Merge pull request #226 from DavidAntliff/client-secure

Add additional DTLS support
ConnectivityFoundry · Jul 7, 2016 · 844778c · 844778c
2 parents 29dbb67 + 6020f66
commit 844778c
Show file tree

Hide file tree

Showing 11 changed files with 79 additions and 14 deletions.
diff --git a/config/localhost-secure.bsc b/config/localhost-secure.bsc
@@ -0,0 +1,13 @@
+ServerURI=coaps://127.0.0.1:5684
+SecurityMode=0
+PublicKey=[PublicKey]
+SecretKey=[SecretKey]
+ServerID=1
+HoldOffTime=30
+ShortServerID=1
+Binding=U
+LifeTime=30
+DefaultMinimumPeriod=1
+DefaultMaximumPeriod=-1
+DisableTimeout=86400
+NotificationStoringWhenDisabledOrOffline=true
diff --git a/core/src/bootstrap/lwm2m_bootstrap_server.c b/core/src/bootstrap/lwm2m_bootstrap_server.c
@@ -307,6 +307,12 @@ static int ParseOptions(int argc, char ** argv, struct gengetopt_args_info * ai,
         options->Verbose = ai->verbose_flag;
         options->LogFile = ai->logFile_arg;
         options->Version = ai->version_flag;
+
+        if (options->Secure && strcmp(DTLS_LibraryName, "None") == 0)
+        {
+            printf("Error: not built with DTLS support\n\n");
+            result = EXIT_FAILURE;
+        }
     }
     else
     {

diff --git a/core/src/client/awa_clientd.ggo b/core/src/client/awa_clientd.ggo
@@ -12,6 +12,7 @@ option "ipcPort"          i "Use port number PORT for IPC communications"
 option "endPointName"     e "Use NAME as client end point name"                  string optional default="Awa Client"       typestr="NAME"
 option "bootstrap"        b "Use bootstrap server URI"                           string optional                            typestr="URI"
 option "factoryBootstrap" f "Load factory bootstrap information from FILE"       string optional                            typestr="FILE"
+option "secure"           s "CoAP communications are secured with DTLS"          flag off
 option "objDefs"          o "Load object and resource definitions from FILE"     string optional                            typestr="FILE"  multiple(1-16)
 option "daemonize"        d "Detach process from terminal and run in the background"
                                                                                  flag off

diff --git a/core/src/client/awa_clientd_cmdline.c b/core/src/client/awa_clientd_cmdline.c
@@ -40,6 +40,7 @@ const char *gengetopt_args_info_help[] = {
   "  -e, --endPointName=NAME      Use NAME as client end point name  (default=`Awa\n                                 Client')",
   "  -b, --bootstrap=URI          Use bootstrap server URI",
   "  -f, --factoryBootstrap=FILE  Load factory bootstrap information from FILE",
+  "  -s, --secure                 CoAP communications are secured with DTLS\n                                 (default=off)",
   "  -o, --objDefs=FILE           Load object and resource definitions from FILE",
   "  -d, --daemonize              Detach process from terminal and run in the\n                                 background  (default=off)",
   "  -v, --verbose                Generate verbose output  (default=off)",
@@ -82,6 +83,7 @@ void clear_given (struct gengetopt_args_info *args_info)
   args_info->endPointName_given = 0 ;
   args_info->bootstrap_given = 0 ;
   args_info->factoryBootstrap_given = 0 ;
+  args_info->secure_given = 0 ;
   args_info->objDefs_given = 0 ;
   args_info->daemonize_given = 0 ;
   args_info->verbose_given = 0 ;
@@ -105,6 +107,7 @@ void clear_args (struct gengetopt_args_info *args_info)
   args_info->bootstrap_orig = NULL;
   args_info->factoryBootstrap_arg = NULL;
   args_info->factoryBootstrap_orig = NULL;
+  args_info->secure_flag = 0;
   args_info->objDefs_arg = NULL;
   args_info->objDefs_orig = NULL;
   args_info->daemonize_flag = 0;
@@ -127,13 +130,14 @@ void init_args_info(struct gengetopt_args_info *args_info)
   args_info->endPointName_help = gengetopt_args_info_help[4] ;
   args_info->bootstrap_help = gengetopt_args_info_help[5] ;
   args_info->factoryBootstrap_help = gengetopt_args_info_help[6] ;
-  args_info->objDefs_help = gengetopt_args_info_help[7] ;
+  args_info->secure_help = gengetopt_args_info_help[7] ;
+  args_info->objDefs_help = gengetopt_args_info_help[8] ;
   args_info->objDefs_min = 1;
   args_info->objDefs_max = 16;
-  args_info->daemonize_help = gengetopt_args_info_help[8] ;
-  args_info->verbose_help = gengetopt_args_info_help[9] ;
-  args_info->logFile_help = gengetopt_args_info_help[10] ;
-  args_info->version_help = gengetopt_args_info_help[11] ;
+  args_info->daemonize_help = gengetopt_args_info_help[9] ;
+  args_info->verbose_help = gengetopt_args_info_help[10] ;
+  args_info->logFile_help = gengetopt_args_info_help[11] ;
+  args_info->version_help = gengetopt_args_info_help[12] ;
 
