merge: pull request #32 from namib-project/dtls_rework

Rework of DTLS code, add DTLS PKI/RPK
namib-project · Nov 20, 2024 · 5530bf3 · 5530bf3
2 parents d45ec05 + 90c4e2a
commit 5530bf3
Show file tree

Hide file tree

Showing 49 changed files with 3,563 additions and 786 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -36,10 +36,14 @@ jobs:
         with:
           packages: libgnutls28-dev libgnutls30
           version: 1.0
-      - if: matrix.crate == 'libcoap-rs' && matrix.dtls_backend != 'gnutls'
-        run: cargo test -p ${{ matrix.crate }} --no-default-features --features dtls,tcp,vendored --features dtls_${{ matrix.dtls_backend }} --features dtls_${{ matrix.dtls_backend }}_vendored --no-fail-fast
+      - if: matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'tinydtls'
+        run: cargo test -p ${{ matrix.crate }} --no-default-features --features tcp,vendored,dtls-psk,dtls-rpk --features dtls_${{ matrix.dtls_backend }} --features dtls_${{ matrix.dtls_backend }}_vendored --no-fail-fast
+      - if: matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'mbedtls'
+        run: cargo test -p ${{ matrix.crate }} --no-default-features --features tcp,vendored,dtls-psk,dtls-pki --features dtls_${{ matrix.dtls_backend }} --features dtls_${{ matrix.dtls_backend }}_vendored --no-fail-fast
+      - if: matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'openssl'
+        run: cargo test -p ${{ matrix.crate }} --no-default-features --features tcp,vendored,dtls-psk,dtls-pki --features dtls_${{ matrix.dtls_backend }} --features dtls_${{ matrix.dtls_backend }}_vendored --no-fail-fast
       - if: matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'gnutls'
-        run: cargo test -p ${{ matrix.crate }} --no-default-features --features dtls,tcp,vendored --features dtls_${{ matrix.dtls_backend }} --no-fail-fast
+        run: cargo test -p ${{ matrix.crate }} --no-default-features --features tcp,vendored,dtls-psk,dtls-pki,dtls-rpk --features dtls_${{ matrix.dtls_backend }} --no-fail-fast
       - if: matrix.crate == 'libcoap-sys' && matrix.dtls_backend != 'gnutls'
         run: cargo test -p ${{ matrix.crate }} --features dtls,dtls_backend_${{ matrix.dtls_backend }},dtls_backend_${{ matrix.dtls_backend }}_vendored --no-fail-fast
       - if: matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'gnutls'
@@ -61,7 +65,7 @@ jobs:
       - uses: giraffate/clippy-action@main
         with:
           reporter: 'github-check'
-          clippy_flags: -p ${{ matrix.crate }} --no-deps
+          clippy_flags: -p ${{ matrix.crate }} --no-deps --all-features
           level: warning
           fail_on_error: true
           tool_name: clippy (${{ matrix.crate }})
@@ -81,7 +85,11 @@ jobs:
       - uses: baptiste0928/cargo-install@v3
         with:
           crate: cargo-tarpaulin
-      - run: cargo tarpaulin --no-fail-fast --workspace --verbose --features dtls,tcp,vendored --exclude-files libcoap-sys/tests,libcoap/tests --timeout 120 --out Xml
+      - uses: awalsh128/cache-apt-pkgs-action@latest
+        with:
+          packages: libgnutls28-dev libgnutls30
+          version: 1.0
+      - run: cargo tarpaulin --no-fail-fast --workspace --verbose --features tcp,vendored,dtls_gnutls,dtls-psk,dtls-rpk,dtls-pki --exclude-files libcoap-sys/tests,libcoap/tests --timeout 120 --out Xml
       - id: cov-report
         name: Produce the coverage report
         uses: pulsastrix/coverage-action@always_generate_comment_body

diff --git a/.idea/runConfigurations/Test.xml b/.idea/runConfigurations/Test.xml
diff --git a/.idea/scopes/Actual_Project_Files.xml b/.idea/scopes/Actual_Project_Files.xml
diff --git a/libcoap-sys/src/lib.rs b/libcoap-sys/src/lib.rs
@@ -200,27 +200,27 @@ pub fn coap_startup_with_feature_checks() {
         #[cfg(feature = "dtls-cid")]
         // SAFETY: Function is always safe to call.
         if unsafe { coap_dtls_cid_is_supported() != 1 } {
-            panic!("Required feature \"dtls\" is not supported by libcoap")
+            panic!("Required feature \"dtls-cid\" is not supported by libcoap")
         }
         #[cfg(feature = "dtls-psk")]
         // SAFETY: Function is always safe to call.
         if unsafe { coap_dtls_psk_is_supported() != 1 } {
-            panic!("Required feature \"dtls\" is not supported by libcoap")
+            panic!("Required feature \"dtls-psk\" is not supported by libcoap")
         }
         #[cfg(feature = "dtls-pki")]
         // SAFETY: Function is always safe to call.
         if unsafe { coap_dtls_pki_is_supported() != 1 } {
-            panic!("Required feature \"dtls\" is not supported by libcoap")
+            panic!("Required feature \"dtls-pki\" is not supported by libcoap")
         }
         #[cfg(feature = "dtls-pkcs11")]
         // SAFETY: Function is always safe to call.
         if !unsafe { coap_dtls_pkcs11_is_supported() == 1 } {
-            panic!("Required feature \"dtls\" is not supported by libcoap")
+            panic!("Required feature \"dtls-pkcs11\" is not supported by libcoap")
         }
         #[cfg(feature = "dtls-rpk")]
         // SAFETY: Function is always safe to call.
         if unsafe { coap_dtls_rpk_is_supported() != 1 } {
-            panic!("Required feature \"dtls\" is not supported by libcoap")
+            panic!("Required feature \"dtls-rpk\" is not supported by libcoap")
         }
         #[cfg(feature = "epoll")]
         // SAFETY: Function is always safe to call.

diff --git a/libcoap/Cargo.toml b/libcoap/Cargo.toml
@@ -18,15 +18,17 @@ keywords = ["coap", "libcoap"]
 resolver = "2"
 
 [features]
-default = ["dtls", "tcp", "dtls_openssl", "vendored", "libcoap-sys/default"]
-dtls = ["libcoap-sys/dtls"]
+default = ["dtls-psk", "tcp", "dtls_openssl", "vendored", "libcoap-sys/default"]
 dtls_tinydtls = ["libcoap-sys/dtls_backend_tinydtls"]
 dtls_tinydtls_vendored = ["dtls_tinydtls", "libcoap-sys/dtls_backend_tinydtls_vendored"]
 dtls_openssl = ["libcoap-sys/dtls_backend_openssl"]
 dtls_openssl_vendored = ["dtls_openssl", "libcoap-sys/dtls_backend_openssl_vendored"]
 dtls_gnutls = ["libcoap-sys/dtls_backend_gnutls"]
 dtls_mbedtls = ["libcoap-sys/dtls_backend_mbedtls"]
 dtls_mbedtls_vendored = ["dtls_mbedtls", "libcoap-sys/dtls_backend_mbedtls_vendored"]
+dtls-psk = ["libcoap-sys/dtls", "libcoap-sys/dtls-psk"]
+dtls-pki = ["libcoap-sys/dtls", "libcoap-sys/dtls-pki"]
+dtls-rpk = ["libcoap-sys/dtls", "libcoap-sys/dtls-rpk"]
 tcp = ["libcoap-sys/tcp"]
 tls = ["libcoap-sys/tls"]
 rand = ["dep:rand", "dep:rand_core"]

