DTLS/OpenSSL: Added support for PSK

This commit represents the first working DTLS interaction
with another stack: I can now interact with the Ikea Tradfri
Hub using LibNyoci.

The LibNyoci OpenSSL DTLS platform code is somewhat of a mess,
but luckily the mess is isolated to that file. I hope to clean
it up over the next few weeks, and perhaps add support for other
TLS stacks.

README.md

@@ -172,9 +172,16 @@ Here are a few examples of how you can use it:
 
 ### List of Public Test Servers ###
 
+These servers run a subset of the plugtest suite:
+
  * <coap://coap.me/>
  * <coap://vs0.inf.ethz.ch/>
 
+These are other publically-accessable example/test servers:
+
+ * <coap://leshan.eclipse.org>/<coaps://leshan.eclipse.org>
+ * <coap://californium.eclipse.org>/<coaps://californium.eclipse.org>
+
 ## Authors and Significant Contributors ##
 
  * [Robert Quattlebaum](https://github.com/darconeous)

configure.ac

@@ -260,6 +260,8 @@ then AX_CHECK_OPENSSL([
 
 	AC_DEFINE_UNQUOTED([HAVE_OPENSSL],[1],[Set if OpenSSL is present])
 
+	AC_CHECK_FUNC([HMAC_CTX_new],[AC_DEFINE_UNQUOTED([HAVE_OPENSSL_HMAC_CTX_NEW],[1],[Set if OpenSSL has HMAC_CTX_new()])])
+	AC_CHECK_FUNC([DTLSv1_2_method],[AC_DEFINE_UNQUOTED([HAVE_OPENSSL_DTLSV1_2_METHOD],[1],[Set if OpenSSL has DTLSv1_2_method()])])
 	AC_CHECK_FUNC([DTLSv1_method],[AC_DEFINE_UNQUOTED([HAVE_OPENSSL_DTLSV1_METHOD],[1],[Set if OpenSSL has DTLSv1_method()])])
 	AC_CHECK_FUNC([DTLS_method],[AC_DEFINE_UNQUOTED([HAVE_OPENSSL_DTLS_METHOD],[1],[Set if OpenSSL has DTLS_method()])])
 	AC_CHECK_FUNC([SSL_CONF_CTX_new],[AC_DEFINE_UNQUOTED([HAVE_OPENSSL_SSL_CONF_CTX_NEW],[1],[Set if OpenSSL has SSL_CONF_CTX_new()])])

etc/libnyoci.rb

@@ -9,6 +9,7 @@ class Libnyoci < Formula
 
 #  depends_on 'readline' => :recommended
 #  depends_on 'curl' => :recommended
+   depends_on 'openssl@1.1' => :recommended
 
   if build.head?
     depends_on 'autoconf' => :build
@@ -22,6 +23,7 @@ def install
     system "./configure",
       "--disable-debug",
       "--disable-dependency-tracking",
+      "--enable-tls",
       "--prefix=#{prefix}"
     system "make install"
   end

src/libnyoci/nyoci-defaults.h

@@ -313,7 +313,9 @@
 #define NYOCI_VARIABLE_MAX_KEY_LENGTH		(23)
 #endif
 
-#define NYOCI_DTLS							defined(NYOCI_PLAT_TLS)
+#if defined(NYOCI_PLAT_TLS)
+#define NYOCI_DTLS							1
+#endif
 
 /*****************************************************************************/
 // MARK: - Experimental Options

src/libnyoci/nyoci-plat-tls-func.h

@@ -40,8 +40,12 @@
 #define nyoci_plat_tls_set_context(self,...)		nyoci_plat_tls_set_context(__VA_ARGS__)
 #define nyoci_plat_tls_inbound_packet_process(self,...)		nyoci_plat_tls_inbound_packet_process(__VA_ARGS__)
 #define nyoci_plat_tls_outbound_packet_process(self,...)		nyoci_plat_tls_outbound_packet_process(__VA_ARGS__)
+#define nyoci_plat_tls_set_client_psk_callback(self,...)        nyoci_plat_tls_set_client_psk_callback(__VA_ARGS__)
+#define nyoci_plat_tls_set_server_psk_callback(self,...)        nyoci_plat_tls_set_server_psk_callback(__VA_ARGS__)
+#define nyoci_plat_tls_set_psk_hint(self,...)                   nyoci_plat_tls_set_psk_hint(__VA_ARGS__)
 #endif
 
+NYOCI_API_EXTERN nyoci_status_t nyoci_plat_tls_init(void);
 
 //! Sets the security context to be associated with this LibNyoci instance.
 /*!	The type of object that this pointer referrs to depends on
@@ -53,10 +57,10 @@
 **	security settings.
 */
 NYOCI_API_EXTERN nyoci_status_t nyoci_plat_tls_set_context(
-	nyoci_t self, void* context
+	nyoci_t self, nyoci_plat_tls_context_t context
 );
 
-NYOCI_API_EXTERN void* nyoci_plat_tls_get_context(nyoci_t self);
+NYOCI_API_EXTERN nyoci_plat_tls_context_t nyoci_plat_tls_get_context(nyoci_t self);
 
 //! Returns a pointer to the current security session object.
 /*!	The type of object that this pointer referrs to depends on
@@ -65,7 +69,7 @@ NYOCI_API_EXTERN void* nyoci_plat_tls_get_context(nyoci_t self);
 **
 **	This function can only be meaningfuly called from a callback.
 */
-NYOCI_API_EXTERN void* nyoci_plat_tls_get_current_session(void);
+NYOCI_API_EXTERN nyoci_plat_tls_session_t nyoci_plat_tls_get_current_session(void);
 
