examples: add DTLS sock example application

examples/dtls-sock/Makefile

@@ -0,0 +1,54 @@
+# name of your application
+APPLICATION = dtls_sock
+
+# If no BOARD is found in the environment, use this default:
+BOARD ?= native
+
+# This has to be the absolute path to the RIOT base directory:
+RIOTBASE ?= $(CURDIR)/../..
+
+# TinyDTLS only has support for 32-bit architectures ATM
+FEATURES_REQUIRED += arch_32bit
+
+# Include packages that pull up and auto-init the link layer.
+# NOTE: 6LoWPAN will be included if IEEE802.15.4 devices are present
+USEMODULE += gnrc_netdev_default
+USEMODULE += auto_init_gnrc_netif
+# Specify the mandatory networking modules for IPv6 and UDP
+USEMODULE += gnrc_ipv6_default
+USEMODULE += gnrc_sock_udp
+
+# Use tinydtls for sock_dtls
+USEMODULE += tinydtls_sock_dtls
+
+# Add also the shell, some shell commands
+USEMODULE += shell
+USEMODULE += shell_commands
+
+# UDP Port to use (20220 is default for DTLS).
+DTLS_PORT ?= 20220
+CFLAGS += -DDTLS_DEFAULT_PORT=$(DTLS_PORT)
+
+# NOTE: If no cipher suite is selected, DTLS_PSK is used by default.
+# This adds support for TLS_PSK_WITH_AES_128_CCM_8
+CFLAGS += -DDTLS_PSK
+# This adds support for TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
+# CFLAGS += -DDTLS_ECC
+
+# Uncomment to enable debug logs
+# CFLAGS += -DDTLS_DEBUG
+# When DTLS_DEBUG is set and using tinydtls, verbosity of debug log can be set with
+# Values: 0:EMERG (Default), 1:ALERT 2:CRIT 3:WARN 4:NOTICE 5:INFO 6:DEBUG
+# TINYDTLS_LOG=3
+
+# FIXME: This is a temporary patch
+CFLAGS += -DTHREAD_STACKSIZE_MAIN=\(2*THREAD_STACKSIZE_LARGE\)
+
+# Comment this out to disable code in RIOT that does safety checking
+# which is not needed in a production environment but helps in the
+# development process:
+DEVELHELP ?= 1
+# Change this to 0 show compiler invocation lines by default:
+QUIET ?= 1
+
+include $(RIOTBASE)/Makefile.include

examples/dtls-sock/Makefile.ci

@@ -0,0 +1,41 @@
+BOARD_INSUFFICIENT_MEMORY := \
+    airfy-beacon \
+    b-l072z-lrwan1 \
+    blackpill \
+    blackpill-128kib \
+    bluepill \
+    bluepill-128kib \
+    calliope-mini \
+    cc1352-launchpad \
+    cc2650-launchpad \
+    cc2650stk \
+    hifive1 \
+    hifive1b \
+    i-nucleo-lrwan1 \
+    lsn50 \
+    maple-mini \
+    microbit \
+    nrf51dongle \
+    nrf6310 \
+    nucleo-f030r8 \
+    nucleo-f031k6 \
+    nucleo-f042k6 \
+    nucleo-f070rb \
+    nucleo-f072rb \
+    nucleo-f103rb \
+    nucleo-f302r8 \
+    nucleo-f303k8 \
+    nucleo-f334r8 \
+    nucleo-l031k6 \
+    nucleo-l053r8 \
+    nucleo-l073rz \
+    opencm904 \
+    saml10-xpro \
+    saml11-xpro \
+    spark-core \
+    stm32f0discovery \
+    stm32f030f4-demo \
+    stm32l0538-disco \
+    stm32mindev \
+    yunjia-nrf51822
+    #

