libcoap 4.3.5-develop-783b531
Loading...
Searching...
No Matches
coap_oscore.c
Go to the documentation of this file.
1/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
3/*
4 * coap_oscore.c -- Object Security for Constrained RESTful Environments
5 * (OSCORE) support for libcoap
6 *
7 * Copyright (C) 2019-2021 Olaf Bergmann <bergmann@tzi.org>
8 * Copyright (C) 2021-2026 Jon Shallow <supjps-libcoap@jpshallow.com>
9 *
10 * SPDX-License-Identifier: BSD-2-Clause
11 *
12 * This file is part of the CoAP library libcoap. Please see README for terms
13 * of use.
14 */
15
21#include "coap3/coap_libcoap_build.h"
22
23#if COAP_OSCORE_SUPPORT
24#include <ctype.h>
25
26#define AAD_BUF_LEN 200 /* length of aad_buffer */
27
28static oscore_ctx_t *coap_oscore_init(coap_context_t *c_context,
29 coap_oscore_conf_t *oscore_conf);
30
31#if COAP_CLIENT_SUPPORT
32
33int
34coap_oscore_initiate(coap_session_t *session, coap_oscore_conf_t *oscore_conf) {
35 if (oscore_conf) {
36 oscore_ctx_t *osc_ctx;
37
38 if (oscore_conf->recipient_chain == NULL) {
39 coap_log_warn("OSCORE: Recipient ID must be defined for a client\n");
40 coap_delete_oscore_conf(oscore_conf);
41 return 0;
42 }
43 if (oscore_conf->rfc8613_b_2) {
44 /* Need to replace id_context with random value */
45 coap_binary_t *id_context = coap_new_binary(8);
46
47 if (id_context == NULL) {
48 coap_delete_oscore_conf(oscore_conf);
49 return 0;
50 }
51 coap_delete_bin_const(oscore_conf->id_context);
52 coap_prng_lkd(id_context->s, id_context->length);
53 oscore_conf->id_context = (coap_bin_const_t *)id_context;
54 session->b_2_step = COAP_OSCORE_B_2_STEP_1;
55 coap_log_oscore("Appendix B.2 client step 1 (Generated ID1)\n");
56 }
57
58 osc_ctx = coap_oscore_init(session->context, oscore_conf);
59 if (osc_ctx == NULL) {
60 return 0;
61 }
62 session->recipient_ctx = osc_ctx->recipient_chain;
63 session->oscore_encryption = 1;
64 }
65 return 1;
66}
67
68COAP_API coap_session_t *
69coap_new_client_session_oscore(coap_context_t *ctx,
70 const coap_address_t *local_if,
71 const coap_address_t *server,
72 coap_proto_t proto,
73 coap_oscore_conf_t *oscore_conf) {
74 coap_session_t *session;
75
76 coap_lock_lock(return NULL);
77 session = coap_new_client_session_oscore3_lkd(ctx, local_if, server, proto, oscore_conf, NULL,
78 NULL, NULL);
79 coap_lock_unlock();
80 return session;
81}
82
83COAP_API coap_session_t *
84coap_new_client_session_oscore3(coap_context_t *ctx,
85 const coap_address_t *local_if,
86 const coap_address_t *server,
87 coap_proto_t proto,
88 coap_oscore_conf_t *oscore_conf,
89 void *app_data,
90 coap_app_data_free_callback_t callback,
91 coap_str_const_t *ws_host) {
92 coap_session_t *session;
93
94 coap_lock_lock(return NULL);
95 session = coap_new_client_session_oscore3_lkd(ctx, local_if, server, proto, oscore_conf, app_data,
96 callback, ws_host);
97 coap_lock_unlock();
98 return session;
99}
100
101coap_session_t *
102coap_new_client_session_oscore3_lkd(coap_context_t *ctx,
103 const coap_address_t *local_if,
104 const coap_address_t *server,
105 coap_proto_t proto,
106 coap_oscore_conf_t *oscore_conf,
107 void *app_data,
108 coap_app_data_free_callback_t callback,
109 coap_str_const_t *ws_host) {
110 coap_session_t *session =
111 coap_new_client_session3_lkd(ctx, local_if, server, proto, app_data, callback, ws_host);
112
113 if (!session)
114 return NULL;
115
116 if (coap_oscore_initiate(session, oscore_conf) == 0) {
117 coap_session_release_lkd(session);
118 return NULL;
119 }
120 return session;
121}
122
123COAP_API coap_session_t *
124coap_new_client_session_oscore_psk(coap_context_t *ctx,
125 const coap_address_t *local_if,
126 const coap_address_t *server,
127 coap_proto_t proto,
128 coap_dtls_cpsk_t *psk_data,
129 coap_oscore_conf_t *oscore_conf) {
130 coap_session_t *session;
131
132 coap_lock_lock(return NULL);
133 session = coap_new_client_session_oscore_psk3_lkd(ctx, local_if, server, proto, psk_data,
134 oscore_conf, NULL, NULL, NULL);
135 coap_lock_unlock();
136 return session;
137}
138
139COAP_API coap_session_t *
140coap_new_client_session_oscore_psk3(coap_context_t *ctx,
141 const coap_address_t *local_if,
142 const coap_address_t *server,
143 coap_proto_t proto,
144 coap_dtls_cpsk_t *psk_data,
145 coap_oscore_conf_t *oscore_conf,
146 void *app_data,
147 coap_app_data_free_callback_t callback,
148 coap_str_const_t *ws_host) {
149 coap_session_t *session;
150
151 coap_lock_lock(return NULL);
152 session = coap_new_client_session_oscore_psk3_lkd(ctx, local_if, server, proto, psk_data,
153 oscore_conf, app_data, callback, ws_host);
154 coap_lock_unlock();
155 return session;
156}
157
158coap_session_t *
159coap_new_client_session_oscore_psk3_lkd(coap_context_t *ctx,
160 const coap_address_t *local_if,
161 const coap_address_t *server,
162 coap_proto_t proto,
163 coap_dtls_cpsk_t *psk_data,
164 coap_oscore_conf_t *oscore_conf,
165 void *app_data,
166 coap_app_data_free_callback_t callback,
167 coap_str_const_t *ws_host) {
168 coap_session_t *session;
169
170 coap_lock_check_locked();
171 session = coap_new_client_session_psk3_lkd(ctx, local_if, server, proto, psk_data,
172 app_data, callback, ws_host);
173
174 if (!session)
175 return NULL;
176
177 if (coap_oscore_initiate(session, oscore_conf) == 0) {
178 coap_session_release_lkd(session);
179 return NULL;
180 }
181 return session;
182}
183
184COAP_API coap_session_t *
185coap_new_client_session_oscore_pki(coap_context_t *ctx,
186 const coap_address_t *local_if,
187 const coap_address_t *server,
188 coap_proto_t proto,
189 coap_dtls_pki_t *pki_data,
190 coap_oscore_conf_t *oscore_conf) {
191 coap_session_t *session;
192
193 coap_lock_lock(return NULL);
194 session = coap_new_client_session_oscore_pki3_lkd(ctx, local_if, server, proto, pki_data,
195 oscore_conf, NULL, NULL, NULL);
196 coap_lock_unlock();
197 return session;
198}
199
200COAP_API coap_session_t *
201coap_new_client_session_oscore_pki3(coap_context_t *ctx,
202 const coap_address_t *local_if,
203 const coap_address_t *server,
204 coap_proto_t proto,
205 coap_dtls_pki_t *pki_data,
206 coap_oscore_conf_t *oscore_conf,
207 void *app_data,
208 coap_app_data_free_callback_t callback,
209 coap_str_const_t *ws_host) {
210 coap_session_t *session;
211
212 coap_lock_lock(return NULL);
213 session = coap_new_client_session_oscore_pki3_lkd(ctx, local_if, server, proto, pki_data,
214 oscore_conf, app_data, callback, ws_host);
215 coap_lock_unlock();
216 return session;
217}
218
219coap_session_t *
220coap_new_client_session_oscore_pki3_lkd(coap_context_t *ctx,
221 const coap_address_t *local_if,
222 const coap_address_t *server,
223 coap_proto_t proto,
224 coap_dtls_pki_t *pki_data,
225 coap_oscore_conf_t *oscore_conf,
226 void *app_data,
227 coap_app_data_free_callback_t callback,
228 coap_str_const_t *ws_host) {
229 coap_session_t *session;
230
231 coap_lock_check_locked();
232 session = coap_new_client_session_pki3_lkd(ctx, local_if, server, proto, pki_data,
233 app_data, callback, ws_host);
234
235 if (!session)
236 return NULL;
237
238 if (coap_oscore_initiate(session, oscore_conf) == 0) {
239 coap_session_release_lkd(session);
240 return NULL;
241 }
242 return session;
243}
244#endif /* COAP_CLIENT_SUPPORT */
245#if COAP_SERVER_SUPPORT
246
247COAP_API int
248coap_context_oscore_server(coap_context_t *context,
249 coap_oscore_conf_t *oscore_conf) {
250 int ret;
251
252 coap_lock_lock(return 0);
253 ret = coap_context_oscore_server_lkd(context, oscore_conf);
254 coap_lock_unlock();
255 return ret;
256}
257
258int
259coap_context_oscore_server_lkd(coap_context_t *context,
260 coap_oscore_conf_t *oscore_conf) {
261 oscore_ctx_t *osc_ctx;
262
263 coap_lock_check_locked();
264 osc_ctx = coap_oscore_init(context, oscore_conf);
265 /* osc_ctx already added to context->osc_ctx */
266 if (osc_ctx)
267 return 1;
268 return 0;
269}
270
271#endif /* COAP_SERVER_SUPPORT */
272
273int
274coap_rebuild_pdu_for_proxy(coap_pdu_t *pdu) {
275 coap_uri_t uri;
276 coap_opt_iterator_t opt_iter;
277 coap_opt_t *option;
278 uint8_t option_value_buffer[15];
279 coap_optlist_t *optlist_chain = NULL;
280
281 if ((option =
282 coap_check_option(pdu, COAP_OPTION_PROXY_URI, &opt_iter)) == NULL)
283 return 1;
284
285 /* Need to break down into the component parts, but keep data safe */
286 memset(&uri, 0, sizeof(uri));
287
288 if (coap_split_proxy_uri(coap_opt_value(option),
289 coap_opt_length(option),
290 &uri) < 0 || uri.scheme >= COAP_URI_SCHEME_LAST) {
291 coap_log_warn("Proxy URI '%.*s' not decodable\n",
292 coap_opt_length(option),
293 (const char *)coap_opt_value(option));
294 goto error;
295 }
296 if (!coap_remove_option(pdu, COAP_OPTION_PROXY_URI))
297 goto error;
298
299 if (!coap_insert_option(pdu,
300 COAP_OPTION_URI_HOST,
301 uri.host.length,
302 uri.host.s))
303 goto error;
304 if (uri.port != (coap_uri_scheme_is_secure(&uri) ? COAPS_DEFAULT_PORT : COAP_DEFAULT_PORT) &&
305 !coap_insert_option(pdu,
306 COAP_OPTION_URI_PORT,
307 coap_encode_var_safe(option_value_buffer,
308 sizeof(option_value_buffer),
309 uri.port & 0xffff),
310 option_value_buffer))
311 goto error;
312 if (uri.path.length) {
313 /* Add in the Uri-Path options */
314 if (!coap_path_into_optlist(uri.path.s, uri.path.length, COAP_OPTION_URI_PATH,
315 &optlist_chain))
316 goto error;
317 }
318 if (uri.query.length) {
319 /* Add in the Uri-Query options */
320 if (!coap_query_into_optlist(uri.query.s, uri.query.length, COAP_OPTION_URI_QUERY,
321 &optlist_chain))
322 goto error;
323 }
324 if (!coap_add_optlist_pdu(pdu, &optlist_chain))
325 goto error;
326
327 if (!coap_insert_option(pdu,
328 COAP_OPTION_PROXY_SCHEME,
329 strlen(coap_uri_scheme[uri.scheme].name),
330 (const uint8_t *)coap_uri_scheme[uri.scheme].name))
331 goto error;
332
333 coap_delete_optlist(optlist_chain);
334 return 1;
335
336error:
337 coap_delete_optlist(optlist_chain);
338 return 0;
339}
340
341static void
342dump_cose(cose_encrypt0_t *cose, const char *message) {
343#if COAP_MAX_LOGGING_LEVEL < _COAP_LOG_OSCORE
344 (void)cose;
345 (void)message;
346#else /* COAP_MAX_LOGGING_LEVEL >= _COAP_LOG_OSCORE */
347 if (coap_get_log_level() >= COAP_LOG_OSCORE) {
348 char buffer[30];
349
350 coap_log_oscore("%s COSE information\n", message);
351 oscore_log_char_value(COAP_LOG_OSCORE, "alg",
352 cose_get_alg_name(cose->alg, buffer, sizeof(buffer)));
353 oscore_log_hex_value(COAP_LOG_OSCORE, "key", &cose->key);
354 oscore_log_hex_value(COAP_LOG_OSCORE, "partial_iv", &cose->partial_iv);
355 oscore_log_hex_value(COAP_LOG_OSCORE, "key_id", &cose->key_id);
356 oscore_log_hex_value(COAP_LOG_OSCORE, "kid_context", &cose->kid_context);
357 oscore_log_hex_value(COAP_LOG_OSCORE,
358 "oscore_option",
359 &cose->oscore_option);
360 oscore_log_hex_value(COAP_LOG_OSCORE, "nonce", &cose->nonce);
361 oscore_log_hex_value(COAP_LOG_OSCORE, "external_aad", &cose->external_aad);
362 oscore_log_hex_value(COAP_LOG_OSCORE, "aad", &cose->aad);
363 }
364#endif /* COAP_MAX_LOGGING_LEVEL >= _COAP_LOG_OSCORE */
365}
366
367COAP_API coap_pdu_t *
368coap_oscore_new_pdu_encrypted(coap_session_t *session,
369 coap_pdu_t *pdu,
370 coap_bin_const_t *kid_context,
371 oscore_partial_iv_t send_partial_iv) {
372 coap_pdu_t *ret_pdu;
373
374 coap_lock_lock(return NULL);
375 ret_pdu = coap_oscore_new_pdu_encrypted_lkd(session, pdu, kid_context, send_partial_iv);
376 coap_lock_unlock();
377
378 return ret_pdu;
379}
380
381/*
382 * Take current PDU, create a new one approriately separated as per RFC8613
383 * and then encrypt / integrity check the OSCORE data
384 */
385coap_pdu_t *
386coap_oscore_new_pdu_encrypted_lkd(coap_session_t *session,
387 coap_pdu_t *pdu,
388 coap_bin_const_t *kid_context,
389 oscore_partial_iv_t send_partial_iv) {
390 uint8_t coap_request = COAP_PDU_IS_REQUEST(pdu) || COAP_PDU_IS_PING(pdu);
391 coap_pdu_code_t code =
392 coap_request ? COAP_REQUEST_CODE_POST : COAP_RESPONSE_CODE(204);
393 coap_pdu_t *osc_pdu;
394 coap_pdu_t *plain_pdu = NULL;
395 coap_bin_const_t pdu_token;
396 coap_opt_iterator_t opt_iter;
397 coap_opt_t *option;
398 uint8_t pdu_code = pdu->code;
399 size_t length;
400 const uint8_t *data;
401 uint8_t *ciphertext_buffer = NULL;
402 size_t ciphertext_len = 0;
403 uint8_t aad_buffer[AAD_BUF_LEN];
404 uint8_t nonce_buffer[13];
405 coap_bin_const_t aad;
406 coap_bin_const_t nonce;
407 oscore_recipient_ctx_t *rcp_ctx;
408 oscore_ctx_t *osc_ctx;
409 cose_encrypt0_t cose[1];
410 uint8_t group_flag = 0;
411 int show_pdu = 0;
412 int doing_observe = 0;
413 uint32_t observe_value = 0;
414 oscore_association_t *association = NULL;
415 oscore_sender_ctx_t *snd_ctx;
416 uint8_t external_aad_buffer[200];
417 coap_bin_const_t external_aad;
418 uint8_t oscore_option[48];
419 size_t oscore_option_len;
420
421 /* Check that OSCORE has not already been done */
422 if (coap_check_option(pdu, COAP_OPTION_OSCORE, &opt_iter))
423 return NULL;
424
425 if (coap_check_option(pdu, COAP_OPTION_OBSERVE, &opt_iter))
426 doing_observe = 1;
427
428 coap_log_debug("PDU to encrypt\n");
429 coap_show_pdu(COAP_LOG_DEBUG, pdu);
430 osc_pdu = coap_pdu_init(pdu->type == COAP_MESSAGE_NON &&
431 session->b_2_step != COAP_OSCORE_B_2_NONE ?