 //!	Sets the intended target hostname for the current security session.
 /*!	If the remote host fails to validate against this hostname,
@@ -75,6 +79,27 @@ NYOCI_API_EXTERN void* nyoci_plat_tls_get_current_session(void);
 */
 NYOCI_API_EXTERN nyoci_status_t nyoci_plat_tls_set_remote_hostname(const char* hostname);
 
+typedef unsigned int (*nyoci_plat_tls_client_psk_callback_func)(
+	void* context,
+	const char *hint,
+	char *identity, unsigned int max_identity_len,
+	unsigned char *psk, unsigned int max_psk_len
+);
+
+typedef unsigned int (*nyoci_plat_tls_server_psk_callback_func)(
+	void* context,
+	const char *identity,
+	unsigned char *psk, unsigned int max_psk_len
+);
+
+NYOCI_API_EXTERN nyoci_status_t nyoci_plat_tls_set_client_psk_callback(nyoci_t self, nyoci_plat_tls_client_psk_callback_func cb, void* context);
+
+NYOCI_API_EXTERN nyoci_status_t nyoci_plat_tls_set_server_psk_callback(nyoci_t self, nyoci_plat_tls_server_psk_callback_func cb, void* context);
+
+NYOCI_API_EXTERN const char* nyoci_plat_tls_get_psk_identity(void);
+
+NYOCI_API_EXTERN nyoci_status_t nyoci_plat_tls_set_psk_hint(nyoci_t self, const char* hint);
+
 //! Called by the platform to dispatch inbound DTLS packets.
 NYOCI_API_EXTERN nyoci_status_t nyoci_plat_tls_inbound_packet_process(
 	nyoci_t self,

src/libnyoci/url-helpers.c

@@ -47,17 +47,19 @@
 #include <malloc.h>
 #endif
 
+#ifndef __SDCC
 #ifndef HAVE_C99_VLA
-#define HAVE_C99_VLA	!defined(__SDCC)
+#define HAVE_C99_VLA	1
 #endif
 
 #ifndef HAVE_STRSEP
-#define HAVE_STRSEP	!defined(__SDCC)
+#define HAVE_STRSEP     1
 #endif
 
 #ifndef HAVE_STRDUP
-#define HAVE_STRDUP	!defined(__SDCC)
+#define HAVE_STRDUP     1
 #endif
+#endif // ifndef __SDCC
 
 #if !defined(strsep) && !HAVE_STRSEP
 /* ---------------------------------------------------------------- */

src/missing/fgetln.h

@@ -41,8 +41,8 @@
 
 #include <stdio.h>
 
-#if !defined(HAVE_FGETLN)
-#define HAVE_FGETLN	defined(__DARWIN_C_LEVEL) && (__DARWIN_C_LEVEL>=__DARWIN_C_FULL)
+#if !defined(HAVE_FGETLN) && defined(__DARWIN_C_LEVEL) && (__DARWIN_C_LEVEL>=__DARWIN_C_FULL)
+#define HAVE_FGETLN	1
 #endif
 
 #if !defined(fgetln) && !HAVE_FGETLN

src/nyocictl/cmd_get.c

@@ -198,13 +198,18 @@ resend_get_request(void* context) {
 
 	status = nyoci_outbound_send();
 
-	if(status) {
-		check_noerr(status);
-		fprintf(stderr,
-			"nyoci_outbound_send() returned error %d(%s).\n",
-			status,
-			nyoci_status_to_cstr(status));
-		goto bail;
+	switch (status) {
+		case NYOCI_STATUS_OK:
+		case NYOCI_STATUS_WAIT_FOR_SESSION:
+		case NYOCI_STATUS_WAIT_FOR_DNS:
+			break;
+		default:
+			check_noerr(status);
+			fprintf(stderr,
+				"nyoci_outbound_send() returned error %d(%s).\n",
+				status,
+				nyoci_status_to_cstr(status));
+			break;
 	}
 
 bail:

src/nyocictl/cmd_list.c

@@ -368,13 +368,18 @@ resend_list_request(void* context) {
 
 	status = nyoci_outbound_send();
 
-	if(status) {
-		check_noerr(status);
-		fprintf(stderr,
-			"nyoci_outbound_send() returned error %d(%s).\n",
-			status,
-			nyoci_status_to_cstr(status));
-		goto bail;
+	switch (status) {
+		case NYOCI_STATUS_OK:
+		case NYOCI_STATUS_WAIT_FOR_SESSION:
+		case NYOCI_STATUS_WAIT_FOR_DNS:
+			break;
+		default:
+			check_noerr(status);
+			fprintf(stderr,
+				"nyoci_outbound_send() returned error %d(%s).\n",
+				status,
+				nyoci_status_to_cstr(status));
+			break;
 	}
 
 bail:

src/nyocictl/cmd_post.c

@@ -144,13 +144,18 @@ resend_post_request(struct post_request_s *request) {
 	status = nyoci_outbound_send();
 	require_noerr(status, bail);
 
-	if(status) {
-		check(!status);
-		fprintf(stderr,
-			"nyoci_outbound_send() returned error %d(%s).\n",
-			status,
-			nyoci_status_to_cstr(status));
-		goto bail;
+	switch (status) {
+		case NYOCI_STATUS_OK:
+		case NYOCI_STATUS_WAIT_FOR_SESSION:
+		case NYOCI_STATUS_WAIT_FOR_DNS:
+			break;
+		default:
+			check_noerr(status);
+			fprintf(stderr,
+				"nyoci_outbound_send() returned error %d(%s).\n",
+				status,
+				nyoci_status_to_cstr(status));
+			break;
 	}
 
 bail: