Squashed 'features/nanostack/coap-service/' changes from c45afcd..227cc3d

227cc3d Merge pull request #120 from ARMmbed/sync_with_mbedos_2
88894d1 Follow Mbed OS coding style
f3db9a1 (via Mbed OS) Add mbedtls platform setup and teardown to modules
5feb8dd Merge pull request #119 from ARMmbed/sync_with_MbedOS
10d5054 (via Mbed OS) Add missing mbed_lib.json for frameworks and nanostack
a344676 Remove references to yotta (#118)
610afda Remove excess tracing (#117)
53382d6 Merge pull request #116 from ARMmbed/IOTTHD-1608
15889cb Use Mbed OS coding style
d6eff5c Clarify function signature
587e8de Update message prevalidation API
46f86d4 Add API to set callback for CoAP msg prevalidation (#115)
0eb6630 Merge pull request #114 from ARMmbed/sync_with_mbed_os
f75732b (split) Add unit tests for TLSSocket and TLSSocketWrapper

git-subtree-dir: features/nanostack/coap-service
git-subtree-split: 227cc3d

Author: Arto Kinnunen

.gitignore

@@ -3,8 +3,5 @@
 output
 lcov
 coverage
-.yotta.json
 build/
-yotta_modules/
-yotta_targets/
 upload.tar.gz

Makefile.test

@@ -40,7 +40,7 @@ test: $(TESTDIRS)
 	@rm -f lcov/index.xml
 	@find ./ -name '*.gcno' | xargs cp --backup=numbered -t ./coverage/
 	@find ./ -name '*.gcda' | xargs cp --backup=numbered -t ./coverage/
-	@gcovr --object-directory ./coverage  --exclude-unreachable-branches -e '.*/builds/.*' -e '.*/test/.*' -e '.*/yotta_modules/.*' -e '.*/stub/.*' -x -o ./lcov/gcovr.xml
+	@gcovr --object-directory ./coverage  --exclude-unreachable-branches -e '.*/builds/.*' -e '.*/test/.*' -e '.*/stub/.*' -x -o ./lcov/gcovr.xml
 	@lcov -d test/. -c -o $(COVERAGEFILE)
 	@lcov -q -r $(COVERAGEFILE) "/usr*" -o $(COVERAGEFILE)
 	@lcov -q -r $(COVERAGEFILE) "/test*" -o $(COVERAGEFILE)

coap-service/coap_service_api.h

@@ -120,6 +120,26 @@ typedef int coap_service_security_start_cb(int8_t service_id, uint8_t address[st
  */
 typedef int coap_service_security_done_cb(int8_t service_id, uint8_t address[static 16], uint8_t keyblock[static 40]);
 
+/**
+ * \brief Message prevalidation callback
+ *
+ * Message prevalidation callback function type used in method coap_service_msg_prevalidate_callback_set.
+ *
+ * \param local_interface_id    Local interface ID, message arrived to this interface.
+ * \param local_address         Local address, message arrived to this address.
+ * \param local_port            Local port, message arrived to this port.
+ * \param recv_interface_id     Interface ID where message was received.
+ * \param source_address        Sender address.
+ * \param source_port           Sender port.
+ * \param coap_uri              CoAP URI, NUL terminated.
+ *
+ * \return <0 in case of errors,
+ *         0 if message is valid to process further,
+ *         >0 if message should be dropped.
+ */
+
+typedef int coap_service_msg_prevalidate_cb(int8_t local_interface_id, uint8_t local_address[static 16], uint16_t local_port, int8_t recv_interface_id, uint8_t source_address[static 16], uint16_t source_port, char *coap_uri);
+
 /**
  * \brief Initialise server instance.
  *
@@ -131,7 +151,7 @@ typedef int coap_service_security_done_cb(int8_t service_id, uint8_t address[sta
  * \param *start_ptr         Callback to inform security handling is started and to fetch device password.
  * \param *coap_security_done_cb  Callback to inform security handling is done.
  *
- *  \return service_id / -1 for failure
+ * \return service_id / -1 for failure
  */
 extern int8_t coap_service_initialize(int8_t interface_id, uint16_t listen_port, uint8_t service_options, coap_service_security_start_cb *start_ptr, coap_service_security_done_cb *coap_security_done_cb);
 
