mirror of
https://github.com/RIOT-OS/RIOT.git
synced 2025-01-18 12:52:44 +01:00
example/gcoap: add DTLS support
This commit is contained in:
parent
23a8659bdf
commit
0a8eaea889
@ -30,6 +30,28 @@
|
|||||||
#define ENABLE_DEBUG 0
|
#define ENABLE_DEBUG 0
|
||||||
#include "debug.h"
|
#include "debug.h"
|
||||||
|
|
||||||
|
#if IS_USED(MODULE_GCOAP_DTLS)
|
||||||
|
#include "net/credman.h"
|
||||||
|
#include "net/dsm.h"
|
||||||
|
#include "tinydtls_keys.h"
|
||||||
|
|
||||||
|
/* Example credential tag for credman. Tag together with the credential type needs to be unique. */
|
||||||
|
#define GCOAP_DTLS_CREDENTIAL_TAG 10
|
||||||
|
|
||||||
|
static const uint8_t psk_id_0[] = PSK_DEFAULT_IDENTITY;
|
||||||
|
static const uint8_t psk_key_0[] = PSK_DEFAULT_KEY;
|
||||||
|
static const credman_credential_t credential = {
|
||||||
|
.type = CREDMAN_TYPE_PSK,
|
||||||
|
.tag = GCOAP_DTLS_CREDENTIAL_TAG,
|
||||||
|
.params = {
|
||||||
|
.psk = {
|
||||||
|
.key = { .s = psk_key_0, .len = sizeof(psk_key_0) - 1, },
|
||||||
|
.id = { .s = psk_id_0, .len = sizeof(psk_id_0) - 1, },
|
||||||
|
}
|
||||||
|
},
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
static bool _proxied = false;
|
static bool _proxied = false;
|
||||||
static sock_udp_ep_t _proxy_remote;
|
static sock_udp_ep_t _proxy_remote;
|
||||||
static char proxy_uri[64];
|
static char proxy_uri[64];
|
||||||
@ -316,7 +338,16 @@ int gcoap_cli_cmd(int argc, char **argv)
|
|||||||
if (strcmp(argv[1], "info") == 0) {
|
if (strcmp(argv[1], "info") == 0) {
|
||||||
uint8_t open_reqs = gcoap_op_state();
|
uint8_t open_reqs = gcoap_op_state();
|
||||||
|
|
||||||
|
if (IS_USED(MODULE_GCOAP_DTLS)) {
|
||||||
|
printf("CoAP server is listening on port %u\n", CONFIG_GCOAPS_PORT);
|
||||||
|
} else {
|
||||||
printf("CoAP server is listening on port %u\n", CONFIG_GCOAP_PORT);
|
printf("CoAP server is listening on port %u\n", CONFIG_GCOAP_PORT);
|
||||||
|
}
|
||||||
|
#if IS_USED(MODULE_GCOAP_DTLS)
|
||||||
|
printf("Connection secured with DTLS\n");
|
||||||
|
printf("Free DTLS session slots: %d/%d\n", dsm_get_num_available_slots(),
|
||||||
|
dsm_get_num_maximum_slots());
|
||||||
|
#endif
|
||||||
printf(" CLI requests sent: %u\n", req_count);
|
printf(" CLI requests sent: %u\n", req_count);
|
||||||
printf("CoAP open requests: %u\n", open_reqs);
|
printf("CoAP open requests: %u\n", open_reqs);
|
||||||
printf("Configured Proxy: ");
|
printf("Configured Proxy: ");
|
||||||
@ -466,5 +497,19 @@ int gcoap_cli_cmd(int argc, char **argv)
|
|||||||
|
|
||||||
void gcoap_cli_init(void)
|
void gcoap_cli_init(void)
|
||||||
{
|
{
|
||||||
|
#if IS_USED(MODULE_GCOAP_DTLS)
|
||||||
|
int res = credman_add(&credential);
|
||||||
|
if (res < 0 && res != CREDMAN_EXIST) {
|
||||||
|
/* ignore duplicate credentials */
|
||||||
|
printf("gcoap: cannot add credential to system: %d\n", res);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
sock_dtls_t *gcoap_sock_dtls = gcoap_get_sock_dtls();
|
||||||
|
res = sock_dtls_add_credential(gcoap_sock_dtls, GCOAP_DTLS_CREDENTIAL_TAG);
|
||||||
|
if (res < 0) {
|
||||||
|
printf("gcoap: cannot add credential to DTLS sock: %d\n", res);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
gcoap_register_listener(&_listener);
|
gcoap_register_listener(&_listener);
|
||||||
}
|
}
|
||||||
|
85
examples/gcoap_dtls/Makefile
Normal file
85
examples/gcoap_dtls/Makefile
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
# Default Makefile, for host native GNRC-based networking
|
||||||
|
|
||||||
|
# name of your application
|
||||||
|
APPLICATION = gcoap_example
|
||||||
|
|
||||||
|
# If no BOARD is found in the environment, use this default:
|
||||||
|
BOARD ?= native
|
||||||
|
|
||||||
|
# This has to be the absolute path to the RIOT base directory:
|
||||||
|
RIOTBASE ?= $(CURDIR)/../..
