tinydtls 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 2e326a7a3bf6820d5596c83553eb9d0cd9c2309ffbb00e24d3045e5a2b69e8c5
+  data.tar.gz: b446f4a18ca71e313bf5ad06d651e89442ac847526ac181b826fa9fac1d1d99c
+SHA512:
+  metadata.gz: 3e1a1a8fe929488102db4cdf3d2d0ef3ec9dec8518fb74d00ed29afb868ea60010d7ee0b5fe64300a61f6b0cd7633293ccca4cdef4bb3122f6e2e70a27118319
+  data.tar.gz: 5b873f6d31d0ce0ba9cc3f0795bc8a95b078761ceab382c719acb3a19a1de2a3231873b4cdd86bc419db79682ea154532928261b3503d6906bd58e7c810906c1

data/lib/tinydtls.rb

@@ -0,0 +1,16 @@
+require "socket"
+require "ffi"
+
+require "tinydtls/wrapper"
+require "tinydtls/context"
+require "tinydtls/session"
+require "tinydtls/security_conf"
+require "tinydtls/session_manager"
+require "tinydtls/udpsocket"
+
+module TinyDTLS
+  # Map used to map `object_ids` passed as void pointers to the tinydtls
+  # callback functions to actually ruby UDPSockets. This is neccessary
+  # since we can't pass pointers to ruby objects to C functions.
+  CONTEXT_MAP = Hash.new
+end

data/lib/tinydtls/context.rb

@@ -0,0 +1,35 @@
+module TinyDTLS
+  # The class Context stores all per-connection information,
+  # it is exclusively used in the `TinyDTLS::CONTEXT_MAP`.
+  class Context
+    # The method used for sending data on the socket.
+    attr_reader :sendfn
+
+    # The queue used for communication with the receive thread.
+    attr_reader :queue
+
+    # An instance of the security configuration class.
+    attr_reader :secconf
+
+    # Create a new instance of this class with a given function to send
+    # message on the transport layer, a queue for storing received
+    # messages and a security configuration containing a key to identity
+    # mapping.
+    def initialize(sendfn, queue, secconf)
+      @sendfn  = sendfn
+      @queue   = queue
+      @secconf = secconf
+    end
+
+    # Create a new instance of this class from a pointer to a `struct
+    # dtls_context_t`. Such a pointer is, for instance, passed to the
+    # various tinydtls callback functions.
+    #
+    # The `struct dtls_context_t` which the given pointer points to must
+    # have been created by TinyDTLS::UDPSocket#initialize.
+    def self.from_ptr(ptr)
+      obj = Wrapper::DTLSContextStruct.new(ptr)
+      return CONTEXT_MAP[Wrapper::dtls_get_app_data(obj).to_i]
+    end
+  end
+end

