Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(WIP) Rework of DTLS code, add DTLS PKI/RPK #32

Draft
wants to merge 8 commits into
base: main
Choose a base branch
from
Draft

(WIP) Rework of DTLS code, add DTLS PKI/RPK #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
2ce830b
refactor: convert crypto module to directory
pulsastrix Aug 23, 2024
c84930b
feat(crypto): refactor DTLS PSK code
pulsastrix Aug 23, 2024
946a9f3
fix: ensure CoapUri is actually pinned correctly
pulsastrix Aug 27, 2024
82be6ab
feat(crypto): (WIP) add support for DTLS using PKI
pulsastrix Sep 3, 2024
af7b26c
refactor: improvements to and cleanup of new DTLS code
pulsastrix Sep 11, 2024
97a7ccc
test: implement tests for DTLS PKI/RPK
pulsastrix Sep 11, 2024
0b10ac3
feat(dtls): allow setting root CAs if PKI is used
pulsastrix Sep 27, 2024
8e23d3c
fix: allow PKI key definition without CA cert
pulsastrix Sep 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 12 additions & 4 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,14 @@ jobs:
with:
packages: libgnutls28-dev libgnutls30
version: 1.0
- if: matrix.crate == 'libcoap-rs' && matrix.dtls_backend != 'gnutls'
run: cargo test -p ${{ matrix.crate }} --no-default-features --features dtls,tcp,vendored --features dtls_${{ matrix.dtls_backend }} --features dtls_${{ matrix.dtls_backend }}_vendored --no-fail-fast
- if: matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'tinydtls'
run: cargo test -p ${{ matrix.crate }} --no-default-features --features tcp,vendored,dtls-psk,dtls-rpk --features dtls_${{ matrix.dtls_backend }} --features dtls_${{ matrix.dtls_backend }}_vendored --no-fail-fast
- if: matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'mbedtls'
run: cargo test -p ${{ matrix.crate }} --no-default-features --features tcp,vendored,dtls-psk,dtls-pki --features dtls_${{ matrix.dtls_backend }} --features dtls_${{ matrix.dtls_backend }}_vendored --no-fail-fast
- if: matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'openssl'
run: cargo test -p ${{ matrix.crate }} --no-default-features --features tcp,vendored,dtls-psk,dtls-pki --features dtls_${{ matrix.dtls_backend }} --features dtls_${{ matrix.dtls_backend }}_vendored --no-fail-fast
- if: matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'gnutls'
run: cargo test -p ${{ matrix.crate }} --no-default-features --features dtls,tcp,vendored --features dtls_${{ matrix.dtls_backend }} --no-fail-fast
run: cargo test -p ${{ matrix.crate }} --no-default-features --features tcp,vendored,dtls-psk,dtls-pki,dtls-rpk --features dtls_${{ matrix.dtls_backend }} --no-fail-fast
- if: matrix.crate == 'libcoap-sys' && matrix.dtls_backend != 'gnutls'
run: cargo test -p ${{ matrix.crate }} --features dtls,dtls_backend_${{ matrix.dtls_backend }},dtls_backend_${{ matrix.dtls_backend }}_vendored --no-fail-fast
- if: matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'gnutls'
Expand Down Expand Up @@ -81,7 +85,11 @@ jobs:
- uses: baptiste0928/cargo-install@v3
with:
crate: cargo-tarpaulin
- run: cargo tarpaulin --no-fail-fast --workspace --verbose --features dtls,tcp,vendored --exclude-files libcoap-sys/tests,libcoap/tests --timeout 120 --out Xml
- uses: awalsh128/cache-apt-pkgs-action@latest
with:
packages: libgnutls28-dev libgnutls30
version: 1.0
- run: cargo tarpaulin --no-fail-fast --workspace --verbose --features tcp,vendored,dtls_gnutls,dtls-psk,dtls-rpk,dtls-pki --exclude-files libcoap-sys/tests,libcoap/tests --timeout 120 --out Xml
- id: cov-report
name: Produce the coverage report
uses: pulsastrix/coverage-action@always_generate_comment_body
Expand Down
2 changes: 1 addition & 1 deletion .idea/runConfigurations/Test.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions .idea/scopes/Actual_Project_Files.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 5 additions & 5 deletions libcoap-sys/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -200,27 +200,27 @@ pub fn coap_startup_with_feature_checks() {
#[cfg(feature = "dtls-cid")]
// SAFETY: Function is always safe to call.
