Skip to content

Commit

Permalink
Squashed 'features/nanostack/coap-service/' changes from bbe0173..9a9…
Browse files Browse the repository at this point in the history
…085d

9a9085d Updated coap service to be compatible with mbed TLS 3.0 (ARMmbed#135)

git-subtree-dir: features/nanostack/coap-service
git-subtree-split: 9a9085d
  • Loading branch information
artokin committed Sep 23, 2021
1 parent 7556e92 commit 5553539
Show file tree
Hide file tree
Showing 4 changed files with 37 additions and 10 deletions.
21 changes: 20 additions & 1 deletion source/coap_security_handler.c
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,12 @@

#ifdef COAP_SECURITY_AVAILABLE

#include "mbedtls/version.h"
#include "mbedtls/sha256.h"
#include "mbedtls/error.h"
#include "mbedtls/platform.h"
#include "mbedtls/ssl_cookie.h"
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/hmac_drbg.h"
#include "mbedtls/ssl_ciphersuites.h"
Expand Down Expand Up @@ -310,6 +310,7 @@ static int simple_cookie_check(void *ctx,

/**** Key export function ****/
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
#if (MBEDTLS_VERSION_MAJOR < 3)
static int export_key_block(void *ctx,
const unsigned char *mk, const unsigned char *kb,
size_t maclen, size_t keylen, size_t ivlen)
Expand All @@ -330,6 +331,7 @@ static int export_key_block(void *ctx,
return 0;
}
#endif
#endif

static int coap_security_handler_configure_keys(coap_security_t *sec, coap_security_keys_t keys, bool is_server)
{
Expand All @@ -343,9 +345,15 @@ static int coap_security_handler_configure_keys(coap_security_t *sec, coap_secur
break;
}

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_pk_parse_key(&sec->_pkey, keys._priv_key, keys._priv_key_len, NULL, 0, DRBG_RANDOM, &sec->_drbg) < 0) {
break;
}
#else
if (mbedtls_pk_parse_key(&sec->_pkey, keys._priv_key, keys._priv_key_len, NULL, 0) < 0) {
break;
}
#endif

if (0 != mbedtls_ssl_conf_own_cert(&sec->_conf, &sec->_owncert, &sec->_pkey)) {
break;
Expand Down Expand Up @@ -378,10 +386,15 @@ static int coap_security_handler_configure_keys(coap_security_t *sec, coap_secur
mbedtls_ssl_conf_ciphersuites(&sec->_conf, ECJPAKE_SUITES);
#endif /* !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) */

#if (MBEDTLS_VERSION_MAJOR >= 3)
tr_error("FATAL ERROR: support for mbedtls_ssl_set_export_keys_cb() not implemented");
#else
//NOTE: If thread starts supporting PSK in other modes, then this will be needed!
mbedtls_ssl_conf_export_keys_cb(&sec->_conf,
export_key_block,
&sec->_keyblk);
#endif

ret = 0;
#endif
break;
Expand Down Expand Up @@ -512,9 +525,15 @@ int coap_security_handler_continue_connecting(coap_security_t *sec)
return ret;
}

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (sec->_ssl.private_state == MBEDTLS_SSL_HANDSHAKE_OVER) {
return 0;
}
#else
if (sec->_ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER) {
return 0;
}
#endif
}

if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
Expand Down
6 changes: 1 addition & 5 deletions source/include/coap_security_handler.h
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,8 @@
#include "ns_types.h"

#ifdef NS_USE_EXTERNAL_MBED_TLS
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
// cppcheck-suppress preprocessorErrorDirective
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/version.h"

#if defined(MBEDTLS_SSL_TLS_C)
#include "mbedtls/ssl.h"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ bool test_coap_security_handler_connect()
}

mbedtls_stub.counter = 0;
mbedtls_stub.retArray[5] = MBEDTLS_ERR_SSL_BAD_HS_FINISHED;
mbedtls_stub.retArray[5] = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;

if (-1 != coap_security_handler_connect_non_blocking(handle, true, DTLS, keys, 0, 1)) {
return false;
Expand Down Expand Up @@ -230,9 +230,9 @@ bool test_coap_security_handler_continue_connecting()
}

mbedtls_stub.counter = 0;
mbedtls_stub.retArray[0] = MBEDTLS_ERR_SSL_BAD_HS_FINISHED;
mbedtls_stub.retArray[0] = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;

if (MBEDTLS_ERR_SSL_BAD_HS_FINISHED != coap_security_handler_continue_connecting(handle)) {
if (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL != coap_security_handler_continue_connecting(handle)) {
return false;
}

Expand Down
14 changes: 13 additions & 1 deletion test/coap-service/unittest/stub/mbedtls_stub.c
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,11 @@ int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl)

if (mbedtls_stub.retArray[mbedtls_stub.counter] == HANDSHAKE_FINISHED_VALUE ||
mbedtls_stub.retArray[mbedtls_stub.counter] == HANDSHAKE_FINISHED_VALUE_RETURN_ZERO) {

#if (MBEDTLS_VERSION_MAJOR >= 3)
ssl->private_state = MBEDTLS_SSL_HANDSHAKE_OVER;
#else
ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER;
#endif
if (mbedtls_stub.retArray[mbedtls_stub.counter] == HANDSHAKE_FINISHED_VALUE_RETURN_ZERO) {
return 0;
}
Expand Down Expand Up @@ -346,9 +349,16 @@ int mbedtls_entropy_add_source(mbedtls_entropy_context *a,
}

//From pk.h
#if (MBEDTLS_VERSION_MAJOR >= 3)
int mbedtls_pk_parse_key(mbedtls_pk_context *ctx,
const unsigned char *b, size_t c,
const unsigned char *d, size_t e,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
#else
int mbedtls_pk_parse_key(mbedtls_pk_context *a,
const unsigned char *b, size_t c,
const unsigned char *d, size_t e)
#endif
{
if (mbedtls_stub.useCounter) {
return mbedtls_stub.retArray[mbedtls_stub.counter++];
Expand Down Expand Up @@ -396,6 +406,7 @@ void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf,
}
}

#if (MBEDTLS_VERSION_MAJOR < 3)
void mbedtls_ssl_conf_export_keys_cb(mbedtls_ssl_config *conf,
mbedtls_ssl_export_keys_t *f_export_keys,
void *p_export_keys)
Expand All @@ -408,6 +419,7 @@ void mbedtls_ssl_conf_export_keys_cb(mbedtls_ssl_config *conf,
f_export_keys(p_export_keys, &value, "", 0, 20, 0); //success case
}
}
#endif

int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl)
{
Expand Down

0 comments on commit 5553539

Please sign in to comment.