libcoap 4.3.5-develop-4c3f4af
Loading...
Searching...
No Matches
coap_oscore.c
Go to the documentation of this file.
1/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
3/*
4 * coap_oscore.c -- Object Security for Constrained RESTful Environments
5 * (OSCORE) support for libcoap
6 *
7 * Copyright (C) 2019-2021 Olaf Bergmann <bergmann@tzi.org>
8 * Copyright (C) 2021-2026 Jon Shallow <supjps-libcoap@jpshallow.com>
9 *
10 * SPDX-License-Identifier: BSD-2-Clause
11 *
12 * This file is part of the CoAP library libcoap. Please see README for terms
13 * of use.
14 */
15
20
21#include "coap3/coap_libcoap_build.h"
22
23#if COAP_OSCORE_SUPPORT
24#include <ctype.h>
25
26#define AAD_BUF_LEN 200 /* length of aad_buffer */
27
28static oscore_ctx_t *coap_oscore_init(coap_context_t *c_context,
29 coap_oscore_conf_t *oscore_conf);
30
31#if COAP_CLIENT_SUPPORT
32
33int
34coap_oscore_initiate(coap_session_t *session, coap_oscore_conf_t *oscore_conf) {
35 if (oscore_conf) {
36 oscore_ctx_t *osc_ctx;
37
38 if (oscore_conf->recipient_chain == NULL) {
39 coap_log_warn("OSCORE: Recipient ID must be defined for a client\n");
40 coap_delete_oscore_conf(oscore_conf);
41 return 0;
42 }
43 if (oscore_conf->rfc8613_b_2) {
44 /* Need to replace id_context with random value */
45 coap_binary_t *id_context = coap_new_binary(8);
46
47 if (id_context == NULL) {
48 coap_delete_oscore_conf(oscore_conf);
49 return 0;
50 }
51 coap_delete_bin_const(oscore_conf->id_context);
52 coap_prng_lkd(id_context->s, id_context->length);
53 oscore_conf->id_context = (coap_bin_const_t *)id_context;
54 session->b_2_step = COAP_OSCORE_B_2_STEP_1;
55 coap_log_oscore("Appendix B.2 client step 1 (Generated ID1)\n");
56 }
57
58 osc_ctx = coap_oscore_init(session->context, oscore_conf);
59 if (osc_ctx == NULL) {
60 return 0;
61 }
62 coap_oscore_session_set_recipient_ctx(session, osc_ctx->recipient_chain);
63 session->oscore_encryption = 1;
64 }
65 return 1;
66}
67
68COAP_API coap_session_t *
69coap_new_client_session_oscore(coap_context_t *ctx,
70 const coap_address_t *local_if,
71 const coap_address_t *server,
72 coap_proto_t proto,
73 coap_oscore_conf_t *oscore_conf) {
74 coap_session_t *session;
75
76 coap_lock_lock(return NULL);
77 session = coap_new_client_session_oscore3_lkd(ctx, local_if, server, proto, oscore_conf, NULL,
78 NULL, NULL);
79 coap_lock_unlock();
80 return session;
81}
82
83COAP_API coap_session_t *
84coap_new_client_session_oscore3(coap_context_t *ctx,
85 const coap_address_t *local_if,
86 const coap_address_t *server,
87 coap_proto_t proto,
88 coap_oscore_conf_t *oscore_conf,
89 void *app_data,
90 coap_app_data_free_callback_t callback,
91 coap_str_const_t *ws_host) {
92 coap_session_t *session;
93
94 coap_lock_lock(return NULL);
95 session = coap_new_client_session_oscore3_lkd(ctx, local_if, server, proto, oscore_conf, app_data,
96 callback, ws_host);
97 coap_lock_unlock();
98 return session;
99}
100
101coap_session_t *
102coap_new_client_session_oscore3_lkd(coap_context_t *ctx,
103 const coap_address_t *local_if,
104 const coap_address_t *server,
105 coap_proto_t proto,
106 coap_oscore_conf_t *oscore_conf,
107 void *app_data,
108 coap_app_data_free_callback_t callback,
109 coap_str_const_t *ws_host) {
110 coap_session_t *session =
111 coap_new_client_session3_lkd(ctx, local_if, server, proto, app_data, callback, ws_host);
112
113 if (!session)
114 return NULL;
115
116 if (coap_oscore_initiate(session, oscore_conf) == 0) {
117 coap_session_release_lkd(session);
118 return NULL;
119 }
120 return session;
121}
122
123COAP_API coap_session_t *
124coap_new_client_session_oscore_psk(coap_context_t *ctx,
125 const coap_address_t *local_if,
126 const coap_address_t *server,
127 coap_proto_t proto,
128 coap_dtls_cpsk_t *psk_data,
129 coap_oscore_conf_t *oscore_conf) {
130 coap_session_t *session;
131
132 coap_lock_lock(return NULL);
133 session = coap_new_client_session_oscore_psk3_lkd(ctx, local_if, server, proto, psk_data,
134 oscore_conf, NULL, NULL, NULL);
135 coap_lock_unlock();
136 return session;
137}
138
139COAP_API coap_session_t *
140coap_new_client_session_oscore_psk3(coap_context_t *ctx,
141 const coap_address_t *local_if,
142 const coap_address_t *server,
143 coap_proto_t proto,
144 coap_dtls_cpsk_t *psk_data,
145 coap_oscore_conf_t *oscore_conf,
146 void *app_data,
147 coap_app_data_free_callback_t callback,
148 coap_str_const_t *ws_host) {
149 coap_session_t *session;
150
151 coap_lock_lock(return NULL);
152 session = coap_new_client_session_oscore_psk3_lkd(ctx, local_if, server, proto, psk_data,
153 oscore_conf, app_data, callback, ws_host);
154 coap_lock_unlock();
155 return session;
156}
157
158coap_session_t *
159coap_new_client_session_oscore_psk3_lkd(coap_context_t *ctx,
160 const coap_address_t *local_if,
161 const coap_address_t *server,
162 coap_proto_t proto,
163 coap_dtls_cpsk_t *psk_data,
164 coap_oscore_conf_t *oscore_conf,
165 void *app_data,
166 coap_app_data_free_callback_t callback,
167 coap_str_const_t *ws_host) {
168 coap_session_t *session;
169
170 coap_lock_check_locked();
171 session = coap_new_client_session_psk3_lkd(ctx, local_if, server, proto, psk_data,
172 app_data, callback, ws_host);
173
174 if (!session)
175 return NULL;
176
177 if (coap_oscore_initiate(session, oscore_conf) == 0) {
178 coap_session_release_lkd(session);
179 return NULL;
180 }
181 return session;
182}
183
184COAP_API coap_session_t *
185coap_new_client_session_oscore_pki(coap_context_t *ctx,
186 const coap_address_t *local_if,
187 const coap_address_t *server,
188 coap_proto_t proto,
189 coap_dtls_pki_t *pki_data,
190 coap_oscore_conf_t *oscore_conf) {
191 coap_session_t *session;
192
193 coap_lock_lock(return NULL);
194 session = coap_new_client_session_oscore_pki3_lkd(ctx, local_if, server, proto, pki_data,
195 oscore_conf, NULL, NULL, NULL);
196 coap_lock_unlock();
197 return session;
198}
199
200COAP_API coap_session_t *
201coap_new_client_session_oscore_pki3(coap_context_t *ctx,
202 const coap_address_t *local_if,
203 const coap_address_t *server,
204 coap_proto_t proto,
205 coap_dtls_pki_t *pki_data,
206 coap_oscore_conf_t *oscore_conf,
207 void *app_data,
208 coap_app_data_free_callback_t callback,
209 coap_str_const_t *ws_host) {
210 coap_session_t *session;
211
212 coap_lock_lock(return NULL);
213 session = coap_new_client_session_oscore_pki3_lkd(ctx, local_if, server, proto, pki_data,
214 oscore_conf, app_data, callback, ws_host);
215 coap_lock_unlock();
216 return session;
217}
218
219coap_session_t *
220coap_new_client_session_oscore_pki3_lkd(coap_context_t *ctx,
221 const coap_address_t *local_if,
222 const coap_address_t *server,
223 coap_proto_t proto,
224 coap_dtls_pki_t *pki_data,
225 coap_oscore_conf_t *oscore_conf,
226 void *app_data,
227 coap_app_data_free_callback_t callback,
228 coap_str_const_t *ws_host) {
229 coap_session_t *session;
230
231 coap_lock_check_locked();
232 session = coap_new_client_session_pki3_lkd(ctx, local_if, server, proto, pki_data,
233 app_data, callback, ws_host);
234
235 if (!session)
236 return NULL;
237
238 if (coap_oscore_initiate(session, oscore_conf) == 0) {
239 coap_session_release_lkd(session);
240 return NULL;
241 }
242 return session;
243}
244#endif /* COAP_CLIENT_SUPPORT */
245#if COAP_SERVER_SUPPORT
246
247COAP_API int
248coap_context_oscore_server(coap_context_t *context,
249 coap_oscore_conf_t *oscore_conf) {
250 int ret;
251
252 coap_lock_lock(return 0);
253 ret = coap_context_oscore_server_lkd(context, oscore_conf);
254 coap_lock_unlock();
255 return ret;
256}
257
258int
259coap_context_oscore_server_lkd(coap_context_t *context,
260 coap_oscore_conf_t *oscore_conf) {
261 oscore_ctx_t *osc_ctx;
262
263 coap_lock_check_locked();
264 osc_ctx = coap_oscore_init(context, oscore_conf);
265 /* osc_ctx already added to context->osc_ctx */
266 if (osc_ctx)
267 return 1;
268 return 0;
269}
270
271#endif /* COAP_SERVER_SUPPORT */
272
273int
274coap_rebuild_pdu_for_proxy(coap_pdu_t *pdu) {
275 coap_uri_t uri;
276 coap_opt_iterator_t opt_iter;
277 coap_opt_t *option;
278 uint8_t option_value_buffer[15];
279 coap_optlist_t *optlist_chain = NULL;
280
281 if ((option =
282 coap_check_option(pdu, COAP_OPTION_PROXY_URI, &opt_iter)) == NULL)
283 return 1;
284
285 /* Need to break down into the component parts, but keep data safe */
286 memset(&uri, 0, sizeof(uri));
287
288 if (coap_split_proxy_uri(coap_opt_value(option),
289 coap_opt_length(option),
290 &uri) < 0 || uri.scheme >= COAP_URI_SCHEME_LAST) {
291 coap_log_warn("Proxy URI '%.*s' not decodable\n",
292 coap_opt_length(option),
293 (const char *)coap_opt_value(option));
294 goto error;
295 }
296 if (!coap_remove_option(pdu, COAP_OPTION_PROXY_URI))
297 goto error;
298
299 if (!coap_insert_option(pdu,
300 COAP_OPTION_URI_HOST,
301 uri.host.length,
302 uri.host.s))
303 goto error;
304 if (uri.port != (coap_uri_scheme_is_secure(&uri) ? COAPS_DEFAULT_PORT : COAP_DEFAULT_PORT) &&
305 !coap_insert_option(pdu,
306 COAP_OPTION_URI_PORT,
307 coap_encode_var_safe(option_value_buffer,
308 sizeof(option_value_buffer),
309 uri.port & 0xffff),
310 option_value_buffer))
311 goto error;
312 if (uri.path.length) {
313 /* Add in the Uri-Path options */
314 if (!coap_path_into_optlist(uri.path.s, uri.path.length, COAP_OPTION_URI_PATH,
315 &optlist_chain))
316 goto error;
317 }
318 if (uri.query.length) {
319 /* Add in the Uri-Query options */
320 if (!coap_query_into_optlist(uri.query.s, uri.query.length, COAP_OPTION_URI_QUERY,
321 &optlist_chain))
322 goto error;
323 }
324 if (!coap_add_optlist_pdu(pdu, &optlist_chain))
325 goto error;
326
327 if (!coap_insert_option(pdu,
328 COAP_OPTION_PROXY_SCHEME,
329 strlen(coap_uri_scheme[uri.scheme].name),
330 (const uint8_t *)coap_uri_scheme[uri.scheme].name))
331 goto error;
332
333 coap_delete_optlist(optlist_chain);
334 return 1;
335
336error:
337 coap_delete_optlist(optlist_chain);
338 return 0;
339}
340
341static void
342dump_cose(cose_encrypt0_t *cose, const char *message) {
343#if COAP_MAX_LOGGING_LEVEL < _COAP_LOG_OSCORE
344 (void)cose;
345 (void)message;
346#else /* COAP_MAX_LOGGING_LEVEL >= _COAP_LOG_OSCORE */
347 if (coap_get_log_level() >= COAP_LOG_OSCORE) {
348 char buffer[30];
349
350 coap_log_oscore("%s COSE information\n", message);
351 oscore_log_char_value(COAP_LOG_OSCORE, "alg",
352 cose_get_alg_name(cose->alg, buffer, sizeof(buffer)));
353 oscore_log_hex_value(COAP_LOG_OSCORE, "key", &cose->key);
354 oscore_log_hex_value(COAP_LOG_OSCORE, "partial_iv", &cose->partial_iv);
355 oscore_log_hex_value(COAP_LOG_OSCORE, "key_id", &cose->key_id);
356 oscore_log_hex_value(COAP_LOG_OSCORE, "kid_context", &cose->kid_context);
357 oscore_log_hex_value(COAP_LOG_OSCORE,
358 "oscore_option",
359 &cose->oscore_option);
360 oscore_log_hex_value(COAP_LOG_OSCORE, "nonce", &cose->nonce);
361 oscore_log_hex_value(COAP_LOG_OSCORE, "external_aad", &cose->external_aad);
362 oscore_log_hex_value(COAP_LOG_OSCORE, "aad", &cose->aad);
363 }
364#endif /* COAP_MAX_LOGGING_LEVEL >= _COAP_LOG_OSCORE */
365}
366
367COAP_API coap_pdu_t *
368coap_oscore_new_pdu_encrypted(coap_session_t *session,
369 coap_pdu_t *pdu,
370 coap_bin_const_t *kid_context,
371 oscore_partial_iv_t send_partial_iv) {
372 coap_pdu_t *ret_pdu;
373
374 coap_lock_lock(return NULL);
375 ret_pdu = coap_oscore_new_pdu_encrypted_lkd(session, pdu, kid_context, send_partial_iv);
376 coap_lock_unlock();
377
378 return ret_pdu;
379}
380
381/*
382 * Take current PDU, create a new one approriately separated as per RFC8613
383 * and then encrypt / integrity check the OSCORE data
384 */
385coap_pdu_t *
386coap_oscore_new_pdu_encrypted_lkd(coap_session_t *session,
387 coap_pdu_t *pdu,
388 coap_bin_const_t *kid_context,
389 oscore_partial_iv_t send_partial_iv) {
390 uint8_t coap_request = COAP_PDU_IS_REQUEST(pdu) || COAP_PDU_IS_PING(pdu);
391 coap_pdu_code_t code =
392 coap_request ? COAP_REQUEST_CODE_POST : COAP_RESPONSE_CODE(204);
393 coap_pdu_t *osc_pdu;
394 coap_pdu_t *plain_pdu = NULL;
395 coap_bin_const_t pdu_token;
396 coap_opt_iterator_t opt_iter;
397 coap_opt_t *option;
398 uint8_t pdu_code = pdu->code;
399 size_t length;
400 const uint8_t *data;
401 uint8_t *ciphertext_buffer = NULL;
402 size_t ciphertext_len = 0;
403 uint8_t aad_buffer[AAD_BUF_LEN];
404 uint8_t nonce_buffer[13];
405 coap_bin_const_t aad;
406 coap_bin_const_t nonce;
407 oscore_recipient_ctx_t *rcp_ctx;
408 oscore_ctx_t *osc_ctx;
409 cose_encrypt0_t cose[1];
410 uint8_t group_flag = 0;
411 int show_pdu = 0;
412 int doing_observe = 0;
413 uint32_t observe_value = 0;
414 oscore_association_t *association = NULL;
415 oscore_sender_ctx_t *snd_ctx;
416 uint8_t external_aad_buffer[200];
417 coap_bin_const_t external_aad;
418 uint8_t oscore_option[48];
419 size_t oscore_option_len;
420
421 /* Check that OSCORE has not already been done */
422 if (coap_check_option(pdu, COAP_OPTION_OSCORE, &opt_iter))
423 return NULL;
424
425 if (coap_check_option(pdu, COAP_OPTION_OBSERVE, &opt_iter))
426 doing_observe = 1;
427
428 coap_log_debug("PDU to encrypt\n");
429 coap_show_pdu(COAP_LOG_DEBUG, pdu);
430 osc_pdu = coap_pdu_init(pdu->type == COAP_MESSAGE_NON &&
431 session->b_2_step != COAP_OSCORE_B_2_NONE ?
432 COAP_MESSAGE_CON : pdu->type,
433 code,
434 pdu->mid,
435 pdu->used_size + coap_oscore_overhead(session, pdu));
436 if (osc_pdu == NULL)
437 return NULL;
438
439 cose_encrypt0_init(cose); /* clears cose memory */
440 pdu_token = coap_pdu_get_token(pdu);
441 if (coap_request) {
442 /*
443 * RFC8613 8.1 Step 1. Protecting the client's request
444 * Get the Sender Context
445 */
446 rcp_ctx = session->recipient_ctx;
447 if (rcp_ctx == NULL)
448 goto error;
449 osc_ctx = rcp_ctx->osc_ctx;
450 assert(osc_ctx);
451 snd_ctx = osc_ctx->sender_context;
452 } else {
453 /*
454 * RFC8613 8.3 Step 1. Protecting the server's response
455 * Get the Sender Context
456 */
457 association = oscore_find_association(session, &pdu_token);
458 if (association == NULL)
459 goto error;
460
461 rcp_ctx = association->recipient_ctx;
462 osc_ctx = rcp_ctx->osc_ctx;
463 snd_ctx = osc_ctx->sender_context;
464 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
465 cose_encrypt0_set_aad(cose, association->aad);
466 }
467
468 cose_encrypt0_set_alg(cose, osc_ctx->aead_alg);
469
470 if (coap_request || doing_observe ||
471 send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
472 uint8_t partial_iv_buffer[8];
473 size_t partial_iv_len;
474 coap_bin_const_t partial_iv;
475 partial_iv_len = coap_encode_var_safe8(partial_iv_buffer,
476 sizeof(partial_iv_buffer),
477 snd_ctx->seq);
478 if (snd_ctx->seq == 0) {
479 /* Need to special case */
480 partial_iv_buffer[0] = '\000';
481 partial_iv_len = 1;
482 }
483 partial_iv.s = partial_iv_buffer;
484 partial_iv.length = partial_iv_len;
485 cose_encrypt0_set_partial_iv(cose, &partial_iv);
486 }
487
488 if (coap_request)
489 cose_encrypt0_set_kid_context(cose, osc_ctx->id_context);
490
491 cose_encrypt0_set_key_id(cose, snd_ctx->sender_id);
492
493 /* nonce (needs to have sender information correctly set up) */
494
495 if (coap_request || doing_observe ||
496 send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
497 /*
498 * 8.1 Step 3 or RFC8613 8.3.1 Step A
499 * Compose the AEAD nonce
500 *
501 * Requires in COSE object as appropriate
502 * key_id (kid) (sender)
503 * partial_iv (sender)
504 * common_iv (already in osc_ctx)
505 */
506 nonce.s = nonce_buffer;
507 nonce.length = 13;
508 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
509 cose_encrypt0_set_nonce(cose, &nonce);
510 if (!oscore_increment_sender_seq(osc_ctx))
511 goto error;
512 if (osc_ctx->save_seq_num_func) {
513 if (osc_ctx->sender_context->seq > osc_ctx->sender_context->next_seq) {
514 /* Only update at ssn_freq rate */
515 osc_ctx->sender_context->next_seq += osc_ctx->ssn_freq;
516 osc_ctx->save_seq_num_func(osc_ctx->sender_context->next_seq,
517 osc_ctx->save_seq_num_func_param);
518 }
519 }
520 } else {
521 /*
522 * 8.3 Step 3.
523 * Use nonce from request
524 */
525 cose_encrypt0_set_nonce(cose, association->nonce);
526 }
527
528 /* OSCORE_option (needs to be before AAD as included in AAD if group) */
529
530 /* cose is modified for encode option in response message */
531 if (!coap_request) {
532 /* no kid on response */
533 cose_encrypt0_set_key_id(cose, NULL);
534 if (!doing_observe && send_partial_iv == OSCORE_SEND_NO_IV)
535 cose_encrypt0_set_partial_iv(cose, NULL);
536 }
537 if (kid_context) {
538 cose_encrypt0_set_kid_context(cose, kid_context);
539 }
540 oscore_option_len =
541 oscore_encode_option_value(oscore_option, sizeof(oscore_option), cose,
542 group_flag,
543 session->b_2_step != COAP_OSCORE_B_2_NONE);
544 if (!coap_request) {
545 /* Reset what was just unset as appropriate for AAD */
546 cose_encrypt0_set_key_id(cose, rcp_ctx->recipient_id);
547 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
548 }
549 if (kid_context)
550 cose_encrypt0_set_kid_context(cose, osc_ctx->id_context);
551
552 /*
553 * RFC8613 8.1/8.3 Step 2(a) (5.4).
