76a42daaa9
This is originally from git@github.com:YanziNetworks/tinyDTLS.git commit d7ca5120e7e853f76e9743db2a0236a26ba71363 Change-Id: I6e6c2da76e11b473ead1b0ddac929f8bd670d7e3 Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
367 lines
9.1 KiB
C
367 lines
9.1 KiB
C
|
|
/* This is needed for apple */
|
|
#define __APPLE_USE_RFC_3542
|
|
|
|
#include <assert.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <errno.h>
|
|
#include <unistd.h>
|
|
#include <netinet/in.h>
|
|
#include <sys/types.h>
|
|
#include <sys/socket.h>
|
|
#include <sys/time.h>
|
|
#include <netdb.h>
|
|
#include <signal.h>
|
|
|
|
#include "tinydtls.h"
|
|
#include "dtls.h"
|
|
#include "debug.h"
|
|
|
|
#define DEFAULT_PORT 20220
|
|
|
|
static const unsigned char ecdsa_priv_key[] = {
|
|
0xD9, 0xE2, 0x70, 0x7A, 0x72, 0xDA, 0x6A, 0x05,
|
|
0x04, 0x99, 0x5C, 0x86, 0xED, 0xDB, 0xE3, 0xEF,
|
|
0xC7, 0xF1, 0xCD, 0x74, 0x83, 0x8F, 0x75, 0x70,
|
|
0xC8, 0x07, 0x2D, 0x0A, 0x76, 0x26, 0x1B, 0xD4};
|
|
|
|
static const unsigned char ecdsa_pub_key_x[] = {
|
|
0xD0, 0x55, 0xEE, 0x14, 0x08, 0x4D, 0x6E, 0x06,
|
|
0x15, 0x59, 0x9D, 0xB5, 0x83, 0x91, 0x3E, 0x4A,
|
|
0x3E, 0x45, 0x26, 0xA2, 0x70, 0x4D, 0x61, 0xF2,
|
|
0x7A, 0x4C, 0xCF, 0xBA, 0x97, 0x58, 0xEF, 0x9A};
|
|
|
|
static const unsigned char ecdsa_pub_key_y[] = {
|
|
0xB4, 0x18, 0xB6, 0x4A, 0xFE, 0x80, 0x30, 0xDA,
|
|
0x1D, 0xDC, 0xF4, 0xF4, 0x2E, 0x2F, 0x26, 0x31,
|
|
0xD0, 0x43, 0xB1, 0xFB, 0x03, 0xE2, 0x2F, 0x4D,
|
|
0x17, 0xDE, 0x43, 0xF9, 0xF9, 0xAD, 0xEE, 0x70};
|
|
|
|
#if 0
|
|
/* SIGINT handler: set quit to 1 for graceful termination */
|
|
void
|
|
handle_sigint(int signum) {
|
|
dsrv_stop(dsrv_get_context());
|
|
}
|
|
#endif
|
|
|
|
#ifdef DTLS_PSK
|
|
/* This function is the "key store" for tinyDTLS. It is called to
|
|
* retrieve a key for the given identity within this particular
|
|
* session. */
|
|
static int
|
|
get_psk_info(struct dtls_context_t *ctx, const session_t *session,
|
|
dtls_credentials_type_t type,
|
|
const unsigned char *id, size_t id_len,
|
|
unsigned char *result, size_t result_length) {
|
|
|
|
struct keymap_t {
|
|
unsigned char *id;
|
|
size_t id_length;
|
|
unsigned char *key;
|
|
size_t key_length;
|
|
} psk[3] = {
|
|
{ (unsigned char *)"Client_identity", 15,
|
|
(unsigned char *)"secretPSK", 9 },
|
|
{ (unsigned char *)"default identity", 16,
|
|
(unsigned char *)"\x11\x22\x33", 3 },
|
|
{ (unsigned char *)"\0", 2,
|
|
(unsigned char *)"", 1 }
|
|
};
|
|
|
|
if (type != DTLS_PSK_KEY) {
|
|
return 0;
|
|
}
|
|
|
|
if (id) {
|
|
int i;
|
|
