WebSocket: Add support for noTLS and TinyDTLS

Use SHA1 code from RFC3174 sections 7.1 and 7.2.
obgm · Nov 15, 2023 · 2e7cb35 · 2e7cb35
1 parent 805d148
commit 2e7cb35
Show file tree

Hide file tree

Showing 17 changed files with 663 additions and 14 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -678,6 +678,7 @@ target_sources(
  ${CMAKE_CURRENT_LIST_DIR}/src/coap_prng.c
  ${CMAKE_CURRENT_LIST_DIR}/src/coap_resource.c
  ${CMAKE_CURRENT_LIST_DIR}/src/coap_session.c
+ ${CMAKE_CURRENT_LIST_DIR}/src/coap_sha1.c
  ${CMAKE_CURRENT_LIST_DIR}/src/coap_str.c
  ${CMAKE_CURRENT_LIST_DIR}/src/coap_subscribe.c
  ${CMAKE_CURRENT_LIST_DIR}/src/coap_tcp.c

diff --git a/LICENSE b/LICENSE
@@ -115,6 +115,40 @@ When compiled with Mbed TLS support, this software includes components
 that are licensed under the terms of the Apache 2.0 license
 (http://www.apache.org/licenses/LICENSE-2.0).
 
+========================================================================
+SHA1
+
+SHA1 support is taken from RFC3174 Sections 7.1 and 7.2 for use with
+WebSockets.
+
+Full Copyright Statement
+
+Copyright (C) The Internet Society (2001). All Rights Reserved.
+
+This document and translations of it may be copied and furnished to
+others, and derivative works that comment on or otherwise explain it
+or assist in its implementation may be prepared, copied, published
+and distributed, in whole or in part, without restriction of any
+kind, provided that the above copyright notice and this paragraph are
+included on all such copies and derivative works. However, this
+document itself may not be modified in any way, such as by removing
+the copyright notice or references to the Internet Society or other
+Internet organizations, except as needed for the purpose of
+developing Internet standards in which case the procedures for
+copyrights defined in the Internet Standards process must be
+followed, or as required to translate it into languages other than
+English.
+
+The limited permissions granted above are perpetual and will not be
+revoked by the Internet Society or its successors or assigns.
+
+This document and the information contained herein is provided on an
+"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
 ========================================================================
 RIOT
 

diff --git a/Makefile.am b/Makefile.am
@@ -112,6 +112,7 @@ EXTRA_DIST = \
  include/coap$(LIBCOAP_API_VERSION)/coap_pdu_internal.h \
  include/coap$(LIBCOAP_API_VERSION)/coap_resource_internal.h \
  include/coap$(LIBCOAP_API_VERSION)/coap_session_internal.h \
+ include/coap$(LIBCOAP_API_VERSION)/coap_sha1_internal.h \
  include/coap$(LIBCOAP_API_VERSION)/coap_subscribe_internal.h \
  include/coap$(LIBCOAP_API_VERSION)/coap_tcp_internal.h \
  include/coap$(LIBCOAP_API_VERSION)/coap_uri_internal.h \
@@ -209,6 +210,7 @@ libcoap_@LIBCOAP_NAME_SUFFIX@_la_SOURCES = \
  src/coap_prng.c \
  src/coap_resource.c \
  src/coap_session.c \
+ src/coap_sha1.c \
  src/coap_str.c \
  src/coap_subscribe.c \
  src/coap_tcp.c \

diff --git a/examples/lwip/Makefile b/examples/lwip/Makefile
@@ -168,10 +168,11 @@ COAP_SRC = coap_address.c \
  coap_pdu.c \
  coap_resource.c \
  coap_session.c \
- coap_subscribe.c \
- coap_tinydtls.c \
+ coap_sha1.c \
  coap_str.c \
+ coap_subscribe.c \
  coap_tcp.c \
+ coap_tinydtls.c \
  coap_uri.c \
  coap_ws.c
 

diff --git a/examples/lwip/client-coap.c b/examples/lwip/client-coap.c
@@ -199,6 +199,10 @@ client_coap_init(coap_lwip_input_wait_handler_t input_wait, void *input_arg,
 
  LWIP_ASSERT("Failed to create session", session != NULL);
 