554 * Compose the External AAD and then AAD
555 *
556 * OSCORE_option requires
557 * partial_iv (cose partial_iv)
558 * kid_context (cose kid_context)
559 * key_id (cose key_id)
560 * group_flag
561 *
562 * Non Group requires the following
563 * RFC8613 5.4
564 * oscore_version 1
565 * algorithms [
566 * aead_alg (osc_ctx)
567 * ]
568 * request_kid (request key_id using cose)
569 * request_piv (request partial_iv using cose)
570 * options (none at present)
571 *
572 * Note: No I options at present
573 */
574 if (coap_request || send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
575 /* External AAD */
576 external_aad.s = external_aad_buffer;
577 external_aad.length = oscore_prepare_e_aad(osc_ctx,
578 cose,
579 NULL,
580 0,
581 NULL,
582 external_aad_buffer,
583 sizeof(external_aad_buffer));
584 cose_encrypt0_set_external_aad(cose, &external_aad);
585
586 /* AAD */
587 aad.s = aad_buffer;
588 aad.length = oscore_prepare_aad(external_aad_buffer,
589 external_aad.length,
590 aad_buffer,
591 sizeof(aad_buffer));
592 assert(aad.length < AAD_BUF_LEN);
593 cose_encrypt0_set_aad(cose, &aad);
594 }
595
596 /*
597 * RFC8613 8.1/8.3 Step 2(b) (5.3).
598 *
599 * Set up temp plaintext pdu, the data including token, options and
600 * optional payload will get encrypted as COSE ciphertext.
601 */
602 plain_pdu = coap_pdu_init(pdu->type,
603 pdu->code,
604 pdu->mid,
605 pdu->used_size + 1 /* pseudo-token with actual code */);
606 if (plain_pdu == NULL)
607 goto error;
608
609 coap_add_token(osc_pdu, pdu_token.length, pdu_token.s);
610
611 /* First byte of plain is real CoAP code. Pretend it is token */
612 coap_add_token(plain_pdu, 1, &pdu_code);
613
614 /* Copy across the Outer/Inner Options to respective PDUs */
615 coap_option_iterator_init(pdu, &opt_iter, COAP_OPT_ALL);
616 while ((option = coap_option_next(&opt_iter))) {
617 switch ((coap_code_opt_num_t)opt_iter.number) {
618 case COAP_OPTION_URI_HOST:
619 case COAP_OPTION_URI_PORT:
620 case COAP_OPTION_PROXY_SCHEME:
621 case COAP_OPTION_HOP_LIMIT:
622 case COAP_OPTION_EDHOC:
623 /* Outer only */
624 if (!coap_insert_option(osc_pdu,
625 opt_iter.number,
626 coap_opt_length(option),
627 coap_opt_value(option)))
628 goto error;
629 break;
630 case COAP_OPTION_OBSERVE:
631 /* Make as Outer option as-is */
632 if (!coap_insert_option(osc_pdu,
633 opt_iter.number,
634 coap_opt_length(option),
635 coap_opt_value(option)))
636 goto error;
637 if (coap_request) {
638 /* Make as Inner option (unchanged) */
639 if (!coap_insert_option(plain_pdu,
640 opt_iter.number,
641 coap_opt_length(option),
642 coap_opt_value(option)))
643 goto error;
644 osc_pdu->code = COAP_REQUEST_CODE_FETCH;
645 } else {
646 /* Make as Inner option but empty */
647 if (!coap_insert_option(plain_pdu, opt_iter.number, 0, NULL))
648 goto error;
649 osc_pdu->code = COAP_RESPONSE_CODE(205);
650 }
651 show_pdu = 1;
652 doing_observe = 1;
653 observe_value = coap_decode_var_bytes(coap_opt_value(option),
654 coap_opt_length(option));
655 break;
656 case COAP_OPTION_PROXY_URI:
657 /*
658 * Should have already been caught by doing
659 * coap_rebuild_pdu_for_proxy() before calling
660 * coap_oscore_new_pdu_encrypted_lkd()
661 */
662 assert(0);
663 break;
664 case COAP_OPTION_OSCORE:
665 /* Dealt with separately */
666 break;
667 case COAP_OPTION_IF_MATCH:
668 case COAP_OPTION_ETAG:
669 case COAP_OPTION_IF_NONE_MATCH:
670 case COAP_OPTION_LOCATION_PATH:
671 case COAP_OPTION_URI_PATH:
672 case COAP_OPTION_URI_PATH_ABB:
673 case COAP_OPTION_CONTENT_FORMAT:
674 case COAP_OPTION_MAXAGE:
675 case COAP_OPTION_URI_QUERY:
676 case COAP_OPTION_ACCEPT:
677 case COAP_OPTION_Q_BLOCK1:
678 case COAP_OPTION_LOCATION_QUERY:
679 case COAP_OPTION_BLOCK2:
680 case COAP_OPTION_BLOCK1:
681 case COAP_OPTION_SIZE2:
682 case COAP_OPTION_Q_BLOCK2:
683 case COAP_OPTION_SIZE1:
684 case COAP_OPTION_NORESPONSE:
685 case COAP_OPTION_ECHO:
686 case COAP_OPTION_RTAG:
687 default:
688 /* Make as Inner option */
689 if (!coap_insert_option(plain_pdu,
690 opt_iter.number,
691 coap_opt_length(option),
692 coap_opt_value(option)))
693 goto error;
694 break;
695 }
696 }
697 /* Add in data to plain */
698 if (coap_get_data(pdu, &length, &data)) {
699 if (!coap_add_data(plain_pdu, length, data))
700 goto error;
701 }
702 if (show_pdu) {
703 coap_log_oscore("OSCORE payload\n");
704 coap_show_pdu(COAP_LOG_OSCORE, plain_pdu);
705 }
706
707 /*
708 * 8.1/8.3 Step 4.
709 * Encrypt the COSE object.
710 *
711 * Requires in COSE object as appropriate
712 * alg (already set)
713 * key (sender key)
714 * nonce (already set)
715 * aad (already set)
716 * plaintext
717 */
718 cose_encrypt0_set_key(cose, snd_ctx->sender_key);
719 cose_encrypt0_set_plaintext(cose, plain_pdu->token, plain_pdu->used_size);
720 dump_cose(cose, "Pre encrypt");
721 ciphertext_buffer =
722 coap_malloc_type(COAP_OSCORE_BUF, OSCORE_CRYPTO_BUFFER_SIZE);
723 if (ciphertext_buffer == NULL)
724 goto error;
725 ciphertext_len = cose_encrypt0_encrypt(cose,
726 ciphertext_buffer,
727 plain_pdu->used_size + AES_CCM_TAG);
728 if ((int)ciphertext_len <= 0) {
729 coap_log_warn("OSCORE: Encryption Failure, result code: %d \n",
730 (int)ciphertext_len);
731 goto error;
732 }
733 assert(ciphertext_len < OSCORE_CRYPTO_BUFFER_SIZE);
734
735 /* Add in OSCORE option (previously computed) */
736 if (!coap_insert_option(osc_pdu,
737 COAP_OPTION_OSCORE,
738 oscore_option_len,
739 oscore_option))
740 goto error;
741
742 /* Add now encrypted payload */
743 if (!coap_add_data(osc_pdu, ciphertext_len, ciphertext_buffer))
744 goto error;
745
746 coap_free_type(COAP_OSCORE_BUF, ciphertext_buffer);
747 ciphertext_buffer = NULL;
748
749 coap_delete_pdu_lkd(plain_pdu);
750 plain_pdu = NULL;
751
752 if (association && association->is_observe == 0)
753 oscore_delete_association(session, association);
754 association = NULL;
755
756 if (!(session->block_mode & COAP_BLOCK_CACHE_RESPONSE)) {
757 /*
758 * If this is a response ACK with data, make it a separate response
759 * by sending an Empty ACK and changing osc_pdu's MID and type. This
760 * then allows lost response ACK (now CON) with data to be recovered.
761 */
762 if (coap_request == 0 && osc_pdu->type == COAP_MESSAGE_ACK &&
763 COAP_RESPONSE_CLASS(pdu->code) == 2 &&
764 COAP_PROTO_NOT_RELIABLE(session->proto)) {
765 coap_pdu_t *empty = coap_pdu_init(COAP_MESSAGE_ACK,
766 0,
767 osc_pdu->mid,
768 0);
769 if (empty) {
770 if (coap_send_internal(session, empty, NULL) != COAP_INVALID_MID) {
771 osc_pdu->mid = coap_new_message_id_lkd(session);
772 osc_pdu->type = COAP_MESSAGE_CON;
773 }
774 }
775 }
776 }
777
778 if (!coap_pdu_encode_header(osc_pdu, session->proto)) {
779 goto error;
780 }
781
782 /*
783 * Set up an association for handling a response if this is a request
784 */
785 if (coap_request) {
786 association = oscore_find_association(session, &pdu_token);
787 if (association) {
788 /* Refresh the association */
789 coap_delete_bin_const(association->nonce);
790 association->nonce =
791 coap_new_bin_const(cose->nonce.s, cose->nonce.length);
792 if (association->nonce == NULL)
793 goto error;
794 coap_delete_bin_const(association->aad);
795 association->aad = coap_new_bin_const(cose->aad.s, cose->aad.length);
796 if (association->aad == NULL)
797 goto error;
798 if (doing_observe && observe_value == 1) {
799 coap_delete_bin_const(association->obs_partial_iv);
800 association->obs_partial_iv = association->partial_iv;
801 } else {
802 coap_delete_bin_const(association->partial_iv);
803 }
804 association->partial_iv =
805 coap_new_bin_const(cose->partial_iv.s, cose->partial_iv.length);
806 if (association->partial_iv == NULL)
807 goto error;
808 coap_oscore_association_set_recipient_ctx(association, rcp_ctx);
809 coap_delete_pdu_lkd(association->sent_pdu);
810 if (session->b_2_step != COAP_OSCORE_B_2_NONE || association->just_set_up) {
811 size_t size;
812
813 association->sent_pdu = coap_pdu_duplicate_lkd(pdu, session,
814 pdu_token.length,
815 pdu_token.s, NULL,
816 COAP_BOOL_FALSE);
817 if (association->sent_pdu == NULL)
818 goto error;
819 if (coap_get_data(pdu, &size, &data)) {
820 coap_add_data(association->sent_pdu, size, data);
821 }
822 association->just_set_up = 0;
823 } else {
824 association->sent_pdu = NULL;
825 }
826 } else if (!oscore_new_association(session,
827 pdu,
828 &pdu_token,
829 rcp_ctx,
830 &cose->aad,
831 &cose->nonce,
832 &cose->partial_iv,
833 doing_observe)) {
834 goto error;
835 }
836 }
837 return osc_pdu;
838
839error:
840 if (ciphertext_buffer)
841 coap_free_type(COAP_OSCORE_BUF, ciphertext_buffer);
842 coap_delete_pdu_lkd(osc_pdu);
843 coap_delete_pdu_lkd(plain_pdu);
844 return NULL;
845}
846
847static void
848build_and_send_error_pdu(coap_session_t *session,
849 coap_pdu_t *rcvd,
850 coap_pdu_code_t code,
851 const char *diagnostic,
852 uint8_t *echo_data,
853 coap_bin_const_t *kid_context,
854 int encrypt_oscore) {
855 coap_pdu_t *err_pdu = NULL;
856 coap_bin_const_t token;
857 int oscore_encryption = session->oscore_encryption;
858 unsigned char buf[4];
859
860 token = coap_pdu_get_token(rcvd);
861 err_pdu = coap_pdu_init(rcvd->type == COAP_MESSAGE_NON ? COAP_MESSAGE_NON :
862 COAP_MESSAGE_ACK,
863 code,
864 rcvd->mid,
865 token.length + 2 + 8 +
866 (diagnostic ? strlen(diagnostic) : 0));
867 if (!err_pdu)
868 return;
869 coap_add_token(err_pdu, token.length, token.s);
870 if (echo_data) {
871 coap_add_option_internal(err_pdu, COAP_OPTION_ECHO, 8, echo_data);
872 } else if (kid_context == NULL) {
873 coap_add_option_internal(err_pdu,
874 COAP_OPTION_MAXAGE,
875 coap_encode_var_safe(buf, sizeof(buf), 0),
876 buf);
877 }
878 if (diagnostic)
879 coap_add_data(err_pdu, strlen(diagnostic), (const uint8_t *)diagnostic);
880 session->oscore_encryption = encrypt_oscore;
881
882 if ((echo_data || kid_context) && encrypt_oscore) {
883 coap_pdu_t *osc_pdu;
884
885 osc_pdu =
886 coap_oscore_new_pdu_encrypted_lkd(session, err_pdu, kid_context,
887 echo_data ? 1 : 0);
888 if (!osc_pdu)
889 goto fail_resp;
890 session->oscore_encryption = 0;
891 coap_send_internal(session, osc_pdu, NULL);
892 coap_delete_pdu_lkd(err_pdu);
893 err_pdu = NULL;
894 } else {
895 coap_send_internal(session, err_pdu, NULL);
896 err_pdu = NULL;
897 }
898fail_resp:
899 session->oscore_encryption = oscore_encryption;
900 coap_delete_pdu_lkd(err_pdu);
901 return;
902}
903
904oscore_ctx_t *
905coap_init_oscore_context_from_conf(coap_oscore_conf_t *oscore_conf) {
906 oscore_ctx_t *oscore_ctx = oscore_derive_ctx_from_conf(oscore_conf);
907
908 if (oscore_ctx == NULL) {
909 goto error;
910 }
911
912 /* As all is stored in osc_ctx, oscore_conf is no longer needed */
913 coap_free_type(COAP_STRING, oscore_conf);
914
915 return oscore_ctx;
916error:
917 coap_delete_oscore_conf(oscore_conf);
918 return NULL;
919}
920
921/* pdu contains incoming message with encrypted COSE ciphertext payload
922 * function returns decrypted message
923 * and verifies signature, if present
924 * returns NULL when decryption,verification fails
925 */
926coap_pdu_t *
927coap_oscore_decrypt_pdu(coap_session_t *session,
928 coap_pdu_t *pdu) {
929 coap_pdu_t *decrypt_pdu = NULL;
930 coap_pdu_t *plain_pdu = NULL;
931 const uint8_t *osc_value; /* value of OSCORE option */
932 uint8_t osc_size; /* size of OSCORE OPTION */
933 coap_opt_iterator_t opt_iter;
934 coap_opt_t *opt = NULL;
935 cose_encrypt0_t cose[1];
936 oscore_ctx_t *osc_ctx = NULL;
937 uint8_t aad_buffer[AAD_BUF_LEN];
938 uint8_t nonce_buffer[13];
939 coap_bin_const_t aad;
940 coap_bin_const_t nonce;
941 int pltxt_size = 0;
942 int got_resp_piv = 0;
943 int doing_resp_observe = 0;
944 uint8_t coap_request = COAP_PDU_IS_REQUEST(pdu);
945 coap_bin_const_t pdu_token;
946 uint8_t *st_encrypt;
947 size_t encrypt_len;
948 size_t tag_len;
949 oscore_recipient_ctx_t *rcp_ctx = NULL;
950 oscore_association_t *association = NULL;
951 uint8_t external_aad_buffer[100];
952 coap_bin_const_t external_aad;
953 oscore_sender_ctx_t *snd_ctx = NULL;
954#if COAP_CLIENT_SUPPORT
955 coap_pdu_t *sent_pdu = NULL;
956#endif /* COAP_CLIENT_SUPPORT */
957
958 opt = coap_check_option(pdu, COAP_OPTION_OSCORE, &opt_iter);
959 assert(opt);
960 if (opt == NULL)
961 return NULL;
962
963 if (session->context->p_osc_ctx == NULL && session->context->oscore_find_cb == NULL) {
964 coap_log_warn("OSCORE: Not enabled\n");
965 if (!coap_request)
966 coap_handle_event_lkd(session->context,
967 COAP_EVENT_OSCORE_NOT_ENABLED,
968 session);
969 return NULL;
970 }
971
972 if (pdu->data == NULL) {
973 coap_log_warn("OSCORE: No protected payload\n");
974 if (!coap_request)
975 coap_handle_event_lkd(session->context,
976 COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD,
977 session);
978 return NULL;
979 }
980
981 osc_size = coap_opt_length(opt);
982 osc_value = coap_opt_value(opt);
983
984 cose_encrypt0_init(cose); /* clear cose memory */
985
986 /* PDU code will be filled in after decryption */
987 decrypt_pdu =
988 coap_pdu_init(pdu->type, 0, pdu->mid, pdu->used_size);
989 if (decrypt_pdu == NULL) {
990 if (!coap_request)
991 coap_handle_event_lkd(session->context,
992 COAP_EVENT_OSCORE_INTERNAL_ERROR,
993 session);
994 goto error;
995 }
996
997 /* Copy across the Token */
998 pdu_token = coap_pdu_get_token(pdu);
999 coap_add_token(decrypt_pdu, pdu_token.length, pdu_token.s);
1000
1001 /*
1002 * 8.2/8.4 Step 1.
1003 * Copy outer options across, except E and OSCORE options
1004 */
1005 coap_option_iterator_init(pdu, &opt_iter, COAP_OPT_ALL);
1006 while ((opt = coap_option_next(&opt_iter))) {
1007 switch ((coap_code_opt_num_t)opt_iter.number) {
1008 /* 'E' options skipped */
1009 case COAP_OPTION_IF_MATCH:
1010 case COAP_OPTION_ETAG:
1011 case COAP_OPTION_IF_NONE_MATCH:
1012 case COAP_OPTION_OBSERVE:
1013 case COAP_OPTION_LOCATION_PATH:
1014 case COAP_OPTION_URI_PATH:
1015 case COAP_OPTION_URI_PATH_ABB:
1016 case COAP_OPTION_CONTENT_FORMAT:
1017 case COAP_OPTION_MAXAGE:
1018 case COAP_OPTION_URI_QUERY:
1019 case COAP_OPTION_ACCEPT:
1020 case COAP_OPTION_Q_BLOCK1:
1021 case COAP_OPTION_LOCATION_QUERY:
1022 case COAP_OPTION_BLOCK2:
1023 case COAP_OPTION_BLOCK1:
1024 case COAP_OPTION_SIZE2:
1025 case COAP_OPTION_Q_BLOCK2:
1026 case COAP_OPTION_SIZE1:
1027 case COAP_OPTION_NORESPONSE:
1028 case COAP_OPTION_ECHO:
1029 case COAP_OPTION_RTAG:
1030 /* OSCORE does not get copied across */
1031 case COAP_OPTION_OSCORE:
1032 break;
1033 /* 'U' options included */
1034 case COAP_OPTION_URI_HOST:
1035 case COAP_OPTION_URI_PORT:
1036 case COAP_OPTION_HOP_LIMIT:
1037 case COAP_OPTION_EDHOC:
1038 case COAP_OPTION_PROXY_URI:
1039 case COAP_OPTION_PROXY_SCHEME:
1040 default:
1041 if (!coap_add_option_internal(decrypt_pdu,
1042 opt_iter.number,
1043 coap_opt_length(opt),
1044 coap_opt_value(opt))) {
1045 if (!coap_request)
1046 coap_handle_event_lkd(session->context,
1047 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1048 session);
1049 goto error;
1050 }
1051 break;
1052 }
1053 }
1054
1055 if (coap_request) {
1056 uint64_t incoming_seq;
1057 /*
1058 * 8.2 Step 2
1059 * Decompress COSE object
1060 * Get Recipient Context based on kid and optional kid_context
1061 */
1062 if (oscore_decode_option_value(osc_value, osc_size, cose) == 0) {
1063 coap_log_warn("OSCORE: OSCORE Option cannot be decoded.\n");
1064 build_and_send_error_pdu(session,
1065 pdu,
1066 COAP_RESPONSE_CODE(402),
1067 "Failed to decode COSE",
1068 NULL,
1069 NULL,
1070 0);
1071 goto error_no_ack;
1072 }
1073 osc_ctx = oscore_find_context(session,
1074 cose->key_id,
1075 &cose->kid_context,
1076 NULL,
1077 &rcp_ctx);
1078 if (!osc_ctx) {
1079 if (cose->kid_context.length > 0) {
1080 const uint8_t *ptr;
1081 size_t length;
1082 /* Appendix B.2 protocol check - Is the recipient key_id known */
1083 osc_ctx = oscore_find_context(session,
1084 cose->key_id,
1085 NULL,
1086 session->oscore_r2 != 0 ? (uint8_t *)&session->oscore_r2 : NULL,
1087 &rcp_ctx);
1088 ptr = cose->kid_context.s;
1089 length = cose->kid_context.length;
1090 if (ptr && osc_ctx && osc_ctx->rfc8613_b_2) {
1091 /* Processing Appendix B.2 protocol */
1092 /* Need to CBOR unwrap kid_context */
1093 coap_bin_const_t kid_context;
1094
1095 kid_context.length = oscore_cbor_get_element_size(&ptr, &length);
1096 if (kid_context.length > length)
1097 goto error;
1098 /* This has to fit into an OSCORE option max 255.
