Ashley Mills
mbed port of tinydtls
Diff: dtls.c
- Revision:
- 1:bc8a649bad13
- Parent:
- 0:04990d454f45
--- a/dtls.c Thu Oct 10 21:38:07 2013 +0000
+++ b/dtls.c Fri Oct 11 08:46:21 2013 +0000
@@ -23,7 +23,7 @@
* SOFTWARE.
*/
-#define __DEBUG__ 4
+#define __DEBUG__ 0
#ifndef __MODULE__
#define __MODULE__ "dtls.c"
@@ -188,9 +188,11 @@
DBG("dtls_get_peer");
dtls_peer_t *p = NULL;
DBG("trying to get hash for the following byte sequence: ");
+ #if __DEBUG__ > 0
for(uint8_t i=0; i<sizeof(session_t); i++) {
DBGX("%x ",((uint8_t*)session)[i]);
}
+ #endif
DBGX("\r\n");
DBG("session size: %u, AF: %u, address: %s:%d, ifnumber: %d",
session->size,
@@ -215,9 +217,11 @@
dtls_add_peer(dtls_context_t *ctx, dtls_peer_t *peer) {
DBG("dtls_add_peer");
DBG("Trying to add peer @ %u with session byte sequence:",peer);
+ #if __DEBUG__ > 0
for(uint8_t i=0; i<sizeof(session_t); i++) {
DBGX("%x ",((uint8_t*)(&peer->session))[i]);
}
+ #endif
DBGX("\r\n");
DBG("session size: %u, address: %s:%d, ifnumber: %d",
peer->session.size,
@@ -229,21 +233,9 @@
//HASH_ADD(hh,head,sess,sizeof(session_t),add)
#ifndef WITH_CONTIKI
HASH_ADD_PEER(ctx->peers, session, peer);
-#else /* WITH_CONTIKI */
+#else // WITH_CONTIKI
list_add(ctx->peers, peer);
-#endif /* WITH_CONTIKI */
-
- // check if peer was added
- DBG("Doing sanity check for hash");
- dtls_peer_t *p;
-
- HASH_FIND(hh, ctx->peers, &peer->session, sizeof(session_t), p);
-
- if(p) {
- DBG("found hash, peer is: %d",p);
- } else {
- DBG("did not find hash\r\n");
- }
+#endif // WITH_CONTIKI
}
int
@@ -475,7 +467,7 @@
session_t *session,
uint8 *record,
uint8 *data, size_t data_length) {
-
+ DBG("Entering dtls_verify_peer");
int len = DTLS_COOKIE_LENGTH;
uint8 *cookie, *p;
#undef mycookie
@@ -491,7 +483,7 @@
/* Store cookie where we can reuse it for the HelloVerify request. */
if (dtls_create_cookie(ctx, session, data, data_length,mycookie, &len) < 0) {
- DBG("Cannot create cookie\r\n");
+ DBG("Cannot create cookie");
return -1;
}
/* #ifndef NDEBUG */
@@ -512,14 +504,14 @@
/* check if cookies match */
if (len == DTLS_COOKIE_LENGTH && memcmp(cookie, mycookie, len) == 0) {
- DBG("found matching cookie\n");
+ DBG("Found matching cookie");
return 1;
}
if (len > 0) {
DBG("invalid cookie");
#ifndef NDEBUG
dump(cookie, len);
- printf("\r\n");
+ DBGX("\r\n");
#endif
}
/* ClientHello did not contain any valid cookie, hence we send a
@@ -560,14 +552,14 @@
if (dtls_send(ctx, peer, DTLS_CT_HANDSHAKE,
ctx->sendbuf + DTLS_RH_LENGTH,
p - (ctx->sendbuf + DTLS_RH_LENGTH)) < 0) {
- WARN("cannot send HelloVerify request\r\n");
+ WARN("Cannot send HelloVerify request");
return -1;
}
}
return 0; /* HelloVerify is sent, now we cannot do anything but wait */
}
- DBG("not a ClientHello, signal error \r\n");
+ DBG("Not a ClientHello, signal error");
return -1; /* not a ClientHello, signal error */
#undef mycookie
}
@@ -609,7 +601,7 @@
break;
}
default:
