ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Combined security stuff from mbed-client

pull/3240/head
Antti Kauppila 2016-01-20 11:45:25 +02:00
parent 4cb6322fb0
commit a32c3614b4
9 changed files with 331 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
source/coap_connection_handler.c
View File

@ -49,7 +49,7 @@ typedef struct secure_timer_s {
} secure_timer_t;
typedef struct secure_session {
coap_security_t *sec_handler; //owned
thread_security_t *sec_handler; //owned
internal_socket_t *parent; //not owned
secure_timer_t timer;
@ -79,8 +79,13 @@ static secure_session_t *secure_session_create(internal_socket_t *parent, uint8_
return NULL;
}
this->sec_handler = thread_security_create(parent->listen_socket, this->timer.id, address_ptr, port, &send_to_socket,
&receive_from_socket, &start_timer, &timer_status);
SecureConnectionMode mode = PSK;
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mode = ECJPAKE;
#endif
this->sec_handler = thread_security_create(parent->listen_socket, this->timer.id, address_ptr, port, mode,
&send_to_socket, &receive_from_socket, &start_timer, &timer_status);
if( !this->sec_handler ){
ns_dyn_mem_free(this);
return NULL;
@ -318,6 +323,9 @@ static void timer_cb(int8_t timer_id, uint16_t slots)
/* Intermediate expiry */
sec->timer.state = TIMER_STATE_INT_EXPIRY;
}
//TODO: In case of DTLS and count == 1 || 4 we must call continue connecting of security so
//that mbedtls can handle timeout logic: resending etc...
//Not done, because timer should be refactored to be platform specific!
}
}
@ -395,7 +403,11 @@ static void secure_recv_sckt_msg(void *cb_res)
uint8_t *pw = (uint8_t *)ns_dyn_mem_alloc(64);
uint8_t pw_len;
if( sock->parent->_get_password_cb && 0 == sock->parent->_get_password_cb(sock->listen_socket, src_address.address, src_address.identifier, pw, &pw_len)){
coap_security_handler_connect(session->sec_handler, true, pw, pw_len);
//TODO: get_password_cb should support certs and PSK also
thread_keys_t keys;
keys._priv = pw;
keys._priv_len = pw_len;
coap_security_handler_connect_non_blocking(session->sec_handler, true, DTLS, keys);
//TODO: error handling
}
ns_dyn_mem_free(pw);
@ -484,7 +496,11 @@ int coap_connection_handler_virtual_recv(thread_conn_handler_t *handler, uint8_t
uint8_t *pw = (uint8_t *)ns_dyn_mem_alloc(64);
uint8_t pw_len;
if( sock->parent->_get_password_cb && 0 == sock->parent->_get_password_cb(sock->listen_socket, address, port, pw, &pw_len)){
coap_security_handler_connect(session->sec_handler, true, pw, pw_len);
//TODO: get_password_cb should support certs and PSK also
thread_keys_t keys;
keys._priv = pw;
keys._priv_len = pw_len;
coap_security_handler_connect_non_blocking(session->sec_handler, true, DTLS, keys);
//TODO: error handling
ns_dyn_mem_free(pw);
return 0;
@ -658,7 +674,11 @@ int coap_connection_handler_send_data(thread_conn_handler_t *handler, ns_address
}
uint8_t pw_len;
if( handler->_get_password_cb && 0 == handler->_get_password_cb(handler->socket->listen_socket, dest_addr->address, dest_addr->identifier, pw, &pw_len)){
coap_security_handler_connect(session->sec_handler, false, pw, pw_len);
//TODO: get_password_cb should support certs and PSK also
thread_keys_t keys;
keys._priv = pw;
keys._priv_len = pw_len;
coap_security_handler_connect_non_blocking(session->sec_handler, false, DTLS, keys);
ns_dyn_mem_free(pw);
return -2;
}else{