432 COAP_MESSAGE_CON : pdu->type,
433 code,
434 pdu->mid,
435 pdu->used_size + coap_oscore_overhead(session, pdu));
436 if (osc_pdu == NULL)
437 return NULL;
438
439 cose_encrypt0_init(cose); /* clears cose memory */
440 pdu_token = coap_pdu_get_token(pdu);
441 if (coap_request) {
442 /*
443 * RFC8613 8.1 Step 1. Protecting the client's request
444 * Get the Sender Context
445 */
446 rcp_ctx = session->recipient_ctx;
447 if (rcp_ctx == NULL)
448 goto error;
449 osc_ctx = rcp_ctx->osc_ctx;
450 assert(osc_ctx);
451 snd_ctx = osc_ctx->sender_context;
452 } else {
453 /*
454 * RFC8613 8.3 Step 1. Protecting the server's response
455 * Get the Sender Context
456 */
457 association = oscore_find_association(session, &pdu_token);
458 if (association == NULL)
459 goto error;
460
461 rcp_ctx = association->recipient_ctx;
462 osc_ctx = rcp_ctx->osc_ctx;
463 snd_ctx = osc_ctx->sender_context;
464 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
465 cose_encrypt0_set_aad(cose, association->aad);
466 }
467
468 cose_encrypt0_set_alg(cose, osc_ctx->aead_alg);
469
470 if (coap_request || doing_observe ||
471 send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
472 uint8_t partial_iv_buffer[8];
473 size_t partial_iv_len;
474 coap_bin_const_t partial_iv;
475 partial_iv_len = coap_encode_var_safe8(partial_iv_buffer,
476 sizeof(partial_iv_buffer),
477 snd_ctx->seq);
478 if (snd_ctx->seq == 0) {
479 /* Need to special case */
480 partial_iv_buffer[0] = '\000';
481 partial_iv_len = 1;
482 }
483 partial_iv.s = partial_iv_buffer;
484 partial_iv.length = partial_iv_len;
485 cose_encrypt0_set_partial_iv(cose, &partial_iv);
486 }
487
488 if (coap_request)
489 cose_encrypt0_set_kid_context(cose, osc_ctx->id_context);
490
491 cose_encrypt0_set_key_id(cose, snd_ctx->sender_id);
492
493 /* nonce (needs to have sender information correctly set up) */
494
495 if (coap_request || doing_observe ||
496 send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
497 /*
498 * 8.1 Step 3 or RFC8613 8.3.1 Step A
499 * Compose the AEAD nonce
500 *
501 * Requires in COSE object as appropriate
502 * key_id (kid) (sender)
503 * partial_iv (sender)
504 * common_iv (already in osc_ctx)
505 */
506 nonce.s = nonce_buffer;
507 nonce.length = 13;
508 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
509 cose_encrypt0_set_nonce(cose, &nonce);
510 if (!oscore_increment_sender_seq(osc_ctx))
511 goto error;
512 if (osc_ctx->save_seq_num_func) {
513 if (osc_ctx->sender_context->seq > osc_ctx->sender_context->next_seq) {
514 /* Only update at ssn_freq rate */
515 osc_ctx->sender_context->next_seq += osc_ctx->ssn_freq;
516 osc_ctx->save_seq_num_func(osc_ctx->sender_context->next_seq,
517 osc_ctx->save_seq_num_func_param);
518 }
519 }
520 } else {
521 /*
522 * 8.3 Step 3.
523 * Use nonce from request
524 */
525 cose_encrypt0_set_nonce(cose, association->nonce);
526 }
527
528 /* OSCORE_option (needs to be before AAD as included in AAD if group) */
529
530 /* cose is modified for encode option in response message */
531 if (!coap_request) {
532 /* no kid on response */
533 cose_encrypt0_set_key_id(cose, NULL);
534 if (!doing_observe && send_partial_iv == OSCORE_SEND_NO_IV)
535 cose_encrypt0_set_partial_iv(cose, NULL);
536 }
537 if (kid_context) {
538 cose_encrypt0_set_kid_context(cose, kid_context);
539 }
540 oscore_option_len =
541 oscore_encode_option_value(oscore_option, sizeof(oscore_option), cose,
542 group_flag,
543 session->b_2_step != COAP_OSCORE_B_2_NONE);
544 if (!coap_request) {
545 /* Reset what was just unset as appropriate for AAD */
546 cose_encrypt0_set_key_id(cose, rcp_ctx->recipient_id);
547 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
548 }
549 if (kid_context)
550 cose_encrypt0_set_kid_context(cose, osc_ctx->id_context);
551
552 /*
553 * RFC8613 8.1/8.3 Step 2(a) (5.4).
554 * Compose the External AAD and then AAD
555 *
556 * OSCORE_option requires
557 * partial_iv (cose partial_iv)
558 * kid_context (cose kid_context)
559 * key_id (cose key_id)
560 * group_flag
561 *
562 * Non Group requires the following
563 * RFC8613 5.4
564 * oscore_version 1
565 * algorithms [
566 * aead_alg (osc_ctx)
567 * ]
568 * request_kid (request key_id using cose)
569 * request_piv (request partial_iv using cose)
570 * options (none at present)
571 *
572 * Note: No I options at present
573 */
574 if (coap_request || send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
575 /* External AAD */
576 external_aad.s = external_aad_buffer;
577 external_aad.length = oscore_prepare_e_aad(osc_ctx,
578 cose,
579 NULL,
580 0,
581 NULL,
582 external_aad_buffer,
583 sizeof(external_aad_buffer));
584 cose_encrypt0_set_external_aad(cose, &external_aad);
585
586 /* AAD */
587 aad.s = aad_buffer;
588 aad.length = oscore_prepare_aad(external_aad_buffer,
589 external_aad.length,
590 aad_buffer,
591 sizeof(aad_buffer));
592 assert(aad.length < AAD_BUF_LEN);
593 cose_encrypt0_set_aad(cose, &aad);
594 }
595
596 /*
597 * RFC8613 8.1/8.3 Step 2(b) (5.3).
598 *
599 * Set up temp plaintext pdu, the data including token, options and
600 * optional payload will get encrypted as COSE ciphertext.
601 */
602 plain_pdu = coap_pdu_init(pdu->type,
603 pdu->code,
604 pdu->mid,
605 pdu->used_size + 1 /* pseudo-token with actual code */);
606 if (plain_pdu == NULL)
607 goto error;
608
609 coap_add_token(osc_pdu, pdu_token.length, pdu_token.s);
610
611 /* First byte of plain is real CoAP code. Pretend it is token */
612 coap_add_token(plain_pdu, 1, &pdu_code);
613
614 /* Copy across the Outer/Inner Options to respective PDUs */
615 coap_option_iterator_init(pdu, &opt_iter, COAP_OPT_ALL);
616 while ((option = coap_option_next(&opt_iter))) {
617 switch (opt_iter.number) {
618 case COAP_OPTION_URI_HOST:
619 case COAP_OPTION_URI_PORT:
620 case COAP_OPTION_PROXY_SCHEME:
621 case COAP_OPTION_HOP_LIMIT:
622 /* Outer only */
623 if (!coap_insert_option(osc_pdu,
624 opt_iter.number,
625 coap_opt_length(option),
626 coap_opt_value(option)))
627 goto error;
628 break;
629 case COAP_OPTION_OBSERVE:
630 /* Make as Outer option as-is */
631 if (!coap_insert_option(osc_pdu,
632 opt_iter.number,
633 coap_opt_length(option),
634 coap_opt_value(option)))
635 goto error;
636 if (coap_request) {
637 /* Make as Inner option (unchanged) */
638 if (!coap_insert_option(plain_pdu,
639 opt_iter.number,
640 coap_opt_length(option),
641 coap_opt_value(option)))
642 goto error;
643 osc_pdu->code = COAP_REQUEST_CODE_FETCH;
644 } else {
645 /* Make as Inner option but empty */
646 if (!coap_insert_option(plain_pdu, opt_iter.number, 0, NULL))
647 goto error;
648 osc_pdu->code = COAP_RESPONSE_CODE(205);
649 }
650 show_pdu = 1;
651 doing_observe = 1;
652 observe_value = coap_decode_var_bytes(coap_opt_value(option),
653 coap_opt_length(option));
654 break;
655 case COAP_OPTION_PROXY_URI:
656 /*
657 * Should have already been caught by doing
658 * coap_rebuild_pdu_for_proxy() before calling
659 * coap_oscore_new_pdu_encrypted_lkd()
660 */
661 assert(0);
662 break;
663 default:
664 /* Make as Inner option */
665 if (!coap_insert_option(plain_pdu,
666 opt_iter.number,
667 coap_opt_length(option),
668 coap_opt_value(option)))
669 goto error;
670 break;
671 }
672 }
673 /* Add in data to plain */
674 if (coap_get_data(pdu, &length, &data)) {
675 if (!coap_add_data(plain_pdu, length, data))
676 goto error;
677 }
678 if (show_pdu) {
679 coap_log_oscore("OSCORE payload\n");
680 coap_show_pdu(COAP_LOG_OSCORE, plain_pdu);
681 }
682
683 /*
684 * 8.1/8.3 Step 4.
685 * Encrypt the COSE object.
