codtls 0.0.1.alpha

data/lib/codtls/ram_session.rb

@@ -0,0 +1,214 @@
+require 'codtls/abstract_session'
+
+module CoDTLS
+  # Error class for wrong data inputs (for exampe keyblock)
+  class SessionError < StandardError
+  end
+
+  # Storage class for a CoDTLS-Session with the following Fields:
+  # Type     | Name               | Standard-Value
+  # -------------------------------------------------------
+  # uint8_t  | ip[16];            | Given IP
+  # uint8_t  | id[8];             | empty
+  # uint16_t | epoch;             | 0
+  # uint48_t | seq_num_r;         | depends on implementation (-1, 0 or 1)
+  # uint48_t | seq_num_w;         | depends on implementation (-1, 0 or 1)
+  # uint8_t  | key_block[40];     | empty
+  # uint8_t  | key_block_new[40]; | empty
+  # uint8_t  | handshake;         | 0
+  class RAMSession < CoDTLS::AbstractSession
+    @connections = []
+    # Constructor to create a new session for the given ip. When only ip is
+    # given, its the value for searching in database. When its not found, a
+    # new database entry with standard values will be created. When id is
+    # also given, id is the first value for searching in database. When its
+    # found, ip will be updated and other values are unchanged. In the other
+    # case, when id isnt found, its the same behavior as without id but with
+    # additional storing of the id. Throws excpetion if ip == nil.
+    #
+    # @param ip [IP] IP for this Session
+    # @param id [String] Session-Id for this Session
+    def initialize(ip, id = nil)
+      fail SessionError 'IP is nil, not a valid value.' if ip.nil? ||
+                                                           ip.class != String
+      ip = IPAddr.new(ip)
+      fail SessionError 'IP is not in a valid format' if ip.nil?
+      ip = ip.to_s
+      @ip = ip
+      if id.nil?
+        entry = CoDTLS::RAMSession.connections.select { |c| c.ip == @ip }
+        if entry.empty?
+          create_standard_ip_object
+        else
+          @database_object = entry[0]
+        end
+      else
+        entry = CoDTLS::RAMSession.connections.select { |c| c.id == id }
+        create_standard_ip_object if entry.empty?
+        @database_object.id = id
+      end
+    end
+
+    # Sets the ID of the current session.
+    #
+    # @param id [String] the Session-Id
+    def id=(id)
+      create_standard_ip_object if @database_object.nil?
+      @database_object.session_id = id
+    end
+
+    # Returns the ID of the current session.
+    #
+    # @return [String] the Session-ID. nil if Session-ID is unknown
+    def id
+      create_standard_ip_object if @database_object.nil?
+      @database_object.session_id
+    end
+
+    # Returns the Epoch of the session for the specified IP.
+    #
+    # @return [Number] the Epoch
+    def epoch
+      create_standard_ip_object if @database_object.nil?
+      @database_object.epoch
+    end
+
+    # Increases the Epoch of the session by 1.
+    # Also copy key_block_new to key_block and sets key_block_new to empty.
+    # seq_num_r and seq_num_w are set back to standard value.
+    # Throws excpetion if keyblock is not 40 bytes long.
+    def increase_epoch
+      create_standard_ip_object if @database_object.nil?
+      if @database_object.key_block_new.nil?
+        fail CoDTLS::SessionError, 'no new keyblock to set for this epoch.'
+      end
+      @database_object.epoch = @database_object.epoch + 1
+      @database_object.seq_num_r = 0
+      @database_object.seq_num_w = 0
+      @database_object.key_block = @database_object.key_block_new
+      @database_object.key_block_new = nil
+    end
+
+    # Checks the sequenze number of an incoming paket. Valid number is
+    # -10 ... + 100 of the expected number.
+    # The inital LAST number is 0, so the next expected is 1.
+    #
+    # @param num [Number] the recieved sequence number
+    # @return [Bool] true if the number is valid. false if invalid
+    def check_seq(num)
+      create_standard_ip_entry if @database_object.nil?
+      return false if num < @database_object.seq_num_r - 9 ||
+                      num > @database_object.seq_num_r + 101
+      true
+    end
+
+    # Sets the sequence number of the last received paket.
