Fix libcoap building with various MbedTLS compile time options

components/coap/port/coap_mbedtls.c: Add in additional compile time check wrappers for different MbedTLS configurations. components/coap/CMakeLists.txt: components/coap/component.mk: components/coap/port/coap_notls.c: components/coap/port/include/coap_config_posix.h: Add in the ability to compile and run if MbedTLS does not have any TLS mode enabled. examples/protocols/coap_client/main/coap_client_example_main.c: Inform user that MbedTLS Client Mode is required for DTLS if not enabled, and coaps:// has been requested. [Lower libcoap library will still error and report this condition] examples/protocols/coap_server/main/coap_server_example_main.c: Inform user that MbedTLS Server Mode is required for DTLS if not enabled. [Lower libcoap library will still error and report this condition] Closes https://github.com/espressif/esp-idf/issues/3961 Closes https://github.com/espressif/esp-idf/issues/3971 Closes https://github.com/espressif/esp-idf/pull/3977
2019-08-28 10:03:17 +01:00 · 2019-08-28 10:03:17 +01:00 · 430b737760
parent 61442cdcbb
commit 430b737760
7 changed files with 266 additions and 13 deletions
--- a/components/coap/CMakeLists.txt
+++ b/components/coap/CMakeLists.txt
@ -19,6 +19,7 @@ set(srcs
    "libcoap/src/subscribe.c"
    "libcoap/src/uri.c"
    "libcoap/src/coap_io.c"
+    "port/coap_notls.c"
    "port/coap_mbedtls.c")

 idf_component_register(SRCS "${srcs}"
--- a/components/coap/component.mk
+++ b/components/coap/component.mk
@ -4,7 +4,7 @@

 COMPONENT_ADD_INCLUDEDIRS := port/include port/include/coap libcoap/include libcoap/include/coap2

-COMPONENT_OBJS = libcoap/src/address.o libcoap/src/async.o libcoap/src/block.o libcoap/src/coap_event.o libcoap/src/coap_hashkey.o libcoap/src/coap_session.o libcoap/src/coap_time.o port/coap_debug.o libcoap/src/encode.o libcoap/src/mem.o libcoap/src/net.o libcoap/src/option.o libcoap/src/pdu.o libcoap/src/resource.o libcoap/src/str.o libcoap/src/subscribe.o libcoap/src/uri.o port/coap_mbedtls.o libcoap/src/coap_io.o
+COMPONENT_OBJS = libcoap/src/address.o libcoap/src/async.o libcoap/src/block.o libcoap/src/coap_event.o libcoap/src/coap_hashkey.o libcoap/src/coap_session.o libcoap/src/coap_time.o port/coap_debug.o libcoap/src/encode.o libcoap/src/mem.o libcoap/src/net.o libcoap/src/option.o libcoap/src/pdu.o libcoap/src/resource.o libcoap/src/str.o libcoap/src/subscribe.o libcoap/src/uri.o port/coap_mbedtls.o libcoap/src/coap_io.o port/coap_notls.o

 COMPONENT_SRCDIRS := libcoap/src libcoap port

--- a/components/coap/port/coap_mbedtls.c
+++ b/components/coap/port/coap_mbedtls.c
@ -188,7 +188,7 @@ coap_dgram_write(void *ctx, const unsigned char *send_buffer,
  return result;
 }

-#if !defined(ESPIDF_VERSION) || defined(CONFIG_MBEDTLS_SSL_PROTO_DTLS)
+#if !defined(ESPIDF_VERSION) || (defined(CONFIG_MBEDTLS_SSL_PROTO_DTLS) && defined(CONFIG_MBEDTLS_TLS_SERVER))
 static char*
 get_ip_addr(const struct coap_address_t *addr)
 {
@ -222,9 +222,9 @@ get_ip_addr(const struct coap_address_t *addr)
  }
  return str;
 }
-#endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_SSL_PROTO_DTLS */
+#endif /* !ESPIDF_VERSION || (CONFIG_MBEDTLS_SSL_PROTO_DTLS && CONFIG_MBEDTLS_TLS_SERVER) */