- DBG("calculate_key_block: unknown key type\n");
+ DBG("Calculate_key_block: unknown key type");
return 0;
}
@@ -807,7 +799,7 @@
return ok;
error:
- WARN("ClientHello too short (%d bytes)\n", data_length);
+ WARN("ClientHello too short (%d bytes)", data_length);
return 0;
}
@@ -838,7 +830,7 @@
dtls_kb_key_size(OTHER_CONFIG(peer)));
if (!OTHER_CONFIG(peer)->read_cipher) {
- WARN("cannot create read cipher\n");
+ WARN("Cannot create read cipher");
return 0;
}
@@ -855,7 +847,7 @@
dtls_kb_key_size(OTHER_CONFIG(peer)));
if (!OTHER_CONFIG(peer)->write_cipher) {
- WARN("cannot create write cipher\n");
+ WARN("Cannot create write cipher");
return 0;
}
@@ -919,9 +911,9 @@
unsigned char verify_data[DTLS_FIN_LENGTH];
} b;
- DBG("check Finish message\n");
- if (record[0] != DTLS_CT_HANDSHAKE || !IS_FINISHED(data, data_length)) {
- DBG("failed\n");
+ DBG("Check Finish message");
+ if(record[0] != DTLS_CT_HANDSHAKE || !IS_FINISHED(data, data_length)) {
+ DBG("Failed");
return 0;
}
@@ -989,7 +981,7 @@
/* check the minimum that we need for packets that are not encrypted */
if (*rlen < DTLS_RH_LENGTH + data_length) {
- DBG("dtls_prepare_record: send buffer too small\n");
+ DBG("dtls_prepare_record: send buffer too small");
return -1;
}
@@ -1011,11 +1003,11 @@
unsigned char N[max(DTLS_CCM_BLOCKSIZE, A_DATA_LEN)];
if (*rlen < sizeof(dtls_record_header_t) + data_length + 8) {
- WARN("dtls_prepare_record(): send buffer too small\n");
+ WARN("dtls_prepare_record(): send buffer too small");
return -1;
}
- DBG("dtls_prepare_record(): encrypt using TLS_PSK_WITH_AES_128_CCM_8\n");
+ DBG("dtls_prepare_record(): encrypt using TLS_PSK_WITH_AES_128_CCM_8");
/* set nonce
from http://tools.ietf.org/html/draft-mcgrew-tls-aes-ccm-03:
@@ -1042,7 +1034,7 @@
cipher_context = CURRENT_CONFIG(peer)->write_cipher;
if (!cipher_context) {
- WARN("no write_cipher available!\n");
+ WARN("no write_cipher available!");
return -1;
}
/* #ifndef NDEBUG */
@@ -1165,7 +1157,7 @@
memcpy(n->data, buf, buflen);
if (!netq_insert_node((netq_t **)ctx->sendqueue, n)) {
- WARN("cannot add packet to retransmit buffer\n");
+ WARN("Cannot add packet to retransmit buffer");
netq_node_free(n);
#ifdef WITH_CONTIKI
} else {
@@ -1174,11 +1166,11 @@
etimer_set(&ctx->retransmit_timer, n->timeout);
PROCESS_CONTEXT_END(&dtls_retransmit_process);
#else /* WITH_CONTIKI */
- DBG("copied to sendqueue\n");
+ DBG("Copied to sendqueue");
#endif /* WITH_CONTIKI */
}
} else
- WARN("retransmit buffer full\n");
+ WARN("Retransmit buffer full");
}
/* FIXME: copy to peer's sendqueue (after fragmentation if
@@ -1232,7 +1224,7 @@
DTLS_RH_LENGTH + DTLS_HS_LENGTH + DTLS_SH_LENGTH + 20);
if (CALL(ctx, get_key, &peer->session, NULL, 0, &key) < 0) {
- DBG("dtls_send_server_hello(): no key for session available\n");
+ DBG("dtls_send_server_hello(): no key for session available");
return -1;
}
@@ -1281,7 +1273,7 @@
buf, p - buf,
q, &qlen);
if (res < 0) {
