Merge pull request #39 from ARMmbed/no_ssl

Allow build without SSL

Author: kjbracey

source/coap_connection_handler.c

@@ -64,6 +64,9 @@ typedef struct secure_session {
     coap_security_t *sec_handler; //owned
     internal_socket_t *parent; //not owned
 
+    uint8_t  remote_address[16];
+    uint16_t remote_port;
+
     secure_timer_t timer;
 
     session_state_t session_state;
@@ -72,7 +75,7 @@ typedef struct secure_session {
 } secure_session_t;
 
 static NS_LIST_DEFINE(secure_session_list, secure_session_t, link);
-static int send_to_socket(int8_t socket_id, const uint8_t *address_ptr, uint16_t port, const uint8_t source_addr[static 16], const void *buf, size_t len);
+static int send_to_socket(int8_t socket_id, void *handle, const void *buf, size_t len);
 static int receive_from_socket(int8_t socket_id, unsigned char *buf, size_t len);
 static void start_timer(int8_t timer_id, uint32_t int_ms, uint32_t fin_ms);
 static int timer_status(int8_t timer_id);
@@ -146,8 +149,10 @@ static secure_session_t *secure_session_create(internal_socket_t *parent, const
         timer_id++;
     }
     this->timer.id = timer_id;
+    memcpy(this->remote_address, address_ptr, 16);
+    this->remote_port = port;
 
-    this->sec_handler = coap_security_create(parent->listen_socket, this->timer.id, address_ptr, port, ECJPAKE,
+    this->sec_handler = coap_security_create(parent->listen_socket, this->timer.id, this, ECJPAKE,
                                                &send_to_socket, &receive_from_socket, &start_timer, &timer_status);
     if( !this->sec_handler ){
         ns_dyn_mem_free(this);
@@ -178,8 +183,8 @@ static secure_session_t *secure_session_find(internal_socket_t *parent, const ui
     secure_session_t *this = NULL;
     ns_list_foreach(secure_session_t, cur_ptr, &secure_session_list) {
         if( cur_ptr->sec_handler ){
-            if (cur_ptr->parent == parent && cur_ptr->sec_handler->_remote_port == port &&
-                memcmp(cur_ptr->sec_handler->_remote_address, address_ptr, 16) == 0) {
+            if (cur_ptr->parent == parent && cur_ptr->remote_port == port &&
+                memcmp(cur_ptr->remote_address, address_ptr, 16) == 0) {
                 this = cur_ptr;
     //            hack_save_remote_address(address_ptr, port);
                 break;
@@ -219,7 +224,11 @@ static internal_socket_t *int_socket_create(uint16_t listen_port, bool use_ephem
         if( !is_secure ){
             this->listen_socket = socket_open(SOCKET_UDP, listen_port, recv_sckt_msg);
         }else{
+#ifdef COAP_SECURITY_AVAILABLE
             this->listen_socket = socket_open(SOCKET_UDP, listen_port, secure_recv_sckt_msg);
+#else
+            tr_err("Secure CoAP unavailable - SSL library not configured, possibly due to lack of entropy source");
+#endif
         }
         // Socket create failed
         if(this->listen_socket < 0){
@@ -329,15 +338,16 @@ static int8_t send_to_real_socket(int8_t socket_id, const ns_address_t *address,
     return socket_sendmsg(socket_id, &msghdr, 0);
 }
 
-static int send_to_socket(int8_t socket_id, const uint8_t *address_ptr, uint16_t port, const uint8_t source_addr[static 16], const void *buf, size_t len)
+static int send_to_socket(int8_t socket_id, void *handle, const void *buf, size_t len)
 {
+    secure_session_t *session = handle;
     internal_socket_t *sock = int_socket_find_by_socket_id(socket_id);
     if(!sock){
         return -1;
     }
     if(!sock->real_socket){
         // Send to virtual socket cb
-        int ret = sock->parent->_send_cb(sock->listen_socket, address_ptr, port, buf, len);
+        int ret = sock->parent->_send_cb(sock->listen_socket, session->remote_address, session->remote_port, buf, len);
         if( ret < 0 )
             return ret;
         return len;
@@ -353,7 +363,7 @@ static int send_to_socket(int8_t socket_id, const uint8_t *address_ptr, uint16_t
     //For some reason socket_sendto returns 0 in success, while other socket impls return number of bytes sent!!!
     //TODO: check if address_ptr is valid and use that instead if it is
 
