codtls 0.0.1.alpha

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e2634fecc2fa34a90ab5b3941f174d49bf41c995
+  data.tar.gz: 904c426baa0e2fba87e187f14cff90b8fda13ed2
+SHA512:
+  metadata.gz: bf8ec5ec61ccffd47cdd5e5793af715b5c10793292165ef4cfece54430ef51dbe9513f1458fcd83b76a3deef2f4fd3d68aa347ff00ef8998e22556d069761985
+  data.tar.gz: 8ff6425ca7d37b55a3b69a8ec8a592580b69ef994656310ed737e5dc5fe8f40522b73ebda83c9e869993eea70759b2fef4487eb5e6b0548ba83390dd14d00c1c

data/.rubocop.yml

@@ -0,0 +1,12 @@
+
+ClassLength:
+  Max: 500
+
+MethodLength:
+  Max: 64
+
+CyclomaticComplexity:
+  Max: 32
+
+BlockComments:
+  Enabled: false

data/.yardopts

@@ -0,0 +1,4 @@
+--no-private
+--protected
+lib/**/*.rb -
+LICENSE

data/Gemfile

@@ -0,0 +1,12 @@
+source 'https://rubygems.org'
+
+gem 'coap'
+gem 'openssl-ccm', '>=1.1.1'
+gem 'openssl-cmac', '>=2.0.0'
+gem 'sqlite3', '>=1.3.9'
+gem 'activerecord', '>=4.0.0'
+gem 'rake', '>=10.2.2'
+gem 'rdoc', '>=4.1.1'
+gem 'yard', '>=0.8.7.3'
+gem 'rubocop', '>=0.18.1'
+gem 'coveralls', '>=00.7.0'

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 SmallLars
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,78 @@
+[![Gem Version](https://badge.fury.io/rb/codtls.png)](http://badge.fury.io/rb/codtls)
+[![Dependency Status](https://gemnasium.com/SmallLars/codtls.png)](https://gemnasium.com/SmallLars/codtls)
+[![Build Status](https://travis-ci.org/SmallLars/codtls.png?branch=master)](https://travis-ci.org/SmallLars/codtls)
+[![Coverage Status](https://coveralls.io/repos/SmallLars/codtls/badge.png?branch=master)](https://coveralls.io/r/SmallLars/codtls)
+[![Code Climate](https://codeclimate.com/github/SmallLars/codtls.png)](https://codeclimate.com/github/SmallLars/codtls)
+[![Inline docs](http://inch-pages.github.io/github/smalllars/codtls.png)](http://inch-pages.github.io/github/smalllars/codtls)
+
+
+# Gem CoDTLS
+
+Ruby Gem for RFC XXXX - CoDTLS: DTLS handshakes over CoAP
+
+WORK IN PROGRESS - ITS NOT SECURE - THERE IS MANY WORK TO DO
+
+## Introduction
+
+This gem is an implementation of CoDTLS. CoDTLS is a protocol, which utlilizes CoAP and CoAP ressources for DTLS. See http://www.ietf.org/internet-drafts/draft-schmertmann-dice-codtls-00.txt for further details.
+
+## How to install the gem
+
+Add this line to your application's Gemfile:
+
+    gem 'openssl-ccm'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install openssl-ccm
+
+When the gem is installed you have to call its generator to generate the needed ActiveRecord Migrations in your db/migrate folder
+
+    rails g codtls
+
+You now have apply these migrations to your database with
+
+    rake db:migrate
+
+Your Rails project should now be able to use this ruby gem.
+
+## How to use the gem
+
+You have to require the gem in the file you are using with
+
+    require 'codtls'
+
+Now you can create a SecureSocket object and use it like any other socket.
+
+    # example for a server application
+    ssocket = CoDTLS::SecureSocket.new
+    ssocket.bind('AAAA::1', 5555)
+    ssocket.listen
+    new_connection = ssocket.accept
+
+    # example for a client application
+    ssocket = CoDTLS::SecureSocket.new
+    ssocket.sendto('AAAA::1', 'Test message')
+    answer = ssocket.recvfrom('AAAA::1')
+
+## Used sources
+
+http://guides.rubygems.org/make-your-own-gem/
+
+http://www.medihack.org/2011/03/15/intend-to-extend/
+
+http://rubydoc.info/gems/yard/file/docs/GettingStarted.md
+
+http://openbook.galileocomputing.de/ruby_on_rails/ruby_on_rails_04_001.htm
+
+http://blog.bigbinary.com/2011/07/20/ruby-pack-unpack.html
+
+http://ruby-doc.org/stdlib-2.0.0/libdoc/socket/rdoc/IPSocket.html
+http://ruby-doc.org/stdlib-2.0.0/libdoc/socket/rdoc/UDPSocket.html
+http://www.ruby-doc.org/stdlib-2.0.0/libdoc/openssl/rdoc/OpenSSL/Cipher.html
+
+http://bundler.io/