280
source/coap_security_handler.c
View File

@ -18,28 +18,43 @@
#include "randLIB.h"
#include "mbedtls/ssl_ciphersuites.h"
const int PSK_SUITES[] = {
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
const int ECJPAKE_SUITES[] = {
MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
0
};
#endif
const static int PSK_SUITES[] = {
MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
0
};
static void set_timer( void *sec_obj, uint32_t int_ms, uint32_t fin_ms );
static int get_timer( void *sec_obj );
static int coap_security_handler_configure_keys( thread_security_t *sec, thread_keys_t keys );
int entropy_poll( void *data, unsigned char *output, size_t len, size_t *olen );
//Point these back to M2MConnectionHandler!!!
int f_send( void *ctx, const unsigned char *buf, size_t len );
int f_recv(void *ctx, unsigned char *buf, size_t len);
static int coap_security_handler_init(coap_security_t *sec){
static int coap_security_handler_init(thread_security_t *sec){
const char *pers = "dtls_client";
mbedtls_ssl_init( &sec->_ssl );
mbedtls_ssl_config_init( &sec->_conf );
mbedtls_ctr_drbg_init( &sec->_ctr_drbg );
mbedtls_entropy_init( &sec->_entropy );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_init( &sec->_cacert );
mbedtls_x509_crt_init( &sec->_owncert );
#endif
mbedtls_pk_init( &sec->_pkey );
memset(&sec->_cookie, 0, sizeof(simple_cookie_t));
memset(&sec->_keyblk, 0, sizeof(key_block_t));
@ -61,7 +76,14 @@ static int coap_security_handler_init(coap_security_t *sec){
return 0;
}
static void coap_security_handler_reset(coap_security_t *sec){
static void coap_security_handler_reset(thread_security_t *sec){
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_free(&sec->_cacert);
mbedtls_x509_crt_free(&sec->_owncert);
#endif
mbedtls_pk_free(&sec->_pkey);
mbedtls_entropy_free( &sec->_entropy );
mbedtls_ctr_drbg_free( &sec->_ctr_drbg );
mbedtls_ssl_config_free(&sec->_conf);
@ -69,7 +91,7 @@ static void coap_security_handler_reset(coap_security_t *sec){
}
coap_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8_t *address_ptr, uint16_t port,
thread_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8_t *address_ptr, uint16_t port, SecureConnectionMode mode,
send_cb *send_cb,
receive_cb *receive_cb,
start_timer_cb *start_timer_cb,
@ -78,7 +100,7 @@ coap_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8
if( !address_ptr || send_cb == NULL || receive_cb == NULL || start_timer_cb == NULL || timer_status_cb == NULL){
return NULL;
}
coap_security_t *this = ns_dyn_mem_alloc(sizeof(coap_security_t));
thread_security_t *this = ns_dyn_mem_alloc(sizeof(thread_security_t));
if( !this ){
return NULL;
}
@ -88,6 +110,7 @@ coap_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8
}
this->_remote_port = port;
memcpy(this->_remote_address, address_ptr, 16);
this->_conn_mode = mode;
memset(this->_pw, 0, 64);
this->_pw_len = 0;
this->_socket_id = socket_id;
@ -100,7 +123,7 @@ coap_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8
return this;
}
void thread_security_destroy(coap_security_t *sec){
void thread_security_destroy(thread_security_t *sec){
if( sec ){
coap_security_handler_reset(sec);
ns_dyn_mem_free(sec);
@ -200,60 +223,165 @@ static int export_key_block(void *ctx,
return 0;
}
/**** Timer functions ****/
/**
* Set timer function.
* Called back by mbedtls when it wants to set a timer.
* Accepts an intermediate and a final delay in milliseconds
* If the final delay is 0, cancels the running timer.
* TODO - might be better to use an event timer in conjunction with
* CoAP tasklet
*/
static void set_timer(void *sec_obj, uint32_t int_ms, uint32_t fin_ms)
int coap_security_handler_configure_keys( thread_security_t *sec, thread_keys_t keys )
{
coap_security_t *sec = (coap_security_t *)sec_obj;
if( sec->_start_timer_cb ){
sec->_start_timer_cb( sec->_timer_id, int_ms, fin_ms);
int ret = -1;
switch( sec->_conn_mode ){
case Certificate:{
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if( mbedtls_x509_crt_parse( &sec->_cacert, keys._server_cert,
keys._server_cert_len ) < 0 ){
break;
}
if( mbedtls_x509_crt_parse( &sec->_owncert, keys._pub_cert_or_identifier,