examples/dtls-sock/README.md

@@ -0,0 +1,42 @@
+# DTLS sock example
+
+This example shows how to use DTLS sock `sock_dtls_t`.
+
+## Testing using RIOT `native`
+
+For testing, we can use two RIOT `native` RIOT instances. For that first we
+need to prepare the network interfaces:
+
+```bash
+$ ./../../dist/tools/tapsetup/tapsetup --create 2
+```
+
+For the server instance:
+
+```
+$ PORT=tap0 make all term
+[...]
+> dtlss start
+ifconfig
+```
+
+For the client:
+
+```
+$ PORT=tap1 make all term
+[...]
+> dtlsc <server ip address> "DATA to send"
+```
+
+## Debug logs
+
+To enable debug logs uncomment `CFLAGS += -DDTLS_DEBUG` in the Makefile.
+Tinydtls supports setting the log level. See Makefile for more info.
+
+## Configs and constraints
+
+DTLS sock acts as a wrapper for the underlying DTLS stack and as such, the
+constraints that applies specifically to the stack are also applied here.
+For tinydtls, please refer to [dtls-echo README][1].
+
+[1]: https://github.com/RIOT-OS/RIOT/blob/master/examples/dtls-echo/README.md

examples/dtls-sock/dtls-client.c

@@ -0,0 +1,163 @@
+/*
+ * Copyright (C) 2019 HAW Hamburg
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     examples
+ * @{
+ *
+ * @file
+ * @brief       DTLS sock client example
+ *
+ * @author      Aiman Ismail <muhammadaimanbin.ismail@haw-hamburg.de>
+ */
+
+#include <stdio.h>
+
+#include "net/sock/udp.h"
+#include "net/sock/dtls.h"
+#include "net/ipv6/addr.h"
+#include "net/credman.h"
+
+#include "tinydtls_keys.h"
+
+#ifndef DTLS_DEFAULT_PORT
+#define DTLS_DEFAULT_PORT 20220 /* DTLS default port */
+#endif
+
+#define SOCK_DTLS_CLIENT_TAG (2)
+
+#ifdef DTLS_ECC
+static const ecdsa_public_key_t other_pubkeys[] = {
+    { .x = ecdsa_pub_key_x, .y = ecdsa_pub_key_y },
+};
+
+static const credman_credential_t credential = {
+    .type = CREDMAN_TYPE_ECDSA,
+    .tag = SOCK_DTLS_CLIENT_TAG,
+    .params = {
+        .ecdsa = {
+            .private_key = ecdsa_priv_key,
+            .public_key = {
+                .x = ecdsa_pub_key_x,
+                .y = ecdsa_pub_key_y,
+            },
+            .client_keys = (ecdsa_public_key_t *)other_pubkeys,
+            .client_keys_size = ARRAY_SIZE(other_pubkeys),
+        }
+    },
+};
+
+#else /* ifdef DTLS_PSK */
+static const uint8_t psk_id_0[] = PSK_DEFAULT_IDENTITY;
+static const uint8_t psk_key_0[] = PSK_DEFAULT_KEY;
+
+static const credman_credential_t credential = {
+    .type = CREDMAN_TYPE_PSK,
+    .tag = SOCK_DTLS_CLIENT_TAG,
+    .params = {
+        .psk = {
+            .key = { .s = psk_key_0, .len = sizeof(psk_key_0) - 1, },
+            .id = { .s = psk_id_0, .len = sizeof(psk_id_0) - 1, },
+        }
+    },
+};
+#endif
+
+static int client_send(char *addr_str, char *data, size_t datalen)
