ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

MbedTLS config file fixing, 

small refactoring.
pull/3240/head
Tero Heinonen 2016-01-11 13:24:21 +02:00
parent 518fb25bb7
commit 6c6e672630
5 changed files with 32 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
source/coap_connection_handler.c
View File

@ -49,7 +49,7 @@ typedef struct secure_timer_s {
} secure_timer_t; } secure_timer_t;
typedef struct secure_session { typedef struct secure_session {
thread_security_t *sec_handler; //owned coap_security_t *sec_handler; //owned
internal_socket_t *parent; //not owned internal_socket_t *parent; //not owned
secure_timer_t timer; secure_timer_t timer;
@ -652,12 +652,17 @@ int coap_connection_handler_send_data(thread_conn_handler_t *handler, ns_address
handler->socket->dest_addr.identifier = dest_addr->identifier; handler->socket->dest_addr.identifier = dest_addr->identifier;
handler->socket->dest_addr.type = dest_addr->type; handler->socket->dest_addr.type = dest_addr->type;
uint8_t *pw = (uint8_t *)ns_dyn_mem_alloc(64); uint8_t *pw = (uint8_t *)ns_dyn_mem_alloc(64);
if(!pw){
//todo: free secure session?
return -1;
}
uint8_t pw_len; uint8_t pw_len;
if( handler->_get_password_cb && 0 == handler->_get_password_cb(handler->socket->listen_socket, dest_addr->address, dest_addr->identifier, pw, &pw_len)){ if( handler->_get_password_cb && 0 == handler->_get_password_cb(handler->socket->listen_socket, dest_addr->address, dest_addr->identifier, pw, &pw_len)){
coap_security_handler_connect(session->sec_handler, false, pw, pw_len); coap_security_handler_connect(session->sec_handler, false, pw, pw_len);
ns_dyn_mem_free(pw); ns_dyn_mem_free(pw);
return -2; return -2;
}else{ }else{
//free secure session?
ns_dyn_mem_free(pw); ns_dyn_mem_free(pw);
return -1; return -1;
} }