for (i = 0; i < sizeof(psk)/sizeof(struct keymap_t); i++) {
|
|
if (id_len == psk[i].id_length && memcmp(id, psk[i].id, id_len) == 0) {
|
|
if (result_length < psk[i].key_length) {
|
|
dtls_warn("buffer too small for PSK");
|
|
return dtls_alert_fatal_create(DTLS_ALERT_INTERNAL_ERROR);
|
|
}
|
|
|
|
memcpy(result, psk[i].key, psk[i].key_length);
|
|
return psk[i].key_length;
|
|
}
|
|
}
|
|
}
|
|
|
|
return dtls_alert_fatal_create(DTLS_ALERT_DECRYPT_ERROR);
|
|
}
|
|
|
|
#endif /* DTLS_PSK */
|
|
|
|
#ifdef DTLS_ECC
|
|
static int
|
|
get_ecdsa_key(struct dtls_context_t *ctx,
|
|
const session_t *session,
|
|
const dtls_ecdsa_key_t **result) {
|
|
static const dtls_ecdsa_key_t ecdsa_key = {
|
|
.curve = DTLS_ECDH_CURVE_SECP256R1,
|
|
.priv_key = ecdsa_priv_key,
|
|
.pub_key_x = ecdsa_pub_key_x,
|
|
.pub_key_y = ecdsa_pub_key_y
|
|
};
|
|
|
|
*result = &ecdsa_key;
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
verify_ecdsa_key(struct dtls_context_t *ctx,
|
|
const session_t *session,
|
|
const unsigned char *other_pub_x,
|
|
const unsigned char *other_pub_y,
|
|
size_t key_size) {
|
|
return 0;
|
|
}
|
|
#endif /* DTLS_ECC */
|
|
|
|
#define DTLS_SERVER_CMD_CLOSE "server:close"
|
|
#define DTLS_SERVER_CMD_RENEGOTIATE "server:renegotiate"
|
|
|
|
static int
|
|
read_from_peer(struct dtls_context_t *ctx,
|
|
session_t *session, uint8 *data, size_t len) {
|
|
size_t i;
|
|
for (i = 0; i < len; i++)
|
|
printf("%c", data[i]);
|
|
if (len >= strlen(DTLS_SERVER_CMD_CLOSE) &&
|
|
!memcmp(data, DTLS_SERVER_CMD_CLOSE, strlen(DTLS_SERVER_CMD_CLOSE))) {
|
|
printf("server: closing connection\n");
|
|
dtls_close(ctx, session);
|
|
return len;
|
|
} else if (len >= strlen(DTLS_SERVER_CMD_RENEGOTIATE) &&
|
|
!memcmp(data, DTLS_SERVER_CMD_RENEGOTIATE, strlen(DTLS_SERVER_CMD_RENEGOTIATE))) {
|
|
printf("server: renegotiate connection\n");
|
|
dtls_renegotiate(ctx, session);
|
|
return len;
|
|
}
|
|
|
|
return dtls_write(ctx, session, data, len);
|
|
}
|
|
|
|
static int
|
|
send_to_peer(struct dtls_context_t *ctx,
|
|
session_t *session, uint8 *data, size_t len) {
|
|
|
|
int fd = *(int *)dtls_get_app_data(ctx);
|
|
return sendto(fd, data, len, MSG_DONTWAIT,
|
|
&session->addr.sa, session->size);
|
|
}
|
|
|
|
static int
|
|
dtls_handle_read(struct dtls_context_t *ctx) {
|
|
int *fd;
|
|
session_t session;
|
|
static uint8 buf[DTLS_MAX_BUF];
|
|
int len;
|
|
|
|
fd = dtls_get_app_data(ctx);
|
|
|
|
assert(fd);
|
|
|
|
memset(&session, 0, sizeof(session_t));
|
|
session.size = sizeof(session.addr);
|
|
len = recvfrom(*fd, buf, sizeof(buf), MSG_TRUNC,
|