+    #
+    # @param num [Number] the new sequence number
+    def seq=(num)
+      create_standard_ip_object if @database_object.nil?
+      @database_object.seq_num_r = num
+      true
+    end
+
+    # Returns the sequence number for the next outgoing paket.
+    # The inital sequence number is 1. Every return value needs
+    # to be last value + 1.
+    #
+    # @return [Number] the sequence number for the next outgoing paket
+    def seq
+      create_standard_ip_object if @database_object.nil?
+      temp = @database_object.seq_num_w + 1
+      @database_object.seq_num_w = temp
+    end
+
+    # Inserts a new keyblock to key_block_new. Throws excpetion if
+    # keyblock is not 40 bytes long.
+    #
+    # @param keyBlock [String] the 40 byte long new keyblock to be inserted
+    def key_block=(keyBlock)
+      if keyBlock.b.length != 40
+        fail CoDTLS::SessionError, 'key blocks have to be 40 byte long'
+      end
+      create_standard_ip_object if @database_object.nil?
+      @database_object.key_block_new = keyBlock
+    end
+
+    # Returns the active keyblock (key_block) for the specified IP.
+    # If keyblock is empty, nil will be returned.
+    #
+    # @return [String] the 40 byte long keyblock or nil if empty
+    def key_block
+      create_standard_ip_object if @database_object.nil?
+      @database_object.key_block
+    end
+
+    # Causes the next messages to be send as handshake messages.
+    def enable_handshake
+      create_standard_ip_object if @database_object.nil?
+      @database_object.handshake = true
+    end
+
+    # Causes the next messages to not be send as handshake messages.
+    def disable_handshake
+      create_standard_ip_object if @database_object.nil?
+      @database_object.handshake = false
+    end
+
+    # Checks if the next message should be send as a handshake message.
+    #
+    # @return [Bool] true if the next messages are handshake messages
+    def handshake?
+      create_standard_ip_object if @database_object.nil?
+      @database_object.handshake
+    end
+
+    # Removes the whole entry from database.
+    def clear
+      fail CoDTLS::SessionError 'IP of a current session has'\
+                                'been deleted by a '\
+                                'third party.' if @database_object.nil?
+      CoDTLS::RAMSession.connections.delete(@database_object)
+      @database_object = nil
+    end
+
+    def self.clear_all
+      @connections = []
+    end
+
+    def self.connections
+      @connections unless @connections.nil?
+    end
+
+    private
+
+    def create_standard_ip_object
+      @database_object = TempDTLSConnection.new(@ip)
+      CoDTLS::RAMSession.connections.push(@database_object)
+    end
+  end
+
+  # class for representing a single connection. The IP address is unique.
+  class TempDTLSConnection
+    attr_accessor :ip,
+                  :epoch,
+                  :handshake,
+                  :seq_num_w,
+                  :seq_num_r,
+                  :key_block,
+                  :key_block_new,
+                  :session_id
+
+    def initialize(ip)
+      @ip = ip
+      @epoch = 0
+      @handshake = false
+      @seq_num_w = 0
+      @seq_num_r = 0
+    end
+  end
+end
+
+def create_sqlite_db(dbname)
+  SQLite3::Database.new(dbname)
+end

data/lib/codtls/rampskdb.rb

@@ -0,0 +1,87 @@
+require 'active_record'
+require 'sqlite3'
+require 'pathname'
+
+module CoDTLS
+  # A Class for managing PSKs per IP. The class has no initializer, because
+  # every method is static. All data are not saved, so they are lost at a
+  # restart.
+  class RAMPSKDB
+    @psks = []
+    # Sets PSK for the specified UUID. If PSK for UUID is already set,
+    # PSK ist saved into PSK_new. So PSK is set one time, while PSK_new
+    # maybe gets overwritten more times. Other values are set to standard.
+    #
+    # @param uuid [Binary] the UUID of the device in 16 byte binary form
+    # @param psk [String] the 16 byte long pre-shared key of the device
+    def self.set_psk(uuid, psk, desc = '')
+      entry = @psks.select { |p| p.uuid = uuid }
+      if entry.empty?
+        @psks.push(PSK.new(uuid, psk, desc))
+      else
+        entry = entry[0]
+        if entry.psk.nil?