@@ -373,6 +393,22 @@ extern int8_t coap_service_certificate_set(int8_t service_id, const unsigned cha
  *-         0              For success
  */
 extern int8_t coap_service_blockwise_size_set(int8_t service_id, uint16_t size);
+
+/**
+ * \brief Set message prevalidation callback function.
+ *
+ * Set message prevalidation callback function for the service. Callback will be called for all services using the same listen port.
+ *
+ * CoAP service will call this function to allow application prevalidate incoming CoAP message before passing it to application.
+ *
+ * \param listen_port           Socket port where to set callback.
+ * \param msg_prevalidate_cb    Callback to be called to validate incoming message before processing it. Use NULL to clear callback usage.
+ *
+ * \return -1              For failure
+ *          0              For success
+ */
+extern int8_t coap_service_msg_prevalidate_callback_set(uint16_t listen_port, coap_service_msg_prevalidate_cb *msg_prevalidate_cb);
+
 #ifdef __cplusplus
 }
 #endif

mbed_lib.json

@@ -0,0 +1,3 @@
+{
+    "name": "coap-service"
+}

source/coap_connection_handler.c

@@ -36,6 +36,7 @@ typedef enum session_state_e {
 
 typedef struct internal_socket_s {
     coap_conn_handler_t *parent;
+    cch_func_cb *cch_function_callback;  // callback function
 
     uint32_t timeout_min;
     uint32_t timeout_max;
@@ -44,6 +45,7 @@ typedef struct internal_socket_s {
 
     int16_t data_len;
     uint8_t *data;
+    int8_t recv_if_id;    // interface ID where data is coming from
 
     int8_t socket;  //positive value = socket id, negative value virtual socket id
     bool real_socket;
@@ -548,6 +550,7 @@ static int timer_status(int8_t timer_id)
 static int read_data(socket_callback_t *sckt_data, internal_socket_t *sock, ns_address_t *src_address, uint8_t dst_address[static 16])
 {
     sock->data_len = 0;
+    sock->recv_if_id = -1;
     if (sckt_data->event_type == SOCKET_DATA && sckt_data->d_len > 0) {
         uint8_t ancillary_databuffer[NS_CMSG_SPACE(sizeof(ns_in6_pktinfo_t))];
         ns_iovec_t msg_iov;
@@ -592,6 +595,7 @@ static int read_data(socket_callback_t *sckt_data, internal_socket_t *sock, ns_a
             }
             if (pkt) {
                 memcpy(dst_address, pkt->ipi6_addr, 16);
+                sock->recv_if_id = pkt->ipi6_ifindex;
             } else {
                 goto return_failure;
             }
@@ -693,7 +697,7 @@ static void secure_recv_sckt_msg(void *cb_res)
                     ns_dyn_mem_free(data);
                 } else {
                     if (sock->parent->_recv_cb) {
-                        sock->parent->_recv_cb(sock->socket, src_address.address, src_address.identifier, dst_address, data, len);
+                        sock->parent->_recv_cb(sock->socket, sock->recv_if_id, src_address.address, src_address.identifier, dst_address, data, len);
                     }
                     ns_dyn_mem_free(data);
                 }
@@ -712,7 +716,7 @@ static void recv_sckt_msg(void *cb_res)
 