+ if (proto == COAP_PROTO_WS || proto == COAP_PROTO_WSS) {
+ coap_ws_set_host_request(session, &uri.host);
+ }
+
  coap_register_response_handler(main_coap_context, message_handler);
  coap_register_nack_handler(main_coap_context, nack_handler);
 

diff --git a/examples/lwip/config/lwippools.h b/examples/lwip/config/lwippools.h
@@ -100,11 +100,15 @@ typedef struct l_coap_tiny_context_t {
 #endif
 
 #ifndef MEMP_LEN_COAPSTRING
+#ifdef COAP_WS_SUPPORT
+#define MEMP_LEN_COAPSTRING 176
+#else /* ! COAP_WS_SUPPORT */
 #ifdef COAP_WITH_LIBTINYDTLS
 #define MEMP_LEN_COAPSTRING 120
 #else /* COAP_WITH_TINYDTLS */
 #define MEMP_LEN_COAPSTRING 40
 #endif /* COAP_WITH_TINYDTLS */
+#endif /* ! COAP_WS_SUPPORT */
 #endif
 
 #ifndef MEMP_NUM_COAPCACHE_KEYS

diff --git a/examples/riot/pkg_libcoap/Makefile.libcoap b/examples/riot/pkg_libcoap/Makefile.libcoap
@@ -26,6 +26,7 @@ SRC := coap_address.c \
  coap_prng.c \
  coap_resource.c \
  coap_session.c \
+ coap_sha1.c \
  coap_str.c \
  coap_subscribe.c \
  coap_tcp.c \

diff --git a/include/coap3/coap_internal.h b/include/coap3/coap_internal.h
@@ -118,6 +118,7 @@ typedef struct oscore_ctx_t oscore_ctx_t;
 #include "coap_pdu_internal.h"
 #include "coap_resource_internal.h"
 #include "coap_session_internal.h"
+#include "coap_sha1_internal.h"
 #include "coap_subscribe_internal.h"
 #include "coap_tcp_internal.h"
 #include "coap_uri_internal.h"