 }
 
@@ -375,6 +379,8 @@ cmdline_parser_dump(FILE *outfile, struct gengetopt_args_info *args_info)
     write_into_file(outfile, "bootstrap", args_info->bootstrap_orig, 0);
   if (args_info->factoryBootstrap_given)
     write_into_file(outfile, "factoryBootstrap", args_info->factoryBootstrap_orig, 0);
+  if (args_info->secure_given)
+    write_into_file(outfile, "secure", 0, 0 );
   write_multiple_into_file(outfile, args_info->objDefs_given, "objDefs", args_info->objDefs_orig, 0);
   if (args_info->daemonize_given)
     write_into_file(outfile, "daemonize", 0, 0 );
@@ -1545,6 +1551,7 @@ cmdline_parser_internal (
         { "endPointName",	1, NULL, 'e' },
         { "bootstrap",	1, NULL, 'b' },
         { "factoryBootstrap",	1, NULL, 'f' },
+        { "secure",	0, NULL, 's' },
         { "objDefs",	1, NULL, 'o' },
         { "daemonize",	0, NULL, 'd' },
         { "verbose",	0, NULL, 'v' },
@@ -1558,7 +1565,7 @@ cmdline_parser_internal (
       custom_opterr = opterr;
       custom_optopt = optopt;
 
-      c = custom_getopt_long (argc, argv, "hp:a:i:e:b:f:o:dvl:V", long_options, &option_index);
+      c = custom_getopt_long (argc, argv, "hp:a:i:e:b:f:so:dvl:V", long_options, &option_index);
 
       optarg = custom_optarg;
       optind = custom_optind;
@@ -1645,6 +1652,16 @@ cmdline_parser_internal (
               additional_error))
             goto failure;
 
+          break;
+        case 's':	/* CoAP communications are secured with DTLS.  */
+
+
+          if (update_arg((void *)&(args_info->secure_flag), 0, &(args_info->secure_given),
+              &(local_args_info.secure_given), optarg, 0, 0, ARG_FLAG,
+              check_ambiguity, override, 1, 0, "secure", 's',
+              additional_error))
+            goto failure;
+
           break;
         case 'o':	/* Load object and resource definitions from FILE.  */
 

diff --git a/core/src/client/awa_clientd_cmdline.h b/core/src/client/awa_clientd_cmdline.h
@@ -56,6 +56,8 @@ struct gengetopt_args_info
   char * factoryBootstrap_arg;	/**< @brief Load factory bootstrap information from FILE.  */
   char * factoryBootstrap_orig;	/**< @brief Load factory bootstrap information from FILE original value given at command line.  */
   const char *factoryBootstrap_help; /**< @brief Load factory bootstrap information from FILE help description.  */
+  int secure_flag;	/**< @brief CoAP communications are secured with DTLS (default=off).  */
+  const char *secure_help; /**< @brief CoAP communications are secured with DTLS help description.  */
   char ** objDefs_arg;	/**< @brief Load object and resource definitions from FILE.  */
   char ** objDefs_orig;	/**< @brief Load object and resource definitions from FILE original value given at command line.  */
   unsigned int objDefs_min; /**< @brief Load object and resource definitions from FILE's minimum occurreces */
@@ -78,6 +80,7 @@ struct gengetopt_args_info
   unsigned int endPointName_given ;	/**< @brief Whether endPointName was given.  */
   unsigned int bootstrap_given ;	/**< @brief Whether bootstrap was given.  */
   unsigned int factoryBootstrap_given ;	/**< @brief Whether factoryBootstrap was given.  */
+  unsigned int secure_given ;	/**< @brief Whether secure was given.  */
   unsigned int objDefs_given ;	/**< @brief Whether objDefs was given.  */
   unsigned int daemonize_given ;	/**< @brief Whether daemonize was given.  */
   unsigned int verbose_given ;	/**< @brief Whether verbose was given.  */

diff --git a/core/src/client/lwm2m_client.c b/core/src/client/lwm2m_client.c
@@ -195,14 +195,15 @@ static int Lwm2mClient_Start(Options * options)
     Lwm2m_Info("  IPC port       : %d\n", options->IpcPort);
     Lwm2m_Info("  Address family : IPv%d\n", options->AddressFamily == AF_INET ? 4 : 6);
 