diff --git a/libcoap/build.rs b/libcoap/build.rs
@@ -6,6 +6,7 @@ fn main() {
     println!("cargo::rustc-check-cfg=cfg(dtls_ec_jpake_support)");
     println!("cargo::rustc-check-cfg=cfg(dtls_cid_support)");
     println!("cargo::rustc-check-cfg=cfg(coap_uri_buf_unused)");
+    println!("cargo::rustc-check-cfg=cfg(dtls)");
     if let Ok(libcoap_version) = std::env::var("DEP_COAP_3_LIBCOAP_VERSION") {
         let version = Version::from(libcoap_version.as_ref()).expect("invalid libcoap version");
         // libcoap >= 4.3.5rc2 no longer uses the buf and buflen parameters in
@@ -26,4 +27,6 @@ fn main() {
             _ => {},
         }
     }
+    #[cfg(any(feature = "dtls-pki", feature = "dtls-rpk", feature = "dtls-psk"))]
+    println!("cargo:rustc-cfg=dtls")
 }
diff --git a/libcoap/resources/test-keys/ca/ca.crt.der b/libcoap/resources/test-keys/ca/ca.crt.der
diff --git a/libcoap/resources/test-keys/ca/ca.crt.pem b/libcoap/resources/test-keys/ca/ca.crt.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBiDCCAS+gAwIBAgIUK1yBz25vGTEzUDl7T7OM5HVmPAcwCgYIKoZIzj0EAwIw
+GTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20wIBcNMjQwOTA5MTMzNzM2WhgPMzAy
+NDAxMTExMzM3MzZaMBkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEgg06rgs6mSCWg04NKcgDIeMkNHBmBm3Df3J1BX0i
+I0r3BOqMcnZTblz1QthFFR0RKCA9LmNu5qHIdjJyTFVb5aNTMFEwHQYDVR0OBBYE
+FDioywV+uHqhLttA2BN5kKbaWZ0rMB8GA1UdIwQYMBaAFDioywV+uHqhLttA2BN5
+kKbaWZ0rMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgRbfjoB45
+SnVhsIXiTX2KfOXTgcT2MEUs+m1qSGKh5e0CIAz3e0xCNO48B9NMRM6UrIZcHTO2
+fwOuThM0C9lgtCx8
+-----END CERTIFICATE-----
diff --git a/libcoap/resources/test-keys/ca/ca.key.pem b/libcoap/resources/test-keys/ca/ca.key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIH5YgszlMkgNgi1yImxSKfjUwwqnHNX0E3R+MY6fq0rvoAoGCCqGSM49
+AwEHoUQDQgAEgg06rgs6mSCWg04NKcgDIeMkNHBmBm3Df3J1BX0iI0r3BOqMcnZT
+blz1QthFFR0RKCA9LmNu5qHIdjJyTFVb5Q==
+-----END EC PRIVATE KEY-----
diff --git a/libcoap/resources/test-keys/ca/ca.pub.pem b/libcoap/resources/test-keys/ca/ca.pub.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgg06rgs6mSCWg04NKcgDIeMkNHBm
+Bm3Df3J1BX0iI0r3BOqMcnZTblz1QthFFR0RKCA9LmNu5qHIdjJyTFVb5Q==
+-----END PUBLIC KEY-----
diff --git a/libcoap/resources/test-keys/ca/ca.srl b/libcoap/resources/test-keys/ca/ca.srl
@@ -0,0 +1 @@
+72D02BD28A35760C59764C31E3ECD28ADFD15E79
diff --git a/libcoap/resources/test-keys/client/client.crt.der b/libcoap/resources/test-keys/client/client.crt.der
diff --git a/libcoap/resources/test-keys/client/client.crt.pem b/libcoap/resources/test-keys/client/client.crt.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBezCCASKgAwIBAgIUctAr0oo1dgxZdkwx4+zSit/RXncwCgYIKoZIzj0EAwIw
+GTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20wIBcNMjQwOTExMTYwOTQxWhgPMzAy
+NDAxMTMxNjA5NDFaMB0xGzAZBgNVBAMMEmNsaWVudC5leGFtcGxlLmNvbTBZMBMG
+ByqGSM49AgEGCCqGSM49AwEHA0IABIEEcG+Lv6YP1AQvo1DnmdVlv4FNk0Q5A96W
+ZMrwqNfAh2kITEGwK3w7z3HAQs4aOh3Gp5oDgnmRxGE3mpaLbI6jQjBAMB0GA1Ud
+DgQWBBTgm7v3W4ReI1+mcJM3/delDrIJ9TAfBgNVHSMEGDAWgBQ4qMsFfrh6oS7b
+QNgTeZCm2lmdKzAKBggqhkjOPQQDAgNHADBEAiB+m4kt8xsAsDk1UGAPhpDLx924
+cGbbN8oLu3161LsCUwIgcd0q1bznVLBEM7ZgXFFHHUd3PW9Qko661GpR4cUqdWo=
+-----END CERTIFICATE-----
diff --git a/libcoap/resources/test-keys/client/client.csr b/libcoap/resources/test-keys/client/client.csr