data/lib/tinydtls/security_conf.rb

@@ -0,0 +1,83 @@
+module TinyDTLS
+  # This class is used to map user identity for pre-shared keys to their
+  # actual keys. It provides an implementation of the `get_psk_info`
+  # function pointer used in the `dtls_handler_t` struct which is used
+  # by tinydtls to retrieve keys and identities.
+  #
+  # XXX: Currently this function doesn't map IP address to keys/identities.
+  class SecurityConfig
+    # Implementation of the `get_psk_info` function pointer as used by
+    # the `dtls_handler_t` struct.
+    #
+    # If tinydtls requests a key for a given identity the key is
+    # returned if the identity exists. If no identity was specified the
+    # #default_key is returned.
+    #
+    # If tinydtls requests an id the #default_id is always returned.
+    #
+    # TODO: It would be nice to return an id depending on the
+    # `session_t` passad to this callback.
+    GetPSKInfo = Proc.new do |ctx, sess, type, desc, dlen, result, rlen|
+      secconf = TinyDTLS::Context.from_ptr(ctx).secconf
+      if desc.null?
+        key = secconf.default_key
+      end
+
+      if type == :DTLS_PSK_KEY
+        key ||= secconf.get_key(desc.read_string(dlen))
+        if key.nil?
+          Wrapper::dtls_alert_fatal_create(
+            Wrapper::Alert[:DTLS_ALERT_DECRYPT_ERROR])
+        elsif key.bytesize > rlen
+          Wrapper::dtls_alert_fatal_create(
+            Wrapper::Alert[:DTLS_ALERT_INTERNAL_ERROR])
+        else
+          result.put_bytes(0, key)
+          key.bytesize
+        end
+      elsif type == :DTLS_PSK_IDENTITY
+        identity = secconf.default_id
+        result.put_bytes(0, identity)
+        identity.bytesize
+      else
+        0
+      end
+    end
+
+    # Create a new instance of this class. A #default_key and a
+    # #default_id can be optionally specified. If they are not specified
+    # the first key/identity added is used as the default value.
+    def initialize(default_id = nil, default_key = nil)
+      @default_id  = default_id
+      @default_key = default_key
+
+      @identity_map = Hash.new
+    end
+
+    # Adds a security configuration for the given identity.
+    def add_client(id, key)
+      @identity_map[id] = key
+    end
+
+    # Retrieves the key associated with the given identity.
+    def get_key(id)
+      @identity_map[id]
+    end
+
+    def default_id
+      if @default_id.nil?
+        @identity_map.to_a.first.first
+      else
+        @default_id
+      end
+    end
+
+    def default_key
+      if @default_key.nil?
+        @identity_map.to_a.first.last
+      else
+        @default_key
+      end
+    end
+  end
+end

data/lib/tinydtls/session.rb

@@ -0,0 +1,47 @@
+module TinyDTLS
+  # This class offers a higher-level abstraction for the `session_t` type.
+  class Session
+    attr_reader :addrinfo
+
+    # Creates a new instance of this class from the given Addrinfo.
+    def initialize(addrinfo)
+      @addrinfo = addrinfo
+      unless @addrinfo.is_a? Addrinfo
+        raise TypeError
+      end
+
+      sockaddr = @addrinfo.to_sockaddr
+      @session = Wrapper::dtls_new_session(sockaddr, sockaddr.bytesize)
+      if @session.null?
+        raise Errno::ENOMEM
+      end
+    end
+
+    # Creates a new instance of this class from a pointer to a
+    # `session_t` tinydtls type. Such a pointer is, for instance, passed
+    # to the various tinydtls callback functions.
+    def self.from_ptr(ptr)
+      lenptr = Wrapper::SocklenPtr.new
+      sockaddr = Wrapper::dtls_session_addr(ptr, lenptr)
+
+      addrinfo = Addrinfo.new(sockaddr.read_string(lenptr[:value]))
+      return Session.new(addrinfo)
+    end
+
+    # Converts the object into a C pointer to a `session_t` tinydtls
+    # type. This pointer can be passed to various functions provided by
+    # TinyDTLS::Wrapper.
+    def to_ptr
+      @session
+    end
+
+    # Frees all resources associated with the underlying `session_t`
+    # tinydtls type and reset any existing connections.
+    def destroy!(ctx)
+      peer = Wrapper::dtls_get_peer(ctx, @session)
+      unless peer.null?
+        Wrapper::dtls_reset_peer(ctx, peer)
+      end
+    end
+  end
+end