if unsafe { coap_dtls_cid_is_supported() != 1 } {
panic!("Required feature \"dtls\" is not supported by libcoap")
panic!("Required feature \"dtls-cid\" is not supported by libcoap")
}
#[cfg(feature = "dtls-psk")]
// SAFETY: Function is always safe to call.
if unsafe { coap_dtls_psk_is_supported() != 1 } {
panic!("Required feature \"dtls\" is not supported by libcoap")
panic!("Required feature \"dtls-psk\" is not supported by libcoap")
}
#[cfg(feature = "dtls-pki")]
// SAFETY: Function is always safe to call.
if unsafe { coap_dtls_pki_is_supported() != 1 } {
panic!("Required feature \"dtls\" is not supported by libcoap")
panic!("Required feature \"dtls-pki\" is not supported by libcoap")
}
#[cfg(feature = "dtls-pkcs11")]
// SAFETY: Function is always safe to call.
if !unsafe { coap_dtls_pkcs11_is_supported() == 1 } {
panic!("Required feature \"dtls\" is not supported by libcoap")
panic!("Required feature \"dtls-pkcs11\" is not supported by libcoap")
}
#[cfg(feature = "dtls-rpk")]
// SAFETY: Function is always safe to call.
if unsafe { coap_dtls_rpk_is_supported() != 1 } {
panic!("Required feature \"dtls\" is not supported by libcoap")
panic!("Required feature \"dtls-rpk\" is not supported by libcoap")
}
#[cfg(feature = "epoll")]
// SAFETY: Function is always safe to call.
Expand Down
6 changes: 4 additions & 2 deletions libcoap/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,17 @@ keywords = ["coap", "libcoap"]
resolver = "2"

[features]
default = ["dtls", "tcp", "dtls_openssl", "vendored", "libcoap-sys/default"]
dtls = ["libcoap-sys/dtls"]
default = ["dtls-psk", "tcp", "dtls_openssl", "vendored", "libcoap-sys/default"]
dtls_tinydtls = ["libcoap-sys/dtls_backend_tinydtls"]
dtls_tinydtls_vendored = ["dtls_tinydtls", "libcoap-sys/dtls_backend_tinydtls_vendored"]
dtls_openssl = ["libcoap-sys/dtls_backend_openssl"]
dtls_openssl_vendored = ["dtls_openssl", "libcoap-sys/dtls_backend_openssl_vendored"]
dtls_gnutls = ["libcoap-sys/dtls_backend_gnutls"]
dtls_mbedtls = ["libcoap-sys/dtls_backend_mbedtls"]
dtls_mbedtls_vendored = ["dtls_mbedtls", "libcoap-sys/dtls_backend_mbedtls_vendored"]
dtls-psk = ["libcoap-sys/dtls", "libcoap-sys/dtls-psk"]
dtls-pki = ["libcoap-sys/dtls", "libcoap-sys/dtls-pki"]
dtls-rpk = ["libcoap-sys/dtls", "libcoap-sys/dtls-rpk"]
tcp = ["libcoap-sys/tcp"]
tls = ["libcoap-sys/tls"]
rand = ["dep:rand", "dep:rand_core"]
Expand Down
3 changes: 3 additions & 0 deletions libcoap/build.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ fn main() {
println!("cargo::rustc-check-cfg=cfg(dtls_ec_jpake_support)");
println!("cargo::rustc-check-cfg=cfg(dtls_cid_support)");
println!("cargo::rustc-check-cfg=cfg(coap_uri_buf_unused)");
println!("cargo::rustc-check-cfg=cfg(dtls)");
if let Ok(libcoap_version) = std::env::var("DEP_COAP_3_LIBCOAP_VERSION") {
let version = Version::from(libcoap_version.as_ref()).expect("invalid libcoap version");
// libcoap >= 4.3.5rc2 no longer uses the buf and buflen parameters in
Expand All @@ -26,4 +27,6 @@ fn main() {
_ => {},
}
}
#[cfg(any(feature = "dtls-pki", feature = "dtls-rpk", feature = "dtls-psk"))]
println!("cargo:rustc-cfg=dtls")
}
Binary file added libcoap/resources/test-keys/ca/ca.crt.der
View file
Open in desktop
Binary file not shown.