-#if !defined(ESPIDF_VERSION) || (defined(CONFIG_MBEDTLS_SSL_PROTO_DTLS) && defined(CONFIG_MBEDTLS_PSK_MODES))
+#if !defined(ESPIDF_VERSION) || (defined(CONFIG_MBEDTLS_SSL_PROTO_DTLS) && defined(CONFIG_MBEDTLS_PSK_MODES) && defined(CONFIG_MBEDTLS_TLS_SERVER))
 /*
 * Server side PSK callback
 */
@ -277,7 +277,7 @@ static int psk_server_callback(void *p_info, mbedtls_ssl_context *ssl,
  mbedtls_ssl_set_hs_psk(ssl, buf, psk_len);
  return 0;
 }
-#endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_SSL_PROTO_DTLS */
+#endif /* !ESPIDF_VERSION || (CONFIG_MBEDTLS_SSL_PROTO_DTLS && CONFIG_MBEDTLS_PSK_MODES && CONFIG_MBEDTLS_TLS_SERVER) */

 static char*
 get_san_or_cn_from_cert(mbedtls_x509_crt *crt)
@ -691,6 +691,7 @@ setup_pki_credentials(mbedtls_x509_crt *cacert,
  return 0;
 }

+#if !defined(ESPIDF_VERSION) || defined(CONFIG_MBEDTLS_TLS_SERVER)
 /*
 * PKI SNI callback.
 */
@ -763,6 +764,7 @@ end:
  }
  return ret;
 }
+#endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_TLS_SERVER */

 #ifdef PSK2_PR
 /*
@ -836,6 +838,8 @@ end:
 }
 #endif /* PSK2_PR */

+#if !defined(ESPIDF_VERSION) || defined(CONFIG_MBEDTLS_TLS_SERVER)
+
 static int setup_server_ssl_session(coap_session_t *c_session,
                                    coap_mbedtls_env_t *m_env)
 {
@ -897,11 +901,12 @@ static int setup_server_ssl_session(coap_session_t *c_session,
  mbedtls_ssl_conf_dtls_cookies(&m_env->conf, mbedtls_ssl_cookie_write,
                                mbedtls_ssl_cookie_check,
                                &m_env->cookie_ctx );
-    mbedtls_ssl_set_mtu(&m_env->ssl, c_session->mtu);
+  mbedtls_ssl_set_mtu(&m_env->ssl, c_session->mtu);
 #endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_SSL_PROTO_DTLS */
 fail:
  return ret;
 }
+#endif /* !defined(ESPIDF_VERSION) || CONFIG_MBEDTLS_TLS_SERVER) */

 #define MAX_CIPHERS 100
 static int psk_ciphers[MAX_CIPHERS];
@ -1043,6 +1048,7 @@ static int setup_client_ssl_session(coap_session_t *c_session,
      coap_log(LOG_ERR, "PKI setup failed\n");
      return ret;
    }
+#if !defined(ESPIDF_VERSION) || defined(CONFIG_MBEDTLS_TLS_SERVER)
    if (c_session->proto == COAP_PROTO_TLS) {
      const char *alpn_list[2];