-    CoapInfo * coap = coap_Init((options->AddressFamily == AF_INET) ? "0.0.0.0" : "::", options->CoapPort, false, (options->Verbose) ? DebugLevel_Debug : DebugLevel_Info);
+    CoapInfo * coap = coap_Init((options->AddressFamily == AF_INET) ? "0.0.0.0" : "::", options->CoapPort, false /* not a server */, (options->Verbose) ? DebugLevel_Debug : DebugLevel_Info);
     if (coap == NULL)
     {
         Lwm2m_Error("Failed to initialise CoAP on port %d\n", options->CoapPort);
         result = 1;
         goto error_close_log;
     }
 
+    // always set key
     coap_SetCertificate(clientCert, sizeof(clientCert), CertificateFormat_PEM);
     coap_SetPSK(pskIdentity, pskKey, sizeof(pskKey));
 

diff --git a/core/src/common/coap_abstraction_erbium.c b/core/src/common/coap_abstraction_erbium.c
@@ -353,6 +353,12 @@ void coap_createCoapRequest(coap_method_t method, const char * uri, ContentType
     coap_transaction_t *transaction;
     NetworkAddress * remoteAddress = NetworkAddress_New(uri, strlen(uri));
 
+    if ((strcmp(DTLS_LibraryName, "None") == 0) && NetworkAddress_IsSecure(remoteAddress))
+    {
+        Lwm2m_Error("Cannot send request to %s - not built with DTLS support\n\n", uri);
+        return;
+    }
+
     coap_getPathQueryFromURI(uri, path, query);
 
     Lwm2m_Info("Coap request: %s\n", uri);

diff --git a/core/src/common/dtls_abstraction_gnutls.c b/core/src/common/dtls_abstraction_gnutls.c
@@ -57,17 +57,17 @@ typedef struct
 
 const char * DTLS_LibraryName = "GnuTLS";
 
-DTLS_Session sessions[MAX_DTLS_SESSIONS];
+static DTLS_Session sessions[MAX_DTLS_SESSIONS];
 
-uint8_t * certificate = NULL;
-int certificateLength = 0;
-CertificateFormat certificateFormat;
+static uint8_t * certificate = NULL;
+static int certificateLength = 0;
+static CertificateFormat certificateFormat;
 
-const char * pskIdentity = NULL;
+static const char * pskIdentity = NULL;
 
-gnutls_datum_t pskKey;
+static  gnutls_datum_t pskKey;
 
-DTLS_NetworkSendCallback NetworkSend = NULL;
+static  DTLS_NetworkSendCallback NetworkSend = NULL;
 
 //Comment out as init of DH params takes a while
 //static gnutls_dh_params_t _DHParameters;

diff --git a/core/src/common/network_abstraction.h b/core/src/common/network_abstraction.h
@@ -70,6 +70,8 @@ void NetworkAddress_SetAddressType(NetworkAddress * address, AddressType * addre
 
 void NetworkAddress_Free(NetworkAddress ** address);
 
+bool NetworkAddress_IsSecure(const NetworkAddress * address);
+
 NetworkSocket * NetworkSocket_New(NetworkSocketType socketType, uint16_t port);
 
 NetworkSocketError NetworkSocket_GetError(NetworkSocket * networkSocket);

diff --git a/core/src/common/network_abstraction_linux.c b/core/src/common/network_abstraction_linux.c
@@ -319,6 +319,16 @@ void NetworkAddress_Free(NetworkAddress ** address)
     }
 }
 
+bool NetworkAddress_IsSecure(const NetworkAddress * address)
+{
+    bool result = false;
+    if (address)
+    {
+        result = address->Secure;
+    }
+    return result;
+}
+
 static void addCachedAddress(NetworkAddress * address, const char * uri, int uriLength)
 {
     if (address)

diff --git a/core/src/server/lwm2m_server.c b/core/src/server/lwm2m_server.c
@@ -332,6 +332,12 @@ static int ParseOptions(int argc, char ** argv, struct gengetopt_args_info * ai,
         options->Verbose = ai->verbose_flag;
         options->LogFile = ai->logFile_arg;
         options->Version = ai->version_flag;
+
+        if (options->Secure && strcmp(DTLS_LibraryName, "None") == 0)
+        {
+            printf("Error: not built with DTLS support\n\n");
+            result = EXIT_FAILURE;
+        }
     }
     else
     {