|
&session.addr.sa, &session.size);
|
|
|
|
if (len < 0) {
|
|
perror("recvfrom");
|
|
return -1;
|
|
} else {
|
|
dtls_debug("got %d bytes from port %d\n", len,
|
|
ntohs(session.addr.sin6.sin6_port));
|
|
if (sizeof(buf) < len) {
|
|
dtls_warn("packet was truncated (%d bytes lost)\n", len - sizeof(buf));
|
|
}
|
|
}
|
|
|
|
return dtls_handle_message(ctx, &session, buf, len);
|
|
}
|
|
|
|
static int
|
|
resolve_address(const char *server, struct sockaddr *dst) {
|
|
|
|
struct addrinfo *res, *ainfo;
|
|
struct addrinfo hints;
|
|
static char addrstr[256];
|
|
int error;
|
|
|
|
memset(addrstr, 0, sizeof(addrstr));
|
|
if (server && strlen(server) > 0)
|
|
memcpy(addrstr, server, strlen(server));
|
|
else
|
|
memcpy(addrstr, "localhost", 9);
|
|
|
|
memset ((char *)&hints, 0, sizeof(hints));
|
|
hints.ai_socktype = SOCK_DGRAM;
|
|
hints.ai_family = AF_UNSPEC;
|
|
|
|
error = getaddrinfo(addrstr, "", &hints, &res);
|
|
|
|
if (error != 0) {
|
|
fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(error));
|
|
return error;
|
|
}
|
|
|
|
for (ainfo = res; ainfo != NULL; ainfo = ainfo->ai_next) {
|
|
|
|
switch (ainfo->ai_family) {
|
|
case AF_INET6:
|
|
|
|
memcpy(dst, ainfo->ai_addr, ainfo->ai_addrlen);
|
|
return ainfo->ai_addrlen;
|
|
default:
|
|
;
|
|
}
|
|
}
|
|
|
|
freeaddrinfo(res);
|
|
return -1;
|
|
}
|
|
|
|
static void
|
|
usage(const char *program, const char *version) {
|
|
const char *p;
|
|
|
|
p = strrchr( program, '/' );
|
|
if ( p )
|
|
program = ++p;
|
|
|
|
fprintf(stderr, "%s v%s -- DTLS server implementation\n"
|
|
"(c) 2011-2014 Olaf Bergmann <bergmann@tzi.org>\n\n"
|
|
"usage: %s [-A address] [-p port] [-v num]\n"
|
|
"\t-A address\t\tlisten on specified address (default is ::)\n"
|
|
"\t-p port\t\tlisten on specified port (default is %d)\n"
|
|
"\t-v num\t\tverbosity level (default: 3)\n",
|
|
program, version, program, DEFAULT_PORT);
|
|
}
|
|
|
|
static dtls_handler_t cb = {
|
|
.write = send_to_peer,
|
|
.read = read_from_peer,
|
|
.event = NULL,
|
|
#ifdef DTLS_PSK
|
|
.get_psk_info = get_psk_info,
|
|
#endif /* DTLS_PSK */
|
|
#ifdef DTLS_ECC
|
|
.get_ecdsa_key = get_ecdsa_key,
|
|
.verify_ecdsa_key = verify_ecdsa_key
|
|
#endif /* DTLS_ECC */
|
|
};
|
|
|
|
int
|
|
main(int argc, char **argv) {
|
|
dtls_context_t *the_context = NULL;
|
|
log_t log_level = DTLS_LOG_WARN;
|
|
fd_set rfds, wfds;
|
|
struct timeval timeout;
|
|
int fd, opt, result;
|
|
int on = 1;
|
|
struct sockaddr_in6 listen_addr;
|
|
|
|
memset(&listen_addr, 0, sizeof(struct sockaddr_in6));
|
|
|
|