- DBG("dtls_server_hello: cannot prepare ServerHello record\n");
+ DBG("dtls_server_hello: cannot prepare ServerHello record");
return res;
}
@@ -1305,7 +1297,7 @@
buf, p - buf,
q, &qlen);
if (res < 0) {
- DBG("dtls_server_hello: cannot prepare ServerHelloDone record\n");
+ DBG("dtls_server_hello: cannot prepare ServerHelloDone record");
return res;
}
@@ -1332,7 +1324,7 @@
size_t id_len = 0;
if (CALL(ctx, get_key, &peer->session, NULL, 0, &key) < 0) {
- dsrv_log(LOG_CRIT, "no key to send in kx\n");
+ DBG("No key to send in kx. Fail.");
return -2;
}
@@ -1345,7 +1337,7 @@
break;
}
default:
- dsrv_log(LOG_CRIT, "key type not supported\n");
+ DBG("Key type not supported. Fail.");
return -3;
}
@@ -1419,7 +1411,7 @@
*/
if (IS_SERVERHELLO(data, data_length)) {
- DBG("handle ServerHello\n");
+ DBG("handle ServerHello");
update_hs_hash(peer, data, data_length);
@@ -1435,7 +1427,7 @@
data_length -= DTLS_HS_LENGTH;
if (dtls_uint16_to_int(data) != DTLS_VERSION) {
- dsrv_log(LOG_ALERT, "unknown DTLS version\n");
+ INFO("Unknown DTLS version");
goto error;
}
@@ -1462,8 +1454,7 @@
* list of known cipher suites. Subsets are not supported. */
OTHER_CONFIG(peer)->cipher = dtls_uint16_to_int(data);
if (!known_cipher(OTHER_CONFIG(peer)->cipher)) {
- dsrv_log(LOG_ALERT, "unsupported cipher 0x%02x 0x%02x\n",
- data[0], data[1]);
+ INFO("Unsupported cipher 0x%02x 0x%02x\n",data[0], data[1]);
goto error;
}
data += sizeof(uint16);
@@ -1471,7 +1462,7 @@
/* Check if NULL compression was selected. We do not know any other. */
if (dtls_uint8_to_int(data) != TLS_COMP_NULL) {
- dsrv_log(LOG_ALERT, "unsupported compression method 0x%02x\n", data[0]);
+ INFO("Unsupported compression method 0x%02x\n", data[0]);
goto error;
}
@@ -1479,11 +1470,11 @@
}
if (!IS_HELLOVERIFY(data, data_length)) {
- DBG("no HelloVerify\n");
+ DBG("No HelloVerify");
return 0;
}
- DBG("OK, we got a HelloVerify");
+ DBG("Got HelloVerify");
hv = (dtls_hello_verify_t *)(data + DTLS_HS_LENGTH);
/* FIXME: dtls_send_client_hello(ctx,peer,cookie) */
@@ -1528,7 +1519,7 @@
res = dtls_send(ctx, peer, DTLS_CT_HANDSHAKE, ctx->sendbuf,
p - ctx->sendbuf);
if (res < 0)
- WARN("cannot send ClientHello\n");
+ WARN("cannot send ClientHello");
error:
return 0;
@@ -1556,7 +1547,7 @@
dtls_kb_key_size(OTHER_CONFIG(peer)));
if (!OTHER_CONFIG(peer)->read_cipher) {
- WARN("cannot create read cipher\n");
+ WARN("Cannot create read cipher");
return 0;
}
@@ -1574,7 +1565,7 @@
if (!OTHER_CONFIG(peer)->write_cipher) {
dtls_cipher_free(OTHER_CONFIG(peer)->read_cipher);
- WARN("cannot create write cipher\n");
+ WARN("Cannot create write cipher");
return 0;
}
@@ -1584,13 +1575,13 @@
/* send ClientKeyExchange */
if (dtls_send_kx(ctx, peer, 1) < 0) {
- DBG("cannot send KeyExchange message\n");
+ DBG("Cannot send KeyExchange message");
return 0;
}
/* and switch cipher suite */
if (dtls_send_ccs(ctx, peer) < 0) {
- DBG("cannot send CCS message\n");
