Squashed 'features/nanostack/coap-service/' changes from c021690..9a9085d

artokin · artokin · commit a2cc668ba79d · 2021-09-23T10:27:02.000+03:00
9a9085d Updated coap service to be compatible with mbed TLS 3.0 (ARMmbed#135) bbe0173 (via Mbed OS) mbedtls_stub: Add missing include (ARMmbed#134) git-subtree-dir: features/nanostack/coap-service git-subtree-split: 9a9085d
diff --git a/source/coap_security_handler.c b/source/coap_security_handler.c
@@ -23,12 +23,12 @@
 
 #ifdef COAP_SECURITY_AVAILABLE
 
+#include "mbedtls/version.h"
 #include "mbedtls/sha256.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform.h"
 #include "mbedtls/ssl_cookie.h"
 #include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/hmac_drbg.h"
 #include "mbedtls/ssl_ciphersuites.h"
@@ -310,6 +310,7 @@ static int simple_cookie_check(void *ctx,
 
 /**** Key export function ****/
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+#if (MBEDTLS_VERSION_MAJOR < 3)
 static int export_key_block(void *ctx,
                             const unsigned char *mk, const unsigned char *kb,
                             size_t maclen, size_t keylen, size_t ivlen)
@@ -330,6 +331,7 @@ static int export_key_block(void *ctx,
     return 0;
 }
 #endif
+#endif
 
 static int coap_security_handler_configure_keys(coap_security_t *sec, coap_security_keys_t keys, bool is_server)
 {
@@ -343,9 +345,15 @@ static int coap_security_handler_configure_keys(coap_security_t *sec, coap_secur
                 break;
             }
 
+#if (MBEDTLS_VERSION_MAJOR >= 3)
+            if (mbedtls_pk_parse_key(&sec->_pkey, keys._priv_key, keys._priv_key_len, NULL, 0, DRBG_RANDOM, &sec->_drbg) < 0) {
+                break;
+            }
+#else
             if (mbedtls_pk_parse_key(&sec->_pkey, keys._priv_key, keys._priv_key_len, NULL, 0) < 0) {
                 break;
             }
+#endif
 
             if (0 != mbedtls_ssl_conf_own_cert(&sec->_conf, &sec->_owncert, &sec->_pkey)) {
                 break;
@@ -378,10 +386,15 @@ static int coap_security_handler_configure_keys(coap_security_t *sec, coap_secur
             mbedtls_ssl_conf_ciphersuites(&sec->_conf, ECJPAKE_SUITES);
 #endif /* !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) */
 
+#if (MBEDTLS_VERSION_MAJOR >= 3)
+            tr_error("FATAL ERROR: support for mbedtls_ssl_set_export_keys_cb() not implemented");
+#else
             //NOTE: If thread starts supporting PSK in other modes, then this will be needed!
             mbedtls_ssl_conf_export_keys_cb(&sec->_conf,
                                             export_key_block,
                                             &sec->_keyblk);
+#endif
+
             ret = 0;
 #endif
             break;
@@ -512,9 +525,15 @@ int coap_security_handler_continue_connecting(coap_security_t *sec)
             return ret;
         }
 
+#if (MBEDTLS_VERSION_MAJOR >= 3)
+        if (sec->_ssl.private_state == MBEDTLS_SSL_HANDSHAKE_OVER) {
+            return 0;
+        }
+#else
         if (sec->_ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER) {
             return 0;
         }
+#endif
     }
 
     if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
diff --git a/source/include/coap_security_handler.h b/source/include/coap_security_handler.h
@@ -20,12 +20,8 @@
 #include "ns_types.h"
 
 #ifdef NS_USE_EXTERNAL_MBED_TLS
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
 // cppcheck-suppress preprocessorErrorDirective
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/version.h"
 