1099 * Initial byte, kid_context size, partial IV size and kid size have to be there
1100 */
1101 if (kid_context.length >= 255 - 1 - 1 - cose->partial_iv.length - cose->key_id.length)
1102 goto error;
1103 kid_context.s = ptr;
1104 cose_encrypt0_set_kid_context(cose, (coap_bin_const_t *)&kid_context);
1105
1106 if (session->oscore_r2 != 0) {
1107 /* B.2 step 4 */
1108 coap_bin_const_t *kc = coap_new_bin_const(cose->kid_context.s,
1109 cose->kid_context.length);
1110
1111 if (kc == NULL)
1112 goto error;
1113
1114 session->b_2_step = COAP_OSCORE_B_2_STEP_4;
1115 coap_log_oscore("Appendix B.2 server step 4 (R2 || R3)\n");
1116 oscore_update_ctx(osc_ctx, kc);
1117 } else {
1118 session->b_2_step = COAP_OSCORE_B_2_STEP_2;
1119 coap_log_oscore("Appendix B.2 server step 2 (ID1)\n");
1120 osc_ctx = oscore_duplicate_ctx(session->context,
1121 osc_ctx,
1122 osc_ctx->sender_context->sender_id,
1123 &cose->key_id,
1124 &cose->kid_context);
1125 if (osc_ctx == NULL)
1126 goto error;
1127 /*
1128 * Complete the Verify (B.2 step 2)
1129 * before sending back the response
1130 */
1131 rcp_ctx = osc_ctx->recipient_chain;
1132 }
1133 } else {
1134 osc_ctx = NULL;
1135 }
1136 }
1137 } else if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1138 session->b_2_step = COAP_OSCORE_B_2_NONE;
1139 coap_log_oscore("Appendix B.2 server finished\n");
1140 }
1141 if (!osc_ctx) {
1142 coap_log_err("OSCORE: Security Context not found\n");
1143 oscore_log_hex_value(COAP_LOG_OSCORE, "key_id", &cose->key_id);
1144 oscore_log_hex_value(COAP_LOG_OSCORE, "kid_context", &cose->kid_context);
1145 build_and_send_error_pdu(session,
1146 pdu,
1147 COAP_RESPONSE_CODE(401),
1148 "Security context not found",
1149 NULL,
1150 NULL,
1151 0);
1152 goto error_no_ack;
1153 }
1154 /* to be used for encryption of returned response later */
1155 coap_oscore_session_set_recipient_ctx(session, rcp_ctx);
1156 snd_ctx = osc_ctx->sender_context;
1157
1158 /*
1159 * 8.2 Step 3.
1160 * Verify Partial IV is not duplicated.
1161 *
1162 * Requires in COSE object as appropriate
1163 * partial_iv (as received)
1164 */
1165 if ((rcp_ctx->initial_state == 0 || osc_ctx->rfc8613_b_1_2 == 0) &&
1166 !oscore_validate_sender_seq(rcp_ctx, cose)) {
1167 coap_log_warn("OSCORE: Replayed or old message\n");
1168 build_and_send_error_pdu(session,
1169 pdu,
1170 COAP_RESPONSE_CODE(401),
1171 "Replay detected",
1172 NULL,
1173 NULL,
1174 0);
1175 goto error_no_ack;
1176 }
1177 if (rcp_ctx->initial_state == 1) {
1178 incoming_seq =
1179 coap_decode_var_bytes8(cose->partial_iv.s, cose->partial_iv.length);
1180 rcp_ctx->last_seq = incoming_seq;
1181 } else if (session->context->oscore_update_seq_num_cb != NULL) {
1182 /* notify custom credential storage */
1183 coap_lock_callback(session->context->oscore_update_seq_num_cb(session,
1184 rcp_ctx->recipient_id,
1185 osc_ctx->id_context,
1186 rcp_ctx->last_seq,
1187 rcp_ctx->sliding_window));
1188 }
1189 } else { /* !coap_request */
1190 /*
1191 * 8.4 Step 2
1192 * Decompress COSE object
1193 * Get Recipient Context based on token
1194 */
1195 if (oscore_decode_option_value(osc_value, osc_size, cose) == 0) {
1196 coap_log_warn("OSCORE: OSCORE Option cannot be decoded.\n");
1197 coap_handle_event_lkd(session->context,
1198 COAP_EVENT_OSCORE_DECODE_ERROR,
1199 session);
1200 goto error;
1201 }
1202 got_resp_piv = cose->partial_iv.length ? 1 : 0;
1203
1204 association = oscore_find_association(session, &pdu_token);
1205 if (association) {
1206 rcp_ctx = association->recipient_ctx;
1207 osc_ctx = rcp_ctx->osc_ctx;
1208 snd_ctx = osc_ctx->sender_context;
1209#if COAP_CLIENT_SUPPORT
1210 sent_pdu = association->sent_pdu;
1211 if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1212 const uint8_t *ptr = cose->kid_context.s;
1213 size_t length = cose->kid_context.length;
1214
1215 if (ptr) {
1216 /* Need to CBOR unwrap kid_context */
1217 coap_bin_const_t kid_context;
1218
1219 kid_context.length = oscore_cbor_get_element_size(&ptr, &length);
1220 if (kid_context.length > length)
1221 goto error;
1222 /* This has to fit into an OSCORE option max 255.
1223 * Initial byte, kid_context size, partial IV size and kid size have to be there
1224 */
1225 if (kid_context.length >= 255 - 1 - 1 - cose->partial_iv.length - cose->key_id.length)
1226 goto error;
1227 kid_context.s = ptr;
1228 cose_encrypt0_set_kid_context(cose, &kid_context);
1229 }
1230 if (ptr && !coap_binary_equal(osc_ctx->id_context, &cose->kid_context)) {
1231 /* If Appendix B.2 step 3 is in operation */
1232 /* Need to update Security Context with new (R2 || ID1) ID Context */
1233 coap_binary_t *kc = coap_new_binary(cose->kid_context.length +
1234 osc_ctx->id_context->length);
1235
1236 if (kc == NULL) {
1237 coap_handle_event_lkd(session->context,
1238 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1239 session);
1240 goto error;
1241 }
1242
1243 memcpy(kc->s, cose->kid_context.s, cose->kid_context.length);
1244 memcpy(&kc->s[cose->kid_context.length],
1245 osc_ctx->id_context->s,
1246 osc_ctx->id_context->length);
1247
1248 session->b_2_step = COAP_OSCORE_B_2_STEP_3;
1249 coap_log_oscore("Appendix B.2 client step 3 (R2 || ID1)\n");
1250 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1251 } else {
1252 session->b_2_step = COAP_OSCORE_B_2_STEP_5;
1253 coap_log_oscore("Appendix B.2 client step 5 (R2 || R3)\n");
1254 }
1255 }
1256#endif /* COAP_CLIENT_SUPPORT */
1257 } else {
1258 coap_log_crit("OSCORE: Security Context association not found\n");
1259 coap_handle_event_lkd(session->context,
1260 COAP_EVENT_OSCORE_NO_SECURITY,
1261 session);
1262 goto error;
1263 }
1264 }
1265
1266 cose_encrypt0_set_alg(cose, osc_ctx->aead_alg);
1267
1268 if (coap_request) {
1269 /*
1270 * RFC8613 8.2 Step 4.
1271 * Compose the External AAD and then AAD
1272 *
1273 * OSCORE_option requires
1274 * partial_iv (cose partial_iv)
1275 * kid_context (cose kid_context)
1276 * key_id (cose key_id)
1277 * group_flag
1278 *
1279 * Non Group requires the following
1280 * RFC8613 5.4
1281 * oscore_version 1
1282 * algorithms [
1283 * aead_alg (osc_ctx)
1284 * ]
1285 * request_kid (request key_id using cose)
1286 * request_piv (request partial_iv using cose)
1287 * options (none at present)
1288 *
1289 * Note: No I options at present
1290 */
1291
1292 /* External AAD */
1293 external_aad.s = external_aad_buffer;
1294 external_aad.length = oscore_prepare_e_aad(osc_ctx,
1295 cose,
1296 osc_value,
1297 osc_size,
1298 NULL,
1299 external_aad_buffer,
1300 sizeof(external_aad_buffer));
1301 cose_encrypt0_set_external_aad(cose, &external_aad);
1302
1303 /* AAD */
1304 aad.s = aad_buffer;
1305 aad.length = oscore_prepare_aad(external_aad_buffer,
1306 external_aad.length,
1307 aad_buffer,
1308 sizeof(aad_buffer));
1309 assert(aad.length < AAD_BUF_LEN);
1310 cose_encrypt0_set_aad(cose, &aad);
1311
1312 /*
1313 * RFC8613 8.2 Step 5.
1314 * Compute the AEAD nonce.
1315 *
1316 * Requires in COSE object as appropriate
1317 * key_id (kid) (Recipient ID)
1318 * partial_iv (as received in request)
1319 * common_iv (already in osc_ctx)
1320 */
1321 nonce.s = nonce_buffer;
1322 nonce.length = 13;
1323 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
1324 cose_encrypt0_set_nonce(cose, &nonce);
1325 /*
1326 * Set up an association for use in the response
1327 */
1328 association = oscore_find_association(session, &pdu_token);
1329 if (association) {
1330 /* Refresh the association */
1331 coap_delete_bin_const(association->nonce);
1332 association->nonce =
1333 coap_new_bin_const(cose->nonce.s, cose->nonce.length);
1334 if (association->nonce == NULL)
1335 goto error;
1336 coap_delete_bin_const(association->partial_iv);
1337 association->partial_iv =
1338 coap_new_bin_const(cose->partial_iv.s, cose->partial_iv.length);
1339 if (association->partial_iv == NULL)
1340 goto error;
1341 coap_delete_bin_const(association->aad);
1342 association->aad = coap_new_bin_const(cose->aad.s, cose->aad.length);
1343 if (association->aad == NULL)
1344 goto error;
1345 coap_oscore_association_set_recipient_ctx(association, rcp_ctx);
1346 /* So association is not released when handling decrypt */
1347 association = NULL;
1348 } else if (!oscore_new_association(session,
1349 NULL,
1350 &pdu_token,
1351 rcp_ctx,
1352 &cose->aad,
1353 &cose->nonce,
1354 &cose->partial_iv,
1355 0)) {
1356 goto error;
1357 }
1358 /* So association is not released when handling decrypt */
1359 association = NULL;
1360 } else { /* ! coap_request */
1361 /* Need to do nonce before AAD because of different partial_iv */
1362 /*
1363 * 8.4 Step 4.
1364 * Compose the AEAD nonce.
1365 */
1366 cose_encrypt0_set_key_id(cose, rcp_ctx->recipient_id);
1367 if (cose->partial_iv.length == 0) {
1368 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
1369 cose_encrypt0_set_nonce(cose, association->nonce);
1370 } else {
1371 uint64_t last_seq;
1372
1373 if ((rcp_ctx->initial_state == 0 || osc_ctx->rfc8613_b_1_2 == 0) &&
1374 !oscore_validate_sender_seq(rcp_ctx, cose)) {
1375 coap_log_warn("OSCORE: Replayed or old message\n");
1376 goto error;
1377 }
1378 last_seq =
1379 coap_decode_var_bytes8(cose->partial_iv.s, cose->partial_iv.length);
1380 if (rcp_ctx->last_seq>= OSCORE_SEQ_MAX) {
1381 coap_log_warn("OSCORE Replay protection, SEQ larger than SEQ_MAX.\n");
1382 goto error;
1383 }
1384 if (last_seq > rcp_ctx->last_seq)
1385 rcp_ctx->last_seq = last_seq;
1386 /*
1387 * Requires in COSE object as appropriate
1388 * kid (set above)
1389 * partial_iv (as received)
1390 * common_iv (already in osc_ctx)
1391 */
1392 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
1393 nonce.s = nonce_buffer;
1394 nonce.length = 13;
1395 cose_encrypt0_set_nonce(cose, &nonce);
1396 }
1397#ifdef OSCORE_EXTRA_DEBUG
1398 dump_cose(cose, "!req post set nonce");
1399#endif /* OSCORE_EXTRA_DEBUG */
1400 /*
1401 * 8.4 Step 3.
1402 * Compose the External AAD and then AAD
1403 *
1404 * OSCORE_option requires
1405 * partial_iv (cose partial_iv)
1406 * kid_context (cose kid_context)
1407 * key_id (cose key_id)
1408 * group_flag
1409 *
1410 * Non Group requires the following
1411 * RFC8613 5.4
1412 * oscore_version 1
1413 * algorithms [
1414 * aead_alg (osc_ctx)
1415 * ]
1416 * request_kid (request key_id using cose)
1417 * request_piv (request partial_iv using cose)
1418 * options (none at present)
1419 *
1420 * Note: No I options at present
1421 */
1422
1423 /* External AAD */
1424 cose_encrypt0_set_key_id(cose, snd_ctx->sender_id);
1425 if (association->is_observe && association->obs_partial_iv && got_resp_piv) {
1426 cose_encrypt0_set_partial_iv(cose, association->obs_partial_iv);
1427 } else {
1428 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
1429 }
1430#ifdef OSCORE_EXTRA_DEBUG
1431 dump_cose(cose, "!req pre aad");
1432#endif /* OSCORE_EXTRA_DEBUG */
1433 external_aad.s = external_aad_buffer;
1434 external_aad.length = oscore_prepare_e_aad(osc_ctx,
1435 cose,
1436 NULL,
1437 0,
1438 NULL,
1439 external_aad_buffer,
1440 sizeof(external_aad_buffer));
1441 cose_encrypt0_set_external_aad(cose, &external_aad);
1442
1443 /* AAD */
1444 aad.s = aad_buffer;
1445 aad.length = oscore_prepare_aad(external_aad_buffer,
1446 external_aad.length,
1447 aad_buffer,
1448 sizeof(aad_buffer));
1449 assert(aad.length < AAD_BUF_LEN);
1450 cose_encrypt0_set_aad(cose, &aad);
1451#ifdef OSCORE_EXTRA_DEBUG
1452 dump_cose(cose, "!req post set aad");
1453#endif /* OSCORE_EXTRA_DEBUG */
1454 }
1455
1456 /*
1457 * 8.2 Step 6 / 8.4 Step 5.
1458 * Decrypt the COSE object.
1459 *
1460 * Requires in COSE object as appropriate
1461 * alg (already set)
1462 * key
1463 * nonce (already set)
1464 * aad (already set)
1465 * ciphertext
1466 */
1467 st_encrypt = pdu->data;
1468 encrypt_len = pdu->used_size - (pdu->data - pdu->token);
1469 if (encrypt_len <= 0) {
1470 coap_log_warn("OSCORE: No protected payload\n");
1471 if (!coap_request)
1472 coap_handle_event_lkd(session->context,
1473 COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD,
1474 session);
1475 goto error;
1476 }
1477 cose_encrypt0_set_key(cose, rcp_ctx->recipient_key);
1478 cose_encrypt0_set_ciphertext(cose, st_encrypt, encrypt_len);
1479
1480 tag_len = cose_tag_len(cose->alg);
1481 /* Decrypt into plain_pdu, so code (token), options and data are in place */
1482 plain_pdu = coap_pdu_init(pdu->type, 0, 0, encrypt_len /* - tag_len */);
1483 if (plain_pdu == NULL) {
1484 if (!coap_request)
1485 coap_handle_event_lkd(session->context,
1486 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1487 session);
1488 goto error;
1489 }
1490
1491 /* need the tag_len on the end for TinyDTLS to do its work - yuk */
1492 if (!coap_pdu_resize(plain_pdu, encrypt_len /* - tag_len */)) {
1493 if (!coap_request)
1494 coap_handle_event_lkd(session->context,
1495 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1496 session);
1497 goto error;
1498 }
1499
1500 /* Account for 1 byte 'code' used as token */
1501 plain_pdu->e_token_length = 1;
1502 plain_pdu->actual_token.length = 1;
1503 /* Account for the decrypted data */
1504 plain_pdu->used_size = encrypt_len - tag_len;
1505
1506 dump_cose(cose, "Pre decrypt");
1507 pltxt_size =
1508 cose_encrypt0_decrypt(cose, plain_pdu->token, encrypt_len - tag_len);
1509 if (pltxt_size <= 0) {
1510 coap_log_warn("OSCORE: Decryption Failure, result code: %d \n",
1511 (int)pltxt_size);
1512 if (coap_request) {
1513 build_and_send_error_pdu(session,
1514 pdu,
1515 COAP_RESPONSE_CODE(400),
1516 "Decryption failed",
1517 NULL,
1518 NULL,
1519 0);
1520 oscore_roll_back_seq(rcp_ctx);
1521 goto error_no_ack;
1522 } else {
1523 coap_handle_event_lkd(session->context,
1524 COAP_EVENT_OSCORE_DECRYPTION_FAILURE,
1525 session);
1526 }
1527 goto error;
1528 }
1529
1530 assert((size_t)pltxt_size < pdu->alloc_size + pdu->max_hdr_size);
1531
1532 /* Appendix B.2 Trap */
1533 if (session->b_2_step == COAP_OSCORE_B_2_STEP_2) {
1534 /* Need to update Security Context with new (R2 || ID1) ID Context */
1535 coap_binary_t *kc =
1536 coap_new_binary(sizeof(session->oscore_r2) + cose->kid_context.length);
1537 coap_bin_const_t oscore_r2;
1538
1539 if (kc == NULL) {
1540 if (!coap_request)
1541 coap_handle_event_lkd(session->context,
1542 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1543 session);
1544 goto error;
1545 }
1546
1547 coap_prng_lkd(&session->oscore_r2, sizeof(session->oscore_r2));
1548 memcpy(kc->s, &session->oscore_r2, sizeof(session->oscore_r2));
1549 memcpy(&kc->s[sizeof(session->oscore_r2)],
1550 cose->kid_context.s,
1551 cose->kid_context.length);
1552
1553 coap_log_oscore("Appendix B.2 server step 2 (R2 || ID1)\n");
1554 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1555
1556 oscore_r2.length = sizeof(session->oscore_r2);
1557 oscore_r2.s = (const uint8_t *)&session->oscore_r2;
1558 coap_log_oscore("Appendix B.2 server step 2 plain response\n");
1559 build_and_send_error_pdu(session,
1560 pdu,
1561 COAP_RESPONSE_CODE(401),
1562 NULL,
1563 NULL,
1564 &oscore_r2,
1565 1);
1566 goto error_no_ack;
1567 }
1568#if COAP_CLIENT_SUPPORT
1569 if (session->b_2_step == COAP_OSCORE_B_2_STEP_3) {
1570 coap_log_oscore("Appendix B.2 client step 3 (R2 || R3)\n");
1571 coap_pdu_encode_header(plain_pdu, session->proto);
1572 plain_pdu->actual_token.s = plain_pdu->token;
1573 plain_pdu->code = plain_pdu->token[0];
1574 if (plain_pdu->code != COAP_RESPONSE_CODE(401)) {
1575 coap_log_warn("OSCORE Appendix B.2: Expected 4.01 response\n");
1576 }
1577 /* Skip the options */
1578 coap_option_iterator_init(plain_pdu, &opt_iter, COAP_OPT_ALL);
1579 while (coap_option_next(&opt_iter)) {
1580 }
1581 if (opt_iter.length > 0 && opt_iter.next_option &&
1582 opt_iter.next_option[0] == COAP_PAYLOAD_START) {
1583 plain_pdu->data = &opt_iter.next_option[1];
1584 }
1585 coap_log_oscore("Inner Response PDU (plaintext)\n");
1586 coap_show_pdu(COAP_LOG_OSCORE, plain_pdu);
1587 /*
1588 * Need to update Security Context with new (R2 || R3) ID Context
1589 * and retransmit the request
1590 */
1591 coap_binary_t *kc = coap_new_binary(cose->kid_context.length + 8);
1592
1593 if (kc == NULL) {
1594 if (!coap_request)
1595 coap_handle_event_lkd(session->context,
1596 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1597 session);
1598 goto error;
1599 }
1600 memcpy(kc->s, cose->kid_context.s, cose->kid_context.length);
1601 coap_prng_lkd(&kc->s[cose->kid_context.length], 8);
1602
1603 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1604
1605 coap_cancel_all_messages(session->context,
1606 session,
1607 &pdu->actual_token);
1608 if (session->con_active)
1609 session->con_active--;
1610 coap_send_ack_lkd(session, pdu);
1611 if (sent_pdu) {
1612 coap_log_oscore("Appendix B.2 retransmit pdu\n");
1613 if (!session->b_2_retransmit_token) {
1614 session->b_2_retransmit_token = coap_new_str_const(sent_pdu->actual_token.s,
1615 sent_pdu->actual_token.length);
1616 }
1617 if (coap_retransmit_oscore_pdu(session, sent_pdu, NULL) ==
1618 COAP_INVALID_MID)
1619 goto error_no_ack;
1620 }
1621 goto error_no_ack;
1622 }
1623#endif /* COAP_CLIENT_SUPPORT */
1624
1625#if COAP_SERVER_SUPPORT
1626 /* Appendix B.1.2 request Trap */
1627 if (coap_request && osc_ctx->rfc8613_b_1_2) {
1628 if (rcp_ctx->initial_state == 1) {
1629 opt = coap_check_option(plain_pdu, COAP_OPTION_ECHO, &opt_iter);
1630 if (opt) {
1631 /* Verify Client is genuine */
1632 if (coap_opt_length(opt) == 8 &&
1633 memcmp(coap_opt_value(opt), rcp_ctx->echo_value, 8) == 0) {
1634 /* This clears rcp_ctx->initial_state */
1635 if (!oscore_validate_sender_seq(rcp_ctx, cose)) {
1636 coap_log_warn("OSCORE: Replayed or old message\n");
1637 build_and_send_error_pdu(session,
1638 pdu,
1639 COAP_RESPONSE_CODE(401),
1640 "Replay detected",
1641 NULL,
1642 NULL,
1643 0);
1644 goto error_no_ack;
1645 } else {
1646 if (session->context->oscore_update_seq_num_cb != NULL) {
1647 /* notify echo challenge changed */
1648 coap_lock_callback(session->context->oscore_update_seq_num_cb(session,
1649 rcp_ctx->recipient_id,
1650 osc_ctx->id_context,
1651 rcp_ctx->last_seq,
1652 rcp_ctx->sliding_window));
1653 }
1654 }
1655 } else
1656 goto error;
1657 } else {
1658 /* RFC 8163 Appendix B.1.2 */
1659 if (session->b_2_step == COAP_OSCORE_B_2_STEP_4) {
1660 session->b_2_step = COAP_OSCORE_B_2_NONE;
1661 coap_log_oscore("Appendix B.2 server finished\n");
1662 }
1663 coap_prng_lkd(rcp_ctx->echo_value, sizeof(rcp_ctx->echo_value));
1664 coap_log_oscore("Appendix B.1.2 server plain response\n");
1665
1666 build_and_send_error_pdu(session,
1667 pdu,
1668 COAP_RESPONSE_CODE(401),
1669 NULL,
1670 rcp_ctx->echo_value,
1671 NULL,
1672 1);
1673 goto error_no_ack;
1674 }
1675 }
1676 }
1677#endif /* COAP_SERVER_SUPPORT */
1678
1679 /*
1680 * 8.2 Step 7 / 8.4 Step 6.
1681 * Add decrypted Code, options and payload
1682 * [OSCORE option not copied across previously]
1683 */
1684
1685 /* PDU code is pseudo plain_pdu token */
1686 decrypt_pdu->code = plain_pdu->token[0];
1687
1688 /* Copy inner decrypted options across */
1689 coap_option_iterator_init(plain_pdu, &opt_iter, COAP_OPT_ALL);
1690 while ((opt = coap_option_next(&opt_iter))) {
1691 size_t len;
1692 size_t bias;
1693
1694 switch (opt_iter.number) {
1695 case COAP_OPTION_OSCORE:
1696 break;
1697 case COAP_OPTION_OBSERVE:
1698 if (!coap_request) {
1699 bias = cose->partial_iv.length > 3 ? cose->partial_iv.length - 3 : 0;
1700 len = cose->partial_iv.length > 3 ? 3 : cose->partial_iv.length;
1701 /* Make Observe option reflect last 3 bytes of partial_iv */
1702 if (!coap_add_option_internal(
1703 decrypt_pdu,
1704 opt_iter.number,
1705 len,
1706 cose->partial_iv.s ? &cose->partial_iv.s[bias] : NULL)) {
1707 coap_handle_event_lkd(session->context,
1708 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1709 session);
1710 goto error;
1711 }
1712 doing_resp_observe = 1;
1713 break;
1714 }
1715 association = oscore_find_association(session, &pdu_token);
1716 if (association) {
1717 association->is_observe = 1;
1718 association = NULL;
1719 }
1720 /* Fall Through */
1721 default:
1722 if (!coap_insert_option(decrypt_pdu,
1723 opt_iter.number,
1724 coap_opt_length(opt),
1725 coap_opt_value(opt))) {
1726 if (!coap_request)
1727 coap_handle_event_lkd(session->context,
1728 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1729 session);
1730 goto error;
1731 }
1732 break;
1733 }
1734 }
1735 if (!coap_request && !doing_resp_observe) {
1736 if (association) {
1737 association->is_observe = 0;
1738 }
1739 }
1740 /* Need to copy across any data */
1741 if (opt_iter.length > 0 && opt_iter.next_option &&
1742 opt_iter.next_option[0] == COAP_PAYLOAD_START) {
1743 plain_pdu->data = &opt_iter.next_option[1];
1744 if (!coap_add_data(decrypt_pdu,
1745 plain_pdu->used_size -
1746 (plain_pdu->data - plain_pdu->token),
1747 plain_pdu->data)) {
1748 if (!coap_request)
1749 coap_handle_event_lkd(session->context,
1750 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1751 session);
1752 goto error;
1753 }
1754 }
1755 coap_delete_pdu_lkd(plain_pdu);
1756 plain_pdu = NULL;
1757
1758 /* Make sure headers are correctly set up */
1759 if (!coap_pdu_encode_header(decrypt_pdu, session->proto)) {
1760 if (!coap_request)
1761 coap_handle_event_lkd(session->context,
1762 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1763 session);
1764 goto error;
1765 }
1766
1767 if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1768 session->b_2_step = COAP_OSCORE_B_2_NONE;
1769 coap_log_oscore("Appendix B.2 client finished\n");
1770 if (session->b_2_retransmit_token) {
1771 coap_update_token(decrypt_pdu, session->b_2_retransmit_token->length,
1772 session->b_2_retransmit_token->s);
1773 coap_delete_str_const(session->b_2_retransmit_token);
1774 session->b_2_retransmit_token = NULL;
1775 }
1776 }
1777#if COAP_CLIENT_SUPPORT
1778 if (decrypt_pdu->code == COAP_RESPONSE_CODE(401) &&
1779 (opt = coap_check_option(decrypt_pdu, COAP_OPTION_ECHO, &opt_iter))) {
1780 /* Server is requesting Echo refresh check */
1781 coap_cancel_all_messages(session->context,
1782 session,
1783 &pdu->actual_token);
1784 if (session->con_active)
1785 session->con_active--;
1786 if (!sent_pdu) {
1787 coap_lg_crcv_t *lg_crcv = coap_find_lg_crcv(session, pdu);
1788
1789 if (lg_crcv)
1790 sent_pdu = lg_crcv->sent_pdu;
1791 }
1792 if (sent_pdu) {
1793 coap_send_ack_lkd(session, pdu);
1794 coap_log_debug("PDU requesting re-transmit\n");
1795 coap_show_pdu(COAP_LOG_DEBUG, decrypt_pdu);
1796 coap_log_oscore("RFC9175 retransmit pdu\n");
1797 /* Do not care if this fails */
1798 if (coap_retransmit_oscore_pdu(session, sent_pdu, opt) != COAP_INVALID_MID) {
1799 session->doing_b_1_2 = 1;
1800 }
1801 goto error_no_ack;
1802 }
1803 } else if (session->doing_b_1_2) {
1804 coap_lg_crcv_t *lg_crcv = coap_find_lg_crcv(session, pdu);
1805
1806 if (lg_crcv) {
1807 if (!coap_binary_equal(&decrypt_pdu->actual_token, lg_crcv->app_token)) {
1808 coap_update_token(decrypt_pdu, lg_crcv->app_token->length, lg_crcv->app_token->s);
1809 }
1810 }
1811 session->doing_b_1_2 = 0;
1812 }
1813#endif /* COAP_CLIENT_SUPPORT */
1814 if (association && association->is_observe == 0)
1815 oscore_delete_association(session, association);
1816 return decrypt_pdu;
1817
1818error:
1819 coap_send_ack_lkd(session, pdu);
1820error_no_ack:
1821 if (association && association->is_observe == 0)
1822 oscore_delete_association(session, association);
1823 coap_delete_pdu_lkd(decrypt_pdu);
1824 coap_delete_pdu_lkd(plain_pdu);
1825 return NULL;
1826}
1827
1828typedef enum {
1829 COAP_ENC_ASCII = 0x001,
1830 COAP_ENC_HEX = 0x002,
1831 COAP_ENC_CONFIG = 0x0200,
1832 COAP_ENC_INTEGER = 0x400,
1833 COAP_ENC_TEXT = 0x800,
1834 COAP_ENC_BOOL = 0x1000,
1835 COAP_ENC_UNSIGNED64 = 0x2000,
1836 COAP_ENC_LAST
1837} coap_oscore_coding_t;
1838
1839#undef TEXT_MAPPING
1840#define TEXT_MAPPING(t, v) \
1841 { { sizeof(#t)-1, (const uint8_t *)#t }, v }
1842
1843static struct coap_oscore_encoding_t {
1844 coap_str_const_t name;
1845 coap_oscore_coding_t encoding;
1846} oscore_encoding[] = {
1847 TEXT_MAPPING(ascii, COAP_ENC_ASCII),
1848 TEXT_MAPPING(hex, COAP_ENC_HEX),
1849 TEXT_MAPPING(config, COAP_ENC_CONFIG),
1850 TEXT_MAPPING(integer, COAP_ENC_INTEGER),
1851 TEXT_MAPPING(unsigned64, COAP_ENC_UNSIGNED64),
1852 TEXT_MAPPING(text, COAP_ENC_TEXT),
1853 TEXT_MAPPING(bool, COAP_ENC_BOOL),
1854 {{0, NULL}, COAP_ENC_LAST}
1855};
1856
1857typedef struct {
1858 coap_oscore_coding_t encoding;
1859 const char *encoding_name;
1860 union {
1861 int value_int;
1862 uint64_t value_int64;
1863 coap_bin_const_t *value_bin;
1864 coap_str_const_t value_str;
1865 } u;
1866} oscore_value_t;
1867
1868/*
1869 * Return 1 if hex character
1870 * 0 not hex character
1871 */
1872static int
1873hex_to_char(char c, uint8_t *value) {
1874 if ('a' <= c && c <= 'f') {
1875 *value = c - 'a' + 10;
1876 } else if ('A' <= c && c <= 'F') {
1877 *value = c - 'A' + 10;
1878 } else if ('0' <= c && c <= '9') {
1879 *value = c - '0';
1880 } else {
1881 *value = 0;
1882 return 0;
1883 }
1884 return 1;
1885}
1886
1887/* Parse the hex into binary */
1888static coap_bin_const_t *
1889parse_hex_bin(const char *begin, const char *end) {
1890 coap_binary_t *binary = NULL;
1891 size_t i;
1892 size_t o = 0;
1893
1894 binary = coap_new_binary((end - begin) / 2);
1895 if (binary == NULL)
1896 goto bad_entry;
1897 for (i = 0; (i < (size_t)(end - begin)); i++) {
1898 while ((i < (size_t)(end - begin)) &&
1899 (begin[i] == '\r' || begin[i] == '\n' || begin[i] == ' ')) {
1900 i++;
1901 }
1902 if (i == (size_t)(end - begin))
1903 break;
1904 if (isxdigit((uint8_t)begin[i])) {
1905 uint8_t value;
1906
1907 if (!hex_to_char(begin[i], &value)) {
1908 goto bad_entry;
1909 }
1910 binary->s[o] = value << 4;
1911 i++;
1912 while ((i < (size_t)(end - begin)) &&
1913 (begin[i] == '\r' || begin[i] == '\n' || begin[i] == ' ')) {
1914 i++;
1915 }
1916 if (i == (size_t)(end - begin))
1917 goto bad_entry;
1918 if (!hex_to_char(begin[i], &value)) {
1919 goto bad_entry;
1920 }
1921 binary->s[o++] += value;
1922 } else {
1923 break;
1924 }
1925 }
1926 if (i != (size_t)(end - begin))
1927 goto bad_entry;
1928 return (coap_bin_const_t *)binary;
1929
1930bad_entry:
1931 coap_delete_binary(binary);
1932 return NULL;
1933}
1934
1935/*
1936 * Break up each OSCORE Configuration line entry into the 3 parts which
1937 * are comma separated
1938 *
1939 * keyword,encoding,value
1940 */
1941static int
1942get_split_entry(const char **start,
1943 size_t size,
1944 coap_str_const_t *keyword,
1945 oscore_value_t *value,
1946 cose_curve_t sign_curve) {
1947 const char *begin = *start;
1948 const char *keep_start = *start;
1949 const char *end;
1950 const char *kend;
1951 const char *tend;
1952 const char *split;
1953 size_t i;
1954 size_t len;
1955 (void)sign_curve;
1956
1957retry:
1958 kend = end = memchr(begin, '\n', size);
1959 if (end == NULL)
1960 return 0;
1961
1962 /* Check for multi-line */
1963 if ((tend = memchr(begin, '"', end - begin))) {
1964 /* See if " terminator is on the same line */
1965 if (!memchr(tend + 1, '"', end - tend -1)) {
1966 /* Over multiple lines */
1967 kend = end = memchr(end, '"', size - (end - begin));
1968 if (end == NULL)
1969 return 0;
1970 kend = end = memchr(kend, '\n', size - (kend - begin));
1971 if (end == NULL)
1972 return 0;
1973 }
1974 }
1975
1976 /* Track beginning of next line */
1977 *start = end + 1;
1978 if (end > begin && end[-1] == '\r')
1979 end--;
1980
1981 if (begin[0] == '#' || (end - begin) == 0) {
1982 /* Skip comment / blank line */
1983 size -= kend - begin + 1;
1984 begin = *start;
1985 keep_start = *start;
1986 goto retry;
1987 }
1988
1989 /* Get in the keyword */
1990 split = memchr(begin, ',', end - begin);
1991 if (split == NULL)
1992 goto bad_entry;
1993
1994 keyword->s = (const uint8_t *)begin;
1995 keyword->length = split - begin;
1996
1997 begin = split + 1;
1998 if ((end - begin) == 0)
1999 goto bad_entry;
2000 /* Get in the encoding */
2001 split = memchr(begin, ',', end - begin);
2002 if (split == NULL)
2003 goto bad_entry;
2004
2005 for (i = 0; oscore_encoding[i].name.s; i++) {
2006 coap_str_const_t temp = { split - begin, (const uint8_t *)begin };
2007
2008 if (coap_string_equal(&temp, &oscore_encoding[i].name)) {
2009 value->encoding = oscore_encoding[i].encoding;
2010 value->encoding_name = (const char *)oscore_encoding[i].name.s;
2011 break;
2012 }
2013 }
2014 if (oscore_encoding[i].name.s == NULL)
2015 goto bad_entry;
2016
2017 begin = split + 1;
2018 if ((end - begin) == 0)
2019 goto bad_entry;
2020 /* Get in the keyword's value */
2021 if (value->encoding == COAP_ENC_CONFIG && begin[0] == '\'') {
2022 split = memchr(&begin[1], '\'', size - (begin - keep_start) - 1);
2023 if (split == NULL)
2024 goto bad_entry;
2025 end = memchr(split, '\n', size - (split - keep_start));
2026 if (end == NULL)
2027 return 0;
2028 *start = end + 1;
2029 end = split;
2030 begin++;
2031 } else {
2032 if (begin[0] == '"') {
2033 split = memchr(&begin[1], '"', end - split - 1);
2034 if (split == NULL)
2035 goto bad_entry;
2036 end = split;
2037 begin++;
2038 }
2039 }
2040 switch (value->encoding) {
2041 case COAP_ENC_CONFIG:
2042 case COAP_ENC_ASCII:
2043 value->u.value_bin =
2044 coap_new_bin_const((const uint8_t *)begin, end - begin);
2045 if (value->u.value_bin == NULL)
2046 goto bad_entry;
2047 break;
2048 case COAP_ENC_HEX:
2049 /* Parse the hex into binary */
2050 value->u.value_bin = parse_hex_bin(begin, end);
2051 if (value->u.value_bin == NULL)
2052 goto bad_entry;
2053 break;
2054 case COAP_ENC_INTEGER:
2055 value->u.value_int = atoi(begin);
2056 break;
2057 case COAP_ENC_UNSIGNED64: {
2058 value->u.value_int64 = strtoull(begin, NULL, 10);
2059 break;
2060 }
2061 case COAP_ENC_TEXT:
2062 value->u.value_str.s = (const uint8_t *)begin;
2063 value->u.value_str.length = end - begin;
2064 break;
2065 case COAP_ENC_BOOL:
2066 len = (size_t)(end - begin);
2067 if (len == 4 && memcmp("true", begin, len) == 0)
2068 value->u.value_int = 1;
2069 else if (len == 5 && memcmp("false", begin, len) == 0)
2070 value->u.value_int = 0;
2071 else
2072 goto bad_entry;
2073 break;
2074 case COAP_ENC_LAST:
2075 default:
2076 goto bad_entry;
2077 }
2078 return 1;
2079
2080bad_entry:
2081 coap_log_warn("oscore_conf: Unrecognized configuration entry '%.*s'\n",
2082 (int)(end - begin),
2083 begin);
2084 return -1;
2085
2086}
2087
2088#undef CONFIG_ENTRY
2089#define CONFIG_ENTRY(n, e, t) \
2090 { { sizeof(#n)-1, (const uint8_t *)#n }, e, \
2091 offsetof(coap_oscore_conf_t, n), t }
2092
2093#undef CONFIG_SND_ENTRY
2094#define CONFIG_SND_ENTRY(n, e, t) \
2095 { { sizeof(#n)-1, (const uint8_t *)#n }, e, \
2096 offsetof(coap_oscore_snd_conf_t, n), t }
2097
2098#undef CONFIG_RCP_ENTRY
2099#define CONFIG_RCP_ENTRY(n, e, t) \
2100 { { sizeof(#n)-1, (const uint8_t *)#n }, e, \
2101 offsetof(coap_oscore_rcp_conf_t, n), t }
2102
2103#undef CONFIG_DUMMY_ENTRY
2104#define CONFIG_DUMMY_ENTRY(n, e, t) \
2105 { { sizeof(#n)-1, (const uint8_t *)#n }, e, 0, t }
2106
2107typedef struct oscore_text_mapping_t {
2108 coap_str_const_t text;
2109 int value;
2110} oscore_text_mapping_t;
2111
2112/* Naming as per https://www.iana.org/assignments/cose/cose.xhtml#algorithms */
2113static oscore_text_mapping_t text_aead_alg[] = {
2114 TEXT_MAPPING(AES-CCM-16-64-128, COSE_ALGORITHM_AES_CCM_16_64_128),
2115 TEXT_MAPPING(AES-CCM-16-64-256, COSE_ALGORITHM_AES_CCM_16_64_256),
2116 {{0, NULL}, 0}
2117};
2118
2119static oscore_text_mapping_t text_hkdf_alg[] = {
2120 TEXT_MAPPING(direct+HKDF-SHA-256, COSE_HKDF_ALG_HKDF_SHA_256),
2121 {{0, NULL}, 0}
2122};
2123
2124typedef struct oscore_config_t {
2125 coap_str_const_t str_keyword;
2126 coap_oscore_coding_t encoding;
2127 size_t offset;
2128 oscore_text_mapping_t *text_mapping;
2129} oscore_config_t;
2130
2131static oscore_config_t oscore_config[] = {
2132 CONFIG_ENTRY(aead_alg, COAP_ENC_INTEGER | COAP_ENC_TEXT, text_aead_alg),
2133 CONFIG_ENTRY(hkdf_alg, COAP_ENC_INTEGER | COAP_ENC_TEXT, text_hkdf_alg),
2134 CONFIG_ENTRY(master_secret, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2135 CONFIG_ENTRY(master_salt, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2136 CONFIG_ENTRY(id_context, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2137
2138 CONFIG_DUMMY_ENTRY(sender_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2139
2140 CONFIG_DUMMY_ENTRY(recipient_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2141
2142 CONFIG_ENTRY(replay_window, COAP_ENC_INTEGER, NULL),
2143 CONFIG_ENTRY(ssn_freq, COAP_ENC_INTEGER, NULL),
2144 CONFIG_ENTRY(rfc8613_b_1_2, COAP_ENC_BOOL, NULL),
2145 CONFIG_ENTRY(rfc8613_b_2, COAP_ENC_BOOL, NULL),
2146 CONFIG_ENTRY(break_sender_key, COAP_ENC_BOOL, NULL),
2147 CONFIG_ENTRY(break_recipient_key, COAP_ENC_BOOL, NULL),
2148 CONFIG_DUMMY_ENTRY(complex_sender, COAP_ENC_CONFIG, NULL),
2149 CONFIG_DUMMY_ENTRY(complex_recipient, COAP_ENC_CONFIG, NULL),
2150};
2151
2152static oscore_config_t oscore_snd_config[] = {
2153 CONFIG_SND_ENTRY(sender_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2154};
2155
2156static oscore_config_t oscore_rcp_config[] = {
2157 CONFIG_RCP_ENTRY(recipient_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2158 CONFIG_RCP_ENTRY(silent_server, COAP_ENC_BOOL, NULL),
2159 CONFIG_DUMMY_ENTRY(last_seq, COAP_ENC_UNSIGNED64, NULL),
2160 CONFIG_DUMMY_ENTRY(sliding_window, COAP_ENC_UNSIGNED64, NULL),
2161};
2162
2163
2164int
2165coap_delete_oscore_snd_conf(coap_oscore_snd_conf_t *snd_conf) {
2166 if (snd_conf == NULL)
2167 return 0;
2168
2169 coap_delete_bin_const(snd_conf->sender_id);
2170 coap_free_type(COAP_STRING, snd_conf);
2171 return 1;
2172}
2173
2174int
2175coap_delete_oscore_rcp_conf(coap_oscore_rcp_conf_t *rcp_conf) {
2176 if (rcp_conf == NULL)
2177 return 0;
2178
2179 coap_delete_bin_const(rcp_conf->recipient_id);
2180 coap_free_type(COAP_STRING, rcp_conf);
2181 return 1;
2182}
2183
2184int
2185coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf) {
2186 coap_oscore_rcp_conf_t *rcp_conf;
2187 if (oscore_conf == NULL)
2188 return 0;
2189
2190 coap_delete_bin_const(oscore_conf->master_secret);
2191 coap_delete_bin_const(oscore_conf->master_salt);
2192 coap_delete_bin_const(oscore_conf->id_context);
2193 coap_delete_oscore_snd_conf(oscore_conf->sender);
2194
2195 rcp_conf = oscore_conf->recipient_chain;
2196 while (rcp_conf) {
2197 coap_oscore_rcp_conf_t *rcp_next = rcp_conf->next_recipient;
2198
2199 coap_delete_oscore_rcp_conf(rcp_conf);
2200 rcp_conf = rcp_next;
