fixup! fixup! fixup! fixup! feat(crypto): (WIP) add support for DTLS …

…using PKI

libcoap-sys/src/lib.rs

@@ -200,27 +200,27 @@ pub fn coap_startup_with_feature_checks() {
         #[cfg(feature = "dtls-cid")]
         // SAFETY: Function is always safe to call.
         if unsafe { coap_dtls_cid_is_supported() != 1 } {
-            panic!("Required feature \"dtls\" is not supported by libcoap")
+            panic!("Required feature \"dtls-cid\" is not supported by libcoap")
         }
         #[cfg(feature = "dtls-psk")]
         // SAFETY: Function is always safe to call.
         if unsafe { coap_dtls_psk_is_supported() != 1 } {
-            panic!("Required feature \"dtls\" is not supported by libcoap")
+            panic!("Required feature \"dtls-psk\" is not supported by libcoap")
         }
         #[cfg(feature = "dtls-pki")]
         // SAFETY: Function is always safe to call.
         if unsafe { coap_dtls_pki_is_supported() != 1 } {
-            panic!("Required feature \"dtls\" is not supported by libcoap")
+            panic!("Required feature \"dtls-pki\" is not supported by libcoap")
         }
         #[cfg(feature = "dtls-pkcs11")]
         // SAFETY: Function is always safe to call.
         if !unsafe { coap_dtls_pkcs11_is_supported() == 1 } {
-            panic!("Required feature \"dtls\" is not supported by libcoap")
+            panic!("Required feature \"dtls-pkcs11\" is not supported by libcoap")
         }
         #[cfg(feature = "dtls-rpk")]
         // SAFETY: Function is always safe to call.
         if unsafe { coap_dtls_rpk_is_supported() != 1 } {
-            panic!("Required feature \"dtls\" is not supported by libcoap")
+            panic!("Required feature \"dtls-rpk\" is not supported by libcoap")
         }
         #[cfg(feature = "epoll")]
         // SAFETY: Function is always safe to call.

libcoap/src/context.rs

@@ -25,7 +25,7 @@ use libcoap_sys::{
 };
 
 #[cfg(any(feature = "dtls-pki", feature = "dtls-rpk"))]
-use crate::crypto::pki_rpk::ServerPkiCryptoContext;
+use crate::crypto::pki_rpk::ServerPkiRpkCryptoContext;
 #[cfg(feature = "dtls-psk")]
 use crate::crypto::psk::ServerPskContext;
 use crate::event::{event_handler_callback, CoapEventHandler};
@@ -60,11 +60,10 @@ struct CoapContextInner<'a> {
     event_handler: Option<Box<dyn CoapEventHandler>>,
     /// PSK context for encrypted server-side sessions.
     #[cfg(feature = "dtls-psk")]
-    psk_context: Option<ServerPskContext>,
+    psk_context: Option<ServerPskContext<'a>>,
     /// PKI context for encrypted server-side sessions.
     #[cfg(any(feature = "dtls-pki", feature = "dtls-rpk"))]
-    pki_rpk_context: Option<ServerPkiCryptoContext>,
-    _context_lifetime_marker: PhantomData<&'a coap_context_t>,
+    pki_rpk_context: Option<ServerPkiRpkCryptoContext<'a>>,
 }
 
 /// A CoAP Context — container for general state and configuration information relating to CoAP
@@ -113,7 +112,6 @@ impl<'a> CoapContext<'a> {
             psk_context: None,
             #[cfg(feature = "dtls-pki")]
             pki_rpk_context: None,
-            _context_lifetime_marker: Default::default(),
         });
 
         // SAFETY: We checked that the raw context is not null, the provided function is valid and
@@ -212,8 +210,29 @@ impl<'a> CoapContext<'a> {
     }
 
     /// Sets the server-side cryptography information provider.
-    #[cfg(feature = "dtls-pki")]
-    pub fn set_pki_context(&mut self, pki_context: ServerPkiCryptoContext) {
+    #[cfg(feature = "dtls-psk")]
+    pub fn set_psk_context(&mut self, psk_context: ServerPskContext<'a>) {
+        // SAFETY: raw context is valid.
+        let mut inner = self.inner.borrow_mut();
+        // TODO there is probably a prettier way to do this instead of panicking.
+        //      It would probably be easier to have a CoapContextBuilder that sets this, or to
+        //      provide this in the constructor.
+        if inner.psk_context.is_some() {
+            panic!("PSK context has already been set.")
+        }
+        inner.psk_context = Some(psk_context);
+        unsafe {
+            inner
+                .psk_context
+                .as_ref()
+                .unwrap()
+                .apply_to_context(NonNull::new(inner.raw_context).unwrap())
+        }
+    }
+
+    /// Sets the server-side cryptography information provider.
+    #[cfg(any(feature = "dtls-pki", feature = "dtls-rpk"))]
+    pub fn set_pki_rpk_context(&mut self, pki_context: ServerPkiRpkCryptoContext<'a>) {
         // SAFETY: raw context is valid.
         let mut inner = self.inner.borrow_mut();
         // TODO there is probably a prettier way to do this instead of panicking.
@@ -222,7 +241,7 @@ impl<'a> CoapContext<'a> {
         if inner.pki_rpk_context.is_some() {
             panic!("PKI context has already been set.")
         }
-        inner.pki_rpk_context = Some(Box::new(pki_context));
+        inner.pki_rpk_context = Some(pki_context);
         unsafe {
             inner
                 .pki_rpk_context
@@ -299,27 +318,6 @@ impl CoapContext<'_> {
         };
     }
 
