = asn1_temp;
1404 if (!asn1_derive_keys(t_context, asn1_priv->
s, asn1_priv->
length,
1405 asn1_pub->
s, asn1_pub->
length, is_pkcs8)) {
1406 coap_log_info(
"*** setup_pki: (D)TLS: Unable to derive Public/Private Keys\n");
1425 private_key = asn1_temp->
s;
1426 private_key_len = asn1_temp->
length;
1432 if (!asn1_derive_keys(t_context,
1438 coap_log_info(
"*** setup_pki: (D)TLS: Unable to derive Public/Private Keys\n");
1443 if (!asn1_derive_keys(t_context,
1449 coap_log_info(
"*** setup_pki: (D)TLS: Unable to derive Public/Private Keys\n");
1526#if (DTLS_MAX_CID_LENGTH == 0)
1530#if (DTLS_MAX_CID_LENGTH > 0)
1531 t_context->use_cid = setup_data->
use_cid;
1552#if COAP_CLIENT_SUPPORT
1556 coap_tiny_context_t *t_context;
1561 t_context = (coap_tiny_context_t *)coap_context->
dtls_context;
1566#if (DTLS_MAX_CID_LENGTH == 0)
1570#if (DTLS_MAX_CID_LENGTH > 0)
1571 t_context->use_cid = setup_data->
use_cid;
1585#if COAP_SERVER_SUPPORT
1595 coap_log_warn(
"CoAP Server with TinyDTLS does not support SNI selection\n");
1614#if !COAP_DISABLE_TCP
1615#if COAP_CLIENT_SUPPORT
1622#if COAP_SERVER_SUPPORT
1660#if COAP_SERVER_SUPPORT
1666 dtls_sha256_init(digest_ctx);
1679 const uint8_t *data,
1681 dtls_sha256_update(digest_ctx, data, data_len);
1689 dtls_sha256_final((uint8_t *)digest_buffer, digest_ctx);
1721#if COAP_OSCORE_SUPPORT
1733static struct cipher_algs {
1744 for (idx = 0; idx <
sizeof(ciphers)/
sizeof(
struct cipher_algs); idx++) {
1745 if (ciphers[idx].alg == alg)
1746 return ciphers[idx].cipher_type;
1748 coap_log_debug(
"get_cipher_alg: COSE cipher %d not supported\n", alg);
1757static struct hmac_algs {
1768 for (idx = 0; idx <
sizeof(hmacs)/
sizeof(
struct hmac_algs); idx++) {
1769 if (hmacs[idx].hmac_alg == hmac_alg)
1770 return hmacs[idx].hmac_type;
1772 coap_log_debug(
"get_hmac_alg: COSE HMAC %d not supported\n", hmac_alg);
1778 return get_cipher_alg(alg);
1787 return get_hmac_alg(hmac_alg);
1794 uint8_t *result,
size_t *max_result_len) {
1797 dtls_ccm_params_t dtls_params;
1805 if (get_cipher_alg(params->
alg) == 0) {
1806 coap_log_debug(
"coap_crypto_encrypt: algorithm %d not supported\n",
1817 dtls_params.nonce = ccm->
nonce;
1818 dtls_params.tag_length = ccm->
tag_len;
1819 dtls_params.l = ccm->
l;
1828 num_bytes = dtls_encrypt_params(&dtls_params,
1833 if (num_bytes < 0) {
1836 *max_result_len = num_bytes;
1844 uint8_t *result,
size_t *max_result_len) {
1847 dtls_ccm_params_t dtls_params;
1855 if (get_cipher_alg(params->
alg) == 0) {
1856 coap_log_debug(
"coap_crypto_decrypt: algorithm %d not supported\n",
1868 dtls_params.nonce = ccm->
nonce;
1869 dtls_params.tag_length = ccm->
tag_len;
1870 dtls_params.l = ccm->
l;
1879 num_bytes = dtls_decrypt_params(&dtls_params,
1884 if (num_bytes < 0) {
1887 *max_result_len = num_bytes;
1894 dtls_hmac_context_t hmac_context;
1901 if (get_hmac_alg(hmac_alg) == 0) {
1902 coap_log_debug(
"coap_crypto_hmac: algorithm %d not supported\n", hmac_alg);
1910 dtls_hmac_init(&hmac_context, key->
s, key->
length);
1911 dtls_hmac_update(&hmac_context, data->
s, data->
length);
1912 num_bytes = dtls_hmac_finalize(&hmac_context,
dummy->s);
1914 if (num_bytes != DTLS_SHA256_DIGEST_LENGTH) {
1930#pragma GCC diagnostic ignored "-Wunused-function"
Library specific build wrapper for coap_internal.h.
