examples/gcoap: add DTLS support

RIOT-OS · Nov 12, 2019 · 2723b8f · 2723b8f
1 parent 47b0794
commit 2723b8f
Show file tree

Hide file tree

Showing 3 changed files with 129 additions and 0 deletions.
diff --git a/examples/gcoap/Makefile b/examples/gcoap/Makefile
@@ -31,6 +31,18 @@ USEMODULE += gcoap
 # Additional networking modules that can be dropped if not needed
 USEMODULE += gnrc_icmpv6_echo
 
+# DTLS configuration
+# Choose which DTLS stack to use
+# USEMODULE += tinydtls_sock_dtls
+# USEMODULE += wolfssl_sock_dtls
+CFLAGS += -DDTLS_PSK
+# CFLAGS += -DDTLS_ECC
+# Uncomment to enable debug logs when using DTLS
+# CFLAGS += -DDTLS_DEBUG
+# Payload size might be bigger when using DTLS, causing errors not present
+# when using plain CoAP. Uncomment the next line to fix this.
+# CFLAGS += -DGCOAP_PDU_BUF_SIZE=256
+
 # Required by gcoap example
 USEMODULE += od
 USEMODULE += fmt

diff --git a/examples/gcoap/credentials.c b/examples/gcoap/credentials.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2018 Inria
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     tests
+ * @{
+ *
+ * @file
+ * @brief       tlsman test application (PSK and ECC keys)
+ *
+ * Small test for TLSMAN. Many definitions defined here are also available at
+ * sock_secure (and are intended to be used in standard applications)
+ *
+ * @author      Raul Fuentes <raul.fuentes-samaniego@inria.fr>
+ *
+ * @}
+ */
+
+#ifdef MODULE_SOCK_DTLS
+#ifdef DTLS_PSK
+const char psk_key[] = "secretPSK";
+const char psk_id[] = "Client_identity";
+const unsigned psk_key_len = sizeof(psk_key) - 1;
+const unsigned psk_id_len = sizeof(psk_id) - 1;
+#endif /* DTLS_PSK */
+
+#ifdef DTLS_ECC
+const unsigned char ecdsa_priv_key[] = {
+    0x41, 0xC1, 0xCB, 0x6B, 0x51, 0x24, 0x7A, 0x14,
+    0x43, 0x21, 0x43, 0x5B, 0x7A, 0x80, 0xE7, 0x14,
+    0x89, 0x6A, 0x33, 0xBB, 0xAD, 0x72, 0x94, 0xCA,
+    0x40, 0x14, 0x55, 0xA1, 0x94, 0xA9, 0x49, 0xFA
+};
+
+const unsigned char ecdsa_pub_key_x[] = {
+    0x36, 0xDF, 0xE2, 0xC6, 0xF9, 0xF2, 0xED, 0x29,
+    0xDA, 0x0A, 0x9A, 0x8F, 0x62, 0x68, 0x4E, 0x91,
+    0x63, 0x75, 0xBA, 0x10, 0x30, 0x0C, 0x28, 0xC5,
+    0xE4, 0x7C, 0xFB, 0xF2, 0x5F, 0xA5, 0x8F, 0x52
+};
+
+const unsigned char ecdsa_pub_key_y[] = {
+    0x71, 0xA0, 0xD4, 0xFC, 0xDE, 0x1A, 0xB8, 0x78,
+    0x5A, 0x3C, 0x78, 0x69, 0x35, 0xA7, 0xCF, 0xAB,
+    0xE9, 0x3F, 0x98, 0x72, 0x09, 0xDA, 0xED, 0x0B,
+    0x4F, 0xAB, 0xC3, 0x6F, 0xC7, 0x72, 0xF8, 0x29
+};
+#endif /* DTLS_ECC */
+#endif /* MODULE_SOCK_DTLS */
+
+typedef int unused_workaround;
diff --git a/examples/gcoap/gcoap_cli.c b/examples/gcoap/gcoap_cli.c
@@ -25,6 +25,22 @@
 #include "net/gcoap.h"
 #include "od.h"
 #include "fmt.h"
+#ifdef MODULE_SOCK_DTLS
+#include "net/credman.h"
+
+#define SOCK_DTLS_GCOAP_TAG (10)
+
+#ifdef DTLS_PSK
+extern const char psk_key[];
+extern const char psk_id[];
+extern const unsigned psk_key_len;
+extern const unsigned psk_id_len;
+#else /* DTLS_PSK */
+extern const unsigned char ecdsa_priv_key[];
+extern const unsigned char ecdsa_pub_key_x[];
+extern const unsigned char ecdsa_pub_key_y[];
+#endif /* DTLS_ECC */
+#endif /* MODULE_SOCK_DTLS */
 
 #define ENABLE_DEBUG (0)
 #include "debug.h"
@@ -281,6 +297,9 @@ int gcoap_cli_cmd(int argc, char **argv)
         uint8_t open_reqs = gcoap_op_state();
 
         printf("CoAP server is listening on port %u\n", GCOAP_PORT);
+    #ifdef MODULE_SOCK_DTLS
+        printf("Connection secured with DTLS\n");
+    #endif
         printf(" CLI requests sent: %u\n", req_count);
         printf("CoAP open requests: %u\n", open_reqs);
         return 0;
@@ -378,5 +397,47 @@ int gcoap_cli_cmd(int argc, char **argv)
 
 void gcoap_cli_init(void)
 {
+#ifdef MODULE_SOCK_DTLS
+#ifdef DTLS_PSK
+    credman_credential_t credential = {
+        .type = CREDMAN_TYPE_PSK,
+        .tag = SOCK_DTLS_GCOAP_TAG,
+        .params = {
+            .psk = {
+                .key = { .s = (char *)psk_key, .len = psk_key_len },
+                .id = { .s = (char *)psk_id, .len = psk_id_len },
+            },
+        },
+    };
+#else /* DTLS_PSK */
+    ecdsa_public_key_t other_pubkeys[] = {
+        { .x = ecdsa_pub_key_x, .y = ecdsa_pub_key_y },
+    };
+
+    credman_credential_t credential = {
+        .type = CREDMAN_TYPE_ECDSA,
+        .tag = SOCK_DTLS_GCOAP_TAG,
+        .params = {
+            .ecdsa = {
+                .private_key = ecdsa_priv_key,
+                .public_key = {
+                    .x = ecdsa_pub_key_x,
+                    .y = ecdsa_pub_key_y,
+                },
+                .client_keys = other_pubkeys,
+                .client_keys_size = ARRAY_SIZE(other_pubkeys),
+            }
+        },
+    };
+#endif /* DTLS_ECC */
+    if (credman_add(&credential) < 0) {
+        puts("gcoap_cli: unable to add credential");
+        return;
+    }
+
+    /* tell gcoap with tag to use */
+    gcoap_set_credential_tag(SOCK_DTLS_GCOAP_TAG);
+#endif
+
     gcoap_register_listener(&_listener);
 }