11 changes: 11 additions & 0 deletions libcoap/resources/test-keys/ca/ca.crt.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBiDCCAS+gAwIBAgIUK1yBz25vGTEzUDl7T7OM5HVmPAcwCgYIKoZIzj0EAwIw
GTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20wIBcNMjQwOTA5MTMzNzM2WhgPMzAy
NDAxMTExMzM3MzZaMBkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMFkwEwYHKoZI
zj0CAQYIKoZIzj0DAQcDQgAEgg06rgs6mSCWg04NKcgDIeMkNHBmBm3Df3J1BX0i
I0r3BOqMcnZTblz1QthFFR0RKCA9LmNu5qHIdjJyTFVb5aNTMFEwHQYDVR0OBBYE
FDioywV+uHqhLttA2BN5kKbaWZ0rMB8GA1UdIwQYMBaAFDioywV+uHqhLttA2BN5
kKbaWZ0rMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgRbfjoB45
SnVhsIXiTX2KfOXTgcT2MEUs+m1qSGKh5e0CIAz3e0xCNO48B9NMRM6UrIZcHTO2
fwOuThM0C9lgtCx8
-----END CERTIFICATE-----
5 changes: 5 additions & 0 deletions libcoap/resources/test-keys/ca/ca.key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIH5YgszlMkgNgi1yImxSKfjUwwqnHNX0E3R+MY6fq0rvoAoGCCqGSM49
AwEHoUQDQgAEgg06rgs6mSCWg04NKcgDIeMkNHBmBm3Df3J1BX0iI0r3BOqMcnZT
blz1QthFFR0RKCA9LmNu5qHIdjJyTFVb5Q==
-----END EC PRIVATE KEY-----
4 changes: 4 additions & 0 deletions libcoap/resources/test-keys/ca/ca.pub.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgg06rgs6mSCWg04NKcgDIeMkNHBm
Bm3Df3J1BX0iI0r3BOqMcnZTblz1QthFFR0RKCA9LmNu5qHIdjJyTFVb5Q==
-----END PUBLIC KEY-----
1 change: 1 addition & 0 deletions libcoap/resources/test-keys/ca/ca.srl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
72D02BD28A35760C59764C31E3ECD28ADFD15E79
Binary file added libcoap/resources/test-keys/client/client.crt.der
View file
Open in desktop
Binary file not shown.
10 changes: 10 additions & 0 deletions libcoap/resources/test-keys/client/client.crt.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
-----BEGIN CERTIFICATE-----
MIIBezCCASKgAwIBAgIUctAr0oo1dgxZdkwx4+zSit/RXncwCgYIKoZIzj0EAwIw
GTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20wIBcNMjQwOTExMTYwOTQxWhgPMzAy
NDAxMTMxNjA5NDFaMB0xGzAZBgNVBAMMEmNsaWVudC5leGFtcGxlLmNvbTBZMBMG
ByqGSM49AgEGCCqGSM49AwEHA0IABIEEcG+Lv6YP1AQvo1DnmdVlv4FNk0Q5A96W
ZMrwqNfAh2kITEGwK3w7z3HAQs4aOh3Gp5oDgnmRxGE3mpaLbI6jQjBAMB0GA1Ud
DgQWBBTgm7v3W4ReI1+mcJM3/delDrIJ9TAfBgNVHSMEGDAWgBQ4qMsFfrh6oS7b
QNgTeZCm2lmdKzAKBggqhkjOPQQDAgNHADBEAiB+m4kt8xsAsDk1UGAPhpDLx924
cGbbN8oLu3161LsCUwIgcd0q1bznVLBEM7ZgXFFHHUd3PW9Qko661GpR4cUqdWo=
-----END CERTIFICATE-----
7 changes: 7 additions & 0 deletions libcoap/resources/test-keys/client/client.csr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
-----BEGIN CERTIFICATE REQUEST-----
MIHWMH8CAQAwHTEbMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUuY29tMFkwEwYHKoZI
zj0CAQYIKoZIzj0DAQcDQgAEgQRwb4u/pg/UBC+jUOeZ1WW/gU2TRDkD3pZkyvCo
18CHaQhMQbArfDvPccBCzho6HcanmgOCeZHEYTealotsjqAAMAoGCCqGSM49BAMC
A0cAMEQCIAPWMHMzDUOi9HRrGKAMNBhU0/QL48Egtuwyhtx/HeY9AiAlAxI9axH+
ITumyg1JQr0nSWcmzJEhfrzvAqZwvzCsLA==
-----END CERTIFICATE REQUEST-----
Binary file added libcoap/resources/test-keys/client/client.key.der
View file
Open in desktop
Binary file not shown.
