libcoap 4.3.5
Loading...
Searching...
No Matches
coap_oscore.c
Go to the documentation of this file.
1/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
3/*
4 * coap_oscore.c -- Object Security for Constrained RESTful Environments
5 * (OSCORE) support for libcoap
6 *
7 * Copyright (C) 2019-2021 Olaf Bergmann <bergmann@tzi.org>
8 * Copyright (C) 2021-2024 Jon Shallow <supjps-libcoap@jpshallow.com>
9 *
10 * SPDX-License-Identifier: BSD-2-Clause
11 *
12 * This file is part of the CoAP library libcoap. Please see README for terms
13 * of use.
14 */
15
21#include "coap3/coap_libcoap_build.h"
22
23#if COAP_OSCORE_SUPPORT
24#include <ctype.h>
25
26#define AAD_BUF_LEN 200 /* length of aad_buffer */
27
28static oscore_ctx_t *coap_oscore_init(coap_context_t *c_context,
29 coap_oscore_conf_t *oscore_conf);
30
31#if COAP_CLIENT_SUPPORT
32
33int
34coap_oscore_initiate(coap_session_t *session, coap_oscore_conf_t *oscore_conf) {
35 if (oscore_conf) {
36 oscore_ctx_t *osc_ctx;
37
38 if (oscore_conf->recipient_id_count == 0) {
39 coap_log_warn("OSCORE: Recipient ID must be defined for a client\n");
40 return 0;
41 }
42 if (oscore_conf->rfc8613_b_2) {
43 /* Need to replace id_context with random value */
44 coap_binary_t *id_context = coap_new_binary(8);
45
46 if (id_context == NULL)
47 return 0;
48 coap_delete_bin_const(oscore_conf->id_context);
49 coap_prng_lkd(id_context->s, id_context->length);
50 oscore_conf->id_context = (coap_bin_const_t *)id_context;
51 session->b_2_step = COAP_OSCORE_B_2_STEP_1;
52 coap_log_oscore("Appendix B.2 client step 1 (Generated ID1)\n");
53 }
54
55 osc_ctx = coap_oscore_init(session->context, oscore_conf);
56 if (osc_ctx == NULL) {
57 return 0;
58 }
59 session->recipient_ctx = osc_ctx->recipient_chain;
60 session->oscore_encryption = 1;
61 }
62 return 1;
63}
64
65COAP_API coap_session_t *
66coap_new_client_session_oscore(coap_context_t *ctx,
67 const coap_address_t *local_if,
68 const coap_address_t *server,
69 coap_proto_t proto,
70 coap_oscore_conf_t *oscore_conf) {
71 coap_session_t *session;
72
73 coap_lock_lock(ctx, return NULL);
74 session = coap_new_client_session_oscore_lkd(ctx, local_if, server, proto, oscore_conf);
75 coap_lock_unlock(ctx);
76 return session;
77}
78
79coap_session_t *
80coap_new_client_session_oscore_lkd(coap_context_t *ctx,
81 const coap_address_t *local_if,
82 const coap_address_t *server,
83 coap_proto_t proto,
84 coap_oscore_conf_t *oscore_conf) {
85 coap_session_t *session =
86 coap_new_client_session_lkd(ctx, local_if, server, proto);
87
88 if (!session)
89 return NULL;
90
91 if (coap_oscore_initiate(session, oscore_conf) == 0) {
92 coap_session_release_lkd(session);
93 return NULL;
94 }
95 return session;
96}
97
98COAP_API coap_session_t *
99coap_new_client_session_oscore_psk(coap_context_t *ctx,
100 const coap_address_t *local_if,
101 const coap_address_t *server,
102 coap_proto_t proto,
103 coap_dtls_cpsk_t *psk_data,
104 coap_oscore_conf_t *oscore_conf) {
105 coap_session_t *session;
106
107 coap_lock_lock(ctx, return NULL);
108 session = coap_new_client_session_oscore_psk_lkd(ctx, local_if, server, proto, psk_data,
109 oscore_conf);
110 coap_lock_unlock(ctx);
111 return session;
112}
113
114coap_session_t *
115coap_new_client_session_oscore_psk_lkd(coap_context_t *ctx,
116 const coap_address_t *local_if,
117 const coap_address_t *server,
118 coap_proto_t proto,
119 coap_dtls_cpsk_t *psk_data,
120 coap_oscore_conf_t *oscore_conf) {
121 coap_session_t *session;
122
123 coap_lock_check_locked(ctx);
124 session = coap_new_client_session_psk2_lkd(ctx, local_if, server, proto, psk_data);
125
126 if (!session)
127 return NULL;
128
129 if (coap_oscore_initiate(session, oscore_conf) == 0) {
130 coap_session_release_lkd(session);
131 return NULL;
132 }
133 return session;
134}
135
136COAP_API coap_session_t *
137coap_new_client_session_oscore_pki(coap_context_t *ctx,
138 const coap_address_t *local_if,
139 const coap_address_t *server,
140 coap_proto_t proto,
141 coap_dtls_pki_t *pki_data,
142 coap_oscore_conf_t *oscore_conf) {
143 coap_session_t *session;
144
145 coap_lock_lock(ctx, return NULL);
146 session = coap_new_client_session_oscore_pki_lkd(ctx, local_if, server, proto, pki_data,
147 oscore_conf);
148 coap_lock_unlock(ctx);
149 return session;
150}
151
152coap_session_t *
153coap_new_client_session_oscore_pki_lkd(coap_context_t *ctx,
154 const coap_address_t *local_if,
155 const coap_address_t *server,
156 coap_proto_t proto,
157 coap_dtls_pki_t *pki_data,
158 coap_oscore_conf_t *oscore_conf) {
159 coap_session_t *session;
160
161 coap_lock_check_locked(ctx);
162 session = coap_new_client_session_pki_lkd(ctx, local_if, server, proto, pki_data);
163
164 if (!session)
165 return NULL;
166
167 if (coap_oscore_initiate(session, oscore_conf) == 0) {
168 coap_session_release_lkd(session);
169 return NULL;
170 }
171 return session;
172}
173#endif /* COAP_CLIENT_SUPPORT */
174#if COAP_SERVER_SUPPORT
175
176COAP_API int
177coap_context_oscore_server(coap_context_t *context,
178 coap_oscore_conf_t *oscore_conf) {
179 int ret;
180
181 coap_lock_lock(context, return 0);
182 ret = coap_context_oscore_server_lkd(context, oscore_conf);
183 coap_lock_unlock(context);
184 return ret;
185}
186
187int
188coap_context_oscore_server_lkd(coap_context_t *context,
189 coap_oscore_conf_t *oscore_conf) {
190 oscore_ctx_t *osc_ctx;
191
192 coap_lock_check_locked(context);
193 osc_ctx = coap_oscore_init(context, oscore_conf);
194 /* osc_ctx already added to context->osc_ctx */
195 if (osc_ctx)
196 return 1;
197 return 0;
198}
199
200#endif /* COAP_SERVER_SUPPORT */
201
202int
203coap_rebuild_pdu_for_proxy(coap_pdu_t *pdu) {
204 coap_uri_t uri;
205 coap_opt_iterator_t opt_iter;
206 coap_opt_t *option;
207 uint8_t option_value_buffer[15];
208 coap_optlist_t *optlist_chain = NULL;
209
210 if ((option =
211 coap_check_option(pdu, COAP_OPTION_PROXY_URI, &opt_iter)) == NULL)
212 return 1;
213
214 /* Need to break down into the component parts, but keep data safe */
215 memset(&uri, 0, sizeof(uri));
216
217 if (coap_split_proxy_uri(coap_opt_value(option),
218 coap_opt_length(option),
219 &uri) < 0 || uri.scheme >= COAP_URI_SCHEME_LAST) {
220 coap_log_warn("Proxy URI '%.*s' not decodable\n",
221 coap_opt_length(option),
222 (const char *)coap_opt_value(option));
223 goto error;
224 }
225 if (!coap_remove_option(pdu, COAP_OPTION_PROXY_URI))
226 goto error;
227
228 if (!coap_insert_option(pdu,
229 COAP_OPTION_URI_HOST,
230 uri.host.length,
231 uri.host.s))
232 goto error;
233 if (uri.port != (coap_uri_scheme_is_secure(&uri) ? COAPS_DEFAULT_PORT : COAP_DEFAULT_PORT) &&
234 !coap_insert_option(pdu,
235 COAP_OPTION_URI_PORT,
236 coap_encode_var_safe(option_value_buffer,
237 sizeof(option_value_buffer),
238 uri.port & 0xffff),
239 option_value_buffer))
240 goto error;
241 if (uri.path.length) {
242 /* Add in the Uri-Path options */
243 if (!coap_path_into_optlist(uri.path.s, uri.path.length, COAP_OPTION_URI_PATH,
244 &optlist_chain))
245 goto error;
246 }
247 if (uri.query.length) {
248 /* Add in the Uri-Query options */
249 if (!coap_query_into_optlist(uri.query.s, uri.query.length, COAP_OPTION_URI_QUERY,
250 &optlist_chain))
251 goto error;
252 }
253 if (!coap_add_optlist_pdu(pdu, &optlist_chain))
254 goto error;
255
256 if (!coap_insert_option(pdu,
257 COAP_OPTION_PROXY_SCHEME,
258 strlen(coap_uri_scheme[uri.scheme].name),
259 (const uint8_t *)coap_uri_scheme[uri.scheme].name))
260 goto error;
261
262 coap_delete_optlist(optlist_chain);
263 return 1;
264
265error:
266 coap_delete_optlist(optlist_chain);
267 return 0;
268}
269
270static void
271dump_cose(cose_encrypt0_t *cose, const char *message) {
272#if COAP_MAX_LOGGING_LEVEL < _COAP_LOG_OSCORE
273 (void)cose;
274 (void)message;
275#else /* COAP_MAX_LOGGING_LEVEL >= _COAP_LOG_OSCORE */
276 if (coap_get_log_level() >= COAP_LOG_OSCORE) {
277 char buffer[30];
278
279 coap_log_oscore("%s Cose information\n", message);
280 oscore_log_char_value(COAP_LOG_OSCORE, "alg",
281 cose_get_alg_name(cose->alg, buffer, sizeof(buffer)));
282 oscore_log_hex_value(COAP_LOG_OSCORE, "key", &cose->key);
283 oscore_log_hex_value(COAP_LOG_OSCORE, "partial_iv", &cose->partial_iv);
284 oscore_log_hex_value(COAP_LOG_OSCORE, "key_id", &cose->key_id);
285 oscore_log_hex_value(COAP_LOG_OSCORE, "kid_context", &cose->kid_context);
286 oscore_log_hex_value(COAP_LOG_OSCORE,
287 "oscore_option",
288 &cose->oscore_option);
289 oscore_log_hex_value(COAP_LOG_OSCORE, "nonce", &cose->nonce);
290 oscore_log_hex_value(COAP_LOG_OSCORE, "external_aad", &cose->external_aad);
291 oscore_log_hex_value(COAP_LOG_OSCORE, "aad", &cose->aad);
292 }
293#endif /* COAP_MAX_LOGGING_LEVEL >= _COAP_LOG_OSCORE */
294}
295
296COAP_API coap_pdu_t *
297coap_oscore_new_pdu_encrypted(coap_session_t *session,
298 coap_pdu_t *pdu,
299 coap_bin_const_t *kid_context,
300 oscore_partial_iv_t send_partial_iv) {
301 coap_pdu_t *ret_pdu;
302
303 coap_lock_lock(session->context, return NULL);
304 ret_pdu = coap_oscore_new_pdu_encrypted_lkd(session, pdu, kid_context, send_partial_iv);
305 coap_lock_unlock(session->context);
306
307 return ret_pdu;
308}
309
310/*
311 * Take current PDU, create a new one approriately separated as per RFC8613
312 * and then encrypt / integrity check the OSCORE data
313 */
314coap_pdu_t *
315coap_oscore_new_pdu_encrypted_lkd(coap_session_t *session,
316 coap_pdu_t *pdu,
317 coap_bin_const_t *kid_context,
318 oscore_partial_iv_t send_partial_iv) {
319 uint8_t coap_request = COAP_PDU_IS_REQUEST(pdu) || COAP_PDU_IS_PING(pdu);
320 coap_pdu_code_t code =
321 coap_request ? COAP_REQUEST_CODE_POST : COAP_RESPONSE_CODE(204);
322 coap_pdu_t *osc_pdu;
323 coap_pdu_t *plain_pdu = NULL;
324 coap_bin_const_t pdu_token;
325 coap_opt_iterator_t opt_iter;
326 coap_opt_t *option;
327 uint8_t pdu_code = pdu->code;
328 size_t length;
329 const uint8_t *data;
330 uint8_t *ciphertext_buffer = NULL;
331 size_t ciphertext_len = 0;
332 uint8_t aad_buffer[AAD_BUF_LEN];
333 uint8_t nonce_buffer[13];
334 coap_bin_const_t aad;
335 coap_bin_const_t nonce;
336 oscore_recipient_ctx_t *rcp_ctx;
337 oscore_ctx_t *osc_ctx;
338 cose_encrypt0_t cose[1];
339 uint8_t group_flag = 0;
340 int show_pdu = 0;
341 int doing_observe = 0;
342 uint32_t observe_value = 0;
343 oscore_association_t *association = NULL;
344 oscore_sender_ctx_t *snd_ctx;
345 uint8_t external_aad_buffer[200];
346 coap_bin_const_t external_aad;
347 uint8_t oscore_option[48];
348 size_t oscore_option_len;
349
350 /* Check that OSCORE has not already been done */
351 if (coap_check_option(pdu, COAP_OPTION_OSCORE, &opt_iter))
352 return NULL;
353
354 if (coap_check_option(pdu, COAP_OPTION_OBSERVE, &opt_iter))
355 doing_observe = 1;
356
357 coap_log_debug("PDU to encrypt\n");
358 coap_show_pdu(COAP_LOG_DEBUG, pdu);
359 osc_pdu = coap_pdu_init(pdu->type == COAP_MESSAGE_NON &&
360 session->b_2_step != COAP_OSCORE_B_2_NONE ?
361 COAP_MESSAGE_CON : pdu->type,
362 code,
363 pdu->mid,
364 pdu->used_size + coap_oscore_overhead(session, pdu));
365 if (osc_pdu == NULL)
366 return NULL;
367
368 cose_encrypt0_init(cose); /* clears cose memory */
369 pdu_token = coap_pdu_get_token(pdu);
370 if (coap_request) {
371 /*
372 * RFC8613 8.1 Step 1. Protecting the client's request
373 * Get the Sender Context
374 */
375 rcp_ctx = session->recipient_ctx;
376 if (rcp_ctx == NULL)
377 goto error;
378 osc_ctx = rcp_ctx->osc_ctx;
379 assert(osc_ctx);
380 snd_ctx = osc_ctx->sender_context;
381 } else {
382 /*
383 * RFC8613 8.3 Step 1. Protecting the server's response
384 * Get the Sender Context
385 */
386 association = oscore_find_association(session, &pdu_token);
387 if (association == NULL)
388 goto error;
389
390 rcp_ctx = association->recipient_ctx;
391 osc_ctx = rcp_ctx->osc_ctx;
392 snd_ctx = osc_ctx->sender_context;
393 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
394 cose_encrypt0_set_aad(cose, association->aad);
395 }
396
397 cose_encrypt0_set_alg(cose, osc_ctx->aead_alg);
398
399 if (coap_request || doing_observe ||
400 send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
401 uint8_t partial_iv_buffer[8];
402 size_t partial_iv_len;
403 coap_bin_const_t partial_iv;
404 partial_iv_len = coap_encode_var_safe8(partial_iv_buffer,
405 sizeof(partial_iv_buffer),
406 snd_ctx->seq);
407 if (snd_ctx->seq == 0) {
408 /* Need to special case */
409 partial_iv_buffer[0] = '\000';
410 partial_iv_len = 1;
411 }
412 partial_iv.s = partial_iv_buffer;
413 partial_iv.length = partial_iv_len;
414 cose_encrypt0_set_partial_iv(cose, &partial_iv);
415 }
416
417 if (coap_request)
418 cose_encrypt0_set_kid_context(cose, osc_ctx->id_context);
419
420 cose_encrypt0_set_key_id(cose, snd_ctx->sender_id);
421
422 /* nonce (needs to have sender information correctly set up) */
423
424 if (coap_request || doing_observe ||
425 send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
426 /*
427 * 8.1 Step 3 or RFC8613 8.3.1 Step A
428 * Compose the AEAD nonce
429 *
430 * Requires in COSE object as appropriate
431 * key_id (kid) (sender)
432 * partial_iv (sender)
433 * common_iv (already in osc_ctx)
434 */
435 nonce.s = nonce_buffer;
436 nonce.length = 13;
437 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
438 cose_encrypt0_set_nonce(cose, &nonce);
439 if (!oscore_increment_sender_seq(osc_ctx))
440 goto error;
441 if (osc_ctx->save_seq_num_func) {
442 if (osc_ctx->sender_context->seq > osc_ctx->sender_context->next_seq) {
443 /* Only update at ssn_freq rate */
444 osc_ctx->sender_context->next_seq += osc_ctx->ssn_freq;
445 osc_ctx->save_seq_num_func(osc_ctx->sender_context->next_seq,
446 osc_ctx->save_seq_num_func_param);
447 }
448 }
449 } else {
450 /*
451 * 8.3 Step 3.