30
source/coap_security_handler.c
View File

@ -33,7 +33,7 @@ int entropy_poll( void *data, unsigned char *output, size_t len, size_t *olen );
int f_send( void *ctx, const unsigned char *buf, size_t len ); int f_send( void *ctx, const unsigned char *buf, size_t len );
int f_recv(void *ctx, unsigned char *buf, size_t len); int f_recv(void *ctx, unsigned char *buf, size_t len);
static int coap_security_handler_init(thread_security_t *sec){ static int coap_security_handler_init(coap_security_t *sec){
const char *pers = "dtls_client"; const char *pers = "dtls_client";
mbedtls_ssl_init( &sec->_ssl ); mbedtls_ssl_init( &sec->_ssl );
mbedtls_ssl_config_init( &sec->_conf ); mbedtls_ssl_config_init( &sec->_conf );
@ -61,7 +61,7 @@ static int coap_security_handler_init(thread_security_t *sec){
return 0; return 0;
} }
static void coap_security_handler_reset(thread_security_t *sec){ static void coap_security_handler_reset(coap_security_t *sec){
mbedtls_entropy_free( &sec->_entropy ); mbedtls_entropy_free( &sec->_entropy );
mbedtls_ctr_drbg_free( &sec->_ctr_drbg ); mbedtls_ctr_drbg_free( &sec->_ctr_drbg );
mbedtls_ssl_config_free(&sec->_conf); mbedtls_ssl_config_free(&sec->_conf);
@ -69,7 +69,7 @@ static void coap_security_handler_reset(thread_security_t *sec){
} }
thread_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8_t *address_ptr, uint16_t port, coap_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8_t *address_ptr, uint16_t port,
send_cb *send_cb, send_cb *send_cb,
receive_cb *receive_cb, receive_cb *receive_cb,
start_timer_cb *start_timer_cb, start_timer_cb *start_timer_cb,
@ -78,7 +78,7 @@ thread_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uin
if( !address_ptr || send_cb == NULL || receive_cb == NULL || start_timer_cb == NULL || timer_status_cb == NULL){ if( !address_ptr || send_cb == NULL || receive_cb == NULL || start_timer_cb == NULL || timer_status_cb == NULL){
return NULL; return NULL;
} }
thread_security_t *this = ns_dyn_mem_alloc(sizeof(thread_security_t)); coap_security_t *this = ns_dyn_mem_alloc(sizeof(coap_security_t));
if( !this ){ if( !this ){
return NULL; return NULL;
} }
@ -88,6 +88,8 @@ thread_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uin
} }
this->_remote_port = port; this->_remote_port = port;
memcpy(this->_remote_address, address_ptr, 16); memcpy(this->_remote_address, address_ptr, 16);
memset(this->_pw, 0, 64);
this->_pw_len = 0;
this->_socket_id = socket_id; this->_socket_id = socket_id;
this->_timer_id = timer_id; this->_timer_id = timer_id;
this->_send_cb = send_cb; this->_send_cb = send_cb;
@ -98,7 +100,7 @@ thread_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uin
return this; return this;
} }
void thread_security_destroy(thread_security_t *sec){ void thread_security_destroy(coap_security_t *sec){
if( sec ){ if( sec ){
coap_security_handler_reset(sec); coap_security_handler_reset(sec);
ns_dyn_mem_free(sec); ns_dyn_mem_free(sec);
@ -210,7 +212,7 @@ static int export_key_block(void *ctx,
*/ */
static void set_timer(void *sec_obj, uint32_t int_ms, uint32_t fin_ms) static void set_timer(void *sec_obj, uint32_t int_ms, uint32_t fin_ms)
{ {
thread_security_t *sec = (thread_security_t *)sec_obj; coap_security_t *sec = (coap_security_t *)sec_obj;
if( sec->_start_timer_cb ){ if( sec->_start_timer_cb ){
sec->_start_timer_cb( sec->_timer_id, int_ms, fin_ms); sec->_start_timer_cb( sec->_timer_id, int_ms, fin_ms);
} }
@ -225,14 +227,14 @@ static void set_timer(void *sec_obj, uint32_t int_ms, uint32_t fin_ms)
*/ */
static int get_timer(void *sec_obj) static int get_timer(void *sec_obj)
{ {
thread_security_t *sec = (thread_security_t *)sec_obj; coap_security_t *sec = (coap_security_t *)sec_obj;
if( sec->_timer_status_cb ){ if( sec->_timer_status_cb ){
return sec->_timer_status_cb(sec->_timer_id); return sec->_timer_status_cb(sec->_timer_id);
} }
return -1; return -1;
} }
int coap_security_handler_connect(thread_security_t *sec, bool is_server, const unsigned char *pw, uint8_t len){ int coap_security_handler_connect(coap_security_t *sec, bool is_server, const unsigned char *pw, uint8_t len){
if( !sec ){ if( !sec ){
return -1; return -1;
@ -303,7 +305,7 @@ int coap_security_handler_connect(thread_security_t *sec, bool is_server, const
return ret; return ret;
} }
int coap_security_handler_continue_connecting(thread_security_t *sec){ int coap_security_handler_continue_connecting(coap_security_t *sec){
int ret=-1; int ret=-1;
while( ret != MBEDTLS_ERR_SSL_WANT_READ ){ while( ret != MBEDTLS_ERR_SSL_WANT_READ ){
ret = mbedtls_ssl_handshake_step( &sec->_ssl ); ret = mbedtls_ssl_handshake_step( &sec->_ssl );
@ -333,7 +335,7 @@ int coap_security_handler_continue_connecting(thread_security_t *sec){
} }
int coap_security_handler_send_message(thread_security_t *sec, unsigned char *message, size_t len){ int coap_security_handler_send_message(coap_security_t *sec, unsigned char *message, size_t len){
int ret=-1; int ret=-1;
if( sec ){ if( sec ){
@ -345,7 +347,7 @@ int coap_security_handler_send_message(thread_security_t *sec, unsigned char *me
return ret; //bytes written return ret; //bytes written
} }
int thread_security_send_close_alert(thread_security_t *sec) int thread_security_send_close_alert(coap_security_t *sec)
{ {
if( !sec ){ if( !sec ){
return -1; return -1;
@ -356,7 +358,7 @@ int thread_security_send_close_alert(thread_security_t *sec)
coap_security_handler_init(sec); coap_security_handler_init(sec);
} }
int coap_security_handler_read(thread_security_t *sec, unsigned char* buffer, size_t len){ int coap_security_handler_read(coap_security_t *sec, unsigned char* buffer, size_t len){
int ret=-1; int ret=-1;
if( sec && buffer ){ if( sec && buffer ){
@ -370,12 +372,12 @@ int coap_security_handler_read(thread_security_t *sec, unsigned char* buffer, si
} }
int f_send( void *ctx, const unsigned char *buf, size_t len){ int f_send( void *ctx, const unsigned char *buf, size_t len){
thread_security_t *sec = (thread_security_t *)ctx; coap_security_t *sec = (coap_security_t *)ctx;
return sec->_send_cb(sec->_socket_id, sec->_remote_address, sec->_remote_port, buf, len); return sec->_send_cb(sec->_socket_id, sec->_remote_address, sec->_remote_port, buf, len);
} }
int f_recv(void *ctx, unsigned char *buf, size_t len){ int f_recv(void *ctx, unsigned char *buf, size_t len){
thread_security_t *sec = (thread_security_t *)ctx; coap_security_t *sec = (coap_security_t *)ctx;
return sec->_receive_cb(sec->_socket_id, buf, len); return sec->_receive_cb(sec->_socket_id, buf, len);
} }