2201 }
2202
2203 coap_free_type(COAP_STRING, oscore_conf);
2204 return 1;
2205}
2206
2207static coap_oscore_snd_conf_t *
2208coap_parse_oscore_snd_conf_mem(coap_bin_const_t conf_mem) {
2209 const char *start = (const char *)conf_mem.s;
2210 const char *end = start + conf_mem.length;
2211 coap_str_const_t keyword;
2212 oscore_value_t value;
2213 coap_oscore_snd_conf_t *snd_conf;
2214
2215 snd_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_snd_conf_t));
2216 if (snd_conf == NULL)
2217 return NULL;
2218 memset(snd_conf, 0, sizeof(coap_oscore_snd_conf_t));
2219
2220 memset(&value, 0, sizeof(value));
2221
2222 while (end > start &&
2223 get_split_entry(&start, end - start, &keyword, &value, 0) > 0) {
2224 size_t i;
2225 size_t j;
2226
2227 for (i = 0; i < sizeof(oscore_snd_config) / sizeof(oscore_snd_config[0]); i++) {
2228 if (coap_string_equal(&oscore_snd_config[i].str_keyword, &keyword) != 0 &&
2229 value.encoding & oscore_snd_config[i].encoding) {
2230 coap_bin_const_t *unused_check;
2231
2232 switch (value.encoding) {
2233 case COAP_ENC_HEX:
2234 case COAP_ENC_ASCII:
2235 memcpy(&unused_check,
2236 &(((char *)snd_conf)[oscore_snd_config[i].offset]),
2237 sizeof(unused_check));
2238 if (unused_check != NULL) {
2239 coap_log_warn("oscore_snd_conf: Keyword '%.*s' duplicated\n",
2240 (int)keyword.length,
2241 (const char *)keyword.s);
2242 coap_delete_bin_const(value.u.value_bin);
2243 goto error;
2244 }
2245 memcpy(&(((char *)snd_conf)[oscore_snd_config[i].offset]),
2246 &value.u.value_bin,
2247 sizeof(value.u.value_bin));
2248 break;
2249 case COAP_ENC_INTEGER:
2250 case COAP_ENC_BOOL:
2251 memcpy(&(((char *)snd_conf)[oscore_snd_config[i].offset]),
2252 &value.u.value_int,
2253 sizeof(value.u.value_int));
2254 break;
2255 case COAP_ENC_TEXT:
2256 for (j = 0; oscore_snd_config[i].text_mapping[j].text.s != NULL; j++) {
2257 if (memcmp(value.u.value_str.s,
2258 oscore_snd_config[i].text_mapping[j].text.s,
2259 value.u.value_str.length) == 0) {
2260 memcpy(&(((char *)snd_conf)[oscore_snd_config[i].offset]),
2261 &oscore_snd_config[i].text_mapping[j].value,
2262 sizeof(oscore_snd_config[i].text_mapping[j].value));
2263 break;
2264 }
2265 }
2266 if (oscore_snd_config[i].text_mapping[j].text.s == NULL) {
2267 coap_log_warn("oscore_snd_conf: Keyword '%.*s': value '%.*s' unknown\n",
2268 (int)keyword.length,
2269 (const char *)keyword.s,
2270 (int)value.u.value_str.length,
2271 (const char *)value.u.value_str.s);
2272 goto error;
2273 }
2274 break;
2275 case COAP_ENC_CONFIG:
2276 case COAP_ENC_UNSIGNED64:
2277 case COAP_ENC_LAST:
2278 default:
2279 assert(0);
2280 break;
2281 }
2282 break;
2283 }
2284 }
2285 if (i == sizeof(oscore_snd_config) / sizeof(oscore_snd_config[0])) {
2286 coap_log_warn("oscore_snd_conf: Keyword '%.*s', type '%s' unknown\n",
2287 (int)keyword.length,
2288 (const char *)keyword.s,
2289 value.encoding_name);
2290 if (value.encoding == COAP_ENC_HEX || value.encoding == COAP_ENC_ASCII ||
2291 value.encoding == COAP_ENC_CONFIG)
2292 coap_delete_bin_const(value.u.value_bin);
2293 goto error;
2294 }
2295 }
2296 if (!snd_conf->sender_id) {
2297 coap_log_warn("oscore_snd_conf: sender_id not defined\n");
2298 goto error;
2299 }
2300 if (snd_conf->sender_id->length > 7) {
2301 coap_log_warn("oscore_snd_conf: Maximum size of sender_id is 7 bytes\n");
2302 goto error;
2303 }
2304 return snd_conf;
2305
2306error:
2307 coap_delete_oscore_snd_conf(snd_conf);
2308 return NULL;
2309}
2310
2311static coap_oscore_rcp_conf_t *
2312coap_parse_oscore_rcp_conf_mem(coap_bin_const_t conf_mem) {
2313 const char *start = (const char *)conf_mem.s;
2314 const char *end = start + conf_mem.length;
2315 coap_str_const_t keyword;
2316 oscore_value_t value;
2317 coap_oscore_rcp_conf_t *rcp_conf;
2318
2319 rcp_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_rcp_conf_t));
2320 if (rcp_conf == NULL)
2321 return NULL;
2322 memset(rcp_conf, 0, sizeof(coap_oscore_rcp_conf_t));
2323
2324 memset(&value, 0, sizeof(value));
2325
2326 while (end > start &&
2327 get_split_entry(&start, end - start, &keyword, &value, 0) > 0) {
2328 size_t i;
2329 size_t j;
2330
2331 for (i = 0; i < sizeof(oscore_rcp_config) / sizeof(oscore_rcp_config[0]); i++) {
2332 if (coap_string_equal(&oscore_rcp_config[i].str_keyword, &keyword) != 0 &&
2333 value.encoding & oscore_rcp_config[i].encoding) {
2334 if (coap_string_equal(coap_make_str_const("last_seq"), &keyword)) {
2335 rcp_conf->last_seq = value.u.value_int64;
2336 rcp_conf->window_initialized = 1;
2337 } else if (coap_string_equal(coap_make_str_const("sliding_window"), &keyword)) {
2338 rcp_conf->sliding_window = value.u.value_int64;
2339 rcp_conf->window_initialized = 1;
2340 } else {
2341 coap_bin_const_t *unused_check;
2342
2343 switch (value.encoding) {
2344 case COAP_ENC_HEX:
2345 case COAP_ENC_ASCII:
2346 memcpy(&unused_check,
2347 &(((char *)rcp_conf)[oscore_rcp_config[i].offset]),
2348 sizeof(unused_check));
2349 if (unused_check != NULL) {
2350 coap_log_warn("oscore_rcp_conf: Keyword '%.*s' duplicated\n",
2351 (int)keyword.length,
2352 (const char *)keyword.s);
2353 coap_delete_bin_const(value.u.value_bin);
2354 goto error;
2355 }
2356 memcpy(&(((char *)rcp_conf)[oscore_rcp_config[i].offset]),
2357 &value.u.value_bin,
2358 sizeof(value.u.value_bin));
2359 break;
2360 case COAP_ENC_INTEGER:
2361 case COAP_ENC_BOOL:
2362 memcpy(&(((char *)rcp_conf)[oscore_rcp_config[i].offset]),
2363 &value.u.value_int,
2364 sizeof(value.u.value_int));
2365 break;
2366 case COAP_ENC_TEXT:
2367 for (j = 0; oscore_rcp_config[i].text_mapping[j].text.s != NULL; j++) {
2368 if (memcmp(value.u.value_str.s,
2369 oscore_rcp_config[i].text_mapping[j].text.s,
2370 value.u.value_str.length) == 0) {
2371 memcpy(&(((char *)rcp_conf)[oscore_rcp_config[i].offset]),
2372 &oscore_rcp_config[i].text_mapping[j].value,
2373 sizeof(oscore_rcp_config[i].text_mapping[j].value));
2374 break;
2375 }
2376 }
2377 if (oscore_rcp_config[i].text_mapping[j].text.s == NULL) {
2378 coap_log_warn("oscore_rcp_conf: Keyword '%.*s': value '%.*s' unknown\n",
2379 (int)keyword.length,
2380 (const char *)keyword.s,
2381 (int)value.u.value_str.length,
2382 (const char *)value.u.value_str.s);
2383 goto error;
2384 }
2385 break;
2386 case COAP_ENC_CONFIG:
2387 case COAP_ENC_UNSIGNED64:
2388 case COAP_ENC_LAST:
2389 default:
2390 assert(0);
2391 break;
2392 }
2393 }
2394 break;
2395 }
2396 }
2397 if (i == sizeof(oscore_rcp_config) / sizeof(oscore_rcp_config[0])) {
2398 coap_log_warn("oscore_rcp_conf: Keyword '%.*s', type '%s' unknown\n",
2399 (int)keyword.length,
2400 (const char *)keyword.s,
2401 value.encoding_name);
2402 if (value.encoding == COAP_ENC_HEX || value.encoding == COAP_ENC_ASCII ||
2403 value.encoding == COAP_ENC_CONFIG)
2404 coap_delete_bin_const(value.u.value_bin);
2405 goto error;
2406 }
2407 }
2408 if (!rcp_conf->recipient_id) {
2409 coap_log_warn("oscore_rcp_conf: recipient_id not defined\n");
2410 goto error;
2411 }
2412 if (rcp_conf->recipient_id->length > 7) {
2413 coap_log_warn("oscore_rcp_conf: Maximum size of recipient_id is 7 bytes\n");
2414 goto error;
2415 }
2416 return rcp_conf;
2417
2418error:
2419 coap_delete_oscore_rcp_conf(rcp_conf);
2420 return NULL;
2421}
2422
2423static coap_oscore_conf_t *
2424coap_parse_oscore_conf_mem(coap_str_const_t conf_mem) {
2425 const char *start = (const char *)conf_mem.s;
2426 const char *end = start + conf_mem.length;
2427 coap_str_const_t keyword;
2428 oscore_value_t value;
2429 coap_oscore_conf_t *oscore_conf;
2430 int split_ok = -1;
2431
2432 oscore_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_conf_t));
2433 if (oscore_conf == NULL)
2434 return NULL;
2435 memset(oscore_conf, 0, sizeof(coap_oscore_conf_t));
2436
2437 memset(&value, 0, sizeof(value));
2438 /* Preset with defaults RFC8612 3.2 */
2439 oscore_conf->replay_window = COAP_OSCORE_DEFAULT_REPLAY_WINDOW;
2440 oscore_conf->ssn_freq = 1;
2441 oscore_conf->aead_alg = COSE_ALGORITHM_AES_CCM_16_64_128;
2442 oscore_conf->hkdf_alg = COSE_HKDF_ALG_HKDF_SHA_256;
2443
2444 oscore_conf->rfc8613_b_1_2 = 1;
2445 oscore_conf->rfc8613_b_2 = 0;
2446 /* For debugging only */
2447 oscore_conf->break_sender_key = 0;
2448 oscore_conf->break_recipient_key = 0;
2449
2450 while (end > start &&
2451 (split_ok = get_split_entry(&start, end - start, &keyword, &value, 0)) > 0) {
2452 size_t i;
2453 size_t j;
2454
2455 for (i = 0; i < sizeof(oscore_config) / sizeof(oscore_config[0]); i++) {
2456 if (coap_string_equal(&oscore_config[i].str_keyword, &keyword) != 0 &&
2457 value.encoding & oscore_config[i].encoding) {
2458 if (coap_string_equal(coap_make_str_const("sender_id"), &keyword)) {
2459 if (value.u.value_bin->length > 7) {
2460 coap_log_warn("oscore_conf: Maximum size of sender_id is 7 bytes\n");
2461 goto error_free_value_bin;
2462 }
2463 if (oscore_conf->sender) {
2464 coap_log_warn("oscore_conf: sender_id duplicated\n");
2465 goto error_free_value_bin;
2466 }
2467 oscore_conf->sender = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_snd_conf_t));
2468 if (!oscore_conf->sender)
2469 goto error_free_value_bin;
2470
2471 memset(oscore_conf->sender, 0, sizeof(coap_oscore_snd_conf_t));
2472 oscore_conf->sender->sender_id = value.u.value_bin;
2473 } else if (coap_string_equal(coap_make_str_const("recipient_id"), &keyword)) {
2474 coap_oscore_rcp_conf_t *rcp_conf;
2475
2476 if (value.u.value_bin->length > 7) {
2477 coap_log_warn("oscore_conf: Maximum size of recipient_id is 7 bytes\n");
2478 goto error_free_value_bin;
2479 }
2480 /* Special case as there are potentially multiple entries */
2481 rcp_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_rcp_conf_t));
2482 if (!rcp_conf)
2483 goto error_free_value_bin;
2484
2485 memset(rcp_conf, 0, sizeof(coap_oscore_rcp_conf_t));
2486 rcp_conf->recipient_id = value.u.value_bin;
2487 rcp_conf->next_recipient = oscore_conf->recipient_chain;
2488 oscore_conf->recipient_chain = rcp_conf;
2489 } else {
2490 coap_bin_const_t *unused_check;
2491
2492 switch (value.encoding) {
2493 case COAP_ENC_CONFIG:
2494 if (keyword.length == sizeof("complex_sender") - 1 &&
2495 memcmp(keyword.s, "complex_sender", keyword.length) == 0) {
2496 coap_oscore_snd_conf_t *snd_conf =
2497 coap_parse_oscore_snd_conf_mem(*value.u.value_bin);
2498
2499 if (!snd_conf) {
2500 coap_log_warn("oscore_conf: Keyword '%.*s' invalid\n",
2501 (int)keyword.length,
2502 (const char *)keyword.s);
2503 goto error_free_value_bin;
2504 }
2505 if (oscore_conf->sender) {
2506 coap_log_warn("oscore_conf: complex_sender duplicated\n");
2507 coap_delete_oscore_snd_conf(snd_conf);
2508 goto error_free_value_bin;
2509 }
2510 oscore_conf->sender = snd_conf;
2511 coap_delete_bin_const(value.u.value_bin);
2512 break;
2513 }
2514 if (keyword.length == sizeof("complex_recipient") - 1 &&
2515 memcmp(keyword.s, "complex_recipient", keyword.length) == 0) {
2516 coap_oscore_rcp_conf_t *rcp_conf =
2517 coap_parse_oscore_rcp_conf_mem(*value.u.value_bin);
2518
2519 if (!rcp_conf) {
2520 coap_log_warn("oscore_conf: Keyword '%.*s' invalid\n",
2521 (int)keyword.length,
2522 (const char *)keyword.s);
2523 goto error_free_value_bin;
2524 }
2525 rcp_conf->next_recipient = oscore_conf->recipient_chain;
2526 oscore_conf->recipient_chain = rcp_conf;
2527 coap_delete_bin_const(value.u.value_bin);
2528 }
2529 break;
2530 case COAP_ENC_ASCII:
2531 case COAP_ENC_HEX:
2532 memcpy(&unused_check,
2533 &(((char *)oscore_conf)[oscore_config[i].offset]),
2534 sizeof(unused_check));
2535 if (unused_check != NULL) {
2536 coap_log_warn("oscore_conf: Keyword '%.*s' duplicated\n",
2537 (int)keyword.length,
2538 (const char *)keyword.s);
2539 goto error_free_value_bin;
2540 }
2541 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
2542 &value.u.value_bin,
2543 sizeof(value.u.value_bin));
2544 break;
2545 case COAP_ENC_INTEGER:
2546 case COAP_ENC_BOOL:
2547 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
2548 &value.u.value_int,
2549 sizeof(value.u.value_int));
2550 break;
2551 case COAP_ENC_TEXT:
2552 for (j = 0; oscore_config[i].text_mapping[j].text.s != NULL; j++) {
2553 if (coap_string_equal(&value.u.value_str,
2554 &oscore_config[i].text_mapping[j].text)) {
2555 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
2556 &oscore_config[i].text_mapping[j].value,
2557 sizeof(oscore_config[i].text_mapping[j].value));
2558 break;
2559 }
2560 }
2561 if (oscore_config[i].text_mapping[j].text.s == NULL) {
2562 coap_log_warn("oscore_conf: Keyword '%.*s': value '%.*s' unknown\n",
2563 (int)keyword.length,
2564 (const char *)keyword.s,
2565 (int)value.u.value_str.length,
2566 (const char *)value.u.value_str.s);
2567 goto error;
2568 }
2569 break;
2570 case COAP_ENC_UNSIGNED64:
2571 case COAP_ENC_LAST:
2572 default:
2573 assert(0);
2574 break;
2575 }
2576 }
2577 break;
2578 }
2579 }
2580 if (i == sizeof(oscore_config) / sizeof(oscore_config[0])) {
2581 coap_log_warn("oscore_conf: Keyword '%.*s', type '%s' unknown\n",
2582 (int)keyword.length,
2583 (const char *)keyword.s,
2584 value.encoding_name);
2585 if (value.encoding == COAP_ENC_HEX || value.encoding == COAP_ENC_ASCII ||
2586 value.encoding == COAP_ENC_CONFIG) {
2587 coap_delete_bin_const(value.u.value_bin);
2588 }
2589 goto error;
2590 }
2591 }
2592 if (split_ok == -1)
2593 goto error;
2594 if (!oscore_conf->master_secret) {
2595 coap_log_warn("oscore_conf: master_secret not defined\n");
2596 goto error;
2597 }
2598 if (!oscore_conf->sender) {
2599 coap_log_warn("oscore_conf: sender_id not defined\n");
2600 goto error;
2601 }
2602 return oscore_conf;
2603
2604error_free_value_bin:
2605 coap_delete_bin_const(value.u.value_bin);
2606error:
2607 coap_delete_oscore_conf(oscore_conf);
2608 return NULL;
2609}
2610
2611static oscore_ctx_t *
2612coap_oscore_init(coap_context_t *c_context, coap_oscore_conf_t *oscore_conf) {
2613 oscore_ctx_t *osc_ctx = NULL;
2614
2615 if (!coap_crypto_check_cipher_alg(oscore_conf->aead_alg)) {
2616 coap_log_warn("COSE: Cipher Algorithm %d not supported\n",
2617 oscore_conf->aead_alg);
2618 goto error;
2619 }
2620 if (!coap_crypto_check_hkdf_alg(oscore_conf->hkdf_alg)) {
2621 coap_log_warn("COSE: HKDF Algorithm %d not supported\n",
2622 oscore_conf->hkdf_alg);
2623 goto error;
2624 }
2625
2626 osc_ctx = oscore_derive_ctx(c_context, oscore_conf);
2627 if (!osc_ctx) {
2628 coap_log_crit("OSCORE: Could not create Security Context!\n");
2629 coap_free_type(COAP_STRING, oscore_conf);
2630 return NULL;
2631 }
2632
2633 /* As all is stored in osc_ctx, oscore_conf is no longer needed */
2634 coap_free_type(COAP_STRING, oscore_conf);
2635
2636 /* return default first context */
2637 return osc_ctx;
2638
2639error:
2640 /* Remove from linked chain */
2641 oscore_remove_context(c_context, osc_ctx);
2642
2643 coap_delete_oscore_conf(oscore_conf);
2644 return NULL;
2645}
2646
2647void
2648coap_delete_all_oscore(coap_context_t *c_context) {
2649 oscore_free_contexts(c_context);
2650}
2651
2652void
2653coap_delete_oscore_associations(coap_session_t *session) {
2654 oscore_delete_server_associations(session);
2655}
2656
2657void
2658coap_oscore_session_set_recipient_ctx(coap_session_t *session,
2659 oscore_recipient_ctx_t *recipient_ctx) {
2660 oscore_recipient_ctx_t *old_ctx;
2661
2662 if (session == NULL || recipient_ctx == NULL)
2663 return;
2664
2665 if (session->recipient_ctx == recipient_ctx) {
2666 /* already attached */
2667 return;
2668 }
2669
2670 old_ctx = session->recipient_ctx;
2671
2672 /* attach recipient context */
2673 session->recipient_ctx = recipient_ctx;
2674 session->recipient_ctx->ref++;
2675
2676 if (old_ctx != NULL) {
2677 oscore_release_recipient_ctx(&old_ctx);
2678 }
2679}
2680
2681void