@ -1053,6 +1059,7 @@ static int setup_client_ssl_session(coap_session_t *c_session,
        coap_log(LOG_ERR, "ALPN setup failed %d)\n", ret);
      }
    }
+#endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_TLS_SERVER */
    if (m_context->setup_data.client_sni) {
      mbedtls_ssl_set_hostname(&m_env->ssl, m_context->setup_data.client_sni);
    }
@ -1189,10 +1196,12 @@ static coap_mbedtls_env_t *coap_dtls_new_mbedtls_env(coap_session_t *c_session,
    if (setup_client_ssl_session(c_session, m_env) != 0) {
      goto fail;
    }
+#if !defined(ESPIDF_VERSION) || defined(CONFIG_MBEDTLS_TLS_SERVER)
  } else if (role == COAP_DTLS_ROLE_SERVER) {
    if (setup_server_ssl_session(c_session, m_env) != 0) {
      goto fail;
    }
+#endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_TLS_SERVER */
  } else {
    goto fail;
  }
@ -1251,6 +1260,12 @@ int coap_dtls_context_set_psk(struct coap_context_t *c_context,
 {
  coap_mbedtls_context_t *m_context =
              ((coap_mbedtls_context_t *)c_context->dtls_context);
+#if defined(ESPIDF_VERSION) && !defined(CONFIG_MBEDTLS_TLS_SERVER)
+  coap_log(LOG_EMERG, "coap_dtls_context_set_psk:"
+           " libcoap not compiled for Server Mode for MbedTLS"
+           " - update MbedTLS to include Server Mode\n");
+  return 0;
+#endif /* ESPIDF_VERSION && !CONFIG_MBEDTLS_TLS_SERVER */
  m_context->psk_pki_enabled |= IS_PSK;
  return 1;
 }
@ -1266,6 +1281,12 @@ coap_dtls_context_set_spsk(coap_context_t *c_context,
  coap_mbedtls_context_t *m_context =
                         ((coap_mbedtls_context_t *)c_context->dtls_context);

+#if defined(ESPIDF_VERSION) && !defined(CONFIG_MBEDTLS_TLS_SERVER)
+  coap_log(LOG_EMERG, "coap_dtls_context_set_spsk:"
+           " libcoap not compiled for Server Mode for MbedTLS"
+           " - update MbedTLS to include Server Mode\n");
+  return 0;
+#endif /* ESPIDF_VERSION && !CONFIG_MBEDTLS_TLS_SERVER */
  if (!m_context || !setup_data)
    return 0;

@ -1315,6 +1336,7 @@ int coap_dtls_context_set_pki_root_cas(struct coap_context_t *c_context,
 {
  coap_mbedtls_context_t *m_context =
             ((coap_mbedtls_context_t *)c_context->dtls_context);
+
  if (!m_context) {
    coap_log(LOG_WARNING,
             "coap_context_set_pki_root_cas: (D)TLS environment "
@ -1383,6 +1405,13 @@ void coap_dtls_free_context(void *dtls_context)

 void *coap_dtls_new_client_session(coap_session_t *c_session)
 {
+#if defined(ESPIDF_VERSION) && !defined(CONFIG_MBEDTLS_TLS_CLIENT)
+  (void)c_session;
+  coap_log(LOG_EMERG, "coap_dtls_new_client_session:"
+           " libcoap not compiled for Client Mode for MbedTLS"
+           " - update MbedTLS to include Client Mode\n");
+  return NULL;
+#else /* !ESPIDF_VERSION || CONFIG_MBEDTLS_TLS_CLIENT */
  coap_mbedtls_env_t *m_env = coap_dtls_new_mbedtls_env(c_session,
                                                       COAP_DTLS_ROLE_CLIENT);
  int ret;
@ -1395,6 +1424,7 @@ void *coap_dtls_new_client_session(coap_session_t *c_session)
    }
  }
  return m_env;
+#endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_TLS_CLIENT */
 }