@@ -0,0 +1,7 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIHWMH8CAQAwHTEbMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUuY29tMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEgQRwb4u/pg/UBC+jUOeZ1WW/gU2TRDkD3pZkyvCo
+18CHaQhMQbArfDvPccBCzho6HcanmgOCeZHEYTealotsjqAAMAoGCCqGSM49BAMC
+A0cAMEQCIAPWMHMzDUOi9HRrGKAMNBhU0/QL48Egtuwyhtx/HeY9AiAlAxI9axH+
+ITumyg1JQr0nSWcmzJEhfrzvAqZwvzCsLA==
+-----END CERTIFICATE REQUEST-----
diff --git a/libcoap/resources/test-keys/client/client.key.der b/libcoap/resources/test-keys/client/client.key.der
diff --git a/libcoap/resources/test-keys/client/client.key.pem b/libcoap/resources/test-keys/client/client.key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIM0eEzfutrQyk7EM69+2RCItCBFRbHXYA4iCu9zrxgRWoAoGCCqGSM49
+AwEHoUQDQgAEgQRwb4u/pg/UBC+jUOeZ1WW/gU2TRDkD3pZkyvCo18CHaQhMQbAr
+fDvPccBCzho6HcanmgOCeZHEYTealotsjg==
+-----END EC PRIVATE KEY-----
diff --git a/libcoap/resources/test-keys/client/client.pub.pem b/libcoap/resources/test-keys/client/client.pub.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgQRwb4u/pg/UBC+jUOeZ1WW/gU2T
+RDkD3pZkyvCo18CHaQhMQbArfDvPccBCzho6HcanmgOCeZHEYTealotsjg==
+-----END PUBLIC KEY-----
diff --git a/libcoap/resources/test-keys/server/server.crt.der b/libcoap/resources/test-keys/server/server.crt.der
diff --git a/libcoap/resources/test-keys/server/server.crt.pem b/libcoap/resources/test-keys/server/server.crt.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBezCCASKgAwIBAgIUctAr0oo1dgxZdkwx4+zSit/RXnkwCgYIKoZIzj0EAwIw
+GTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20wIBcNMjQwOTExMTYxMjA1WhgPMzAy
+NDAxMTMxNjEyMDVaMB0xGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBZMBMG
+ByqGSM49AgEGCCqGSM49AwEHA0IABBPvpUhW5e+mIPaSt6vpf3DeduFwResl1SG5
+UTBNJaKd9jDeV3esJNDj8DsPPN5zFHiSXAUP882SjF/A+ElfOiGjQjBAMB0GA1Ud
+DgQWBBS4Dx+SL4vI1YTWCzNcBqHTYlQ3pjAfBgNVHSMEGDAWgBQ4qMsFfrh6oS7b
+QNgTeZCm2lmdKzAKBggqhkjOPQQDAgNHADBEAiBiloNtyjnucUjNBk09vG51glPZ
+nPUNKW4bGu4rdcKJ5QIgabg9CKn9WQ1VWOVrPwd6a+fiZU1seYQhYG7JfNmhCsc=
+-----END CERTIFICATE-----
diff --git a/libcoap/resources/test-keys/server/server.csr b/libcoap/resources/test-keys/server/server.csr
@@ -0,0 +1,7 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIHYMH8CAQAwHTEbMBkGA1UEAwwSc2VydmVyLmV4YW1wbGUuY29tMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEE++lSFbl76Yg9pK3q+l/cN524XBF6yXVIblRME0l
+op32MN5Xd6wk0OPwOw883nMUeJJcBQ/zzZKMX8D4SV86IaAAMAoGCCqGSM49BAMC
+A0kAMEYCIQD97Wzx42WTzRkL1g6GnrIkqIxUSmtM+At6tFfTbgIKrAIhAKjhrAu4
+d3kY08rD4DlCyPHd6ajIe16jpASPddS3czEH
+-----END CERTIFICATE REQUEST-----
diff --git a/libcoap/resources/test-keys/server/server.key.der b/libcoap/resources/test-keys/server/server.key.der
diff --git a/libcoap/resources/test-keys/server/server.key.pem b/libcoap/resources/test-keys/server/server.key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIAj51Zbv9gziVtsxMBReFTU7JNd+n+yIKAh1bnaxgW7ioAoGCCqGSM49
+AwEHoUQDQgAEE++lSFbl76Yg9pK3q+l/cN524XBF6yXVIblRME0lop32MN5Xd6wk
+0OPwOw883nMUeJJcBQ/zzZKMX8D4SV86IQ==
+-----END EC PRIVATE KEY-----
diff --git a/libcoap/resources/test-keys/server/server.pub.pem b/libcoap/resources/test-keys/server/server.pub.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEE++lSFbl76Yg9pK3q+l/cN524XBF
+6yXVIblRME0lop32MN5Xd6wk0OPwOw883nMUeJJcBQ/zzZKMX8D4SV86IQ==
+-----END PUBLIC KEY-----