+{
+    ssize_t res;
+    sock_udp_t udp_sock;
+    sock_dtls_t dtls_sock;
+    sock_dtls_session_t session;
+    sock_udp_ep_t remote;
+    sock_udp_ep_t local = SOCK_IPV6_EP_ANY;
+    local.port = 12345;
+    remote.port = DTLS_DEFAULT_PORT;
+
+    /* get interface */
+    char* iface = ipv6_addr_split_iface(addr_str);
+    if (iface) {
+        int pid = atoi(iface);
+        if (gnrc_netif_get_by_pid(pid) == NULL) {
+            puts("Invalid network interface");
+            return -1;
+        }
+        remote.netif = pid;
+    } else if (gnrc_netif_numof() == 1) {
+        /* assign the single interface found in gnrc_netif_numof() */
+        remote.netif = gnrc_netif_iter(NULL)->pid;
+    } else {
+        /* no interface is given, or given interface is invalid */
+        /* FIXME This probably is not valid with multiple interfaces */
+        remote.netif = SOCK_ADDR_ANY_NETIF;
+    }
+
+    if (!ipv6_addr_from_str((ipv6_addr_t *)remote.addr.ipv6, addr_str)) {
+        puts("Error parsing destination address");
+        return -1;
+    }
+
+    if (sock_udp_create(&udp_sock, &local, NULL, 0) < 0) {
+        puts("Error creating UDP sock");
+        return -1;
+    }
+
+    if (sock_dtls_create(&dtls_sock, &udp_sock,
+                         SOCK_DTLS_CLIENT_TAG,
+                         SOCK_DTLS_1_2, SOCK_DTLS_CLIENT) < 0) {
+        puts("Error creating DTLS sock");
+        sock_udp_close(&udp_sock);
+        return -1;
+    }
+
+    res = credman_add(&credential);
+    if (res < 0 && res != CREDMAN_EXIST) {
+        /* ignore duplicate credentials */
+        printf("Error cannot add credential to system: %zd\n", res);
+        return -1;
+    }
+
+    res = sock_dtls_session_create(&dtls_sock, &remote, &session);
+    if (res < 0) {
+        printf("Error creating session: %zd\n", res);
+        sock_dtls_close(&dtls_sock);
+        sock_udp_close(&udp_sock);
+        return -1;
+    }
+
+    if (sock_dtls_send(&dtls_sock, &session, data, datalen) < 0) {
+        puts("Error sending data");
+    }
+    else {
+        printf("Sent DTLS message\n");
+
+        uint8_t rcv[512];
+        if (sock_dtls_recv(&dtls_sock, &session, rcv, sizeof(rcv), SOCK_NO_TIMEOUT) < 0) {
+            printf("Error receiving DTLS message\n");
+        }
+        else {
+            printf("Received DTLS message\n");
+        }
+    }
+
+    puts("Terminating");
+    sock_dtls_session_destroy(&dtls_sock, &session);
+    sock_dtls_close(&dtls_sock);
+    sock_udp_close(&udp_sock);
+    return 0;
+}
+
+int dtls_client_cmd(int argc, char **argv)
+{
+    if (argc != 3) {
+        printf("usage %s <addr> <data>\n", argv[0]);
+        return 1;
+    }
+
+    return client_send(argv[1], argv[2], strlen(argv[2]));
+}