+          entry.psk = psk
+        else
+          entry.psk_new = psk
+        end
+      end
+    end
+
+    # Gets PSK for the specified UUID. If PSK_new is set, the return value
+    # is PSK_new, else PSK is return value. If UUID is not existing
+    # nil will be returned.
+    #
+    # @param uuid [Binary] the UUID of the device in 16 byte binary form
+    # @return [String] the 16 byte long pre-shared key for the UUID
+    def self.get_psk(uuid)
+      entry = @psks.select { |p| p.uuid = uuid }
+      return nil if entry.empty?
+      entry = entry[0]
+      if entry.psk_new.nil?
+        return entry.psk
+      else
+        return entry.psk_new
+      end
+    end
+
+    # Deletes the PSK for the provided UUID. Handle with care, PSK_new and PSK
+    # are lost after this.
+    #
+    # @param uuid [Binary] the UUID of the device in 16 byte binary form
+    # @return [NilCLass] nil if uuid couldn't be found
+    def self.del_psk!(uuid)
+      entry = @psks.select { |p| p.uuid = uuid }
+      return nil if entry.empty?
+      @psks.delete(entry)
+    end
+
+    # Returns an array of all registered UUIDs.
+    #
+    # @return [Array] of {uuid: A, psk: B, desc: C}
+    def self.all_registered
+      entries = @psks
+      entries.map { |i| [i.uuid, i.psk_new.nil? ? i.psk : i.psk_new, i.desc] }
+    end
+
+    # Removes the all entrys from database in TABLE 2.
+    def self.clear_all
+      @psks = []
+    end
+  end
+
+  # Class representn the dtls_devices table in the database
+  class PSK
+    attr_accessor :uuid, :psk, :psk_new, :desc
+
+    def initialize(uuid, psk, desc)
+      @uuid = uuid
+      @psk = psk
+      @desc = desc
+    end
+  end
+end
+
+def create_sqlite_db(dbname)
+  SQLite3::Database.new(dbname)
+end

data/lib/codtls/record.rb

@@ -0,0 +1,202 @@
+module CoDTLS
+  # TODO
+  class RecordError < StandardError
+  end
+
+  # Tolle Klasse
+  class Record
+    TYPE = { bit8: 0, alert: 1, handshake: 2, appdata: 3 }
+    VERSION = { v10: 0, bit16: 1, v12: 2, reserved: 3 }
+    EPOCH = { e0: 0, e1: 1, e2: 2, e3: 3, e4: 4,
+              bit8: 5, bit16: 6, implizit: 7 }
+    SEQ_NUM = { none: 0, bit8: 1, bit16: 2, bit24: 3,
+                bit32: 4, bit40: 5, bit48: 6, implizit: 7 }
+    LENGTH = { l0: 0, bit8: 1, bit16: 2, implizit: 3 }
+
+    attr_reader :type, :version, :epoch, :seq_num, :length
+
+    def self.parse(data)
+      data.force_encoding('ASCII-8BIT')
+      fail RecordError, 'GR1' if data.length < 2
+      header = data.slice!(0...2).unpack('n')[0]
+
+      type = TYPE.keys[header >> 13]
+      if type == :bit8
+        fail RecordError, 'GR1' if data.length < 1
+        type = data.slice!(0...1).unpack('C')[0]
+      end
+
+      version = VERSION.keys[(header >> 11) & 0x03]
+      if version == :bit16
+        fail RecordError, 'GR1' if data.length < 2
+        version = data.slice!(0...2).unpack('n')[0]
+      end
+
+      epoch = EPOCH.keys[(header >> 8) & 0x07]
+      epoch = case epoch
+              when :implizit then :implizit
+              when :bit16
+                fail RecordError, 'GR1' if data.length < 2
+                data.slice!(0...2).unpack('n')[0]
+              when :bit8
+                fail RecordError, 'GR1' if data.length < 1
+                data.slice!(0...1).unpack('C')[0]
+              else EPOCH[epoch]
+      end
+
+      sequence = SEQ_NUM.keys[(header >> 2) & 0x07]
+      sequence = case sequence
+                 when :none then :none
+                 when :implizit then :implizit
+                 else
+                   bytes = SEQ_NUM[sequence]
+                   fail RecordError, 'GR1' if data.length < bytes
+                   num = data.slice!(0...bytes).reverse
+                   num += "\x00" while num.length < 8