452 * Use nonce from request
453 */
454 cose_encrypt0_set_nonce(cose, association->nonce);
455 }
456
457 /* OSCORE_option (needs to be before AAD as included in AAD if group) */
458
459 /* cose is modified for encode option in response message */
460 if (!coap_request) {
461 /* no kid on response */
462 cose_encrypt0_set_key_id(cose, NULL);
463 if (!doing_observe && send_partial_iv == OSCORE_SEND_NO_IV)
464 cose_encrypt0_set_partial_iv(cose, NULL);
465 }
466 if (kid_context) {
467 cose_encrypt0_set_kid_context(cose, kid_context);
468 }
469 oscore_option_len =
470 oscore_encode_option_value(oscore_option, sizeof(oscore_option), cose,
471 group_flag,
472 session->b_2_step != COAP_OSCORE_B_2_NONE);
473 if (!coap_request) {
474 /* Reset what was just unset as appropriate for AAD */
475 cose_encrypt0_set_key_id(cose, rcp_ctx->recipient_id);
476 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
477 }
478 if (kid_context)
479 cose_encrypt0_set_kid_context(cose, osc_ctx->id_context);
480
481 /*
482 * RFC8613 8.1/8.3 Step 2(a) (5.4).
483 * Compose the External AAD and then AAD
484 *
485 * OSCORE_option requires
486 * partial_iv (cose partial_iv)
487 * kid_context (cose kid_context)
488 * key_id (cose key_id)
489 * group_flag
490 *
491 * Non Group (based on osc_tx->mode) requires the following
492 * aead_alg (osc_ctx)
493 * request_kid (request key_id using cose)
494 * request_piv (request partial_iv using cose)
495 * options (none at present)
496 * Group (based on osc_tx->mode) requires the following
497 * aead_alg (osc_ctx) (pairwise mode)
498 * sign_enc_alg (osc_ctx) (group mode)
499 * sign_alg (osc_ctx) (group mode)
500 * alg_pairwise_key_agreement (osc_ctx) (pairwise mode)
501 * request_kid (request key_id using cose)
502 * request_piv (request partial_iv using cose)
503 * options (none at present)
504 * request_kid_context (osc_ctx id_context)
505 * OSCORE_option (parameter)
506 * test_gs_public_key (osc_ctx sender_context public_key)
507 * gm_public_key (osc_ctx gm_public_key)
508 *
509 * Note: No I options at present
510 */
511 if (coap_request || osc_ctx->mode != OSCORE_MODE_SINGLE ||
512 send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
513 /* External AAD */
514 external_aad.s = external_aad_buffer;
515 external_aad.length = oscore_prepare_e_aad(osc_ctx,
516 cose,
517 NULL,
518 0,
519 NULL,
520 external_aad_buffer,
521 sizeof(external_aad_buffer));
522 cose_encrypt0_set_external_aad(cose, &external_aad);
523
524 /* AAD */
525 aad.s = aad_buffer;
526 aad.length = oscore_prepare_aad(external_aad_buffer,
527 external_aad.length,
528 aad_buffer,
529 sizeof(aad_buffer));
530 assert(aad.length < AAD_BUF_LEN);
531 cose_encrypt0_set_aad(cose, &aad);
532 }
533
534 /*
535 * RFC8613 8.1/8.3 Step 2(b) (5.3).
536 *
537 * Set up temp plaintext pdu, the data including token, options and
538 * optional payload will get encrypted as COSE ciphertext.
539 */
540 plain_pdu = coap_pdu_init(pdu->type,
541 pdu->code,
542 pdu->mid,
543 pdu->used_size + 1 /* pseudo-token with actual code */);
544 if (plain_pdu == NULL)
545 goto error;
546
547 coap_add_token(osc_pdu, pdu_token.length, pdu_token.s);
548
549 /* First byte of plain is real CoAP code. Pretend it is token */
550 coap_add_token(plain_pdu, 1, &pdu_code);
551
552 /* Copy across the Outer/Inner Options to respective PDUs */
553 coap_option_iterator_init(pdu, &opt_iter, COAP_OPT_ALL);
554 while ((option = coap_option_next(&opt_iter))) {
555 switch (opt_iter.number) {
556 case COAP_OPTION_URI_HOST:
557 case COAP_OPTION_URI_PORT:
558 case COAP_OPTION_PROXY_SCHEME:
559 case COAP_OPTION_HOP_LIMIT:
560 /* Outer only */
561 if (!coap_insert_option(osc_pdu,
562 opt_iter.number,
563 coap_opt_length(option),
564 coap_opt_value(option)))
565 goto error;
566 break;
567 case COAP_OPTION_OBSERVE:
568 /* Make as Outer option as-is */
569 if (!coap_insert_option(osc_pdu,
570 opt_iter.number,
571 coap_opt_length(option),
572 coap_opt_value(option)))
573 goto error;
574 if (coap_request) {
575 /* Make as Inner option (unchanged) */
576 if (!coap_insert_option(plain_pdu,
577 opt_iter.number,
578 coap_opt_length(option),
579 coap_opt_value(option)))
580 goto error;
581 osc_pdu->code = COAP_REQUEST_CODE_FETCH;
582 } else {
583 /* Make as Inner option but empty */
584 if (!coap_insert_option(plain_pdu, opt_iter.number, 0, NULL))
585 goto error;
586 osc_pdu->code = COAP_RESPONSE_CODE(205);
587 }
588 show_pdu = 1;
589 doing_observe = 1;
590 observe_value = coap_decode_var_bytes(coap_opt_value(option),
591 coap_opt_length(option));
592 break;
593 case COAP_OPTION_PROXY_URI:
594 /*
595 * Should have already been caught by doing
596 * coap_rebuild_pdu_for_proxy() before calling
597 * coap_oscore_new_pdu_encrypted_lkd()
598 */
599 assert(0);
600 break;
601 default:
602 /* Make as Inner option */
603 if (!coap_insert_option(plain_pdu,
604 opt_iter.number,
605 coap_opt_length(option),
606 coap_opt_value(option)))
607 goto error;
608 break;
609 }
610 }
611 /* Add in data to plain */
612 if (coap_get_data(pdu, &length, &data)) {
613 if (!coap_add_data(plain_pdu, length, data))
614 goto error;
615 }
616 if (show_pdu) {
617 coap_log_oscore("OSCORE payload\n");
618 coap_show_pdu(COAP_LOG_OSCORE, plain_pdu);
619 }
620
621 /*
622 * 8.1/8.3 Step 4.
623 * Encrypt the COSE object.
624 *
625 * Requires in COSE object as appropriate
626 * alg (already set)
627 * key (sender key)
628 * nonce (already set)
629 * aad (already set)
630 * plaintext
631 */
632 cose_encrypt0_set_key(cose, snd_ctx->sender_key);
633 cose_encrypt0_set_plaintext(cose, plain_pdu->token, plain_pdu->used_size);
634 dump_cose(cose, "Pre encrypt");
635 ciphertext_buffer =
636 coap_malloc_type(COAP_OSCORE_BUF, OSCORE_CRYPTO_BUFFER_SIZE);
637 if (ciphertext_buffer == NULL)
638 goto error;
639 ciphertext_len = cose_encrypt0_encrypt(cose,
640 ciphertext_buffer,
641 plain_pdu->used_size + AES_CCM_TAG);
642 if ((int)ciphertext_len <= 0) {
643 coap_log_warn("OSCORE: Encryption Failure, result code: %d \n",
644 (int)ciphertext_len);
645 goto error;
646 }
647 assert(ciphertext_len < OSCORE_CRYPTO_BUFFER_SIZE);
648
649 /* Add in OSCORE option (previously computed) */
650 if (!coap_insert_option(osc_pdu,
651 COAP_OPTION_OSCORE,
652 oscore_option_len,
653 oscore_option))
654 goto error;
655
656 /* Add now encrypted payload */
657 if (!coap_add_data(osc_pdu, ciphertext_len, ciphertext_buffer))
658 goto error;
659
660 coap_free_type(COAP_OSCORE_BUF, ciphertext_buffer);
661 ciphertext_buffer = NULL;
662
663 coap_delete_pdu(plain_pdu);
664 plain_pdu = NULL;
665
666 if (association && association->is_observe == 0)
667 oscore_delete_association(session, association);
668 association = NULL;
669
670 /*
671 * If this is a response ACK with data, make it a separate response
672 * by sending an Empty ACK and changing osc_pdu's MID and type. This
673 * then allows lost response ACK (now CON) with data to be recovered.
674 */
675 if (coap_request == 0 && osc_pdu->type == COAP_MESSAGE_ACK &&
676 COAP_RESPONSE_CLASS(pdu->code) == 2 &&
677 COAP_PROTO_NOT_RELIABLE(session->proto)) {
678 coap_pdu_t *empty = coap_pdu_init(COAP_MESSAGE_ACK,
679 0,
680 osc_pdu->mid,
681 0);
682 if (empty) {
683 if (coap_send_internal(session, empty) != COAP_INVALID_MID) {
684 osc_pdu->mid = coap_new_message_id_lkd(session);
685 osc_pdu->type = COAP_MESSAGE_CON;
686 }
687 }
688 }
689
690 if (!coap_pdu_encode_header(osc_pdu, session->proto)) {
691 goto error;
692 }
693
694 /*
695 * Set up an association for handling a response if this is a request
696 */
697 if (coap_request) {
698 association = oscore_find_association(session, &pdu_token);
699 if (association) {
700 if (doing_observe && observe_value == 1) {
701 association->is_observe = 0;
702 }
703 /* Refresh the association */
704 coap_delete_bin_const(association->nonce);
705 association->nonce =
706 coap_new_bin_const(cose->nonce.s, cose->nonce.length);
707 if (association->nonce == NULL)
708 goto error;
709 coap_delete_bin_const(association->aad);
710 association->aad = coap_new_bin_const(cose->aad.s, cose->aad.length);
711 if (association->aad == NULL)
712 goto error;
713 coap_delete_bin_const(association->partial_iv);
714 association->partial_iv =
715 coap_new_bin_const(cose->partial_iv.s, cose->partial_iv.length);
716 if (association->partial_iv == NULL)
717 goto error;
718 association->recipient_ctx = rcp_ctx;
719 coap_delete_pdu(association->sent_pdu);
720 if (session->b_2_step != COAP_OSCORE_B_2_NONE && !session->done_b_1_2) {
721 size_t size;
722
723 association->sent_pdu = coap_pdu_duplicate_lkd(pdu, session,
724 pdu_token.length,
725 pdu_token.s, NULL);
726 if (association->sent_pdu == NULL)
727 goto error;
728 if (coap_get_data(pdu, &size, &data)) {
729 coap_add_data(association->sent_pdu, size, data);
730 }
731 } else {
732 association->sent_pdu = NULL;
733 }
734 } else if (!oscore_new_association(session,
735 pdu,
736 &pdu_token,
737 rcp_ctx,
738 &cose->aad,
739 &cose->nonce,
740 &cose->partial_iv,
741 doing_observe)) {
742 goto error;
743 }
744 session->done_b_1_2 = 1;
745 }
746 return osc_pdu;
747
748error:
749 if (ciphertext_buffer)
750 coap_free_type(COAP_OSCORE_BUF, ciphertext_buffer);
751 coap_delete_pdu(osc_pdu);
752 coap_delete_pdu(plain_pdu);
753 return NULL;
754}
755
756static void
757build_and_send_error_pdu(coap_session_t *session,
758 coap_pdu_t *rcvd,
759 coap_pdu_code_t code,
760 const char *diagnostic,
761 uint8_t *echo_data,
762 coap_bin_const_t *kid_context,
763 int encrypt_oscore) {
764 coap_pdu_t *err_pdu = NULL;
765 coap_bin_const_t token;
766 int oscore_encryption = session->oscore_encryption;
767 unsigned char buf[4];
768
769 token = coap_pdu_get_token(rcvd);
770 err_pdu = coap_pdu_init(rcvd->type == COAP_MESSAGE_NON ? COAP_MESSAGE_NON :
771 COAP_MESSAGE_ACK,
772 code,
773 rcvd->mid,
774 token.length + 2 + 8 +
775 (diagnostic ? strlen(diagnostic) : 0));
776 if (!err_pdu)
777 return;
778 coap_add_token(err_pdu, token.length, token.s);
779 if (echo_data) {
780 coap_add_option_internal(err_pdu, COAP_OPTION_ECHO, 8, echo_data);
781 } else if (kid_context == NULL) {
782 coap_add_option_internal(err_pdu,
783 COAP_OPTION_MAXAGE,
784 coap_encode_var_safe(buf, sizeof(buf), 0),
785 buf);
786 }
787 if (diagnostic)
788 coap_add_data(err_pdu, strlen(diagnostic), (const uint8_t *)diagnostic);
789 session->oscore_encryption = encrypt_oscore;
790
791 if ((echo_data || kid_context) && encrypt_oscore) {
792 coap_pdu_t *osc_pdu;
793
794 osc_pdu =
795 coap_oscore_new_pdu_encrypted_lkd(session, err_pdu, kid_context,
796 echo_data ? 1 : 0);
797 if (!osc_pdu)
798 goto fail_resp;
799 session->oscore_encryption = 0;
800 coap_send_internal(session, osc_pdu);
801 coap_delete_pdu(err_pdu);
802 err_pdu = NULL;
803 } else {
804 coap_send_internal(session, err_pdu);
805 err_pdu = NULL;
806 }
807fail_resp:
808 session->oscore_encryption = oscore_encryption;
809 coap_delete_pdu(err_pdu);
810 return;
811}
812
813/* pdu contains incoming message with encrypted COSE ciphertext payload
814 * function returns decrypted message
815 * and verifies signature, if present
816 * returns NULL when decryption,verification fails
817 */
818coap_pdu_t *
819coap_oscore_decrypt_pdu(coap_session_t *session,
820 coap_pdu_t *pdu) {
821 coap_pdu_t *decrypt_pdu = NULL;
822 coap_pdu_t *plain_pdu = NULL;
823 const uint8_t *osc_value; /* value of OSCORE option */
824 uint8_t osc_size; /* size of OSCORE OPTION */
825 coap_opt_iterator_t opt_iter;
826 coap_opt_t *opt = NULL;
827 cose_encrypt0_t cose[1];
828 oscore_ctx_t *osc_ctx = NULL;
829 uint8_t aad_buffer[AAD_BUF_LEN];
830 uint8_t nonce_buffer[13];
831 coap_bin_const_t aad;
832 coap_bin_const_t nonce;
833 int pltxt_size = 0;
834 uint8_t coap_request = COAP_PDU_IS_REQUEST(pdu);
835 coap_bin_const_t pdu_token;
836 uint8_t *st_encrypt;
837 size_t encrypt_len;
838 size_t tag_len;
839 oscore_recipient_ctx_t *rcp_ctx = NULL;
840 oscore_association_t *association = NULL;
841 uint8_t external_aad_buffer[100];
842 coap_bin_const_t external_aad;
843 oscore_sender_ctx_t *snd_ctx = NULL;
844#if COAP_CLIENT_SUPPORT
845 coap_pdu_t *sent_pdu = NULL;
846#endif /* COAP_CLIENT_SUPPORT */
847
848 opt = coap_check_option(pdu, COAP_OPTION_OSCORE, &opt_iter);
849 assert(opt);
850 if (opt == NULL)
851 return NULL;
852
853 if (session->context->p_osc_ctx == NULL) {
854 coap_log_warn("OSCORE: Not enabled\n");
855 if (!coap_request)
856 coap_handle_event_lkd(session->context,
857 COAP_EVENT_OSCORE_NOT_ENABLED,
858 session);
859 return NULL;
860 }
861
862 if (pdu->data == NULL) {
863 coap_log_warn("OSCORE: No protected payload\n");
864 if (!coap_request)
865 coap_handle_event_lkd(session->context,
866 COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD,
867 session);
868 return NULL;
869 }
870
871 osc_size = coap_opt_length(opt);
872 osc_value = coap_opt_value(opt);
873
874 cose_encrypt0_init(cose); /* clear cose memory */
875
876 /* PDU code will be filled in after decryption */
877 decrypt_pdu =
878 coap_pdu_init(pdu->type, 0, pdu->mid, pdu->used_size);
879 if (decrypt_pdu == NULL) {
880 if (!coap_request)
881 coap_handle_event_lkd(session->context,
882 COAP_EVENT_OSCORE_INTERNAL_ERROR,
883 session);
884 goto error;
885 }
886
887 /* Copy across the Token */
888 pdu_token = coap_pdu_get_token(pdu);
889 coap_add_token(decrypt_pdu, pdu_token.length, pdu_token.s);
890
891 /*
892 * 8.2/8.4 Step 1.
