Permalink
Browse files

DTLS/OpenSSL: Added support for PSK

This commit represents the first working DTLS interaction
with another stack: I can now interact with the Ikea Tradfri
Hub using LibNyoci.

The LibNyoci OpenSSL DTLS platform code is somewhat of a mess,
but luckily the mess is isolated to that file. I hope to clean
it up over the next few weeks, and perhaps add support for other
TLS stacks.
  • Loading branch information...
darconeous committed Jun 7, 2018
1 parent 7f9a875 commit ffe89f07aee9d2d0ec03c060273b71428e8e3aac
View
@@ -172,9 +172,16 @@ Here are a few examples of how you can use it:
### List of Public Test Servers ###
These servers run a subset of the plugtest suite:
* <coap://coap.me/>
* <coap://vs0.inf.ethz.ch/>
These are other publically-accessable example/test servers:
* <coap://leshan.eclipse.org>/<coaps://leshan.eclipse.org>
* <coap://californium.eclipse.org>/<coaps://californium.eclipse.org>
## Authors and Significant Contributors ##
* [Robert Quattlebaum](https://github.com/darconeous)
View
@@ -260,6 +260,8 @@ then AX_CHECK_OPENSSL([
AC_DEFINE_UNQUOTED([HAVE_OPENSSL],[1],[Set if OpenSSL is present])
AC_CHECK_FUNC([HMAC_CTX_new],[AC_DEFINE_UNQUOTED([HAVE_OPENSSL_HMAC_CTX_NEW],[1],[Set if OpenSSL has HMAC_CTX_new()])])
AC_CHECK_FUNC([DTLSv1_2_method],[AC_DEFINE_UNQUOTED([HAVE_OPENSSL_DTLSV1_2_METHOD],[1],[Set if OpenSSL has DTLSv1_2_method()])])
AC_CHECK_FUNC([DTLSv1_method],[AC_DEFINE_UNQUOTED([HAVE_OPENSSL_DTLSV1_METHOD],[1],[Set if OpenSSL has DTLSv1_method()])])
AC_CHECK_FUNC([DTLS_method],[AC_DEFINE_UNQUOTED([HAVE_OPENSSL_DTLS_METHOD],[1],[Set if OpenSSL has DTLS_method()])])
AC_CHECK_FUNC([SSL_CONF_CTX_new],[AC_DEFINE_UNQUOTED([HAVE_OPENSSL_SSL_CONF_CTX_NEW],[1],[Set if OpenSSL has SSL_CONF_CTX_new()])])
View
@@ -9,6 +9,7 @@ class Libnyoci < Formula
# depends_on 'readline' => :recommended
# depends_on 'curl' => :recommended
depends_on 'openssl@1.1' => :recommended
if build.head?
depends_on 'autoconf' => :build
@@ -22,6 +23,7 @@ def install
system "./configure",
"--disable-debug",
"--disable-dependency-tracking",
"--enable-tls",
"--prefix=#{prefix}"
system "make install"
end
@@ -313,7 +313,9 @@
#define NYOCI_VARIABLE_MAX_KEY_LENGTH (23)
#endif
#define NYOCI_DTLS defined(NYOCI_PLAT_TLS)
#if defined(NYOCI_PLAT_TLS)
#define NYOCI_DTLS 1
#endif
/*****************************************************************************/
// MARK: - Experimental Options
@@ -40,8 +40,12 @@
#define nyoci_plat_tls_set_context(self,...) nyoci_plat_tls_set_context(__VA_ARGS__)
#define nyoci_plat_tls_inbound_packet_process(self,...) nyoci_plat_tls_inbound_packet_process(__VA_ARGS__)
#define nyoci_plat_tls_outbound_packet_process(self,...) nyoci_plat_tls_outbound_packet_process(__VA_ARGS__)
#define nyoci_plat_tls_set_client_psk_callback(self,...) nyoci_plat_tls_set_client_psk_callback(__VA_ARGS__)
#define nyoci_plat_tls_set_server_psk_callback(self,...) nyoci_plat_tls_set_server_psk_callback(__VA_ARGS__)
#define nyoci_plat_tls_set_psk_hint(self,...) nyoci_plat_tls_set_psk_hint(__VA_ARGS__)
#endif
NYOCI_API_EXTERN nyoci_status_t nyoci_plat_tls_init(void);
//! Sets the security context to be associated with this LibNyoci instance.
/*! The type of object that this pointer referrs to depends on
@@ -53,10 +57,10 @@
** security settings.
*/
NYOCI_API_EXTERN nyoci_status_t nyoci_plat_tls_set_context(
nyoci_t self, void* context
nyoci_t self, nyoci_plat_tls_context_t context
);
NYOCI_API_EXTERN void* nyoci_plat_tls_get_context(nyoci_t self);
NYOCI_API_EXTERN nyoci_plat_tls_context_t nyoci_plat_tls_get_context(nyoci_t self);
//! Returns a pointer to the current security session object.
/*! The type of object that this pointer referrs to depends on
@@ -65,7 +69,7 @@ NYOCI_API_EXTERN void* nyoci_plat_tls_get_context(nyoci_t self);
**
** This function can only be meaningfuly called from a callback.
*/