+ DBG("Cannot send CCS message");
return 0;
}
@@ -1636,7 +1627,7 @@
/* Client Finished */
{
- DBG("send Finished");
+ DBG("Send Finished");
int length;
uint8 buf[DTLS_HMAC_MAX];
uint8 *p = ctx->sendbuf;
@@ -1671,7 +1662,7 @@
update_hs_hash(peer, ctx->sendbuf, p - ctx->sendbuf);
if (dtls_send(ctx, peer, DTLS_CT_HANDSHAKE,
ctx->sendbuf, p - ctx->sendbuf) < 0) {
- dsrv_log(LOG_ALERT, "cannot send Finished message\n");
+ INFO("Cannot send Finished message");
return 0;
}
}
@@ -1717,7 +1708,7 @@
cipher_context = CURRENT_CONFIG(peer)->read_cipher;
if (!cipher_context) {
- WARN("no read_cipher available!\n");
+ WARN("No read_cipher available!");
return 0;
}
@@ -1748,7 +1739,7 @@
ok = len >= 0;
if (!ok)
- WARN("decryption failed\n");
+ WARN("decryption failed");
else {
/* #ifndef NDEBUG */
/* printf("decrypt_verify(): found %ld bytes cleartext\n", len); */
@@ -1783,7 +1774,7 @@
case DTLS_STATE_CLIENTHELLO:
/* here we expect a HelloVerify or ServerHello */
- DBG("DTLS_STATE_CLIENTHELLO\n");
+ DBG("DTLS_STATE_CLIENTHELLO");
if (check_server_hello(ctx, peer, data, data_length)) {
peer->state = DTLS_STATE_WAIT_SERVERHELLODONE;
/* update_hs_hash(peer, data, data_length); */
@@ -1794,7 +1785,7 @@
case DTLS_STATE_WAIT_SERVERHELLODONE:
/* expect a ServerHelloDone */
- DBG("DTLS_STATE_WAIT_SERVERHELLODONE\n");
+ DBG("DTLS_STATE_WAIT_SERVERHELLODONE");
if (check_server_hellodone(ctx, peer, data, data_length)) {
peer->state = DTLS_STATE_WAIT_SERVERFINISHED;
@@ -1806,9 +1797,9 @@
case DTLS_STATE_WAIT_SERVERFINISHED:
/* expect a Finished message from server */
- DBG("DTLS_STATE_WAIT_SERVERFINISHED\n");
+ DBG("DTLS_STATE_WAIT_SERVERFINISHED");
if (check_finished(ctx, peer, record_header, data, data_length)) {
- DBG("finished!\n");
+ DBG("finished!");
peer->state = DTLS_STATE_CONNECTED;
}
@@ -1822,9 +1813,9 @@
/* here we expect a ClientHello */
/* handle ClientHello, update msg and msglen and goto next if not finished */
- DBG("DTLS_STATE_SERVERHELLO\n");
+ DBG("DTLS_STATE_SERVERHELLO");
if (!check_client_keyexchange(ctx, peer, data, data_length)) {
- WARN("check_client_keyexchange failed (%d, %d)\n", data_length, data[0]);
+ WARN("check_client_keyexchange failed (%d, %d)", data_length, data[0]);
return 0; /* drop it, whatever it is */
}
@@ -1833,9 +1824,9 @@
break;
case DTLS_STATE_WAIT_FINISHED:
- DBG("DTLS_STATE_WAIT_FINISHED\n");
+ DBG("DTLS_STATE_WAIT_FINISHED");
if (check_finished(ctx, peer, record_header, data, data_length)) {
- DBG("finished!\n");
+ DBG("finished!");
/* send ServerFinished */
update_hs_hash(peer, data, data_length);
@@ -1843,7 +1834,7 @@
if (dtls_send_server_finished(ctx, peer) > 0) {
peer->state = DTLS_STATE_CONNECTED;
} else {
- WARN("sending server Finished failed\n");
+ WARN("sending server Finished failed");
}
} else {
/* send alert */
@@ -1854,7 +1845,7 @@
/* At this point, we have a good relationship with this peer. This