893 * Copy outer options across, except E and OSCORE options
894 */
895 coap_option_iterator_init(pdu, &opt_iter, COAP_OPT_ALL);
896 while ((opt = coap_option_next(&opt_iter))) {
897 switch (opt_iter.number) {
898 /* 'E' options skipped */
899 case COAP_OPTION_IF_MATCH:
900 case COAP_OPTION_ETAG:
901 case COAP_OPTION_IF_NONE_MATCH:
902 case COAP_OPTION_OBSERVE:
903 case COAP_OPTION_LOCATION_PATH:
904 case COAP_OPTION_URI_PATH:
905 case COAP_OPTION_CONTENT_FORMAT:
906 case COAP_OPTION_MAXAGE:
907 case COAP_OPTION_URI_QUERY:
908 case COAP_OPTION_ACCEPT:
909 case COAP_OPTION_LOCATION_QUERY:
910 case COAP_OPTION_BLOCK2:
911 case COAP_OPTION_BLOCK1:
912 case COAP_OPTION_SIZE2:
913 case COAP_OPTION_SIZE1:
914 case COAP_OPTION_NORESPONSE:
915 case COAP_OPTION_ECHO:
916 case COAP_OPTION_RTAG:
917 /* OSCORE does not get copied across */
918 case COAP_OPTION_OSCORE:
919 break;
920 default:
921 if (!coap_add_option_internal(decrypt_pdu,
922 opt_iter.number,
923 coap_opt_length(opt),
924 coap_opt_value(opt))) {
925 if (!coap_request)
926 coap_handle_event_lkd(session->context,
927 COAP_EVENT_OSCORE_INTERNAL_ERROR,
928 session);
929 goto error;
930 }
931 break;
932 }
933 }
934
935 if (coap_request) {
936 uint64_t incoming_seq;
937 /*
938 * 8.2 Step 2
939 * Decompress COSE object
940 * Get Recipient Context based on kid and optional kid_context
941 */
942 if (oscore_decode_option_value(osc_value, osc_size, cose) == 0) {
943 coap_log_warn("OSCORE: OSCORE Option cannot be decoded.\n");
944 build_and_send_error_pdu(session,
945 pdu,
946 COAP_RESPONSE_CODE(402),
947 "Failed to decode COSE",
948 NULL,
949 NULL,
950 0);
951 goto error_no_ack;
952 }
953 osc_ctx = oscore_find_context(session->context,
954 cose->key_id,
955 &cose->kid_context,
956 NULL,
957 &rcp_ctx);
958 if (!osc_ctx) {
959 if (cose->kid_context.length > 0) {
960 const uint8_t *ptr;
961 size_t length;
962 /* Appendix B.2 protocol check - Is the recipient key_id known */
963 osc_ctx = oscore_find_context(session->context,
964 cose->key_id,
965 NULL,
966 session->oscore_r2 != 0 ? (uint8_t *)&session->oscore_r2 : NULL,
967 &rcp_ctx);
968 ptr = cose->kid_context.s;
969 length = cose->kid_context.length;
970 if (ptr && osc_ctx && osc_ctx->rfc8613_b_2 &&
971 osc_ctx->mode == OSCORE_MODE_SINGLE) {
972 /* Processing Appendix B.2 protocol */
973 /* Need to CBOR unwrap kid_context */
974 coap_bin_const_t kid_context;
975
976 kid_context.length = oscore_cbor_get_element_size(&ptr, &length);
977 kid_context.s = ptr;
978 cose_encrypt0_set_kid_context(cose, (coap_bin_const_t *)&kid_context);
979
980 if (session->oscore_r2 != 0) {
981 /* B.2 step 4 */
982 coap_bin_const_t *kc = coap_new_bin_const(cose->kid_context.s,
983 cose->kid_context.length);
984
985 if (kc == NULL)
986 goto error;
987
988 session->b_2_step = COAP_OSCORE_B_2_STEP_4;
989 coap_log_oscore("Appendix B.2 server step 4 (R2 || R3)\n");
990 oscore_update_ctx(osc_ctx, kc);
991 } else {
992 session->b_2_step = COAP_OSCORE_B_2_STEP_2;
993 coap_log_oscore("Appendix B.2 server step 2 (ID1)\n");
994 osc_ctx = oscore_duplicate_ctx(session->context,
995 osc_ctx,
996 osc_ctx->sender_context->sender_id,
997 &cose->key_id,
998 &cose->kid_context);
999 if (osc_ctx == NULL)
1000 goto error;
1001 /*
1002 * Complete the Verify (B.2 step 2)
1003 * before sending back the response
1004 */
1005 rcp_ctx = osc_ctx->recipient_chain;
1006 }
1007 } else {
1008 osc_ctx = NULL;
1009 }
1010 }
1011 } else if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1012 session->b_2_step = COAP_OSCORE_B_2_NONE;
1013 coap_log_oscore("Appendix B.2 server finished\n");
1014 }
1015 if (!osc_ctx) {
1016 coap_log_crit("OSCORE: Security Context not found\n");
1017 oscore_log_hex_value(COAP_LOG_OSCORE, "key_id", &cose->key_id);
1018 oscore_log_hex_value(COAP_LOG_OSCORE, "kid_context", &cose->kid_context);
1019 build_and_send_error_pdu(session,
1020 pdu,
1021 COAP_RESPONSE_CODE(401),
1022 "Security context not found",
1023 NULL,
1024 NULL,
1025 0);
1026 goto error_no_ack;
1027 }
1028 /* to be used for encryption of returned response later */
1029 session->recipient_ctx = rcp_ctx;
1030 snd_ctx = osc_ctx->sender_context;
1031
1032 /*
1033 * 8.2 Step 3.
1034 * Verify Partial IV is not duplicated.
1035 *
1036 * Requires in COSE object as appropriate
1037 * partial_iv (as received)
1038 */
1039 if (rcp_ctx->initial_state == 0 &&
1040 !oscore_validate_sender_seq(rcp_ctx, cose)) {
1041 coap_log_warn("OSCORE: Replayed or old message\n");
1042 build_and_send_error_pdu(session,
1043 pdu,
1044 COAP_RESPONSE_CODE(401),
1045 "Replay detected",
1046 NULL,
1047 NULL,
1048 0);
1049 goto error_no_ack;
1050 }
1051
1052 incoming_seq =
1053 coap_decode_var_bytes8(cose->partial_iv.s, cose->partial_iv.length);
1054 rcp_ctx->last_seq = incoming_seq;
1055 } else { /* !coap_request */
1056 /*
1057 * 8.4 Step 2
1058 * Decompress COSE object
1059 * Get Recipient Context based on token
1060 */
1061 if (oscore_decode_option_value(osc_value, osc_size, cose) == 0) {
1062 coap_log_warn("OSCORE: OSCORE Option cannot be decoded.\n");
1063 coap_handle_event_lkd(session->context,
1064 COAP_EVENT_OSCORE_DECODE_ERROR,
1065 session);
1066 goto error;
1067 }
1068 association = oscore_find_association(session, &pdu_token);
1069 if (association) {
1070 rcp_ctx = association->recipient_ctx;
1071 osc_ctx = rcp_ctx->osc_ctx;
1072 snd_ctx = osc_ctx->sender_context;
1073#if COAP_CLIENT_SUPPORT
1074 sent_pdu = association->sent_pdu;
1075 if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1076 const uint8_t *ptr = cose->kid_context.s;
1077 size_t length = cose->kid_context.length;
1078
1079 if (ptr) {
1080 /* Need to CBOR unwrap kid_context */
1081 coap_bin_const_t kid_context;
1082
1083 kid_context.length = oscore_cbor_get_element_size(&ptr, &length);
1084 kid_context.s = ptr;
1085 cose_encrypt0_set_kid_context(cose, &kid_context);
1086 }
1087 if (ptr && !coap_binary_equal(osc_ctx->id_context, &cose->kid_context)) {
1088 /* If Appendix B.2 step 3 is in operation */
1089 /* Need to update Security Context with new (R2 || ID1) ID Context */
1090 coap_binary_t *kc = coap_new_binary(cose->kid_context.length +
1091 osc_ctx->id_context->length);
1092
1093 if (kc == NULL) {
1094 coap_handle_event_lkd(session->context,
1095 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1096 session);
1097 goto error;
1098 }
1099
1100 memcpy(kc->s, cose->kid_context.s, cose->kid_context.length);
1101 memcpy(&kc->s[cose->kid_context.length],
1102 osc_ctx->id_context->s,
1103 osc_ctx->id_context->length);
1104
1105 session->b_2_step = COAP_OSCORE_B_2_STEP_3;
1106 coap_log_oscore("Appendix B.2 client step 3 (R2 || ID1)\n");
1107 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1108 } else {
1109 session->b_2_step = COAP_OSCORE_B_2_STEP_5;
1110 coap_log_oscore("Appendix B.2 client step 5 (R2 || R3)\n");
1111 }
1112 }
1113#endif /* COAP_CLIENT_SUPPORT */
1114 } else {
1115 coap_log_crit("OSCORE: Security Context association not found\n");
1116 coap_handle_event_lkd(session->context,
1117 COAP_EVENT_OSCORE_NO_SECURITY,
1118 session);
1119 goto error;
1120 }
1121 }
1122
1123 cose_encrypt0_set_alg(cose, osc_ctx->aead_alg);
1124
1125 if (coap_request) {
1126 /*
1127 * RFC8613 8.2 Step 4.
1128 * Compose the External AAD and then AAD
1129 *
1130 * Non Group (based on osc_tx->mode) requires the following
1131 * aead_alg (osc_ctx)
1132 * request_kid (request key_id using cose)
1133 * request_piv (request partial_iv using cose)
1134 * options (none at present)
1135 * Group (based on osc_tx->mode) requires the following
1136 * aead_alg (osc_ctx) (pairwise mode)
1137 * sign_enc_alg (osc_ctx) (group mode)
1138 * sign_alg (osc_ctx) (group mode)
1139 * alg_pairwise_key_agreement (osc_ctx) (pairwise mode)
1140 * request_kid (request key_id using cose)
1141 * request_piv (request partial_iv using cose)
1142 * options (none at present)
1143 * request_kid_context (osc_ctx id_context)
1144 * OSCORE_option (as received in request)
1145 * test_gs_public_key (recipient public key)
1146 * gm_public_key (osc_ctx gm_public_key)
1147 *
1148 * Note: No I options at present
1149 */
1150
1151 /* External AAD */
1152 external_aad.s = external_aad_buffer;
1153 external_aad.length = oscore_prepare_e_aad(osc_ctx,
1154 cose,
1155 osc_value,
1156 osc_size,
1157 NULL,
1158 external_aad_buffer,
1159 sizeof(external_aad_buffer));
1160 cose_encrypt0_set_external_aad(cose, &external_aad);
1161
1162 /* AAD */
1163 aad.s = aad_buffer;
1164 aad.length = oscore_prepare_aad(external_aad_buffer,
1165 external_aad.length,
1166 aad_buffer,
1167 sizeof(aad_buffer));
1168 assert(aad.length < AAD_BUF_LEN);
1169 cose_encrypt0_set_aad(cose, &aad);
1170
1171 /*
1172 * RFC8613 8.2 Step 5.
1173 * Compute the AEAD nonce.
1174 *
1175 * Requires in COSE object as appropriate
1176 * key_id (kid) (Recipient ID)
1177 * partial_iv (as received in request)
1178 * common_iv (already in osc_ctx)
1179 */
1180 nonce.s = nonce_buffer;
1181 nonce.length = 13;
1182 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
1183 cose_encrypt0_set_nonce(cose, &nonce);
1184 /*
1185 * Set up an association for use in the response
1186 */
1187 association = oscore_find_association(session, &pdu_token);
1188 if (association) {
1189 /* Refresh the association */
1190 coap_delete_bin_const(association->nonce);
1191 association->nonce =
1192 coap_new_bin_const(cose->nonce.s, cose->nonce.length);
1193 if (association->nonce == NULL)
1194 goto error;
1195 coap_delete_bin_const(association->partial_iv);
1196 association->partial_iv =
1197 coap_new_bin_const(cose->partial_iv.s, cose->partial_iv.length);
1198 if (association->partial_iv == NULL)
1199 goto error;
1200 coap_delete_bin_const(association->aad);
1201 association->aad = coap_new_bin_const(cose->aad.s, cose->aad.length);
1202 if (association->aad == NULL)
1203 goto error;
1204 association->recipient_ctx = rcp_ctx;
1205 } else if (!oscore_new_association(session,
1206 NULL,
1207 &pdu_token,
1208 rcp_ctx,
1209 &cose->aad,
1210 &cose->nonce,
1211 &cose->partial_iv,
1212 0)) {
1213 goto error;
1214 }
1215 /* So association is not released when handling decrypt */
1216 association = NULL;
1217 } else { /* ! coap_request */
1218 /* Need to do nonce before AAD because of different partial_iv */
1219 /*
1220 * 8.4 Step 4.
1221 * Compose the AEAD nonce.
1222 */
1223 cose_encrypt0_set_key_id(cose, rcp_ctx->recipient_id);
1224 if (cose->partial_iv.length == 0) {
1225 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
1226 cose_encrypt0_set_nonce(cose, association->nonce);
1227 } else {
1228 uint64_t last_seq;
1229
1230 if (rcp_ctx->initial_state == 0 &&
1231 !oscore_validate_sender_seq(rcp_ctx, cose)) {
1232 coap_log_warn("OSCORE: Replayed or old message\n");
1233 goto error;
1234 }
1235 last_seq =
1236 coap_decode_var_bytes8(cose->partial_iv.s, cose->partial_iv.length);
1237 if (rcp_ctx->last_seq>= OSCORE_SEQ_MAX) {
1238 coap_log_warn("OSCORE Replay protection, SEQ larger than SEQ_MAX.\n");
1239 goto error;
1240 }
1241 if (last_seq > rcp_ctx->last_seq)
1242 rcp_ctx->last_seq = last_seq;
1243 /*
1244 * Requires in COSE object as appropriate
1245 * kid (set above)
1246 * partial_iv (as received)
1247 * common_iv (already in osc_ctx)
1248 */
1249 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
1250 nonce.s = nonce_buffer;
1251 nonce.length = 13;
1252 cose_encrypt0_set_nonce(cose, &nonce);
1253 }
1254#ifdef OSCORE_EXTRA_DEBUG
1255 dump_cose(cose, "!req post set nonce");
1256#endif /* OSCORE_EXTRA_DEBUG */
1257 /*
1258 * 8.4 Step 3.
