example/gcoap: add DTLS support

2024-12-29 04:50:03 +01:00 · 2021-01-28 10:21:55 +01:00 · 2021-01-28 10:21:55 +01:00 · 0a8eaea889
commit 0a8eaea889
parent 23a8659bdf
8 changed files with 262 additions and 1 deletions
--- a/examples/gcoap/gcoap_cli.c
+++ b/examples/gcoap/gcoap_cli.c
@ -30,6 +30,28 @@
 #define ENABLE_DEBUG 0
 #include "debug.h"

+#if IS_USED(MODULE_GCOAP_DTLS)
+#include "net/credman.h"
+#include "net/dsm.h"
+#include "tinydtls_keys.h"
+
+/* Example credential tag for credman. Tag together with the credential type needs to be unique. */
+#define GCOAP_DTLS_CREDENTIAL_TAG 10
+
+static const uint8_t psk_id_0[] = PSK_DEFAULT_IDENTITY;
+static const uint8_t psk_key_0[] = PSK_DEFAULT_KEY;
+static const credman_credential_t credential = {
+    .type = CREDMAN_TYPE_PSK,
+    .tag = GCOAP_DTLS_CREDENTIAL_TAG,
+    .params = {
+        .psk = {
+            .key = { .s = psk_key_0, .len = sizeof(psk_key_0) - 1, },
+            .id = { .s = psk_id_0, .len = sizeof(psk_id_0) - 1, },
+        }
+    },
+};
+#endif
+
 static bool _proxied = false;
 static sock_udp_ep_t _proxy_remote;
 static char proxy_uri[64];
@ -316,7 +338,16 @@ int gcoap_cli_cmd(int argc, char **argv)
    if (strcmp(argv[1], "info") == 0) {
        uint8_t open_reqs = gcoap_op_state();

-        printf("CoAP server is listening on port %u\n", CONFIG_GCOAP_PORT);
+        if (IS_USED(MODULE_GCOAP_DTLS)) {
+            printf("CoAP server is listening on port %u\n", CONFIG_GCOAPS_PORT);
+        } else {
+            printf("CoAP server is listening on port %u\n", CONFIG_GCOAP_PORT);
+        }
+#if IS_USED(MODULE_GCOAP_DTLS)
+        printf("Connection secured with DTLS\n");
+        printf("Free DTLS session slots: %d/%d\n", dsm_get_num_available_slots(),
+                dsm_get_num_maximum_slots());
+#endif
        printf(" CLI requests sent: %u\n", req_count);
        printf("CoAP open requests: %u\n", open_reqs);
        printf("Configured Proxy: ");
@ -466,5 +497,19 @@ int gcoap_cli_cmd(int argc, char **argv)

 void gcoap_cli_init(void)
 {
+#if IS_USED(MODULE_GCOAP_DTLS)
+    int res = credman_add(&credential);
+    if (res < 0 && res != CREDMAN_EXIST) {
+        /* ignore duplicate credentials */
+        printf("gcoap: cannot add credential to system: %d\n", res);
+        return;
+    }
+    sock_dtls_t *gcoap_sock_dtls = gcoap_get_sock_dtls();
+    res = sock_dtls_add_credential(gcoap_sock_dtls, GCOAP_DTLS_CREDENTIAL_TAG);
+    if (res < 0) {
+        printf("gcoap: cannot add credential to DTLS sock: %d\n", res);
+    }
+#endif
+
    gcoap_register_listener(&_listener);
 }
--- a/examples/gcoap_dtls/Makefile
+++ b/examples/gcoap_dtls/Makefile
@ -0,0 +1,85 @@
+# Default Makefile, for host native GNRC-based networking
+
+# name of your application
+APPLICATION = gcoap_example
+
+# If no BOARD is found in the environment, use this default:
+BOARD ?= native
+
+# This has to be the absolute path to the RIOT base directory:
+RIOTBASE ?= $(CURDIR)/../..
+
+# Include packages that pull up and auto-init the link layer.
