mbed port of tinydtls
Diff: dtls.c
- Revision:
- 1:bc8a649bad13
- Parent:
- 0:04990d454f45
--- a/dtls.c Thu Oct 10 21:38:07 2013 +0000 +++ b/dtls.c Fri Oct 11 08:46:21 2013 +0000 @@ -23,7 +23,7 @@ * SOFTWARE. */ -#define __DEBUG__ 4 +#define __DEBUG__ 0 #ifndef __MODULE__ #define __MODULE__ "dtls.c" @@ -188,9 +188,11 @@ DBG("dtls_get_peer"); dtls_peer_t *p = NULL; DBG("trying to get hash for the following byte sequence: "); + #if __DEBUG__ > 0 for(uint8_t i=0; i<sizeof(session_t); i++) { DBGX("%x ",((uint8_t*)session)[i]); } + #endif DBGX("\r\n"); DBG("session size: %u, AF: %u, address: %s:%d, ifnumber: %d", session->size, @@ -215,9 +217,11 @@ dtls_add_peer(dtls_context_t *ctx, dtls_peer_t *peer) { DBG("dtls_add_peer"); DBG("Trying to add peer @ %u with session byte sequence:",peer); + #if __DEBUG__ > 0 for(uint8_t i=0; i<sizeof(session_t); i++) { DBGX("%x ",((uint8_t*)(&peer->session))[i]); } + #endif DBGX("\r\n"); DBG("session size: %u, address: %s:%d, ifnumber: %d", peer->session.size, @@ -229,21 +233,9 @@ //HASH_ADD(hh,head,sess,sizeof(session_t),add) #ifndef WITH_CONTIKI HASH_ADD_PEER(ctx->peers, session, peer); -#else /* WITH_CONTIKI */ +#else // WITH_CONTIKI list_add(ctx->peers, peer); -#endif /* WITH_CONTIKI */ - - // check if peer was added - DBG("Doing sanity check for hash"); - dtls_peer_t *p; - - HASH_FIND(hh, ctx->peers, &peer->session, sizeof(session_t), p); - - if(p) { - DBG("found hash, peer is: %d",p); - } else { - DBG("did not find hash\r\n"); - } +#endif // WITH_CONTIKI } int @@ -475,7 +467,7 @@ session_t *session, uint8 *record, uint8 *data, size_t data_length) { - + DBG("Entering dtls_verify_peer"); int len = DTLS_COOKIE_LENGTH; uint8 *cookie, *p; #undef mycookie @@ -491,7 +483,7 @@ /* Store cookie where we can reuse it for the HelloVerify request. */ if (dtls_create_cookie(ctx, session, data, data_length,mycookie, &len) < 0) { - DBG("Cannot create cookie\r\n"); + DBG("Cannot create cookie"); return -1; } /* #ifndef NDEBUG */ @@ -512,14 +504,14 @@ /* check if cookies match */ if (len == DTLS_COOKIE_LENGTH && memcmp(cookie, mycookie, len) == 0) { - DBG("found matching cookie\n"); + DBG("Found matching cookie"); return 1; } if (len > 0) { DBG("invalid cookie"); #ifndef NDEBUG dump(cookie, len); - printf("\r\n"); + DBGX("\r\n"); #endif } /* ClientHello did not contain any valid cookie, hence we send a @@ -560,14 +552,14 @@ if (dtls_send(ctx, peer, DTLS_CT_HANDSHAKE, ctx->sendbuf + DTLS_RH_LENGTH, p - (ctx->sendbuf + DTLS_RH_LENGTH)) < 0) { - WARN("cannot send HelloVerify request\r\n"); + WARN("Cannot send HelloVerify request"); return -1; } } return 0; /* HelloVerify is sent, now we cannot do anything but wait */ } - DBG("not a ClientHello, signal error \r\n"); + DBG("Not a ClientHello, signal error"); return -1; /* not a ClientHello, signal error */ #undef mycookie } @@ -609,7 +601,7 @@ break; } default: - DBG("calculate_key_block: unknown key type\n"); + DBG("Calculate_key_block: unknown key type"); return 0; } @@ -807,7 +799,7 @@ return ok; error: - WARN("ClientHello too short (%d bytes)\n", data_length); + WARN("ClientHello too short (%d bytes)", data_length); return 0; } @@ -838,7 +830,7 @@ dtls_kb_key_size(OTHER_CONFIG(peer))); if (!OTHER_CONFIG(peer)->read_cipher) { - WARN("cannot create read cipher\n"); + WARN("Cannot create read cipher"); return 0; } @@ -855,7 +847,7 @@ dtls_kb_key_size(OTHER_CONFIG(peer))); if (!OTHER_CONFIG(peer)->write_cipher) { - WARN("cannot create write cipher\n"); + WARN("Cannot create write cipher"); return 0; } @@ -919,9 +911,9 @@ unsigned char verify_data[DTLS_FIN_LENGTH]; } b; - DBG("check Finish message\n"); - if (record[0] != DTLS_CT_HANDSHAKE || !IS_FINISHED(data, data_length)) { - DBG("failed\n"); + DBG("Check Finish message"); + if(record[0] != DTLS_CT_HANDSHAKE || !IS_FINISHED(data, data_length)) { + DBG("Failed"); return 0; } @@ -989,7 +981,7 @@ /* check the minimum that we need for packets that are not encrypted */ if (*rlen < DTLS_RH_LENGTH + data_length) { - DBG("dtls_prepare_record: send buffer too small\n"); + DBG("dtls_prepare_record: send buffer too small"); return -1; } @@ -1011,11 +1003,11 @@ unsigned char N[max(DTLS_CCM_BLOCKSIZE, A_DATA_LEN)]; if (*rlen < sizeof(dtls_record_header_t) + data_length + 8) { - WARN("dtls_prepare_record(): send buffer too small\n"); + WARN("dtls_prepare_record(): send buffer too small"); return -1; } - DBG("dtls_prepare_record(): encrypt using TLS_PSK_WITH_AES_128_CCM_8\n"); + DBG("dtls_prepare_record(): encrypt using TLS_PSK_WITH_AES_128_CCM_8"); /* set nonce from http://tools.ietf.org/html/draft-mcgrew-tls-aes-ccm-03: @@ -1042,7 +1034,7 @@ cipher_context = CURRENT_CONFIG(peer)->write_cipher; if (!cipher_context) { - WARN("no write_cipher available!\n"); + WARN("no write_cipher available!"); return -1; } /* #ifndef NDEBUG */ @@ -1165,7 +1157,7 @@ memcpy(n->data, buf, buflen); if (!netq_insert_node((netq_t **)ctx->sendqueue, n)) { - WARN("cannot add packet to retransmit buffer\n"); + WARN("Cannot add packet to retransmit buffer"); netq_node_free(n); #ifdef WITH_CONTIKI } else { @@ -1174,11 +1166,11 @@ etimer_set(&ctx->retransmit_timer, n->timeout); PROCESS_CONTEXT_END(&dtls_retransmit_process); #else /* WITH_CONTIKI */ - DBG("copied to sendqueue\n"); + DBG("Copied to sendqueue"); #endif /* WITH_CONTIKI */ } } else - WARN("retransmit buffer full\n"); + WARN("Retransmit buffer full"); } /* FIXME: copy to peer's sendqueue (after fragmentation if @@ -1232,7 +1224,7 @@ DTLS_RH_LENGTH + DTLS_HS_LENGTH + DTLS_SH_LENGTH + 20); if (CALL(ctx, get_key, &peer->session, NULL, 0, &key) < 0) { - DBG("dtls_send_server_hello(): no key for session available\n"); + DBG("dtls_send_server_hello(): no key for session available"); return -1; } @@ -1281,7 +1273,7 @@ buf, p - buf, q, &qlen); if (res < 0) { - DBG("dtls_server_hello: cannot prepare ServerHello record\n"); + DBG("dtls_server_hello: cannot prepare ServerHello