+                   num.unpack('Q')[0]
+      end
+
+      length = LENGTH.keys[header & 0x03]
+      length = case length
+               when :implizit then :implizit
+               when :bit16
+                 fail RecordError, 'GR1' if data.length < 2
+                 data.slice!(0...2).unpack('n')[0]
+               when :bit8
+                 fail RecordError, 'GR1' if data.length < 1
+                 data.slice!(0...1).unpack('C')[0]
+               else LENGTH[length]
+      end
+
+      r = Record.new(type, epoch, sequence)
+      r.version = version
+      r.length = length
+      [r, data.slice!(length == :implizit ? 0..-1 : 0...length)]
+    end
+
+    public
+
+    def initialize(type, epoch, seq_num)
+      self.type = type
+      self.version = :v12
+      self.epoch = epoch
+      self.seq_num = seq_num
+      self.length = :implizit
+
+      @header_add = ''.force_encoding('ASCII-8BIT')
+    end
+
+    def type=(type)
+      check_param(type, TYPE, [1, 2, 3], 2**8 - 1)
+      @type = type
+    end
+
+    def version=(version)
+      check_param(version, VERSION, [0, 2], 2**16 - 1)
+      @version = version
+    end
+
+    def epoch=(epoch)
+      check_param(epoch, EPOCH, [7], 2**16 - 1)
+      @epoch = epoch
+    end
+
+    def seq_num=(seq_num)
+      check_param(seq_num, SEQ_NUM, [0, 7], 2**48 - 1)
+      @seq_num = seq_num
+    end
+
+    def length=(length)
+      check_param(length, LENGTH, [3], 2**16 - 1)
+      @length = length
+    end
+
+    def nonce(iv)
+      nonce = iv + [@seq_num.class == Symbol ? 0 : @seq_num].pack('Q').reverse
+      nonce[4..5] = [@epoch.class == Symbol ? 0 : @epoch].pack('n')
+      nonce
+    end
+
+    def to_wire
+      @header = 0x00C0
+      @header_add.clear
+
+      append_type
+      append_version
+      append_epoch
+      append_seq_num
+      append_length
+    end
+
+    private
+
+    def check_param(value, hash, valid, max)
+      case value
+      when Symbol
+        fail RecordError, 'GR1' unless valid.include?(hash[value])
+      when Integer
+        fail RecordError, 'GR2' unless value >= 0 && value <= max
+      else fail RecordError, "GRU #{hash}, Input: #{value.class}"
+      end
+    end
+
+    def append_type
+      case @type
+      when Symbol then @header |= TYPE[@type] << 13
+      when Integer
+        @header |= TYPE[:bit8] << 13
+        @header_add += [type].pack('C')
+      end
+    end
+
+    def append_version
+      case @version
+      when Symbol then @header |= VERSION[@version] << 11
+      when Integer
+        @header |= VERSION[:bit16] << 11
+        @header_add += [version].pack('n')
+      end
+    end
+
+    def append_epoch
+      case @epoch
+      when Symbol then @header |= EPOCH[@epoch] << 8
+      when Integer
+        case
+        when @epoch < 5 then  @header |= @epoch << 8
+        else
+          num = [@epoch].pack('n').bytes.drop_while { |i| i == 0 }
+          @header_add += num.pack('C*')
+          @header |= (4 + num.length) << 8
+        end
+      end
+    end
+
+    def append_seq_num
+      case @seq_num
+      when Symbol then @header |= SEQ_NUM[@seq_num] << 2
+      when Integer
+        if @seq_num == 0
+          @header_add += "\x00"
+          @header |= 1 << 2
+        else
+          num = [@seq_num].pack('Q').reverse.bytes.drop_while { |i| i == 0 }
+          @header_add += num.pack('C*')
+          @header |= num.length << 2
+        end
+      end
+    end
+
+    def append_length
+      case @length
+      when Symbol then @header |= LENGTH[@length]
+      when Integer
+        num = [@length].pack('n').bytes.drop_while { |i| i == 0 }
+        @header_add += num.pack('C*')
+        @header |= num.length
+      end
+
+      [@header].pack('n') + @header_add
+    end
+  end
+end