keys._pub_len ) < 0 ){
break;
}
if( mbedtls_pk_parse_key(&sec->_pkey, keys._priv, keys._priv_len, NULL, 0) < 0){
break;
}
//TODO: If needed in server mode, this won't work
if( 0 != mbedtls_ssl_conf_own_cert(&sec->_conf, &sec->_owncert, &sec->_pkey) ){
break;
}
//TODO: use MBEDTLS_SSL_VERIFY_REQUIRED instead of optional
mbedtls_ssl_conf_authmode( &sec->_conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_conf_ca_chain( &sec->_conf, &sec->_cacert, NULL );
ret = 0;
#endif
break;
}
case PSK: {
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( 0 != mbedtls_ssl_conf_psk(&sec->_conf, keys._priv, keys._priv_len, keys._pub_cert_or_identifier, keys._pub_len) ){
break;
}
mbedtls_ssl_conf_ciphersuites(&sec->_conf, PSK_SUITES);
ret = 0;
#endif
break;
}
case ECJPAKE: {
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( mbedtls_ssl_set_hs_ecjpake_password(&sec->_ssl, keys._priv, keys._priv_len) != 0 ){
return -1;
}
mbedtls_ssl_conf_ciphersuites(&sec->_conf, ECJPAKE_SUITES);
//NOTE: If thread starts supporting PSK in other modes, then this will be needed!
mbedtls_ssl_conf_export_keys_cb(&sec->_conf,
export_key_block,
&sec->_keyblk);
ret = 0;
#endif
break;
}
default:
break;
}
return ret;
}
/**
* Get timer function.
* Called back by mbedtls when it wants to set a timer.
* Returns the state of the current timer
* TODO - might be better to use an event timer in conjunction with
* CoAP tasklet
*/
static int get_timer(void *sec_obj)
{
coap_security_t *sec = (coap_security_t *)sec_obj;
if( sec->_timer_status_cb ){
return sec->_timer_status_cb(sec->_timer_id);
}
return -1;
}
int coap_security_handler_connect(coap_security_t *sec, bool is_server, const unsigned char *pw, uint8_t len){
int coap_security_handler_connect(thread_security_t *sec, bool is_server, SecureSocketMode sock_mode, thread_keys_t keys){
int ret = -1;
if( !sec ){
return -1;
return ret;
}
sec->_is_blocking = true;
int endpoint = MBEDTLS_SSL_IS_CLIENT;
if( is_server ){
endpoint = MBEDTLS_SSL_IS_SERVER;
}
int mode = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
if( sock_mode == TLS ){
mode = MBEDTLS_SSL_TRANSPORT_STREAM;
}
if( ( mbedtls_ssl_config_defaults( &sec->_conf,
endpoint,
MBEDTLS_SSL_TRANSPORT_DATAGRAM, 0 ) ) != 0 )
mode, 0 ) ) != 0 )
{
return -1;
}
mbedtls_ssl_conf_handshake_timeout( &sec->_conf, 60000, 61000 );
mbedtls_ssl_set_bio( &sec->_ssl, sec,
f_send, f_recv, NULL );
mbedtls_ssl_set_timer_cb( &sec->_ssl, sec, set_timer,
get_timer );
if( coap_security_handler_configure_keys( sec, keys ) != 0 ){
return -1;
}
//TODO: Only needed for server type?
mbedtls_ssl_conf_dtls_cookies(&sec->_conf, simple_cookie_write,
simple_cookie_check,
&sec->_cookie);
sec->_is_started = true;
do {
ret = mbedtls_ssl_handshake_step( &sec->_ssl );
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ){ //cookie check failed
if( is_server ){
mbedtls_ssl_session_reset(&sec->_ssl);
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( mbedtls_ssl_set_hs_ecjpake_password(&sec->_ssl, keys._priv, keys._priv_len) != 0 ){
return -1;
}
#endif
ret = MBEDTLS_ERR_SSL_WANT_READ; //needed to keep doing
}else{
ret = -1;
}
}
}while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
if( ret != 0){
ret = -1;
}else{
if( mbedtls_ssl_get_verify_result( &sec->_ssl ) != 0 )
{
ret = -1;
}
}
return ret;
}
int coap_security_handler_connect_non_blocking(thread_security_t *sec, bool is_server, SecureSocketMode sock_mode, thread_keys_t keys){
if( !sec ){
return -1;
}
sec->_is_blocking = false;
int endpoint = MBEDTLS_SSL_IS_CLIENT;
if( is_server ){
endpoint = MBEDTLS_SSL_IS_SERVER;
}
int mode = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
if( sock_mode == TLS ){
mode = MBEDTLS_SSL_TRANSPORT_STREAM;
}
if( ( mbedtls_ssl_config_defaults( &sec->_conf,
endpoint,
mode, 0 ) ) != 0 )
{
return -1;
}
//TODO: This should probably be modifiable by service???
mbedtls_ssl_conf_handshake_timeout( &sec->_conf, 10000, 29000 );
mbedtls_ssl_conf_rng( &sec->_conf, mbedtls_ctr_drbg_random, &sec->_ctr_drbg );
//mbedtls_ssl_conf_rng(&sec->_conf, get_random, NULL);
if( ( mbedtls_ssl_setup( &sec->_ssl, &sec->_conf ) ) != 0 )