686 *
687 * Requires in COSE object as appropriate
688 * alg (already set)
689 * key (sender key)
690 * nonce (already set)
691 * aad (already set)
692 * plaintext
693 */
694 cose_encrypt0_set_key(cose, snd_ctx->sender_key);
695 cose_encrypt0_set_plaintext(cose, plain_pdu->token, plain_pdu->used_size);
696 dump_cose(cose, "Pre encrypt");
697 ciphertext_buffer =
698 coap_malloc_type(COAP_OSCORE_BUF, OSCORE_CRYPTO_BUFFER_SIZE);
699 if (ciphertext_buffer == NULL)
700 goto error;
701 ciphertext_len = cose_encrypt0_encrypt(cose,
702 ciphertext_buffer,
703 plain_pdu->used_size + AES_CCM_TAG);
704 if ((int)ciphertext_len <= 0) {
705 coap_log_warn("OSCORE: Encryption Failure, result code: %d \n",
706 (int)ciphertext_len);
707 goto error;
708 }
709 assert(ciphertext_len < OSCORE_CRYPTO_BUFFER_SIZE);
710
711 /* Add in OSCORE option (previously computed) */
712 if (!coap_insert_option(osc_pdu,
713 COAP_OPTION_OSCORE,
714 oscore_option_len,
715 oscore_option))
716 goto error;
717
718 /* Add now encrypted payload */
719 if (!coap_add_data(osc_pdu, ciphertext_len, ciphertext_buffer))
720 goto error;
721
722 coap_free_type(COAP_OSCORE_BUF, ciphertext_buffer);
723 ciphertext_buffer = NULL;
724
725 coap_delete_pdu_lkd(plain_pdu);
726 plain_pdu = NULL;
727
728 if (association && association->is_observe == 0)
729 oscore_delete_association(session, association);
730 association = NULL;
731
732 if (!(session->block_mode & COAP_BLOCK_CACHE_RESPONSE)) {
733 /*
734 * If this is a response ACK with data, make it a separate response
735 * by sending an Empty ACK and changing osc_pdu's MID and type. This
736 * then allows lost response ACK (now CON) with data to be recovered.
737 */
738 if (coap_request == 0 && osc_pdu->type == COAP_MESSAGE_ACK &&
739 COAP_RESPONSE_CLASS(pdu->code) == 2 &&
740 COAP_PROTO_NOT_RELIABLE(session->proto)) {
741 coap_pdu_t *empty = coap_pdu_init(COAP_MESSAGE_ACK,
742 0,
743 osc_pdu->mid,
744 0);
745 if (empty) {
746 if (coap_send_internal(session, empty, NULL) != COAP_INVALID_MID) {
747 osc_pdu->mid = coap_new_message_id_lkd(session);
748 osc_pdu->type = COAP_MESSAGE_CON;
749 }
750 }
751 }
752 }
753
754 if (!coap_pdu_encode_header(osc_pdu, session->proto)) {
755 goto error;
756 }
757
758 /*
759 * Set up an association for handling a response if this is a request
760 */
761 if (coap_request) {
762 association = oscore_find_association(session, &pdu_token);
763 if (association) {
764 /* Refresh the association */
765 coap_delete_bin_const(association->nonce);
766 association->nonce =
767 coap_new_bin_const(cose->nonce.s, cose->nonce.length);
768 if (association->nonce == NULL)
769 goto error;
770 coap_delete_bin_const(association->aad);
771 association->aad = coap_new_bin_const(cose->aad.s, cose->aad.length);
772 if (association->aad == NULL)
773 goto error;
774 if (doing_observe && observe_value == 1) {
775 coap_delete_bin_const(association->obs_partial_iv);
776 association->obs_partial_iv = association->partial_iv;
777 } else {
778 coap_delete_bin_const(association->partial_iv);
779 }
780 association->partial_iv =
781 coap_new_bin_const(cose->partial_iv.s, cose->partial_iv.length);
782 if (association->partial_iv == NULL)
783 goto error;
784 association->recipient_ctx = rcp_ctx;
785 coap_delete_pdu_lkd(association->sent_pdu);
786 if (session->b_2_step != COAP_OSCORE_B_2_NONE || association->just_set_up) {
787 size_t size;
788
789 association->sent_pdu = coap_pdu_duplicate_lkd(pdu, session,
790 pdu_token.length,
791 pdu_token.s, NULL,
792 COAP_BOOL_FALSE);
793 if (association->sent_pdu == NULL)
794 goto error;
795 if (coap_get_data(pdu, &size, &data)) {
796 coap_add_data(association->sent_pdu, size, data);
797 }
798 association->just_set_up = 0;
799 } else {
800 association->sent_pdu = NULL;
801 }
802 } else if (!oscore_new_association(session,
803 pdu,
804 &pdu_token,
805 rcp_ctx,
806 &cose->aad,
807 &cose->nonce,
808 &cose->partial_iv,
809 doing_observe)) {
810 goto error;
811 }
812 }
813 return osc_pdu;
814
815error:
816 if (ciphertext_buffer)
817 coap_free_type(COAP_OSCORE_BUF, ciphertext_buffer);
818 coap_delete_pdu_lkd(osc_pdu);
819 coap_delete_pdu_lkd(plain_pdu);
820 return NULL;
821}
822
823static void
824build_and_send_error_pdu(coap_session_t *session,
825 coap_pdu_t *rcvd,
826 coap_pdu_code_t code,
827 const char *diagnostic,
828 uint8_t *echo_data,
829 coap_bin_const_t *kid_context,
830 int encrypt_oscore) {
831 coap_pdu_t *err_pdu = NULL;
832 coap_bin_const_t token;
833 int oscore_encryption = session->oscore_encryption;
834 unsigned char buf[4];
835
836 token = coap_pdu_get_token(rcvd);
837 err_pdu = coap_pdu_init(rcvd->type == COAP_MESSAGE_NON ? COAP_MESSAGE_NON :
838 COAP_MESSAGE_ACK,
839 code,
840 rcvd->mid,
841 token.length + 2 + 8 +
842 (diagnostic ? strlen(diagnostic) : 0));
843 if (!err_pdu)
844 return;
845 coap_add_token(err_pdu, token.length, token.s);
846 if (echo_data) {
847 coap_add_option_internal(err_pdu, COAP_OPTION_ECHO, 8, echo_data);
848 } else if (kid_context == NULL) {
849 coap_add_option_internal(err_pdu,
850 COAP_OPTION_MAXAGE,
851 coap_encode_var_safe(buf, sizeof(buf), 0),
852 buf);
853 }
854 if (diagnostic)
855 coap_add_data(err_pdu, strlen(diagnostic), (const uint8_t *)diagnostic);
856 session->oscore_encryption = encrypt_oscore;
857
858 if ((echo_data || kid_context) && encrypt_oscore) {
859 coap_pdu_t *osc_pdu;
860
861 osc_pdu =
862 coap_oscore_new_pdu_encrypted_lkd(session, err_pdu, kid_context,
863 echo_data ? 1 : 0);
864 if (!osc_pdu)
865 goto fail_resp;
866 session->oscore_encryption = 0;
867 coap_send_internal(session, osc_pdu, NULL);
868 coap_delete_pdu_lkd(err_pdu);
869 err_pdu = NULL;
870 } else {
871 coap_send_internal(session, err_pdu, NULL);
872 err_pdu = NULL;
873 }
874fail_resp:
875 session->oscore_encryption = oscore_encryption;
876 coap_delete_pdu_lkd(err_pdu);
877 return;
878}
879
880/* pdu contains incoming message with encrypted COSE ciphertext payload
881 * function returns decrypted message
882 * and verifies signature, if present
883 * returns NULL when decryption,verification fails
884 */
885coap_pdu_t *
886coap_oscore_decrypt_pdu(coap_session_t *session,
887 coap_pdu_t *pdu) {
888 coap_pdu_t *decrypt_pdu = NULL;
889 coap_pdu_t *plain_pdu = NULL;
890 const uint8_t *osc_value; /* value of OSCORE option */
891 uint8_t osc_size; /* size of OSCORE OPTION */
892 coap_opt_iterator_t opt_iter;
893 coap_opt_t *opt = NULL;
894 cose_encrypt0_t cose[1];
895 oscore_ctx_t *osc_ctx = NULL;
896 uint8_t aad_buffer[AAD_BUF_LEN];
897 uint8_t nonce_buffer[13];
898 coap_bin_const_t aad;
899 coap_bin_const_t nonce;
900 int pltxt_size = 0;
901 int got_resp_piv = 0;
902 int doing_resp_observe = 0;
903 uint8_t coap_request = COAP_PDU_IS_REQUEST(pdu);
904 coap_bin_const_t pdu_token;
905 uint8_t *st_encrypt;
906 size_t encrypt_len;
907 size_t tag_len;
908 oscore_recipient_ctx_t *rcp_ctx = NULL;
909 oscore_association_t *association = NULL;
910 uint8_t external_aad_buffer[100];
911 coap_bin_const_t external_aad;
912 oscore_sender_ctx_t *snd_ctx = NULL;
913#if COAP_CLIENT_SUPPORT
914 coap_pdu_t *sent_pdu = NULL;
915#endif /* COAP_CLIENT_SUPPORT */
916
917 opt = coap_check_option(pdu, COAP_OPTION_OSCORE, &opt_iter);
918 assert(opt);
919 if (opt == NULL)
920 return NULL;
921
922 if (session->context->p_osc_ctx == NULL) {
923 coap_log_warn("OSCORE: Not enabled\n");
924 if (!coap_request)
925 coap_handle_event_lkd(session->context,
926 COAP_EVENT_OSCORE_NOT_ENABLED,
927 session);
928 return NULL;
929 }
930
931 if (pdu->data == NULL) {
932 coap_log_warn("OSCORE: No protected payload\n");
933 if (!coap_request)
934 coap_handle_event_lkd(session->context,
935 COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD,
936 session);
937 return NULL;
938 }
939
940 osc_size = coap_opt_length(opt);
941 osc_value = coap_opt_value(opt);
942
943 cose_encrypt0_init(cose); /* clear cose memory */
944
945 /* PDU code will be filled in after decryption */
946 decrypt_pdu =
947 coap_pdu_init(pdu->type, 0, pdu->mid, pdu->used_size);
948 if (decrypt_pdu == NULL) {
949 if (!coap_request)
950 coap_handle_event_lkd(session->context,
951 COAP_EVENT_OSCORE_INTERNAL_ERROR,
952 session);
953 goto error;
954 }
955
956 /* Copy across the Token */
957 pdu_token = coap_pdu_get_token(pdu);
958 coap_add_token(decrypt_pdu, pdu_token.length, pdu_token.s);
959
960 /*
961 * 8.2/8.4 Step 1.
962 * Copy outer options across, except E and OSCORE options
963 */
964 coap_option_iterator_init(pdu, &opt_iter, COAP_OPT_ALL);
965 while ((opt = coap_option_next(&opt_iter))) {
966 switch (opt_iter.number) {
967 /* 'E' options skipped */
968 case COAP_OPTION_IF_MATCH:
969 case COAP_OPTION_ETAG:
970 case COAP_OPTION_IF_NONE_MATCH:
971 case COAP_OPTION_OBSERVE:
972 case COAP_OPTION_LOCATION_PATH:
973 case COAP_OPTION_URI_PATH:
974 case COAP_OPTION_CONTENT_FORMAT:
975 case COAP_OPTION_MAXAGE:
976 case COAP_OPTION_URI_QUERY:
977 case COAP_OPTION_ACCEPT:
978 case COAP_OPTION_LOCATION_QUERY:
979 case COAP_OPTION_BLOCK2:
980 case COAP_OPTION_BLOCK1:
981 case COAP_OPTION_SIZE2:
982 case COAP_OPTION_SIZE1:
983 case COAP_OPTION_NORESPONSE:
984 case COAP_OPTION_ECHO:
985 case COAP_OPTION_RTAG:
986 /* OSCORE does not get copied across */
987 case COAP_OPTION_OSCORE:
988 break;
989 default:
990 if (!coap_add_option_internal(decrypt_pdu,
991 opt_iter.number,
992 coap_opt_length(opt),
993 coap_opt_value(opt))) {
994 if (!coap_request)
995 coap_handle_event_lkd(session->context,
996 COAP_EVENT_OSCORE_INTERNAL_ERROR,
997 session);
998 goto error;
999 }
1000 break;
1001 }
1002 }
1003
1004 if (coap_request) {
1005 uint64_t incoming_seq;
1006 /*
1007 * 8.2 Step 2
1008 * Decompress COSE object
1009 * Get Recipient Context based on kid and optional kid_context
1010 */
1011 if (oscore_decode_option_value(osc_value, osc_size, cose) == 0) {
1012 coap_log_warn("OSCORE: OSCORE Option cannot be decoded.\n");
1013 build_and_send_error_pdu(session,
1014 pdu,
1015 COAP_RESPONSE_CODE(402),
1016 "Failed to decode COSE",
1017 NULL,
1018 NULL,
1019 0);
1020 goto error_no_ack;
1021 }
1022 osc_ctx = oscore_find_context(session,
1023 cose->key_id,
1024 &cose->kid_context,
1025 NULL,
1026 &rcp_ctx);
1027 if (!osc_ctx) {
1028 if (cose->kid_context.length > 0) {
1029 const uint8_t *ptr;
1030 size_t length;
1031 /* Appendix B.2 protocol check - Is the recipient key_id known */
1032 osc_ctx = oscore_find_context(session,
1033 cose->key_id,
1034 NULL,
1035 session->oscore_r2 != 0 ? (uint8_t *)&session->oscore_r2 : NULL,
1036 &rcp_ctx);
1037 ptr = cose->kid_context.s;
1038 length = cose->kid_context.length;
1039 if (ptr && osc_ctx && osc_ctx->rfc8613_b_2) {
1040 /* Processing Appendix B.2 protocol */
1041 /* Need to CBOR unwrap kid_context */
1042 coap_bin_const_t kid_context;
1043
1044 kid_context.length = oscore_cbor_get_element_size(&ptr, &length);
1045 if (kid_context.length > length)
1046 goto error;
1047 /* This has to fit into an OSCORE option max 255.
