Use new call-back function get_psk_info() for Contiki client and serv…

…er examples
particle-iot · Dec 2, 2014 · b7d53af · b7d53af
1 parent ead8510
commit b7d53af
Show file tree

Hide file tree

Showing 2 changed files with 100 additions and 28 deletions.
diff --git a/examples/contiki/dtls-client.c b/examples/contiki/dtls-client.c
@@ -45,6 +45,19 @@
 #include "debug.h"
 #include "dtls.h"
 
+#ifdef DTLS_PSK
+/* The PSK information for DTLS */
+/* make sure that default identity and key fit into buffer, i.e.
+ * sizeof(PSK_DEFAULT_IDENTITY) - 1 <= PSK_ID_MAXLEN and
+ * sizeof(PSK_DEFAULT_KEY) - 1 <= PSK_MAXLEN
+*/
+
+#define PSK_ID_MAXLEN 32
+#define PSK_MAXLEN 32
+#define PSK_DEFAULT_IDENTITY "Client_identity"
+#define PSK_DEFAULT_KEY      "secretPSK"
+#endif /* DTLS_PSK */
+
 #define UIP_IP_BUF   ((struct uip_ip_hdr *)&uip_buf[UIP_LLH_LEN])
 #define UIP_UDP_BUF  ((struct uip_udp_hdr *)&uip_buf[UIP_LLIPH_LEN])
 
@@ -116,21 +129,52 @@ send_to_peer(struct dtls_context_t *ctx,
 }
 
 #ifdef DTLS_PSK
+static unsigned char psk_id[PSK_ID_MAXLEN] = PSK_DEFAULT_IDENTITY;
+static size_t psk_id_length = sizeof(PSK_DEFAULT_IDENTITY) - 1;
+static unsigned char psk_key[PSK_MAXLEN] = PSK_DEFAULT_KEY;
+static size_t psk_key_length = sizeof(PSK_DEFAULT_KEY) - 1;
+
+#ifdef __GNUC__
+#define UNUSED_PARAM __attribute__((unused))
+#else
+#define UNUSED_PARAM
+#endif /* __GNUC__ */
+
+/* This function is the "key store" for tinyDTLS. It is called to
+ * retrieve a key for the given identity within this particular
+ * session. */
 static int
-get_psk_key(struct dtls_context_t *ctx, 
-	    const session_t *session, 
-	    const unsigned char *id, size_t id_len, 
-	    const dtls_psk_key_t **result) {
-
-  static const dtls_psk_key_t psk = {
-    .id = (unsigned char *)"Client_identity", 
-    .id_length = 15,
-    .key = (unsigned char *)"secretPSK", 
-    .key_length = 9
-  };
-
-  *result = &psk;
-  return 0;
+get_psk_info(struct dtls_context_t *ctx UNUSED_PARAM,
+	    const session_t *session UNUSED_PARAM,
+	    dtls_credentials_type_t type,
+	    const unsigned char *id, size_t id_len,
+	    unsigned char *result, size_t result_length) {
+
+  switch (type) {
+  case DTLS_PSK_IDENTITY:
+    if (result_length < psk_id_length) {
+      dtls_warn("cannot set psk_identity -- buffer too small\n");
+      return dtls_alert_fatal_create(DTLS_ALERT_INTERNAL_ERROR);
+    }
+
+    memcpy(result, psk_id, psk_id_length);
+    return psk_id_length;
+  case DTLS_PSK_KEY:
+    if (id_len != psk_id_length || memcmp(psk_id, id, id_len) != 0) {
+      dtls_warn("PSK for unknown id requested, exiting\n");
+      return dtls_alert_fatal_create(DTLS_ALERT_ILLEGAL_PARAMETER);
+    } else if (result_length < psk_key_length) {
+      dtls_warn("cannot set psk -- buffer too small\n");
+      return dtls_alert_fatal_create(DTLS_ALERT_INTERNAL_ERROR);
+    }
+
+    memcpy(result, psk_key, psk_key_length);
+    return psk_key_length;
+  default:
+    dtls_warn("unsupported request type: %d\n", type);
+  }
+
+  return dtls_alert_fatal_create(DTLS_ALERT_INTERNAL_ERROR);
 }
 #endif /* DTLS_PSK */
 
@@ -221,7 +265,7 @@ init_dtls(session_t *dst) {
     .read  = read_from_peer,
     .event = NULL,
 #ifdef DTLS_PSK
-    .get_psk_key = get_psk_key,
+    .get_psk_info = get_psk_info,
 #endif /* DTLS_PSK */
 #ifdef DTLS_ECC
     .get_ecdsa_key = get_ecdsa_key,

diff --git a/examples/contiki/dtls-server.c b/examples/contiki/dtls-server.c
@@ -113,21 +113,49 @@ send_to_peer(struct dtls_context_t *ctx,
 }
 
 #ifdef DTLS_PSK
+/* This function is the "key store" for tinyDTLS. It is called to
+ * retrieve a key for the given identity within this particular
+ * session. */
 static int
-get_psk_key(struct dtls_context_t *ctx, 
-	    const session_t *session, 
-	    const unsigned char *id, size_t id_len, 
-	    const dtls_psk_key_t **result) {
-
-  static const dtls_psk_key_t psk = {
-    .id = (unsigned char *)"Client_identity", 
-    .id_length = 15,
-    .key = (unsigned char *)"secretPSK", 
-    .key_length = 9
+get_psk_info(struct dtls_context_t *ctx, const session_t *session,
+	     dtls_credentials_type_t type,
+	     const unsigned char *id, size_t id_len,
+	     unsigned char *result, size_t result_length) {
+
+  struct keymap_t {
+    unsigned char *id;
+    size_t id_length;
+    unsigned char *key;
+    size_t key_length;
+  } psk[3] = {
+    { (unsigned char *)"Client_identity", 15,
+      (unsigned char *)"secretPSK", 9 },
+    { (unsigned char *)"default identity", 16,
+      (unsigned char *)"\x11\x22\x33", 3 },
+    { (unsigned char *)"\0", 2,
+      (unsigned char *)"", 1 }
   };
 
-  *result = &psk;
-  return 0;
+  if (type != DTLS_PSK_KEY) {
+    return 0;
+  }
+
+  if (id) {
+    int i;
+    for (i = 0; i < sizeof(psk)/sizeof(struct keymap_t); i++) {
+      if (id_len == psk[i].id_length && memcmp(id, psk[i].id, id_len) == 0) {
+	if (result_length < psk[i].key_length) {
+	  dtls_warn("buffer too small for PSK");
+	  return dtls_alert_fatal_create(DTLS_ALERT_INTERNAL_ERROR);
+	}
+
+	memcpy(result, psk[i].key, psk[i].key_length);
+	return psk[i].key_length;
+      }
+    }
+  }
+
+  return dtls_alert_fatal_create(DTLS_ALERT_DECRYPT_ERROR);
 }
 #endif /* DTLS_PSK */
 
@@ -219,7 +247,7 @@ init_dtls() {
     .read  = read_from_peer,
     .event = NULL,
 #ifdef DTLS_PSK
-    .get_psk_key = get_psk_key,
+    .get_psk_info = get_psk_info,
 #endif /* DTLS_PSK */
 #ifdef DTLS_ECC
     .get_ecdsa_key = get_ecdsa_key,