+# NOTE: 6LoWPAN will be included if IEEE802.15.4 devices are present
+USEMODULE += gnrc_netdev_default
+USEMODULE += auto_init_gnrc_netif
+# Specify the mandatory networking modules
+USEMODULE += gnrc_ipv6_default
+USEMODULE += gcoap
+# Additional networking modules that can be dropped if not needed
+USEMODULE += gnrc_icmpv6_echo
+
+# Required by gcoap example
+USEMODULE += od
+USEMODULE += fmt
+# Add also the shell, some shell commands
+USEMODULE += shell
+USEMODULE += shell_commands
+USEMODULE += ps
+
+# Comment this out to disable code in RIOT that does safety checking
+# which is not needed in a production environment but helps in the
+# development process:
+DEVELHELP ?= 1
+
+# Change this to 0 show compiler invocation lines by default:
+QUIET ?= 1
+
+# Enables DTLS-secured CoAP messaging
+GCOAP_ENABLE_DTLS ?= 1
+ifeq (1,$(GCOAP_ENABLE_DTLS))
+	# Required by DTLS. Currently, only tinyDTLS is supported by sock_dtls.
+	USEPKG += tinydtls
+	USEMODULE += sock_dtls
+	USEMODULE += tinydtls_sock_dtls
+	USEMODULE += gcoap_dtls
+	# tinydtls needs crypto secure PRNG
+	USEMODULE += prng_sha1prng
+
+	# Maximum number of DTLS sessions
+	CFLAGS += -DDTLS_PEER_MAX=1
+endif
+
+# Instead of simulating an Ethernet connection, we can also simulate
+# an IEEE 802.15.4 radio using ZEP
+USE_ZEP ?= 0
+
+# set the ZEP port for native
+ZEP_PORT_BASE ?= 17754
+ifeq (1,$(USE_ZEP))
+  TERMFLAGS += -z [::1]:$(ZEP_PORT_BASE)
+  USEMODULE += socket_zep
+
+  ifneq (,$(ZEP_MAC))
+    TERMFLAGS += --eui64=$(ZEP_MAC)
+  endif
+endif
+
+include $(RIOTBASE)/Makefile.include
+
+# For now this goes after the inclusion of Makefile.include so Kconfig symbols
+# are available. Only set configuration via CFLAGS if Kconfig is not being used
+# for this module.
+ifndef CONFIG_KCONFIG_MODULE_GCOAP
+## Uncomment to redefine port, for example use 61616 for RFC 6282 UDP compression.
+#GCOAP_PORT = 5683
+#CFLAGS += -DCONFIG_GCOAP_PORT=$(GCOAP_PORT)
+
+## Uncomment to redefine request token length, max 8.
+#GCOAP_TOKENLEN = 2
+#CFLAGS += -DCONFIG_GCOAP_TOKENLEN=$(GCOAP_TOKENLEN)
+
+# Increase from default for confirmable block2 follow-on requests
+GCOAP_RESEND_BUFS_MAX ?= 2
+CFLAGS += -DCONFIG_GCOAP_RESEND_BUFS_MAX=$(GCOAP_RESEND_BUFS_MAX)
+endif
--- a/examples/gcoap_dtls/Makefile.ci
+++ b/examples/gcoap_dtls/Makefile.ci
@ -0,0 +1,53 @@
+BOARD_INSUFFICIENT_MEMORY := \
+    airfy-beacon \
+    blackpill \
+    bluepill \
+    hifive1 \
+    hifive1b \
+    im880b \
+    microbit \
+    nrf51dongle \
+    nrf6310 \
+    nucleo-f070rb \
+    nucleo-f072rb \
+    nucleo-f302r8 \
+    saml10-xpro \
+    saml11-xpro \
+    stm32mp157c-dk2 \
+    yunjia-nrf51822 \
+    arduino-duemilanove \
+    arduino-leonardo \
+    arduino-mega2560 \
+    arduino-nano \
+    arduino-uno \
+    atmega1284p \
+    atmega328p \
+    atmega328p-xplained-mini \
+    atxmega-a1u-xpro \
+    atxmega-a3bu-xplained \
+    bluepill-stm32f030c8 \
+    derfmega128 \
+    i-nucleo-lrwan1 \
+    mega-xplained \
+    microduino-corerf \
+    msb-430 \
+    msb-430h \
+    nucleo-f030r8 \
+    nucleo-f031k6 \
+    nucleo-f042k6 \
+    nucleo-f303k8 \
+    nucleo-f334r8 \
+    nucleo-l011k4 \
+    nucleo-l031k6 \
+    nucleo-l053r8 \
+    samd10-xmini \
+    slstk3400a \
+    stk3200 \
+    stm32f030f4-demo \
+    stm32f0discovery \
+    stm32l0538-disco \
+    telosb \
+    waspmote-pro \
+    z1 \
+    zigduino \
+    #
--- a/examples/gcoap_dtls/Makefile.slip
+++ b/examples/gcoap_dtls/Makefile.slip
@ -0,0 +1 @@
+../gcoap/Makefile.slip
--- a/examples/gcoap_dtls/README.md
+++ b/examples/gcoap_dtls/README.md
@ -0,0 +1,12 @@
+## About
+
+This is an additional gcoap example, but with enabled DTLS. It only provides a
+custom configured makefile, while the code is a symlink to the original gcoap
+example. Therefore, the infos and usage notes of the other README also applies to this
+example.