2682coap_oscore_association_set_recipient_ctx(oscore_association_t *association,
2683 oscore_recipient_ctx_t *recipient_ctx) {
2684 if (association == NULL)
2685 return;
2686
2687 if (association->recipient_ctx == recipient_ctx)
2688 return;
2689
2690 if (association->recipient_ctx != NULL) {
2691 association->recipient_ctx->ref--;
2692 }
2693
2694 association->recipient_ctx = recipient_ctx;
2695 association->recipient_ctx->ref++;
2696}
2697
2698coap_oscore_conf_t *
2699coap_new_oscore_conf(coap_str_const_t conf_mem,
2700 coap_oscore_save_seq_num_t save_seq_num_func,
2701 void *save_seq_num_func_param,
2702 uint64_t start_seq_num) {
2703 coap_oscore_conf_t *oscore_conf = coap_parse_oscore_conf_mem(conf_mem);
2704
2705 if (oscore_conf == NULL)
2706 return NULL;
2707
2708 oscore_conf->save_seq_num_func = save_seq_num_func;
2709 oscore_conf->save_seq_num_func_param = save_seq_num_func_param;
2710 oscore_conf->start_seq_num = start_seq_num;
2711 coap_log_oscore("Start Seq no %" PRIu64 "\n", start_seq_num);
2712 return oscore_conf;
2713}
2714
2715/*
2716 * Compute the size of the potential OSCORE overhead
2717 */
2718size_t
2719coap_oscore_overhead(coap_session_t *session, coap_pdu_t *pdu) {
2720 size_t overhead = 0;
2721 oscore_recipient_ctx_t *rcp_ctx = session->recipient_ctx;
2722 oscore_ctx_t *osc_ctx = rcp_ctx ? rcp_ctx->osc_ctx : NULL;
2723 coap_opt_iterator_t opt_iter;
2724 coap_opt_t *option;
2725
2726 if (osc_ctx == NULL)
2727 return 0;
2728
2729 /* Protected code held in inner PDU as token */
2730 overhead += 1;
2731
2732 /* Observe option (creates inner and outer */
2733 option = coap_check_option(pdu, COAP_OPTION_OBSERVE, &opt_iter);
2734 if (option) {
2735 /* Assume delta is small */
2736 overhead += 2 + coap_opt_length(option);
2737 }
2738
2739 /* Proxy URI option Split - covered by coap_rebuild_pdu_for_proxy () */
2740
2741 /* OSCORE option */
2742 /* Option header */
2743 overhead += 1 +
2744 /* Partial IV (64 bits max)*/
2745 8 +
2746 /* kid context */
2747 (osc_ctx->id_context ? osc_ctx->id_context->length : 0) +
2748 /* kid */
2749 osc_ctx->sender_context->sender_id->length;
2750
2751 /* AAD overhead */
2752 overhead += AES_CCM_TAG;
2753
2754 /* End of options marker */
2755 overhead += 1;
2756
2757 return overhead;
2758}
2759
2760COAP_API int
2761coap_new_oscore_recipient(coap_context_t *context,
2762 coap_bin_const_t *recipient_id) {
2763 int ret;
2764
2765 coap_lock_lock(return 0);
2766 ret = coap_new_oscore_recipient_lkd(context, recipient_id);
2767 coap_lock_unlock();
2768 return ret;
2769}
2770
2771int
2772coap_new_oscore_recipient_lkd(coap_context_t *context,
2773 coap_bin_const_t *recipient_id) {
2774 coap_oscore_rcp_conf_t *rcp_conf;
2775 oscore_recipient_ctx_t *rcp_ctx;
2776
2777 coap_lock_check_locked();
2778
2779 if (context->p_osc_ctx == NULL) {
2780 coap_delete_bin_const(recipient_id);
2781 return 0;
2782 }
2783 rcp_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_rcp_conf_t));
2784 if (rcp_conf == NULL) {
2785 coap_delete_bin_const(recipient_id);
2786 return 0;
2787 }
2788 memset(rcp_conf, 0, sizeof(coap_oscore_rcp_conf_t));
2789 rcp_conf->recipient_id = recipient_id;
2790 /* rcp_conf is released in oscore_add_recipient() */
2791 rcp_ctx = oscore_add_recipient(context->p_osc_ctx, rcp_conf, 0);
2792 if (rcp_ctx == NULL)
2793 return 0;
2794 return 1;
2795}
2796
2797COAP_API int
2798coap_delete_oscore_recipient(coap_context_t *context,
2799 coap_bin_const_t *recipient_id) {
2800 int ret;
2801
2802 if (!context || !recipient_id)
2803 return 0;
2804 coap_lock_lock(return 0);
2805 ret = coap_delete_oscore_recipient_lkd(context, recipient_id);
2806 coap_lock_unlock();
2807 return ret;
2808}
2809
2810int
2811coap_delete_oscore_recipient_lkd(coap_context_t *context,
2812 coap_bin_const_t *recipient_id) {
2813 coap_lock_check_locked();
2814 if (context->p_osc_ctx == NULL)
2815 return 0;
2816 return oscore_delete_recipient(context->p_osc_ctx, recipient_id);
2817}
2818
2819void
2820coap_oscore_register_external_handlers(coap_context_t *context,
2821 coap_oscore_find_handler_t find_handler,
2822 coap_oscore_update_seq_num_handler_t update_seq_num_handler) {
2823 if (context == NULL)
2824 return;
2825
2826 coap_lock_lock(return);
2827 context->oscore_find_cb = find_handler;
2828 context->oscore_update_seq_num_cb = update_seq_num_handler;
2829 coap_lock_unlock();
2830}
2831
2832static coap_oscore_rcp_conf_t *
2833coap_oscore_get_recipient_conf(coap_oscore_conf_t *oscore_conf,
2834 const coap_bin_const_t *rid) {
2835 coap_oscore_rcp_conf_t *next = oscore_conf->recipient_chain;
2836
2837 while (next) {
2838 if (coap_binary_equal(next->recipient_id, rid)) {
2839 return next;
2840 }
2841 next = next->next_recipient;
2842 }
2843 return NULL;
2844}
2845
2846
2847COAP_API int
2848coap_oscore_recipient_set_latest_seq(coap_oscore_conf_t *oscore_conf,
2849 const coap_bin_const_t *recipient_id,
2850 uint64_t last_seq, uint64_t seq_window) {
2851 int ret;
2852
2853 coap_lock_lock(return 0);
2854 ret = coap_oscore_recipient_set_latest_seq_lkd(oscore_conf, recipient_id, last_seq,
2855 seq_window);
2856 coap_lock_unlock();
2857 return ret;
2858}
2859
2860int
2861coap_oscore_recipient_set_latest_seq_lkd(coap_oscore_conf_t *oscore_conf,
2862 const coap_bin_const_t *recipient_id,
2863 uint64_t last_seq, uint64_t seq_window) {
2864 coap_oscore_rcp_conf_t *rcp_conf;
2865
2866 rcp_conf = coap_oscore_get_recipient_conf(oscore_conf, recipient_id);
2867 if (rcp_conf) {
2868 rcp_conf->last_seq = last_seq;
2869 rcp_conf->sliding_window = seq_window;
2870 return 1;
2871 }
2872 return 0;
2873}
2874
2876
2877#else /* !COAP_OSCORE_SUPPORT */
2878int
2879coap_oscore_is_supported(void) {
2880 return 0;
2881}
2882
2883coap_session_t *
2884coap_new_client_session_oscore(coap_context_t *ctx,
2885 const coap_address_t *local_if,
2886 const coap_address_t *server,
2887 coap_proto_t proto,
2888 coap_oscore_conf_t *oscore_conf) {
2889 (void)ctx;
2890 (void)local_if;
2891 (void)server;
2892 (void)proto;
2893 (void)oscore_conf;
2894 return NULL;
2895}
2896
2897coap_session_t *
2898coap_new_client_session_oscore3(coap_context_t *ctx,
2899 const coap_address_t *local_if,
2900 const coap_address_t *server,
2901 coap_proto_t proto,
2902 coap_oscore_conf_t *oscore_conf,
2903 void *app_data,
2904 coap_app_data_free_callback_t callback,
2905 coap_str_const_t *ws_host) {
2906 (void)ctx;
2907 (void)local_if;
2908 (void)server;
2909 (void)proto;
2910 (void)oscore_conf;
2911 (void)app_data;
2912 (void)callback;
2913 (void)ws_host;
2914 return NULL;
2915}
2916
2917coap_session_t *
2918coap_new_client_session_oscore_psk(coap_context_t *ctx,
2919 const coap_address_t *local_if,
2920 const coap_address_t *server,
2921 coap_proto_t proto,
2922 coap_dtls_cpsk_t *psk_data,
2923 coap_oscore_conf_t *oscore_conf) {
2924 (void)ctx;
2925 (void)local_if;
2926 (void)server;
2927 (void)proto;
2928 (void)psk_data;
2929 (void)oscore_conf;
2930 return NULL;
2931}
2932
2933coap_session_t *
2934coap_new_client_session_oscore_psk3(coap_context_t *ctx,
2935 const coap_address_t *local_if,
2936 const coap_address_t *server,
2937 coap_proto_t proto,
2938 coap_dtls_cpsk_t *psk_data,
2939 coap_oscore_conf_t *oscore_conf,
2940 void *app_data,
2941 coap_app_data_free_callback_t callback,
2942 coap_str_const_t *ws_host) {
2943 (void)ctx;
2944 (void)local_if;
2945 (void)server;
2946 (void)proto;
2947 (void)psk_data;
2948 (void)oscore_conf;
2949 (void)app_data;
2950 (void)callback;
2951 (void)ws_host;
2952 return NULL;
2953}
2954
2955coap_session_t *
2956coap_new_client_session_oscore_pki(coap_context_t *ctx,
2957 const coap_address_t *local_if,
2958 const coap_address_t *server,
2959 coap_proto_t proto,
2960 coap_dtls_pki_t *pki_data,
2961 coap_oscore_conf_t *oscore_conf) {
2962 (void)ctx;
2963 (void)local_if;
2964 (void)server;
2965 (void)proto;
2966 (void)pki_data;
2967 (void)oscore_conf;
2968 return NULL;
2969}
2970
2971coap_session_t *
2972coap_new_client_session_oscore_pki3(coap_context_t *ctx,
2973 const coap_address_t *local_if,
2974 const coap_address_t *server,
2975 coap_proto_t proto,
2976 coap_dtls_pki_t *pki_data,
2977 coap_oscore_conf_t *oscore_conf,
2978 void *app_data,
2979 coap_app_data_free_callback_t callback,
2980 coap_str_const_t *ws_host) {
2981 (void)ctx;
2982 (void)local_if;
2983 (void)server;
2984 (void)proto;
2985 (void)pki_data;
2986 (void)oscore_conf;
2987 (void)app_data;
2988 (void)callback;
2989 (void)ws_host;
2990 return NULL;
2991}
2992
2993int
2994coap_context_oscore_server(coap_context_t *context,
2995 coap_oscore_conf_t *oscore_conf) {
2996 (void)context;
2997 (void)oscore_conf;
2998 return 0;
2999}
3000
3001coap_oscore_conf_t *
3002coap_new_oscore_conf(coap_str_const_t conf_mem,
3003 coap_oscore_save_seq_num_t save_seq_num_func,
3004 void *save_seq_num_func_param,
3005 uint64_t start_seq_num) {
3006 (void)conf_mem;
3007 (void)save_seq_num_func;
3008 (void)save_seq_num_func_param;
3009 (void)start_seq_num;
3010 return NULL;
3011}
3012
3013int
3014coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf) {
3015 (void)oscore_conf;
3016 return 0;
3017}
3018
3019int
3020coap_new_oscore_recipient(coap_context_t *context,
3021 coap_bin_const_t *recipient_id) {
3022 (void)context;
3023 (void)recipient_id;
3024 return 0;
3025}
3026
3027int
3028coap_delete_oscore_recipient(coap_context_t *context,
3029 coap_bin_const_t *recipient_id) {
3030 (void)context;
3031 (void)recipient_id;
3032 return 0;
3033}
3034
3035void
3036coap_oscore_register_external_handlers(coap_context_t *context,
3037 coap_oscore_find_handler_t find_handler,
3038 coap_oscore_update_seq_num_handler_t update_seq_num_handler) {
3039 (void)context;
3040 (void)find_handler;
3041 (void)update_seq_num_handler;
3042}
3043
3044COAP_API int
3045coap_oscore_recipient_set_last_seq(coap_oscore_conf_t *oscore_conf,
3046 const coap_bin_const_t *recipient_id,
3047 uint64_t last_seq) {
3048 (void)oscore_conf;
3049 (void)recipient_id;
3050 (void)last_seq;
3051 return 0;
3052}
3053
3054COAP_API int
3055coap_oscore_recipient_set_seq_window(coap_oscore_conf_t *oscore_conf,
3056 const coap_bin_const_t *recipient_id,
3057 uint64_t seq_window) {
3058 (void)oscore_conf;
3059 (void)recipient_id;
3060 (void)seq_window;
3061 return 0;
3062}
3063
3064#endif /* !COAP_OSCORE_SUPPORT */
coap_lg_crcv_t
struct coap_lg_crcv_t coap_lg_crcv_t
Definition coap_forward_decls.h:55
PRIu64
#define PRIu64
Definition coap_internal.h:59
coap_libcoap_build.h
Library specific build wrapper for coap_internal.h.
COAP_API
#define COAP_API
Definition coap_libcoap_build.h:41
COAP_OSCORE_BUF
@ COAP_OSCORE_BUF
Definition coap_mem.h:60
COAP_STRING
@ COAP_STRING
Definition coap_mem.h:33
coap_malloc_type
void * coap_malloc_type(coap_memory_tag_t type, size_t size)
Allocates a chunk of size bytes and returns a pointer to the newly allocated memory.
coap_free_type
void coap_free_type(coap_memory_tag_t type, void *p)
Releases the memory that was allocated by coap_malloc_type().
NULL
#define NULL
Definition coap_option.h:30
coap_opt_t
uint8_t coap_opt_t
Use byte-oriented access methods here because sliding a complex struct coap_opt_t over the data buffe...
Definition coap_option.h:148
coap_code_opt_num_t
coap_code_opt_num_t
Definition coap_option.h:70
COAP_OPTION_OBSERVE
@ COAP_OPTION_OBSERVE
Definition coap_option.h:75
COAP_OPTION_IF_NONE_MATCH
@ COAP_OPTION_IF_NONE_MATCH
Definition coap_option.h:74
COAP_OPTION_ETAG
@ COAP_OPTION_ETAG
Definition coap_option.h:73
COAP_OPTION_EDHOC
@ COAP_OPTION_EDHOC
Definition coap_option.h:89
COAP_OPTION_NORESPONSE
@ COAP_OPTION_NORESPONSE
Definition coap_option.h:98
COAP_OPTION_MAXAGE
@ COAP_OPTION_MAXAGE
Definition coap_option.h:83
COAP_OPTION_SIZE2
@ COAP_OPTION_SIZE2
Definition coap_option.h:92
COAP_OPTION_Q_BLOCK2
@ COAP_OPTION_Q_BLOCK2
Definition coap_option.h:93
COAP_OPTION_PROXY_SCHEME
@ COAP_OPTION_PROXY_SCHEME
Definition coap_option.h:95
COAP_OPTION_HOP_LIMIT
@ COAP_OPTION_HOP_LIMIT
Definition coap_option.h:85
COAP_OPTION_URI_PORT
@ COAP_OPTION_URI_PORT
Definition coap_option.h:76
COAP_OPTION_URI_HOST
@ COAP_OPTION_URI_HOST
Definition coap_option.h:72
COAP_OPTION_BLOCK2
@ COAP_OPTION_BLOCK2
Definition coap_option.h:90
COAP_OPTION_IF_MATCH
@ COAP_OPTION_IF_MATCH
Definition coap_option.h:71
COAP_OPTION_SIZE1
@ COAP_OPTION_SIZE1
Definition coap_option.h:96
COAP_OPTION_ECHO
@ COAP_OPTION_ECHO
Definition coap_option.h:97
COAP_OPTION_RTAG
@ COAP_OPTION_RTAG
Definition coap_option.h:99
COAP_OPTION_BLOCK1
@ COAP_OPTION_BLOCK1
Definition coap_option.h:91
COAP_OPTION_URI_PATH
@ COAP_OPTION_URI_PATH
Definition coap_option.h:79
COAP_OPTION_Q_BLOCK1
@ COAP_OPTION_Q_BLOCK1
Definition coap_option.h:87
COAP_OPTION_OSCORE
@ COAP_OPTION_OSCORE
Definition coap_option.h:78
COAP_OPTION_CONTENT_FORMAT
@ COAP_OPTION_CONTENT_FORMAT
Definition coap_option.h:80
COAP_OPTION_LOCATION_QUERY
@ COAP_OPTION_LOCATION_QUERY
Definition coap_option.h:88
COAP_OPTION_URI_QUERY
@ COAP_OPTION_URI_QUERY
Definition coap_option.h:84
COAP_OPTION_PROXY_URI
@ COAP_OPTION_PROXY_URI
Definition coap_option.h:94
COAP_OPTION_LOCATION_PATH
@ COAP_OPTION_LOCATION_PATH
Definition coap_option.h:77
COAP_OPTION_URI_PATH_ABB
@ COAP_OPTION_URI_PATH_ABB
Definition coap_option.h:81
COAP_OPTION_ACCEPT
@ COAP_OPTION_ACCEPT
Definition coap_option.h:86
coap_oscore_recipient_set_seq_window
COAP_API int coap_oscore_recipient_set_seq_window(coap_oscore_conf_t *oscore_conf, const coap_bin_const_t *recipient_id, uint64_t seq_window)
Definition coap_oscore.c:3055
coap_oscore_recipient_set_last_seq
COAP_API int coap_oscore_recipient_set_last_seq(coap_oscore_conf_t *oscore_conf, const coap_bin_const_t *recipient_id, uint64_t last_seq)
Definition coap_oscore.c:3045
coap_uri_scheme_is_secure
static int coap_uri_scheme_is_secure(const coap_uri_t *uri)
Definition coap_uri.h:92
COAP_URI_SCHEME_LAST
@ COAP_URI_SCHEME_LAST
Definition coap_uri.h:39
coap_send_ack_lkd
coap_mid_t coap_send_ack_lkd(coap_session_t *session, const coap_pdu_t *request)
Sends an ACK message with code 0 for the specified request to dst.
Definition coap_net.c:1230
COAP_BLOCK_CACHE_RESPONSE
#define COAP_BLOCK_CACHE_RESPONSE
Definition coap_block.h:73
coap_prng_lkd
int coap_prng_lkd(void *buf, size_t len)
Fills buf with len random bytes using the default pseudo random number generator.
Definition coap_prng.c:190
coap_handle_event_lkd
int coap_handle_event_lkd(coap_context_t *context, coap_event_t event, coap_session_t *session)
Invokes the event handler of context for the given event and data.
Definition coap_net.c:5268
coap_new_message_id_lkd
uint16_t coap_new_message_id_lkd(coap_session_t *session)
Returns a new message id and updates session->tx_mid accordingly.
Definition coap_session.c:2294
coap_send_internal
coap_mid_t coap_send_internal(coap_session_t *session, coap_pdu_t *pdu, coap_pdu_t *request_pdu)
Sends a CoAP message to given peer.
Definition coap_net.c:2139
coap_cancel_all_messages
void coap_cancel_all_messages(coap_context_t *context, coap_session_t *session, coap_bin_const_t *token)
Cancels all outstanding messages for session session that have the specified token.
Definition coap_net.c:3348
COAP_OSCORE_DEFAULT_REPLAY_WINDOW
#define COAP_OSCORE_DEFAULT_REPLAY_WINDOW
Definition coap_crypto_internal.h:42
coap_crypto_check_hkdf_alg
int coap_crypto_check_hkdf_alg(cose_hkdf_alg_t hkdf_alg)
Check whether the defined hkdf algorithm is supported by the underlying crypto library.
coap_crypto_check_cipher_alg
int coap_crypto_check_cipher_alg(cose_alg_t alg)
Check whether the defined cipher algorithm is supported by the underlying crypto library.
coap_encode_var_safe
unsigned int coap_encode_var_safe(uint8_t *buf, size_t length, unsigned int val)
Encodes multiple-length byte sequences.