{
@ -266,26 +394,24 @@ int coap_security_handler_connect(coap_security_t *sec, bool is_server, const un
mbedtls_ssl_set_timer_cb( &sec->_ssl, sec, set_timer,
get_timer );
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
//TODO: Figure out better way!!!
//Password should never be stored in multiple places!!!
if( is_server && len > 0){
memcpy(sec->_pw, pw, len);
sec->_pw_len = len;
if( is_server && keys._priv_len > 0){
memcpy(sec->_pw, keys._priv, keys._priv_len);
sec->_pw_len = keys._priv_len;
}
#endif
if( mbedtls_ssl_set_hs_ecjpake_password(&sec->_ssl, pw, len) != 0 ){
if( coap_security_handler_configure_keys( sec, keys ) != 0 ){
return -1;
}
mbedtls_ssl_conf_ciphersuites(&sec->_conf, PSK_SUITES);
//Only needed for server type?
mbedtls_ssl_conf_dtls_cookies(&sec->_conf, simple_cookie_write,
simple_cookie_check,
&sec->_cookie);
mbedtls_ssl_conf_export_keys_cb(&sec->_conf,
export_key_block,
&sec->_keyblk);
sec->_is_started = true;
int ret = mbedtls_ssl_handshake_step( &sec->_ssl );
@ -298,22 +424,24 @@ int coap_security_handler_connect(coap_security_t *sec, bool is_server, const un
if( ret >= 0){
ret = 1;
}else
{
}else{
ret = -1;
}
return ret;
}
int coap_security_handler_continue_connecting(coap_security_t *sec){
int coap_security_handler_continue_connecting(thread_security_t *sec){
int ret=-1;
while( ret != MBEDTLS_ERR_SSL_WANT_READ ){
ret = mbedtls_ssl_handshake_step( &sec->_ssl );
if( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED == ret){
mbedtls_ssl_session_reset(&sec->_ssl);
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( mbedtls_ssl_set_hs_ecjpake_password(&sec->_ssl, sec->_pw, sec->_pw_len) != 0 ){
return -1;
}
#endif
return 1;
}
if(MBEDTLS_ERR_SSL_TIMEOUT == ret ||
@ -335,7 +463,7 @@ int coap_security_handler_continue_connecting(coap_security_t *sec){
}
int coap_security_handler_send_message(coap_security_t *sec, unsigned char *message, size_t len){
int coap_security_handler_send_message(thread_security_t *sec, unsigned char *message, size_t len){
int ret=-1;
if( sec ){
@ -347,7 +475,7 @@ int coap_security_handler_send_message(coap_security_t *sec, unsigned char *mess
return ret; //bytes written
}
int thread_security_send_close_alert(coap_security_t *sec)
int thread_security_send_close_alert(thread_security_t *sec)
{
if( !sec ){
return -1;
@ -361,7 +489,7 @@ int thread_security_send_close_alert(coap_security_t *sec)
return -1;
}
int coap_security_handler_read(coap_security_t *sec, unsigned char* buffer, size_t len){
int coap_security_handler_read(thread_security_t *sec, unsigned char* buffer, size_t len){
int ret=-1;
if( sec && buffer ){
@ -374,13 +502,47 @@ int coap_security_handler_read(coap_security_t *sec, unsigned char* buffer, size
return ret; //bytes read
}
/**** Timer functions ****/
/**
* Set timer function.
* Called back by mbedtls when it wants to set a timer.
* Accepts an intermediate and a final delay in milliseconds
* If the final delay is 0, cancels the running timer.
* TODO - might be better to use an event timer in conjunction with
* CoAP tasklet
*/
static void set_timer(void *sec_obj, uint32_t int_ms, uint32_t fin_ms)
{
thread_security_t *sec = (thread_security_t *)sec_obj;
if( sec->_start_timer_cb ){
sec->_start_timer_cb( sec->_timer_id, int_ms, fin_ms);
}
}
/**
* Get timer function.
* Called back by mbedtls when it wants to get a timer state.
* Returns the state of the current timer
* TODO - might be better to use an event timer in conjunction with
* CoAP tasklet
*/
static int get_timer(void *sec_obj)
{
thread_security_t *sec = (thread_security_t *)sec_obj;
if( sec->_timer_status_cb ){
return sec->_timer_status_cb(sec->_timer_id);
}
return -1;
}
int f_send( void *ctx, const unsigned char *buf, size_t len){
coap_security_t *sec = (coap_security_t *)ctx;
thread_security_t *sec = (thread_security_t *)ctx;
return sec->_send_cb(sec->_socket_id, sec->_remote_address, sec->_remote_port, buf, len);
}
int f_recv(void *ctx, unsigned char *buf, size_t len){
coap_security_t *sec = (coap_security_t *)ctx;
thread_security_t *sec = (thread_security_t *)ctx;
return sec->_receive_cb(sec->_socket_id, buf, len);
}

47
source/include/coap_security_handler.h
View File

@ -42,6 +42,26 @@ typedef int receive_cb(int8_t socket_id, unsigned char *, size_t);
typedef void start_timer_cb(int8_t timer_id, uint32_t min, uint32_t fin);
typedef int timer_status_cb(int8_t timer_id);
typedef enum {
DTLS = 0,
TLS = 1
}SecureSocketMode;
typedef enum {
Certificate,
PSK,
ECJPAKE
}SecureConnectionMode;
typedef struct {
unsigned char *_server_cert;
uint8_t _server_cert_len;
unsigned char *_pub_cert_or_identifier;
uint8_t _pub_len;
unsigned char *_priv;
uint8_t _priv_len;
} thread_keys_t;
typedef struct thread_security_s {
mbedtls_ssl_config _conf;
mbedtls_ssl_context _ssl;
@ -52,12 +72,20 @@ typedef struct thread_security_s {
simple_cookie_t _cookie;
key_block_t _keyblk;
SecureConnectionMode _conn_mode;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt _cacert;
mbedtls_x509_crt _owncert;
#endif
mbedtls_pk_context _pkey;
uint8_t _remote_address[16];
uint16_t _remote_port;
uint8_t _pw[64];
uint8_t _pw_len;
bool _is_blocking;
int8_t _socket_id;
int8_t _timer_id;
send_cb *_send_cb;
@ -65,24 +93,27 @@ typedef struct thread_security_s {
start_timer_cb *_start_timer_cb;
timer_status_cb *_timer_status_cb;
} coap_security_t;
} thread_security_t;
coap_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8_t *address_ptr, uint16_t port,
thread_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8_t *address_ptr, uint16_t port,
SecureConnectionMode mode,
send_cb *send_cb,
receive_cb *receive_cb,
start_timer_cb *start_timer_cb,
timer_status_cb *timer_status_cb);
void thread_security_destroy(coap_security_t *sec);
void thread_security_destroy(thread_security_t *sec);
int coap_security_handler_connect(coap_security_t *sec, bool is_server, const unsigned char *pw, uint8_t len);
int coap_security_handler_connect(thread_security_t *sec, bool is_server, SecureSocketMode sock_mode, thread_keys_t keys);
int coap_security_handler_continue_connecting(coap_security_t *sec);
int coap_security_handler_connect_non_blocking(thread_security_t *sec, bool is_server, SecureSocketMode sock_mode, thread_keys_t keys);
int coap_security_handler_send_message(coap_security_t *sec, unsigned char *message, size_t len);
int coap_security_handler_continue_connecting(thread_security_t *sec);
int thread_security_send_close_alert(coap_security_t *sec);
int coap_security_handler_send_message(thread_security_t *sec, unsigned char *message, size_t len);
int coap_security_handler_read(coap_security_t *sec, unsigned char* buffer, size_t len);
int thread_security_send_close_alert(thread_security_t *sec);
int coap_security_handler_read(thread_security_t *sec, unsigned char* buffer, size_t len);
#endif

20
test/coap-service/unittest/coap_connection_handler/test_coap_connection_handler.c
View File

@ -122,8 +122,8 @@ bool test_coap_connection_handler_send_data()
connection_handler_destroy(handler);
coap_security_handler_stub.sec_obj = (coap_security_t *)malloc(sizeof(coap_security_t));
memset(coap_security_handler_stub.sec_obj, 0, sizeof(coap_security_t));
coap_security_handler_stub.sec_obj = (thread_security_t *)malloc(sizeof(thread_security_t));
memset(coap_security_handler_stub.sec_obj, 0, sizeof(thread_security_t));
coap_security_handler_stub.sec_obj->_remote_port = 22;
memset(coap_security_handler_stub.sec_obj->_remote_address, 1, 16 );
@ -199,8 +199,8 @@ bool test_coap_connection_handler_virtual_recv()
return false;
//handler->socket->data still in memory
coap_security_handler_stub.sec_obj = (coap_security_t *)malloc(sizeof(coap_security_t));
memset(coap_security_handler_stub.sec_obj, 0, sizeof(coap_security_t));
coap_security_handler_stub.sec_obj = (thread_security_t *)malloc(sizeof(thread_security_t));
memset(coap_security_handler_stub.sec_obj, 0, sizeof(thread_security_t));
coap_security_handler_stub.sec_obj->_remote_port = 55;
memset(coap_security_handler_stub.sec_obj->_remote_address, 4, 16 );
@ -298,8 +298,8 @@ bool test_timer_callbacks()
return false;
//handler->socket->data still in memory
coap_security_handler_stub.sec_obj = (coap_security_t *)malloc(sizeof(coap_security_t));
memset(coap_security_handler_stub.sec_obj, 0, sizeof(coap_security_t));
coap_security_handler_stub.sec_obj = (thread_security_t *)malloc(sizeof(thread_security_t));
memset(coap_security_handler_stub.sec_obj, 0, sizeof(thread_security_t));
coap_security_handler_stub.sec_obj->_remote_port = 55;
memset(coap_security_handler_stub.sec_obj->_remote_address, 4, 16 );
coap_security_handler_stub.sec_obj->_timer_id = 5;
@ -351,8 +351,8 @@ bool test_socket_api_callbacks()
socket_callback_t *sckt_data = (socket_callback_t *)malloc(sizeof(socket_callback_t));
memset(sckt_data, 0, sizeof(socket_callback_t));
coap_security_handler_stub.sec_obj = (coap_security_t *)malloc(sizeof(coap_security_t));
memset(coap_security_handler_stub.sec_obj, 0, sizeof(coap_security_t));
coap_security_handler_stub.sec_obj = (thread_security_t *)malloc(sizeof(thread_security_t));
memset(coap_security_handler_stub.sec_obj, 0, sizeof(thread_security_t));
socket_api_stub.int8_value = 0;
nsdynmemlib_stub.returnCounter = 1;
@ -431,8 +431,8 @@ bool test_security_callbacks()
socket_callback_t *sckt_data = (socket_callback_t *)malloc(sizeof(socket_callback_t));
memset(sckt_data, 0, sizeof(socket_callback_t));
coap_security_handler_stub.sec_obj = (coap_security_t *)malloc(sizeof(coap_security_t));
memset(coap_security_handler_stub.sec_obj, 0, sizeof(coap_security_t));
coap_security_handler_stub.sec_obj = (thread_security_t *)malloc(sizeof(thread_security_t));
memset(coap_security_handler_stub.sec_obj, 0, sizeof(thread_security_t));
nsdynmemlib_stub.returnCounter = 1;
thread_conn_handler_t *handler = connection_handler_create(&receive_from_sock_cb, &send_to_sock_cb, NULL, NULL);

2
test/coap-service/unittest/coap_security_handler/Makefile
View File

@ -19,5 +19,5 @@ TEST_SRC_FILES = \
include ../MakefileWorker.mk
CPPUTESTFLAGS += -DFEA_TRACE_SUPPORT
CPPUTESTFLAGS += -DFEA_TRACE_SUPPORT -DMBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -DMBEDTLS_ECJPAKE_C -DMBEDTLS_SHA256_C -DMBEDTLS_ECP_DP_SECP256R1_ENABLED

46
test/coap-service/unittest/coap_security_handler/test_coap_security_handler.c
View File

@ -31,26 +31,26 @@ static int timer_status_callback(int8_t timer_id)
bool test_thread_security_create()
{
uint8_t buf[16];
if( NULL != thread_security_create(1,2,&buf,12,&send_to_socket, &receive_from_socket, &start_timer_callback, NULL) )
if( NULL != thread_security_create(1,2,&buf,12,ECJPAKE,&send_to_socket, &receive_from_socket, &start_timer_callback, NULL) )
return false;
if( NULL != thread_security_create(1,2,&buf,12,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback) )
if( NULL != thread_security_create(1,2,&buf,12,ECJPAKE,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback) )
return false;
nsdynmemlib_stub.returnCounter = 1;
mbedtls_stub.expected_int = -1;
if( NULL != thread_security_create(1,2,&buf,12,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback) )
if( NULL != thread_security_create(1,2,&buf,12,ECJPAKE,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback) )
return false;
mbedtls_stub.expected_int = 0;
nsdynmemlib_stub.returnCounter = 2;
mbedtls_stub.crt_expected_int = -1;
if( NULL != thread_security_create(1,2,&buf,12,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback) )
if( NULL != thread_security_create(1,2,&buf,12,ECJPAKE,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback) )
return false;
nsdynmemlib_stub.returnCounter = 2;
mbedtls_stub.crt_expected_int = 0;
coap_security_t *handle = thread_security_create(1,2,&buf,12,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback);
thread_security_t *handle = thread_security_create(1,2,&buf,12,ECJPAKE,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback);
if( NULL == handle )
return false;
@ -64,7 +64,7 @@ bool test_thread_security_destroy()
uint8_t buf[16];
nsdynmemlib_stub.returnCounter = 2;
mbedtls_stub.crt_expected_int = 0;
coap_security_t *handle = thread_security_create(1,2,&buf,12,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback);
thread_security_t *handle = thread_security_create(1,2,&buf,12,ECJPAKE,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback);
if( NULL == handle )
return false;
@ -77,11 +77,15 @@ bool test_coap_security_handler_connect()
uint8_t buf[16];
nsdynmemlib_stub.returnCounter = 2;
mbedtls_stub.crt_expected_int = 0;
coap_security_t *handle = thread_security_create(1,2,&buf,12,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback);
thread_security_t *handle = thread_security_create(1,2,&buf,12,ECJPAKE,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback);
if( NULL == handle )
return false;
if( -1 != coap_security_handler_connect(NULL, true, "pwd", 3) )
unsigned char pw = "pwd";
thread_keys_t keys;
keys._priv = &pw;
keys._priv_len = 3;
if( -1 != coap_security_handler_connect_non_blocking(NULL, true, DTLS, keys) )
return false;
mbedtls_stub.useCounter = true;
mbedtls_stub.counter = 0;
@ -94,18 +98,18 @@ bool test_coap_security_handler_connect()
mbedtls_stub.retArray[6] = -1;
mbedtls_stub.retArray[7] = -1;
if( -1 != coap_security_handler_connect(handle, true, "pwd", 3) )
if( -1 != coap_security_handler_connect_non_blocking(handle, true, DTLS, keys) )
return false;
mbedtls_stub.counter = 0;
mbedtls_stub.retArray[0] = 0;
if( -1 != coap_security_handler_connect(handle, true, "pwd", 3) )
if( -1 != coap_security_handler_connect_non_blocking(handle, true, DTLS, keys) )
return false;
mbedtls_stub.counter = 0;
// mbedtls_stub.retArray[0] = 0;
mbedtls_stub.retArray[1] = 0;