data/lib/tinydtls/session_manager.rb

@@ -0,0 +1,88 @@
+module TinyDTLS
+  # This class is used to manage established tinydtls sessions. It
+  # stores instances of the TinyDTLS::Session class.
+  #
+  # While memory allocated for sessions is automatically freed by
+  # tinydtls, if it receive an alert from the peer associated with that
+  # session, memory isn't freed if the peer doesn't send an alert.
+  # Therefore this class starts a background thread automatically
+  # freeing memory associated with sessions which haven't been used
+  # since a specified duration.
+  class SessionManager
+    # Default timeout for the cleanup thread in seconds.
+    DEFAULT_TIMEOUT = (5 * 60).freeze
+
+    attr_accessor :timeout
+
+    # Creates a new instance of this class. A tinydtls `context_t`
+    # pointer is required to free sessions in the background thread.
+    def initialize(ctx, timeout = DEFAULT_TIMEOUT)
+      @store = {}
+      @mutex = Mutex.new
+      @timeout = timeout
+
+      start_thread(ctx)
+    end
+
+    # Retrieve a session from the session manager.
+    def [](addrinfo, &f)
+      unless addrinfo.is_a? Addrinfo
+        raise TypeError
+      end
+
+      key = addrinfo.getnameinfo
+      if @store.has_key? key
+        sess, _ = @store[key]
+      else
+        sess = Session.new(addrinfo)
+        @store[key] = [sess, true]
+      end
+
+      @mutex.synchronize { f.call(sess) }
+    end
+
+    # Frees all ressources associated with this class.
+    def destroy!
+      @mutex.lock
+      @store.clear
+      @thread.kill
+    end
+
+    private
+
+    # Creates a thread responsible for freeing ressources assigned to
+    # stale connection. This thread implements the clock hand algorithm
+    # as described in Modern Operating Systems, p. 212.
+    #
+    # The thread is only created once.
+    def start_thread(ctx)
+      @thread ||= Thread.new do
+        while true
+          # XXX: How does concurrent access to variables work in ruby?
+          # as known as: Is this a concurrency problems since the value
+          # of @timeout might be changed by a different thread since an
+          # attr_accessor for it is declared.
+          sleep @timeout
+
+          @mutex.lock
+          @store.transform_values! do |value|
+            sess, used = value
+            if used
+              [sess, !used]
+            else # Not used since we've been here last time → free resources
+              sess.destroy!(ctx)
+              nil
+            end
+          end
+
+          # We can't delete elements from the map in the #transform_values!
+          # block, we just assign nil to them. Thus we need to filter
+          # the map again here.
+          @store.reject! { |_, v| v.nil? }
+
+          @mutex.unlock
+        end
+      end
+    end
+  end
+end