Definition coap_encode.c:47
coap_decode_var_bytes
unsigned int coap_decode_var_bytes(const uint8_t *buf, size_t len)
Decodes multiple-length byte sequences.
Definition coap_encode.c:38
coap_decode_var_bytes8
uint64_t coap_decode_var_bytes8(const uint8_t *buf, size_t len)
Decodes multiple-length byte sequences.
Definition coap_encode.c:71
coap_encode_var_safe8
unsigned int coap_encode_var_safe8(uint8_t *buf, size_t length, uint64_t val)
Encodes multiple-length byte sequences.
Definition coap_encode.c:81
COAP_EVENT_OSCORE_DECODE_ERROR
@ COAP_EVENT_OSCORE_DECODE_ERROR
Triggered when there is an OSCORE decode of OSCORE option failure.
Definition coap_event.h:130
COAP_EVENT_OSCORE_INTERNAL_ERROR
@ COAP_EVENT_OSCORE_INTERNAL_ERROR
Triggered when there is an OSCORE internal error i.e malloc failed.
Definition coap_event.h:128
COAP_EVENT_OSCORE_NOT_ENABLED
@ COAP_EVENT_OSCORE_NOT_ENABLED
Triggered when trying to use OSCORE to decrypt, but it is not enabled.
Definition coap_event.h:122
COAP_EVENT_OSCORE_NO_SECURITY
@ COAP_EVENT_OSCORE_NO_SECURITY
Triggered when there is no OSCORE security definition found.
Definition coap_event.h:126
COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD
@ COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD
Triggered when there is no OSCORE encrypted payload provided.
Definition coap_event.h:124
COAP_EVENT_OSCORE_DECRYPTION_FAILURE
@ COAP_EVENT_OSCORE_DECRYPTION_FAILURE
Triggered when there is an OSCORE decryption failure.
Definition coap_event.h:120
coap_lock_callback
#define coap_lock_callback(func)
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:651
coap_lock_unlock
#define coap_lock_unlock()
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:612
coap_lock_check_locked
#define coap_lock_check_locked()
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:638
coap_lock_lock
#define coap_lock_lock(failed)
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:582
coap_log_debug
#define coap_log_debug(...)
Definition coap_debug.h:126
coap_get_log_level
coap_log_t coap_get_log_level(void)
Get the current logging level.
Definition coap_debug.c:103
coap_show_pdu
void coap_show_pdu(coap_log_t level, const coap_pdu_t *pdu)
Display the contents of the specified pdu.
Definition coap_debug.c:812
coap_log_oscore
#define coap_log_oscore(...)
Definition coap_debug.h:132
coap_log_warn
#define coap_log_warn(...)
Definition coap_debug.h:108
coap_log_err
#define coap_log_err(...)
Definition coap_debug.h:102
coap_log_crit
#define coap_log_crit(...)
Definition coap_debug.h:96
COAP_LOG_OSCORE
@ COAP_LOG_OSCORE
Definition coap_debug.h:65
COAP_LOG_DEBUG
@ COAP_LOG_DEBUG
Definition coap_debug.h:64
coap_option_next
coap_opt_t * coap_option_next(coap_opt_iterator_t *oi)
Updates the iterator oi to point to the next option.
Definition coap_option.c:153
coap_opt_length
uint32_t coap_opt_length(const coap_opt_t *opt)
Returns the length of the given option.
Definition coap_option.c:212
coap_option_iterator_init
coap_opt_iterator_t * coap_option_iterator_init(const coap_pdu_t *pdu, coap_opt_iterator_t *oi, const coap_opt_filter_t *filter)
Initializes the given option iterator oi to point to the beginning of the pdu's option list.
Definition coap_option.c:117
coap_delete_optlist
void coap_delete_optlist(coap_optlist_t *queue)
Removes all entries from the optlist_chain, freeing off their memory usage.
Definition coap_option.c:605
COAP_OPT_ALL
#define COAP_OPT_ALL
Pre-defined filter that includes all options.
Definition coap_option.h:230
coap_add_optlist_pdu
int coap_add_optlist_pdu(coap_pdu_t *pdu, coap_optlist_t **options)
The current optlist of optlist_chain is first sorted (as per RFC7272 ordering requirements) and then ...
Definition coap_option.c:554
coap_check_option
coap_opt_t * coap_check_option(const coap_pdu_t *pdu, coap_option_num_t number, coap_opt_iterator_t *oi)
Retrieves the first option of number number from pdu.
Definition coap_option.c:199
coap_opt_value
const uint8_t * coap_opt_value(const coap_opt_t *opt)
Returns a pointer to the value of the given option.
Definition coap_option.c:249
oscore_cbor_get_element_size
size_t oscore_cbor_get_element_size(const uint8_t **buffer, size_t *buf_size)
cose_encrypt0_set_plaintext
void cose_encrypt0_set_plaintext(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size)
cose_encrypt0_set_key
int cose_encrypt0_set_key(cose_encrypt0_t *ptr, coap_bin_const_t *key)
cose_encrypt0_set_kid_context
void cose_encrypt0_set_kid_context(cose_encrypt0_t *ptr, coap_bin_const_t *kid_context)
cose_get_alg_name
const char * cose_get_alg_name(cose_alg_t id, char *buffer, size_t buflen)
cose_encrypt0_set_ciphertext
void cose_encrypt0_set_ciphertext(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size)
cose_encrypt0_decrypt
int cose_encrypt0_decrypt(cose_encrypt0_t *ptr, uint8_t *plaintext_buffer, size_t plaintext_len)
cose_tag_len
size_t cose_tag_len(cose_alg_t cose_alg)
cose_encrypt0_set_aad
void cose_encrypt0_set_aad(cose_encrypt0_t *ptr, coap_bin_const_t *aad)
cose_curve_t
cose_curve_t
Definition oscore_cose.h:62
cose_encrypt0_encrypt
int cose_encrypt0_encrypt(cose_encrypt0_t *ptr, uint8_t *ciphertext_buffer, size_t ciphertext_len)
cose_encrypt0_set_partial_iv
void cose_encrypt0_set_partial_iv(cose_encrypt0_t *ptr, coap_bin_const_t *partial_iv)
cose_encrypt0_set_external_aad
void cose_encrypt0_set_external_aad(cose_encrypt0_t *ptr, coap_bin_const_t *external_aad)
cose_encrypt0_init
void cose_encrypt0_init(cose_encrypt0_t *ptr)
cose_encrypt0_set_alg
void cose_encrypt0_set_alg(cose_encrypt0_t *ptr, uint8_t alg)
cose_encrypt0_set_key_id
void cose_encrypt0_set_key_id(cose_encrypt0_t *ptr, coap_bin_const_t *key_id)
cose_encrypt0_set_nonce
void cose_encrypt0_set_nonce(cose_encrypt0_t *ptr, coap_bin_const_t *nonce)
COSE_HKDF_ALG_HKDF_SHA_256
@ COSE_HKDF_ALG_HKDF_SHA_256
Definition oscore_cose.h:169
COSE_ALGORITHM_AES_CCM_16_64_128
@ COSE_ALGORITHM_AES_CCM_16_64_128
Definition oscore_cose.h:147
COSE_ALGORITHM_AES_CCM_16_64_256
@ COSE_ALGORITHM_AES_CCM_16_64_256
Definition oscore_cose.h:148
oscore_prepare_aad
size_t oscore_prepare_aad(const uint8_t *external_aad_buffer, size_t external_aad_len, uint8_t *aad_buffer, size_t aad_size)
oscore_encode_option_value
size_t oscore_encode_option_value(uint8_t *option_buffer, size_t option_buf_len, cose_encrypt0_t *cose, uint8_t group, uint8_t appendix_b_2)
coap_oscore_association_set_recipient_ctx
void coap_oscore_association_set_recipient_ctx(oscore_association_t *association, oscore_recipient_ctx_t *recipient_ctx)
Set the recipient context of an association.
oscore_derive_ctx_from_conf
oscore_ctx_t * oscore_derive_ctx_from_conf(coap_oscore_conf_t *oscore_conf)
oscore_derive_ctx_from_conf - derive a osc_ctx from oscore_conf information
coap_delete_oscore_recipient_lkd
int coap_delete_oscore_recipient_lkd(coap_context_t *context, coap_bin_const_t *recipient_id)
Release all the information associated for the specific Recipient ID (and hence and stop any further ...
oscore_delete_association
int oscore_delete_association(coap_session_t *session, oscore_association_t *association)
coap_new_client_session_oscore3_lkd
coap_session_t * coap_new_client_session_oscore3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, protecting the data using OSCORE,...
oscore_validate_sender_seq
uint8_t oscore_validate_sender_seq(oscore_recipient_ctx_t *ctx, cose_encrypt0_t *cose)
oscore_add_recipient
oscore_recipient_ctx_t * oscore_add_recipient(oscore_ctx_t *ctx, coap_oscore_rcp_conf_t *rcp_conf, uint32_t break_key)
oscore_add_recipient - add in recipient information
OSCORE_SEQ_MAX
#define OSCORE_SEQ_MAX
Definition oscore_context.h:74
coap_init_oscore_context_from_conf
oscore_ctx_t * coap_init_oscore_context_from_conf(coap_oscore_conf_t *oscore_conf)
Initializes an OSCORE context from the given configuration.
AES_CCM_TAG
#define AES_CCM_TAG
Definition oscore_crypto.h:63
coap_oscore_session_set_recipient_ctx
void coap_oscore_session_set_recipient_ctx(coap_session_t *session, oscore_recipient_ctx_t *recipient_ctx)
Attach the OSCORE recipient context information to the session.
oscore_decode_option_value
int oscore_decode_option_value(const uint8_t *option_value, size_t option_len, cose_encrypt0_t *cose)
coap_delete_oscore_snd_conf
int coap_delete_oscore_snd_conf(coap_oscore_snd_conf_t *oscore_snd_conf)
Release all the information associated with the OSCORE complex Sender configuration.
coap_oscore_new_pdu_encrypted_lkd
coap_pdu_t * coap_oscore_new_pdu_encrypted_lkd(coap_session_t *session, coap_pdu_t *pdu, coap_bin_const_t *kid_context, oscore_partial_iv_t send_partial_iv)
Encrypts the specified pdu when OSCORE encryption is required on session.
oscore_delete_recipient
int oscore_delete_recipient(oscore_ctx_t *osc_ctx, coap_bin_const_t *rid)
oscore_increment_sender_seq
uint8_t oscore_increment_sender_seq(oscore_ctx_t *ctx)
oscore_update_ctx
void oscore_update_ctx(oscore_ctx_t *osc_ctx, coap_bin_const_t *id_context)
oscore_update_ctx - update a osc_ctx with a new id_context
coap_new_client_session_oscore_psk3_lkd
coap_session_t * coap_new_client_session_oscore_psk3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PSK credentials protecting the data using...
oscore_derive_ctx
oscore_ctx_t * oscore_derive_ctx(coap_context_t *c_context, coap_oscore_conf_t *oscore_conf)
oscore_derive_ctx - derive a osc_ctx from oscore_conf information
coap_oscore_new_pdu_encrypted
COAP_API coap_pdu_t * coap_oscore_new_pdu_encrypted(coap_session_t *session, coap_pdu_t *pdu, coap_bin_const_t *kid_context, oscore_partial_iv_t send_partial_iv)
Encrypts the specified pdu when OSCORE encryption is required on session.
oscore_roll_back_seq
void oscore_roll_back_seq(oscore_recipient_ctx_t *ctx)
oscore_new_association
int oscore_new_association(coap_session_t *session, coap_pdu_t *sent_pdu, coap_bin_const_t *token, oscore_recipient_ctx_t *recipient_ctx, coap_bin_const_t *aad, coap_bin_const_t *nonce, coap_bin_const_t *partial_iv, int is_observe)
oscore_prepare_e_aad
size_t oscore_prepare_e_aad(oscore_ctx_t *ctx, cose_encrypt0_t *cose, const uint8_t *oscore_option, size_t oscore_option_len, coap_bin_const_t *sender_public_key, uint8_t *external_aad_ptr, size_t external_aad_size)
oscore_delete_server_associations
void oscore_delete_server_associations(coap_session_t *session)
oscore_log_char_value
void oscore_log_char_value(coap_log_t level, const char *name, const char *value)
oscore_find_context
oscore_ctx_t * oscore_find_context(coap_session_t *session, const coap_bin_const_t rcpkey_id, const coap_bin_const_t *ctxkey_id, uint8_t *oscore_r2, oscore_recipient_ctx_t **recipient_ctx)
oscore_find_context - Locate recipient context (and hence OSCORE context)
coap_oscore_decrypt_pdu
struct coap_pdu_t * coap_oscore_decrypt_pdu(coap_session_t *session, coap_pdu_t *pdu)
Decrypts the OSCORE-encrypted parts of pdu when OSCORE is used.
coap_oscore_recipient_set_latest_seq_lkd
int coap_oscore_recipient_set_latest_seq_lkd(coap_oscore_conf_t *oscore_conf, const coap_bin_const_t *recipient_id, uint64_t last_seq, uint64_t seq_window)
Set the latest sequence number and sliding window for the specified recipient id in the compiled conf...
coap_rebuild_pdu_for_proxy
int coap_rebuild_pdu_for_proxy(coap_pdu_t *pdu)
Convert PDU to use Proxy-Scheme option if Proxy-Uri option is present.
oscore_free_contexts
void oscore_free_contexts(coap_context_t *c_context)
oscore_log_hex_value
void oscore_log_hex_value(coap_log_t level, const char *name, coap_bin_const_t *value)
coap_delete_oscore_associations
void coap_delete_oscore_associations(coap_session_t *session)
Cleanup all allocated OSCORE association information.
coap_oscore_initiate
int coap_oscore_initiate(coap_session_t *session, coap_oscore_conf_t *oscore_conf)
Initiate an OSCORE session.
coap_new_oscore_recipient_lkd
int coap_new_oscore_recipient_lkd(coap_context_t *context, coap_bin_const_t *recipient_id)
Add in the specific Recipient ID into the OSCORE context (server only).
oscore_duplicate_ctx
oscore_ctx_t * oscore_duplicate_ctx(coap_context_t *c_context, oscore_ctx_t *o_osc_ctx, coap_bin_const_t *sender_id, coap_bin_const_t *recipient_id, coap_bin_const_t *id_context)
oscore_duplicate_ctx - duplicate a osc_ctx
oscore_partial_iv_t
oscore_partial_iv_t
Definition coap_oscore_internal.h:87
coap_delete_all_oscore
void coap_delete_all_oscore(coap_context_t *context)
Cleanup all allocated OSCORE information.
oscore_generate_nonce
void oscore_generate_nonce(cose_encrypt0_t *ptr, oscore_ctx_t *ctx, uint8_t *buffer, uint8_t size)
oscore_remove_context
int oscore_remove_context(coap_context_t *c_context, oscore_ctx_t *osc_ctx)
oscore_find_association
oscore_association_t * oscore_find_association(coap_session_t *session, coap_bin_const_t *token)
coap_context_oscore_server_lkd
int coap_context_oscore_server_lkd(coap_context_t *context, coap_oscore_conf_t *oscore_conf)
Set the context's default OSCORE configuration for a server.
coap_delete_oscore_rcp_conf
int coap_delete_oscore_rcp_conf(coap_oscore_rcp_conf_t *oscore_rcp_conf)
Release all the information associated with the OSCORE complex Recipient configuration.
oscore_release_recipient_ctx
void oscore_release_recipient_ctx(oscore_recipient_ctx_t **recipient_ctx)
Cleanup recipient context, including releasing the oscore context if the oscore context referenced is...
coap_new_client_session_oscore_pki3_lkd
coap_session_t * coap_new_client_session_oscore_pki3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PKI credentials protecting the data using...
coap_oscore_overhead
size_t coap_oscore_overhead(coap_session_t *session, coap_pdu_t *pdu)
Determine the additional data size requirements for adding in OSCORE.
OSCORE_SEND_PARTIAL_IV
@ OSCORE_SEND_PARTIAL_IV
Send partial IV with encrypted PDU.
Definition coap_oscore_internal.h:89
OSCORE_SEND_NO_IV
@ OSCORE_SEND_NO_IV
Do not send partial IV unless added by a response.
Definition coap_oscore_internal.h:88
coap_oscore_recipient_set_latest_seq
COAP_API int coap_oscore_recipient_set_latest_seq(coap_oscore_conf_t *oscore_conf, const coap_bin_const_t *recipient_id, uint64_t last_seq, uint64_t seq_window)
Set the latest sequence number and sliding window for the specified recipient id in the compiled conf...
coap_new_oscore_conf
coap_oscore_conf_t * coap_new_oscore_conf(coap_str_const_t conf_mem, coap_oscore_save_seq_num_t save_seq_num_func, void *save_seq_num_func_param, uint64_t start_seq_num)
Parse an OSCORE configuration (held in memory) and populate a OSCORE configuration structure.
Definition coap_oscore.c:3002
coap_new_client_session_oscore_psk
coap_session_t * coap_new_client_session_oscore_psk(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PSK credentials as well as protecting the ...
Definition coap_oscore.c:2918
coap_new_client_session_oscore_psk3
coap_session_t * coap_new_client_session_oscore_psk3(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PSK credentials protecting the data using...
Definition coap_oscore.c:2934
coap_oscore_update_seq_num_handler_t
int(* coap_oscore_update_seq_num_handler_t)(const coap_session_t *session, const coap_bin_const_t *rcpkey_id, const coap_bin_const_t *ctxkey_id, uint64_t receiver_seq_num, uint64_t seq_num_window)
Callback function type for persisting the OSCORE receiver sequence number and anti-replay sliding win...
Definition coap_oscore.h:77
coap_delete_oscore_conf
int coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf)
Release all the information associated with the OSCORE configuration.
Definition coap_oscore.c:3014
coap_new_client_session_oscore
coap_session_t * coap_new_client_session_oscore(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server, protecting the data using OSCORE.
Definition coap_oscore.c:2884
coap_context_oscore_server
int coap_context_oscore_server(coap_context_t *context, coap_oscore_conf_t *oscore_conf)
Set the context's default OSCORE configuration for a server.
Definition coap_oscore.c:2994
coap_oscore_find_handler_t
coap_oscore_conf_t *(* coap_oscore_find_handler_t)(const coap_session_t *session, const coap_bin_const_t *rcpkey_id, const coap_bin_const_t *ctxkey_id)
Callback function type for overriding oscore_find_context().
Definition coap_oscore.h:54
coap_new_client_session_oscore_pki
coap_session_t * coap_new_client_session_oscore_pki(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PKI credentials as well as protecting the ...
Definition coap_oscore.c:2956
coap_new_client_session_oscore3
coap_session_t * coap_new_client_session_oscore3(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, protecting the data using OSCORE,...
Definition coap_oscore.c:2898
coap_new_oscore_recipient
int coap_new_oscore_recipient(coap_context_t *context, coap_bin_const_t *recipient_id)
Add in the specific Recipient ID into the OSCORE context (server only).
Definition coap_oscore.c:3020
coap_oscore_save_seq_num_t
int(* coap_oscore_save_seq_num_t)(uint64_t sender_seq_num, void *param)
Definition of the function used to save the current Sender Sequence Number.
Definition coap_oscore.h:314
coap_delete_oscore_recipient
int coap_delete_oscore_recipient(coap_context_t *context, coap_bin_const_t *recipient_id)
Release all the information associated for the specific Recipient ID (and hence stop any further OSCO...
Definition coap_oscore.c:3028
coap_oscore_register_external_handlers
void coap_oscore_register_external_handlers(coap_context_t *context, coap_oscore_find_handler_t find_handler, coap_oscore_update_seq_num_handler_t update_seq_num_handler)
Register external storage handlers for OSCORE session state.
Definition coap_oscore.c:3036
coap_new_client_session_oscore_pki3
coap_session_t * coap_new_client_session_oscore_pki3(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PKI credentials protecting the data using...
Definition coap_oscore.c:2972
coap_delete_pdu_lkd
void coap_delete_pdu_lkd(coap_pdu_t *pdu)
Dispose of an CoAP PDU and free off associated storage.
Definition coap_pdu.c:197
coap_insert_option
size_t coap_insert_option(coap_pdu_t *pdu, coap_option_num_t number, size_t len, const uint8_t *data)
Inserts option of given number in the pdu with the appropriate data.
Definition coap_pdu.c:692
coap_remove_option
int coap_remove_option(coap_pdu_t *pdu, coap_option_num_t number)
Removes (first) option of given number from the pdu.
Definition coap_pdu.c:546
coap_update_token
int coap_update_token(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Updates token in pdu with length len and data.