-    int8_t ret = send_to_real_socket(sock->listen_socket, &sock->dest_addr, source_addr, buf, len);
+    int8_t ret = send_to_real_socket(sock->listen_socket, &sock->dest_addr, session->remote_address, buf, len);
     if (ret < 0) {
         return ret;
     }
@@ -536,8 +546,8 @@ static void secure_recv_sckt_msg(void *cb_res)
         }
         session->last_contact_time = coap_service_get_internal_timer_ticks();
         // Start handshake
-        if (!session->sec_handler->_is_started) {
-            uint8_t *pw = (uint8_t *)ns_dyn_mem_alloc(64);
+        if (!coap_security_handler_is_started(session->sec_handler) ){
+            uint8_t *pw = ns_dyn_mem_alloc(64);
             uint8_t pw_len;
             if( sock->parent->_get_password_cb && 0 == sock->parent->_get_password_cb(sock->listen_socket, src_address.address, src_address.identifier, pw, &pw_len)){
                 //TODO: get_password_cb should support certs and PSK also
@@ -560,7 +570,7 @@ static void secure_recv_sckt_msg(void *cb_res)
                     if( sock->parent->_security_done_cb ){
                         sock->parent->_security_done_cb(sock->listen_socket, src_address.address,
                                                        src_address.identifier,
-                                                       session->sec_handler->_keyblk.value);
+                                                       (void *)coap_security_handler_keyblock(session->sec_handler));
                     }
                 } else if (ret < 0){
                     // error handling
@@ -641,8 +651,8 @@ int coap_connection_handler_virtual_recv(coap_conn_handler_t *handler, uint8_t a
 
         session->last_contact_time = coap_service_get_internal_timer_ticks();
 
-        if (!session->sec_handler->_is_started) {
-            uint8_t *pw = (uint8_t *)ns_dyn_mem_alloc(64);
+        if (!coap_security_handler_is_started(session->sec_handler)) {
+            uint8_t *pw = ns_dyn_mem_alloc(64);
             uint8_t pw_len;
             if (sock->parent->_get_password_cb && 0 == sock->parent->_get_password_cb(sock->listen_socket, address, port, pw, &pw_len)) {
                 //TODO: get_password_cb should support certs and PSK also
@@ -665,7 +675,7 @@ int coap_connection_handler_virtual_recv(coap_conn_handler_t *handler, uint8_t a
                     if( handler->_security_done_cb ){
                         handler->_security_done_cb(sock->listen_socket,
                                                   address, port,
-                                                  session->sec_handler->_keyblk.value);
+                                                  (void *)coap_security_handler_keyblock(session->sec_handler));
                     }
                     return 0;
                 }
@@ -807,7 +817,7 @@ int coap_connection_handler_send_data(coap_conn_handler_t *handler, const ns_add
             memcpy( handler->socket->dest_addr.address, dest_addr->address, 16 );
             handler->socket->dest_addr.identifier = dest_addr->identifier;
             handler->socket->dest_addr.type = dest_addr->type;
-            uint8_t *pw = (uint8_t *)ns_dyn_mem_alloc(64);
+            uint8_t *pw = ns_dyn_mem_alloc(64);
             if (!pw) {
                 //todo: free secure session?
                 return -1;