data/lib/tinydtls/udpsocket.rb

@@ -0,0 +1,206 @@
+module TinyDTLS
+  # This class implements a DTLS socket on top of a ruby UDPSocket. It
+  # isn't currently nowhere near being API compatible with the ruby
+  # UDPSocket. Being 100% backwards compatible with the ruby UDPSocket
+  # is not possible to to tinydtls internals. For instance we can't
+  # properly implement IO#select. It should thus be considered if it is
+  # really a good idea to extend the ruby UDPSocket in the long run.
+  #
+  # Basic send and receive methods are implemented and should work.
+  class UDPSocket < ::UDPSocket
+    Write = Proc.new do |ctx, sess, buf, len|
+      addrinfo = Session.from_ptr(sess).addrinfo
+
+      ctxobj = TinyDTLS::Context.from_ptr(ctx)
+      ctxobj.sendfn.call(buf.read_string(len),
+                         Socket::MSG_DONTWAIT,
+                         addrinfo.ip_address, addrinfo.ip_port)
+    end
+
+    Read = Proc.new do |ctx, sess, buf, len|
+      addrinfo = Session.from_ptr(sess).addrinfo
+
+      # We need to perform a reverse lookup here because
+      # the #recvfrom function needs to return the DNS
+      # hostname.
+      sender = Socket.getaddrinfo(addrinfo.ip_address,
+                                  addrinfo.ip_port, nil, :DGRAM,
+                                  0, 0, true).first
+
+      ctxobj = TinyDTLS::Context.from_ptr(ctx)
+      ctxobj.queue.push([buf.read_string(len), sender])
+
+      # It is unclear to me why this callback even needs a return value,
+      # the `tests/dtls-client.c` program in the tinydtls repository
+      # simply uses 0 as a return value, so let's do that as well.
+      0
+    end
+
+    def initialize(address_family = Socket::AF_INET, timeout = nil)
+      super(address_family)
+      Wrapper::dtls_init
+
+      @timeout = timeout.freeze
+      @queue   = Queue.new
+      @family  = address_family
+      @sendfn  = method(:send).super_method
+      @secconf = SecurityConfig.new
+
+      id = object_id
+      CONTEXT_MAP[id] = TinyDTLS::Context.new(@sendfn, @queue, @secconf)
+
+      cptr = Wrapper::dtls_new_context(FFI::Pointer.new(id))
+      @ctx = Wrapper::DTLSContextStruct.new(cptr)
+
+      if timeout.nil?
+        @sessions = SessionManager.new(@ctx)
+      else
+        @sessions = SessionManager.new(@ctx, timeout)
+      end
+
+      @handler = Wrapper::DTLSHandlerStruct.new
+      @handler[:write] = UDPSocket::Write
+      @handler[:read] = UDPSocket::Read
+      @handler[:get_psk_info] = SecurityConfig::GetPSKInfo
+      Wrapper::dtls_set_handler(@ctx, @handler)
+    end
+
+    def add_client(id, key)
+      @secconf.add_client(id, key)
+    end
+
+    def bind(host, port)
+      super(host, port)
+      start_thread
+    end
+
+    # TODO: close_{read,write}
+
+    def close
+      @sessions.destroy!
+      @thread.kill unless @thread.nil?
+
+      # DTLS free context sends messages to peers so we need to
+      # call it before we actually close the underlying socket.
+      Wrapper::dtls_free_context(@ctx)
+      super
+
+      # Assuming the @thread is already stopped at this point
+      # we can safely access the CONTEXT_MAP without running
+      # into any kind of concurrency problems.
+      CONTEXT_MAP.delete(object_id)
+    end
+
+    def connect(host, port)
+      @defhost = host