data/Rakefile

@@ -0,0 +1,29 @@
+require "bundler/gem_tasks"
+require 'rake/testtask'
+
+task :default => :build
+
+desc "Run tests"
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+end
+
+desc "Create documentation"
+task :doc do
+  sh "gem rdoc --rdoc openssl-ccm"
+  sh "yardoc"
+end
+
+desc "Uninstall and clean documentation"
+task :clean do
+  sh "gem uninstall codtls"
+  begin; sh "rm -R ./.yardoc";   rescue; end
+  begin; sh "rm -R ./doc";       rescue; end
+end
+
+desc "Development Dependencies"
+task (:devinst) { sh "gem install --dev ./codtls-0.0.1.gem" }
+
+desc "Bundle install"
+task (:bundle) { sh "bundle install" }
+

data/lib/codtls.rb

@@ -0,0 +1,186 @@
+require 'socket'
+require 'logger'
+
+require 'codtls/encrypt'
+require 'codtls/decrypt'
+require 'codtls/handshake'
+require 'codtls/record'
+require 'codtls/session'
+
+# laber
+module CoDTLS
+  LOG_LEVEL = Logger::ERROR # UNKNOWN,FATAL,ERROR,WARN,INFO,DEBUG
+
+  # TODO
+  class SecureSocketError < StandardError
+  end
+
+  # Secure UDP-Socket based on a CoAP using handshake
+  #
+  # Usage of SecureSocket ist the same as of UDPSocket.
+  # There are two additional class methods:
+  #
+  # set_psk(uuid, psk) to save PSK for specified UUID
+  #
+  # add_new_node_listener(listener) to enable autohandshake
+  # when a new node was found.
+  class SecureSocket
+    # Creates a new CoDTLS Socket. Behavior is like UDPSocket.
+    #
+    # @param address_family [Symbol] the address family of the socket,
+    #        `Socket::AF_INET` or `Socket::AF_INET6`
+    # @return [Object] the new CoDTLS socket object
+    def initialize(address_family = nil)
+      if address_family.nil?
+        @socket = UDPSocket.new
+      else
+        @socket = UDPSocket.new(address_family)
+      end
+    end
+
+    # Binds codtlssocket to host:port.
+    #
+    # @param host [IP] the address of the local machine
+    # @param port [Number] the port of the local machine
+    # @return [Number] 0 if bind succeed
+    def bind(host, port)
+      @socket.bind(host, port)
+    end
+
+    # Connects codtlssocket to host:port.
+    #
+    # @param host [IP] the address of the remote machine
+    # @param port [Number] the port of the remote machine
+    # @return [Number] 0 if bind succeed
+    def connect(host, port)
+      @socket.connect(host, port)
+    end
+
+    # Recieves message via secure UDP-Socket. Blocks until data is recieved.
+    #
+    # @param maxlen [Number] the number of bytes to receive from the socket
+    # @param flags [Number] should be a bitwise OR of Socket::MSG_* constants
+    # @return [Array] mesg, (address_family, port, hostname, numeric_address).
+    #         mesg is empty, if recieved data is corrupt
+    def recvfrom(maxlen, flags = nil)
+      if flags.nil?
+        mesg = @socket.recvfrom(maxlen + 23)
+      else
+        mesg = @socket.recvfrom(maxlen + 23, flags)
+      end
+      CoDTLS::RecordLayer.decrypt(mesg, maxlen)
+    end
+
+    # Recieves message via secure UDP-Socket.
+    #
+    # @param maxlen [Number] the number of bytes to receive from the socket
+    # @param flags [Number] should be a bitwise OR of Socket::MSG_* constants
+    # @return [Array] mesg, (address_family, port, hostname, numeric_address).
+    #         message is empty, if data there is no data or data is corrupt
+    def recvfrom_nonblock(maxlen, flags = nil)
+      if flags.nil?
+        mesg = @socket.recvfrom_nonblock(maxlen + 23)
+      else
+        mesg = @socket.recvfrom_nonblock(maxlen + 23, flags)
+      end
+      CoDTLS::RecordLayer.decrypt(mesg, maxlen)
+    end
+