if( -1 != coap_security_handler_connect(handle, true, "pwd", 3) )
if( -1 != coap_security_handler_connect_non_blocking(handle, true, DTLS, keys) )
return false;
simple_cookie_t c;
@ -116,7 +120,7 @@ bool test_coap_security_handler_connect()
// mbedtls_stub.retArray[0] = 0;
// mbedtls_stub.retArray[1] = 0;
mbedtls_stub.retArray[2] = 0;
if( -1 != coap_security_handler_connect(handle, true, "pwd", 3) )
if( -1 != coap_security_handler_connect_non_blocking(handle, true, DTLS, keys) )
return false;
c.len = 8;
@ -130,7 +134,7 @@ bool test_coap_security_handler_connect()
// mbedtls_stub.retArray[1] = 0;
// mbedtls_stub.retArray[2] = 0;
mbedtls_stub.retArray[3] = 0;
if( -1 != coap_security_handler_connect(handle, true, "pwd", 3) )
if( -1 != coap_security_handler_connect_non_blocking(handle, true, DTLS, keys) )
return false;
mbedtls_stub.counter = 0;
@ -139,7 +143,7 @@ bool test_coap_security_handler_connect()
// mbedtls_stub.retArray[2] = 0;
// mbedtls_stub.retArray[3] = 0;
mbedtls_stub.retArray[4] = 0;
if( -1 != coap_security_handler_connect(handle, true, "pwd", 3) )
if( -1 != coap_security_handler_connect_non_blocking(handle, true, DTLS, keys) )
return false;
mbedtls_stub.counter = 0;
@ -150,19 +154,19 @@ bool test_coap_security_handler_connect()
// mbedtls_stub.retArray[4] = 0;
mbedtls_stub.retArray[6] = 0;
mbedtls_stub.retArray[7] = 0;
if( 1 != coap_security_handler_connect(handle, true, "pwd", 3) )
if( 1 != coap_security_handler_connect_non_blocking(handle, true, DTLS, keys) )
return false;
mbedtls_stub.counter = 0;
mbedtls_stub.retArray[5] = MBEDTLS_ERR_SSL_BAD_HS_FINISHED;
if( -1 != coap_security_handler_connect(handle, true, "pwd", 3) )
if( -1 != coap_security_handler_connect_non_blocking(handle, true, DTLS, keys) )
return false;
mbedtls_stub.counter = 0;
mbedtls_stub.retArray[5] = HANDSHAKE_FINISHED_VALUE;
if( 1 != coap_security_handler_connect(handle, true, "pwd", 3) )
if( 1 != coap_security_handler_connect_non_blocking(handle, true, DTLS, keys) )
return false;
thread_security_destroy(handle);
@ -174,7 +178,7 @@ bool test_coap_security_handler_continue_connecting()
uint8_t buf[16];
nsdynmemlib_stub.returnCounter = 2;
mbedtls_stub.crt_expected_int = 0;
coap_security_t *handle = thread_security_create(1,2,&buf,12,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback);
thread_security_t *handle = thread_security_create(1,2,&buf,12,ECJPAKE,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback);
if( NULL == handle )
return false;
@ -222,7 +226,7 @@ bool test_coap_security_handler_send_message()
uint8_t buf[16];
nsdynmemlib_stub.returnCounter = 2;
mbedtls_stub.crt_expected_int = 0;
coap_security_t *handle = thread_security_create(1,2,&buf,12,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback);
thread_security_t *handle = thread_security_create(1,2,&buf,12,ECJPAKE,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback);
if( NULL == handle )
return false;
@ -243,7 +247,7 @@ bool test_thread_security_send_close_alert()
uint8_t buf[16];
nsdynmemlib_stub.returnCounter = 2;
mbedtls_stub.crt_expected_int = 0;
coap_security_t *handle = thread_security_create(1,2,&buf,12,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback);
thread_security_t *handle = thread_security_create(1,2,&buf,12,ECJPAKE,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback);
if( NULL == handle )
return false;
@ -263,7 +267,7 @@ bool test_coap_security_handler_read()
uint8_t buf[16];
nsdynmemlib_stub.returnCounter = 2;
mbedtls_stub.crt_expected_int = 0;
coap_security_t *handle = thread_security_create(1,2,&buf,12,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback);
thread_security_t *handle = thread_security_create(1,2,&buf,12,ECJPAKE,&send_to_socket, &receive_from_socket, &start_timer_callback, &timer_status_callback);
if( NULL == handle )
return false;