     if (sock && read_data(sckt_data, sock, &src_address, dst_address) == 0) {
         if (sock->parent && sock->parent->_recv_cb) {
-            sock->parent->_recv_cb(sock->socket, src_address.address, src_address.identifier, dst_address, sock->data, sock->data_len);
+            sock->parent->_recv_cb(sock->socket, sock->recv_if_id, src_address.address, src_address.identifier, dst_address, sock->data, sock->data_len);
         }
         ns_dyn_mem_free(sock->data);
         sock->data = NULL;
@@ -801,7 +805,7 @@ int coap_connection_handler_virtual_recv(coap_conn_handler_t *handler, uint8_t a
                     return 0;
                 } else {
                     if (sock->parent->_recv_cb) {
-                        sock->parent->_recv_cb(sock->socket, address, port, ns_in6addr_any, data, len);
+                        sock->parent->_recv_cb(sock->socket, sock->recv_if_id, address, port, ns_in6addr_any, data, len);
                     }
                     ns_dyn_mem_free(data);
                     data = NULL;
@@ -812,7 +816,7 @@ int coap_connection_handler_virtual_recv(coap_conn_handler_t *handler, uint8_t a
     } else {
         /* unsecure*/
         if (sock->parent->_recv_cb) {
-            sock->parent->_recv_cb(sock->socket, address, port, ns_in6addr_any, sock->data, sock->data_len);
+            sock->parent->_recv_cb(sock->socket, sock->recv_if_id, address, port, ns_in6addr_any, sock->data, sock->data_len);
         }
         if (sock->data) {
             ns_dyn_mem_free(sock->data);
@@ -1023,3 +1027,32 @@ void coap_connection_handler_exec(uint32_t time)
         }
     }
 }
+
+int coap_connection_handler_msg_prevalidate_callback_set(coap_conn_handler_t *handler, cch_func_cb *function_callback)
+{
+    if (!handler) {
+        return -1;
+    }
+    handler->socket->cch_function_callback = function_callback;
+    return 0;
+}
+
+coap_conn_handler_t *coap_connection_handler_find_by_socket_port(uint16_t listen_port)
+{
+    ns_list_foreach(internal_socket_t, cur_ptr, &socket_list) {
+        if (cur_ptr->listen_port == listen_port) {
+            return cur_ptr->parent;
+        }
+    }
+    return NULL;
+}
+
+cch_func_cb *coap_connection_handler_msg_prevalidate_callback_get(coap_conn_handler_t *handler, uint16_t *listen_socket_port)
+{
+    if (!handler || !listen_socket_port) {
+        return NULL;
+    }
+
+    *listen_socket_port = handler->socket->listen_port;
+    return handler->socket->cch_function_callback;
+}

source/coap_message_handler.c

@@ -293,15 +293,15 @@ coap_transaction_t *coap_message_handler_find_transaction(uint8_t *address_ptr,
     return transaction_find_by_address(address_ptr, port);
 }
 
-int16_t coap_message_handler_coap_msg_process(coap_msg_handler_t *handle, int8_t socket_id, const uint8_t source_addr_ptr[static 16], uint16_t port, const uint8_t dst_addr_ptr[static 16],
-                                              uint8_t *data_ptr, uint16_t data_len, int16_t (cb)(int8_t, sn_coap_hdr_s *, coap_transaction_t *))
+int16_t coap_message_handler_coap_msg_process(coap_msg_handler_t *handle, int8_t socket_id, int8_t recv_if_id, const uint8_t source_addr_ptr[static 16], uint16_t port, const uint8_t dst_addr_ptr[static 16],
+                                              uint8_t *data_ptr, uint16_t data_len,  coap_msg_process_cb *msg_process_callback)
 {
     sn_nsdl_addr_s src_addr;
     sn_coap_hdr_s *coap_message;
     int16_t ret_val = 0;
     coap_transaction_t *this = NULL;
 
-    if (!cb || !handle) {
+    if (!msg_process_callback || !handle) {
         return -1;
     }
 
@@ -337,21 +337,21 @@ int16_t coap_message_handler_coap_msg_process(coap_msg_handler_t *handle, int8_t
         goto exit;
     }
 
-    /* Request received */
     if (coap_message->msg_code > 0 && coap_message->msg_code < 32) {
+        /* Request received */
         transaction_ptr->msg_id = coap_message->msg_id;
         transaction_ptr->req_msg_type = coap_message->msg_type;
         if (coap_message->token_len) {
             memcpy(transaction_ptr->token, coap_message->token_ptr, coap_message->token_len);
             transaction_ptr->token_len = coap_message->token_len;
         }
-        if (cb(socket_id, coap_message, transaction_ptr) < 0) {
+        if (msg_process_callback(socket_id, recv_if_id, coap_message, transaction_ptr, dst_addr_ptr) < 0) {
             // negative return value = message ignored -> delete transaction
             transaction_delete(transaction_ptr);
         }
         goto exit;
-        /* Response received */
     } else {
+        /* Response received */
         transaction_delete(transaction_ptr); // transaction_ptr not needed in response
         if (coap_message->token_ptr) {
             this = transaction_find_client_by_token(coap_message->token_ptr, coap_message->token_len, source_addr_ptr, port);

source/coap_security_handler.c

@@ -102,6 +102,12 @@ static int coap_security_handler_init(coap_security_t *sec)
     const int entropy_source_type = MBEDTLS_ENTROPY_SOURCE_WEAK;
 #endif
 