void * coap_malloc_type(coap_memory_tag_t type, size_t size)
Allocates a chunk of size bytes and returns a pointer to the newly allocated memory.
void coap_free_type(coap_memory_tag_t type, void *p)
Releases the memory that was allocated by coap_malloc_type().
int coap_dtls_context_set_pki(coap_context_t *ctx COAP_UNUSED, const coap_dtls_pki_t *setup_data COAP_UNUSED, const coap_dtls_role_t role COAP_UNUSED)
coap_tick_t coap_dtls_get_timeout(coap_session_t *session COAP_UNUSED, coap_tick_t now COAP_UNUSED)
ssize_t coap_tls_read(coap_session_t *session COAP_UNUSED, uint8_t *data COAP_UNUSED, size_t data_len COAP_UNUSED)
coap_tick_t coap_dtls_get_context_timeout(void *dtls_context COAP_UNUSED)
int coap_dtls_receive(coap_session_t *session COAP_UNUSED, const uint8_t *data COAP_UNUSED, size_t data_len COAP_UNUSED)
void * coap_dtls_get_tls(const coap_session_t *c_session COAP_UNUSED, coap_tls_library_t *tls_lib)
unsigned int coap_dtls_get_overhead(coap_session_t *session COAP_UNUSED)
int coap_dtls_context_check_keys_enabled(coap_context_t *ctx COAP_UNUSED)
ssize_t coap_dtls_send(coap_session_t *session COAP_UNUSED, const uint8_t *data COAP_UNUSED, size_t data_len COAP_UNUSED)
ssize_t coap_tls_write(coap_session_t *session COAP_UNUSED, const uint8_t *data COAP_UNUSED, size_t data_len COAP_UNUSED)
void coap_dtls_session_update_mtu(coap_session_t *session COAP_UNUSED)
int coap_dtls_context_set_pki_root_cas(coap_context_t *ctx COAP_UNUSED, const char *ca_file COAP_UNUSED, const char *ca_path COAP_UNUSED)
int coap_dtls_handle_timeout(coap_session_t *session COAP_UNUSED)
void coap_dtls_free_context(void *handle COAP_UNUSED)
void coap_dtls_free_session(coap_session_t *coap_session COAP_UNUSED)
void * coap_dtls_new_context(coap_context_t *coap_context COAP_UNUSED)
void coap_tls_free_session(coap_session_t *coap_session COAP_UNUSED)
int SHA1Result(SHA1Context *, uint8_t Message_Digest[SHA1HashSize])
int SHA1Reset(SHA1Context *)
int SHA1Input(SHA1Context *, const uint8_t *, unsigned int)
coap_binary_t * get_asn1_tag(coap_asn1_tag_t ltag, const uint8_t *ptr, size_t tlen, asn1_validate validate)
Get the asn1 tag and data from the current ptr.
void coap_digest_free(coap_digest_ctx_t *digest_ctx)
Free off coap_digest_ctx_t.
int coap_digest_final(coap_digest_ctx_t *digest_ctx, coap_digest_t *digest_buffer)
Finalize the coap_digest information into the provided digest_buffer.
int coap_digest_update(coap_digest_ctx_t *digest_ctx, const uint8_t *data, size_t data_len)
Update the coap_digest information with the next chunk of data.
coap_digest_ctx_t * coap_digest_setup(void)
Initialize a coap_digest.
uint64_t coap_tick_t
This data type represents internal timer ticks with COAP_TICKS_PER_SECOND resolution.