1259 * Compose the External AAD and then AAD (same as request non-group (5.4)
1260 *
1261 * Non Group (based on osc_tx->mode) requires the following
1262 * aead_alg (osc_ctx)
1263 * request_kid (request key_id using cose)
1264 * request_piv (request partial_iv using cose)
1265 * options (none at present)
1266 * Group (based on osc_tx->mode) requires the following
1267 * aead_alg (osc_ctx) (pairwise mode)
1268 * sign_enc_alg (osc_ctx) (group mode)
1269 * sign_alg (osc_ctx) (group mode)
1270 * alg_pairwise_key_agreement (osc_ctx) (pairwise mode)
1271 * request_kid (request key_id using cose)
1272 * request_piv (request partial_iv using cose)
1273 * options (none at present)
1274 * request_kid_context (osc_ctx id_context)
1275 * OSCORE_option (as received in request)
1276 * test_gs_public_key (recipient public key)
1277 * gm_public_key (osc_ctx gm_public_key)
1278 *
1279 * Note: No I options at present
1280 */
1281
1282 /* External AAD */
1283 cose_encrypt0_set_key_id(cose, snd_ctx->sender_id);
1284 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
1285#ifdef OSCORE_EXTRA_DEBUG
1286 dump_cose(cose, "!req pre aad");
1287#endif /* OSCORE_EXTRA_DEBUG */
1288 external_aad.s = external_aad_buffer;
1289 external_aad.length = oscore_prepare_e_aad(osc_ctx,
1290 cose,
1291 NULL,
1292 0,
1293 NULL,
1294 external_aad_buffer,
1295 sizeof(external_aad_buffer));
1296 cose_encrypt0_set_external_aad(cose, &external_aad);
1297
1298 /* AAD */
1299 aad.s = aad_buffer;
1300 aad.length = oscore_prepare_aad(external_aad_buffer,
1301 external_aad.length,
1302 aad_buffer,
1303 sizeof(aad_buffer));
1304 assert(aad.length < AAD_BUF_LEN);
1305 cose_encrypt0_set_aad(cose, &aad);
1306#ifdef OSCORE_EXTRA_DEBUG
1307 dump_cose(cose, "!req post set aad");
1308#endif /* OSCORE_EXTRA_DEBUG */
1309 }
1310
1311 /*
1312 * 8.2 Step 6 / 8.4 Step 5.
1313 * Decrypt the COSE object.
1314 *
1315 * Requires in COSE object as appropriate
1316 * alg (already set)
1317 * key
1318 * nonce (already set)
1319 * aad (already set)
1320 * ciphertext
1321 */
1322 st_encrypt = pdu->data;
1323 encrypt_len = pdu->used_size - (pdu->data - pdu->token);
1324 if (encrypt_len <= 0) {
1325 coap_log_warn("OSCORE: No protected payload\n");
1326 if (!coap_request)
1327 coap_handle_event_lkd(session->context,
1328 COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD,
1329 session);
1330 goto error;
1331 }
1332 cose_encrypt0_set_key(cose, rcp_ctx->recipient_key);
1333 cose_encrypt0_set_ciphertext(cose, st_encrypt, encrypt_len);
1334
1335 tag_len = cose_tag_len(cose->alg);
1336 /* Decrypt into plain_pdu, so code (token), options and data are in place */
1337 plain_pdu = coap_pdu_init(0, 0, 0, encrypt_len /* - tag_len */);
1338 if (plain_pdu == NULL) {
1339 if (!coap_request)
1340 coap_handle_event_lkd(session->context,
1341 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1342 session);
1343 goto error;
1344 }
1345
1346 /* need the tag_len on the end for TinyDTLS to do its work - yuk */
1347 if (!coap_pdu_resize(plain_pdu, encrypt_len /* - tag_len */)) {
1348 if (!coap_request)
1349 coap_handle_event_lkd(session->context,
1350 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1351 session);
1352 goto error;
1353 }
1354
1355 /* Account for 1 byte 'code' used as token */
1356 plain_pdu->e_token_length = 1;
1357 plain_pdu->actual_token.length = 1;
1358 /* Account for the decrypted data */
1359 plain_pdu->used_size = encrypt_len - tag_len;
1360
1361 dump_cose(cose, "Pre decrypt");
1362 pltxt_size =
1363 cose_encrypt0_decrypt(cose, plain_pdu->token, encrypt_len - tag_len);
1364 if (pltxt_size <= 0) {
1365 coap_log_warn("OSCORE: Decryption Failure, result code: %d \n",
1366 (int)pltxt_size);
1367 if (coap_request) {
1368 build_and_send_error_pdu(session,
1369 pdu,
1370 COAP_RESPONSE_CODE(400),
1371 "Decryption failed",
1372 NULL,
1373 NULL,
1374 0);
1375 oscore_roll_back_seq(rcp_ctx);
1376 goto error_no_ack;
1377 } else {
1378 coap_handle_event_lkd(session->context,
1379 COAP_EVENT_OSCORE_DECRYPTION_FAILURE,
1380 session);
1381 }
1382 goto error;
1383 }
1384
1385 assert((size_t)pltxt_size < pdu->alloc_size + pdu->max_hdr_size);
1386
1387 /* Appendix B.2 Trap */
1388 if (session->b_2_step == COAP_OSCORE_B_2_STEP_2) {
1389 /* Need to update Security Context with new (R2 || ID1) ID Context */
1390 coap_binary_t *kc =
1391 coap_new_binary(sizeof(session->oscore_r2) + cose->kid_context.length);
1392 coap_bin_const_t oscore_r2;
1393
1394 if (kc == NULL) {
1395 if (!coap_request)
1396 coap_handle_event_lkd(session->context,
1397 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1398 session);
1399 goto error;
1400 }
1401
1402 coap_prng_lkd(&session->oscore_r2, sizeof(session->oscore_r2));
1403 memcpy(kc->s, &session->oscore_r2, sizeof(session->oscore_r2));
1404 memcpy(&kc->s[sizeof(session->oscore_r2)],
1405 cose->kid_context.s,
1406 cose->kid_context.length);
1407
1408 coap_log_oscore("Appendix B.2 server step 2 (R2 || ID1)\n");
1409 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1410
1411 oscore_r2.length = sizeof(session->oscore_r2);
1412 oscore_r2.s = (const uint8_t *)&session->oscore_r2;
1413 coap_log_oscore("Appendix B.2 server step 2 plain response\n");
1414 build_and_send_error_pdu(session,
1415 pdu,
1416 COAP_RESPONSE_CODE(401),
1417 NULL,
1418 NULL,
1419 &oscore_r2,
1420 1);
1421 goto error_no_ack;
1422 }
1423#if COAP_CLIENT_SUPPORT
1424 if (session->b_2_step == COAP_OSCORE_B_2_STEP_3) {
1425 coap_log_oscore("Appendix B.2 client step 3 (R2 || R3)\n");
1426 coap_pdu_encode_header(plain_pdu, session->proto);
1427 plain_pdu->actual_token.s = plain_pdu->token;
1428 plain_pdu->code = plain_pdu->token[0];
1429 if (plain_pdu->code != COAP_RESPONSE_CODE(401)) {
1430 coap_log_warn("OSCORE Appendix B.2: Expected 4.01 response\n");
1431 }
1432 /* Skip the options */
1433 coap_option_iterator_init(plain_pdu, &opt_iter, COAP_OPT_ALL);
1434 while (coap_option_next(&opt_iter)) {
1435 }
1436 if (opt_iter.length > 0 && opt_iter.next_option &&
1437 opt_iter.next_option[0] == COAP_PAYLOAD_START) {
1438 plain_pdu->data = &opt_iter.next_option[1];
1439 }
1440 coap_log_oscore("Inner Response PDU (plaintext)\n");
1441 coap_show_pdu(COAP_LOG_OSCORE, plain_pdu);
1442 /*
1443 * Need to update Security Context with new (R2 || R3) ID Context
1444 * and retransmit the request
1445 */
1446 coap_binary_t *kc = coap_new_binary(cose->kid_context.length + 8);
1447
1448 if (kc == NULL) {
1449 if (!coap_request)
1450 coap_handle_event_lkd(session->context,
1451 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1452 session);
1453 goto error;
1454 }
1455 memcpy(kc->s, cose->kid_context.s, cose->kid_context.length);
1456 coap_prng_lkd(&kc->s[cose->kid_context.length], 8);
1457
1458 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1459
1460 coap_cancel_all_messages(session->context,
1461 session,
1462 &pdu->actual_token);
1463 if (session->con_active)
1464 session->con_active--;
1465 coap_send_ack_lkd(session, pdu);
1466 if (sent_pdu) {
1467 coap_log_oscore("Appendix B.2 retransmit pdu\n");
1468 if (coap_retransmit_oscore_pdu(session, sent_pdu, NULL) ==
1469 COAP_INVALID_MID)
1470 goto error_no_ack;
1471 }
1472 goto error_no_ack;
1473 }
1474#endif /* COAP_CLIENT_SUPPORT */
1475
1476#if COAP_SERVER_SUPPORT
1477 /* Appendix B.1.2 request Trap */
1478 if (coap_request && osc_ctx->rfc8613_b_1_2) {
1479 if (rcp_ctx->initial_state == 1) {
1480 opt = coap_check_option(plain_pdu, COAP_OPTION_ECHO, &opt_iter);
1481 if (opt) {
1482 /* Verify Client is genuine */
1483 if (coap_opt_length(opt) == 8 &&
1484 memcmp(coap_opt_value(opt), rcp_ctx->echo_value, 8) == 0) {
1485 if (!oscore_validate_sender_seq(rcp_ctx, cose)) {
1486 coap_log_warn("OSCORE: Replayed or old message\n");
1487 build_and_send_error_pdu(session,
1488 pdu,
1489 COAP_RESPONSE_CODE(401),
1490 "Replay detected",
1491 NULL,
1492 NULL,
1493 0);
1494 goto error_no_ack;
1495 }
1496 } else
1497 goto error;
1498 } else {
1499 /* RFC 8163 Appendix B.1.2 */
1500 if (session->b_2_step == COAP_OSCORE_B_2_STEP_4) {
1501 session->b_2_step = COAP_OSCORE_B_2_NONE;
1502 coap_log_oscore("Appendix B.2 server finished\n");
1503 }
1504 coap_prng_lkd(rcp_ctx->echo_value, sizeof(rcp_ctx->echo_value));
1505 coap_log_oscore("Appendix B.1.2 server plain response\n");
1506 build_and_send_error_pdu(session,
1507 pdu,
1508 COAP_RESPONSE_CODE(401),
1509 NULL,
1510 rcp_ctx->echo_value,
1511 NULL,
1512 1);
1513 goto error_no_ack;
1514 }
1515 }
1516 }
1517#endif /* COAP_SERVER_SUPPORT */
1518
1519 /*
1520 * 8.2 Step 7 / 8.4 Step 6.
1521 * Add decrypted Code, options and payload
1522 * [OSCORE option not copied across previously]
1523 */
1524
1525 /* PDU code is pseudo plain_pdu token */
1526 decrypt_pdu->code = plain_pdu->token[0];
1527
1528 /* Copy inner decrypted options across */
1529 coap_option_iterator_init(plain_pdu, &opt_iter, COAP_OPT_ALL);
1530 while ((opt = coap_option_next(&opt_iter))) {
1531 size_t len;
1532 size_t bias;
1533
1534 switch (opt_iter.number) {
1535 case COAP_OPTION_OSCORE:
1536 break;
1537 case COAP_OPTION_OBSERVE:
1538 if (!coap_request) {
1539 bias = cose->partial_iv.length > 3 ? cose->partial_iv.length - 3 : 0;
1540 len = cose->partial_iv.length > 3 ? 3 : cose->partial_iv.length;
1541 /* Make Observe option reflect last 3 bytes of partial_iv */
1542 if (!coap_add_option_internal(
1543 decrypt_pdu,
1544 opt_iter.number,
1545 len,
1546 cose->partial_iv.s ? &cose->partial_iv.s[bias] : NULL)) {
1547 coap_handle_event_lkd(session->context,
1548 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1549 session);
1550 goto error;
1551 }
1552 break;
1553 }
1554 association = oscore_find_association(session, &pdu_token);
1555 if (association) {
1556 association->is_observe = 1;
1557 association = NULL;
1558 }
1559 /* Fall Through */
1560 default:
1561 if (!coap_insert_option(decrypt_pdu,
1562 opt_iter.number,
1563 coap_opt_length(opt),
1564 coap_opt_value(opt))) {
1565 if (!coap_request)
1566 coap_handle_event_lkd(session->context,
1567 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1568 session);
1569 goto error;
1570 }
1571 break;
1572 }
1573 }
1574 /* Need to copy across any data */
1575 if (opt_iter.length > 0 && opt_iter.next_option &&
1576 opt_iter.next_option[0] == COAP_PAYLOAD_START) {
1577 plain_pdu->data = &opt_iter.next_option[1];
1578 if (!coap_add_data(decrypt_pdu,
1579 plain_pdu->used_size -
1580 (plain_pdu->data - plain_pdu->token),
1581 plain_pdu->data)) {
1582 if (!coap_request)
1583 coap_handle_event_lkd(session->context,
1584 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1585 session);
1586 goto error;
1587 }
1588 }
1589 coap_delete_pdu(plain_pdu);
1590 plain_pdu = NULL;
1591
1592 /* Make sure headers are correctly set up */
1593 if (!coap_pdu_encode_header(decrypt_pdu, session->proto)) {
1594 if (!coap_request)
1595 coap_handle_event_lkd(session->context,
1596 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1597 session);
1598 goto error;
1599 }
1600
1601 if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1602 session->b_2_step = COAP_OSCORE_B_2_NONE;
1603 coap_log_oscore("Appendix B.2 client finished\n");
1604 }
1605#if COAP_CLIENT_SUPPORT
1606 if (decrypt_pdu->code == COAP_RESPONSE_CODE(401) &&
1607 (opt = coap_check_option(decrypt_pdu, COAP_OPTION_ECHO, &opt_iter))) {
1608 /* Server is requesting Echo refresh check */
1609 coap_cancel_all_messages(session->context,
1610 session,
1611 &pdu->actual_token);
1612 if (session->con_active)
1613 session->con_active--;
1614 if (sent_pdu) {
1615 coap_send_ack_lkd(session, pdu);
1616 coap_log_debug("PDU requesting re-transmit\n");
1617 coap_show_pdu(COAP_LOG_DEBUG, decrypt_pdu);
1618 coap_log_oscore("RFC9175 retransmit pdu\n");
1619 /* Do not care if this fails */
1620 coap_retransmit_oscore_pdu(session, sent_pdu, opt);
1621 goto error_no_ack;
1622 }
1623 }
1624#endif /* COAP_CLIENT_SUPPORT */
1625 if (association && association->is_observe == 0)
1626 oscore_delete_association(session, association);
1627 return decrypt_pdu;
1628
1629error:
1630 coap_send_ack_lkd(session, pdu);
1631error_no_ack:
1632 if (association && association->is_observe == 0)
1633 oscore_delete_association(session, association);
1634 coap_delete_pdu(decrypt_pdu);
1635 coap_delete_pdu(plain_pdu);
1636 return NULL;
1637}
1638
1639typedef enum {
1640 COAP_ENC_ASCII = 0x01,
1641 COAP_ENC_HEX = 0x02,
1642 COAP_ENC_INTEGER = 0x08,
1643 COAP_ENC_TEXT = 0x10,
1644 COAP_ENC_BOOL = 0x20,
1645 COAP_ENC_LAST
1646} coap_oscore_coding_t;
1647
1648#undef TEXT_MAPPING
1649#define TEXT_MAPPING(t, v) \
1650 { { sizeof(#t)-1, (const uint8_t *)#t }, v }
1651
1652static struct coap_oscore_encoding_t {
1653 coap_str_const_t name;
1654 coap_oscore_coding_t encoding;
1655} oscore_encoding[] = {
1656 TEXT_MAPPING(ascii, COAP_ENC_ASCII),
1657 TEXT_MAPPING(hex, COAP_ENC_HEX),
1658 TEXT_MAPPING(integer, COAP_ENC_INTEGER),
1659 TEXT_MAPPING(text, COAP_ENC_TEXT),
1660 TEXT_MAPPING(bool, COAP_ENC_BOOL),
1661 {{0, NULL}, COAP_ENC_LAST}
1662};
1663
1664typedef struct {
1665 coap_oscore_coding_t encoding;
1666 const char *encoding_name;
1667 union {
1668 int value_int;
1669 coap_bin_const_t *value_bin;
1670 coap_str_const_t value_str;
1671 } u;
1672} oscore_value_t;
1673
1674static uint8_t
1675hex2char(char c) {
1676 assert(isxdigit(c));
1677 if ('a' <= c && c <= 'f')
1678 return c - 'a' + 10;
1679 else if ('A' <= c && c <= 'F')
1680 return c - 'A' + 10;
1681 else
1682 return c - '0';
1683}
1684
1685/* Parse the hex into binary */