|
||||||
|
|
||||||
|
# Include packages that pull up and auto-init the link layer.
|
||||||
|
# NOTE: 6LoWPAN will be included if IEEE802.15.4 devices are present
|
||||||
|
USEMODULE += gnrc_netdev_default
|
||||||
|
USEMODULE += auto_init_gnrc_netif
|
||||||
|
# Specify the mandatory networking modules
|
||||||
|
USEMODULE += gnrc_ipv6_default
|
||||||
|
USEMODULE += gcoap
|
||||||
|
# Additional networking modules that can be dropped if not needed
|
||||||
|
USEMODULE += gnrc_icmpv6_echo
|
||||||
|
|
||||||
|
# Required by gcoap example
|
||||||
|
USEMODULE += od
|
||||||
|
USEMODULE += fmt
|
||||||
|
# Add also the shell, some shell commands
|
||||||
|
USEMODULE += shell
|
||||||
|
USEMODULE += shell_commands
|
||||||
|
USEMODULE += ps
|
||||||
|
|
||||||
|
# Comment this out to disable code in RIOT that does safety checking
|
||||||
|
# which is not needed in a production environment but helps in the
|
||||||
|
# development process:
|
||||||
|
DEVELHELP ?= 1
|
||||||
|
|
||||||
|
# Change this to 0 show compiler invocation lines by default:
|
||||||
|
QUIET ?= 1
|
||||||
|
|
||||||
|
# Enables DTLS-secured CoAP messaging
|
||||||
|
GCOAP_ENABLE_DTLS ?= 1
|
||||||
|
ifeq (1,$(GCOAP_ENABLE_DTLS))
|
||||||
|
# Required by DTLS. Currently, only tinyDTLS is supported by sock_dtls.
|
||||||
|
USEPKG += tinydtls
|
||||||
|
USEMODULE += sock_dtls
|
||||||
|
USEMODULE += tinydtls_sock_dtls
|
||||||
|
USEMODULE += gcoap_dtls
|
||||||
|
# tinydtls needs crypto secure PRNG
|
||||||
|
USEMODULE += prng_sha1prng
|
||||||
|
|
||||||
|
# Maximum number of DTLS sessions
|
||||||
|
CFLAGS += -DDTLS_PEER_MAX=1
|
||||||
|
endif
|
||||||
|
|
||||||
|
# Instead of simulating an Ethernet connection, we can also simulate
|
||||||
|
# an IEEE 802.15.4 radio using ZEP
|
||||||
|
USE_ZEP ?= 0
|
||||||
|
|
||||||
|
# set the ZEP port for native
|
||||||
|
ZEP_PORT_BASE ?= 17754
|
||||||
|
ifeq (1,$(USE_ZEP))
|
||||||
|
TERMFLAGS += -z [::1]:$(ZEP_PORT_BASE)
|
||||||
|
USEMODULE += socket_zep
|
||||||
|
|
||||||
|
ifneq (,$(ZEP_MAC))
|
||||||
|
TERMFLAGS += --eui64=$(ZEP_MAC)