+    # === Usage:
+    # * send(mesg, flags, host, port)
+    # * send(mesg, flags, sockaddr_to)
+    # * send(mesg, flags)
+    #
+    # Sends message via secure UDP-Socket.
+    #
+    # @param mesg [String] the message to send
+    # @param flags [Number] should be a bitwise OR of Socket::MSG_* constants
+    # @param host_or_sockaddr_to [String] the hostname or sockaddr of the
+    #        remote machine
+    # @param port [Number] the port of the remote machine
+    # @return [Number] the number of bytes sent.
+    #         If mesg.length > 0 && return value == 0 an error happend
+    def send(mesg, flags, *argv)
+      return 0 if mesg.length <= 0
+      if argv.length > 2
+        fail ArgumentError, 'wrong number of arguments ' \
+                            "(#{2 + argv.length} for 2-4)"
+      end
+
+      secure_mesg = case argv.length
+                    when 0
+                      CoDTLS::RecordLayer.encrypt(
+                        mesg,
+                        @socket.peeraddr(:numeric)[3])
+                    when 1
+                      CoDTLS::RecordLayer.encrypt(
+                        mesg,
+                        Socket.unpack_sockaddr_in(argv[0])[1])
+                    when 2
+                      CoDTLS::RecordLayer.encrypt(
+                        mesg,
+                        IPSocket.getaddress(argv[0]))
+      end
+      @socket.send(secure_mesg, flags, *argv)
+      mesg.length
+    end
+
+    # Disallows further read and write using shutdown system call.
+    def close
+      @socket.close
+    end
+
+    # Sets pre-shared key for the device with the specified uuid.
+    #
+    # @param uuid [Binary] the UUID of the device in 16 byte binary form
+    # @param psk [String] the 16 byte long pre-shared key of the device
+    # @param desc [String] Optional Description of the device
+    def self.add_psk(uuid, psk, desc = '')
+      CoDTLS::PSKDB.set_psk(uuid, psk, desc)
+    end
+
+    # Returns all known devices as an Array.
+    #
+    # @return [Array] of {uuid: A, psk: B, desc: C}
+    def self.psks
+      CoDTLS::PSKDB.all_registered
+      # [{ uuid: ['a9d984d1fe2b4c06afe8da98d8924005'].pack('H*'),
+      #    psk: 'ABCDEFGHIJKLMNOP', desc: 'Temperaturgeraet 1' },
+      #  { uuid: ['9425f01d39034295ad9447161e13251b'].pack('H*'),
+      #   psk: 'abcdefghijklmnop', desc: 'Rolladen Nummer 5' }]
+    end
+
+    # Deletes the entry of the specified uuid.
+    #
+    # @param uuid [Binary] the UUID of the device to delete
+    # @return [Bool] true if uuid was found and deleted, else false
+    def self.del_psk(uuid)
+      CoDTLS::PSKDB.del_psk!(uuid)
+    end
+
+    # Starts a listening thread on port 5684. If HelloRequest is recieved,
+    # listener.info(numeric_address, code) is called, after a handshake.
+    # numeric_address contains the ip of the remote and code == 0 if
+    # handshake succeed. Code == 1 if handshake failed or PSK is missing.
+    def self.add_new_node_listener(listener)
+      Thread.new do
+        s = UDPSocket.new(Socket::AF_INET6)
+        s.bind('::0', 5684)
+        loop do
+          packet = s.recvfrom(3)
+
+          logger = Logger.new(STDOUT)
+          logger.level = CoDTLS::LOG_LEVEL
+          logger.debug(packet.inspect)
+
+          if packet[0] == "\x50\x03\x00"
+            logger.debug("HelloRequest erhalten")
+            numeric_address = packet[1][3]
+            listener.info(numeric_address,
+                          CoDTLS::Handshake.handshake(numeric_address))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/codtls/abstract_session.rb