#define COAP_TICKS_PER_SECOND
Use ms resolution on POSIX systems.
int coap_handle_event_lkd(coap_context_t *context, coap_event_t event, coap_session_t *session)
Invokes the event handler of context for the given event and data.
int coap_handle_dgram(coap_context_t *ctx, coap_session_t *session, uint8_t *msg, size_t msg_len)
Parses and interprets a CoAP datagram with context ctx.
void coap_ticks(coap_tick_t *)
Returns the current value of an internal tick counter.
int coap_crypto_hmac(cose_hmac_alg_t hmac_alg, coap_bin_const_t *key, coap_bin_const_t *data, coap_bin_const_t **hmac)
Create a HMAC hash of the provided data.
int coap_crypto_aead_decrypt(const coap_crypto_param_t *params, coap_bin_const_t *data, coap_bin_const_t *aad, uint8_t *result, size_t *max_result_len)
Decrypt the provided encrypted data into plaintext.
int coap_crypto_aead_encrypt(const coap_crypto_param_t *params, coap_bin_const_t *data, coap_bin_const_t *aad, uint8_t *result, size_t *max_result_len)
Encrypt the provided plaintext data.
int coap_crypto_hash(cose_alg_t alg, const coap_bin_const_t *data, coap_bin_const_t **hash)
Create a hash of the provided data.
int coap_crypto_check_hkdf_alg(cose_hkdf_alg_t hkdf_alg)
Check whether the defined hkdf algorithm is supported by the underlying crypto library.
int coap_crypto_check_cipher_alg(cose_alg_t alg)
Check whether the defined cipher algorithm is supported by the underlying crypto library.
void * coap_tls_new_server_session(coap_session_t *coap_session)
Create a TLS new server-side session.
const coap_bin_const_t * coap_get_session_client_psk_identity(const coap_session_t *coap_session)
Get the current client's PSK identity.
void coap_dtls_startup(void)
Initialize the underlying (D)TLS Library layer.
int coap_dtls_define_issue(coap_define_issue_key_t type, coap_define_issue_fail_t fail, coap_dtls_key_t *key, const coap_dtls_role_t role, int ret)
Report PKI DEFINE type issue.
void * coap_dtls_new_client_session(coap_session_t *coap_session)
Create a new client-side session.
void * coap_dtls_new_server_session(coap_session_t *coap_session)
Create a new DTLS server-side session.
int coap_dtls_hello(coap_session_t *coap_session, const uint8_t *data, size_t data_len)
Handling client HELLO messages from a new candiate peer.
int coap_dtls_set_cid_tuple_change(coap_context_t *context, uint8_t every)
Set the Connection ID client tuple frequency change for testing CIDs.
int coap_dtls_is_context_timeout(void)
Check if timeout is handled per CoAP session or per CoAP context.
int coap_dtls_context_set_cpsk(coap_context_t *coap_context, coap_dtls_cpsk_t *setup_data)
Set the DTLS context's default client PSK information.
int coap_dtls_context_set_spsk(coap_context_t *coap_context, coap_dtls_spsk_t *setup_data)
Set the DTLS context's default server PSK information.
void coap_dtls_shutdown(void)
Close down the underlying (D)TLS Library layer.
const coap_bin_const_t * coap_get_session_client_psk_key(const coap_session_t *coap_session)
Get the current client's PSK key.
void * coap_tls_new_client_session(coap_session_t *coap_session)
Create a new TLS client-side session.
void coap_dtls_map_key_type_to_define(const coap_dtls_pki_t *setup_data, coap_dtls_key_t *key)
Map the PKI key definitions to the new DEFINE format.
const coap_bin_const_t * coap_get_session_server_psk_key(const coap_session_t *coap_session)
Get the current server's PSK key.
const coap_bin_const_t * coap_get_session_server_psk_hint(const coap_session_t *coap_session)
Get the current server's PSK identity hint.
@ COAP_DEFINE_KEY_PRIVATE
@ COAP_DEFINE_FAIL_NOT_SUPPORTED
coap_tls_version_t * coap_get_tls_library_version(void)
Determine the type and version of the underlying (D)TLS library.