|
||||||
|
endif
|
||||||
|
endif
|
||||||
|
|
||||||
|
include $(RIOTBASE)/Makefile.include
|
||||||
|
|
||||||
|
# For now this goes after the inclusion of Makefile.include so Kconfig symbols
|
||||||
|
# are available. Only set configuration via CFLAGS if Kconfig is not being used
|
||||||
|
# for this module.
|
||||||
|
ifndef CONFIG_KCONFIG_MODULE_GCOAP
|
||||||
|
## Uncomment to redefine port, for example use 61616 for RFC 6282 UDP compression.
|
||||||
|
#GCOAP_PORT = 5683
|
||||||
|
#CFLAGS += -DCONFIG_GCOAP_PORT=$(GCOAP_PORT)
|
||||||
|
|
||||||
|
## Uncomment to redefine request token length, max 8.
|
||||||
|
#GCOAP_TOKENLEN = 2
|
||||||
|
#CFLAGS += -DCONFIG_GCOAP_TOKENLEN=$(GCOAP_TOKENLEN)
|
||||||
|
|
||||||
|
# Increase from default for confirmable block2 follow-on requests
|
||||||
|
GCOAP_RESEND_BUFS_MAX ?= 2
|
||||||
|
CFLAGS += -DCONFIG_GCOAP_RESEND_BUFS_MAX=$(GCOAP_RESEND_BUFS_MAX)
|
||||||
|
endif
|
53
examples/gcoap_dtls/Makefile.ci
Normal file
53
examples/gcoap_dtls/Makefile.ci
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
BOARD_INSUFFICIENT_MEMORY := \
|
||||||
|
airfy-beacon \
|
||||||
|
blackpill \
|
||||||
|
bluepill \
|
||||||
|
hifive1 \
|
||||||
|
hifive1b \
|
||||||
|
im880b \
|
||||||
|
microbit \
|
||||||
|
nrf51dongle \
|
||||||
|
nrf6310 \
|
||||||
|
nucleo-f070rb \
|
||||||
|
nucleo-f072rb \
|
||||||
|
nucleo-f302r8 \
|
||||||
|
saml10-xpro \
|
||||||
|
saml11-xpro \
|
||||||
|
stm32mp157c-dk2 \
|
||||||
|
yunjia-nrf51822 \
|
||||||
|
arduino-duemilanove \
|
||||||
|
arduino-leonardo \
|
||||||
|
arduino-mega2560 \
|
||||||
|
arduino-nano \
|
||||||
|
arduino-uno \
|
||||||
|
atmega1284p \
|
||||||
|
atmega328p \
|
||||||
|
atmega328p-xplained-mini \
|
||||||
|
atxmega-a1u-xpro \
|
||||||
|
atxmega-a3bu-xplained \
|
||||||
|
bluepill-stm32f030c8 \
|
||||||
|
derfmega128 \
|
||||||
|
i-nucleo-lrwan1 \
|
||||||
|
mega-xplained \
|
||||||
|
microduino-corerf \
|
||||||
|
msb-430 \
|
||||||
|
msb-430h \
|
||||||
|
nucleo-f030r8 \
|
||||||
|
nucleo-f031k6 \
|
||||||
|
nucleo-f042k6 \
|
||||||
|
nucleo-f303k8 \
|
||||||
|
nucleo-f334r8 \
|
||||||
|
nucleo-l011k4 \
|
||||||
|
nucleo-l031k6 \
|
||||||
|
nucleo-l053r8 \
|
||||||
|
samd10-xmini \
|
||||||
|
slstk3400a \
|
||||||
|
stk3200 \
|
||||||
|
stm32f030f4-demo \
|
||||||
|
stm32f0discovery \
|
||||||
|
stm32l0538-disco \
|
||||||
|
telosb \
|
||||||
|
waspmote-pro \
|
||||||
|
z1 \
|
||||||
|
zigduino \
|
||||||
|
#
|
1
examples/gcoap_dtls/Makefile.slip
Symbolic link
1
examples/gcoap_dtls/Makefile.slip
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../gcoap/Makefile.slip
|
12
examples/gcoap_dtls/README.md
Normal file
12
examples/gcoap_dtls/README.md
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
## About
|
||||||
|
|
||||||
|
This is an additional gcoap example, but with enabled DTLS. It only provides a
|
||||||
|
custom configured makefile, while the code is a symlink to the original gcoap
|
||||||
|
example. Therefore, the infos and usage notes of the other README also applies to this
|
||||||
|
example.