1048 * Initial byte, kid_context size, partial IV size and kid size have to be there
1049 */
1050 if (kid_context.length >= 255 - 1 - 1 - cose->partial_iv.length - cose->key_id.length)
1051 goto error;
1052 kid_context.s = ptr;
1053 cose_encrypt0_set_kid_context(cose, (coap_bin_const_t *)&kid_context);
1054
1055 if (session->oscore_r2 != 0) {
1056 /* B.2 step 4 */
1057 coap_bin_const_t *kc = coap_new_bin_const(cose->kid_context.s,
1058 cose->kid_context.length);
1059
1060 if (kc == NULL)
1061 goto error;
1062
1063 session->b_2_step = COAP_OSCORE_B_2_STEP_4;
1064 coap_log_oscore("Appendix B.2 server step 4 (R2 || R3)\n");
1065 oscore_update_ctx(osc_ctx, kc);
1066 } else {
1067 session->b_2_step = COAP_OSCORE_B_2_STEP_2;
1068 coap_log_oscore("Appendix B.2 server step 2 (ID1)\n");
1069 osc_ctx = oscore_duplicate_ctx(session->context,
1070 osc_ctx,
1071 osc_ctx->sender_context->sender_id,
1072 &cose->key_id,
1073 &cose->kid_context);
1074 if (osc_ctx == NULL)
1075 goto error;
1076 /*
1077 * Complete the Verify (B.2 step 2)
1078 * before sending back the response
1079 */
1080 rcp_ctx = osc_ctx->recipient_chain;
1081 }
1082 } else {
1083 osc_ctx = NULL;
1084 }
1085 }
1086 } else if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1087 session->b_2_step = COAP_OSCORE_B_2_NONE;
1088 coap_log_oscore("Appendix B.2 server finished\n");
1089 }
1090 if (!osc_ctx) {
1091 coap_log_err("OSCORE: Security Context not found\n");
1092 oscore_log_hex_value(COAP_LOG_OSCORE, "key_id", &cose->key_id);
1093 oscore_log_hex_value(COAP_LOG_OSCORE, "kid_context", &cose->kid_context);
1094 build_and_send_error_pdu(session,
1095 pdu,
1096 COAP_RESPONSE_CODE(401),
1097 "Security context not found",
1098 NULL,
1099 NULL,
1100 0);
1101 goto error_no_ack;
1102 }
1103 /* to be used for encryption of returned response later */
1104 session->recipient_ctx = rcp_ctx;
1105 snd_ctx = osc_ctx->sender_context;
1106
1107 /*
1108 * 8.2 Step 3.
1109 * Verify Partial IV is not duplicated.
1110 *
1111 * Requires in COSE object as appropriate
1112 * partial_iv (as received)
1113 */
1114 if (rcp_ctx->initial_state == 0 &&
1115 !oscore_validate_sender_seq(rcp_ctx, cose)) {
1116 coap_log_warn("OSCORE: Replayed or old message\n");
1117 build_and_send_error_pdu(session,
1118 pdu,
1119 COAP_RESPONSE_CODE(401),
1120 "Replay detected",
1121 NULL,
1122 NULL,
1123 0);
1124 goto error_no_ack;
1125 }
1126 if (rcp_ctx->initial_state == 1) {
1127 incoming_seq =
1128 coap_decode_var_bytes8(cose->partial_iv.s, cose->partial_iv.length);
1129 rcp_ctx->last_seq = incoming_seq;
1130 }
1131 } else { /* !coap_request */
1132 /*
1133 * 8.4 Step 2
1134 * Decompress COSE object
1135 * Get Recipient Context based on token
1136 */
1137 if (oscore_decode_option_value(osc_value, osc_size, cose) == 0) {
1138 coap_log_warn("OSCORE: OSCORE Option cannot be decoded.\n");
1139 coap_handle_event_lkd(session->context,
1140 COAP_EVENT_OSCORE_DECODE_ERROR,
1141 session);
1142 goto error;
1143 }
1144 got_resp_piv = cose->partial_iv.length ? 1 : 0;
1145
1146 association = oscore_find_association(session, &pdu_token);
1147 if (association) {
1148 rcp_ctx = association->recipient_ctx;
1149 osc_ctx = rcp_ctx->osc_ctx;
1150 snd_ctx = osc_ctx->sender_context;
1151#if COAP_CLIENT_SUPPORT
1152 sent_pdu = association->sent_pdu;
1153 if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1154 const uint8_t *ptr = cose->kid_context.s;
1155 size_t length = cose->kid_context.length;
1156
1157 if (ptr) {
1158 /* Need to CBOR unwrap kid_context */
1159 coap_bin_const_t kid_context;
1160
1161 kid_context.length = oscore_cbor_get_element_size(&ptr, &length);
1162 if (kid_context.length > length)
1163 goto error;
1164 /* This has to fit into an OSCORE option max 255.
1165 * Initial byte, kid_context size, partial IV size and kid size have to be there
1166 */
1167 if (kid_context.length >= 255 - 1 - 1 - cose->partial_iv.length - cose->key_id.length)
1168 goto error;
1169 kid_context.s = ptr;
1170 cose_encrypt0_set_kid_context(cose, &kid_context);
1171 }
1172 if (ptr && !coap_binary_equal(osc_ctx->id_context, &cose->kid_context)) {
1173 /* If Appendix B.2 step 3 is in operation */
1174 /* Need to update Security Context with new (R2 || ID1) ID Context */
1175 coap_binary_t *kc = coap_new_binary(cose->kid_context.length +
1176 osc_ctx->id_context->length);
1177
1178 if (kc == NULL) {
1179 coap_handle_event_lkd(session->context,
1180 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1181 session);
1182 goto error;
1183 }
1184
1185 memcpy(kc->s, cose->kid_context.s, cose->kid_context.length);
1186 memcpy(&kc->s[cose->kid_context.length],
1187 osc_ctx->id_context->s,
1188 osc_ctx->id_context->length);
1189
1190 session->b_2_step = COAP_OSCORE_B_2_STEP_3;
1191 coap_log_oscore("Appendix B.2 client step 3 (R2 || ID1)\n");
1192 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1193 } else {
1194 session->b_2_step = COAP_OSCORE_B_2_STEP_5;
1195 coap_log_oscore("Appendix B.2 client step 5 (R2 || R3)\n");
1196 }
1197 }
1198#endif /* COAP_CLIENT_SUPPORT */
1199 } else {
1200 coap_log_crit("OSCORE: Security Context association not found\n");
1201 coap_handle_event_lkd(session->context,
1202 COAP_EVENT_OSCORE_NO_SECURITY,
1203 session);
1204 goto error;
1205 }
1206 }
1207
1208 cose_encrypt0_set_alg(cose, osc_ctx->aead_alg);
1209
1210 if (coap_request) {
1211 /*
1212 * RFC8613 8.2 Step 4.
1213 * Compose the External AAD and then AAD
1214 *
1215 * OSCORE_option requires
1216 * partial_iv (cose partial_iv)
1217 * kid_context (cose kid_context)
1218 * key_id (cose key_id)
1219 * group_flag
1220 *
1221 * Non Group requires the following
1222 * RFC8613 5.4
1223 * oscore_version 1
1224 * algorithms [
1225 * aead_alg (osc_ctx)
1226 * ]
1227 * request_kid (request key_id using cose)
1228 * request_piv (request partial_iv using cose)
1229 * options (none at present)
1230 *
1231 * Note: No I options at present
1232 */
1233
1234 /* External AAD */
1235 external_aad.s = external_aad_buffer;
1236 external_aad.length = oscore_prepare_e_aad(osc_ctx,
1237 cose,
1238 osc_value,
1239 osc_size,
1240 NULL,
1241 external_aad_buffer,
1242 sizeof(external_aad_buffer));
1243 cose_encrypt0_set_external_aad(cose, &external_aad);
1244
1245 /* AAD */
1246 aad.s = aad_buffer;
1247 aad.length = oscore_prepare_aad(external_aad_buffer,
1248 external_aad.length,
1249 aad_buffer,
1250 sizeof(aad_buffer));
1251 assert(aad.length < AAD_BUF_LEN);
1252 cose_encrypt0_set_aad(cose, &aad);
1253
1254 /*
1255 * RFC8613 8.2 Step 5.
1256 * Compute the AEAD nonce.
1257 *
1258 * Requires in COSE object as appropriate
1259 * key_id (kid) (Recipient ID)
1260 * partial_iv (as received in request)
1261 * common_iv (already in osc_ctx)
1262 */
1263 nonce.s = nonce_buffer;
1264 nonce.length = 13;
1265 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
1266 cose_encrypt0_set_nonce(cose, &nonce);
1267 /*
1268 * Set up an association for use in the response
1269 */
1270 association = oscore_find_association(session, &pdu_token);
1271 if (association) {
1272 /* Refresh the association */
1273 coap_delete_bin_const(association->nonce);
1274 association->nonce =
1275 coap_new_bin_const(cose->nonce.s, cose->nonce.length);
1276 if (association->nonce == NULL)
1277 goto error;
1278 coap_delete_bin_const(association->partial_iv);
1279 association->partial_iv =
1280 coap_new_bin_const(cose->partial_iv.s, cose->partial_iv.length);
1281 if (association->partial_iv == NULL)
1282 goto error;
1283 coap_delete_bin_const(association->aad);
1284 association->aad = coap_new_bin_const(cose->aad.s, cose->aad.length);
1285 if (association->aad == NULL)
1286 goto error;
1287 association->recipient_ctx = rcp_ctx;
1288 /* So association is not released when handling decrypt */
1289 association = NULL;
1290 } else if (!oscore_new_association(session,
1291 NULL,
1292 &pdu_token,
1293 rcp_ctx,
1294 &cose->aad,
1295 &cose->nonce,
1296 &cose->partial_iv,
1297 0)) {
1298 goto error;
1299 }
1300 /* So association is not released when handling decrypt */
1301 association = NULL;
1302 } else { /* ! coap_request */
1303 /* Need to do nonce before AAD because of different partial_iv */
1304 /*
1305 * 8.4 Step 4.
1306 * Compose the AEAD nonce.
1307 */
1308 cose_encrypt0_set_key_id(cose, rcp_ctx->recipient_id);
1309 if (cose->partial_iv.length == 0) {
1310 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
1311 cose_encrypt0_set_nonce(cose, association->nonce);
1312 } else {
1313 uint64_t last_seq;
1314
1315 if (rcp_ctx->initial_state == 0 &&
1316 !oscore_validate_sender_seq(rcp_ctx, cose)) {
1317 coap_log_warn("OSCORE: Replayed or old message\n");
1318 goto error;
1319 }
1320 last_seq =
1321 coap_decode_var_bytes8(cose->partial_iv.s, cose->partial_iv.length);
1322 if (rcp_ctx->last_seq>= OSCORE_SEQ_MAX) {
1323 coap_log_warn("OSCORE Replay protection, SEQ larger than SEQ_MAX.\n");
1324 goto error;
1325 }
1326 if (last_seq > rcp_ctx->last_seq)
1327 rcp_ctx->last_seq = last_seq;
1328 /*
1329 * Requires in COSE object as appropriate
1330 * kid (set above)
1331 * partial_iv (as received)
1332 * common_iv (already in osc_ctx)
1333 */
1334 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
1335 nonce.s = nonce_buffer;
1336 nonce.length = 13;
1337 cose_encrypt0_set_nonce(cose, &nonce);
1338 }
1339#ifdef OSCORE_EXTRA_DEBUG
1340 dump_cose(cose, "!req post set nonce");
1341#endif /* OSCORE_EXTRA_DEBUG */
1342 /*
1343 * 8.4 Step 3.
1344 * Compose the External AAD and then AAD
1345 *
1346 * OSCORE_option requires
1347 * partial_iv (cose partial_iv)
1348 * kid_context (cose kid_context)
1349 * key_id (cose key_id)
1350 * group_flag
1351 *
1352 * Non Group requires the following
1353 * RFC8613 5.4
1354 * oscore_version 1
1355 * algorithms [
1356 * aead_alg (osc_ctx)
1357 * ]
1358 * request_kid (request key_id using cose)
1359 * request_piv (request partial_iv using cose)
1360 * options (none at present)
1361 *
1362 * Note: No I options at present
1363 */
1364
1365 /* External AAD */
1366 cose_encrypt0_set_key_id(cose, snd_ctx->sender_id);
1367 if (association->is_observe && association->obs_partial_iv && got_resp_piv) {
1368 cose_encrypt0_set_partial_iv(cose, association->obs_partial_iv);
1369 } else {
1370 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
1371 }
1372#ifdef OSCORE_EXTRA_DEBUG
1373 dump_cose(cose, "!req pre aad");
1374#endif /* OSCORE_EXTRA_DEBUG */
1375 external_aad.s = external_aad_buffer;
1376 external_aad.length = oscore_prepare_e_aad(osc_ctx,
1377 cose,
1378 NULL,
1379 0,
1380 NULL,
1381 external_aad_buffer,
1382 sizeof(external_aad_buffer));
1383 cose_encrypt0_set_external_aad(cose, &external_aad);
1384
1385 /* AAD */
1386 aad.s = aad_buffer;
1387 aad.length = oscore_prepare_aad(external_aad_buffer,
1388 external_aad.length,
1389 aad_buffer,
1390 sizeof(aad_buffer));
1391 assert(aad.length < AAD_BUF_LEN);
1392 cose_encrypt0_set_aad(cose, &aad);
1393#ifdef OSCORE_EXTRA_DEBUG
1394 dump_cose(cose, "!req post set aad");
1395#endif /* OSCORE_EXTRA_DEBUG */
1396 }
1397
1398 /*
1399 * 8.2 Step 6 / 8.4 Step 5.