diff --git a/include/coap3/coap_sha1_internal.h b/include/coap3/coap_sha1_internal.h
@@ -0,0 +1,111 @@
+/*
+ * coap_sha1_internal.h
+ *
+ * Full Copyright Statement RFC3174
+ *
+ * =======================================================================
+ *
+ * Copyright (C) The Internet Society (2001). All Rights Reserved.
+ *
+ * This document and translations of it may be copied and furnished to
+ * others, and derivative works that comment on or otherwise explain it
+ * or assist in its implementation may be prepared, copied, published
+ * and distributed, in whole or in part, without restriction of any
+ * kind, provided that the above copyright notice and this paragraph are
+ * included on all such copies and derivative works. However, this
+ * document itself may not be modified in any way, such as by removing
+ * the copyright notice or references to the Internet Society or other
+ * Internet organizations, except as needed for the purpose of
+ * developing Internet standards in which case the procedures for
+ * copyrights defined in the Internet Standards process must be
+ * followed, or as required to translate it into languages other than
+ * English.
+ *
+ * The limited permissions granted above are perpetual and will not be
+ * revoked by the Internet Society or its successors or assigns.
+ *
+ * This document and the information contained herein is provided on an
+ * "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+ * TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ * BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+ * HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * =======================================================================
+ *
+ * Description:
+ * This is the header file for code which implements the Secure
+ * Hashing Algorithm 1 as defined in FIPS PUB 180-1 published
+ * April 17, 1995.
+ *
+ * Many of the variable names in this code, especially the
+ * single character names, were used because those were the names
+ * used in the publication.
+ *
+ * Please read the file sha1.c for more information.
+ *
+ * Taken from https://datatracker.ietf.org/doc/html/rfc3174#section-7.1
+ * Reformatted as appropriate.
+ *
+ */
+
+#ifndef COAP_SHA1_INTERNAL_H_
+#define COAP_SHA1_INTERNAL_H_
+
+/**
+ * @file coap_sha1_internal.h
+ * @brief Provides SHA1 support for WebSockets
+ */
+
+#include <stdint.h>
+/*
+ * If you do not have the ISO standard stdint.h header file, then you
+ * must typdef the following:
+ * name meaning
+ * uint32_t unsigned 32 bit integer
+ * uint8_t unsigned 8 bit integer (i.e., unsigned char)
+ * int_least16_t integer of >= 16 bits
+ *
+ */
+
+#ifndef _SHA_enum_
+#define _SHA_enum_
+enum {
+ shaSuccess = 0,
+ shaNull, /* Null pointer parameter */
+ shaInputTooLong, /* input data too long */
+ shaStateError /* called Input after Result */
+};
+#endif
+#define SHA1HashSize 20
+
+/*
+ * This structure will hold context information for the SHA-1
+ * hashing operation
+ */
+typedef struct SHA1Context {
+ uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */
+
+ uint32_t Length_Low; /* Message length in bits */
+ uint32_t Length_High; /* Message length in bits */
+
+ /* Index into message block array */
+ int_least16_t Message_Block_Index;
+ uint8_t Message_Block[64]; /* 512-bit message blocks */
+
+ int Computed; /* Is the digest computed? */
+ int Corrupted; /* Is the message digest corrupted? */
+} SHA1Context;
+
+/*
+ * Function Prototypes
+ */
+
+int SHA1Reset(SHA1Context *);
+int SHA1Input(SHA1Context *,
+ const uint8_t *,
+ unsigned int);
+int SHA1Result(SHA1Context *,
+ uint8_t Message_Digest[SHA1HashSize]);
+
+#endif /* COAP_SHA1_INTERNAL_H_ */
diff --git a/src/coap_io_contiki.c b/src/coap_io_contiki.c
@@ -252,3 +252,66 @@ coap_io_process(coap_context_t *ctx, uint32_t timeout_ms) {
  coap_ticks(&now);
  return (int)(((now - before) * 1000) / COAP_TICKS_PER_SECOND);
 }
+
+#if ! COAP_DISABLE_TCP
+
+#if COAP_CLIENT_SUPPORT
+int
+coap_socket_connect_tcp1(coap_socket_t *sock,
+ const coap_address_t *local_if,
+ const coap_address_t *server,
+ int default_port,
+ coap_address_t *local_addr,
+ coap_address_t *remote_addr) {
+ (void)sock;
+ (void)local_if;
+ (void)server;
+ (void)default_port;
+ (void)local_addr;
+ (void)remote_addr;
+
+ return -1;
+}
+
+int
+coap_socket_connect_tcp2(coap_socket_t *sock,
+ coap_address_t *local_addr,
+ coap_address_t *remote_addr) {
+ (void)sock;
+ (void)local_addr;
+ (void)remote_addr;
+
+ return -1;
+}
+#endif /* COAP_CLIENT_SUPPORT */
+
+#if COAP_SERVER_SUPPORT
+
+int
+coap_socket_bind_tcp(coap_socket_t *sock,
+ const coap_address_t *listen_addr,
+ coap_address_t *bound_addr) {
+ (void)sock;
+ (void)listen_addr;
+ (void)bound_addr;
+
+ return -1;
+}
+
+int
+coap_socket_accept_tcp(coap_socket_t *server,
+ coap_socket_t *new_client,
+ coap_address_t *local_addr,
+ coap_address_t *remote_addr,
+ void *extra) {
+ (void)server;
+ (void)new_client;
+ (void)local_addr;
+ (void)remote_addr;
+ (void)extra;
+
+ return -1;
+}
+#endif /* COAP_SERVER_SUPPORT */
+
+#endif /* ! COAP_DISABLE_TCP */
diff --git a/src/coap_notls.c b/src/coap_notls.c
@@ -319,10 +319,23 @@ int
 coap_crypto_hash(cose_alg_t alg,
  const coap_bin_const_t *data,
  coap_bin_const_t **hash) {
+ SHA1Context sha1_context;
+ coap_binary_t *dummy = NULL;
+
  (void)alg;
- (void)data;
- (void)hash;
- return 0;
+
+ SHA1Reset(&sha1_context);
+ if (SHA1Input(&sha1_context, data->s, data->length) != shaSuccess)
+ return 0;
+ dummy = coap_new_binary(SHA1HashSize);
+ if (!dummy)
+ return 0;
+ if (SHA1Result(&sha1_context, dummy->s) != shaSuccess) {
+ coap_delete_binary(dummy);
+ return 0;
+ }
+ *hash = (coap_bin_const_t *)(dummy);
+ return 1;
 }
 #endif /* COAP_WS_SUPPORT */