19
source/include/coap_security_handler.h
View File

@ -29,9 +29,9 @@ typedef void start_timer_cb(int8_t timer_id, uint32_t min, uint32_t fin);
typedef int timer_status_cb(int8_t timer_id); typedef int timer_status_cb(int8_t timer_id);
typedef struct thread_security_s { typedef struct thread_security_s {
mbedtls_ssl_config _conf; mbedtls_ssl_config _conf;
mbedtls_ssl_context _ssl; mbedtls_ssl_context _ssl;
mbedtls_ctr_drbg_context _ctr_drbg; mbedtls_ctr_drbg_context _ctr_drbg;
mbedtls_entropy_context _entropy; mbedtls_entropy_context _entropy;
bool _is_started; bool _is_started;
@ -50,24 +50,25 @@ typedef struct thread_security_s {
receive_cb *_receive_cb; receive_cb *_receive_cb;
start_timer_cb *_start_timer_cb; start_timer_cb *_start_timer_cb;
timer_status_cb *_timer_status_cb; timer_status_cb *_timer_status_cb;
} thread_security_t;
thread_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8_t *address_ptr, uint16_t port, } coap_security_t;
coap_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8_t *address_ptr, uint16_t port,
send_cb *send_cb, send_cb *send_cb,
receive_cb *receive_cb, receive_cb *receive_cb,
start_timer_cb *start_timer_cb, start_timer_cb *start_timer_cb,
timer_status_cb *timer_status_cb); timer_status_cb *timer_status_cb);
void thread_security_destroy(thread_security_t *sec); void thread_security_destroy(coap_security_t *sec);
int coap_security_handler_connect(thread_security_t *sec, bool is_server, const unsigned char *pw, uint8_t len); int coap_security_handler_connect(coap_security_t *sec, bool is_server, const unsigned char *pw, uint8_t len);
int coap_security_handler_continue_connecting(thread_security_t *sec); int coap_security_handler_continue_connecting(coap_security_t *sec);
int coap_security_handler_send_message(thread_security_t *sec, unsigned char *message, size_t len); int coap_security_handler_send_message(coap_security_t *sec, unsigned char *message, size_t len);
int thread_security_send_close_alert(thread_security_t *sec); int thread_security_send_close_alert(coap_security_t *sec);
int coap_security_handler_read(thread_security_t *sec, unsigned char* buffer, size_t len); int coap_security_handler_read(coap_security_t *sec, unsigned char* buffer, size_t len);
#endif #endif

94
source/include/config-thread.h
View File

@ -1,94 +0,0 @@
/*
* Minimal configuration for using TLS as part of Thread
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* Minimal configuration for using TLS a part of Thread
* http://threadgroup.org/
*
* Distinguishing features:
* - no RSA or classic DH, fully based on ECC
* - no X.509
* - support for experimental EC J-PAKE key exchange
*
* See README.txt for usage instructions.
*/
#ifndef MBEDTLS_CONFIG_H
#define MBEDTLS_CONFIG_H
/* System support */
#define MBEDTLS_HAVE_ASM
/* mbed TLS feature support */
#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_NIST_OPTIM
#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
#define MBEDTLS_SSL_PROTO_TLS1_2
#define MBEDTLS_SSL_PROTO_DTLS
#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
#define MBEDTLS_SSL_EXPORT_KEYS
/* mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CCM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ECJPAKE_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SSL_COOKIE_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
/* For tests using ssl-opt.sh */
//#define MBEDTLS_NET_C
//#define MBEDTLS_TIMING_C
/* Save RAM at the expense of ROM */
#define MBEDTLS_AES_ROM_TABLES
/* Save RAM by adjusting to our exact needs */
#define MBEDTLS_ECP_MAX_BITS 256
#define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes
/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
#if defined(TARGET_LIKE_MBED)
#include "mbedtls/target_config.h"
#endif
#include "mbedtls/check_config.h"
#endif /* MBEDTLS_CONFIG_H */

1
source/override_flags.cmake
View File

@ -1 +0,0 @@
set_target_properties(coap-service PROPERTIES COMPILE_FLAGS "-DMBEDTLS_CONFIG_FILE='<config-thread.h>'")