5 changes: 5 additions & 0 deletions libcoap/resources/test-keys/client/client.key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIM0eEzfutrQyk7EM69+2RCItCBFRbHXYA4iCu9zrxgRWoAoGCCqGSM49
AwEHoUQDQgAEgQRwb4u/pg/UBC+jUOeZ1WW/gU2TRDkD3pZkyvCo18CHaQhMQbAr
fDvPccBCzho6HcanmgOCeZHEYTealotsjg==
-----END EC PRIVATE KEY-----
4 changes: 4 additions & 0 deletions libcoap/resources/test-keys/client/client.pub.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgQRwb4u/pg/UBC+jUOeZ1WW/gU2T
RDkD3pZkyvCo18CHaQhMQbArfDvPccBCzho6HcanmgOCeZHEYTealotsjg==
-----END PUBLIC KEY-----
Binary file added libcoap/resources/test-keys/server/server.crt.der
View file
Open in desktop
Binary file not shown.
10 changes: 10 additions & 0 deletions libcoap/resources/test-keys/server/server.crt.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
-----BEGIN CERTIFICATE-----
MIIBezCCASKgAwIBAgIUctAr0oo1dgxZdkwx4+zSit/RXnkwCgYIKoZIzj0EAwIw
GTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20wIBcNMjQwOTExMTYxMjA1WhgPMzAy
NDAxMTMxNjEyMDVaMB0xGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBZMBMG
ByqGSM49AgEGCCqGSM49AwEHA0IABBPvpUhW5e+mIPaSt6vpf3DeduFwResl1SG5
UTBNJaKd9jDeV3esJNDj8DsPPN5zFHiSXAUP882SjF/A+ElfOiGjQjBAMB0GA1Ud
DgQWBBS4Dx+SL4vI1YTWCzNcBqHTYlQ3pjAfBgNVHSMEGDAWgBQ4qMsFfrh6oS7b
QNgTeZCm2lmdKzAKBggqhkjOPQQDAgNHADBEAiBiloNtyjnucUjNBk09vG51glPZ
nPUNKW4bGu4rdcKJ5QIgabg9CKn9WQ1VWOVrPwd6a+fiZU1seYQhYG7JfNmhCsc=
-----END CERTIFICATE-----
7 changes: 7 additions & 0 deletions libcoap/resources/test-keys/server/server.csr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
-----BEGIN CERTIFICATE REQUEST-----
MIHYMH8CAQAwHTEbMBkGA1UEAwwSc2VydmVyLmV4YW1wbGUuY29tMFkwEwYHKoZI
zj0CAQYIKoZIzj0DAQcDQgAEE++lSFbl76Yg9pK3q+l/cN524XBF6yXVIblRME0l
op32MN5Xd6wk0OPwOw883nMUeJJcBQ/zzZKMX8D4SV86IaAAMAoGCCqGSM49BAMC
A0kAMEYCIQD97Wzx42WTzRkL1g6GnrIkqIxUSmtM+At6tFfTbgIKrAIhAKjhrAu4
d3kY08rD4DlCyPHd6ajIe16jpASPddS3czEH
-----END CERTIFICATE REQUEST-----
Binary file added libcoap/resources/test-keys/server/server.key.der
View file
Open in desktop
Binary file not shown.
5 changes: 5 additions & 0 deletions libcoap/resources/test-keys/server/server.key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIAj51Zbv9gziVtsxMBReFTU7JNd+n+yIKAh1bnaxgW7ioAoGCCqGSM49
AwEHoUQDQgAEE++lSFbl76Yg9pK3q+l/cN524XBF6yXVIblRME0lop32MN5Xd6wk
0OPwOw883nMUeJJcBQ/zzZKMX8D4SV86IQ==
-----END EC PRIVATE KEY-----
4 changes: 4 additions & 0 deletions libcoap/resources/test-keys/server/server.pub.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEE++lSFbl76Yg9pK3q+l/cN524XBF
6yXVIblRME0lop32MN5Xd6wk0OPwOw883nMUeJJcBQ/zzZKMX8D4SV86IQ==
-----END PUBLIC KEY-----
Loading
Loading