source/coap_security_handler.c

@@ -6,19 +6,54 @@
 #include <time.h>
 #include <stdlib.h>
 
+#include "coap_security_handler.h"
+
+#ifdef COAP_SECURITY_AVAILABLE
+
 #include "mbedtls/sha256.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform.h"
 #include "mbedtls/ssl_cookie.h"
+#include "mbedtls/entropy.h"
 #include "mbedtls/entropy_poll.h"
-#include "mbedtls/ssl.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/ssl_ciphersuites.h"
+
 #include "ns_trace.h"
 #include "nsdynmemLIB.h"
 #include "coap_connection_handler.h"
-#include "coap_security_handler.h"
 #include "randLIB.h"
-#include "mbedtls/ssl_ciphersuites.h"
-#include "socket_api.h"
+
+struct coap_security_s {
+    mbedtls_ssl_config          _conf;
+    mbedtls_ssl_context         _ssl;
+
+    mbedtls_ctr_drbg_context    _ctr_drbg;
+    mbedtls_entropy_context     _entropy;
+    bool                        _is_started;
+    simple_cookie_t             _cookie;
+    key_block_t                 _keyblk;
+
+    SecureConnectionMode        _conn_mode;
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    mbedtls_x509_crt            _cacert;
+    mbedtls_x509_crt            _owncert;
+#endif
+    mbedtls_pk_context          _pkey;
+
+    uint8_t                     _pw[64];
+    uint8_t                     _pw_len;
+
+    bool                        _is_blocking;
+    int8_t                      _socket_id;
+    int8_t                      _timer_id;
+    void                        *_handle;
+    send_cb                     *_send_cb;
+    receive_cb                  *_receive_cb;
+    start_timer_cb              *_start_timer_cb;
+    timer_status_cb             *_timer_status_cb;
+
+};
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 const int ECJPAKE_SUITES[] = {
@@ -78,6 +113,16 @@ static int coap_security_handler_init(coap_security_t *sec){
     return 0;
 }
 
+bool coap_security_handler_is_started(const coap_security_t *sec)
+{
+    return sec->_is_started;
+}
+
+const void *coap_security_handler_keyblock(const coap_security_t *sec)
+{
+    return sec->_keyblk.value;
+}
+
 static void coap_security_handler_reset(coap_security_t *sec){
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
     mbedtls_x509_crt_free(&sec->_cacert);
@@ -93,13 +138,13 @@ static void coap_security_handler_reset(coap_security_t *sec){
 }
 
 
-coap_security_t *coap_security_create(int8_t socket_id, int8_t timer_id, const uint8_t *address_ptr, uint16_t port, SecureConnectionMode mode,
+coap_security_t *coap_security_create(int8_t socket_id, int8_t timer_id, void *handle, SecureConnectionMode mode,
                                           send_cb *socket_cb,
                                           receive_cb *receive_data_cb,
                                           start_timer_cb *timer_start_cb,
                                           timer_status_cb *timer_stat_cb)
 {
-    if (!address_ptr || socket_cb == NULL || receive_data_cb == NULL || timer_start_cb == NULL || timer_stat_cb == NULL) {
+    if (socket_cb == NULL || receive_data_cb == NULL || timer_start_cb == NULL || timer_stat_cb == NULL) {
         return NULL;
     }
     coap_security_t *this = ns_dyn_mem_alloc(sizeof(coap_security_t));
@@ -111,8 +156,7 @@ coap_security_t *coap_security_create(int8_t socket_id, int8_t timer_id, const u
         ns_dyn_mem_free(this);
         return NULL;
     }
-    this->_remote_port = port;
-    memcpy(this->_remote_address, address_ptr, 16);
+    this->_handle = handle;
     this->_conn_mode = mode;
     memset(this->_pw, 0, 64);
     this->_pw_len = 0;
@@ -552,7 +596,7 @@ static int get_timer(void *sec_obj)
 
 int f_send( void *ctx, const unsigned char *buf, size_t len){
     coap_security_t *sec = (coap_security_t *)ctx;
-    return sec->_send_cb(sec->_socket_id, sec->_remote_address, sec->_remote_port, ns_in6addr_any, buf, len);
+    return sec->_send_cb(sec->_socket_id, sec->_handle, buf, len);
 }
 
 int f_recv(void *ctx, unsigned char *buf, size_t len){
@@ -580,3 +624,5 @@ int entropy_poll( void *ctx, unsigned char *output, size_t len,
     ns_dyn_mem_free(c);
     return( 0 );
 }
+
+#endif // COAP_SECURITY_AVAILABLE

source/include/coap_security_handler.h

@@ -21,11 +21,13 @@
 #include <stddef.h>
 #include <inttypes.h>
 #include <stdbool.h>
-#include "mbedtls/platform.h"
+
+#ifdef NS_USE_EXTERNAL_MBED_TLS
 #include "mbedtls/ssl.h"
-#include "mbedtls/sha256.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
+#ifdef MBEDTLS_SSL_TLS_C
+#define COAP_SECURITY_AVAILABLE
+#endif
+#endif
 