+      @defport = port
+    end
+
+    def recvfrom(len = -1, flags = 0)
+      ary = @queue.pop
+      return [byteslice(ary.first, len), ary.last]
+    end
+
+    def recvfrom_nonblock(len = -1, flag = 0, outbuf = nil, exception: true)
+      ary = nil
+      begin
+        ary = @queue.pop(true)
+      rescue ThreadError
+        if exception
+          raise IO::EAGAINWaitReadable
+        else
+          return :wait_readable
+        end
+      end
+
+      pay = byteslice(ary.first, len)
+      unless outbuf.nil?
+        outbuf << pay
+      end
+
+      return [pay, ary.last]
+    end
+
+    # TODO: The recvmsg functions only implement a subset of the
+    # functionallity of the UDP socket class, e.g. they don't return
+    # ancillary data.
+
+    def recvmsg(maxmesglen = nil, flags = 0, maxcontrollen = nil, opts = {})
+      mesg, sender = recvfrom(maxmesglen.nil? ? -1 : maxmesglen, flags)
+      return [mesg, to_addrinfo(*sender), 0, nil]
+    end
+
+    def recvmsg_nonblock(maxdatalen = nil, flags = 0, maxcontrollen = nil, opts = {})
+      mesg, sender = recvfrom_nonblock(maxdatalen.nil? ? -1 : maxdatalen, flags)
+      return [mesg, to_addrinfo(*sender), 0, nil]
+    end
+
+    def send(mesg, flags, host = nil, port = nil)
+      start_thread
+
+      if host.nil? and port.nil?
+        if @defport.nil? or @defhost.nil?
+          raise Errno::EDESTADDRREQ
+        end
+
+        host = @defhost
+        port = @defport
+      elsif port.nil? # host is not nil and must be a sockaddr_to
+        port, host = Socket.unpack_sockaddr_in(host)
+      end
+
+      addr = Addrinfo.getaddrinfo(host, port, nil, :DGRAM).first
+
+      # If a new thread has been started above a new handshake needs to
+      # be performed by it. We need to block here until the handshake
+      # was completed.
+      #
+      # The current approach is calling `Wrapper::dtls_write` until it
+      # succeeds which is suboptimal because it doesn't take into
+      # account that the handshake may fail.
+      until (res = dtls_send(addr, mesg)) > 0
+        sleep 1
+      end
+
+      return res
+    end
+
+    private
+
+    def to_addrinfo(*args)
+      af, port, _, addr = args
+      Addrinfo.getaddrinfo(addr, port, af, :DGRAM).first
+    end
+
+    def byteslice(str, len)
+      return len >= 0 ? str.byteslice(0, len) : str
+    end
+
+    # Sends a dtls message to a specified address. It also takes care
+    # of locking the session manager and is thus thread-safe.
+    def dtls_send(addr, mesg)
+      @sessions[addr] do |sess|
+        res = Wrapper::dtls_write(@ctx, sess.to_ptr, mesg, mesg.bytesize)
+        res == -1 ? raise(Errno::EIO) : res
+      end
+    end
+
+    # Creates a thread responsible for reading from reciving messages
+    # from the underlying socket and passing them to tinydtls.
+    #
+    # The thread is only created once.
+    def start_thread
+      @thread ||= Thread.new do
+        while true
+          data, addr = method(:recvfrom).super_method
+            .call(Wrapper::DTLS_MAX_BUF)
+          addrinfo = to_addrinfo(*addr)
+
+          @sessions[addrinfo] do |sess|
+            Wrapper::dtls_handle_message(@ctx, sess.to_ptr, data, data.bytesize)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/tinydtls/wrapper.rb