 #if defined(MBEDTLS_SSL_TLS_C)
 #include "mbedtls/ssl.h"
diff --git a/test/coap-service/unittest/coap_security_handler/test_coap_security_handler.c b/test/coap-service/unittest/coap_security_handler/test_coap_security_handler.c
@@ -184,7 +184,7 @@ bool test_coap_security_handler_connect()
     }
 
     mbedtls_stub.counter = 0;
-    mbedtls_stub.retArray[5] = MBEDTLS_ERR_SSL_BAD_HS_FINISHED;
+    mbedtls_stub.retArray[5] = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
 
     if (-1 != coap_security_handler_connect_non_blocking(handle, true, DTLS, keys, 0, 1)) {
         return false;
@@ -230,9 +230,9 @@ bool test_coap_security_handler_continue_connecting()
     }
 
     mbedtls_stub.counter = 0;
-    mbedtls_stub.retArray[0] = MBEDTLS_ERR_SSL_BAD_HS_FINISHED;
+    mbedtls_stub.retArray[0] = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
 
-    if (MBEDTLS_ERR_SSL_BAD_HS_FINISHED != coap_security_handler_continue_connecting(handle)) {
+    if (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL != coap_security_handler_continue_connecting(handle)) {
         return false;
     }
 
diff --git a/test/coap-service/unittest/stub/mbedtls_stub.c b/test/coap-service/unittest/stub/mbedtls_stub.c
@@ -15,6 +15,7 @@
  * limitations under the License.
  */
 
+#include <string.h> // memset
 #include "mbedtls_stub.h"
 
 mbedtls_stub_def mbedtls_stub;
@@ -26,8 +27,11 @@ int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl)
 
         if (mbedtls_stub.retArray[mbedtls_stub.counter] == HANDSHAKE_FINISHED_VALUE ||
                 mbedtls_stub.retArray[mbedtls_stub.counter] == HANDSHAKE_FINISHED_VALUE_RETURN_ZERO) {
-
+#if (MBEDTLS_VERSION_MAJOR >= 3)
+            ssl->private_state = MBEDTLS_SSL_HANDSHAKE_OVER;
+#else
             ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER;
+#endif
             if (mbedtls_stub.retArray[mbedtls_stub.counter] == HANDSHAKE_FINISHED_VALUE_RETURN_ZERO) {
                 return 0;
             }
@@ -345,9 +349,16 @@ int mbedtls_entropy_add_source(mbedtls_entropy_context *a,
 }
 
 //From pk.h
+#if (MBEDTLS_VERSION_MAJOR >= 3)
+int mbedtls_pk_parse_key(mbedtls_pk_context *ctx,
+                         const unsigned char *b, size_t c,
+                         const unsigned char *d, size_t e,
+                         int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
+#else
 int mbedtls_pk_parse_key(mbedtls_pk_context *a,
                          const unsigned char *b, size_t c,
                          const unsigned char *d, size_t e)
+#endif
 {
     if (mbedtls_stub.useCounter) {
         return mbedtls_stub.retArray[mbedtls_stub.counter++];
@@ -395,6 +406,7 @@ void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf,
     }
 }
 
+#if (MBEDTLS_VERSION_MAJOR < 3)
 void mbedtls_ssl_conf_export_keys_cb(mbedtls_ssl_config *conf,
                                      mbedtls_ssl_export_keys_t *f_export_keys,
                                      void *p_export_keys)
@@ -407,6 +419,7 @@ void mbedtls_ssl_conf_export_keys_cb(mbedtls_ssl_config *conf,
         f_export_keys(p_export_keys, &value, "", 0, 20, 0); //success case
     }
 }
+#endif
 