1686static coap_bin_const_t *
1687parse_hex_bin(const char *begin, const char *end) {
1688 coap_binary_t *binary = NULL;
1689 size_t i;
1690
1691 if ((end - begin) % 2 != 0)
1692 goto bad_entry;
1693 binary = coap_new_binary((end - begin) / 2);
1694 if (binary == NULL)
1695 goto bad_entry;
1696 for (i = 0; (i < (size_t)(end - begin)) && isxdigit((u_char)begin[i]) &&
1697 isxdigit((u_char)begin[i + 1]);
1698 i += 2) {
1699 binary->s[i / 2] = (hex2char(begin[i]) << 4) + hex2char(begin[i + 1]);
1700 }
1701 if (i != (size_t)(end - begin))
1702 goto bad_entry;
1703 return (coap_bin_const_t *)binary;
1704
1705bad_entry:
1706 coap_delete_binary(binary);
1707 return NULL;
1708}
1709
1710/*
1711 * Break up each OSCORE Configuration line entry into the 3 parts which
1712 * are comma separated
1713 *
1714 * keyword,encoding,value
1715 */
1716static int
1717get_split_entry(const char **start,
1718 size_t size,
1719 coap_str_const_t *keyword,
1720 oscore_value_t *value) {
1721 const char *begin = *start;
1722 const char *end;
1723 const char *kend;
1724 const char *split;
1725 size_t i;
1726
1727retry:
1728 kend = end = memchr(begin, '\n', size);
1729 if (end == NULL)
1730 return 0;
1731
1732 /* Track beginning of next line */
1733 *start = end + 1;
1734 if (end > begin && end[-1] == '\r')
1735 end--;
1736
1737 if (begin[0] == '#' || (end - begin) == 0) {
1738 /* Skip comment / blank line */
1739 size -= kend - begin + 1;
1740 begin = *start;
1741 goto retry;
1742 }
1743
1744 /* Get in the keyword */
1745 split = memchr(begin, ',', end - begin);
1746 if (split == NULL)
1747 goto bad_entry;
1748
1749 keyword->s = (const uint8_t *)begin;
1750 keyword->length = split - begin;
1751
1752 begin = split + 1;
1753 if ((end - begin) == 0)
1754 goto bad_entry;
1755 /* Get in the encoding */
1756 split = memchr(begin, ',', end - begin);
1757 if (split == NULL)
1758 goto bad_entry;
1759
1760 for (i = 0; oscore_encoding[i].name.s; i++) {
1761 coap_str_const_t temp = { split - begin, (const uint8_t *)begin };
1762
1763 if (coap_string_equal(&temp, &oscore_encoding[i].name)) {
1764 value->encoding = oscore_encoding[i].encoding;
1765 value->encoding_name = (const char *)oscore_encoding[i].name.s;
1766 break;
1767 }
1768 }
1769 if (oscore_encoding[i].name.s == NULL)
1770 goto bad_entry;
1771
1772 begin = split + 1;
1773 if ((end - begin) == 0)
1774 goto bad_entry;
1775 /* Get in the keyword's value */
1776 if (begin[0] == '"') {
1777 split = memchr(&begin[1], '"', end - split - 1);
1778 if (split == NULL)
1779 goto bad_entry;
1780 end = split;
1781 begin++;
1782 }
1783 switch (value->encoding) {
1784 case COAP_ENC_ASCII:
1785 value->u.value_bin =
1786 coap_new_bin_const((const uint8_t *)begin, end - begin);
1787 break;
1788 case COAP_ENC_HEX:
1789 /* Parse the hex into binary */
1790 value->u.value_bin = parse_hex_bin(begin, end);
1791 if (value->u.value_bin == NULL)
1792 goto bad_entry;
1793 break;
1794 case COAP_ENC_INTEGER:
1795 value->u.value_int = atoi(begin);
1796 break;
1797 case COAP_ENC_TEXT:
1798 value->u.value_str.s = (const uint8_t *)begin;
1799 value->u.value_str.length = end - begin;
1800 break;
1801 case COAP_ENC_BOOL:
1802 if (memcmp("true", begin, end - begin) == 0)
1803 value->u.value_int = 1;
1804 else if (memcmp("false", begin, end - begin) == 0)
1805 value->u.value_int = 0;
1806 else
1807 goto bad_entry;
1808 break;
1809 case COAP_ENC_LAST:
1810 default:
1811 goto bad_entry;
1812 }
1813 return 1;
1814
1815bad_entry:
1816 coap_log_warn("oscore_conf: Unrecognized configuration entry '%.*s'\n",
1817 (int)(end - begin),
1818 begin);
1819 return 0;
1820}
1821
1822#undef CONFIG_ENTRY
1823#define CONFIG_ENTRY(n, e, t) \
1824 { { sizeof(#n)-1, (const uint8_t *)#n }, e, \
1825 offsetof(coap_oscore_conf_t, n), t }
1826
1827typedef struct oscore_text_mapping_t {
1828 coap_str_const_t text;
1829 int value;
1830} oscore_text_mapping_t;
1831
1832/* Naming as per https://www.iana.org/assignments/cose/cose.xhtml#algorithms */
1833static oscore_text_mapping_t text_aead_alg[] = {
1834 TEXT_MAPPING(AES-CCM-16-64-128, COSE_ALGORITHM_AES_CCM_16_64_128),
1835 TEXT_MAPPING(AES-CCM-16-64-256, COSE_ALGORITHM_AES_CCM_16_64_256),
1836 {{0, NULL}, 0}
1837};
1838
1839static oscore_text_mapping_t text_hkdf_alg[] = {
1840 TEXT_MAPPING(direct+HKDF-SHA-256, COSE_HKDF_ALG_HKDF_SHA_256),
1841 {{0, NULL}, 0}
1842};
1843
1844static struct oscore_config_t {
1845 coap_str_const_t str_keyword;
1846 coap_oscore_coding_t encoding;
1847 size_t offset;
1848 oscore_text_mapping_t *text_mapping;
1849} oscore_config[] = {
1850 CONFIG_ENTRY(master_secret, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1851 CONFIG_ENTRY(master_salt, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1852 CONFIG_ENTRY(sender_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1853 CONFIG_ENTRY(id_context, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1854 CONFIG_ENTRY(recipient_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1855 CONFIG_ENTRY(replay_window, COAP_ENC_INTEGER, NULL),
1856 CONFIG_ENTRY(ssn_freq, COAP_ENC_INTEGER, NULL),
1857 CONFIG_ENTRY(aead_alg, COAP_ENC_INTEGER | COAP_ENC_TEXT, text_aead_alg),
1858 CONFIG_ENTRY(hkdf_alg, COAP_ENC_INTEGER | COAP_ENC_TEXT, text_hkdf_alg),
1859 CONFIG_ENTRY(rfc8613_b_1_2, COAP_ENC_BOOL, NULL),
1860 CONFIG_ENTRY(rfc8613_b_2, COAP_ENC_BOOL, NULL),
1861 CONFIG_ENTRY(break_sender_key, COAP_ENC_BOOL, NULL),
1862 CONFIG_ENTRY(break_recipient_key, COAP_ENC_BOOL, NULL),
1863};
1864
1865int
1866coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf) {
1867 uint32_t i;
1868
1869 if (oscore_conf == NULL)
1870 return 0;
1871
1872 coap_delete_bin_const(oscore_conf->master_secret);
1873 coap_delete_bin_const(oscore_conf->master_salt);
1874 coap_delete_bin_const(oscore_conf->id_context);
1875 coap_delete_bin_const(oscore_conf->sender_id);
1876 for (i = 0; i < oscore_conf->recipient_id_count; i++) {
1877 coap_delete_bin_const(oscore_conf->recipient_id[i]);
1878 }
1879 coap_free_type(COAP_STRING, oscore_conf->recipient_id);
1880 coap_free_type(COAP_STRING, oscore_conf);
1881 return 1;
1882}
1883
1884static coap_oscore_conf_t *
1885coap_parse_oscore_conf_mem(coap_str_const_t conf_mem) {
1886 const char *start = (const char *)conf_mem.s;
1887 const char *end = start + conf_mem.length;
1888 coap_str_const_t keyword;
1889 oscore_value_t value;
1890 coap_oscore_conf_t *oscore_conf;
1891
1892 oscore_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_conf_t));
1893 if (oscore_conf == NULL)
1894 return NULL;
1895 memset(oscore_conf, 0, sizeof(coap_oscore_conf_t));
1896
1897 memset(&value, 0, sizeof(value));
1898 /* Preset with defaults */
1899 oscore_conf->replay_window = COAP_OSCORE_DEFAULT_REPLAY_WINDOW;
1900 oscore_conf->ssn_freq = 1;
1901 oscore_conf->aead_alg = COSE_ALGORITHM_AES_CCM_16_64_128;
1902 oscore_conf->hkdf_alg = COSE_HKDF_ALG_HKDF_SHA_256;
1903 oscore_conf->rfc8613_b_1_2 = 1;
1904 oscore_conf->rfc8613_b_2 = 0;
1905 oscore_conf->break_sender_key = 0;
1906 oscore_conf->break_recipient_key = 0;
1907
1908 while (end > start &&
1909 get_split_entry(&start, end - start, &keyword, &value)) {
1910 size_t i;
1911 size_t j;
1912
1913 for (i = 0; i < sizeof(oscore_config) / sizeof(oscore_config[0]); i++) {
1914 if (coap_string_equal(&oscore_config[i].str_keyword, &keyword) != 0 &&
1915 value.encoding & oscore_config[i].encoding) {
1916 if (coap_string_equal(coap_make_str_const("recipient_id"), &keyword)) {
1917 if (value.u.value_bin->length > 7) {
1918 coap_log_warn("oscore_conf: Maximum size of recipient_id is 7 bytes\n");
1919 goto error_free_value_bin;
1920 }
1921 /* Special case as there are potentially multiple entries */
1922 oscore_conf->recipient_id =
1923 coap_realloc_type(COAP_STRING,
1924 oscore_conf->recipient_id,
1925 sizeof(oscore_conf->recipient_id[0]) *
1926 (oscore_conf->recipient_id_count + 1));
1927 if (oscore_conf->recipient_id == NULL) {
1928 goto error_free_value_bin;
1929 }
1930 oscore_conf->recipient_id[oscore_conf->recipient_id_count++] =
1931 value.u.value_bin;
1932 } else {
1933 coap_bin_const_t *unused_check;
1934
1935 switch (value.encoding) {
1936 case COAP_ENC_HEX:
1937 case COAP_ENC_ASCII:
1938 memcpy(&unused_check,
1939 &(((char *)oscore_conf)[oscore_config[i].offset]),
1940 sizeof(unused_check));
1941 if (unused_check != NULL) {
1942 coap_log_warn("oscore_conf: Keyword '%.*s' duplicated\n",
1943 (int)keyword.length,
1944 (const char *)keyword.s);
1945 goto error;
1946 }
1947 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
1948 &value.u.value_bin,
1949 sizeof(value.u.value_bin));
1950 break;
1951 case COAP_ENC_INTEGER:
1952 case COAP_ENC_BOOL:
1953 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
1954 &value.u.value_int,
1955 sizeof(value.u.value_int));
1956 break;
1957 case COAP_ENC_TEXT:
1958 for (j = 0; oscore_config[i].text_mapping[j].text.s != NULL; j++) {
1959 if (coap_string_equal(&value.u.value_str,
1960 &oscore_config[i].text_mapping[j].text)) {
1961 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
1962 &oscore_config[i].text_mapping[j].value,
1963 sizeof(oscore_config[i].text_mapping[j].value));
1964 break;
1965 }
1966 }
1967 if (oscore_config[i].text_mapping[j].text.s == NULL) {
1968 coap_log_warn("oscore_conf: Keyword '%.*s': value '%.*s' unknown\n",
1969 (int)keyword.length,
1970 (const char *)keyword.s,
1971 (int)value.u.value_str.length,
1972 (const char *)value.u.value_str.s);
1973 goto error;
1974 }
1975 break;
1976 case COAP_ENC_LAST:
1977 default:
1978 assert(0);
1979 break;
1980 }
1981 }
1982 break;
1983 }
1984 }
1985 if (i == sizeof(oscore_config) / sizeof(oscore_config[0])) {
1986 coap_log_warn("oscore_conf: Keyword '%.*s', type '%s' unknown\n",
1987 (int)keyword.length,
1988 (const char *)keyword.s,
1989 value.encoding_name);
1990 if (value.encoding == COAP_ENC_HEX || value.encoding == COAP_ENC_ASCII)
1991 coap_delete_bin_const(value.u.value_bin);
1992 goto error;
1993 }
1994 }
1995 if (!oscore_conf->master_secret) {
1996 coap_log_warn("oscore_conf: master_secret not defined\n");
1997 goto error;
1998 }
1999 if (!oscore_conf->sender_id) {
2000 coap_log_warn("oscore_conf: sender_id not defined\n");
2001 goto error;
2002 }
2003 if (oscore_conf->sender_id->length > 7) {
2004 coap_log_warn("oscore_conf: Maximum size of sender_id is 7 bytes\n");
2005 goto error;
2006 }
2007 if (oscore_conf->recipient_id && oscore_conf->recipient_id[0]->length > 7) {
2008 coap_log_warn("oscore_conf: Maximum size of recipient_id is 7 bytes\n");
2009 goto error;
2010 }
2011 return oscore_conf;
2012
2013error_free_value_bin:
2014 coap_delete_bin_const(value.u.value_bin);
2015error:
2016 coap_delete_oscore_conf(oscore_conf);
2017 return NULL;
2018}
2019
2020static oscore_ctx_t *
2021coap_oscore_init(coap_context_t *c_context, coap_oscore_conf_t *oscore_conf) {
2022 oscore_ctx_t *osc_ctx = NULL;
2023
2024 if (!coap_crypto_check_cipher_alg(oscore_conf->aead_alg)) {
2025 coap_log_warn("COSE: Cipher Algorithm %d not supported\n",
2026 oscore_conf->aead_alg);
2027 goto error;
2028 }
2029 if (!coap_crypto_check_hkdf_alg(oscore_conf->hkdf_alg)) {
2030 coap_log_warn("COSE: HKDF Algorithm %d not supported\n",
2031 oscore_conf->hkdf_alg);
2032 goto error;
2033 }
2034
2035 osc_ctx = oscore_derive_ctx(c_context, oscore_conf);
2036 if (!osc_ctx) {
2037 coap_log_crit("OSCORE: Could not create Security Context!\n");
2038 goto error;
2039 }
2040
2041 /* Free off the recipient_id array */
2042 coap_free_type(COAP_STRING, oscore_conf->recipient_id);
2043 oscore_conf->recipient_id = NULL;
2044
2045 /* As all is stored in osc_ctx, oscore_conf is no longer needed */
2046 coap_free_type(COAP_STRING, oscore_conf);
2047
2048 /* return default first context */
2049 return osc_ctx;
2050
2051error:
2052 /* Remove from linked chain */
2053 oscore_remove_context(c_context, osc_ctx);
2054
2055 coap_delete_oscore_conf(oscore_conf);
2056 return NULL;
2057}
2058
2059void
2060coap_delete_all_oscore(coap_context_t *c_context) {
2061 oscore_free_contexts(c_context);
2062}
2063
2064void
2065coap_delete_oscore_associations(coap_session_t *session) {
2066 oscore_delete_server_associations(session);
2067}
2068
2069coap_oscore_conf_t *
2070coap_new_oscore_conf(coap_str_const_t conf_mem,
2071 coap_oscore_save_seq_num_t save_seq_num_func,
2072 void *save_seq_num_func_param,
2073 uint64_t start_seq_num) {
2074 coap_oscore_conf_t *oscore_conf = coap_parse_oscore_conf_mem(conf_mem);
2075
2076 if (oscore_conf == NULL)
2077 return NULL;
2078
2079 oscore_conf->save_seq_num_func = save_seq_num_func;
2080 oscore_conf->save_seq_num_func_param = save_seq_num_func_param;
2081 oscore_conf->start_seq_num = start_seq_num;
2082 coap_log_oscore("Start Seq no %" PRIu64 "\n", start_seq_num);
2083 return oscore_conf;
2084}
2085
2086/*
2087 * Compute the size of the potential OSCORE overhead
2088 */
2089size_t
2090coap_oscore_overhead(coap_session_t *session, coap_pdu_t *pdu) {
2091 size_t overhead = 0;
2092 oscore_recipient_ctx_t *rcp_ctx = session->recipient_ctx;
2093 oscore_ctx_t *osc_ctx = rcp_ctx ? rcp_ctx->osc_ctx : NULL;
2094 coap_opt_iterator_t opt_iter;
2095 coap_opt_t *option;
2096
2097 if (osc_ctx == NULL)
2098 return 0;
2099
2100 /* Protected code held in inner PDU as token */
2101 overhead += 1;
2102
2103 /* Observe option (creates inner and outer */
2104 option = coap_check_option(pdu, COAP_OPTION_OBSERVE, &opt_iter);
2105 if (option) {
2106 /* Assume delta is small */
2107 overhead += 2 + coap_opt_length(option);
2108 }
2109