 #define COOKIE_SIMPLE_LEN 8
 typedef struct simple_cookie {
@@ -38,7 +40,7 @@ typedef struct key_block {
     unsigned char value[KEY_BLOCK_LEN];
 } key_block_t;
 
-typedef int send_cb(int8_t socket_id, const uint8_t *address_ptr, uint16_t port, const uint8_t source_addr[static 16], const void *, size_t);
+typedef int send_cb(int8_t socket_id, void *handle, const void *buf, size_t);
 typedef int receive_cb(int8_t socket_id, unsigned char *, size_t);
 typedef void start_timer_cb(int8_t timer_id, uint32_t min, uint32_t fin);
 typedef int timer_status_cb(int8_t timer_id);
@@ -66,40 +68,11 @@ typedef struct {
     uint8_t _priv_len;
 } coap_security_keys_t;
 
-typedef struct coap_security_s {
-    mbedtls_ssl_config          _conf;
-    mbedtls_ssl_context         _ssl;
-
-    mbedtls_ctr_drbg_context    _ctr_drbg;
-    mbedtls_entropy_context     _entropy;
-    bool                        _is_started;
-    simple_cookie_t             _cookie;
-    key_block_t                 _keyblk;
-
-    SecureConnectionMode        _conn_mode;
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    mbedtls_x509_crt            _cacert;
-    mbedtls_x509_crt            _owncert;
-#endif
-    mbedtls_pk_context          _pkey;
-
-    uint8_t                     _remote_address[16];
-    uint16_t                    _remote_port;
-
-    uint8_t                     _pw[64];
-    uint8_t                     _pw_len;
+typedef struct coap_security_s coap_security_t;
 
-    bool                        _is_blocking;
-    int8_t                      _socket_id;
-    int8_t                      _timer_id;
-    send_cb                     *_send_cb;
-    receive_cb                  *_receive_cb;
-    start_timer_cb              *_start_timer_cb;
-    timer_status_cb             *_timer_status_cb;
+#ifdef COAP_SECURITY_AVAILABLE
 
-} coap_security_t;
-
-coap_security_t *coap_security_create(int8_t socket_id, int8_t timer_id, const uint8_t *address_ptr, uint16_t port,
+coap_security_t *coap_security_create(int8_t socket_id, int8_t timer_id, void *handle,
                                           SecureConnectionMode mode,
                                           send_cb *send_cb,
                                           receive_cb *receive_cb,
@@ -120,4 +93,30 @@ int coap_security_send_close_alert(coap_security_t *sec);
 
 int coap_security_handler_read(coap_security_t *sec, unsigned char* buffer, size_t len);
 
+bool coap_security_handler_is_started(const coap_security_t *sec);
+
+const void *coap_security_handler_keyblock(const coap_security_t *sec);
+
+#else
+
+/* Dummy definitions, including needed error codes */
+#define MBEDTLS_ERR_SSL_TIMEOUT (-1)
+#define MBEDTLS_ERR_SSL_WANT_READ (-2)
+#define MBEDTLS_ERR_SSL_WANT_WRITE (-3)
+#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE (-4)
+
+#define coap_security_create(socket_id, timer_id, handle, \
+                             mode, send_cb, receive_cb, start_timer_cb, timer_status_cb) ((coap_security_t *) 0)
+#define coap_security_destroy(sec) ((void) 0)
+#define coap_security_handler_connect(sec, is_server, sock_mode, keys) (-1)
+#define coap_security_handler_connect_non_blocking(sec, is_server, sock_mode, keys, timeout_min, timeout_max) (-1)
+#define coap_security_handler_continue_connecting(sec) (-1)
+#define coap_security_handler_send_message(sec, message, len) (-1)
+#define coap_security_send_close_alert(sec) (-1)
+#define coap_security_handler_read(sec, buffer, len) (-1)
+#define coap_security_handler_is_started(sec) false
+#define coap_security_handler_keyblock(sec) ((void *) 0)
+
+#endif /* COAP_SECURITY_AVAILABLE */
+
 #endif