* state is left for re-negotiation of key material. */
- DBG("DTLS_STATE_CONNECTED\n");
+ DBG("DTLS_STATE_CONNECTED");
/* renegotiation */
if (dtls_verify_peer(ctx, peer, &peer->session,
@@ -1864,7 +1855,7 @@
if (!dtls_update_parameters(ctx, peer, data, data_length)) {
- WARN("error updating security parameters\n");
+ WARN("Error updating security parameters");
dtls_alert(ctx, peer, DTLS_ALERT_LEVEL_WARNING,
DTLS_ALERT_NO_RENEGOTIATION);
return 0;
@@ -1887,7 +1878,7 @@
case DTLS_STATE_INIT: /* these states should not occur here */
case DTLS_STATE_KEYEXCHANGE:
default:
- dsrv_log(LOG_CRIT, "unhandled state %d\n", peer->state);
+ INFO("Unhandled state %d", peer->state);
assert(0);
}
@@ -1907,14 +1898,14 @@
if (peer->state != DTLS_STATE_KEYEXCHANGE
|| !check_ccs(ctx, peer, record_header, data, data_length)) {
/* signal error? */
- WARN("expected ChangeCipherSpec during handshake\n");
+ WARN("Expected ChangeCipherSpec during handshake");
return 0;
}
/* send change cipher spec message and switch to new configuration */
if (dtls_send_ccs(ctx, peer) < 0) {
- WARN("cannot send CCS message");
+ WARN("Cannot send CCS message");
return 0;
}
@@ -1985,7 +1976,7 @@
* used by peer is released.
*/
if (data[0] == DTLS_ALERT_LEVEL_FATAL || data[1] == DTLS_ALERT_CLOSE) {
- dsrv_log(LOG_ALERT, "%d invalidate peer\n", data[1]);
+ INFO("%d invalidate peer\n", data[1]);
#ifndef WITH_CONTIKI
HASH_DEL_PEER(ctx->peers, peer);
@@ -2045,7 +2036,7 @@
/* check if we have DTLS state for addr/port/ifindex */
- DBG("check if we have DTLS state for addr/port/ifindex");
+ DBG("Check for cached DTLS state for addr/port/ifindex");
peer = dtls_get_peer(ctx, session);
#ifndef NDEBUG
@@ -2053,12 +2044,12 @@
unsigned char addrbuf[72];
dsrv_print_addr(session, addrbuf, sizeof(addrbuf));
- DBG("found peer %s", addrbuf);
+ DBG("Found peer \"%s\"", addrbuf);
}
#endif /* NDEBUG */
if (!peer) {
- DBG("no peer");
+ DBG("No peer found.");
/* get first record from client message */
rlen = is_record(msg, msglen);
assert(rlen <= msglen);
@@ -2066,9 +2057,9 @@
if (!rlen) {
#ifndef NDEBUG
if (msglen > 3)
- DBG("dropped invalid message %02x%02x%02x%02x\n", msg[0], msg[1], msg[2], msg[3]);
+ DBG("Dropped invalid message %02x%02x%02x%02x", msg[0], msg[1], msg[2], msg[3]);
else
- DBG("dropped invalid message (less than four bytes)\n");
+ DBG("Dropped invalid message (less than four bytes)");
#endif
return 0;
}
@@ -2088,7 +2079,7 @@
*/
if (dtls_verify_peer(ctx, NULL, session, msg, data, data_length) <= 0) {
- WARN("cannot verify peer");
+ WARN("Cannot verify peer.");
return -1;
}
@@ -2098,11 +2089,11 @@
peer = dtls_new_peer(session);
if (!peer) {
- DBG("Cannot create peer");
+ DBG("Cannot create peer.");
/* FIXME: signal internal error */
return -1;
}
- DBG("Peer is fine");
+ DBG("Created new peer.");
/* Initialize record sequence number to 1 for new peers. The first
* record with sequence number 0 is a stateless Hello Verify Request.
