MbedTLS config file fixing,

small refactoring.

source/coap_connection_handler.c

@@ -49,7 +49,7 @@ typedef struct secure_timer_s {
 } secure_timer_t;
 
 typedef struct secure_session {
-    thread_security_t *sec_handler; //owned
+    coap_security_t *sec_handler; //owned
     internal_socket_t *parent; //not owned
 
     secure_timer_t timer;
@@ -652,12 +652,17 @@ int coap_connection_handler_send_data(thread_conn_handler_t *handler, ns_address
             handler->socket->dest_addr.identifier = dest_addr->identifier;
             handler->socket->dest_addr.type = dest_addr->type;
             uint8_t *pw = (uint8_t *)ns_dyn_mem_alloc(64);
+            if(!pw){
+                //todo: free secure session?
+                return -1;
+            }
             uint8_t pw_len;
             if( handler->_get_password_cb && 0 == handler->_get_password_cb(handler->socket->listen_socket, dest_addr->address, dest_addr->identifier, pw, &pw_len)){
                 coap_security_handler_connect(session->sec_handler, false, pw, pw_len);
                 ns_dyn_mem_free(pw);
                 return -2;
             }else{
+                //free secure session?
                 ns_dyn_mem_free(pw);
                 return -1;
             }

source/coap_security_handler.c

@@ -33,7 +33,7 @@ int entropy_poll( void *data, unsigned char *output, size_t len, size_t *olen );
 int f_send( void *ctx, const unsigned char *buf, size_t len );
 int f_recv(void *ctx, unsigned char *buf, size_t len);
 
-static int coap_security_handler_init(thread_security_t *sec){
+static int coap_security_handler_init(coap_security_t *sec){
     const char *pers = "dtls_client";
     mbedtls_ssl_init( &sec->_ssl );
     mbedtls_ssl_config_init( &sec->_conf );
@@ -61,7 +61,7 @@ static int coap_security_handler_init(thread_security_t *sec){
     return 0;
 }
 
-static void coap_security_handler_reset(thread_security_t *sec){
+static void coap_security_handler_reset(coap_security_t *sec){
     mbedtls_entropy_free( &sec->_entropy );
     mbedtls_ctr_drbg_free( &sec->_ctr_drbg );
     mbedtls_ssl_config_free(&sec->_conf);
@@ -69,7 +69,7 @@ static void coap_security_handler_reset(thread_security_t *sec){
 }
 
 
-thread_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8_t *address_ptr, uint16_t port,
+coap_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8_t *address_ptr, uint16_t port,
                                           send_cb *send_cb,
                                           receive_cb *receive_cb,
                                           start_timer_cb *start_timer_cb,
@@ -78,7 +78,7 @@ thread_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uin
     if( !address_ptr || send_cb == NULL || receive_cb == NULL || start_timer_cb == NULL || timer_status_cb == NULL){
         return NULL;
     }
-    thread_security_t *this = ns_dyn_mem_alloc(sizeof(thread_security_t));
+    coap_security_t *this = ns_dyn_mem_alloc(sizeof(coap_security_t));
     if( !this ){
         return NULL;
     }
@@ -88,6 +88,8 @@ thread_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uin
     }
     this->_remote_port = port;
     memcpy(this->_remote_address, address_ptr, 16);
+    memset(this->_pw, 0, 64);
+    this->_pw_len = 0;
     this->_socket_id = socket_id;
     this->_timer_id = timer_id;
     this->_send_cb = send_cb;
@@ -98,7 +100,7 @@ thread_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uin
     return this;
 }
 