1400 * Decrypt the COSE object.
1401 *
1402 * Requires in COSE object as appropriate
1403 * alg (already set)
1404 * key
1405 * nonce (already set)
1406 * aad (already set)
1407 * ciphertext
1408 */
1409 st_encrypt = pdu->data;
1410 encrypt_len = pdu->used_size - (pdu->data - pdu->token);
1411 if (encrypt_len <= 0) {
1412 coap_log_warn("OSCORE: No protected payload\n");
1413 if (!coap_request)
1414 coap_handle_event_lkd(session->context,
1415 COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD,
1416 session);
1417 goto error;
1418 }
1419 cose_encrypt0_set_key(cose, rcp_ctx->recipient_key);
1420 cose_encrypt0_set_ciphertext(cose, st_encrypt, encrypt_len);
1421
1422 tag_len = cose_tag_len(cose->alg);
1423 /* Decrypt into plain_pdu, so code (token), options and data are in place */
1424 plain_pdu = coap_pdu_init(0, 0, 0, encrypt_len /* - tag_len */);
1425 if (plain_pdu == NULL) {
1426 if (!coap_request)
1427 coap_handle_event_lkd(session->context,
1428 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1429 session);
1430 goto error;
1431 }
1432
1433 /* need the tag_len on the end for TinyDTLS to do its work - yuk */
1434 if (!coap_pdu_resize(plain_pdu, encrypt_len /* - tag_len */)) {
1435 if (!coap_request)
1436 coap_handle_event_lkd(session->context,
1437 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1438 session);
1439 goto error;
1440 }
1441
1442 /* Account for 1 byte 'code' used as token */
1443 plain_pdu->e_token_length = 1;
1444 plain_pdu->actual_token.length = 1;
1445 /* Account for the decrypted data */
1446 plain_pdu->used_size = encrypt_len - tag_len;
1447
1448 dump_cose(cose, "Pre decrypt");
1449 pltxt_size =
1450 cose_encrypt0_decrypt(cose, plain_pdu->token, encrypt_len - tag_len);
1451 if (pltxt_size <= 0) {
1452 coap_log_warn("OSCORE: Decryption Failure, result code: %d \n",
1453 (int)pltxt_size);
1454 if (coap_request) {
1455 build_and_send_error_pdu(session,
1456 pdu,
1457 COAP_RESPONSE_CODE(400),
1458 "Decryption failed",
1459 NULL,
1460 NULL,
1461 0);
1462 oscore_roll_back_seq(rcp_ctx);
1463 goto error_no_ack;
1464 } else {
1465 coap_handle_event_lkd(session->context,
1466 COAP_EVENT_OSCORE_DECRYPTION_FAILURE,
1467 session);
1468 }
1469 goto error;
1470 }
1471
1472 assert((size_t)pltxt_size < pdu->alloc_size + pdu->max_hdr_size);
1473
1474 /* Appendix B.2 Trap */
1475 if (session->b_2_step == COAP_OSCORE_B_2_STEP_2) {
1476 /* Need to update Security Context with new (R2 || ID1) ID Context */
1477 coap_binary_t *kc =
1478 coap_new_binary(sizeof(session->oscore_r2) + cose->kid_context.length);
1479 coap_bin_const_t oscore_r2;
1480
1481 if (kc == NULL) {
1482 if (!coap_request)
1483 coap_handle_event_lkd(session->context,
1484 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1485 session);
1486 goto error;
1487 }
1488
1489 coap_prng_lkd(&session->oscore_r2, sizeof(session->oscore_r2));
1490 memcpy(kc->s, &session->oscore_r2, sizeof(session->oscore_r2));
1491 memcpy(&kc->s[sizeof(session->oscore_r2)],
1492 cose->kid_context.s,
1493 cose->kid_context.length);
1494
1495 coap_log_oscore("Appendix B.2 server step 2 (R2 || ID1)\n");
1496 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1497
1498 oscore_r2.length = sizeof(session->oscore_r2);
1499 oscore_r2.s = (const uint8_t *)&session->oscore_r2;
1500 coap_log_oscore("Appendix B.2 server step 2 plain response\n");
1501 build_and_send_error_pdu(session,
1502 pdu,
1503 COAP_RESPONSE_CODE(401),
1504 NULL,
1505 NULL,
1506 &oscore_r2,
1507 1);
1508 goto error_no_ack;
1509 }
1510#if COAP_CLIENT_SUPPORT
1511 if (session->b_2_step == COAP_OSCORE_B_2_STEP_3) {
1512 coap_log_oscore("Appendix B.2 client step 3 (R2 || R3)\n");
1513 coap_pdu_encode_header(plain_pdu, session->proto);
1514 plain_pdu->actual_token.s = plain_pdu->token;
1515 plain_pdu->code = plain_pdu->token[0];
1516 if (plain_pdu->code != COAP_RESPONSE_CODE(401)) {
1517 coap_log_warn("OSCORE Appendix B.2: Expected 4.01 response\n");
1518 }
1519 /* Skip the options */
1520 coap_option_iterator_init(plain_pdu, &opt_iter, COAP_OPT_ALL);
1521 while (coap_option_next(&opt_iter)) {
1522 }
1523 if (opt_iter.length > 0 && opt_iter.next_option &&
1524 opt_iter.next_option[0] == COAP_PAYLOAD_START) {
1525 plain_pdu->data = &opt_iter.next_option[1];
1526 }
1527 coap_log_oscore("Inner Response PDU (plaintext)\n");
1528 coap_show_pdu(COAP_LOG_OSCORE, plain_pdu);
1529 /*
1530 * Need to update Security Context with new (R2 || R3) ID Context
1531 * and retransmit the request
1532 */
1533 coap_binary_t *kc = coap_new_binary(cose->kid_context.length + 8);
1534
1535 if (kc == NULL) {
1536 if (!coap_request)
1537 coap_handle_event_lkd(session->context,
1538 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1539 session);
1540 goto error;
1541 }
1542 memcpy(kc->s, cose->kid_context.s, cose->kid_context.length);
1543 coap_prng_lkd(&kc->s[cose->kid_context.length], 8);
1544
1545 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1546
1547 coap_cancel_all_messages(session->context,
1548 session,
1549 &pdu->actual_token);
1550 if (session->con_active)
1551 session->con_active--;
1552 coap_send_ack_lkd(session, pdu);
1553 if (sent_pdu) {
1554 coap_log_oscore("Appendix B.2 retransmit pdu\n");
1555 if (coap_retransmit_oscore_pdu(session, sent_pdu, NULL) ==
1556 COAP_INVALID_MID)
1557 goto error_no_ack;
1558 }
1559 goto error_no_ack;
1560 }
1561#endif /* COAP_CLIENT_SUPPORT */
1562
1563#if COAP_SERVER_SUPPORT
1564 /* Appendix B.1.2 request Trap */
1565 if (coap_request && osc_ctx->rfc8613_b_1_2) {
1566 if (rcp_ctx->initial_state == 1) {
1567 opt = coap_check_option(plain_pdu, COAP_OPTION_ECHO, &opt_iter);
1568 if (opt) {
1569 /* Verify Client is genuine */
1570 if (coap_opt_length(opt) == 8 &&
1571 memcmp(coap_opt_value(opt), rcp_ctx->echo_value, 8) == 0) {
1572 if (!oscore_validate_sender_seq(rcp_ctx, cose)) {
1573 coap_log_warn("OSCORE: Replayed or old message\n");
1574 build_and_send_error_pdu(session,
1575 pdu,
1576 COAP_RESPONSE_CODE(401),
1577 "Replay detected",
1578 NULL,
1579 NULL,
1580 0);
1581 goto error_no_ack;
1582 }
1583 } else
1584 goto error;
1585 } else {
1586 /* RFC 8163 Appendix B.1.2 */
1587 if (session->b_2_step == COAP_OSCORE_B_2_STEP_4) {
1588 session->b_2_step = COAP_OSCORE_B_2_NONE;
1589 coap_log_oscore("Appendix B.2 server finished\n");
1590 }
1591 coap_prng_lkd(rcp_ctx->echo_value, sizeof(rcp_ctx->echo_value));
1592 coap_log_oscore("Appendix B.1.2 server plain response\n");
1593 build_and_send_error_pdu(session,
1594 pdu,
1595 COAP_RESPONSE_CODE(401),
1596 NULL,
1597 rcp_ctx->echo_value,
1598 NULL,
1599 1);
1600 goto error_no_ack;
1601 }
1602 }
1603 }
1604#endif /* COAP_SERVER_SUPPORT */
1605
1606 /*
1607 * 8.2 Step 7 / 8.4 Step 6.
1608 * Add decrypted Code, options and payload
1609 * [OSCORE option not copied across previously]
1610 */
1611
1612 /* PDU code is pseudo plain_pdu token */
1613 decrypt_pdu->code = plain_pdu->token[0];
1614
1615 /* Copy inner decrypted options across */
1616 coap_option_iterator_init(plain_pdu, &opt_iter, COAP_OPT_ALL);
1617 while ((opt = coap_option_next(&opt_iter))) {
1618 size_t len;
1619 size_t bias;
1620
1621 switch (opt_iter.number) {
1622 case COAP_OPTION_OSCORE:
1623 break;
1624 case COAP_OPTION_OBSERVE:
1625 if (!coap_request) {
1626 bias = cose->partial_iv.length > 3 ? cose->partial_iv.length - 3 : 0;
1627 len = cose->partial_iv.length > 3 ? 3 : cose->partial_iv.length;
1628 /* Make Observe option reflect last 3 bytes of partial_iv */
1629 if (!coap_add_option_internal(
1630 decrypt_pdu,
1631 opt_iter.number,
1632 len,
1633 cose->partial_iv.s ? &cose->partial_iv.s[bias] : NULL)) {
1634 coap_handle_event_lkd(session->context,
1635 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1636 session);
1637 goto error;
1638 }
1639 doing_resp_observe = 1;
1640 break;
1641 }
1642 association = oscore_find_association(session, &pdu_token);
1643 if (association) {
1644 association->is_observe = 1;
1645 association = NULL;
1646 }
1647 /* Fall Through */
1648 default:
1649 if (!coap_insert_option(decrypt_pdu,
1650 opt_iter.number,
1651 coap_opt_length(opt),
1652 coap_opt_value(opt))) {
1653 if (!coap_request)
1654 coap_handle_event_lkd(session->context,
1655 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1656 session);
1657 goto error;
1658 }
1659 break;
1660 }
1661 }
1662 if (!coap_request && !doing_resp_observe) {
1663 if (association) {
1664 association->is_observe = 0;
1665 }
1666 }
1667 /* Need to copy across any data */
1668 if (opt_iter.length > 0 && opt_iter.next_option &&
1669 opt_iter.next_option[0] == COAP_PAYLOAD_START) {
1670 plain_pdu->data = &opt_iter.next_option[1];
1671 if (!coap_add_data(decrypt_pdu,
1672 plain_pdu->used_size -
1673 (plain_pdu->data - plain_pdu->token),
1674 plain_pdu->data)) {
1675 if (!coap_request)
1676 coap_handle_event_lkd(session->context,
1677 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1678 session);
1679 goto error;
1680 }
1681 }
1682 coap_delete_pdu_lkd(plain_pdu);
1683 plain_pdu = NULL;
1684
1685 /* Make sure headers are correctly set up */
1686 if (!coap_pdu_encode_header(decrypt_pdu, session->proto)) {
1687 if (!coap_request)
1688 coap_handle_event_lkd(session->context,
1689 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1690 session);
1691 goto error;
1692 }
1693
1694 if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1695 session->b_2_step = COAP_OSCORE_B_2_NONE;
1696 coap_log_oscore("Appendix B.2 client finished\n");
1697 }
1698#if COAP_CLIENT_SUPPORT
1699 if (decrypt_pdu->code == COAP_RESPONSE_CODE(401) &&
1700 (opt = coap_check_option(decrypt_pdu, COAP_OPTION_ECHO, &opt_iter))) {
1701 /* Server is requesting Echo refresh check */
1702 coap_cancel_all_messages(session->context,
1703 session,
1704 &pdu->actual_token);
1705 if (session->con_active)
1706 session->con_active--;
1707 if (!sent_pdu) {
1708 coap_lg_crcv_t *lg_crcv = coap_find_lg_crcv(session, pdu);
1709
1710 if (lg_crcv)
1711 sent_pdu = lg_crcv->sent_pdu;
1712 }
1713 if (sent_pdu) {
1714 coap_send_ack_lkd(session, pdu);
1715 coap_log_debug("PDU requesting re-transmit\n");
1716 coap_show_pdu(COAP_LOG_DEBUG, decrypt_pdu);
1717 coap_log_oscore("RFC9175 retransmit pdu\n");