#define COAP_DTLS_RPK_CERT_CN
@ COAP_PKI_KEY_DEF_PKCS11
The PKI key type is PKCS11 (pkcs11:...).
@ COAP_PKI_KEY_DEF_DER_BUF
The PKI key type is DER buffer (ASN.1).
@ COAP_PKI_KEY_DEF_PEM_BUF
The PKI key type is PEM buffer.
@ COAP_PKI_KEY_DEF_PEM
The PKI key type is PEM file.
@ COAP_PKI_KEY_DEF_ENGINE
The PKI key type is to be passed to ENGINE.
@ COAP_PKI_KEY_DEF_RPK_BUF
The PKI key type is RPK in buffer.
@ COAP_PKI_KEY_DEF_DER
The PKI key type is DER file.
@ COAP_PKI_KEY_DEF_PKCS11_RPK
The PKI key type is PKCS11 w/ RPK (pkcs11:...).
@ COAP_PKI_KEY_DEFINE
The individual PKI key types are Definable.
@ COAP_ASN1_PKEY_EC
EC type.
@ COAP_TLS_LIBRARY_TINYDTLS
Using TinyDTLS library.
@ COAP_EVENT_DTLS_CLOSED
Triggerred when (D)TLS session closed.
@ COAP_EVENT_DTLS_CONNECTED
Triggered when (D)TLS session connected.
@ COAP_EVENT_DTLS_RENEGOTIATE
Triggered when (D)TLS session renegotiated.
@ COAP_EVENT_DTLS_ERROR
Triggered when (D)TLS error occurs.
#define coap_lock_callback_ret(r, c, func)
Dummy for no thread-safe code.
#define coap_log_debug(...)
coap_log_t coap_dtls_get_log_level(void)
Get the current (D)TLS logging.
#define coap_dtls_log(level,...)
Logging function.
void coap_dtls_set_log_level(coap_log_t level)
Sets the (D)TLS logging level to the specified level.
const char * coap_session_str(const coap_session_t *session)
Get session description.
#define coap_log_info(...)
#define coap_log_warn(...)
int cose_get_hmac_alg_for_hkdf(cose_hkdf_alg_t hkdf_alg, cose_hmac_alg_t *hmac_alg)
@ COSE_HMAC_ALG_HMAC256_256
@ COSE_ALGORITHM_AES_CCM_16_64_128
int coap_session_refresh_psk_hint(coap_session_t *session, const coap_bin_const_t *psk_hint)
Refresh the session's current Identity Hint (PSK).
int coap_session_refresh_psk_key(coap_session_t *session, const coap_bin_const_t *psk_key)
Refresh the session's current pre-shared key (PSK).
void coap_session_connected(coap_session_t *session)
Notify session that it has just connected or reconnected.
int coap_session_refresh_psk_identity(coap_session_t *session, const coap_bin_const_t *psk_identity)
Refresh the session's current pre-shared identity (PSK).
void coap_session_disconnected_lkd(coap_session_t *session, coap_nack_reason_t reason)
Notify session that it has failed.
coap_session_t * coap_session_get_by_peer(const coap_context_t *ctx, const coap_address_t *remote_addr, int ifindex)
Get the session associated with the specified remote_addr and index.
@ COAP_SESSION_TYPE_CLIENT
client-side
coap_binary_t * coap_new_binary(size_t size)
Returns a new binary object with at least size bytes storage allocated.
void coap_delete_binary(coap_binary_t *s)
Deletes the given coap_binary_t object and releases any memory allocated.
int coap_dtls_cid_is_supported(void)
Check whether (D)TLS CID is available.
int coap_dtls_psk_is_supported(void)
Check whether (D)TLS PSK is available.
int coap_tls_is_supported(void)
Check whether TLS is available.
int coap_oscore_is_supported(void)
Check whether OSCORE is available.
int coap_dtls_is_supported(void)
Check whether DTLS is available.