-void thread_security_destroy(thread_security_t *sec){
+void thread_security_destroy(coap_security_t *sec){
     if( sec ){
         coap_security_handler_reset(sec);
         ns_dyn_mem_free(sec);
@@ -210,7 +212,7 @@ static int export_key_block(void *ctx,
  */
 static void set_timer(void *sec_obj, uint32_t int_ms, uint32_t fin_ms)
 {
-    thread_security_t *sec = (thread_security_t *)sec_obj;
+    coap_security_t *sec = (coap_security_t *)sec_obj;
     if( sec->_start_timer_cb ){
         sec->_start_timer_cb( sec->_timer_id, int_ms, fin_ms);
     }
@@ -225,14 +227,14 @@ static void set_timer(void *sec_obj, uint32_t int_ms, uint32_t fin_ms)
  */
 static int get_timer(void *sec_obj)
 {
-    thread_security_t *sec = (thread_security_t *)sec_obj;
+    coap_security_t *sec = (coap_security_t *)sec_obj;
     if( sec->_timer_status_cb ){
         return sec->_timer_status_cb(sec->_timer_id);
     }
     return -1;
 }
 
-int coap_security_handler_connect(thread_security_t *sec, bool is_server, const unsigned char *pw, uint8_t len){
+int coap_security_handler_connect(coap_security_t *sec, bool is_server, const unsigned char *pw, uint8_t len){
 
     if( !sec ){
         return -1;
@@ -303,7 +305,7 @@ int coap_security_handler_connect(thread_security_t *sec, bool is_server, const
     return ret;
 }
 
-int coap_security_handler_continue_connecting(thread_security_t *sec){
+int coap_security_handler_continue_connecting(coap_security_t *sec){
     int ret=-1;
     while( ret != MBEDTLS_ERR_SSL_WANT_READ ){
         ret = mbedtls_ssl_handshake_step( &sec->_ssl );
@@ -333,7 +335,7 @@ int coap_security_handler_continue_connecting(thread_security_t *sec){
 }
 
 
-int coap_security_handler_send_message(thread_security_t *sec, unsigned char *message, size_t len){
+int coap_security_handler_send_message(coap_security_t *sec, unsigned char *message, size_t len){
     int ret=-1;
 
     if( sec ){
@@ -345,7 +347,7 @@ int coap_security_handler_send_message(thread_security_t *sec, unsigned char *me
     return ret; //bytes written
 }
 
-int thread_security_send_close_alert(thread_security_t *sec)
+int thread_security_send_close_alert(coap_security_t *sec)
 {
     if( !sec ){
         return -1;
@@ -356,7 +358,7 @@ int thread_security_send_close_alert(thread_security_t *sec)
     coap_security_handler_init(sec);
 }
 
-int coap_security_handler_read(thread_security_t *sec, unsigned char* buffer, size_t len){
+int coap_security_handler_read(coap_security_t *sec, unsigned char* buffer, size_t len){
     int ret=-1;
 
     if( sec && buffer ){
@@ -370,12 +372,12 @@ int coap_security_handler_read(thread_security_t *sec, unsigned char* buffer, si
 }
 
 int f_send( void *ctx, const unsigned char *buf, size_t len){
-    thread_security_t *sec = (thread_security_t *)ctx;
+    coap_security_t *sec = (coap_security_t *)ctx;
     return sec->_send_cb(sec->_socket_id, sec->_remote_address, sec->_remote_port, buf, len);
 }
 
 int f_recv(void *ctx, unsigned char *buf, size_t len){
-    thread_security_t *sec = (thread_security_t *)ctx;
+    coap_security_t *sec = (coap_security_t *)ctx;
     return sec->_receive_cb(sec->_socket_id, buf, len);
 }
 

source/include/coap_security_handler.h

@@ -29,9 +29,9 @@ typedef void start_timer_cb(int8_t timer_id, uint32_t min, uint32_t fin);
 typedef int timer_status_cb(int8_t timer_id);
 
 typedef struct thread_security_s {
-
     mbedtls_ssl_config          _conf;
     mbedtls_ssl_context         _ssl;
+
     mbedtls_ctr_drbg_context    _ctr_drbg;
     mbedtls_entropy_context     _entropy;
     bool                        _is_started;
@@ -50,24 +50,25 @@ typedef struct thread_security_s {
     receive_cb                  *_receive_cb;
     start_timer_cb              *_start_timer_cb;
     timer_status_cb             *_timer_status_cb;
-} thread_security_t;
 