|
||||||
|
|
||||||
|
Please note, that with DTLS the default port is 5684 and not 5683, thus CoAP requests
|
||||||
|
must be sent to this port.
|
||||||
|
|
||||||
|
Since DTLS has higher memory and and ROM requirements, more boards are blacklisted
|
||||||
|
for this example compared to the non-DTLS gcoap example.
|
1
examples/gcoap_dtls/gcoap_cli.c
Symbolic link
1
examples/gcoap_dtls/gcoap_cli.c
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../gcoap/gcoap_cli.c
|
1
examples/gcoap_dtls/main.c
Symbolic link
1
examples/gcoap_dtls/main.c
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../gcoap/main.c
|
63
examples/gcoap_dtls/tinydtls_keys.h
Normal file
63
examples/gcoap_dtls/tinydtls_keys.h
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (C) 2018 Inria
|
||||||
|
*
|
||||||
|
* This file is subject to the terms and conditions of the GNU Lesser
|
||||||
|
* General Public License v2.1. See the file LICENSE in the top level
|
||||||
|
* directory for more details.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @ingroup examples
|
||||||
|
* @{
|
||||||
|
*
|
||||||
|
* @file
|
||||||
|
* @brief PSK and RPK keys for the dtls-sock example.
|
||||||
|
*
|
||||||
|
* @author Raul Fuentes <raul.fuentes-samaniego@inria.fr>
|
||||||
|
*
|
||||||
|
* @}
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef TINYDTLS_KEYS_H
|
||||||
|
#define TINYDTLS_KEYS_H
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Default keys examples for tinyDTLS (for RIOT, Linux and Contiki)
|
||||||
|
*/
|
||||||
|
#define PSK_DEFAULT_IDENTITY "Client_identity"
|
||||||
|
#define PSK_DEFAULT_KEY "secretPSK"
|
||||||
|
#define PSK_OPTIONS "i:k:"
|
||||||
|
#define PSK_ID_MAXLEN 32
|
||||||
|
#define PSK_MAXLEN 32
|
||||||
|
|
||||||
|
#ifdef CONFIG_DTLS_ECC
|
||||||
|
static const unsigned char ecdsa_priv_key[] = {
|
||||||
|
0x41, 0xC1, 0xCB, 0x6B, 0x51, 0x24, 0x7A, 0x14,
|
||||||
|
0x43, 0x21, 0x43, 0x5B, 0x7A, 0x80, 0xE7, 0x14,
|
||||||
|
0x89, 0x6A, 0x33, 0xBB, 0xAD, 0x72, 0x94, 0xCA,
|
||||||
|
0x40, 0x14, 0x55, 0xA1, 0x94, 0xA9, 0x49, 0xFA
|
||||||
|
};
|
||||||
|
|
||||||
|
static const unsigned char ecdsa_pub_key_x[] = {
|
||||||
|
0x36, 0xDF, 0xE2, 0xC6, 0xF9, 0xF2, 0xED, 0x29,
|
||||||
|
0xDA, 0x0A, 0x9A, 0x8F, 0x62, 0x68, 0x4E, 0x91,
|
||||||
|
0x63, 0x75, 0xBA, 0x10, 0x30, 0x0C, 0x28, 0xC5,
|
||||||
|
0xE4, 0x7C, 0xFB, 0xF2, 0x5F, 0xA5, 0x8F, 0x52
|
||||||
|
};
|
||||||
|
|
||||||
|
static const unsigned char ecdsa_pub_key_y[] = {
|
||||||
|
0x71, 0xA0, 0xD4, 0xFC, 0xDE, 0x1A, 0xB8, 0x78,
|
||||||
|
0x5A, 0x3C, 0x78, 0x69, 0x35, 0xA7, 0xCF, 0xAB,
|
||||||
|
0xE9, 0x3F, 0x98, 0x72, 0x09, 0xDA, 0xED, 0x0B,
|
||||||
|
0x4F, 0xAB, 0xC3, 0x6F, 0xC7, 0x72, 0xF8, 0x29
|
||||||
|
};
|
||||||
|
#endif /* CONFIG_DTLS_ECC */
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#endif /* TINYDTLS_KEYS_H */
|
Loading…
Reference in New Issue
Block a user