1
test/coap-service/unittest/run_tests
View File

@ -23,6 +23,7 @@ lcov -q -d ../. -c -o app.info
lcov -q -r app.info "/test*" -o app.info
lcov -q -r app.info "/usr*" -o app.info
lcov -q -r app.info "/libService*" -o app.info
lcov -q -r app.info "/yotta_modules*" -o app.info
genhtml -q --no-branch-coverage app.info
cd ..
echo

14
test/coap-service/unittest/stub/coap_security_handler_stub.c
View File

@ -12,7 +12,7 @@
thread_sec_def coap_security_handler_stub;
coap_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8_t *address_ptr, uint16_t port,
thread_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8_t *address_ptr, uint16_t port, SecureConnectionMode mode,
int (*send_cb)(int8_t socket_id, uint8_t *address_ptr, uint16_t port, const unsigned char *, size_t),
int (*receive_cb)(int8_t socket_id, unsigned char *, size_t),
void (*start_timer_cb)(int8_t timer_id, uint32_t min, uint32_t fin),
@ -25,12 +25,12 @@ coap_security_t *thread_security_create(int8_t socket_id, int8_t timer_id, uint8
return coap_security_handler_stub.sec_obj;
}
void thread_security_destroy(coap_security_t *sec)
void thread_security_destroy(thread_security_t *sec)
{
}
int coap_security_handler_connect(coap_security_t *sec, bool is_server, const unsigned char *pw, uint8_t len)
int coap_security_handler_connect_non_blocking(thread_security_t *sec, bool is_server, SecureSocketMode sock_mode, thread_keys_t keys)
{
sec->_is_started = true;
if( coap_security_handler_stub.counter >= 0){
@ -39,7 +39,7 @@ int coap_security_handler_connect(coap_security_t *sec, bool is_server, const un
return coap_security_handler_stub.int_value;
}
int coap_security_handler_continue_connecting(coap_security_t *sec)
int coap_security_handler_continue_connecting(thread_security_t *sec)
{
if( coap_security_handler_stub.counter >= 0){
return coap_security_handler_stub.values[coap_security_handler_stub.counter--];
@ -49,7 +49,7 @@ int coap_security_handler_continue_connecting(coap_security_t *sec)
}
int coap_security_handler_send_message(coap_security_t *sec, unsigned char *message, size_t len)
int coap_security_handler_send_message(thread_security_t *sec, unsigned char *message, size_t len)
{
if( coap_security_handler_stub.counter >= 0){
return coap_security_handler_stub.values[coap_security_handler_stub.counter--];
@ -57,7 +57,7 @@ int coap_security_handler_send_message(coap_security_t *sec, unsigned char *mess
return coap_security_handler_stub.int_value;
}
int thread_security_send_close_alert(coap_security_t *sec)
int thread_security_send_close_alert(thread_security_t *sec)
{
if( coap_security_handler_stub.counter >= 0){
return coap_security_handler_stub.values[coap_security_handler_stub.counter--];
@ -65,7 +65,7 @@ int thread_security_send_close_alert(coap_security_t *sec)
return coap_security_handler_stub.int_value;
}
int coap_security_handler_read(coap_security_t *sec, unsigned char* buffer, size_t len)
int coap_security_handler_read(thread_security_t *sec, unsigned char* buffer, size_t len)
{
if( coap_security_handler_stub.counter >= 0){
return coap_security_handler_stub.values[coap_security_handler_stub.counter--];

2
test/coap-service/unittest/stub/coap_security_handler_stub.h
View File

@ -22,7 +22,7 @@
#include "coap_security_handler.h"
typedef struct tsh{
coap_security_t *sec_obj;
thread_security_t *sec_obj;
int int_value;
int counter;
int values[10];