-thread_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8_t *address_ptr, uint16_t port,
+} coap_security_t;
+
+coap_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8_t *address_ptr, uint16_t port,
                                           send_cb *send_cb,
                                           receive_cb *receive_cb,
                                           start_timer_cb *start_timer_cb,
                                           timer_status_cb *timer_status_cb);
 
-void thread_security_destroy(thread_security_t *sec);
+void thread_security_destroy(coap_security_t *sec);
 
-int coap_security_handler_connect(thread_security_t *sec, bool is_server, const unsigned char *pw, uint8_t len);
+int coap_security_handler_connect(coap_security_t *sec, bool is_server, const unsigned char *pw, uint8_t len);
 
-int coap_security_handler_continue_connecting(thread_security_t *sec);
+int coap_security_handler_continue_connecting(coap_security_t *sec);
 
-int coap_security_handler_send_message(thread_security_t *sec, unsigned char *message, size_t len);
+int coap_security_handler_send_message(coap_security_t *sec, unsigned char *message, size_t len);
 
-int thread_security_send_close_alert(thread_security_t *sec);
+int thread_security_send_close_alert(coap_security_t *sec);
 
-int coap_security_handler_read(thread_security_t *sec, unsigned char* buffer, size_t len);
+int coap_security_handler_read(coap_security_t *sec, unsigned char* buffer, size_t len);
 
 #endif

source/include/config-thread.h

@@ -1,94 +0,0 @@
-/*
- *  Minimal configuration for using TLS as part of Thread
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- * Minimal configuration for using TLS a part of Thread
- * http://threadgroup.org/
- *
- * Distinguishing features:
- * - no RSA or classic DH, fully based on ECC
- * - no X.509
- * - support for experimental EC J-PAKE key exchange
- *
- * See README.txt for usage instructions.
- */
-
-#ifndef MBEDTLS_CONFIG_H
-#define MBEDTLS_CONFIG_H
-
-/* System support */
-#define MBEDTLS_HAVE_ASM
-
-/* mbed TLS feature support */
-#define MBEDTLS_AES_ROM_TABLES
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_NIST_OPTIM
-#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
-#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-#define MBEDTLS_SSL_PROTO_TLS1_2
-#define MBEDTLS_SSL_PROTO_DTLS
-#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
-#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
-#define MBEDTLS_SSL_EXPORT_KEYS
-
-/* mbed TLS modules */
-#define MBEDTLS_AES_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_CCM_C
-#define MBEDTLS_CIPHER_C
-#define MBEDTLS_CTR_DRBG_C
-#define MBEDTLS_ECJPAKE_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_ENTROPY_C
-#define MBEDTLS_HMAC_DRBG_C
-#define MBEDTLS_MD_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PK_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_SHA256_C
-#define MBEDTLS_SSL_COOKIE_C
-#define MBEDTLS_SSL_CLI_C
-#define MBEDTLS_SSL_SRV_C
-#define MBEDTLS_SSL_TLS_C
-
-/* For tests using ssl-opt.sh */
-//#define MBEDTLS_NET_C
-//#define MBEDTLS_TIMING_C
-
-/* Save RAM at the expense of ROM */
-#define MBEDTLS_AES_ROM_TABLES
-
-/* Save RAM by adjusting to our exact needs */
-#define MBEDTLS_ECP_MAX_BITS             256
-#define MBEDTLS_MPI_MAX_SIZE              32 // 256 bits is 32 bytes
-
-/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
-#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
-
-#if defined(TARGET_LIKE_MBED)
-#include "mbedtls/target_config.h"
-#endif
-
-#include "mbedtls/check_config.h"
-
-#endif /* MBEDTLS_CONFIG_H */

source/override_flags.cmake

@@ -1 +0,0 @@
-set_target_properties(coap-service PROPERTIES COMPILE_FLAGS "-DMBEDTLS_CONFIG_FILE='<config-thread.h>'")