 void *coap_dtls_new_server_session(coap_session_t *c_session)
@ -1628,12 +1658,15 @@ int coap_dtls_hello(coap_session_t *c_session,
                    const uint8_t *data,
                    size_t data_len)
 {
-#if defined(ESPIDF_VERSION) && !defined(CONFIG_MBEDTLS_SSL_PROTO_DTLS)
+#if defined(ESPIDF_VERSION) && (!defined(CONFIG_MBEDTLS_SSL_PROTO_DTLS) || !defined(CONFIG_MBEDTLS_TLS_SERVER))
  (void)c_session;
  (void)data;
  (void)data_len;
+  coap_log(LOG_EMERG, "coap_dtls_hello:"
+           " libcoap not compiled for DTLS or Server Mode for MbedTLS"
+           " - update MbedTLS to include DTLS and Server Mode\n");
  return -1;
-#else /* !ESPIDF_VERSION) || CONFIG_MBEDTLS_SSL_PROTO_DTLS */
+#else /* !ESPIDF_VERSION) || (CONFIG_MBEDTLS_SSL_PROTO_DTLS && CONFIG_MBEDTLS_TLS_SERVER) */
  coap_mbedtls_env_t *m_env = (coap_mbedtls_env_t *)c_session->tls;
  coap_ssl_t *ssl_data = m_env ? &m_env->coap_ssl_data : NULL;
  int ret;
@ -1697,7 +1730,7 @@ int coap_dtls_hello(coap_session_t *c_session,
     return 1;
  }
  return 0;
-#endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_SSL_PROTO_DTLS */
+#endif /* !ESPIDF_VERSION) || (CONFIG_MBEDTLS_SSL_PROTO_DTLS && CONFIG_MBEDTLS_TLS_SERVER) */
 }