examples/dtls-sock/dtls-server.c

@@ -0,0 +1,200 @@
+/*
+ * Copyright (C) 2019 HAW Hamburg
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     examples
+ * @{
+ *
+ * @file
+ * @brief       DTLS sock server example
+ *
+ * @author      Aiman Ismail <muhammadaimanbin.ismail@haw-hamburg.de>
+ */
+
+#include <stdio.h>
+
+#include "net/sock/udp.h"
+#include "net/sock/dtls.h"
+#include "net/credman.h"
+#include "msg.h"
+#include "thread.h"
+
+#include "tinydtls_keys.h"
+
+#ifndef DTLS_DEFAULT_PORT
+#define DTLS_DEFAULT_PORT (20220) /* DTLS default port */
+#endif
+
+#define SOCK_DTLS_SERVER_TAG (10)
+#define DTLS_STOP_SERVER_MSG 0x4001 /* Custom IPC type msg. */
+#define READER_QUEUE_SIZE (8U)
+
+char _dtls_server_stack[THREAD_STACKSIZE_MAIN +
+                        THREAD_EXTRA_STACKSIZE_PRINTF];
+
+static kernel_pid_t _dtls_server_pid = KERNEL_PID_UNDEF;
+
+#ifdef DTLS_ECC
+static const ecdsa_public_key_t other_pubkeys[] = {
+    { .x = ecdsa_pub_key_x, .y = ecdsa_pub_key_y },
+};
+
+static const credman_credential_t credential = {
+    .type = CREDMAN_TYPE_ECDSA,
+    .tag = SOCK_DTLS_SERVER_TAG,
+    .params = {
+        .ecdsa = {
+            .private_key = ecdsa_priv_key,
+            .public_key = {
+                .x = ecdsa_pub_key_x,
+                .y = ecdsa_pub_key_y,
+            },
+            .client_keys = (ecdsa_public_key_t *)other_pubkeys,
+            .client_keys_size = ARRAY_SIZE(other_pubkeys),
+        },
+    },
+};
+#else /* #ifdef DTLS_PSK */
+static const uint8_t psk_key_0[] = PSK_DEFAULT_KEY;
+
+static const credman_credential_t credential = {
+    .type = CREDMAN_TYPE_PSK,
+    .tag = SOCK_DTLS_SERVER_TAG,
+    .params = {
+        .psk = {
+            .key = { .s = psk_key_0, .len = sizeof(psk_key_0) - 1, },
+        },
+    },
+};
+#endif
+
+void *dtls_server_wrapper(void *arg)
+{
+    (void) arg;
+
+    ssize_t res;
+    bool active = true;
+    msg_t _reader_queue[READER_QUEUE_SIZE];
+    msg_t msg;
+    uint8_t rcv[512];
+
+    /* Prepare (thread) messages reception */
+    msg_init_queue(_reader_queue, READER_QUEUE_SIZE);
+
+    sock_dtls_session_t session;
+    sock_dtls_t sock;
+    sock_udp_t udp_sock;
+    sock_udp_ep_t local = SOCK_IPV6_EP_ANY;
+    local.port = DTLS_DEFAULT_PORT;
+    sock_udp_create(&udp_sock, &local, NULL, 0);
+
+    res = sock_dtls_create(&sock, &udp_sock, SOCK_DTLS_SERVER_TAG,
+                           SOCK_DTLS_1_2, SOCK_DTLS_SERVER);
+    if (res < 0) {
+        puts("Error creating DTLS sock");
+        return NULL;
+    }
+
+    res = credman_add(&credential);
+    if (res < 0 && res != CREDMAN_EXIST) {
+        /* ignore duplicate credentials */
+        printf("Error cannot add credential to system: %zd\n", res);
+        return NULL;
+    }
+
+    while (active) {
+        msg_try_receive(&msg);
+        if (msg.type == DTLS_STOP_SERVER_MSG) {
+            active = false;
+        }
+        else {
+            res = sock_dtls_recv(&sock, &session, rcv, sizeof(rcv),
+                                  10 * US_PER_SEC);
+            if (res < 0) {
+                if (res != -ETIMEDOUT) {
+                    printf("Error receiving UDP over DTLS %zd", res);
+                }
+                continue;
+            }
+            printf("Received %zd bytes -- (echo!)\n", res);
+            res = sock_dtls_send(&sock, &session, rcv, (size_t)res);
+            if (res < 0) {
+                printf("Error resending DTLS message: %zd", res);
+            }
+        }
+    }
+
+    sock_dtls_session_destroy(&sock, &session);
+    sock_dtls_close(&sock);
+    sock_udp_close(&udp_sock);
+    puts("Terminating");
+    msg_reply(&msg, &msg);              /* Basic answer to the main thread */
+    return NULL;
+}
+
+static void start_server(void)
+{
+    /* Only one instance of the server */
+    if (_dtls_server_pid != KERNEL_PID_UNDEF) {
+        puts("Error: server already running");
+        return;
+    }
+
+    /* Start the server thread */
+    _dtls_server_pid = thread_create(_dtls_server_stack,
+                                     sizeof(_dtls_server_stack),
+                                     THREAD_PRIORITY_MAIN - 1,
+                                     THREAD_CREATE_STACKTEST,
+                                     dtls_server_wrapper, NULL, "dtls_server");
+
+    /* Uncommon but better be sure */
+    if (_dtls_server_pid < 0) {
+        printf("ERROR: failed to create thread: %d\n", _dtls_server_pid);
+        _dtls_server_pid = KERNEL_PID_UNDEF;
+    }
+}
+
+static void stop_server(void)
+{
+    /* check if server is running at all */
+    if (_dtls_server_pid == KERNEL_PID_UNDEF) {
+        puts("Error: DTLS server is not running");
+        return;
+    }
+
+    /* prepare the stop message */
+    msg_t m;
+    m.type = DTLS_STOP_SERVER_MSG;
+
+    puts("Stopping server...");
+
+    /* send the stop message to thread AND wait for (any) answer */
+    msg_send_receive(&m, &m, _dtls_server_pid);
+
+    _dtls_server_pid = KERNEL_PID_UNDEF;
+    puts("Success: DTLS server stopped");
+}
+
+int dtls_server_cmd(int argc, char **argv)
+{
+    if (argc < 2) {
+        printf("usage: %s start | stop\n", argv[0]);
+        return 1;
+    }
+    if (strcmp(argv[1], "start") == 0) {
+        start_server();
+    }
+    else if (strcmp(argv[1], "stop") == 0) {
+        stop_server();
+    }
+    else {
+        printf("Error: invalid command. Usage: %s start | stop\n", argv[0]);
+        return 1;
+    }
+    return 0;
+}