/* fill extra field for 4.4BSD-based systems (see RFC 3493, section 3.4) */
|
|
#if defined(SIN6_LEN) || defined(HAVE_SOCKADDR_IN6_SIN6_LEN)
|
|
listen_addr.sin6_len = sizeof(struct sockaddr_in6);
|
|
#endif
|
|
|
|
listen_addr.sin6_family = AF_INET6;
|
|
listen_addr.sin6_port = htons(DEFAULT_PORT);
|
|
listen_addr.sin6_addr = in6addr_any;
|
|
|
|
while ((opt = getopt(argc, argv, "A:p:v:")) != -1) {
|
|
switch (opt) {
|
|
case 'A' :
|
|
if (resolve_address(optarg, (struct sockaddr *)&listen_addr) < 0) {
|
|
fprintf(stderr, "cannot resolve address\n");
|
|
exit(-1);
|
|
}
|
|
break;
|
|
case 'p' :
|
|
listen_addr.sin6_port = htons(atoi(optarg));
|
|
break;
|
|
case 'v' :
|
|
log_level = strtol(optarg, NULL, 10);
|
|
break;
|
|
default:
|
|
usage(argv[0], dtls_package_version());
|
|
exit(1);
|
|
}
|
|
}
|
|
|
|
dtls_set_log_level(log_level);
|
|
|
|
/* init socket and set it to non-blocking */
|
|
fd = socket(listen_addr.sin6_family, SOCK_DGRAM, 0);
|
|
|
|
if (fd < 0) {
|
|
dtls_alert("socket: %s\n", strerror(errno));
|
|
return 0;
|
|
}
|
|
|
|
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on) ) < 0) {
|
|
dtls_alert("setsockopt SO_REUSEADDR: %s\n", strerror(errno));
|
|
}
|
|
#if 0
|
|
flags = fcntl(fd, F_GETFL, 0);
|
|
if (flags < 0 || fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0) {
|
|
dtls_alert("fcntl: %s\n", strerror(errno));
|
|
goto error;
|
|
}
|
|
#endif
|
|
on = 1;
|
|
#ifdef IPV6_RECVPKTINFO
|
|
if (setsockopt(fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &on, sizeof(on) ) < 0) {
|
|
#else /* IPV6_RECVPKTINFO */
|
|
if (setsockopt(fd, IPPROTO_IPV6, IPV6_PKTINFO, &on, sizeof(on) ) < 0) {
|
|
#endif /* IPV6_RECVPKTINFO */
|
|
dtls_alert("setsockopt IPV6_PKTINFO: %s\n", strerror(errno));
|
|
}
|
|
|
|
if (bind(fd, (struct sockaddr *)&listen_addr, sizeof(listen_addr)) < 0) {
|
|
dtls_alert("bind: %s\n", strerror(errno));
|
|
goto error;
|
|
}
|
|
|
|
dtls_init();
|
|
|
|
the_context = dtls_new_context(&fd);
|
|
|
|
dtls_set_handler(the_context, &cb);
|
|
|
|
while (1) {
|
|
FD_ZERO(&rfds);
|
|
FD_ZERO(&wfds);
|
|
|
|
FD_SET(fd, &rfds);
|
|
/* FD_SET(fd, &wfds); */
|
|
|
|
timeout.tv_sec = 5;
|
|
timeout.tv_usec = 0;
|
|
|
|
result = select( fd+1, &rfds, &wfds, 0, &timeout);
|
|
|
|
if (result < 0) { /* error */
|
|
if (errno != EINTR)
|
|
perror("select");
|
|
} else if (result == 0) { /* timeout */
|
|
} else { /* ok */
|
|
if (FD_ISSET(fd, &wfds))
|
|
;
|
|
else if (FD_ISSET(fd, &rfds)) {
|
|
dtls_handle_read(the_context);
|
|
}
|
|
}
|
|
}
|
|
|
|
error:
|
|
dtls_free_context(the_context);
|
|
exit(0);
|
|
}
|