+
+Please note, that with DTLS the default port is 5684 and not 5683, thus CoAP requests
+must be sent to this port.
+
+Since DTLS has higher memory and and ROM requirements, more boards are blacklisted
+for this example compared to the non-DTLS gcoap example.
--- a/examples/gcoap_dtls/gcoap_cli.c
+++ b/examples/gcoap_dtls/gcoap_cli.c
@ -0,0 +1 @@
+../gcoap/gcoap_cli.c
--- a/examples/gcoap_dtls/main.c
+++ b/examples/gcoap_dtls/main.c
@ -0,0 +1 @@
+../gcoap/main.c
--- a/examples/gcoap_dtls/tinydtls_keys.h
+++ b/examples/gcoap_dtls/tinydtls_keys.h
@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2018 Inria
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     examples
+ * @{
+ *
+ * @file
+ * @brief       PSK and RPK keys for the dtls-sock example.
+ *
+ * @author      Raul Fuentes <raul.fuentes-samaniego@inria.fr>
+ *
+ * @}
+ */
+
+#ifndef TINYDTLS_KEYS_H
+#define TINYDTLS_KEYS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ *  Default keys examples for tinyDTLS (for RIOT, Linux and Contiki)
+ */
+#define PSK_DEFAULT_IDENTITY "Client_identity"
+#define PSK_DEFAULT_KEY "secretPSK"
+#define PSK_OPTIONS "i:k:"
+#define PSK_ID_MAXLEN 32
+#define PSK_MAXLEN 32
+
+#ifdef CONFIG_DTLS_ECC
+static const unsigned char ecdsa_priv_key[] = {
+    0x41, 0xC1, 0xCB, 0x6B, 0x51, 0x24, 0x7A, 0x14,
+    0x43, 0x21, 0x43, 0x5B, 0x7A, 0x80, 0xE7, 0x14,
+    0x89, 0x6A, 0x33, 0xBB, 0xAD, 0x72, 0x94, 0xCA,
+    0x40, 0x14, 0x55, 0xA1, 0x94, 0xA9, 0x49, 0xFA
+};
+
+static const unsigned char ecdsa_pub_key_x[] = {
+    0x36, 0xDF, 0xE2, 0xC6, 0xF9, 0xF2, 0xED, 0x29,
+    0xDA, 0x0A, 0x9A, 0x8F, 0x62, 0x68, 0x4E, 0x91,
+    0x63, 0x75, 0xBA, 0x10, 0x30, 0x0C, 0x28, 0xC5,
+    0xE4, 0x7C, 0xFB, 0xF2, 0x5F, 0xA5, 0x8F, 0x52
+};
+
+static const unsigned char ecdsa_pub_key_y[] = {
+    0x71, 0xA0, 0xD4, 0xFC, 0xDE, 0x1A, 0xB8, 0x78,
+    0x5A, 0x3C, 0x78, 0x69, 0x35, 0xA7, 0xCF, 0xAB,
+    0xE9, 0x3F, 0x98, 0x72, 0x09, 0xDA, 0xED, 0x0B,
+    0x4F, 0xAB, 0xC3, 0x6F, 0xC7, 0x72, 0xF8, 0x29
+};
+#endif /* CONFIG_DTLS_ECC */
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* TINYDTLS_KEYS_H */