+#if defined(MBEDTLS_PLATFORM_C)
+    if (mbedtls_platform_setup(NULL) != 0) {
+        return -1;
+    }
+#endif /* MBEDTLS_PLATFORM_C */
+
     mbedtls_ssl_init(&sec->_ssl);
     mbedtls_ssl_config_init(&sec->_conf);
     mbedtls_ctr_drbg_init(&sec->_ctr_drbg);
@@ -153,6 +159,9 @@ static void coap_security_handler_reset(coap_security_t *sec)
     mbedtls_ctr_drbg_free(&sec->_ctr_drbg);
     mbedtls_ssl_config_free(&sec->_conf);
     mbedtls_ssl_free(&sec->_ssl);
+#if defined(MBEDTLS_PLATFORM_C)
+    mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
 }
 
 

source/coap_service_api.c

@@ -36,7 +36,7 @@
 #include "coap_message_handler.h"
 #include "mbed-coap/sn_coap_protocol.h"
 
-static int16_t coap_msg_process_callback(int8_t socket_id, sn_coap_hdr_s *coap_message, coap_transaction_t *transaction_ptr);
+static int16_t coap_msg_process_callback(int8_t socket_id, int8_t recv_if_id, sn_coap_hdr_s *coap_message, coap_transaction_t *transaction_ptr, const uint8_t *local_addr);
 
 typedef struct uri_registration {
     char *uri_ptr;
@@ -70,6 +70,13 @@ static uint32_t coap_ticks = 1;
 
 #define COAP_TICK_TIMER 0xf1
 
+//#define TRACE_DEEP
+#ifdef TRACE_DEEP
+#define tr_deep   tr_debug
+#else
+#define tr_deep(...)
+#endif
+
 static uri_registration_t *uri_registration_find(coap_service_t *this, const void *uri_ptr, uint16_t uri_len)
 {
     ns_list_foreach(uri_registration_t, cur_ptr, &this->uri_list) {
@@ -165,7 +172,7 @@ static uint8_t coap_tx_function(uint8_t *data_ptr, uint16_t data_len, sn_nsdl_ad
         return 0;
     }
 
-    tr_debug("Service %d, CoAP TX Function - mid: %d", transaction_ptr->service_id, common_read_16_bit(data_ptr + 2));
+    tr_debug("Service %d, CoAP TX - mid: %d", transaction_ptr->service_id, common_read_16_bit(data_ptr + 2));
 
     this = service_find(transaction_ptr->service_id);
     if (!this) {
@@ -211,17 +218,44 @@ static void service_event_handler(arm_event_s *event)
     eventOS_event_timer_request((uint8_t)COAP_TICK_TIMER, ARM_LIB_SYSTEM_TIMER_EVENT, tasklet_id, 1000);
 }
 
-static int16_t coap_msg_process_callback(int8_t socket_id, sn_coap_hdr_s *coap_message, coap_transaction_t *transaction_ptr)
+static int16_t coap_msg_process_callback(int8_t socket_id, int8_t recv_if_id, sn_coap_hdr_s *coap_message, coap_transaction_t *transaction_ptr, const uint8_t *local_addr)
 {
     coap_service_t *this;
+    coap_service_msg_prevalidate_cb *msg_prevalidate_callback;
+    uint16_t listen_socket_port;
+
     if (!coap_message || !transaction_ptr) {
         return -1;
     }
 