1718 /* Do not care if this fails */
1719 if (coap_retransmit_oscore_pdu(session, sent_pdu, opt) != COAP_INVALID_MID) {
1720 session->doing_b_1_2 = 1;
1721 }
1722 goto error_no_ack;
1723 }
1724 } else if (session->doing_b_1_2) {
1725 coap_lg_crcv_t *lg_crcv = coap_find_lg_crcv(session, pdu);
1726
1727 if (lg_crcv) {
1728 if (!coap_binary_equal(&decrypt_pdu->actual_token, lg_crcv->app_token)) {
1729 coap_update_token(decrypt_pdu, lg_crcv->app_token->length, lg_crcv->app_token->s);
1730 }
1731 }
1732 session->doing_b_1_2 = 0;
1733 }
1734#endif /* COAP_CLIENT_SUPPORT */
1735 if (association && association->is_observe == 0)
1736 oscore_delete_association(session, association);
1737 return decrypt_pdu;
1738
1739error:
1740 coap_send_ack_lkd(session, pdu);
1741error_no_ack:
1742 if (association && association->is_observe == 0)
1743 oscore_delete_association(session, association);
1744 coap_delete_pdu_lkd(decrypt_pdu);
1745 coap_delete_pdu_lkd(plain_pdu);
1746 return NULL;
1747}
1748
1749typedef enum {
1750 COAP_ENC_ASCII = 0x001,
1751 COAP_ENC_HEX = 0x002,
1752 COAP_ENC_CONFIG = 0x0200,
1753 COAP_ENC_INTEGER = 0x400,
1754 COAP_ENC_TEXT = 0x800,
1755 COAP_ENC_BOOL = 0x1000,
1756 COAP_ENC_LAST
1757} coap_oscore_coding_t;
1758
1759#undef TEXT_MAPPING
1760#define TEXT_MAPPING(t, v) \
1761 { { sizeof(#t)-1, (const uint8_t *)#t }, v }
1762
1763static struct coap_oscore_encoding_t {
1764 coap_str_const_t name;
1765 coap_oscore_coding_t encoding;
1766} oscore_encoding[] = {
1767 TEXT_MAPPING(ascii, COAP_ENC_ASCII),
1768 TEXT_MAPPING(hex, COAP_ENC_HEX),
1769 TEXT_MAPPING(config, COAP_ENC_CONFIG),
1770 TEXT_MAPPING(integer, COAP_ENC_INTEGER),
1771 TEXT_MAPPING(text, COAP_ENC_TEXT),
1772 TEXT_MAPPING(bool, COAP_ENC_BOOL),
1773 {{0, NULL}, COAP_ENC_LAST}
1774};
1775
1776typedef struct {
1777 coap_oscore_coding_t encoding;
1778 const char *encoding_name;
1779 union {
1780 int value_int;
1781 coap_bin_const_t *value_bin;
1782 coap_str_const_t value_str;
1783 } u;
1784} oscore_value_t;
1785
1786/*
1787 * Return 1 if hex character
1788 * 0 not hex character
1789 */
1790static int
1791hex_to_char(char c, uint8_t *value) {
1792 if ('a' <= c && c <= 'f') {
1793 *value = c - 'a' + 10;
1794 } else if ('A' <= c && c <= 'F') {
1795 *value = c - 'A' + 10;
1796 } else if ('0' <= c && c <= '9') {
1797 *value = c - '0';
1798 } else {
1799 *value = 0;
1800 return 0;
1801 }
1802 return 1;
1803}
1804
1805/* Parse the hex into binary */
1806static coap_bin_const_t *
1807parse_hex_bin(const char *begin, const char *end) {
1808 coap_binary_t *binary = NULL;
1809 size_t i;
1810 size_t o = 0;
1811
1812 binary = coap_new_binary((end - begin) / 2);
1813 if (binary == NULL)
1814 goto bad_entry;
1815 for (i = 0; (i < (size_t)(end - begin)); i++) {
1816 while ((i < (size_t)(end - begin)) &&
1817 (begin[i] == '\r' || begin[i] == '\n' || begin[i] == ' ')) {
1818 i++;
1819 }
1820 if (i == (size_t)(end - begin))
1821 break;
1822 if (isxdigit((uint8_t)begin[i])) {
1823 uint8_t value;
1824
1825 if (!hex_to_char(begin[i], &value)) {
1826 goto bad_entry;
1827 }
1828 binary->s[o] = value << 4;
1829 i++;
1830 while ((i < (size_t)(end - begin)) &&
1831 (begin[i] == '\r' || begin[i] == '\n' || begin[i] == ' ')) {
1832 i++;
1833 }
1834 if (i == (size_t)(end - begin))
1835 goto bad_entry;
1836 if (!hex_to_char(begin[i], &value)) {
1837 goto bad_entry;
1838 }
1839 binary->s[o++] += value;
1840 } else {
1841 break;
1842 }
1843 }
1844 if (i != (size_t)(end - begin))
1845 goto bad_entry;
1846 return (coap_bin_const_t *)binary;
1847
1848bad_entry:
1849 coap_delete_binary(binary);
1850 return NULL;
1851}
1852
1853/*
1854 * Break up each OSCORE Configuration line entry into the 3 parts which
1855 * are comma separated
1856 *
1857 * keyword,encoding,value
1858 */
1859static int
1860get_split_entry(const char **start,
1861 size_t size,
1862 coap_str_const_t *keyword,
1863 oscore_value_t *value,
1864 cose_curve_t sign_curve) {
1865 const char *begin = *start;
1866 const char *keep_start = *start;
1867 const char *end;
1868 const char *kend;
1869 const char *tend;
1870 const char *split;
1871 size_t i;
1872 size_t len;
1873 (void)sign_curve;
1874
1875retry:
1876 kend = end = memchr(begin, '\n', size);
1877 if (end == NULL)
1878 return 0;
1879
1880 /* Check for multi-line */
1881 if ((tend = memchr(begin, '"', end - begin))) {
1882 /* See if " terminator is on the same line */
1883 if (!memchr(tend + 1, '"', end - tend -1)) {
1884 /* Over multiple lines */
1885 kend = end = memchr(end, '"', size - (end - begin));
1886 if (end == NULL)
1887 return 0;
1888 kend = end = memchr(kend, '\n', size - (kend - begin));
1889 if (end == NULL)
1890 return 0;
1891 }
1892 }
1893
1894 /* Track beginning of next line */
1895 *start = end + 1;
1896 if (end > begin && end[-1] == '\r')
1897 end--;
1898
1899 if (begin[0] == '#' || (end - begin) == 0) {
1900 /* Skip comment / blank line */
1901 size -= kend - begin + 1;
1902 begin = *start;
1903 keep_start = *start;
1904 goto retry;
1905 }
1906
1907 /* Get in the keyword */
1908 split = memchr(begin, ',', end - begin);
1909 if (split == NULL)
1910 goto bad_entry;
1911
1912 keyword->s = (const uint8_t *)begin;
1913 keyword->length = split - begin;
1914
1915 begin = split + 1;
1916 if ((end - begin) == 0)
1917 goto bad_entry;
1918 /* Get in the encoding */
1919 split = memchr(begin, ',', end - begin);
1920 if (split == NULL)
1921 goto bad_entry;
1922
1923 for (i = 0; oscore_encoding[i].name.s; i++) {
1924 coap_str_const_t temp = { split - begin, (const uint8_t *)begin };
1925
1926 if (coap_string_equal(&temp, &oscore_encoding[i].name)) {
1927 value->encoding = oscore_encoding[i].encoding;
1928 value->encoding_name = (const char *)oscore_encoding[i].name.s;
1929 break;
1930 }
1931 }
1932 if (oscore_encoding[i].name.s == NULL)
1933 goto bad_entry;
1934
1935 begin = split + 1;
1936 if ((end - begin) == 0)
1937 goto bad_entry;
1938 /* Get in the keyword's value */
1939 if (value->encoding == COAP_ENC_CONFIG && begin[0] == '\'') {
1940 split = memchr(&begin[1], '\'', size - (begin - keep_start) - 1);
1941 if (split == NULL)
1942 goto bad_entry;
1943 end = memchr(split, '\n', size - (split - keep_start));
1944 if (end == NULL)
1945 return 0;
1946 *start = end + 1;
1947 end = split;
1948 begin++;
1949 } else {
1950 if (begin[0] == '"') {
1951 split = memchr(&begin[1], '"', end - split - 1);
1952 if (split == NULL)
1953 goto bad_entry;
1954 end = split;
1955 begin++;
1956 }
1957 }
1958 switch (value->encoding) {
1959 case COAP_ENC_CONFIG:
1960 case COAP_ENC_ASCII:
1961 value->u.value_bin =
1962 coap_new_bin_const((const uint8_t *)begin, end - begin);
1963 if (value->u.value_bin == NULL)
1964 goto bad_entry;
1965 break;
1966 case COAP_ENC_HEX:
1967 /* Parse the hex into binary */
1968 value->u.value_bin = parse_hex_bin(begin, end);
1969 if (value->u.value_bin == NULL)
1970 goto bad_entry;
1971 break;
1972 case COAP_ENC_INTEGER:
1973 value->u.value_int = atoi(begin);
1974 break;
1975 case COAP_ENC_TEXT:
1976 value->u.value_str.s = (const uint8_t *)begin;
1977 value->u.value_str.length = end - begin;
1978 break;
1979 case COAP_ENC_BOOL:
1980 len = (size_t)(end - begin);
1981 if (len == 4 && memcmp("true", begin, len) == 0)
1982 value->u.value_int = 1;
1983 else if (len == 5 && memcmp("false", begin, len) == 0)
1984 value->u.value_int = 0;
1985 else
1986 goto bad_entry;
1987 break;
1988 case COAP_ENC_LAST:
1989 default:
1990 goto bad_entry;
1991 }
1992 return 1;
1993
1994bad_entry:
1995 coap_log_warn("oscore_conf: Unrecognized configuration entry '%.*s'\n",
1996 (int)(end - begin),
1997 begin);
1998 return -1;
1999
2000}
2001
2002#undef CONFIG_ENTRY
2003#define CONFIG_ENTRY(n, e, t) \
2004 { { sizeof(#n)-1, (const uint8_t *)#n }, e, \
2005 offsetof(coap_oscore_conf_t, n), t }
2006
2007#undef CONFIG_SND_ENTRY
2008#define CONFIG_SND_ENTRY(n, e, t) \
2009 { { sizeof(#n)-1, (const uint8_t *)#n }, e, \
2010 offsetof(coap_oscore_snd_conf_t, n), t }
2011
2012#undef CONFIG_RCP_ENTRY
2013#define CONFIG_RCP_ENTRY(n, e, t) \
2014 { { sizeof(#n)-1, (const uint8_t *)#n }, e, \
2015 offsetof(coap_oscore_rcp_conf_t, n), t }
2016
2017#undef CONFIG_DUMMY_ENTRY
2018#define CONFIG_DUMMY_ENTRY(n, e, t) \
2019 { { sizeof(#n)-1, (const uint8_t *)#n }, e, 0, t }
2020
2021typedef struct oscore_text_mapping_t {
2022 coap_str_const_t text;
2023 int value;
2024} oscore_text_mapping_t;
2025
2026/* Naming as per https://www.iana.org/assignments/cose/cose.xhtml#algorithms */
2027static oscore_text_mapping_t text_aead_alg[] = {
2028 TEXT_MAPPING(AES-CCM-16-64-128, COSE_ALGORITHM_AES_CCM_16_64_128),
2029 TEXT_MAPPING(AES-CCM-16-64-256, COSE_ALGORITHM_AES_CCM_16_64_256),
2030 {{0, NULL}, 0}
2031};
2032
2033static oscore_text_mapping_t text_hkdf_alg[] = {
2034 TEXT_MAPPING(direct+HKDF-SHA-256, COSE_HKDF_ALG_HKDF_SHA_256),
2035 {{0, NULL}, 0}
2036};
2037
2038typedef struct oscore_config_t {
2039 coap_str_const_t str_keyword;
2040 coap_oscore_coding_t encoding;
2041 size_t offset;
2042 oscore_text_mapping_t *text_mapping;
2043} oscore_config_t;
2044
2045static oscore_config_t oscore_config[] = {
2046 CONFIG_ENTRY(aead_alg, COAP_ENC_INTEGER | COAP_ENC_TEXT, text_aead_alg),
2047 CONFIG_ENTRY(hkdf_alg, COAP_ENC_INTEGER | COAP_ENC_TEXT, text_hkdf_alg),
2048 CONFIG_ENTRY(master_secret, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2049 CONFIG_ENTRY(master_salt, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2050 CONFIG_ENTRY(id_context, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2051
2052 CONFIG_DUMMY_ENTRY(sender_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2053
2054 CONFIG_DUMMY_ENTRY(recipient_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2055
2056 CONFIG_ENTRY(replay_window, COAP_ENC_INTEGER, NULL),
2057 CONFIG_ENTRY(ssn_freq, COAP_ENC_INTEGER, NULL),
2058 CONFIG_ENTRY(rfc8613_b_1_2, COAP_ENC_BOOL, NULL),
2059 CONFIG_ENTRY(rfc8613_b_2, COAP_ENC_BOOL, NULL),
2060 CONFIG_ENTRY(break_sender_key, COAP_ENC_BOOL, NULL),
2061 CONFIG_ENTRY(break_recipient_key, COAP_ENC_BOOL, NULL),
2062 CONFIG_DUMMY_ENTRY(complex_sender, COAP_ENC_CONFIG, NULL),
2063 CONFIG_DUMMY_ENTRY(complex_recipient, COAP_ENC_CONFIG, NULL),
2064};
2065
2066static oscore_config_t oscore_snd_config[] = {
