Skip to content

Commit 4ba895d

Browse files
miri64miri64
committed
Provide DTLS credentials via config
1 parent 704e3e8 commit 4ba895d

File tree

6 files changed

+53
-15
lines changed

6 files changed

+53
-15
lines changed

services/listen_dnsport.c

Lines changed: 24 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1292,21 +1292,23 @@ static coap_context_t*
12921292
doc_setup_server_context(const uint8_t* key, unsigned key_len, const char* hint) {
12931293
coap_address_t listen_addr;
12941294
coap_context_t* coap_context = coap_new_context(NULL);
1295-
coap_dtls_spsk_t dtls_psk;
12961295

12971296
coap_context_set_block_mode(coap_context,
12981297
COAP_BLOCK_USE_LIBCOAP | COAP_BLOCK_SINGLE_BODY);
12991298

1300-
/* setup dtls */
1301-
memset (&dtls_psk, 0, sizeof (dtls_psk));
1299+
if (key && hint) {
1300+
/* setup dtls */
1301+
coap_dtls_spsk_t dtls_psk;
1302+
memset (&dtls_psk, 0, sizeof (dtls_psk));
13021303

1303-
dtls_psk.version = COAP_DTLS_SPSK_SETUP_VERSION;
1304-
dtls_psk.psk_info.hint.s = (const uint8_t*)hint;
1305-
dtls_psk.psk_info.hint.length = hint ? strlen(hint) : 0;
1306-
dtls_psk.psk_info.key.s = key;
1307-
dtls_psk.psk_info.key.length = key_len;
1304+
dtls_psk.version = COAP_DTLS_SPSK_SETUP_VERSION;
1305+
dtls_psk.psk_info.hint.s = (const uint8_t*)hint;
1306+
dtls_psk.psk_info.hint.length = hint ? strlen(hint) : 0;
1307+
dtls_psk.psk_info.key.s = key;
1308+
dtls_psk.psk_info.key.length = key_len;
13081309

1309-
coap_context_set_psk2(coap_context, &dtls_psk);
1310+
coap_context_set_psk2(coap_context, &dtls_psk);
1311+
}
13101312

13111313
/* setup oscore */
13121314
uint64_t start_seq_num = 0;
@@ -1624,6 +1626,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
16241626
int* reuseport, int transparent, int tcp_mss, int freebind,
16251627
int http2_nodelay, int use_systemd, int dnscrypt_port, int dscp,
16261628
int quic_port, int coap_port, int coaps_port,
1629+
const char* coaps_psk, const char* coaps_psk_id,
16271630
int http_notls_downstream, int sock_queue_timeout)
16281631
{
16291632
int s, noip6=0;
@@ -1644,14 +1647,16 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
16441647
const char* add = NULL;
16451648

16461649
#ifdef HAVE_COAP
1647-
static const uint8_t psk_key[] = "psk";
1648-
ssize_t psk_length = sizeof(psk_key) - 1;
1649-
static const char* hint = "client";
1650-
coap_context_t* coap_context = doc_setup_server_context(psk_key, psk_length, hint);
1650+
printf("coaps_psk: %s, coaps_psk_len: %lu, coaps_psk_id: %s\n", coaps_psk, strlen(coaps_psk), coaps_psk_id);
1651+
coap_context_t* coap_context = doc_setup_server_context(
1652+
(const uint8_t *)coaps_psk, strlen(coaps_psk), coaps_psk_id);
16511653

16521654
if (!coap_context) {
16531655
fatal_exit("Unable to get server context");
16541656
}
1657+
#else
1658+
(void)coaps_psk;
1659+
(void)coaps_psk_id;
16551660
#endif /* HAVE_COAP */
16561661

16571662
if(!do_udp && !do_tcp)
@@ -2369,6 +2374,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs,
23692374
cfg->http_nodelay, cfg->use_systemd,
23702375
cfg->dnscrypt_port, cfg->ip_dscp,
23712376
cfg->quic_port, cfg->coap_port, cfg->coaps_port,
2377+
cfg->coaps_psk, cfg->coaps_psk_id,
23722378
cfg->http_notls_downstream,
23732379
cfg->sock_queue_timeout)) {
23742380
listening_ports_free(list);
@@ -2389,6 +2395,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs,
23892395
cfg->http_nodelay, cfg->use_systemd,
23902396
cfg->dnscrypt_port, cfg->ip_dscp,
23912397
cfg->quic_port, cfg->coap_port, cfg->coaps_port,
2398+
cfg->coaps_psk, cfg->coaps_psk_id,
23922399
cfg->http_notls_downstream,
23932400
cfg->sock_queue_timeout)) {
23942401
listening_ports_free(list);
@@ -2411,6 +2418,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs,
24112418
cfg->http_nodelay, cfg->use_systemd,
24122419
cfg->dnscrypt_port, cfg->ip_dscp,
24132420
cfg->quic_port, cfg->coap_port, cfg->coaps_port,
2421+
cfg->coaps_psk, cfg->coaps_psk_id,
24142422
cfg->http_notls_downstream,
24152423
cfg->sock_queue_timeout)) {
24162424
listening_ports_free(list);
@@ -2430,6 +2438,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs,
24302438
cfg->http_nodelay, cfg->use_systemd,
24312439
cfg->dnscrypt_port, cfg->ip_dscp,
24322440
cfg->quic_port, cfg->coap_port, cfg->coaps_port,
2441+
cfg->coaps_psk, cfg->coaps_psk_id,
24332442
cfg->http_notls_downstream,
24342443
cfg->sock_queue_timeout)) {
24352444
listening_ports_free(list);
@@ -2451,6 +2460,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs,
24512460
cfg->http_nodelay, cfg->use_systemd,
24522461
cfg->dnscrypt_port, cfg->ip_dscp,
24532462
cfg->quic_port, cfg->coap_port, cfg->coaps_port,
2463+
cfg->coaps_psk, cfg->coaps_psk_id,
24542464
cfg->http_notls_downstream,
24552465
cfg->sock_queue_timeout)) {
24562466
listening_ports_free(list);
@@ -2470,6 +2480,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs,
24702480
cfg->http_nodelay, cfg->use_systemd,
24712481
cfg->dnscrypt_port, cfg->ip_dscp,
24722482
cfg->quic_port, cfg->coap_port, cfg->coaps_port,
2483+
cfg->coaps_psk, cfg->coaps_psk_id,
24732484
cfg->http_notls_downstream,
24742485
cfg->sock_queue_timeout)) {
24752486
listening_ports_free(list);