-    /// Sets the server-side cryptography information provider.
-    #[cfg(feature = "dtls-psk")]
-    pub fn set_psk_context(&mut self, psk_context: ServerPskContext) {
-        // SAFETY: raw context is valid.
-        let mut inner = self.inner.borrow_mut();
-        // TODO there is probably a prettier way to do this instead of panicking.
-        //      It would probably be easier to have a CoapContextBuilder that sets this, or to
-        //      provide this in the constructor.
-        if inner.psk_context.is_some() {
-            panic!("PSK context has already been set.")
-        }
-        inner.psk_context = Some(psk_context);
-        unsafe {
-            inner
-                .psk_context
-                .as_ref()
-                .unwrap()
-                .apply_to_context(NonNull::new(inner.raw_context).unwrap())
-        }
-    }
-
     /// Performs currently outstanding IO operations, waiting for a maximum duration of `timeout`.
     ///
     /// This is the function where most of the IO operations made using this library are actually

libcoap/src/crypto/mod.rs

@@ -17,31 +17,31 @@ pub mod psk;
 use std::fmt::Debug;
 
 #[derive(Clone, Debug)]
-pub enum ClientCryptoContext {
+pub enum ClientCryptoContext<'a> {
     #[cfg(feature = "dtls-psk")]
-    Psk(psk::ClientPskContext),
+    Psk(psk::ClientPskContext<'a>),
     #[cfg(feature = "dtls-pki")]
-    Pki(pki_rpk::PkiRpkContext<pki_rpk::Pki>),
+    Pki(pki_rpk::PkiRpkContext<'a, pki_rpk::Pki>),
     #[cfg(feature = "dtls-rpk")]
-    Rpk(pki_rpk::PkiRpkContext<pki_rpk::Rpk>),
+    Rpk(pki_rpk::PkiRpkContext<'a, pki_rpk::Rpk>),
 }
 
-impl From<psk::ClientPskContext> for ClientCryptoContext {
-    fn from(value: psk::ClientPskContext) -> Self {
+impl<'a> From<psk::ClientPskContext<'a>> for ClientCryptoContext<'a> {
+    fn from(value: psk::ClientPskContext<'a>) -> Self {
         ClientCryptoContext::Psk(value)
     }
 }
 
 #[cfg(feature = "dtls-pki")]
-impl From<pki_rpk::PkiRpkContext<pki_rpk::Pki>> for ClientCryptoContext {
-    fn from(value: pki_rpk::PkiRpkContext<pki_rpk::Pki>) -> Self {
+impl<'a> From<pki_rpk::PkiRpkContext<'a, pki_rpk::Pki>> for ClientCryptoContext<'a> {
+    fn from(value: pki_rpk::PkiRpkContext<'a, pki_rpk::Pki>) -> Self {
         ClientCryptoContext::Pki(value)
     }
 }
 
 #[cfg(feature = "dtls-rpk")]
-impl From<pki_rpk::PkiRpkContext<pki_rpk::Rpk>> for ClientCryptoContext {
-    fn from(value: pki_rpk::PkiRpkContext<pki_rpk::Rpk>) -> Self {
+impl<'a> From<pki_rpk::PkiRpkContext<'a, pki_rpk::Rpk>> for ClientCryptoContext<'a> {
+    fn from(value: pki_rpk::PkiRpkContext<'a, pki_rpk::Rpk>) -> Self {
         ClientCryptoContext::Rpk(value)
     }
 }

libcoap/src/crypto/pki_rpk/key.rs

@@ -7,12 +7,14 @@ use num_traits::FromPrimitive;
 use std::ffi::CString;
 use std::fmt::Debug;
 
+#[derive(Debug, Clone, Copy)]
 pub struct Pki {}
+#[derive(Debug, Clone, Copy)]
 pub struct Rpk {}
 
 pub trait KeyType: KeyTypeSealed {}
 
-trait KeyTypeSealed {}
+trait KeyTypeSealed: Debug {}
 
 impl KeyTypeSealed for Pki {}