 int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl)
 {

Original file line number	Diff line number	Diff line change
`@@ -184,7 +184,7 @@ bool test_coap_security_handler_connect()`
`184`	`184`	`}`
`185`	`185`
`186`	`186`	`mbedtls_stub.counter = 0;`
`187`		`- mbedtls_stub.retArray[5] = MBEDTLS_ERR_SSL_BAD_HS_FINISHED;`
	`187`	`+ mbedtls_stub.retArray[5] = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;`
`188`	`188`
`189`	`189`	`if (-1 != coap_security_handler_connect_non_blocking(handle, true, DTLS, keys, 0, 1)) {`
`190`	`190`	`return false;`
`@@ -230,9 +230,9 @@ bool test_coap_security_handler_continue_connecting()`
`230`	`230`	`}`
`231`	`231`
`232`	`232`	`mbedtls_stub.counter = 0;`
`233`		`- mbedtls_stub.retArray[0] = MBEDTLS_ERR_SSL_BAD_HS_FINISHED;`
	`233`	`+ mbedtls_stub.retArray[0] = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;`
`234`	`234`
`235`		`- if (MBEDTLS_ERR_SSL_BAD_HS_FINISHED != coap_security_handler_continue_connecting(handle)) {`
	`235`	`+ if (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL != coap_security_handler_continue_connecting(handle)) {`
`236`	`236`	`return false;`
`237`	`237`	`}`
`238`	`238`
Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@`
`15`	`15`	`* limitations under the License.`
`16`	`16`	`*/`
`17`	`17`
	`18`	`+#include <string.h> // memset`
`18`	`19`	`#include "mbedtls_stub.h"`
`19`	`20`
`20`	`21`	`mbedtls_stub_def mbedtls_stub;`
`@@ -26,8 +27,11 @@ int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl)`
`26`	`27`
`27`	`28`	`if (mbedtls_stub.retArray[mbedtls_stub.counter] == HANDSHAKE_FINISHED_VALUE \|\|`
`28`	`29`	`mbedtls_stub.retArray[mbedtls_stub.counter] == HANDSHAKE_FINISHED_VALUE_RETURN_ZERO) {`
`29`		`-`
	`30`	`+#if (MBEDTLS_VERSION_MAJOR >= 3)`
	`31`	`+ ssl->private_state = MBEDTLS_SSL_HANDSHAKE_OVER;`
	`32`	`+#else`
`30`	`33`	`ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER;`
	`34`	`+#endif`
`31`	`35`	`if (mbedtls_stub.retArray[mbedtls_stub.counter] == HANDSHAKE_FINISHED_VALUE_RETURN_ZERO) {`
`32`	`36`	`return 0;`
`33`	`37`	`}`
`@@ -345,9 +349,16 @@ int mbedtls_entropy_add_source(mbedtls_entropy_context *a,`
`345`	`349`	`}`
`346`	`350`
`347`	`351`	`//From pk.h`
	`352`	`+#if (MBEDTLS_VERSION_MAJOR >= 3)`
	`353`	`+int mbedtls_pk_parse_key(mbedtls_pk_context *ctx,`
	`354`	`+ const unsigned char *b, size_t c,`
	`355`	`+ const unsigned char *d, size_t e,`
	`356`	`+ int (f_rng)(void , unsigned char , size_t), void p_rng)`
	`357`	`+#else`
`348`	`358`	`int mbedtls_pk_parse_key(mbedtls_pk_context *a,`
`349`	`359`	`const unsigned char *b, size_t c,`
`350`	`360`	`const unsigned char *d, size_t e)`
	`361`	`+#endif`
`351`	`362`	`{`
`352`	`363`	`if (mbedtls_stub.useCounter) {`
`353`	`364`	`return mbedtls_stub.retArray[mbedtls_stub.counter++];`
`@@ -395,6 +406,7 @@ void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf,`
`395`	`406`	`}`
`396`	`407`	`}`
`397`	`408`
	`409`	`+#if (MBEDTLS_VERSION_MAJOR < 3)`
`398`	`410`	`void mbedtls_ssl_conf_export_keys_cb(mbedtls_ssl_config *conf,`
`399`	`411`	`mbedtls_ssl_export_keys_t *f_export_keys,`
`400`	`412`	`void *p_export_keys)`
`@@ -407,6 +419,7 @@ void mbedtls_ssl_conf_export_keys_cb(mbedtls_ssl_config *conf,`
`407`	`419`	`f_export_keys(p_export_keys, &value, "", 0, 20, 0); //success case`
`408`	`420`	`}`
`409`	`421`	`}`
	`422`	`+#endif`
`410`	`423`
`411`	`424`	`int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl)`
`412`	`425`	`{`