2067 CONFIG_SND_ENTRY(sender_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2068};
2069
2070static oscore_config_t oscore_rcp_config[] = {
2071 CONFIG_RCP_ENTRY(recipient_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2072 CONFIG_RCP_ENTRY(silent_server, COAP_ENC_BOOL, NULL),
2073};
2074
2075
2076int
2077coap_delete_oscore_snd_conf(coap_oscore_snd_conf_t *snd_conf) {
2078 if (snd_conf == NULL)
2079 return 0;
2080
2081 coap_delete_bin_const(snd_conf->sender_id);
2082 coap_free_type(COAP_STRING, snd_conf);
2083 return 1;
2084}
2085
2086int
2087coap_delete_oscore_rcp_conf(coap_oscore_rcp_conf_t *rcp_conf) {
2088 if (rcp_conf == NULL)
2089 return 0;
2090
2091 coap_delete_bin_const(rcp_conf->recipient_id);
2092 coap_free_type(COAP_STRING, rcp_conf);
2093 return 1;
2094}
2095
2096int
2097coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf) {
2098 coap_oscore_rcp_conf_t *rcp_conf;
2099 if (oscore_conf == NULL)
2100 return 0;
2101
2102 coap_delete_bin_const(oscore_conf->master_secret);
2103 coap_delete_bin_const(oscore_conf->master_salt);
2104 coap_delete_bin_const(oscore_conf->id_context);
2105 coap_delete_oscore_snd_conf(oscore_conf->sender);
2106
2107 rcp_conf = oscore_conf->recipient_chain;
2108 while (rcp_conf) {
2109 coap_oscore_rcp_conf_t *rcp_next = rcp_conf->next_recipient;
2110
2111 coap_delete_oscore_rcp_conf(rcp_conf);
2112 rcp_conf = rcp_next;
2113 }
2114
2115 coap_free_type(COAP_STRING, oscore_conf);
2116 return 1;
2117}
2118
2119static coap_oscore_snd_conf_t *
2120coap_parse_oscore_snd_conf_mem(coap_bin_const_t conf_mem) {
2121 const char *start = (const char *)conf_mem.s;
2122 const char *end = start + conf_mem.length;
2123 coap_str_const_t keyword;
2124 oscore_value_t value;
2125 coap_oscore_snd_conf_t *snd_conf;
2126
2127 snd_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_snd_conf_t));
2128 if (snd_conf == NULL)
2129 return NULL;
2130 memset(snd_conf, 0, sizeof(coap_oscore_snd_conf_t));
2131
2132 memset(&value, 0, sizeof(value));
2133
2134 while (end > start &&
2135 get_split_entry(&start, end - start, &keyword, &value, 0) > 0) {
2136 size_t i;
2137 size_t j;
2138
2139 for (i = 0; i < sizeof(oscore_snd_config) / sizeof(oscore_snd_config[0]); i++) {
2140 if (coap_string_equal(&oscore_snd_config[i].str_keyword, &keyword) != 0 &&
2141 value.encoding & oscore_snd_config[i].encoding) {
2142 coap_bin_const_t *unused_check;
2143
2144 switch (value.encoding) {
2145 case COAP_ENC_HEX:
2146 case COAP_ENC_ASCII:
2147 memcpy(&unused_check,
2148 &(((char *)snd_conf)[oscore_snd_config[i].offset]),
2149 sizeof(unused_check));
2150 if (unused_check != NULL) {
2151 coap_log_warn("oscore_snd_conf: Keyword '%.*s' duplicated\n",
2152 (int)keyword.length,
2153 (const char *)keyword.s);
2154 goto error;
2155 }
2156 memcpy(&(((char *)snd_conf)[oscore_snd_config[i].offset]),
2157 &value.u.value_bin,
2158 sizeof(value.u.value_bin));
2159 break;
2160 case COAP_ENC_INTEGER:
2161 case COAP_ENC_BOOL:
2162 memcpy(&(((char *)snd_conf)[oscore_snd_config[i].offset]),
2163 &value.u.value_int,
2164 sizeof(value.u.value_int));
2165 break;
2166 case COAP_ENC_TEXT:
2167 for (j = 0; oscore_snd_config[i].text_mapping[j].text.s != NULL; j++) {
2168 if (memcmp(value.u.value_str.s,
2169 oscore_snd_config[i].text_mapping[j].text.s,
2170 value.u.value_str.length) == 0) {
2171 memcpy(&(((char *)snd_conf)[oscore_snd_config[i].offset]),
2172 &oscore_snd_config[i].text_mapping[j].value,
2173 sizeof(oscore_snd_config[i].text_mapping[j].value));
2174 break;
2175 }
2176 }
2177 if (oscore_snd_config[i].text_mapping[j].text.s == NULL) {
2178 coap_log_warn("oscore_snd_conf: Keyword '%.*s': value '%.*s' unknown\n",
2179 (int)keyword.length,
2180 (const char *)keyword.s,
2181 (int)value.u.value_str.length,
2182 (const char *)value.u.value_str.s);
2183 goto error;
2184 }
2185 break;
2186 case COAP_ENC_CONFIG:
2187 case COAP_ENC_LAST:
2188 default:
2189 assert(0);
2190 break;
2191 }
2192 break;
2193 }
2194 }
2195 if (i == sizeof(oscore_snd_config) / sizeof(oscore_snd_config[0])) {
2196 coap_log_warn("oscore_snd_conf: Keyword '%.*s', type '%s' unknown\n",
2197 (int)keyword.length,
2198 (const char *)keyword.s,
2199 value.encoding_name);
2200 if (value.encoding == COAP_ENC_HEX || value.encoding == COAP_ENC_ASCII ||
2201 value.encoding == COAP_ENC_CONFIG)
2202 coap_delete_bin_const(value.u.value_bin);
2203 goto error;
2204 }
2205 }
2206 if (!snd_conf->sender_id) {
2207 coap_log_warn("oscore_snd_conf: sender_id not defined\n");
2208 goto error;
2209 }
2210 if (snd_conf->sender_id->length > 7) {
2211 coap_log_warn("oscore_snd_conf: Maximum size of sender_id is 7 bytes\n");
2212 goto error;
2213 }
2214 return snd_conf;
2215
2216error:
2217 coap_delete_oscore_snd_conf(snd_conf);
2218 return NULL;
2219}
2220
2221static coap_oscore_rcp_conf_t *
2222coap_parse_oscore_rcp_conf_mem(coap_bin_const_t conf_mem) {
2223 const char *start = (const char *)conf_mem.s;
2224 const char *end = start + conf_mem.length;
2225 coap_str_const_t keyword;
2226 oscore_value_t value;
2227 coap_oscore_rcp_conf_t *rcp_conf;
2228
2229 rcp_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_rcp_conf_t));
2230 if (rcp_conf == NULL)
2231 return NULL;
2232 memset(rcp_conf, 0, sizeof(coap_oscore_rcp_conf_t));
2233
2234 memset(&value, 0, sizeof(value));
2235
2236 while (end > start &&
2237 get_split_entry(&start, end - start, &keyword, &value, 0) > 0) {
2238 size_t i;
2239 size_t j;
2240
2241 for (i = 0; i < sizeof(oscore_rcp_config) / sizeof(oscore_rcp_config[0]); i++) {
2242 if (coap_string_equal(&oscore_rcp_config[i].str_keyword, &keyword) != 0 &&
2243 value.encoding & oscore_rcp_config[i].encoding) {
2244 coap_bin_const_t *unused_check;
2245
2246 switch (value.encoding) {
2247 case COAP_ENC_HEX:
2248 case COAP_ENC_ASCII:
2249 memcpy(&unused_check,
2250 &(((char *)rcp_conf)[oscore_rcp_config[i].offset]),
2251 sizeof(unused_check));
2252 if (unused_check != NULL) {
2253 coap_log_warn("oscore_rcp_conf: Keyword '%.*s' duplicated\n",
2254 (int)keyword.length,
2255 (const char *)keyword.s);
2256 goto error;
2257 }
2258 memcpy(&(((char *)rcp_conf)[oscore_rcp_config[i].offset]),
2259 &value.u.value_bin,
2260 sizeof(value.u.value_bin));
2261 break;
2262 case COAP_ENC_INTEGER:
2263 case COAP_ENC_BOOL:
2264 memcpy(&(((char *)rcp_conf)[oscore_rcp_config[i].offset]),
2265 &value.u.value_int,
2266 sizeof(value.u.value_int));
2267 break;
2268 case COAP_ENC_TEXT:
2269 for (j = 0; oscore_rcp_config[i].text_mapping[j].text.s != NULL; j++) {
2270 if (memcmp(value.u.value_str.s,
2271 oscore_rcp_config[i].text_mapping[j].text.s,
2272 value.u.value_str.length) == 0) {
2273 memcpy(&(((char *)rcp_conf)[oscore_rcp_config[i].offset]),
2274 &oscore_rcp_config[i].text_mapping[j].value,
2275 sizeof(oscore_rcp_config[i].text_mapping[j].value));
2276 break;
2277 }
2278 }
2279 if (oscore_rcp_config[i].text_mapping[j].text.s == NULL) {
2280 coap_log_warn("oscore_rcp_conf: Keyword '%.*s': value '%.*s' unknown\n",
2281 (int)keyword.length,
2282 (const char *)keyword.s,
2283 (int)value.u.value_str.length,
2284 (const char *)value.u.value_str.s);
2285 goto error;
2286 }
2287 break;
2288 case COAP_ENC_CONFIG:
2289 case COAP_ENC_LAST:
2290 default:
2291 assert(0);
2292 break;
2293 }
2294 break;
2295 }
2296 }
2297 if (i == sizeof(oscore_rcp_config) / sizeof(oscore_rcp_config[0])) {
2298 coap_log_warn("oscore_rcp_conf: Keyword '%.*s', type '%s' unknown\n",
2299 (int)keyword.length,
2300 (const char *)keyword.s,
2301 value.encoding_name);
2302 if (value.encoding == COAP_ENC_HEX || value.encoding == COAP_ENC_ASCII ||
2303 value.encoding == COAP_ENC_CONFIG)
2304 coap_delete_bin_const(value.u.value_bin);
2305 goto error;
2306 }
2307 }
2308 if (!rcp_conf->recipient_id) {
2309 coap_log_warn("oscore_rcp_conf: recipient_id not defined\n");
2310 goto error;
2311 }
2312 if (rcp_conf->recipient_id->length > 7) {
2313 coap_log_warn("oscore_rcp_conf: Maximum size of recipient_id is 7 bytes\n");
2314 goto error;
2315 }
2316 return rcp_conf;
2317
2318error:
2319 coap_delete_oscore_rcp_conf(rcp_conf);
2320 return NULL;
2321}
2322
2323static coap_oscore_conf_t *
2324coap_parse_oscore_conf_mem(coap_str_const_t conf_mem) {
2325 const char *start = (const char *)conf_mem.s;
2326 const char *end = start + conf_mem.length;
2327 coap_str_const_t keyword;
2328 oscore_value_t value;
2329 coap_oscore_conf_t *oscore_conf;
2330 int split_ok = -1;
2331
2332 oscore_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_conf_t));
2333 if (oscore_conf == NULL)
2334 return NULL;
2335 memset(oscore_conf, 0, sizeof(coap_oscore_conf_t));
2336
2337 memset(&value, 0, sizeof(value));
2338 /* Preset with defaults RFC8612 3.2 */
2339 oscore_conf->replay_window = COAP_OSCORE_DEFAULT_REPLAY_WINDOW;
2340 oscore_conf->ssn_freq = 1;
2341 oscore_conf->aead_alg = COSE_ALGORITHM_AES_CCM_16_64_128;
2342 oscore_conf->hkdf_alg = COSE_HKDF_ALG_HKDF_SHA_256;
2343
2344 oscore_conf->rfc8613_b_1_2 = 1;
2345 oscore_conf->rfc8613_b_2 = 0;
2346 /* For debugging only */
2347 oscore_conf->break_sender_key = 0;
2348 oscore_conf->break_recipient_key = 0;
2349
2350 while (end > start &&
2351 (split_ok = get_split_entry(&start, end - start, &keyword, &value, 0)) > 0) {
2352 size_t i;
2353 size_t j;
2354
2355 for (i = 0; i < sizeof(oscore_config) / sizeof(oscore_config[0]); i++) {
2356 if (coap_string_equal(&oscore_config[i].str_keyword, &keyword) != 0 &&
2357 value.encoding & oscore_config[i].encoding) {
2358 if (coap_string_equal(coap_make_str_const("sender_id"), &keyword)) {
2359 if (value.u.value_bin->length > 7) {
2360 coap_log_warn("oscore_conf: Maximum size of sender_id is 7 bytes\n");
2361 goto error_free_value_bin;
2362 }
2363 /* Special case group overlap */
2364 coap_delete_oscore_snd_conf(oscore_conf->sender);
2365 oscore_conf->sender = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_snd_conf_t));
2366 if (!oscore_conf->sender)
2367 goto error_free_value_bin;
2368
2369 memset(oscore_conf->sender, 0, sizeof(coap_oscore_snd_conf_t));
2370 oscore_conf->sender->sender_id = value.u.value_bin;
2371 } else if (coap_string_equal(coap_make_str_const("recipient_id"), &keyword)) {
2372 coap_oscore_rcp_conf_t *rcp_conf;