testdata/doc_downstream.tdir/doc_downstream.conf

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@ server:
66
outgoing-interface: 127.0.0.1
77
coap-port: @COAP_PORT@
88
coaps-port: @COAPS_PORT@
9+
coaps-psk: "psk"
10+
coaps-psk-id: "client"
911
use-syslog: no
1012
directory: .
1113
pidfile: "unbound.pid"

util/config_file.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -139,6 +139,8 @@ config_create(void)
139139
cfg->quic_size = 8*1024*1024;
140140
cfg->coap_port = UNBOUND_DNS_OVER_COAP_PORT;
141141
cfg->coaps_port = UNBOUND_DNS_OVER_COAPS_PORT;
142+
cfg->coaps_psk = NULL;
143+
cfg->coaps_psk_id = NULL;
142144
cfg->use_syslog = 1;
143145
cfg->log_identity = NULL; /* changed later with argv[0] */
144146
cfg->log_time_ascii = 0;

util/config_file.h

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -173,6 +173,10 @@ struct config_file {
173173
int coap_port;
174174
/** port on which to provide DNS over CoAP over DTLS over UDP service */
175175
int coaps_port;
176+
/** CoAPS pre-shared key */
177+
char *coaps_psk;
178+
/** Identity sent for CoAPS pre-shared key */
179+
char *coaps_psk_id;
176180

177181
/** outgoing port range number of ports (per thread) */
178182
int outgoing_num_ports;

util/configlexer.lex

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -273,6 +273,8 @@ quic-port{COLON} { YDVAR(1, VAR_QUIC_PORT) }
273273
quic-size{COLON} { YDVAR(1, VAR_QUIC_SIZE) }
274274
coap-port{COLON} { YDVAR(1, VAR_COAP_PORT) }
275275
coaps-port{COLON} { YDVAR(1, VAR_COAPS_PORT) }
276+
coaps-psk{COLON} { YDVAR(1, VAR_COAPS_PSK) }
277+
coaps-psk-id{COLON} { YDVAR(1, VAR_COAPS_PSK_ID) }
276278
use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) }
277279
do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) }
278280
interface{COLON} { YDVAR(1, VAR_INTERFACE) }

util/configparser.y

Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -210,7 +210,7 @@ extern struct config_parser_state* cfg_parser;
210210
%token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG
211211
%token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA
212212
%token VAR_QUIC_PORT VAR_QUIC_SIZE
213-
%token VAR_COAP_PORT VAR_COAPS_PORT
213+
%token VAR_COAP_PORT VAR_COAPS_PORT VAR_COAPS_PSK VAR_COAPS_PSK_ID
214214
%token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO
215215
%token VAR_HARDEN_UNKNOWN_ADDITIONAL VAR_DISABLE_EDNS_DO VAR_CACHEDB_NO_STORE
216216
%token VAR_LOG_DESTADDR VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED
@@ -351,7 +351,7 @@ content_server: server_num_threads | server_verbosity | server_port |
351351
server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
352352
server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
353353
server_quic_port | server_quic_size |
354-
server_coap_port | server_coaps_port |
354+
server_coap_port | server_coaps_port | server_coaps_psk | server_coaps_psk_id |
355355
server_interface_automatic_ports | server_ede |
356356
server_dns_error_reporting |
357357
server_proxy_protocol_port | server_statistics_inhibit_zero |
@@ -1266,6 +1266,23 @@ server_coaps_port: VAR_COAPS_PORT STRING_ARG
12661266
else cfg_parser->cfg->coaps_port = atoi($2);
12671267
free($2);
12681268
};
1269+
server_coaps_psk: VAR_COAPS_PSK STRING_ARG
1270+
{
1271+
OUTYY(("P(server_coaps_psk:%s)\n", $2));
1272+
#ifndef HAVE_COAP
1273+
log_warn("%s:%d: Unbound is not compiled with "
1274+
"libcoap. This is required to use DNS "
1275+
"over CoAP.", cfg_parser->filename, cfg_parser->line);
1276+
#endif
1277+
free(cfg_parser->cfg->coaps_psk);
1278+
cfg_parser->cfg->coaps_psk = $2;
1279+
};
1280+
server_coaps_psk_id: VAR_COAPS_PSK_ID STRING_ARG
1281+
{
1282+
OUTYY(("P(server_coaps_psk_id:%s)\n", $2));
1283+
free(cfg_parser->cfg->coaps_psk_id);
1284+
cfg_parser->cfg->coaps_psk_id = $2;
1285+
};
12691286
server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
12701287
{
12711288
OUTYY(("P(server_use_systemd:%s)\n", $2));

0 commit comments

Comments
 (0)