2110 /* Proxy URI option Split - covered by coap_rebuild_pdu_for_proxy () */
2111
2112 /* OSCORE option */
2113 /* Option header */
2114 overhead += 1 +
2115 /* Partial IV (64 bits max)*/
2116 8 +
2117 /* kid context */
2118 (osc_ctx->id_context ? osc_ctx->id_context->length : 0) +
2119 /* kid */
2120 osc_ctx->sender_context->sender_id->length;
2121
2122 /* AAD overhead */
2123 overhead += AES_CCM_TAG;
2124
2125 /* End of options marker */
2126 overhead += 1;
2127
2128 return overhead;
2129}
2130
2131COAP_API int
2132coap_new_oscore_recipient(coap_context_t *context,
2133 coap_bin_const_t *recipient_id) {
2134 int ret;
2135
2136 coap_lock_lock(context, return 0);
2137 ret = coap_new_oscore_recipient_lkd(context, recipient_id);
2138 coap_lock_unlock(context);
2139 return ret;
2140}
2141
2142int
2143coap_new_oscore_recipient_lkd(coap_context_t *context,
2144 coap_bin_const_t *recipient_id) {
2145 coap_lock_check_locked(context);
2146 if (context->p_osc_ctx == NULL)
2147 return 0;
2148 if (oscore_add_recipient(context->p_osc_ctx, recipient_id, 0) == NULL)
2149 return 0;
2150 return 1;
2151}
2152
2153COAP_API int
2154coap_delete_oscore_recipient(coap_context_t *context,
2155 coap_bin_const_t *recipient_id) {
2156 int ret;
2157
2158 if (!context || !recipient_id)
2159 return 0;
2160 coap_lock_lock(context, return 0);
2161 ret = coap_delete_oscore_recipient_lkd(context, recipient_id);
2162 coap_lock_unlock(context);
2163 return ret;
2164}
2165
2166int
2167coap_delete_oscore_recipient_lkd(coap_context_t *context,
2168 coap_bin_const_t *recipient_id) {
2169 coap_lock_check_locked(context);
2170 if (context->p_osc_ctx == NULL)
2171 return 0;
2172 return oscore_delete_recipient(context->p_osc_ctx, recipient_id);
2173}
2174
2177#else /* !COAP_OSCORE_SUPPORT */
2178int
2179coap_oscore_is_supported(void) {
2180 return 0;
2181}
2182
2183coap_session_t *
2184coap_new_client_session_oscore(coap_context_t *ctx,
2185 const coap_address_t *local_if,
2186 const coap_address_t *server,
2187 coap_proto_t proto,
2188 coap_oscore_conf_t *oscore_conf) {
2189 (void)ctx;
2190 (void)local_if;
2191 (void)server;
2192 (void)proto;
2193 (void)oscore_conf;
2194 return NULL;
2195}
2196
2197coap_session_t *
2198coap_new_client_session_oscore_psk(coap_context_t *ctx,
2199 const coap_address_t *local_if,
2200 const coap_address_t *server,
2201 coap_proto_t proto,
2202 coap_dtls_cpsk_t *psk_data,
2203 coap_oscore_conf_t *oscore_conf) {
2204 (void)ctx;
2205 (void)local_if;
2206 (void)server;
2207 (void)proto;
2208 (void)psk_data;
2209 (void)oscore_conf;
2210 return NULL;
2211}
2212
2213coap_session_t *
2214coap_new_client_session_oscore_pki(coap_context_t *ctx,
2215 const coap_address_t *local_if,
2216 const coap_address_t *server,
2217 coap_proto_t proto,
2218 coap_dtls_pki_t *pki_data,
2219 coap_oscore_conf_t *oscore_conf) {
2220 (void)ctx;
2221 (void)local_if;
2222 (void)server;
2223 (void)proto;
2224 (void)pki_data;
2225 (void)oscore_conf;
2226 return NULL;
2227}
2228
2229int
2230coap_context_oscore_server(coap_context_t *context,
2231 coap_oscore_conf_t *oscore_conf) {
2232 (void)context;
2233 (void)oscore_conf;
2234 return 0;
2235}
2236
2237coap_oscore_conf_t *
2238coap_new_oscore_conf(coap_str_const_t conf_mem,
2239 coap_oscore_save_seq_num_t save_seq_num_func,
2240 void *save_seq_num_func_param,
2241 uint64_t start_seq_num) {
2242 (void)conf_mem;
2243 (void)save_seq_num_func;
2244 (void)save_seq_num_func_param;
2245 (void)start_seq_num;
2246 return NULL;
2247}
2248
2249int
2250coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf) {
2251 (void)oscore_conf;
2252 return 0;
2253}
2254
2255int
2256coap_new_oscore_recipient(coap_context_t *context,
2257 coap_bin_const_t *recipient_id) {
2258 (void)context;
2259 (void)recipient_id;
2260 return 0;
2261}
2262
2263int
2264coap_delete_oscore_recipient(coap_context_t *context,
2265 coap_bin_const_t *recipient_id) {
2266 (void)context;
2267 (void)recipient_id;
2268 return 0;
2269}
2270
2271#endif /* !COAP_OSCORE_SUPPORT */
PRIu64
#define PRIu64
Definition coap_internal.h:51
coap_libcoap_build.h
Library specific build wrapper for coap_internal.h.
COAP_API
#define COAP_API
Definition coap_libcoap_build.h:41
COAP_OSCORE_BUF
@ COAP_OSCORE_BUF
Definition coap_mem.h:66
COAP_STRING
@ COAP_STRING
Definition coap_mem.h:39
coap_realloc_type
void * coap_realloc_type(coap_memory_tag_t type, void *p, size_t size)
Reallocates a chunk p of bytes created by coap_malloc_type() or coap_realloc_type() and returns a poi...
coap_malloc_type
void * coap_malloc_type(coap_memory_tag_t type, size_t size)
Allocates a chunk of size bytes and returns a pointer to the newly allocated memory.
coap_free_type
void coap_free_type(coap_memory_tag_t type, void *p)
Releases the memory that was allocated by coap_malloc_type().
coap_opt_t
uint8_t coap_opt_t
Use byte-oriented access methods here because sliding a complex struct coap_opt_t over the data buffe...
Definition coap_option.h:26
coap_uri_scheme_is_secure
static int coap_uri_scheme_is_secure(const coap_uri_t *uri)
Definition coap_uri.h:81
COAP_URI_SCHEME_LAST
@ COAP_URI_SCHEME_LAST
Definition coap_uri.h:37
coap_send_ack_lkd
coap_mid_t coap_send_ack_lkd(coap_session_t *session, const coap_pdu_t *request)
Sends an ACK message with code 0 for the specified request to dst.
Definition coap_net.c:986
coap_retransmit_oscore_pdu
coap_mid_t coap_retransmit_oscore_pdu(coap_session_t *session, coap_pdu_t *pdu, coap_opt_t *echo)
coap_prng_lkd
int coap_prng_lkd(void *buf, size_t len)
Fills buf with len random bytes using the default pseudo random number generator.
Definition coap_prng.c:178
coap_handle_event_lkd
int coap_handle_event_lkd(coap_context_t *context, coap_event_t event, coap_session_t *session)
Invokes the event handler of context for the given event and data.
Definition coap_net.c:4358
coap_new_message_id_lkd
uint16_t coap_new_message_id_lkd(coap_session_t *session)
Returns a new message id and updates session->tx_mid accordingly.
Definition coap_session.c:1909
coap_send_internal
coap_mid_t coap_send_internal(coap_session_t *session, coap_pdu_t *pdu)
Sends a CoAP message to given peer.
Definition coap_net.c:1679
coap_cancel_all_messages
void coap_cancel_all_messages(coap_context_t *context, coap_session_t *session, coap_bin_const_t *token)
Cancels all outstanding messages for session session that have the specified token.
Definition coap_net.c:2616
COAP_OSCORE_DEFAULT_REPLAY_WINDOW
#define COAP_OSCORE_DEFAULT_REPLAY_WINDOW
Definition coap_crypto_internal.h:38
coap_crypto_check_hkdf_alg
int coap_crypto_check_hkdf_alg(cose_hkdf_alg_t hkdf_alg)
Check whether the defined hkdf algorithm is supported by the underlying crypto library.
coap_crypto_check_cipher_alg
int coap_crypto_check_cipher_alg(cose_alg_t alg)
Check whether the defined cipher algorithm is supported by the underlying crypto library.
coap_encode_var_safe
unsigned int coap_encode_var_safe(uint8_t *buf, size_t length, unsigned int val)
Encodes multiple-length byte sequences.
Definition coap_encode.c:47
coap_decode_var_bytes
unsigned int coap_decode_var_bytes(const uint8_t *buf, size_t len)
Decodes multiple-length byte sequences.
Definition coap_encode.c:38
coap_decode_var_bytes8
uint64_t coap_decode_var_bytes8(const uint8_t *buf, size_t len)
Decodes multiple-length byte sequences.
Definition coap_encode.c:67
coap_encode_var_safe8
unsigned int coap_encode_var_safe8(uint8_t *buf, size_t length, uint64_t val)
Encodes multiple-length byte sequences.
Definition coap_encode.c:77
COAP_EVENT_OSCORE_DECODE_ERROR
@ COAP_EVENT_OSCORE_DECODE_ERROR
Triggered when there is an OSCORE decode of OSCORE option failure.
Definition coap_event.h:118
COAP_EVENT_OSCORE_INTERNAL_ERROR
@ COAP_EVENT_OSCORE_INTERNAL_ERROR
Triggered when there is an OSCORE internal error i.e malloc failed.
Definition coap_event.h:116
COAP_EVENT_OSCORE_NOT_ENABLED
@ COAP_EVENT_OSCORE_NOT_ENABLED
Triggered when trying to use OSCORE to decrypt, but it is not enabled.
Definition coap_event.h:110
COAP_EVENT_OSCORE_NO_SECURITY
@ COAP_EVENT_OSCORE_NO_SECURITY
Triggered when there is no OSCORE security definition found.
Definition coap_event.h:114
COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD
@ COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD
Triggered when there is no OSCORE encrypted payload provided.
Definition coap_event.h:112
COAP_EVENT_OSCORE_DECRYPTION_FAILURE
@ COAP_EVENT_OSCORE_DECRYPTION_FAILURE
Triggered when there is an OSCORE decryption failure.
Definition coap_event.h:108
coap_lock_unlock
#define coap_lock_unlock(c)
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:477
coap_lock_lock
#define coap_lock_lock(c, failed)
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:465
coap_lock_check_locked
#define coap_lock_check_locked(c)
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:491
coap_log_debug
#define coap_log_debug(...)
Definition coap_debug.h:120
coap_get_log_level
coap_log_t coap_get_log_level(void)
Get the current logging level.
Definition coap_debug.c:95
coap_show_pdu
void coap_show_pdu(coap_log_t level, const coap_pdu_t *pdu)
Display the contents of the specified pdu.
Definition coap_debug.c:778
coap_log_oscore
#define coap_log_oscore(...)
Definition coap_debug.h:126
coap_log_warn
#define coap_log_warn(...)
Definition coap_debug.h:102
coap_log_crit
#define coap_log_crit(...)
Definition coap_debug.h:90
COAP_LOG_OSCORE
@ COAP_LOG_OSCORE
Definition coap_debug.h:59
COAP_LOG_DEBUG
@ COAP_LOG_DEBUG
Definition coap_debug.h:58
coap_option_next
coap_opt_t * coap_option_next(coap_opt_iterator_t *oi)
Updates the iterator oi to point to the next option.
Definition coap_option.c:153
coap_opt_length
uint32_t coap_opt_length(const coap_opt_t *opt)
Returns the length of the given option.
Definition coap_option.c:212
coap_option_iterator_init
coap_opt_iterator_t * coap_option_iterator_init(const coap_pdu_t *pdu, coap_opt_iterator_t *oi, const coap_opt_filter_t *filter)
Initializes the given option iterator oi to point to the beginning of the pdu's option list.
Definition coap_option.c:117
coap_delete_optlist
void coap_delete_optlist(coap_optlist_t *queue)
Removes all entries from the optlist_chain, freeing off their memory usage.
Definition coap_option.c:592
COAP_OPT_ALL
#define COAP_OPT_ALL
Pre-defined filter that includes all options.
Definition coap_option.h:108
coap_add_optlist_pdu
int coap_add_optlist_pdu(coap_pdu_t *pdu, coap_optlist_t **options)
The current optlist of optlist_chain is first sorted (as per RFC7272 ordering requirements) and then ...
Definition coap_option.c:551
coap_check_option
coap_opt_t * coap_check_option(const coap_pdu_t *pdu, coap_option_num_t number, coap_opt_iterator_t *oi)
Retrieves the first option of number number from pdu.
Definition coap_option.c:199
coap_opt_value
const uint8_t * coap_opt_value(const coap_opt_t *opt)
Returns a pointer to the value of the given option.
Definition coap_option.c:249
oscore_cbor_get_element_size
size_t oscore_cbor_get_element_size(const uint8_t **buffer, size_t *buf_len)
Definition oscore_cbor.c:240
cose_encrypt0_set_plaintext
void cose_encrypt0_set_plaintext(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size)
Definition oscore_cose.c:315
cose_encrypt0_set_key
int cose_encrypt0_set_key(cose_encrypt0_t *ptr, coap_bin_const_t *key)
Definition oscore_cose.c:401
cose_encrypt0_set_kid_context
void cose_encrypt0_set_kid_context(cose_encrypt0_t *ptr, coap_bin_const_t *kid_context)
Definition oscore_cose.c:368
cose_get_alg_name
const char * cose_get_alg_name(cose_alg_t id, char *buffer, size_t buflen)
Definition oscore_cose.c:120
cose_encrypt0_set_ciphertext
void cose_encrypt0_set_ciphertext(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size)
Definition oscore_cose.c:307
cose_encrypt0_decrypt
int cose_encrypt0_decrypt(cose_encrypt0_t *ptr, uint8_t *plaintext_buffer, size_t plaintext_len)
Definition oscore_cose.c:460
cose_tag_len
size_t cose_tag_len(cose_alg_t cose_alg)
Definition oscore_cose.c:196
cose_encrypt0_set_aad
void cose_encrypt0_set_aad(cose_encrypt0_t *ptr, coap_bin_const_t *aad)
Definition oscore_cose.c:390
cose_encrypt0_encrypt
int cose_encrypt0_encrypt(cose_encrypt0_t *ptr, uint8_t *ciphertext_buffer, size_t ciphertext_len)
Definition oscore_cose.c:421
cose_encrypt0_set_partial_iv
void cose_encrypt0_set_partial_iv(cose_encrypt0_t *ptr, coap_bin_const_t *partial_iv)
Definition oscore_cose.c:325
cose_encrypt0_set_external_aad
void cose_encrypt0_set_external_aad(cose_encrypt0_t *ptr, coap_bin_const_t *external_aad)
Definition oscore_cose.c:379
cose_encrypt0_init
void cose_encrypt0_init(cose_encrypt0_t *ptr)
Definition oscore_cose.c:297
cose_encrypt0_set_alg
void cose_encrypt0_set_alg(cose_encrypt0_t *ptr, uint8_t alg)
Definition oscore_cose.c:302
cose_encrypt0_set_key_id
void cose_encrypt0_set_key_id(cose_encrypt0_t *ptr, coap_bin_const_t *key_id)
Definition oscore_cose.c:346
cose_encrypt0_set_nonce
void cose_encrypt0_set_nonce(cose_encrypt0_t *ptr, coap_bin_const_t *nonce)
Definition oscore_cose.c:411
COSE_HKDF_ALG_HKDF_SHA_256
@ COSE_HKDF_ALG_HKDF_SHA_256
Definition oscore_cose.h:167
COSE_ALGORITHM_AES_CCM_16_64_128
@ COSE_ALGORITHM_AES_CCM_16_64_128
Definition oscore_cose.h:145
COSE_ALGORITHM_AES_CCM_16_64_256
@ COSE_ALGORITHM_AES_CCM_16_64_256
Definition oscore_cose.h:146
coap_new_client_session_oscore_psk_lkd
coap_session_t * coap_new_client_session_oscore_psk_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PSK credentials as well as protecting the ...
