diff --git a/components/coap/Kconfig b/components/coap/Kconfig index ad00334c1..2e5693893 100644 --- a/components/coap/Kconfig +++ b/components/coap/Kconfig @@ -11,15 +11,9 @@ menu "CoAP Configuration" - Encrypt using defined Public Key Infrastructure (PKI if uri includes coaps://) config COAP_MBEDTLS_PSK - select MBEDTLS_SSL_PROTO_DTLS - select MBEDTLS_PSK_MODES - select MBEDTLS_KEY_EXCHANGE_PSK bool "Pre-Shared Keys" config COAP_MBEDTLS_PKI - select MBEDTLS_SSL_PROTO_DTLS - select MBEDTLS_PSK_MODES - select MBEDTLS_KEY_EXCHANGE_PSK bool "PKI Certificates" endchoice #COAP_MBEDTLS_ENCRYPTION_MODE diff --git a/components/coap/port/coap_mbedtls.c b/components/coap/port/coap_mbedtls.c index 1727dac67..71e9108b7 100644 --- a/components/coap/port/coap_mbedtls.c +++ b/components/coap/port/coap_mbedtls.c @@ -908,6 +908,7 @@ fail: } #endif /* !defined(ESPIDF_VERSION) || CONFIG_MBEDTLS_TLS_SERVER) */ +#if !defined(ESPIDF_VERSION) || defined(CONFIG_MBEDTLS_PSK_MODES) #define MAX_CIPHERS 100 static int psk_ciphers[MAX_CIPHERS]; static int pki_ciphers[MAX_CIPHERS]; @@ -964,6 +965,7 @@ set_ciphersuites(mbedtls_ssl_config *conf, int is_psk) } mbedtls_ssl_conf_ciphersuites(conf, is_psk ? psk_ciphers : pki_ciphers); } +#endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_PSK_MODES */ static int setup_client_ssl_session(coap_session_t *c_session, coap_mbedtls_env_t *m_env) @@ -1066,7 +1068,9 @@ static int setup_client_ssl_session(coap_session_t *c_session, #if !defined(ESPIDF_VERSION) || defined(CONFIG_MBEDTLS_SSL_PROTO_DTLS) mbedtls_ssl_set_mtu(&m_env->ssl, c_session->mtu); #endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_SSL_PROTO_DTLS */ +#if !defined(ESPIDF_VERSION) || defined(CONFIG_MBEDTLS_PSK_MODES) set_ciphersuites(&m_env->conf, 0); +#endif /* !ESPIDF_VERSION || CONFIG_MBEDTLS_PSK_MODES */ } return 0; @@ -1260,6 +1264,13 @@ int coap_dtls_context_set_psk(struct coap_context_t *c_context, { coap_mbedtls_context_t *m_context = ((coap_mbedtls_context_t *)c_context->dtls_context); +#if defined(ESPIDF_VERSION) && (!defined(CONFIG_MBEDTLS_PSK_MODES) || !defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK)) + coap_log(LOG_EMERG, "coap_dtls_context_set_psk:" + " libcoap not compiled with MBEDTLS_PSK_MODES and MBEDTLS_KEY_EXCHANGE_PSK" + " - update mbedTLS to include psk mode configs\n"); + return 0; +#endif /* ESPIDF_VERSION && (!CONFIG_MBEDTLS_PSK_MODES || !CONFIG_MBEDTLS_KEY_EXCHANGE_PSK) */ + #if defined(ESPIDF_VERSION) && !defined(CONFIG_MBEDTLS_TLS_SERVER) coap_log(LOG_EMERG, "coap_dtls_context_set_psk:" " libcoap not compiled for Server Mode for MbedTLS" @@ -1322,6 +1333,13 @@ int coap_dtls_context_set_pki(struct coap_context_t *c_context, coap_dtls_pki_t *setup_data, coap_dtls_role_t role UNUSED) { +#if defined(ESPIDF_VERSION) && (!defined(CONFIG_MBEDTLS_PSK_MODES) || !defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK)) + coap_log(LOG_EMERG, "coap_dtls_context_set_pki:" + " libcoap not compiled with MBEDTLS_PSK_MODES and MBEDTLS_KEY_EXCHANGE_PSK" + " - update mbedTLS to include psk mode configs\n"); + return 0; +#endif /* ESPIDF_VERSION && (!CONFIG_MBEDTLS_PSK_MODES || !CONFIG_MBEDTLS_KEY_EXCHANGE_PSK) */ + coap_mbedtls_context_t *m_context = ((coap_mbedtls_context_t *)c_context->dtls_context); diff --git a/examples/protocols/coap_client/sdkconfig.defaults b/examples/protocols/coap_client/sdkconfig.defaults new file mode 100644 index 000000000..03171ab26 --- /dev/null +++ b/examples/protocols/coap_client/sdkconfig.defaults @@ -0,0 +1,3 @@ +CONFIG_MBEDTLS_SSL_PROTO_DTLS=y +CONFIG_MBEDTLS_PSK_MODES=y +CONFIG_MBEDTLS_KEY_EXCHANGE_PSK=y diff --git a/examples/protocols/coap_server/sdkconfig.defaults b/examples/protocols/coap_server/sdkconfig.defaults new file mode 100644 index 000000000..03171ab26 --- /dev/null +++ b/examples/protocols/coap_server/sdkconfig.defaults @@ -0,0 +1,3 @@ +CONFIG_MBEDTLS_SSL_PROTO_DTLS=y +CONFIG_MBEDTLS_PSK_MODES=y +CONFIG_MBEDTLS_KEY_EXCHANGE_PSK=y