Definition coap_pdu.c:470
COAP_PDU_IS_PING
#define COAP_PDU_IS_PING(pdu)
Definition coap_pdu_internal.h:103
coap_pdu_duplicate_lkd
coap_pdu_t * coap_pdu_duplicate_lkd(const coap_pdu_t *old_pdu, coap_session_t *session, size_t token_length, const uint8_t *token, coap_opt_filter_t *drop_options, coap_bool_t expand_opt_abb)
Duplicate an existing PDU.
Definition coap_pdu.c:237
coap_pdu_encode_header
size_t coap_pdu_encode_header(coap_pdu_t *pdu, coap_proto_t proto)
Compose the protocol specific header for the specified PDU.
Definition coap_pdu.c:1603
COAP_PAYLOAD_START
#define COAP_PAYLOAD_START
Definition coap_pdu_internal.h:96
coap_pdu_resize
int coap_pdu_resize(coap_pdu_t *pdu, size_t new_size)
Dynamically grows the size of pdu to new_size.
Definition coap_pdu.c:341
COAP_PDU_IS_REQUEST
#define COAP_PDU_IS_REQUEST(pdu)
Definition coap_pdu_internal.h:99
coap_add_option_internal
size_t coap_add_option_internal(coap_pdu_t *pdu, coap_option_num_t number, size_t len, const uint8_t *data)
Adds option of given number to pdu that is passed as first parameter.
Definition coap_pdu.c:851
COAP_DEFAULT_PORT
#define COAP_DEFAULT_PORT
Definition coap_pdu.h:39
COAP_RESPONSE_CODE
#define COAP_RESPONSE_CODE(N)
Definition coap_pdu.h:96
COAP_RESPONSE_CLASS
#define COAP_RESPONSE_CLASS(C)
Definition coap_pdu.h:99
coap_proto_t
coap_proto_t
CoAP protocol types Note: coap_layers_coap[] needs updating if extended.
Definition coap_pdu.h:234
coap_pdu_code_t
coap_pdu_code_t
Set of codes available for a PDU.
Definition coap_pdu.h:248
coap_add_token
int coap_add_token(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Adds token of length len to pdu.
Definition coap_pdu.c:413
COAPS_DEFAULT_PORT
#define COAPS_DEFAULT_PORT
Definition coap_pdu.h:40
coap_get_data
int coap_get_data(const coap_pdu_t *pdu, size_t *len, const uint8_t **data)
Retrieves the length and data pointer of specified PDU.
Definition coap_pdu.c:947
coap_pdu_init
coap_pdu_t * coap_pdu_init(coap_pdu_type_t type, coap_pdu_code_t code, coap_mid_t mid, size_t size)
Creates a new CoAP PDU with at least enough storage space for the given size maximum message size.
Definition coap_pdu.c:104
COAP_INVALID_MID
#define COAP_INVALID_MID
Indicates an invalid message id.
Definition coap_pdu.h:187
coap_add_data
int coap_add_data(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Adds given data to the pdu that is passed as first parameter.
Definition coap_pdu.c:916
coap_pdu_get_token
coap_bin_const_t coap_pdu_get_token(const coap_pdu_t *pdu)
Gets the token associated with pdu.
Definition coap_pdu.c:1723
COAP_BOOL_FALSE
@ COAP_BOOL_FALSE
Definition coap_pdu.h:295
COAP_REQUEST_CODE_POST
@ COAP_REQUEST_CODE_POST
Definition coap_pdu.h:252
COAP_REQUEST_CODE_FETCH
@ COAP_REQUEST_CODE_FETCH
Definition coap_pdu.h:255
COAP_MESSAGE_NON
@ COAP_MESSAGE_NON
Definition coap_pdu.h:72
COAP_MESSAGE_ACK
@ COAP_MESSAGE_ACK
Definition coap_pdu.h:73
COAP_MESSAGE_CON
@ COAP_MESSAGE_CON
Definition coap_pdu.h:71
coap_new_client_session_pki3_lkd
coap_session_t * coap_new_client_session_pki3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *setup_data, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PKI credentials along with app_data infor...
coap_new_client_session_psk3_lkd
coap_session_t * coap_new_client_session_psk3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *setup_data, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PSK credentials along with app_data infor...
coap_session_release_lkd
void coap_session_release_lkd(coap_session_t *session)
Decrement reference counter on a session.
Definition coap_session.c:378
coap_new_client_session3_lkd
coap_session_t * coap_new_client_session3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PSK credentials along with app_data infor...
COAP_OSCORE_B_2_NONE
@ COAP_OSCORE_B_2_NONE
Definition coap_session_internal.h:52
COAP_OSCORE_B_2_STEP_3
@ COAP_OSCORE_B_2_STEP_3
Definition coap_session_internal.h:55
COAP_OSCORE_B_2_STEP_1
@ COAP_OSCORE_B_2_STEP_1
Definition coap_session_internal.h:53
COAP_OSCORE_B_2_STEP_4
@ COAP_OSCORE_B_2_STEP_4
Definition coap_session_internal.h:56
COAP_OSCORE_B_2_STEP_5
@ COAP_OSCORE_B_2_STEP_5
Definition coap_session_internal.h:57
COAP_OSCORE_B_2_STEP_2
@ COAP_OSCORE_B_2_STEP_2
Definition coap_session_internal.h:54
COAP_PROTO_NOT_RELIABLE
#define COAP_PROTO_NOT_RELIABLE(p)
Definition coap_session.h:41
coap_app_data_free_callback_t
void(* coap_app_data_free_callback_t)(void *data)
Callback to free off the app data when the entry is being deleted / freed off.
Definition coap_session.h:124
coap_delete_bin_const
void coap_delete_bin_const(coap_bin_const_t *s)
Deletes the given const binary data and releases any memory allocated.
Definition coap_str.c:130
coap_delete_str_const
void coap_delete_str_const(coap_str_const_t *s)
Deletes the given const string and releases any memory allocated.
Definition coap_str.c:65
coap_new_binary
coap_binary_t * coap_new_binary(size_t size)
Returns a new binary object with at least size bytes storage allocated.
Definition coap_str.c:81
coap_make_str_const
coap_str_const_t * coap_make_str_const(const char *string)
Take the specified byte array (text) and create a coap_str_const_t *.
Definition coap_str.c:70
coap_new_bin_const
coap_bin_const_t * coap_new_bin_const(const uint8_t *data, size_t size)
Take the specified byte array (text) and create a coap_bin_const_t * Returns a new const binary objec...
Definition coap_str.c:119
coap_str_const_t
struct coap_str_const_t coap_str_const_t
CoAP string data definition with const data.
coap_delete_binary
void coap_delete_binary(coap_binary_t *s)
Deletes the given coap_binary_t object and releases any memory allocated.
Definition coap_str.c:114
coap_binary_equal
#define coap_binary_equal(binary1, binary2)
Compares the two binary data for equality.
Definition coap_str.h:222
coap_string_equal
#define coap_string_equal(string1, string2)
Compares the two strings for equality.
Definition coap_str.h:208
coap_new_str_const
coap_str_const_t * coap_new_str_const(const uint8_t *data, size_t size)
Returns a new const string object with at least size+1 bytes storage allocated, and the provided data...
Definition coap_str.c:55
coap_oscore_is_supported
int coap_oscore_is_supported(void)
Check whether OSCORE is available.
Definition coap_oscore.c:2879
coap_query_into_optlist
int coap_query_into_optlist(const uint8_t *s, size_t length, coap_option_num_t optnum, coap_optlist_t **optlist_chain)
Splits the given URI query into '&' separate segments, and then adds the Uri-Query / Location-Query o...
Definition coap_uri.c:985
coap_path_into_optlist
int coap_path_into_optlist(const uint8_t *s, size_t length, coap_option_num_t optnum, coap_optlist_t **optlist_chain)
Splits the given URI path into '/' separate segments, and then adds the Uri-Path / Location-Path opti...
Definition coap_uri.c:865
coap_split_proxy_uri
int coap_split_proxy_uri(const uint8_t *str_var, size_t len, coap_uri_t *uri)
Parses a given string into URI components.
Definition coap_uri.c:351
coap_uri_scheme
coap_uri_info_t coap_uri_scheme[COAP_URI_SCHEME_LAST]
Definition coap_uri.c:59
coap_address_t
Multi-purpose address abstraction.
Definition coap_address.h:185
coap_bin_const_t
CoAP binary data definition with const data.
Definition coap_str.h:65
coap_bin_const_t::length
size_t length
length of binary data
Definition coap_str.h:66
coap_bin_const_t::s
const uint8_t * s
read-only binary data
Definition coap_str.h:67
coap_binary_t
CoAP binary data definition.
Definition coap_str.h:57
coap_binary_t::length
size_t length
length of binary data
Definition coap_str.h:58
coap_binary_t::s
uint8_t * s
binary data
Definition coap_str.h:59
coap_context_t
The CoAP stack's global state is stored in a coap_context_t object.
Definition coap_net_internal.h:55
coap_dtls_cpsk_t
The structure used for defining the Client PSK setup data to be used.
Definition coap_dtls.h:414
coap_dtls_pki_t
The structure used for defining the PKI setup data to be used.
Definition coap_dtls.h:316
coap_opt_iterator_t
Iterator to run through PDU options.
Definition coap_option.h:290
coap_opt_iterator_t::next_option
coap_opt_t * next_option
pointer to the unparsed next option
Definition coap_option.h:295
coap_opt_iterator_t::length
size_t length
remaining length of PDU
Definition coap_option.h:291
coap_opt_iterator_t::number
coap_option_num_t number
decoded option number
Definition coap_option.h:292
coap_optlist_t
Representation of chained list of CoAP options to install.
Definition coap_option.h:447
coap_oscore_conf_t
The structure used to hold the OSCORE configuration information.
Definition coap_oscore_internal.h:62
coap_oscore_conf_t::save_seq_num_func_param
void * save_seq_num_func_param
Passed to save_seq_num_func().
Definition coap_oscore_internal.h:83
coap_oscore_conf_t::rfc8613_b_2
uint32_t rfc8613_b_2
1 if rfc8613 B.2 protocol else 0
Definition coap_oscore_internal.h:74
coap_oscore_conf_t::hkdf_alg
cose_hkdf_alg_t hkdf_alg
Set to one of COSE_HKDF_ALG_*.
Definition coap_oscore_internal.h:72
coap_oscore_conf_t::break_sender_key
uint32_t break_sender_key
1 if sender key to be broken, else 0
Definition coap_oscore_internal.h:77
coap_oscore_conf_t::sender
coap_oscore_snd_conf_t * sender
The sender - i.e.
Definition coap_oscore_internal.h:66
coap_oscore_conf_t::recipient_chain
coap_oscore_rcp_conf_t * recipient_chain
The recipients as a chain.
Definition coap_oscore_internal.h:67
coap_oscore_conf_t::ssn_freq
uint32_t ssn_freq
Sender Seq Num update frequency.
Definition coap_oscore_internal.h:70
coap_oscore_conf_t::save_seq_num_func
coap_oscore_save_seq_num_t save_seq_num_func
Called every seq num change.
Definition coap_oscore_internal.h:81
coap_oscore_conf_t::rfc8613_b_1_2
uint32_t rfc8613_b_1_2
1 if rfc8613 B.1.2 enabled else 0
Definition coap_oscore_internal.h:73
coap_oscore_conf_t::start_seq_num
uint64_t start_seq_num
Used for ssn_freq updating.
Definition coap_oscore_internal.h:84
coap_oscore_conf_t::break_recipient_key
uint32_t break_recipient_key
1 if recipient key to be broken, else 0
Definition coap_oscore_internal.h:78
coap_oscore_conf_t::master_secret
coap_bin_const_t * master_secret
Common Master Secret.
Definition coap_oscore_internal.h:63
coap_oscore_conf_t::aead_alg
cose_alg_t aead_alg
Set to one of COSE_ALGORITHM_AES*.
Definition coap_oscore_internal.h:71
coap_oscore_conf_t::master_salt
coap_bin_const_t * master_salt
Common Master Salt.
Definition coap_oscore_internal.h:64
coap_oscore_conf_t::replay_window
uint32_t replay_window
Replay window size Use COAP_OSCORE_DEFAULT_REPLAY_WINDOW.
Definition coap_oscore_internal.h:68
coap_oscore_conf_t::id_context
coap_bin_const_t * id_context
Common ID context.
Definition coap_oscore_internal.h:65
coap_oscore_rcp_conf_t
The structure used to hold the OSCORE Recipient configuration.
Definition coap_oscore_internal.h:45
coap_oscore_rcp_conf_t::recipient_id
coap_bin_const_t * recipient_id
Recipient ID (i.e.
Definition coap_oscore_internal.h:48
coap_oscore_rcp_conf_t::last_seq
uint64_t last_seq
Highest sequence number used for this recipient.
Definition coap_oscore_internal.h:55
coap_oscore_rcp_conf_t::window_initialized
uint8_t window_initialized
Contains if the sliding window is initialized 1 if initialized, 0 otherwise.
Definition coap_oscore_internal.h:53
coap_oscore_rcp_conf_t::next_recipient
struct coap_oscore_rcp_conf_t * next_recipient
Used to maintain the chain.
Definition coap_oscore_internal.h:46
coap_oscore_rcp_conf_t::sliding_window
uint64_t sliding_window
bitfield sequence counter window
Definition coap_oscore_internal.h:56
coap_oscore_snd_conf_t
The structure used to hold the OSCORE Sender configuration information.
Definition coap_oscore_internal.h:38
coap_oscore_snd_conf_t::sender_id
coap_bin_const_t * sender_id
Sender ID (i.e.
Definition coap_oscore_internal.h:39
coap_pdu_t
structure for CoAP PDUs
Definition coap_pdu_internal.h:132
coap_pdu_t::max_hdr_size
uint8_t max_hdr_size
space reserved for protocol-specific header
Definition coap_pdu_internal.h:139
coap_pdu_t::token
uint8_t * token
first byte of token (or extended length bytes prefix), if any, or options
Definition coap_pdu_internal.h:154
coap_pdu_t::code
coap_pdu_code_t code
request method (value 1–31) or response code (value 64-255)
Definition coap_pdu_internal.h:135
coap_pdu_t::actual_token
coap_bin_const_t actual_token
Actual token in pdu.
Definition coap_pdu_internal.h:147
coap_pdu_t::data
uint8_t * data
first byte of payload, if any
Definition coap_pdu_internal.h:156
coap_pdu_t::mid
coap_mid_t mid
message id, if any, in regular host byte order
Definition coap_pdu_internal.h:137
coap_pdu_t::e_token_length
uint32_t e_token_length
length of Token space (includes leading extended bytes
Definition coap_pdu_internal.h:144
coap_pdu_t::used_size
size_t used_size
used bytes of storage for token, options and payload
Definition coap_pdu_internal.h:150
coap_pdu_t::type
coap_pdu_type_t type
message type
Definition coap_pdu_internal.h:134
coap_session_t
Abstraction of virtual session that can be attached to coap_context_t (client) or coap_endpoint_t (se...
Definition coap_session_internal.h:77
coap_session_t::block_mode
uint32_t block_mode
Zero or more COAP_BLOCK_ or'd options.
Definition coap_session_internal.h:196
coap_session_t::proto
coap_proto_t proto
protocol used
Definition coap_session_internal.h:78
coap_session_t::ref
unsigned ref
reference count from queues
Definition coap_session_internal.h:82
coap_session_t::con_active
uint8_t con_active
Active CON request sent.
Definition coap_session_internal.h:106
coap_session_t::context
coap_context_t * context
session's context
Definition coap_session_internal.h:102
coap_str_const_t
CoAP string data definition with const data.
Definition coap_str.h:47
coap_str_const_t::s
const uint8_t * s
read-only string data
Definition coap_str.h:49
coap_str_const_t::length
size_t length
length of string
Definition coap_str.h:48
coap_uri_t
Representation of parsed URI.
Definition coap_uri.h:70
coap_uri_t::scheme
enum coap_uri_scheme_t scheme
The parsed scheme specifier.
Definition coap_uri.h:82
coap_uri_t::path
coap_str_const_t path
The complete path if present or {0, NULL}.
Definition coap_uri.h:73
coap_uri_t::port
uint16_t port
The port in host byte order.
Definition coap_uri.h:72
coap_uri_t::query
coap_str_const_t query
The complete query if present or {0, NULL}.
Definition coap_uri.h:77
coap_uri_t::host
coap_str_const_t host
The host part of the URI.
Definition coap_uri.h:71
cose_encrypt0_t
Definition oscore_cose.h:199
cose_encrypt0_t::aad
coap_bin_const_t aad
Definition oscore_cose.h:210
cose_encrypt0_t::key
coap_bin_const_t key
Definition oscore_cose.h:201
cose_encrypt0_t::partial_iv
coap_bin_const_t partial_iv
Definition oscore_cose.h:204
cose_encrypt0_t::kid_context
coap_bin_const_t kid_context
Definition oscore_cose.h:206
cose_encrypt0_t::nonce
coap_bin_const_t nonce
Definition oscore_cose.h:208
cose_encrypt0_t::external_aad
coap_bin_const_t external_aad
Definition oscore_cose.h:209
cose_encrypt0_t::key_id
coap_bin_const_t key_id
Definition oscore_cose.h:205
cose_encrypt0_t::oscore_option
coap_bin_const_t oscore_option
Definition oscore_cose.h:207
cose_encrypt0_t::alg
cose_alg_t alg
Definition oscore_cose.h:200
oscore_association_t
Definition oscore_context.h:152
oscore_association_t::obs_partial_iv
coap_bin_const_t * obs_partial_iv
Definition oscore_context.h:160
oscore_association_t::partial_iv
coap_bin_const_t * partial_iv
Definition oscore_context.h:159
oscore_association_t::sent_pdu
coap_pdu_t * sent_pdu
Definition oscore_context.h:155
oscore_association_t::aad
coap_bin_const_t * aad
Definition oscore_context.h:157
oscore_association_t::nonce
coap_bin_const_t * nonce
Definition oscore_context.h:158
oscore_association_t::recipient_ctx
oscore_recipient_ctx_t * recipient_ctx
Definition oscore_context.h:154
oscore_association_t::is_observe
uint8_t is_observe
Definition oscore_context.h:162
oscore_association_t::just_set_up
uint8_t just_set_up
Definition oscore_context.h:163
oscore_ctx_t
Definition oscore_context.h:86
oscore_ctx_t::rfc8613_b_1_2
uint8_t rfc8613_b_1_2
1 if rfc8613 B.1.2 enabled else 0
Definition oscore_context.h:99
oscore_ctx_t::save_seq_num_func_param
void * save_seq_num_func_param
Passed to save_seq_num_func().
Definition oscore_context.h:107
oscore_ctx_t::sender_context
oscore_sender_ctx_t * sender_context
Definition oscore_context.h:96
oscore_ctx_t::aead_alg
cose_alg_t aead_alg
Set to one of COSE_ALGORITHM_AES*.
Definition oscore_context.h:88
oscore_ctx_t::rfc8613_b_2
uint8_t rfc8613_b_2
1 if rfc8613 B.2 protocol else 0
Definition oscore_context.h:101
oscore_ctx_t::save_seq_num_func
coap_oscore_save_seq_num_t save_seq_num_func
Called every seq num change.
Definition oscore_context.h:105
oscore_ctx_t::recipient_chain
oscore_recipient_ctx_t * recipient_chain
Definition oscore_context.h:97
oscore_ctx_t::id_context
coap_bin_const_t * id_context
contains GID in case of group
Definition oscore_context.h:93
oscore_ctx_t::ssn_freq
uint32_t ssn_freq
Sender Seq Num update frequency.
Definition oscore_context.h:104
oscore_recipient_ctx_t
Definition oscore_context.h:119
oscore_recipient_ctx_t::sliding_window
uint64_t sliding_window
Definition oscore_context.h:129
oscore_recipient_ctx_t::ref
unsigned ref
Reference counter to keep track of linked associations / active sessions.
Definition oscore_context.h:120
oscore_recipient_ctx_t::echo_value
uint8_t echo_value[8]
Definition oscore_context.h:132
oscore_recipient_ctx_t::last_seq
uint64_t last_seq
Definition oscore_context.h:127
oscore_recipient_ctx_t::recipient_key
coap_bin_const_t * recipient_key
Definition oscore_context.h:126
oscore_recipient_ctx_t::recipient_id
coap_bin_const_t * recipient_id
Definition oscore_context.h:125
oscore_recipient_ctx_t::initial_state
uint8_t initial_state
Definition oscore_context.h:133
oscore_recipient_ctx_t::osc_ctx
oscore_ctx_t * osc_ctx
Definition oscore_context.h:123
oscore_sender_ctx_t
Definition oscore_context.h:110
oscore_sender_ctx_t::sender_id
coap_bin_const_t * sender_id
Definition oscore_context.h:112
oscore_sender_ctx_t::seq
uint64_t seq
Sender Sequence Number.
Definition oscore_context.h:114
oscore_sender_ctx_t::sender_key
coap_bin_const_t * sender_key
Definition oscore_context.h:113
oscore_sender_ctx_t::next_seq
uint64_t next_seq
Used for ssn_freq updating.
Definition oscore_context.h:116