-    // Message is request, find correct handle
+    // Message is request, find correct handle based on URI
     this = service_find_by_uri(socket_id, coap_message->uri_path_ptr, coap_message->uri_path_len);
     if (!this) {
-        tr_debug("not registered uri %.*s", coap_message->uri_path_len, coap_message->uri_path_ptr);
+        tr_deep("URI %.*s not registered", coap_message->uri_path_len, coap_message->uri_path_ptr);
+        // URI is not available, find any service that holds the same shared socket so that we can get msg_prevalidate_callback to validate addresses
+        this = service_find_by_socket(socket_id);
+        if (!this) {
+            return -1;
+        }
+    }
+
+    msg_prevalidate_callback = (coap_service_msg_prevalidate_cb *)coap_connection_handler_msg_prevalidate_callback_get(this->conn_handler, &listen_socket_port);
+    if (msg_prevalidate_callback) {
+        // message prevalidation activated for the port
+        char request_uri[coap_message->uri_path_len + 1];
+        memcpy(request_uri, coap_message->uri_path_ptr, coap_message->uri_path_len);
+        request_uri[coap_message->uri_path_len] = 0;
+
+        int msg_prevalidate_status = msg_prevalidate_callback(this->interface_id, (uint8_t *)local_addr, listen_socket_port, recv_if_id, transaction_ptr->remote_address, transaction_ptr->remote_port, request_uri);
+        if (msg_prevalidate_status >= 1) {
+            tr_deep("Drop CoAP msg %s from %s to %s", request_uri, trace_ipv6(transaction_ptr->remote_address), trace_ipv6(local_addr));
+            return -1;
+        }
+    }
+
+    uri_registration_t *uri_reg_ptr = uri_registration_find(this, coap_message->uri_path_ptr, coap_message->uri_path_len);
+    if (!uri_reg_ptr) {
+        /* URI is not available, stop further processing */
         if (coap_message->msg_type == COAP_MSG_TYPE_CONFIRMABLE) {
             coap_message_handler_response_send(coap_service_handle, transaction_ptr->service_id, COAP_SERVICE_OPTIONS_NONE, coap_message,
                                                COAP_MSG_CODE_RESPONSE_NOT_FOUND, COAP_CT_NONE, NULL, 0);
@@ -230,22 +264,22 @@ static int16_t coap_msg_process_callback(int8_t socket_id, sn_coap_hdr_s *coap_m
         return -1;
     }
 
-    uri_registration_t *uri_reg_ptr = uri_registration_find(this, coap_message->uri_path_ptr, coap_message->uri_path_len);
-    if (uri_reg_ptr && uri_reg_ptr->request_recv_cb) {
-        tr_debug("Service %d, call request recv cb uri %.*s", this->service_id, coap_message->uri_path_len, coap_message->uri_path_ptr);
-
+    if (uri_reg_ptr->request_recv_cb) {
         if ((this->service_options & COAP_SERVICE_OPTIONS_SECURE_BYPASS) == COAP_SERVICE_OPTIONS_SECURE_BYPASS) { //TODO Add secure bypass option
             // Service has secure bypass active TODO this is not defined in interface
             // this check can be removed I think
             transaction_ptr->options = COAP_REQUEST_OPTIONS_SECURE_BYPASS;
         }
+
         transaction_ptr->service_id = this->service_id;
+        tr_debug("Service %d, recv msg: %.*s", this->service_id, coap_message->uri_path_len, coap_message->uri_path_ptr);
         return uri_reg_ptr->request_recv_cb(this->service_id, transaction_ptr->remote_address, transaction_ptr->remote_port, coap_message);
     }
+
     return -1;
 }
 
-static int recv_cb(int8_t socket_id, uint8_t src_address[static 16], uint16_t port, const uint8_t dst_address[static 16], unsigned char *data, int len)
+static int recv_cb(int8_t socket_id, int8_t recv_if_id, uint8_t src_address[static 16], uint16_t port, const uint8_t dst_address[static 16], unsigned char *data, int len)
 {
     uint8_t *data_ptr = NULL;
     uint16_t data_len = 0;
@@ -261,10 +295,9 @@ static int recv_cb(int8_t socket_id, uint8_t src_address[static 16], uint16_t po
     }
     memcpy(data_ptr, data, len);
     data_len = len;
-    tr_debug("service recv socket data len %d ", data_len);
 
     //parse coap message what CoAP to use
-    int ret = coap_message_handler_coap_msg_process(coap_service_handle, socket_id, src_address, port, dst_address, data_ptr, data_len, &coap_msg_process_callback);
+    int ret = coap_message_handler_coap_msg_process(coap_service_handle, socket_id, recv_if_id, src_address, port, dst_address, data_ptr, data_len, &coap_msg_process_callback);
     own_free(data_ptr);
     return ret;
 }
@@ -626,3 +659,12 @@ int8_t coap_service_blockwise_size_set(int8_t service_id, uint16_t size)
 
     return sn_coap_protocol_set_block_size(coap_service_handle->coap, size);
 }
+
+int8_t coap_service_msg_prevalidate_callback_set(uint16_t listen_socket, coap_service_msg_prevalidate_cb *msg_prevalidate_cb)
+{
+    coap_conn_handler_t *conn_handler = coap_connection_handler_find_by_socket_port(listen_socket);
+    if (conn_handler) {
+        return (int8_t)coap_connection_handler_msg_prevalidate_callback_set(conn_handler, (cch_func_cb *)msg_prevalidate_cb);
+    }
+    return -1;
+}