fixup! fixup! fixup! feat(crypto): (WIP) add support for DTLS using PKI

namib-project · Sep 10, 2024 · d500dbe · d500dbe
1 parent 682b8ce
commit d500dbe
Show file tree

Hide file tree

Showing 6 changed files with 263 additions and 275 deletions.
diff --git a/libcoap/src/context.rs b/libcoap/src/context.rs
@@ -24,7 +24,8 @@ use libcoap_sys::{
  coap_set_app_data, coap_startup_with_feature_checks, COAP_BLOCK_SINGLE_BODY, COAP_BLOCK_USE_LIBCOAP, COAP_IO_WAIT,
 };
 
-use crate::crypto::pki_rpk::PkiContext;
+#[cfg(any(feature = "dtls-pki", feature = "dtls-rpk"))]
+use crate::crypto::pki_rpk::ServerPkiCryptoContext;
 #[cfg(feature = "dtls-psk")]
 use crate::crypto::psk::ServerPskContext;
 use crate::event::{event_handler_callback, CoapEventHandler};
@@ -61,8 +62,8 @@ struct CoapContextInner<'a> {
  #[cfg(feature = "dtls-psk")]
  psk_context: Option<ServerPskContext>,
  /// PKI context for encrypted server-side sessions.
- #[cfg(feature = "dtls-pki")]
- pki_context: Option<PkiContext>,
+ #[cfg(any(feature = "dtls-pki", feature = "dtls-rpk"))]
+ pki_rpk_context: Option<ServerPkiCryptoContext>,
  _context_lifetime_marker: PhantomData<&'a coap_context_t>,
 }
 
@@ -110,6 +111,8 @@ impl<'a> CoapContext<'a> {
  event_handler: None,
  #[cfg(feature = "dtls-psk")]
  psk_context: None,
+ #[cfg(feature = "dtls-pki")]
+ pki_rpk_context: None,
  _context_lifetime_marker: Default::default(),
  });
 
@@ -207,6 +210,27 @@ impl<'a> CoapContext<'a> {
  }
  }
  }
+
+ /// Sets the server-side cryptography information provider.
+ #[cfg(feature = "dtls-pki")]
+ pub fn set_pki_context(&mut self, pki_context: ServerPkiCryptoContext) {
+ // SAFETY: raw context is valid.
+ let mut inner = self.inner.borrow_mut();
+ // TODO there is probably a prettier way to do this instead of panicking.
+ // It would probably be easier to have a CoapContextBuilder that sets this, or to
+ // provide this in the constructor.
+ if inner.pki_rpk_context.is_some() {
+ panic!("PKI context has already been set.")
+ }
+ inner.pki_rpk_context = Some(Box::new(pki_context));
+ unsafe {
+ inner
+ .pki_rpk_context
+ .as_ref()
+ .unwrap()
+ .apply_to_context(NonNull::new(inner.raw_context).unwrap())
+ }
+ }
 }
 
 impl CoapContext<'_> {
@@ -296,27 +320,6 @@ impl CoapContext<'_> {
  }
  }
 
- /// Sets the server-side cryptography information provider.
- #[cfg(feature = "dtls-pki")]
- pub fn set_pki_context(&mut self, pki_context: PkiContext) {
- // SAFETY: raw context is valid.
- let mut inner = self.inner.borrow_mut();
- // TODO there is probably a prettier way to do this instead of panicking.
- // It would probably be easier to have a CoapContextBuilder that sets this, or to
- // provide this in the constructor.
- if inner.pki_context.is_some() {
- panic!("PSK context has already been set.")
- }
- inner.pki_context = Some(pki_context);
- unsafe {
- inner
- .pki_context
- .as_ref()
- .unwrap()
- .apply_to_context(NonNull::new(inner.raw_context).unwrap())
- }
- }
-
  /// Performs currently outstanding IO operations, waiting for a maximum duration of `timeout`.
  ///
  /// This is the function where most of the IO operations made using this library are actually

diff --git a/libcoap/src/crypto/mod.rs b/libcoap/src/crypto/mod.rs
@@ -9,7 +9,7 @@
 
 //! Cryptography provider interfaces and types
 
-#[cfg(feature = "dtls-pki")]
+#[cfg(any(feature = "dtls-rpk", feature = "dtls-pki"))]
 pub mod pki_rpk;
 #[cfg(feature = "dtls-psk")]
 pub mod psk;
@@ -21,19 +21,27 @@ pub enum ClientCryptoContext {
  #[cfg(feature = "dtls-psk")]
  Psk(psk::ClientPskContext),
  #[cfg(feature = "dtls-pki")]
- Pki(pki_rpk::PkiContext),
+ Pki(pki_rpk::PkiRpkContext<pki_rpk::Pki>),
+ #[cfg(feature = "dtls-rpk")]
+ Rpk(pki_rpk::PkiRpkContext<pki_rpk::Rpk>),
 }
 
-#[cfg(feature = "dtls-psk")]
 impl From<psk::ClientPskContext> for ClientCryptoContext {
  fn from(value: psk::ClientPskContext) -> Self {
  ClientCryptoContext::Psk(value)
  }
 }
 
 #[cfg(feature = "dtls-pki")]
-impl From<pki_rpk::PkiContext> for ClientCryptoContext {
- fn from(value: pki_rpk::PkiContext) -> Self {
+impl From<pki_rpk::PkiRpkContext<pki_rpk::Pki>> for ClientCryptoContext {
+ fn from(value: pki_rpk::PkiRpkContext<pki_rpk::Pki>) -> Self {
  ClientCryptoContext::Pki(value)
  }
 }
+
+#[cfg(feature = "dtls-rpk")]
+impl From<pki_rpk::PkiRpkContext<pki_rpk::Rpk>> for ClientCryptoContext {
+ fn from(value: pki_rpk::PkiRpkContext<pki_rpk::Rpk>) -> Self {
+ ClientCryptoContext::Rpk(value)
+ }
+}