oscore_prepare_aad
size_t oscore_prepare_aad(const uint8_t *external_aad_buffer, size_t external_aad_len, uint8_t *aad_buffer, size_t aad_size)
Definition oscore.c:312
oscore_encode_option_value
size_t oscore_encode_option_value(uint8_t *option_buffer, size_t option_buf_len, cose_encrypt0_t *cose, uint8_t group_flag, uint8_t appendix_b_2)
Definition oscore.c:170
coap_delete_oscore_recipient_lkd
int coap_delete_oscore_recipient_lkd(coap_context_t *context, coap_bin_const_t *recipient_id)
Release all the information associated for the specific Recipient ID (and hence and stop any further ...
oscore_delete_association
int oscore_delete_association(coap_session_t *session, oscore_association_t *association)
Definition oscore_context.c:756
oscore_validate_sender_seq
uint8_t oscore_validate_sender_seq(oscore_recipient_ctx_t *ctx, cose_encrypt0_t *cose)
Definition oscore.c:366
oscore_add_recipient
oscore_recipient_ctx_t * oscore_add_recipient(oscore_ctx_t *osc_ctx, coap_bin_const_t *rid, uint32_t break_key)
oscore_add_recipient - add in recipient information
Definition oscore_context.c:600
OSCORE_SEQ_MAX
#define OSCORE_SEQ_MAX
Definition oscore_context.h:72
AES_CCM_TAG
#define AES_CCM_TAG
Definition oscore_crypto.h:61
oscore_decode_option_value
int oscore_decode_option_value(const uint8_t *opt_value, size_t option_len, cose_encrypt0_t *cose)
Definition oscore.c:246
coap_oscore_new_pdu_encrypted_lkd
coap_pdu_t * coap_oscore_new_pdu_encrypted_lkd(coap_session_t *session, coap_pdu_t *pdu, coap_bin_const_t *kid_context, oscore_partial_iv_t send_partial_iv)
Encrypts the specified pdu when OSCORE encryption is required on session.
coap_new_client_session_oscore_lkd
coap_session_t * coap_new_client_session_oscore_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server, protecting the data using OSCORE.
oscore_delete_recipient
int oscore_delete_recipient(oscore_ctx_t *osc_ctx, coap_bin_const_t *rid)
Definition oscore_context.c:654
oscore_increment_sender_seq
uint8_t oscore_increment_sender_seq(oscore_ctx_t *ctx)
Definition oscore.c:430
oscore_update_ctx
void oscore_update_ctx(oscore_ctx_t *osc_ctx, coap_bin_const_t *id_context)
oscore_update_ctx - update a osc_ctx with a new id_context
Definition oscore_context.c:387
oscore_derive_ctx
oscore_ctx_t * oscore_derive_ctx(coap_context_t *c_context, coap_oscore_conf_t *oscore_conf)
oscore_derive_ctx - derive a osc_ctx from oscore_conf information
Definition oscore_context.c:513
coap_oscore_new_pdu_encrypted
COAP_API coap_pdu_t * coap_oscore_new_pdu_encrypted(coap_session_t *session, coap_pdu_t *pdu, coap_bin_const_t *kid_context, oscore_partial_iv_t send_partial_iv)
Encrypts the specified pdu when OSCORE encryption is required on session.
oscore_roll_back_seq
void oscore_roll_back_seq(oscore_recipient_ctx_t *ctx)
Definition oscore.c:447
oscore_new_association
int oscore_new_association(coap_session_t *session, coap_pdu_t *sent_pdu, coap_bin_const_t *token, oscore_recipient_ctx_t *recipient_ctx, coap_bin_const_t *aad, coap_bin_const_t *nonce, coap_bin_const_t *partial_iv, int is_observe)
Definition oscore_context.c:686
oscore_prepare_e_aad
size_t oscore_prepare_e_aad(oscore_ctx_t *ctx, cose_encrypt0_t *cose, const uint8_t *oscore_option, size_t oscore_option_len, coap_bin_const_t *sender_public_key, uint8_t *external_aad_ptr, size_t external_aad_size)
Definition oscore.c:119
oscore_delete_server_associations
void oscore_delete_server_associations(coap_session_t *session)
Definition oscore_context.c:767
oscore_log_char_value
void oscore_log_char_value(coap_log_t level, const char *name, const char *value)
Definition oscore_context.c:268
coap_oscore_decrypt_pdu
struct coap_pdu_t * coap_oscore_decrypt_pdu(coap_session_t *session, coap_pdu_t *pdu)
Decrypts the OSCORE-encrypted parts of pdu when OSCORE is used.
coap_rebuild_pdu_for_proxy
int coap_rebuild_pdu_for_proxy(coap_pdu_t *pdu)
Convert PDU to use Proxy-Scheme option if Proxy-Uri option is present.
oscore_free_contexts
void oscore_free_contexts(coap_context_t *c_context)
Definition oscore_context.c:149
oscore_log_hex_value
void oscore_log_hex_value(coap_log_t level, const char *name, coap_bin_const_t *value)
Definition oscore_context.c:235
coap_delete_oscore_associations
void coap_delete_oscore_associations(coap_session_t *session)
Cleanup all allocated OSCORE association information.
coap_oscore_initiate
int coap_oscore_initiate(coap_session_t *session, coap_oscore_conf_t *oscore_conf)
Initiate an OSCORE session.
coap_new_oscore_recipient_lkd
int coap_new_oscore_recipient_lkd(coap_context_t *context, coap_bin_const_t *recipient_id)
Add in the specific Recipient ID into the OSCORE context (server only).
oscore_duplicate_ctx
oscore_ctx_t * oscore_duplicate_ctx(coap_context_t *c_context, oscore_ctx_t *o_osc_ctx, coap_bin_const_t *sender_id, coap_bin_const_t *recipient_id, coap_bin_const_t *id_context)
oscore_duplicate_ctx - duplicate a osc_ctx
Definition oscore_context.c:429
oscore_partial_iv_t
oscore_partial_iv_t
Definition coap_oscore_internal.h:63
coap_delete_all_oscore
void coap_delete_all_oscore(coap_context_t *context)
Cleanup all allocated OSCORE information.
oscore_generate_nonce
void oscore_generate_nonce(cose_encrypt0_t *ptr, oscore_ctx_t *ctx, uint8_t *buffer, uint8_t size)
Definition oscore.c:343
oscore_remove_context
int oscore_remove_context(coap_context_t *c_context, oscore_ctx_t *osc_ctx)
Definition oscore_context.c:160
oscore_find_association
oscore_association_t * oscore_find_association(coap_session_t *session, coap_bin_const_t *token)
Definition oscore_context.c:748
coap_context_oscore_server_lkd
int coap_context_oscore_server_lkd(coap_context_t *context, coap_oscore_conf_t *oscore_conf)
Set the context's default OSCORE configuration for a server.
oscore_find_context
oscore_ctx_t * oscore_find_context(const coap_context_t *c_context, const coap_bin_const_t rcpkey_id, const coap_bin_const_t *ctxkey_id, uint8_t *oscore_r2, oscore_recipient_ctx_t **recipient_ctx)
oscore_find_context - Locate recipient context (and hence OSCORE context)
Definition oscore_context.c:185
coap_new_client_session_oscore_pki_lkd
coap_session_t * coap_new_client_session_oscore_pki_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PKI credentials as well as protecting the ...
coap_oscore_overhead
size_t coap_oscore_overhead(coap_session_t *session, coap_pdu_t *pdu)
Determine the additional data size requirements for adding in OSCORE.
OSCORE_MODE_SINGLE
@ OSCORE_MODE_SINGLE
Vanilla RFC8613 support.
Definition oscore_context.h:75
OSCORE_SEND_PARTIAL_IV
@ OSCORE_SEND_PARTIAL_IV
Send partial IV with encrypted PDU.
Definition coap_oscore_internal.h:65
OSCORE_SEND_NO_IV
@ OSCORE_SEND_NO_IV
Do not send partial IV unless added by a response.
Definition coap_oscore_internal.h:64
coap_new_oscore_conf
coap_oscore_conf_t * coap_new_oscore_conf(coap_str_const_t conf_mem, coap_oscore_save_seq_num_t save_seq_num_func, void *save_seq_num_func_param, uint64_t start_seq_num)
Parse an OSCORE configuration (held in memory) and populate a OSCORE configuration structure.
Definition coap_oscore.c:2238
coap_new_client_session_oscore_psk
coap_session_t * coap_new_client_session_oscore_psk(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PSK credentials as well as protecting the ...
Definition coap_oscore.c:2198
coap_delete_oscore_conf
int coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf)
Release all the information associated with the OSCORE configuration.
Definition coap_oscore.c:2250
coap_new_client_session_oscore
coap_session_t * coap_new_client_session_oscore(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server, protecting the data using OSCORE.
Definition coap_oscore.c:2184
coap_context_oscore_server
int coap_context_oscore_server(coap_context_t *context, coap_oscore_conf_t *oscore_conf)
Set the context's default OSCORE configuration for a server.
Definition coap_oscore.c:2230
coap_new_client_session_oscore_pki
coap_session_t * coap_new_client_session_oscore_pki(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PKI credentials as well as protecting the ...
Definition coap_oscore.c:2214
coap_new_oscore_recipient
int coap_new_oscore_recipient(coap_context_t *context, coap_bin_const_t *recipient_id)
Add in the specific Recipient ID into the OSCORE context (server only).
Definition coap_oscore.c:2256
coap_oscore_save_seq_num_t
int(* coap_oscore_save_seq_num_t)(uint64_t sender_seq_num, void *param)
Definition of the function used to save the current Sender Sequence Number.
Definition coap_oscore.h:130
coap_delete_oscore_recipient
int coap_delete_oscore_recipient(coap_context_t *context, coap_bin_const_t *recipient_id)
Release all the information associated for the specific Recipient ID (and hence and stop any further ...
Definition coap_oscore.c:2264
coap_insert_option
size_t coap_insert_option(coap_pdu_t *pdu, coap_option_num_t number, size_t len, const uint8_t *data)
Inserts option of given number in the pdu with the appropriate data.
Definition coap_pdu.c:610
coap_remove_option
int coap_remove_option(coap_pdu_t *pdu, coap_option_num_t number)
Removes (first) option of given number from the pdu.
Definition coap_pdu.c:473
COAP_PDU_IS_PING
#define COAP_PDU_IS_PING(pdu)
Definition coap_pdu_internal.h:106
coap_pdu_encode_header
size_t coap_pdu_encode_header(coap_pdu_t *pdu, coap_proto_t proto)
Compose the protocol specific header for the specified PDU.
Definition coap_pdu.c:1469
coap_pdu_duplicate_lkd
coap_pdu_t * coap_pdu_duplicate_lkd(const coap_pdu_t *old_pdu, coap_session_t *session, size_t token_length, const uint8_t *token, coap_opt_filter_t *drop_options)
Duplicate an existing PDU.
Definition coap_pdu.c:214
COAP_PAYLOAD_START
#define COAP_PAYLOAD_START
Definition coap_pdu_internal.h:99
coap_pdu_resize
int coap_pdu_resize(coap_pdu_t *pdu, size_t new_size)
Dynamically grows the size of pdu to new_size.
Definition coap_pdu.c:281
COAP_PDU_IS_REQUEST
#define COAP_PDU_IS_REQUEST(pdu)
Definition coap_pdu_internal.h:102
coap_add_option_internal
size_t coap_add_option_internal(coap_pdu_t *pdu, coap_option_num_t number, size_t len, const uint8_t *data)
Adds option of given number to pdu that is passed as first parameter.
Definition coap_pdu.c:760
COAP_OPTION_HOP_LIMIT
#define COAP_OPTION_HOP_LIMIT
Definition coap_pdu.h:133
COAP_OPTION_NORESPONSE
#define COAP_OPTION_NORESPONSE
Definition coap_pdu.h:145
COAP_OPTION_URI_HOST
#define COAP_OPTION_URI_HOST
Definition coap_pdu.h:120
COAP_OPTION_IF_MATCH
#define COAP_OPTION_IF_MATCH
Definition coap_pdu.h:119
COAP_OPTION_BLOCK2
#define COAP_OPTION_BLOCK2
Definition coap_pdu.h:137
COAP_OPTION_CONTENT_FORMAT
#define COAP_OPTION_CONTENT_FORMAT
Definition coap_pdu.h:128
COAP_OPTION_SIZE2
#define COAP_OPTION_SIZE2
Definition coap_pdu.h:139
COAP_OPTION_BLOCK1
#define COAP_OPTION_BLOCK1
Definition coap_pdu.h:138
COAP_OPTION_PROXY_SCHEME
#define COAP_OPTION_PROXY_SCHEME
Definition coap_pdu.h:142
COAP_DEFAULT_PORT
#define COAP_DEFAULT_PORT
Definition coap_pdu.h:37
COAP_OPTION_URI_QUERY
#define COAP_OPTION_URI_QUERY
Definition coap_pdu.h:132
coap_delete_pdu
void coap_delete_pdu(coap_pdu_t *pdu)
Dispose of an CoAP PDU and frees associated storage.
Definition coap_pdu.c:179
COAP_OPTION_IF_NONE_MATCH
#define COAP_OPTION_IF_NONE_MATCH
Definition coap_pdu.h:122
COAP_OPTION_LOCATION_PATH
#define COAP_OPTION_LOCATION_PATH
Definition coap_pdu.h:125
COAP_OPTION_URI_PATH
#define COAP_OPTION_URI_PATH
Definition coap_pdu.h:127
COAP_RESPONSE_CODE
#define COAP_RESPONSE_CODE(N)
Definition coap_pdu.h:160
COAP_RESPONSE_CLASS
#define COAP_RESPONSE_CLASS(C)
Definition coap_pdu.h:163
coap_proto_t
coap_proto_t
CoAP protocol types.
Definition coap_pdu.h:312
coap_pdu_code_t
coap_pdu_code_t
Set of codes available for a PDU.
Definition coap_pdu.h:326
COAP_OPTION_OSCORE
#define COAP_OPTION_OSCORE
Definition coap_pdu.h:126
COAP_OPTION_SIZE1
#define COAP_OPTION_SIZE1
Definition coap_pdu.h:143
coap_add_token
int coap_add_token(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Adds token of length len to pdu.
Definition coap_pdu.c:340
COAP_OPTION_LOCATION_QUERY
#define COAP_OPTION_LOCATION_QUERY
Definition coap_pdu.h:136
COAPS_DEFAULT_PORT
#define COAPS_DEFAULT_PORT
Definition coap_pdu.h:38
coap_get_data
int coap_get_data(const coap_pdu_t *pdu, size_t *len, const uint8_t **data)
Retrieves the length and data pointer of specified PDU.
Definition coap_pdu.c:856
COAP_OPTION_RTAG
#define COAP_OPTION_RTAG
Definition coap_pdu.h:146
COAP_OPTION_URI_PORT
#define COAP_OPTION_URI_PORT
Definition coap_pdu.h:124
coap_pdu_init
coap_pdu_t * coap_pdu_init(coap_pdu_type_t type, coap_pdu_code_t code, coap_mid_t mid, size_t size)
Creates a new CoAP PDU with at least enough storage space for the given size maximum message size.
Definition coap_pdu.c:97
COAP_OPTION_ACCEPT
#define COAP_OPTION_ACCEPT
Definition coap_pdu.h:134
COAP_INVALID_MID
#define COAP_INVALID_MID
Indicates an invalid message id.