 unsigned int coap_dtls_get_overhead(coap_session_t *c_session UNUSED)
--- a/components/coap/port/coap_notls.c
+++ b/components/coap/port/coap_notls.c
@ -0,0 +1,190 @@
+/*
+* coap_notls.c -- Stub Datagram Transport Layer Support for libcoap
+*
+* Copyright (C) 2016 Olaf Bergmann <bergmann@tzi.org>
+*
+* This file is part of the CoAP library libcoap. Please see README for terms
+* of use.
+*/
+
+#include "coap_config.h"
+
+#if !defined(HAVE_LIBTINYDTLS) && !defined(HAVE_OPENSSL) && !defined(HAVE_LIBGNUTLS) && !defined(HAVE_MBEDTLS)
+
+#include "net.h"
+
+#ifdef __GNUC__
+#define UNUSED __attribute__((unused))
+#else /* __GNUC__ */
+#define UNUSED
+#endif /* __GNUC__ */
+
+int
+coap_dtls_is_supported(void) {
+  return 0;
+}
+
+int
+coap_tls_is_supported(void) {
+  return 0;
+}
+
+coap_tls_version_t *
+coap_get_tls_library_version(void) {
+  static coap_tls_version_t version;
+  version.version = 0;
+  version.type = COAP_TLS_LIBRARY_NOTLS;
+  return &version;
+}
+
+int
+coap_dtls_context_set_pki(coap_context_t *ctx UNUSED,
+                          coap_dtls_pki_t* setup_data UNUSED,
+                          coap_dtls_role_t role UNUSED
+) {
+  return 0;
+}
+
+int
+coap_dtls_context_set_pki_root_cas(struct coap_context_t *ctx UNUSED,
+                                   const char *ca_file UNUSED,
+                                   const char *ca_path UNUSED
+) {
+  return 0;
+}
+
+int
+coap_dtls_context_set_psk(coap_context_t *ctx UNUSED,
+                          const char *hint UNUSED,
+                          coap_dtls_role_t role UNUSED
+) {
+  return 0;
+}
+
+int
+coap_dtls_context_check_keys_enabled(coap_context_t *ctx UNUSED)
+{
+  return 0;
+}
+
+static int dtls_log_level = 0;
+
+void coap_dtls_startup(void) {
+}
+
+void
+coap_dtls_set_log_level(int level) {
+  dtls_log_level = level;
+}
+
+int
+coap_dtls_get_log_level(void) {
+  return dtls_log_level;
+}
+
+void *
+coap_dtls_new_context(struct coap_context_t *coap_context UNUSED) {
+  return NULL;
+}
+
+void
+coap_dtls_free_context(void *handle UNUSED) {
+}
+
+void *coap_dtls_new_server_session(coap_session_t *session UNUSED) {
+  return NULL;
+}
+
+void *coap_dtls_new_client_session(coap_session_t *session UNUSED) {
+  return NULL;
+}
+
+void coap_dtls_free_session(coap_session_t *coap_session UNUSED) {
+}
+
+void coap_dtls_session_update_mtu(coap_session_t *session UNUSED) {
+}
+
+int
+coap_dtls_send(coap_session_t *session UNUSED,
+  const uint8_t *data UNUSED,
+  size_t data_len UNUSED
+) {
+  return -1;
+}
+
+int coap_dtls_is_context_timeout(void) {
+  return 1;
+}
+
+coap_tick_t coap_dtls_get_context_timeout(void *dtls_context UNUSED) {
+  return 0;
+}
+
+coap_tick_t
+coap_dtls_get_timeout(coap_session_t *session UNUSED, coap_tick_t now UNUSED) {
+  return 0;
+}
+
+void coap_dtls_handle_timeout(coap_session_t *session UNUSED) {
+}
+
+int
+coap_dtls_receive(coap_session_t *session UNUSED,
+  const uint8_t *data UNUSED,
+  size_t data_len UNUSED
+) {
+  return -1;
+}
+
+int
+coap_dtls_hello(coap_session_t *session UNUSED,
+  const uint8_t *data UNUSED,
+  size_t data_len UNUSED
+) {
+  return 0;
+}
+
+unsigned int coap_dtls_get_overhead(coap_session_t *session UNUSED) {
+  return 0;
+}
+
+void *coap_tls_new_client_session(coap_session_t *session UNUSED, int *connected UNUSED) {
+  return NULL;
+}
+
+void *coap_tls_new_server_session(coap_session_t *session UNUSED, int *connected UNUSED) {
+  return NULL;
+}
+
+void coap_tls_free_session(coap_session_t *coap_session UNUSED) {
+}
+
+ssize_t coap_tls_write(coap_session_t *session UNUSED,
+                       const uint8_t *data UNUSED,
+                       size_t data_len UNUSED
+) {
+  return -1;
+}
+
+ssize_t coap_tls_read(coap_session_t *session UNUSED,
+                      uint8_t *data UNUSED,
+                      size_t data_len UNUSED
+) {
+  return -1;
+}
+
+#undef UNUSED
+
+#else /* !HAVE_LIBTINYDTLS && !HAVE_OPENSSL && !HAVE_LIBGNUTLS */
+
+#ifdef __clang__
+/* Make compilers happy that do not like empty modules. As this function is
+ * never used, we ignore -Wunused-function at the end of compiling this file
+ */
+#pragma GCC diagnostic ignored "-Wunused-function"
+#endif
+static inline void dummy(void) {
+}
+
+#endif /* !HAVE_LIBTINYDTLS && !HAVE_OPENSSL && !HAVE_LIBGNUTLS */
--- a/components/coap/port/include/coap_config_posix.h
+++ b/components/coap/port/include/coap_config_posix.h
@ -29,13 +29,27 @@
 #define HAVE_TIME_H
 #define HAVE_NETDB_H
 #define HAVE_NETINET_IN_H
+#define HAVE_STRUCT_CMSGHDR

-#define IPV6_PKTINFO IPV6_V6ONLY
+#define ipi_spec_dst ipi_addr
+struct in6_pktinfo {
+  struct in6_addr ipi6_addr;        /* src/dst IPv6 address */
+  unsigned int ipi6_ifindex;        /* send/recv interface index */
+};
+#define IN6_IS_ADDR_V4MAPPED(a) \
+        ((((__const uint32_t *) (a))[0] == 0)                                 \
+         && (((__const uint32_t *) (a))[1] == 0)                              \
+         && (((__const uint32_t *) (a))[2] == htonl (0xffff)))
+
+/* As not defined, just need to define is as something innocuous */
+#define IPV6_PKTINFO IPV6_CHECKSUM

 #define PACKAGE_NAME "libcoap-posix"
 #define PACKAGE_VERSION "?"