NYOCI_API_EXTERN void* nyoci_plat_tls_get_current_session(void);
NYOCI_API_EXTERN nyoci_plat_tls_session_t nyoci_plat_tls_get_current_session(void);
//! Sets the intended target hostname for the current security session.
/*! If the remote host fails to validate against this hostname,
@@ -75,6 +79,27 @@ NYOCI_API_EXTERN void* nyoci_plat_tls_get_current_session(void);
*/
NYOCI_API_EXTERN nyoci_status_t nyoci_plat_tls_set_remote_hostname(const char* hostname);
typedef unsigned int (*nyoci_plat_tls_client_psk_callback_func)(
void* context,
const char *hint,
char *identity, unsigned int max_identity_len,
unsigned char *psk, unsigned int max_psk_len
);
typedef unsigned int (*nyoci_plat_tls_server_psk_callback_func)(
void* context,
const char *identity,
unsigned char *psk, unsigned int max_psk_len
);
NYOCI_API_EXTERN nyoci_status_t nyoci_plat_tls_set_client_psk_callback(nyoci_t self, nyoci_plat_tls_client_psk_callback_func cb, void* context);
NYOCI_API_EXTERN nyoci_status_t nyoci_plat_tls_set_server_psk_callback(nyoci_t self, nyoci_plat_tls_server_psk_callback_func cb, void* context);
NYOCI_API_EXTERN const char* nyoci_plat_tls_get_psk_identity(void);
NYOCI_API_EXTERN nyoci_status_t nyoci_plat_tls_set_psk_hint(nyoci_t self, const char* hint);
//! Called by the platform to dispatch inbound DTLS packets.
NYOCI_API_EXTERN nyoci_status_t nyoci_plat_tls_inbound_packet_process(
nyoci_t self,
@@ -47,17 +47,19 @@
#include <malloc.h>
#endif
#ifndef __SDCC
#ifndef HAVE_C99_VLA
#define HAVE_C99_VLA !defined(__SDCC)
#define HAVE_C99_VLA 1
#endif
#ifndef HAVE_STRSEP
#define HAVE_STRSEP !defined(__SDCC)
#define HAVE_STRSEP 1
#endif
#ifndef HAVE_STRDUP
#define HAVE_STRDUP !defined(__SDCC)
#define HAVE_STRDUP 1
#endif
#endif // ifndef __SDCC
#if !defined(strsep) && !HAVE_STRSEP
/* ---------------------------------------------------------------- */
View
@@ -41,8 +41,8 @@
#include <stdio.h>
#if !defined(HAVE_FGETLN)
#define HAVE_FGETLN defined(__DARWIN_C_LEVEL) && (__DARWIN_C_LEVEL>=__DARWIN_C_FULL)
#if !defined(HAVE_FGETLN) && defined(__DARWIN_C_LEVEL) && (__DARWIN_C_LEVEL>=__DARWIN_C_FULL)
#define HAVE_FGETLN 1
#endif
#if !defined(fgetln) && !HAVE_FGETLN
View
@@ -198,13 +198,18 @@ resend_get_request(void* context) {
status = nyoci_outbound_send();
if(status) {
check_noerr(status);
fprintf(stderr,
"nyoci_outbound_send() returned error %d(%s).\n",
status,
nyoci_status_to_cstr(status));
goto bail;
switch (status) {
case NYOCI_STATUS_OK:
case NYOCI_STATUS_WAIT_FOR_SESSION:
case NYOCI_STATUS_WAIT_FOR_DNS:
break;
default:
check_noerr(status);
fprintf(stderr,
"nyoci_outbound_send() returned error %d(%s).\n",
status,
nyoci_status_to_cstr(status));
break;
}
bail:
View
@@ -368,13 +368,18 @@ resend_list_request(void* context) {
status = nyoci_outbound_send();
if(status) {
check_noerr(status);
fprintf(stderr,
"nyoci_outbound_send() returned error %d(%s).\n",
status,
nyoci_status_to_cstr(status));
goto bail;
switch (status) {
case NYOCI_STATUS_OK:
case NYOCI_STATUS_WAIT_FOR_SESSION:
case NYOCI_STATUS_WAIT_FOR_DNS:
break;
default:
check_noerr(status);
fprintf(stderr,
"nyoci_outbound_send() returned error %d(%s).\n",
status,
nyoci_status_to_cstr(status));
break;
}
bail:
View
@@ -144,13 +144,18 @@ resend_post_request(struct post_request_s *request) {
status = nyoci_outbound_send();
require_noerr(status, bail);
if(status) {
check(!status);
fprintf(stderr,
"nyoci_outbound_send() returned error %d(%s).\n",
status,
nyoci_status_to_cstr(status));
goto bail;
switch (status) {
case NYOCI_STATUS_OK:
case NYOCI_STATUS_WAIT_FOR_SESSION:
case NYOCI_STATUS_WAIT_FOR_DNS:
break;
default:
check_noerr(status);
fprintf(stderr,
"nyoci_outbound_send() returned error %d(%s).\n",
status,
nyoci_status_to_cstr(status));
break;
}
bail:
Oops, something went wrong.

0 comments on commit ffe89f0

Please sign in to comment.