Definition coap_pdu.h:266
COAP_OPTION_MAXAGE
#define COAP_OPTION_MAXAGE
Definition coap_pdu.h:131
COAP_OPTION_ETAG
#define COAP_OPTION_ETAG
Definition coap_pdu.h:121
COAP_OPTION_PROXY_URI
#define COAP_OPTION_PROXY_URI
Definition coap_pdu.h:141
COAP_OPTION_OBSERVE
#define COAP_OPTION_OBSERVE
Definition coap_pdu.h:123
COAP_OPTION_ECHO
#define COAP_OPTION_ECHO
Definition coap_pdu.h:144
coap_add_data
int coap_add_data(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Adds given data to the pdu that is passed as first parameter.
Definition coap_pdu.c:825
coap_pdu_get_token
coap_bin_const_t coap_pdu_get_token(const coap_pdu_t *pdu)
Gets the token associated with pdu.
Definition coap_pdu.c:1589
COAP_REQUEST_CODE_POST
@ COAP_REQUEST_CODE_POST
Definition coap_pdu.h:330
COAP_REQUEST_CODE_FETCH
@ COAP_REQUEST_CODE_FETCH
Definition coap_pdu.h:333
COAP_MESSAGE_NON
@ COAP_MESSAGE_NON
Definition coap_pdu.h:70
COAP_MESSAGE_ACK
@ COAP_MESSAGE_ACK
Definition coap_pdu.h:71
COAP_MESSAGE_CON
@ COAP_MESSAGE_CON
Definition coap_pdu.h:69
coap_new_client_session_psk2_lkd
coap_session_t * coap_new_client_session_psk2_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *setup_data)
Creates a new client session to the designated server with PSK credentials.
coap_new_client_session_pki_lkd
coap_session_t * coap_new_client_session_pki_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *setup_data)
Creates a new client session to the designated server with PKI credentials.
coap_new_client_session_lkd
coap_session_t * coap_new_client_session_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto)
Creates a new client session to the designated server.
coap_session_release_lkd
void coap_session_release_lkd(coap_session_t *session)
Decrement reference counter on a session.
Definition coap_session.c:376
COAP_OSCORE_B_2_NONE
@ COAP_OSCORE_B_2_NONE
Definition coap_session_internal.h:47
COAP_OSCORE_B_2_STEP_3
@ COAP_OSCORE_B_2_STEP_3
Definition coap_session_internal.h:50
COAP_OSCORE_B_2_STEP_1
@ COAP_OSCORE_B_2_STEP_1
Definition coap_session_internal.h:48
COAP_OSCORE_B_2_STEP_4
@ COAP_OSCORE_B_2_STEP_4
Definition coap_session_internal.h:51
COAP_OSCORE_B_2_STEP_5
@ COAP_OSCORE_B_2_STEP_5
Definition coap_session_internal.h:52
COAP_OSCORE_B_2_STEP_2
@ COAP_OSCORE_B_2_STEP_2
Definition coap_session_internal.h:49
COAP_PROTO_NOT_RELIABLE
#define COAP_PROTO_NOT_RELIABLE(p)
Definition coap_session.h:37
coap_delete_bin_const
void coap_delete_bin_const(coap_bin_const_t *s)
Deletes the given const binary data and releases any memory allocated.
Definition coap_str.c:120
coap_new_binary
coap_binary_t * coap_new_binary(size_t size)
Returns a new binary object with at least size bytes storage allocated.
Definition coap_str.c:77
coap_make_str_const
coap_str_const_t * coap_make_str_const(const char *string)
Take the specified byte array (text) and create a coap_str_const_t *.
Definition coap_str.c:66
coap_new_bin_const
coap_bin_const_t * coap_new_bin_const(const uint8_t *data, size_t size)
Take the specified byte array (text) and create a coap_bin_const_t * Returns a new const binary objec...
Definition coap_str.c:110
coap_delete_binary
void coap_delete_binary(coap_binary_t *s)
Deletes the given coap_binary_t object and releases any memory allocated.
Definition coap_str.c:105
coap_binary_equal
#define coap_binary_equal(binary1, binary2)
Compares the two binary data for equality.
Definition coap_str.h:211
coap_string_equal
#define coap_string_equal(string1, string2)
Compares the two strings for equality.
Definition coap_str.h:197
coap_oscore_is_supported
int coap_oscore_is_supported(void)
Check whether OSCORE is available.
Definition coap_oscore.c:2179
coap_query_into_optlist
int coap_query_into_optlist(const uint8_t *s, size_t length, coap_option_num_t optnum, coap_optlist_t **optlist_chain)
Splits the given URI query into '&' separate segments, and then adds the Uri-Query / Location-Query o...
Definition coap_uri.c:822
coap_path_into_optlist
int coap_path_into_optlist(const uint8_t *s, size_t length, coap_option_num_t optnum, coap_optlist_t **optlist_chain)
Splits the given URI path into '/' separate segments, and then adds the Uri-Path / Location-Path opti...
Definition coap_uri.c:732
coap_split_proxy_uri
int coap_split_proxy_uri(const uint8_t *str_var, size_t len, coap_uri_t *uri)
Parses a given string into URI components.
Definition coap_uri.c:276
coap_uri_scheme
coap_uri_info_t coap_uri_scheme[COAP_URI_SCHEME_LAST]
Definition coap_uri.c:51
coap_address_t
Multi-purpose address abstraction.
Definition coap_address.h:148
coap_bin_const_t
CoAP binary data definition with const data.
Definition coap_str.h:64
coap_bin_const_t::length
size_t length
length of binary data
Definition coap_str.h:65
coap_bin_const_t::s
const uint8_t * s
read-only binary data
Definition coap_str.h:66
coap_binary_t
CoAP binary data definition.
Definition coap_str.h:56
coap_binary_t::length
size_t length
length of binary data
Definition coap_str.h:57
coap_binary_t::s
uint8_t * s
binary data
Definition coap_str.h:58
coap_context_t
The CoAP stack's global state is stored in a coap_context_t object.
Definition coap_net_internal.h:50
coap_dtls_cpsk_t
The structure used for defining the Client PSK setup data to be used.
Definition coap_dtls.h:410
coap_dtls_pki_t
The structure used for defining the PKI setup data to be used.
Definition coap_dtls.h:312
coap_opt_iterator_t
Iterator to run through PDU options.
Definition coap_option.h:168
coap_opt_iterator_t::next_option
coap_opt_t * next_option
pointer to the unparsed next option
Definition coap_option.h:173
coap_opt_iterator_t::length
size_t length
remaining length of PDU
Definition coap_option.h:169
coap_opt_iterator_t::number
coap_option_num_t number
decoded option number
Definition coap_option.h:170
coap_optlist_t
Representation of chained list of CoAP options to install.
Definition coap_option.h:325
coap_oscore_conf_t
The structure used to hold the OSCORE configuration information.
Definition coap_oscore_internal.h:36
coap_oscore_conf_t::save_seq_num_func_param
void * save_seq_num_func_param
Passed to save_seq_num_func()
Definition coap_oscore_internal.h:59
coap_oscore_conf_t::rfc8613_b_2
uint32_t rfc8613_b_2
1 if rfc8613 B.2 protocol else 0
Definition coap_oscore_internal.h:50
coap_oscore_conf_t::hkdf_alg
cose_hkdf_alg_t hkdf_alg
Set to one of COSE_HKDF_ALG_*.
Definition coap_oscore_internal.h:48
coap_oscore_conf_t::break_sender_key
uint32_t break_sender_key
1 if sender key to be broken, else 0
Definition coap_oscore_internal.h:53
coap_oscore_conf_t::ssn_freq
uint32_t ssn_freq
Sender Seq Num update frequency.
Definition coap_oscore_internal.h:46
coap_oscore_conf_t::save_seq_num_func
coap_oscore_save_seq_num_t save_seq_num_func
Called every seq num change.
Definition coap_oscore_internal.h:57
coap_oscore_conf_t::rfc8613_b_1_2
uint32_t rfc8613_b_1_2
1 if rfc8613 B.1.2 enabled else 0
Definition coap_oscore_internal.h:49
coap_oscore_conf_t::start_seq_num
uint64_t start_seq_num
Used for ssn_freq updating.
Definition coap_oscore_internal.h:60
coap_oscore_conf_t::sender_id
coap_bin_const_t * sender_id
Sender ID (i.e.
Definition coap_oscore_internal.h:39
coap_oscore_conf_t::recipient_id
coap_bin_const_t ** recipient_id
Recipient ID (i.e.
Definition coap_oscore_internal.h:41
coap_oscore_conf_t::break_recipient_key
uint32_t break_recipient_key
1 if recipient key to be broken, else 0
Definition coap_oscore_internal.h:54
coap_oscore_conf_t::master_secret
coap_bin_const_t * master_secret
Common Master Secret.
Definition coap_oscore_internal.h:37
coap_oscore_conf_t::aead_alg
cose_alg_t aead_alg
Set to one of COSE_ALGORITHM_AES*.
Definition coap_oscore_internal.h:47
coap_oscore_conf_t::master_salt
coap_bin_const_t * master_salt
Common Master Salt.
Definition coap_oscore_internal.h:38
coap_oscore_conf_t::replay_window
uint32_t replay_window
Replay window size Use COAP_OSCORE_DEFAULT_REPLAY_WINDOW.
Definition coap_oscore_internal.h:44
coap_oscore_conf_t::id_context
coap_bin_const_t * id_context
Common ID context.
Definition coap_oscore_internal.h:40
coap_oscore_conf_t::recipient_id_count
uint32_t recipient_id_count
Number of recipient_id entries.
Definition coap_oscore_internal.h:43
coap_pdu_t
structure for CoAP PDUs
Definition coap_pdu_internal.h:135
coap_pdu_t::max_hdr_size
uint8_t max_hdr_size
space reserved for protocol-specific header
Definition coap_pdu_internal.h:141
coap_pdu_t::token
uint8_t * token
first byte of token (or extended length bytes prefix), if any, or options
Definition coap_pdu_internal.h:155
coap_pdu_t::code
coap_pdu_code_t code
request method (value 1–31) or response code (value 64-255)
Definition coap_pdu_internal.h:137
coap_pdu_t::actual_token
coap_bin_const_t actual_token
Actual token in pdu.
Definition coap_pdu_internal.h:148
coap_pdu_t::data
uint8_t * data
first byte of payload, if any
Definition coap_pdu_internal.h:157
coap_pdu_t::mid
coap_mid_t mid
message id, if any, in regular host byte order
Definition coap_pdu_internal.h:139
coap_pdu_t::e_token_length
uint32_t e_token_length
length of Token space (includes leading extended bytes
Definition coap_pdu_internal.h:146
coap_pdu_t::used_size
size_t used_size
used bytes of storage for token, options and payload
Definition coap_pdu_internal.h:151
coap_pdu_t::type
coap_pdu_type_t type
message type
Definition coap_pdu_internal.h:136
coap_session_t
Abstraction of virtual session that can be attached to coap_context_t (client) or coap_endpoint_t (se...
Definition coap_session_internal.h:68
coap_session_t::proto
coap_proto_t proto
protocol used
Definition coap_session_internal.h:69
coap_session_t::con_active
uint8_t con_active
Active CON request sent.
Definition coap_session_internal.h:90
coap_session_t::context
coap_context_t * context
session's context
Definition coap_session_internal.h:86
coap_str_const_t
CoAP string data definition with const data.
Definition coap_str.h:46
coap_str_const_t::s
const uint8_t * s
read-only string data
Definition coap_str.h:48
coap_str_const_t::length
size_t length
length of string
Definition coap_str.h:47
coap_uri_info_t::name
const char * name
scheme name
Definition coap_uri_internal.h:30
coap_uri_t
Representation of parsed URI.
Definition coap_uri.h:65
coap_uri_t::scheme
enum coap_uri_scheme_t scheme
The parsed scheme specifier.
Definition coap_uri.h:77
coap_uri_t::path
coap_str_const_t path
The complete path if present or {0, NULL}.
Definition coap_uri.h:68
coap_uri_t::port
uint16_t port
The port in host byte order.
Definition coap_uri.h:67
coap_uri_t::query
coap_str_const_t query
The complete query if present or {0, NULL}.
Definition coap_uri.h:72
coap_uri_t::host
coap_str_const_t host
The host part of the URI.
Definition coap_uri.h:66
cose_encrypt0_t
Definition oscore_cose.h:197
cose_encrypt0_t::aad
coap_bin_const_t aad
Definition oscore_cose.h:208
cose_encrypt0_t::key
coap_bin_const_t key
Definition oscore_cose.h:199
cose_encrypt0_t::partial_iv
coap_bin_const_t partial_iv
Definition oscore_cose.h:202
cose_encrypt0_t::kid_context
coap_bin_const_t kid_context
Definition oscore_cose.h:204
cose_encrypt0_t::nonce
coap_bin_const_t nonce
Definition oscore_cose.h:206
cose_encrypt0_t::external_aad
coap_bin_const_t external_aad
Definition oscore_cose.h:207
cose_encrypt0_t::key_id
coap_bin_const_t key_id
Definition oscore_cose.h:203
cose_encrypt0_t::oscore_option
coap_bin_const_t oscore_option
Definition oscore_cose.h:205
cose_encrypt0_t::alg
cose_alg_t alg
Definition oscore_cose.h:198
oscore_association_t
Definition oscore_context.h:142
oscore_association_t::partial_iv
coap_bin_const_t * partial_iv
Definition oscore_context.h:149
oscore_association_t::sent_pdu
coap_pdu_t * sent_pdu
Definition oscore_context.h:145
oscore_association_t::aad
coap_bin_const_t * aad
Definition oscore_context.h:147
oscore_association_t::nonce
coap_bin_const_t * nonce
Definition oscore_context.h:148
oscore_association_t::recipient_ctx
oscore_recipient_ctx_t * recipient_ctx
Definition oscore_context.h:144
oscore_association_t::is_observe
uint8_t is_observe
Definition oscore_context.h:151
oscore_ctx_t
Definition oscore_context.h:84
oscore_ctx_t::mode
oscore_mode_t mode
Definition oscore_context.h:95
oscore_ctx_t::rfc8613_b_1_2
uint8_t rfc8613_b_1_2
1 if rfc8613 B.1.2 enabled else 0
Definition oscore_context.h:96
oscore_ctx_t::save_seq_num_func_param
void * save_seq_num_func_param
Passed to save_seq_num_func()
Definition oscore_context.h:102
oscore_ctx_t::sender_context
oscore_sender_ctx_t * sender_context
Definition oscore_context.h:91
oscore_ctx_t::aead_alg
cose_alg_t aead_alg
Definition oscore_context.h:93
oscore_ctx_t::rfc8613_b_2
uint8_t rfc8613_b_2
1 if rfc8613 B.2 protocol else 0
Definition oscore_context.h:97
oscore_ctx_t::save_seq_num_func
coap_oscore_save_seq_num_t save_seq_num_func
Called every seq num change.
Definition oscore_context.h:100
oscore_ctx_t::recipient_chain
oscore_recipient_ctx_t * recipient_chain
Definition oscore_context.h:92
oscore_ctx_t::id_context
coap_bin_const_t * id_context
contains GID in case of group
Definition oscore_context.h:90
oscore_ctx_t::ssn_freq
uint32_t ssn_freq
Sender Seq Num update frequency.
Definition oscore_context.h:98
oscore_recipient_ctx_t
Definition oscore_context.h:112
oscore_recipient_ctx_t::echo_value
uint8_t echo_value[8]
Definition oscore_context.h:123
oscore_recipient_ctx_t::last_seq
uint64_t last_seq
Definition oscore_context.h:116
oscore_recipient_ctx_t::recipient_key
coap_bin_const_t * recipient_key
Definition oscore_context.h:121
oscore_recipient_ctx_t::recipient_id
coap_bin_const_t * recipient_id
Definition oscore_context.h:122
oscore_recipient_ctx_t::initial_state
uint8_t initial_state
Definition oscore_context.h:124
oscore_recipient_ctx_t::osc_ctx
oscore_ctx_t * osc_ctx
Definition oscore_context.h:115
oscore_sender_ctx_t
Definition oscore_context.h:105
oscore_sender_ctx_t::sender_id
coap_bin_const_t * sender_id
Definition oscore_context.h:109
oscore_sender_ctx_t::seq
uint64_t seq
Definition oscore_context.h:106
oscore_sender_ctx_t::sender_key
coap_bin_const_t * sender_key
Definition oscore_context.h:108
oscore_sender_ctx_t::next_seq
uint64_t next_seq
Used for ssn_freq updating.
Definition oscore_context.h:107