+#ifdef CONFIG_MBEDTLS_TLS_ENABLED
 #define HAVE_MBEDTLS
+#endif /* CONFIG_MBEDTLS_TLS_ENABLED */
 #define COAP_CONSTRAINED_STACK 1
 #define ESPIDF_VERSION

--- a/examples/protocols/coap_client/main/coap_client_example_main.c
+++ b/examples/protocols/coap_client/main/coap_client_example_main.c
@ -219,9 +219,12 @@ static void coap_example_client(void *p)
            break;
        }

-        if ((uri.scheme == COAP_URI_SCHEME_COAPS && !coap_dtls_is_supported()) ||
-                (uri.scheme == COAP_URI_SCHEME_COAPS_TCP && !coap_tls_is_supported())) {
-            ESP_LOGE(TAG, "CoAP server uri scheme is not supported");
+        if (uri.scheme == COAP_URI_SCHEME_COAPS && !coap_dtls_is_supported()) {
+            ESP_LOGE(TAG, "MbedTLS (D)TLS Client Mode not configured");
+            break;
+        }
+        if (uri.scheme == COAP_URI_SCHEME_COAPS_TCP && !coap_tls_is_supported()) {
+            ESP_LOGE(TAG, "CoAP server uri coaps+tcp:// scheme is not supported");
            break;
        }

@ -308,6 +311,10 @@ static void coap_example_client(void *p)
         * but the code is left in for completeness.
         */
        if (uri.scheme == COAP_URI_SCHEME_COAPS || uri.scheme == COAP_URI_SCHEME_COAPS_TCP) {
+#ifndef CONFIG_MBEDTLS_TLS_CLIENT
+            ESP_LOGE(TAG, "MbedTLS (D)TLS Client Mode not configured");
+            goto clean_up;
+#endif /* CONFIG_MBEDTLS_TLS_CLIENT */
 #ifdef CONFIG_COAP_MBEDTLS_PSK
            session = coap_new_client_session_psk(ctx, NULL, &dst_addr,
                                                  uri.scheme == COAP_URI_SCHEME_COAPS ? COAP_PROTO_DTLS : COAP_PROTO_TLS,
--- a/examples/protocols/coap_server/main/coap_server_example_main.c
+++ b/examples/protocols/coap_server/main/coap_server_example_main.c
@ -252,12 +252,20 @@ static void coap_example_server(void *p)
        }
 #if defined(CONFIG_COAP_MBEDTLS_PSK) || defined(CONFIG_COAP_MBEDTLS_PKI)
        if (coap_dtls_is_supported()) {
+#ifndef CONFIG_MBEDTLS_TLS_SERVER
+            /* This is not critical as unencrypted support is still available */
+            ESP_LOGI(TAG, "MbedTLS (D)TLS Server Mode not configured");
+#else /* CONFIG_MBEDTLS_TLS_SERVER */
            serv_addr.addr.sin.sin_port = htons(COAPS_DEFAULT_PORT);
            ep = coap_new_endpoint(ctx, &serv_addr, COAP_PROTO_DTLS);
            if (!ep) {
                ESP_LOGE(TAG, "dtls: coap_new_endpoint() failed");
                goto clean_up;
            }
+#endif /* CONFIG_MBEDTLS_TLS_SERVER */
+        } else {
+            /* This is not critical as unencrypted support is still available */
+            ESP_LOGI(TAG, "MbedTLS (D)TLS Server Mode not configured");
        }
 #endif /* CONFIG_COAP_MBEDTLS_PSK CONFIG_COAP_MBEDTLS_PKI */
        resource = coap_resource_init(coap_make_str_const("Espressif"), 0);