@@ -0,0 +1,125 @@
+module TinyDTLS
+  # This module provides a low level FFI wrapper for the relevant
+  # tinydtls functions. It might be subject to change thus it is highly
+  # recommended to use the high level abstraction layer instead.
+  module Wrapper
+    extend FFI::Library
+    ffi_lib "libtinydtls.so"
+
+    # Constants defined as macros in the tinydtls header files
+    DTLS_COOKIE_SECRET_LENGTH = 12
+    DTLS_MAX_BUF = 1400
+
+    Alert = enum(
+      :DTLS_ALERT_CLOSE_NOTIFY, 0,
+      :DTLS_ALERT_UNEXPECTED_MESSAGE, 10,
+      :DTLS_ALERT_BAD_RECORD_MAC, 20,
+      :DTLS_ALERT_RECORD_OVERFLOW, 22,
+      :DTLS_ALERT_DECOMPRESSION_FAILURE, 30,
+      :DTLS_ALERT_HANDSHAKE_FAILURE, 40,
+      :DTLS_ALERT_BAD_CERTIFICATE, 42,
+      :DTLS_ALERT_UNSUPPORTED_CERTIFICATE, 43,
+      :DTLS_ALERT_CERTIFICATE_REVOKED, 44,
+      :DTLS_ALERT_CERTIFICATE_EXPIRED, 45,
+      :DTLS_ALERT_CERTIFICATE_UNKNOWN, 46,
+      :DTLS_ALERT_ILLEGAL_PARAMETER, 47,
+      :DTLS_ALERT_UNKNOWN_CA, 48,
+      :DTLS_ALERT_ACCESS_DENIED, 49,
+      :DTLS_ALERT_DECODE_ERROR, 50,
+      :DTLS_ALERT_DECRYPT_ERROR, 51,
+      :DTLS_ALERT_PROTOCOL_VERSION, 70,
+      :DTLS_ALERT_INSUFFICIENT_SECURITY, 71,
+      :DTLS_ALERT_INTERNAL_ERROR, 80,
+      :DTLS_ALERT_USER_CANCELED, 90,
+      :DTLS_ALERT_NO_RENEGOTIATION, 100,
+      :DTLS_ALERT_UNSUPPORTED_EXTENSION, 110
+    )
+
+    LogLevel = enum(
+      :DTLS_LOG_EMERG, 0,
+      :DTLS_LOG_ALERT,
+      :DTLS_LOG_CRIT,
+      :DTLS_LOG_WARN,
+      :DTLS_LOG_NOTICE,
+      :DTLS_LOG_INFO,
+      :DTLS_LOG_DEBUG
+    )
+
+    enum :alert_level, [
+      :DTLS_ALERT_LEVEL_WARNING, 1,
+      :DTLS_ALERT_LEVEL_FATAL, 2,
+    ]
+
+    enum :credential_type, [
+      :DTLS_PSK_HINT,
+      :DTLS_PSK_IDENTITY,
+      :DTLS_PSK_KEY,
+    ]
+
+    class DTLSContextStruct < FFI::Struct
+      layout :cookie_secret, [:uchar, DTLS_COOKIE_SECRET_LENGTH],
+        :cookie_secret_age, :uint32,
+        :peers, :pointer,
+        :sendqueue, :pointer,
+        :app, :pointer,
+        :h, :pointer,
+        :readbuf, [:uchar, DTLS_MAX_BUF]
+    end
+
+    class DTLSHandlerStruct < FFI::Struct
+      layout :write,
+        callback([:pointer, :pointer, :pointer, :size_t], :int),
+      :read,
+        callback([:pointer, :pointer, :pointer, :size_t], :int),
+      :event_function,
+        callback([:pointer, :pointer, :alert_level, :ushort], :int),
+      :get_psk_info,
+        callback([:pointer, :pointer, :credential_type,
+                  :pointer, :size_t, :pointer, :size_t], :int),
+      :get_ecdsa_key,
+        callback([:pointer, :pointer, :pointer], :int),
+      :verify_ecdsa_key,
+        callback([:pointer, :pointer, :uchar, :uchar, :size_t], :int)
+    end
+
+    attach_function :dtls_init, [], :void
+    attach_function :dtls_new_context, [:pointer], :pointer
+    attach_function :dtls_free_context, [:pointer], :void
+    attach_function :dtls_handle_message,
+      [:pointer, :pointer, :pointer, :int], :int
+    attach_function :dtls_write,
+      [:pointer, :pointer, :pointer, :size_t], :int
+    attach_function :dtls_connect,
+      [:pointer, :pointer], :int
+    attach_function :dtls_set_log_level, [LogLevel], :void
+
+    attach_function :dtls_get_peer, [:pointer, :pointer], :pointer
+    attach_function :dtls_reset_peer, [:pointer, :pointer], :void
+
+    def self.dtls_alert_fatal_create(desc)
+      return -((2 << 8) | desc)
+    end
+
+    # This type is needed for the `dtls_session_addr` wrapper.
+    # See https://github.com/ffi/ffi/wiki/Pointers#passing-by-reference
+    class SocklenPtr < FFI::Struct
+      layout :value, :socklen_t
+    end
+
+    # These functions are not available in vanilla tinydtls.
+    # They are required to make interaction with the tinydtls `session_t`
+    # type possible without creating a ruby wrapper for `struct
+    # sockaddr_in{,6}`.
+    attach_function :dtls_new_session,
+      [:pointer, :socklen_t], :pointer
+    attach_function :dtls_session_addr, [:pointer, SocklenPtr], :pointer
+
+    def self.dtls_get_app_data(ctx)
+      return ctx[:app]
+    end
+
+    def self.dtls_set_handler(ctx, handler)
+      ctx[:h] = handler
+    end
+  end
+end

metadata

@@ -0,0 +1,79 @@
+--- !ruby/object:Gem::Specification
+name: tinydtls
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Sören Tempel
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-07-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ffi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.11'
+description: tinydtls provides a DTLS implementation
+email:
+- tempel@uni-bremen.de
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/tinydtls.rb
+- lib/tinydtls/context.rb
+- lib/tinydtls/security_conf.rb
+- lib/tinydtls/session.rb
+- lib/tinydtls/session_manager.rb
+- lib/tinydtls/udpsocket.rb
+- lib/tinydtls/wrapper.rb
+homepage: https://github.com/ruby-dtls/rb-tinydtls
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.2.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.3
+signing_key: 
+specification_version: 4
+summary: It wraps the tinydtls library
+test_files: []