examples/dtls-sock/main.c

@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2019 HAW Hamburg
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     examples
+ * @{
+ *
+ * @file
+ * @brief       Example application for DTLS sock
+ *
+ * @author      Aiman Ismail <muhammadaimanbin.ismail@haw-hamburg.de>
+ */
+
+#include <stdio.h>
+
+#include "shell.h"
+
+extern int dtls_client_cmd(int argc, char **argv);
+extern int dtls_server_cmd(int argc, char **argv);
+
+static const shell_command_t shell_commands[] = {
+    { "dtlsc", "Start a DTLS client", dtls_client_cmd },
+    { "dtlss", "Start and stop a DTLS server", dtls_server_cmd },
+    { NULL, NULL, NULL }
+};
+
+int main(void)
+{
+    puts("DTLS sock example application");
+
+    /* start shell */
+    puts("All up, running the shell now");
+    char line_buf[SHELL_DEFAULT_BUFSIZE];
+    shell_run(shell_commands, line_buf, SHELL_DEFAULT_BUFSIZE);
+
+    /* should never be reached */
+    return 0;
+}

examples/dtls-sock/tinydtls_keys.h

@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2018 Inria
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     examples
+ * @{
+ *
+ * @file
+ * @brief       PSK and RPK keys for the dtls-sock example.
+ *
+ * @author      Raul Fuentes <raul.fuentes-samaniego@inria.fr>
+ *
+ * @}
+ */
+
+#ifndef TINYDTLS_KEYS_H
+#define TINYDTLS_KEYS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ *  Default keys examples for tinyDTLS (for RIOT, Linux and Contiki)
+ */
+#ifdef DTLS_PSK
+#define PSK_DEFAULT_IDENTITY "Client_identity"
+#define PSK_DEFAULT_KEY "secretPSK"
+#define PSK_OPTIONS "i:k:"
+#define PSK_ID_MAXLEN 32
+#define PSK_MAXLEN 32
+
+#endif /* DTLS_PSK */
+
+#ifdef DTLS_ECC
+static const unsigned char ecdsa_priv_key[] = {
+    0x41, 0xC1, 0xCB, 0x6B, 0x51, 0x24, 0x7A, 0x14,
+    0x43, 0x21, 0x43, 0x5B, 0x7A, 0x80, 0xE7, 0x14,
+    0x89, 0x6A, 0x33, 0xBB, 0xAD, 0x72, 0x94, 0xCA,
+    0x40, 0x14, 0x55, 0xA1, 0x94, 0xA9, 0x49, 0xFA
+};
+
+static const unsigned char ecdsa_pub_key_x[] = {
+    0x36, 0xDF, 0xE2, 0xC6, 0xF9, 0xF2, 0xED, 0x29,
+    0xDA, 0x0A, 0x9A, 0x8F, 0x62, 0x68, 0x4E, 0x91,
+    0x63, 0x75, 0xBA, 0x10, 0x30, 0x0C, 0x28, 0xC5,
+    0xE4, 0x7C, 0xFB, 0xF2, 0x5F, 0xA5, 0x8F, 0x52
+};
+
+static const unsigned char ecdsa_pub_key_y[] = {
+    0x71, 0xA0, 0xD4, 0xFC, 0xDE, 0x1A, 0xB8, 0x78,
+    0x5A, 0x3C, 0x78, 0x69, 0x35, 0xA7, 0xCF, 0xAB,
+    0xE9, 0x3F, 0x98, 0x72, 0x09, 0xDA, 0xED, 0x0B,
+    0x4F, 0xAB, 0xC3, 0x6F, 0xC7, 0x72, 0xF8, 0x29
+};
+#endif /* DTLS_ECC */
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* TINYDTLS_KEYS_H */