@@ -0,0 +1,179 @@
+module CoDTLS
+  # Error class for wrong data inputs (for exampe keyblock)
+  class SessionError < StandardError
+  end
+
+  # Storage class for a CoDTLS-Session with the following Fields:
+  #
+  # TABLE 1
+  # Type     | Name               | Standard-Value
+  # -------------------------------------------------------
+  # uint8_t  | uuid[16];          | uuid - couldnt be empty
+  # uint8_t  | psk[16];           | psk  - couldnt be empty
+  # uint8_t  | psk_new[16];       | empty
+  #
+  # TABLE 2
+  # Type     | Name               | Standard-Value
+  # -------------------------------------------------------
+  # uint8_t  | ip[16];            | Given IP
+  # uint8_t  | id[8];             | empty
+  # uint16_t | epoch;             | 0
+  # uint48_t | seq_num_r;         | depends on implementation (-1, 0 or 1)
+  # uint48_t | seq_num_w;         | depends on implementation (-1, 0 or 1)
+  # uint8_t  | key_block[40];     | empty
+  # uint8_t  | key_block_new[40]; | empty
+  # uint8_t  | handshake;         | 0
+  class AbstractSession
+    # Creates a database connection if necessary
+    def self.establish_connection
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Sets PSK for the specified UUID. If PSK for UUID is already set,
+    # PSK ist saved into PSK_new. So PSK is set one time, while PSK_new
+    # maybe gets overwritten more times. Other values are set to standard.
+    #
+    # @param uuid [Binary] the UUID of the device in 16 byte binary form
+    # @param psk [String] the 16 byte long pre-shared key of the device
+    def self.set_psk(uuid, psk, desc = '')
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Gets PSK for the specified UUID. If PSK_new is set, the return value
+    # is PSK_new, else PSK is return value. If UUID is not existing
+    # nil will be returned.
+    #
+    # @param uuid [Binary] the UUID of the device in 16 byte binary form
+    # @return [String] the 16 byte long pre-shared key for the UUID
+    def self.get_psk(uuid)
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Deletes the PSK for the provided UUID. Handle with care, PSK_new and PSK
+    # are lost after this.
+    #
+    # @param uuid [Binary] the UUID of the device in 16 byte binary form
+    def self.del_psk!(uuid)
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Returns an array of all registered UUIDs.
+    #
+    # @return [Array] of {uuid: A, psk: B, desc: C}
+    def self.all_registered
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Removes the all entrys from database in TABLE 2.
+    def self.clear_all
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Constructor to create a new session for the given ip. When only ip is
+    # given, its the value for searching in database. When its not found, a
+    # new database entry with standard values will be created. When id is
+    # also given, id is the first value for searching in database. When its
+    # found, ip will be updated and other values are unchanged. In the other
+    # case, when id isnt found, its the same behavior as without id but with
+    # additional storing of the id. Throws excpetion if ip == nil.
+    #
+    # @param ip [IP] IP for this Session
+    # @param id [String] Session-Id for this Session
+    def initialize(ip, id = nil)
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Sets the ID of the current session.
+    #
+    # @param id [String] the Session-Id
+    def id=(id)
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Returns the ID of the current session.
+    #
+    # @return [String] the Session-ID. nil if Session-ID is unknown
+    def id
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Returns the Epoch of the session for the specified IP.
+    #
+    # @return [Number] the Epoch
+    def epoch
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Increases the Epoch of the session by 1.
+    # Also copy key_block_new to key_block and sets key_block_new to empty.
+    # seq_num_r and seq_num_w are set back to standard value.
+    # Throws excpetion if keyblock is not 40 bytes long.
+    def increase_epoch
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Checks the sequenze number of an incoming paket. Valid number is
+    # -10 ... + 100 of the expected number.
+    # The inital LAST number is 0, so the next expected is 1.
+    #
+    # @param num [Number] the recieved sequence number
+    # @return [Bool] true if the number is valid. false if invalid
+    def check_seq(num)
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Sets the sequence number of the last received paket.
+    #
+    # @param num [Number] the new sequence number
+    def seq=(num)
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Returns the sequence number for the next outgoing paket.
+    # The inital sequence number is 1. Every return value needs
+    # to be last value + 1.
+    #
+    # @return [Number] the sequence number for the next outgoing paket
+    def seq
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Inserts a new keyblock to key_block_new. Throws excpetion if
+    # keyblock is not 40 bytes long.
+    #
+    # @param keyBlock [String] the 40 byte long new keyblock to be inserted
+    def key_block=(keyBlock)
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Returns the active keyblock (key_block) for the specified IP.
+    # If keyblock is empty, nil will be returned.
+    #
+    # @return [String] the 40 byte long keyblock or nil if empty
+    def key_block
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Causes the next messages to be send as handshake messages.
+    def enable_handshake
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Causes the next messages to not be send as handshake messages.
+    def disable_handshake
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Checks if the next message should be send as a handshake message.
+    #
+    # @return [Bool] true if the next messages are handshake messages
+    def handshake?
+      fail 'SYSTEM ERROR: method missing'
+    end
+
+    # Removes the hole entry from database.
+    def clear
+      fail 'SYSTEM ERROR: method missing'
+    end
+  end
+end