@@ -2118,14 +2109,13 @@
if (!dtls_update_parameters(ctx, peer,
msg + DTLS_RH_LENGTH, rlen - DTLS_RH_LENGTH)) {
- WARN("error updating security parameters\n");
+ WARN("Error updating security parameters");
/* FIXME: send handshake failure Alert */
dtls_alert(ctx, peer, DTLS_ALERT_LEVEL_FATAL,
DTLS_ALERT_HANDSHAKE_FAILURE);
dtls_free_peer(peer);
return -1;
}
- DBG("SHould reach this position");
#ifndef WITH_CONTIKI
DBG("Adding peer to hash");
HASH_ADD_PEER(ctx->peers, session, peer);
@@ -2147,7 +2137,7 @@
msg += rlen;
msglen -= rlen;
} else {
- DBG("found peer\n");
+ //DBG("Found peer");
}
/* At this point peer contains a state machine to handle the
@@ -2163,14 +2153,14 @@
while ((rlen = is_record(msg,msglen))) {
- DBG("got packet %d (%d bytes)\n", msg[0], rlen);
+ DBG("Got packet %d (%d bytes)", msg[0], rlen);
/* skip packet if it is from a different epoch */
if (memcmp(DTLS_RECORD_HEADER(msg)->epoch,
peer->epoch, sizeof(uint16)) != 0)
goto next;
if (!decrypt_verify(peer, msg, rlen, &data, &data_length)) {
- INFO("decrypt_verify() failed\n");
+ INFO("decrypt_verify() failed");
goto next;
}
@@ -2210,11 +2200,11 @@
break;
case DTLS_CT_APPLICATION_DATA:
- INFO("** application data:\n");
+ INFO("** application data:");
CALL(ctx, read, &peer->session, data, data_length);
break;
default:
- INFO("dropped unknown message of type %d\n",msg[0]);
+ INFO("dropped unknown message of type %d",msg[0]);
}
next:
@@ -2292,7 +2282,7 @@
return c;
error:
- dsrv_log(LOG_ALERT, "cannot create DTLS context");
+ INFO("Cannot create DTLS context. Fail.");
if (c)
dtls_free_context(c);
return NULL;
@@ -2333,7 +2323,7 @@
/* check if the same peer is already in our list */
if (peer == dtls_get_peer(ctx, &peer->session)) {
- DBG("found peer, try to re-connect\n");
+ DBG("Found peer, try to re-connect");
/* FIXME: send HelloRequest if we are server,
ClientHello with good cookie if client */
return 0;
@@ -2398,7 +2388,7 @@
res = dtls_send(ctx, peer, DTLS_CT_HANDSHAKE, ctx->sendbuf,
p - ctx->sendbuf);
if (res < 0)
- WARN("cannot send ClientHello\n");
+ WARN("Cannot send ClientHello");
else
peer->state = DTLS_STATE_CLIENTHELLO;
@@ -2440,7 +2430,7 @@
node->t += (node->timeout << node->retransmit_cnt);
netq_insert_node((netq_t **)context->sendqueue, node);
- DBG("** retransmit packet\n");
+ DBG("** retransmit packet");
if (dtls_prepare_record(node->peer, DTLS_CT_HANDSHAKE,
node->data, node->length,
@@ -2448,11 +2438,11 @@
#ifndef NDEBUG
if (dtls_get_log_level() >= LOG_DEBUG) {
- DBG("retransmit %d bytes\n", len);
+ DBG("retransmit %d bytes", len);
hexdump(sendbuf, sizeof(dtls_record_header_t));
- printf("\n");
+ DBGX("\r\n");
hexdump(node->data, node->length);
- printf("\n");
+ DBGX("\r\n");
}
#endif
@@ -2463,7 +2453,7 @@
/* no more retransmissions, remove node from system */
- DBG("** removed transaction\n");
+ DBG("** removed transaction");
/* And finally delete the node */
netq_node_free(node);
@@ -2513,7 +2503,7 @@
PROCESS_BEGIN();
- DBG("Started DTLS retransmit process\r\n");
+ DBG("Started DTLS retransmit process");
while(1) {
PROCESS_YIELD();
@@ -2553,9 +2543,9 @@
n++;
if (n % 8 == 0) {
if (n % 16 == 0)
- printf("\n");
+ printf("\r\n");
else
- printf(" ");
+ printf(" ");
}
}
}