record"); return res; } @@ -1305,7 +1297,7 @@ buf, p - buf, q, &qlen); if (res < 0) { - DBG("dtls_server_hello: cannot prepare ServerHelloDone record\n"); + DBG("dtls_server_hello: cannot prepare ServerHelloDone record"); return res; } @@ -1332,7 +1324,7 @@ size_t id_len = 0; if (CALL(ctx, get_key, &peer->session, NULL, 0, &key) < 0) { - dsrv_log(LOG_CRIT, "no key to send in kx\n"); + DBG("No key to send in kx. Fail."); return -2; } @@ -1345,7 +1337,7 @@ break; } default: - dsrv_log(LOG_CRIT, "key type not supported\n"); + DBG("Key type not supported. Fail."); return -3; } @@ -1419,7 +1411,7 @@ */ if (IS_SERVERHELLO(data, data_length)) { - DBG("handle ServerHello\n"); + DBG("handle ServerHello"); update_hs_hash(peer, data, data_length); @@ -1435,7 +1427,7 @@ data_length -= DTLS_HS_LENGTH; if (dtls_uint16_to_int(data) != DTLS_VERSION) { - dsrv_log(LOG_ALERT, "unknown DTLS version\n"); + INFO("Unknown DTLS version"); goto error; } @@ -1462,8 +1454,7 @@ * list of known cipher suites. Subsets are not supported. */ OTHER_CONFIG(peer)->cipher = dtls_uint16_to_int(data); if (!known_cipher(OTHER_CONFIG(peer)->cipher)) { - dsrv_log(LOG_ALERT, "unsupported cipher 0x%02x 0x%02x\n", - data[0], data[1]); + INFO("Unsupported cipher 0x%02x 0x%02x\n",data[0], data[1]); goto error; } data += sizeof(uint16); @@ -1471,7 +1462,7 @@ /* Check if NULL compression was selected. We do not know any other. */ if (dtls_uint8_to_int(data) != TLS_COMP_NULL) { - dsrv_log(LOG_ALERT, "unsupported compression method 0x%02x\n", data[0]); + INFO("Unsupported compression method 0x%02x\n", data[0]); goto error; } @@ -1479,11 +1470,11 @@ } if (!IS_HELLOVERIFY(data, data_length)) { - DBG("no HelloVerify\n"); + DBG("No HelloVerify"); return 0; } - DBG("OK, we got a HelloVerify"); + DBG("Got HelloVerify"); hv = (dtls_hello_verify_t *)(data + DTLS_HS_LENGTH); /* FIXME: dtls_send_client_hello(ctx,peer,cookie) */ @@ -1528,7 +1519,7 @@ res = dtls_send(ctx, peer, DTLS_CT_HANDSHAKE, ctx->sendbuf, p - ctx->sendbuf); if (res < 0) - WARN("cannot send ClientHello\n"); + WARN("cannot send ClientHello"); error: return 0; @@ -1556,7 +1547,7 @@ dtls_kb_key_size(OTHER_CONFIG(peer))); if (!OTHER_CONFIG(peer)->read_cipher) { - WARN("cannot create read cipher\n"); + WARN("Cannot create read cipher"); return 0; } @@ -1574,7 +1565,7 @@ if (!OTHER_CONFIG(peer)->write_cipher) { dtls_cipher_free(OTHER_CONFIG(peer)->read_cipher); - WARN("cannot create write cipher\n"); + WARN("Cannot create write cipher"); return 0; } @@ -1584,13 +1575,13 @@ /* send ClientKeyExchange */ if (dtls_send_kx(ctx, peer, 1) < 0) { - DBG("cannot send KeyExchange message\n"); + DBG("Cannot send KeyExchange message"); return 0; } /* and switch cipher suite */ if (dtls_send_ccs(ctx, peer) < 0) { - DBG("cannot send CCS message\n"); + DBG("Cannot send CCS message"); return 0; } @@ -1636,7 +1627,7 @@ /* Client Finished */ { - DBG("send Finished"); + DBG("Send Finished"); int length; uint8 buf[DTLS_HMAC_MAX]; uint8 *p = ctx->sendbuf; @@ -1671,7 +1662,7 @@ update_hs_hash(peer, ctx->sendbuf, p - ctx->sendbuf); if (dtls_send(ctx, peer, DTLS_CT_HANDSHAKE, ctx->sendbuf, p - ctx->sendbuf) < 0) { - dsrv_log(LOG_ALERT, "cannot send Finished message\n"); + INFO("Cannot send Finished message"); return 0; } } @@ -1717,7 +1708,7 @@ cipher_context = CURRENT_CONFIG(peer)->read_cipher; if (!cipher_context) { - WARN("no read_cipher available!\n"); + WARN("No read_cipher available!"); return 0; } @@ -1748,7 +1739,7 @@ ok = len >= 0; if (!ok) - WARN("decryption failed\n"); + WARN("decryption failed"); else { /* #ifndef NDEBUG */ /* printf("decrypt_verify(): found %ld bytes cleartext\n", len); */ @@ -1783,7 +1774,7 @@ case DTLS_STATE_CLIENTHELLO: /* here we expect a HelloVerify or ServerHello */ - DBG("DTLS_STATE_CLIENTHELLO\n"); + DBG("DTLS_STATE_CLIENTHELLO"); if (check_server_hello(ctx, peer, data, data_length)) { peer->state = DTLS_STATE_WAIT_SERVERHELLODONE; /* update_hs_hash(peer, data, data_length); */ @@ -1794,7 +1785,7 @@ case DTLS_STATE_WAIT_SERVERHELLODONE: /* expect a ServerHelloDone */ - DBG("DTLS_STATE_WAIT_SERVERHELLODONE\n"); + DBG("DTLS_STATE_WAIT_SERVERHELLODONE"); if (check_server_hellodone(ctx, peer, data, data_length)) { peer->state = DTLS_STATE_WAIT_SERVERFINISHED; @@ -1806,9 +1797,9 @@ case DTLS_STATE_WAIT_SERVERFINISHED: /* expect a Finished message from server */ - DBG("DTLS_STATE_WAIT_SERVERFINISHED\n"); + DBG("DTLS_STATE_WAIT_SERVERFINISHED"); if (check_finished(ctx, peer, record_header, data, data_length)) { - DBG("finished!\n"); + DBG("finished!"); peer->state = DTLS_STATE_CONNECTED; } @@ -1822,9 +1813,9 @@ /* here we expect a ClientHello */ /* handle ClientHello, update msg and msglen and goto next if not finished */ - DBG("DTLS_STATE_SERVERHELLO\n"); + DBG("DTLS_STATE_SERVERHELLO"); if (!check_client_keyexchange(ctx, peer, data, data_length)) { - WARN("check_client_keyexchange failed (%d, %d)\n", data_length, data[0]); + WARN("check_client_keyexchange failed (%d, %d)", data_length, data[0]); return 0; /* drop it, whatever it is */ } @@ -1833,9 +1824,9 @@ break; case DTLS_STATE_WAIT_FINISHED: - DBG("DTLS_STATE_WAIT_FINISHED\n"); + DBG("DTLS_STATE_WAIT_FINISHED"); if (check_finished(ctx, peer, record_header, data, data_length)) { - DBG("finished!\n"); + DBG("finished!"); /* send ServerFinished */ update_hs_hash(peer, data, data_length); @@ -1843,7 +1834,7 @@ if (dtls_send_server_finished(ctx, peer) > 0) { peer->state = DTLS_STATE_CONNECTED; } else { - WARN("sending server Finished failed\n"); + WARN("sending server Finished failed"); } } else { /* send alert */ @@ -1854,7 +1845,7 @@ /* At this point, we have a good relationship with this peer. This * state is left for re-negotiation of key material. */ - DBG("DTLS_STATE_CONNECTED\n"); + DBG("DTLS_STATE_CONNECTED"); /* renegotiation */ if (dtls_verify_peer(ctx, peer, &peer->session, @@ -1864,7 +1855,7 @@ if (!dtls_update_parameters(ctx, peer, data, data_length)) { - WARN("error updating security parameters\n"); + WARN("Error updating security parameters"); dtls_alert(ctx, peer, DTLS_ALERT_LEVEL_WARNING, DTLS_ALERT_NO_RENEGOTIATION); return 0; @@ -1887,7 +1878,7 @@ case DTLS_STATE_INIT: /* these states should not occur here */ case DTLS_STATE_KEYEXCHANGE: default: - dsrv_log(LOG_CRIT, "unhandled state %d\n", peer->state); + INFO("Unhandled state %d", peer->state); assert(0); } @@ -1907,14 +1898,14 @@ if (peer->state != DTLS_STATE_KEYEXCHANGE || !check_ccs(ctx, peer, record_header, data, data_length)) { /* signal error? */ - WARN("expected ChangeCipherSpec during handshake\n"); + WARN("Expected ChangeCipherSpec during handshake"); return 0; } /* send change cipher spec message and switch to new configuration */ if (dtls_send_ccs(ctx, peer) < 0) { - WARN("cannot send CCS message"); + WARN("Cannot send CCS message"); return 0; } @@ -1985,7 +1976,7 @@ * used by peer is released. */ if (data[0] == DTLS_ALERT_LEVEL_FATAL || data[1] == DTLS_ALERT_CLOSE) { - dsrv_log(LOG_ALERT, "%d invalidate peer\n", data[1]); + INFO("%d invalidate peer\n", data[1]); #ifndef WITH_CONTIKI HASH_DEL_PEER(ctx->peers, peer); @@ -2045,7 +2036,7 @@ /* check if we have DTLS state for addr/port/ifindex */ - DBG("check if we have DTLS state for addr/port/ifindex"); + DBG("Check for cached DTLS state for addr/port/ifindex"); peer = dtls_get_peer(ctx, session); #ifndef NDEBUG @@ -2053,12 +2044,12 @@ unsigned char addrbuf[72]; dsrv_print_addr(session, addrbuf, sizeof(addrbuf)); - DBG("found peer %s", addrbuf); + DBG("Found peer \"%s\"", addrbuf); } #endif /* NDEBUG */ if (!peer) { - DBG("no peer"); + DBG("No peer found."); /* get first record from client message */ rlen = is_record(msg, msglen); assert(rlen <= msglen); @@ -2066,9 +2057,9 @@ if (!rlen) { #ifndef NDEBUG if (msglen > 3) - DBG("dropped invalid message %02x%02x%02x%02x\n", msg[0], msg[1], msg[2], msg[3]); + DBG("Dropped invalid message %02x%02x%02x%02x", msg[0], msg[1], msg[2], msg[3]); else - DBG("dropped invalid message (less than four bytes)\n"); + DBG("Dropped invalid message (less than four bytes)"); #endif return 0; } @@ -2088,7 +2079,7 @@ */ if (dtls_verify_peer(ctx, NULL, session, msg, data, data_length) <= 0) { - WARN("cannot verify peer"); + WARN("Cannot verify peer."); return -1; } @@ -2098,11 +2089,11 @@ peer = dtls_new_peer(session); if (!peer) { - DBG("Cannot create peer"); + DBG("Cannot create peer."); /* FIXME: signal internal error */ return -1; } - DBG("Peer is fine"); + DBG("Created new peer."); /* Initialize record sequence number to 1 for new peers. The first * record with sequence number 0 is a stateless Hello Verify Request. @@ -2118,14 +2109,13 @@ if (!dtls_update_parameters(ctx, peer, msg + DTLS_RH_LENGTH, rlen - DTLS_RH_LENGTH)) { - WARN("error updating security parameters\n"); + WARN("Error updating security parameters"); /* FIXME: send handshake failure Alert */ dtls_alert(ctx, peer, DTLS_ALERT_LEVEL_FATAL, DTLS_ALERT_HANDSHAKE_FAILURE); dtls_free_peer(peer); return -1; } - DBG("SHould reach this position"); #ifndef WITH_CONTIKI DBG("Adding peer to hash"); HASH_ADD_PEER(ctx->peers, session, peer); @@ -2147,7 +2137,7 @@ msg += rlen; msglen -= rlen; } else { - DBG("found peer\n"); + //DBG("Found peer"); } /* At this point peer contains a state machine to handle the @@ -2163,14 +2153,14 @@ while ((rlen = is_record(msg,msglen))) { - DBG("got packet %d (%d bytes)\n", msg[0], rlen); + DBG("Got packet %d (%d bytes)", msg[0], rlen); /* skip packet if it is from a different epoch */ if (memcmp(DTLS_RECORD_HEADER(msg)->epoch, peer->epoch, sizeof(uint16)) != 0) goto next; if (!decrypt_verify(peer, msg, rlen, &data, &data_length)) { - INFO("decrypt_verify() failed\n"); + INFO("decrypt_verify() failed"); goto next; } @@ -2210,11 +2200,11 @@ break; case DTLS_CT_APPLICATION_DATA: - INFO("** application data:\n"); + INFO("** application data:"); CALL(ctx, read, &peer->session, data, data_length); break; default: - INFO("dropped unknown message of type %d\n",msg[0]); + INFO("dropped unknown message of type %d",msg[0]); } next: @@ -2292,7 +2282,7 @@ return c; error: - dsrv_log(LOG_ALERT, "cannot create DTLS context"); + INFO("Cannot create DTLS context. Fail."); if (c) dtls_free_context(c); return NULL; @@ -2333,7 +2323,7 @@ /* check if the same peer is already in our list */ if (peer == dtls_get_peer(ctx, &peer->session)) { - DBG("found peer, try to re-connect\n"); + DBG("Found peer, try to re-connect"); /* FIXME: send HelloRequest if we are server, ClientHello with good cookie if client */ return 0; @@ -2398,7 +2388,7 @@ res = dtls_send(ctx, peer, DTLS_CT_HANDSHAKE, ctx->sendbuf, p - ctx->sendbuf); if (res < 0) - WARN("cannot send ClientHello\n"); + WARN("Cannot send ClientHello"); else peer->state = DTLS_STATE_CLIENTHELLO; @@ -2440,7 +2430,7 @@ node->t += (node->timeout << node->retransmit_cnt); netq_insert_node((netq_t **)context->sendqueue, node); - DBG("** retransmit packet\n"); + DBG("** retransmit packet"); if (dtls_prepare_record(node->peer, DTLS_CT_HANDSHAKE, node->data, node->length, @@ -2448,11 +2438,11 @@ #ifndef NDEBUG if (dtls_get_log_level() >= LOG_DEBUG) { - DBG("retransmit %d bytes\n", len); + DBG("retransmit %d bytes", len); hexdump(sendbuf, sizeof(dtls_record_header_t)); - printf("\n"); + DBGX("\r\n"); hexdump(node->data, node->length); - printf("\n"); + DBGX("\r\n"); } #endif @@ -2463,7 +2453,7 @@ /* no more retransmissions, remove node from system */ - DBG("** removed transaction\n"); + DBG("** removed transaction"); /* And finally delete the node */ netq_node_free(node); @@ -2513,7 +2503,7 @@ PROCESS_BEGIN(); - DBG("Started DTLS retransmit process\r\n"); + DBG("Started DTLS retransmit process"); while(1) { PROCESS_YIELD(); @@ -2553,9 +2543,9 @@ n++; if (n % 8 == 0) { if (n % 16 == 0) - printf("\n"); + printf("\r\n"); else - printf(" "); + printf(" "); } } }