int coap_dtls_pki_is_supported(void)
Check whether (D)TLS PKI is available.
int coap_dtls_rpk_is_supported(void)
Check whether (D)TLS RPK is available.
int coap_dtls_pkcs11_is_supported(void)
Check whether (D)TLS PKCS11 is available.
coap_address_t remote
remote address and port
Multi-purpose address abstraction.
socklen_t size
size of addr
union coap_address_t::@0 addr
CoAP binary data definition with const data.
size_t length
length of binary data
const uint8_t * s
read-only binary data
CoAP binary data definition.
size_t length
length of binary data
The CoAP stack's global state is stored in a coap_context_t object.
uint8_t testing_cids
Change client's source port every testing_cids.
coap_dtls_spsk_t spsk_setup_data
Contains the initial PSK server setup data.
The structure that holds the AES Crypto information.
size_t l
The number of bytes in the length field.
const uint8_t * nonce
must be exactly 15 - l bytes
coap_crypto_key_t key
The Key to use.
size_t tag_len
The size of the Tag.
The common structure that holds the Crypto information.
union coap_crypto_param_t::@2 params
coap_crypto_aes_ccm_t aes
Used if AES type encryption.
cose_alg_t alg
The COSE algorith to use.
The structure that holds the Client PSK information.
coap_bin_const_t identity
The structure used for defining the Client PSK setup data to be used.
uint8_t use_cid
Set to 1 if DTLS Connection ID is to be used.
void * ih_call_back_arg
Passed in to the Identity Hint callback function.
coap_dtls_ih_callback_t validate_ih_call_back
Identity Hint check callback function.
uint8_t ec_jpake
Set to COAP_DTLS_CPSK_SETUP_VERSION to support this version of the struct.
The structure that holds the PKI key information.
coap_pki_key_define_t define
for definable type keys
union coap_dtls_key_t::@3 key
coap_pki_key_t key_type
key format type
The structure used for defining the PKI setup data to be used.
uint8_t use_cid
1 if DTLS Connection ID is to be used (Client only, server always enabled) if supported
uint8_t is_rpk_not_cert
1 is RPK instead of Public Certificate.
The structure used for defining the Server PSK setup data to be used.
coap_dtls_psk_sni_callback_t validate_sni_call_back
SNI check callback function.
coap_dtls_id_callback_t validate_id_call_back
Identity check callback function.
void * id_call_back_arg
Passed in to the Identity callback function.
uint8_t ec_jpake
Set to COAP_DTLS_SPSK_SETUP_VERSION to support this version of the struct.
coap_layer_write_t l_write
coap_const_char_ptr_t public_cert
define: Public Cert
coap_asn1_privatekey_type_t private_key_type
define: ASN1 Private Key Type (if needed)
coap_const_char_ptr_t private_key
define: Private Key
coap_const_char_ptr_t ca
define: Common CA Certificate
size_t public_cert_len
define Public Cert length (if needed)
coap_pki_define_t private_key_def
define: Private Key type definition
size_t private_key_len
define Private Key length (if needed)
coap_pki_define_t ca_def
define: Common CA type definition
coap_pki_define_t public_cert_def
define: Public Cert type definition
Abstraction of virtual session that can be attached to coap_context_t (client) or coap_endpoint_t (se...
coap_socket_t sock
socket object for the session, if any
coap_addr_tuple_t addr_info
remote/local address info
coap_dtls_cpsk_t cpsk_setup_data
client provided PSK initial setup data
uint8_t negotiated_cid
Set for a client if CID negotiated.
void * tls
security parameters
coap_session_type_t type
client or server side socket
coap_context_t * context
session's context
int ifindex
interface index
coap_layer_func_t lfunc[COAP_LAYER_LAST]
Layer functions to use.
CoAP string data definition with const data.
const uint8_t * s
read-only string data
size_t length
length of string
The structure used for returning the underlying (D)TLS library information.
uint64_t built_version
(D)TLS Built against Library Version
coap_tls_library_t type
Library type.
uint64_t version
(D)TLS runtime Library Version
const uint8_t * u_byte
unsigned char ptr