2373
2374 if (value.u.value_bin->length > 7) {
2375 coap_log_warn("oscore_conf: Maximum size of recipient_id is 7 bytes\n");
2376 goto error_free_value_bin;
2377 }
2378 /* Special case as there are potentially multiple entries */
2379 rcp_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_rcp_conf_t));
2380 if (!rcp_conf)
2381 goto error_free_value_bin;
2382
2383 memset(rcp_conf, 0, sizeof(coap_oscore_rcp_conf_t));
2384 rcp_conf->recipient_id = value.u.value_bin;
2385 rcp_conf->next_recipient = oscore_conf->recipient_chain;
2386 oscore_conf->recipient_chain = rcp_conf;
2387 } else {
2388 coap_bin_const_t *unused_check;
2389
2390 switch (value.encoding) {
2391 case COAP_ENC_CONFIG:
2392 if (keyword.length == sizeof("complex_sender") - 1 &&
2393 memcmp(keyword.s, "complex_sender", keyword.length) == 0) {
2394 coap_oscore_snd_conf_t *snd_conf =
2395 coap_parse_oscore_snd_conf_mem(*value.u.value_bin);
2396
2397 if (!snd_conf) {
2398 coap_log_warn("oscore_conf: Keyword '%.*s' invalid\n",
2399 (int)keyword.length,
2400 (const char *)keyword.s);
2401 goto error_free_value_bin;
2402 }
2403 if (oscore_conf->sender) {
2404 coap_log_warn("oscore_conf: group sender duplicated\n");
2405 goto error_free_value_bin;
2406 }
2407 oscore_conf->sender = snd_conf;
2408 coap_delete_bin_const(value.u.value_bin);
2409 break;
2410 }
2411 if (keyword.length == sizeof("complex_recipient") - 1 &&
2412 memcmp(keyword.s, "complex_recipient", keyword.length) == 0) {
2413 coap_oscore_rcp_conf_t *rcp_conf =
2414 coap_parse_oscore_rcp_conf_mem(*value.u.value_bin);
2415
2416 if (!rcp_conf) {
2417 coap_log_warn("oscore_conf: Keyword '%.*s' invalid\n",
2418 (int)keyword.length,
2419 (const char *)keyword.s);
2420 goto error_free_value_bin;
2421 }
2422 rcp_conf->next_recipient = oscore_conf->recipient_chain;
2423 oscore_conf->recipient_chain = rcp_conf;
2424 coap_delete_bin_const(value.u.value_bin);
2425 }
2426 break;
2427 case COAP_ENC_ASCII:
2428 case COAP_ENC_HEX:
2429 memcpy(&unused_check,
2430 &(((char *)oscore_conf)[oscore_config[i].offset]),
2431 sizeof(unused_check));
2432 if (unused_check != NULL) {
2433 coap_log_warn("oscore_conf: Keyword '%.*s' duplicated\n",
2434 (int)keyword.length,
2435 (const char *)keyword.s);
2436 goto error_free_value_bin;
2437 }
2438 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
2439 &value.u.value_bin,
2440 sizeof(value.u.value_bin));
2441 break;
2442 case COAP_ENC_INTEGER:
2443 case COAP_ENC_BOOL:
2444 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
2445 &value.u.value_int,
2446 sizeof(value.u.value_int));
2447 break;
2448 case COAP_ENC_TEXT:
2449 for (j = 0; oscore_config[i].text_mapping[j].text.s != NULL; j++) {
2450 if (coap_string_equal(&value.u.value_str,
2451 &oscore_config[i].text_mapping[j].text)) {
2452 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
2453 &oscore_config[i].text_mapping[j].value,
2454 sizeof(oscore_config[i].text_mapping[j].value));
2455 break;
2456 }
2457 }
2458 if (oscore_config[i].text_mapping[j].text.s == NULL) {
2459 coap_log_warn("oscore_conf: Keyword '%.*s': value '%.*s' unknown\n",
2460 (int)keyword.length,
2461 (const char *)keyword.s,
2462 (int)value.u.value_str.length,
2463 (const char *)value.u.value_str.s);
2464 goto error;
2465 }
2466 break;
2467 case COAP_ENC_LAST:
2468 default:
2469 assert(0);
2470 break;
2471 }
2472 }
2473 break;
2474 }
2475 }
2476 if (i == sizeof(oscore_config) / sizeof(oscore_config[0])) {
2477 coap_log_warn("oscore_conf: Keyword '%.*s', type '%s' unknown\n",
2478 (int)keyword.length,
2479 (const char *)keyword.s,
2480 value.encoding_name);
2481 if (value.encoding == COAP_ENC_HEX || value.encoding == COAP_ENC_ASCII ||
2482 value.encoding == COAP_ENC_CONFIG) {
2483 coap_delete_bin_const(value.u.value_bin);
2484 }
2485 goto error;
2486 }
2487 }
2488 if (split_ok == -1)
2489 goto error;
2490 if (!oscore_conf->master_secret) {
2491 coap_log_warn("oscore_conf: master_secret not defined\n");
2492 goto error;
2493 }
2494 if (!oscore_conf->sender) {
2495 coap_log_warn("oscore_conf: sender_id not defined\n");
2496 goto error;
2497 }
2498 return oscore_conf;
2499
2500error_free_value_bin:
2501 coap_delete_bin_const(value.u.value_bin);
2502error:
2503 coap_delete_oscore_conf(oscore_conf);
2504 return NULL;
2505}
2506
2507static oscore_ctx_t *
2508coap_oscore_init(coap_context_t *c_context, coap_oscore_conf_t *oscore_conf) {
2509 oscore_ctx_t *osc_ctx = NULL;
2510
2511 if (!coap_crypto_check_cipher_alg(oscore_conf->aead_alg)) {
2512 coap_log_warn("COSE: Cipher Algorithm %d not supported\n",
2513 oscore_conf->aead_alg);
2514 goto error;
2515 }
2516 if (!coap_crypto_check_hkdf_alg(oscore_conf->hkdf_alg)) {
2517 coap_log_warn("COSE: HKDF Algorithm %d not supported\n",
2518 oscore_conf->hkdf_alg);
2519 goto error;
2520 }
2521
2522 osc_ctx = oscore_derive_ctx(c_context, oscore_conf);
2523 if (!osc_ctx) {
2524 coap_log_crit("OSCORE: Could not create Security Context!\n");
2525 coap_free_type(COAP_STRING, oscore_conf);
2526 return NULL;
2527 }
2528
2529 /* As all is stored in osc_ctx, oscore_conf is no longer needed */
2530 coap_free_type(COAP_STRING, oscore_conf);
2531
2532 /* return default first context */
2533 return osc_ctx;
2534
2535error:
2536 /* Remove from linked chain */
2537 oscore_remove_context(c_context, osc_ctx);
2538
2539 coap_delete_oscore_conf(oscore_conf);
2540 return NULL;
2541}
2542
2543void
2544coap_delete_all_oscore(coap_context_t *c_context) {
2545 oscore_free_contexts(c_context);
2546}
2547
2548void
2549coap_delete_oscore_associations(coap_session_t *session) {
2550 oscore_delete_server_associations(session);
2551}
2552
2553coap_oscore_conf_t *
2554coap_new_oscore_conf(coap_str_const_t conf_mem,
2555 coap_oscore_save_seq_num_t save_seq_num_func,
2556 void *save_seq_num_func_param,
2557 uint64_t start_seq_num) {
2558 coap_oscore_conf_t *oscore_conf = coap_parse_oscore_conf_mem(conf_mem);
2559
2560 if (oscore_conf == NULL)
2561 return NULL;
2562
2563 oscore_conf->save_seq_num_func = save_seq_num_func;
2564 oscore_conf->save_seq_num_func_param = save_seq_num_func_param;
2565 oscore_conf->start_seq_num = start_seq_num;
2566 coap_log_oscore("Start Seq no %" PRIu64 "\n", start_seq_num);
2567 return oscore_conf;
2568}
2569
2570/*
2571 * Compute the size of the potential OSCORE overhead
2572 */
2573size_t
2574coap_oscore_overhead(coap_session_t *session, coap_pdu_t *pdu) {
2575 size_t overhead = 0;
2576 oscore_recipient_ctx_t *rcp_ctx = session->recipient_ctx;
2577 oscore_ctx_t *osc_ctx = rcp_ctx ? rcp_ctx->osc_ctx : NULL;
2578 coap_opt_iterator_t opt_iter;
2579 coap_opt_t *option;
2580
2581 if (osc_ctx == NULL)
2582 return 0;
2583
2584 /* Protected code held in inner PDU as token */
2585 overhead += 1;
2586
2587 /* Observe option (creates inner and outer */
2588 option = coap_check_option(pdu, COAP_OPTION_OBSERVE, &opt_iter);
2589 if (option) {
2590 /* Assume delta is small */
2591 overhead += 2 + coap_opt_length(option);
2592 }
2593
2594 /* Proxy URI option Split - covered by coap_rebuild_pdu_for_proxy () */
2595
2596 /* OSCORE option */
2597 /* Option header */
2598 overhead += 1 +
2599 /* Partial IV (64 bits max)*/
2600 8 +
2601 /* kid context */
2602 (osc_ctx->id_context ? osc_ctx->id_context->length : 0) +
2603 /* kid */
2604 osc_ctx->sender_context->sender_id->length;
2605
2606 /* AAD overhead */
2607 overhead += AES_CCM_TAG;
2608
2609 /* End of options marker */
2610 overhead += 1;
2611
2612 return overhead;
2613}
2614
2615COAP_API int
2616coap_new_oscore_recipient(coap_context_t *context,
2617 coap_bin_const_t *recipient_id) {
2618 int ret;
2619
2620 coap_lock_lock(return 0);
2621 ret = coap_new_oscore_recipient_lkd(context, recipient_id);
2622 coap_lock_unlock();
2623 return ret;
2624}
2625
2626int
2627coap_new_oscore_recipient_lkd(coap_context_t *context,
2628 coap_bin_const_t *recipient_id) {
2629 coap_oscore_rcp_conf_t *rcp_conf;
2630
2631 coap_lock_check_locked();
2632
2633 if (context->p_osc_ctx == NULL) {
2634 coap_delete_bin_const(recipient_id);
2635 return 0;
2636 }
2637 rcp_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_rcp_conf_t));
2638 if (rcp_conf == NULL) {
2639 coap_delete_bin_const(recipient_id);
2640 return 0;
2641 }
2642 memset(rcp_conf, 0, sizeof(coap_oscore_rcp_conf_t));
2643 rcp_conf->recipient_id = recipient_id;
2644 /* rcp_conf is released in oscore_add_recipient() */
2645 if (oscore_add_recipient(context->p_osc_ctx, rcp_conf, 0) == NULL)
2646 return 0;
2647 return 1;
2648}
2649
2650COAP_API int
2651coap_delete_oscore_recipient(coap_context_t *context,
2652 coap_bin_const_t *recipient_id) {
2653 int ret;
2654
2655 if (!context || !recipient_id)
2656 return 0;
2657 coap_lock_lock(return 0);
2658 ret = coap_delete_oscore_recipient_lkd(context, recipient_id);
2659 coap_lock_unlock();
2660 return ret;
2661}
2662
2663int
2664coap_delete_oscore_recipient_lkd(coap_context_t *context,
2665 coap_bin_const_t *recipient_id) {
2666 coap_lock_check_locked();
2667 if (context->p_osc_ctx == NULL)
2668 return 0;
2669 return oscore_delete_recipient(context->p_osc_ctx, recipient_id);
2670}
2671
2674#else /* !COAP_OSCORE_SUPPORT */
2675int
2676coap_oscore_is_supported(void) {
2677 return 0;
2678}
2679
2680coap_session_t *
2681coap_new_client_session_oscore(coap_context_t *ctx,
2682 const coap_address_t *local_if,
2683 const coap_address_t *server,
2684 coap_proto_t proto,
2685 coap_oscore_conf_t *oscore_conf) {
2686 (void)ctx;
2687 (void)local_if;
2688 (void)server;
2689 (void)proto;
2690 (void)oscore_conf;
2691 return NULL;
2692}
2693
2694coap_session_t *
2695coap_new_client_session_oscore3(coap_context_t *ctx,
2696 const coap_address_t *local_if,
2697 const coap_address_t *server,
2698 coap_proto_t proto,
2699 coap_oscore_conf_t *oscore_conf,
2700 void *app_data,
2701 coap_app_data_free_callback_t callback,
2702 coap_str_const_t *ws_host) {
2703 (void)ctx;
2704 (void)local_if;
2705 (void)server;
2706 (void)proto;
2707 (void)oscore_conf;
2708 (void)app_data;
2709 (void)callback;
2710 (void)ws_host;
2711 return NULL;
2712}
2713
2714coap_session_t *
2715coap_new_client_session_oscore_psk(coap_context_t *ctx,
2716 const coap_address_t *local_if,
2717 const coap_address_t *server,
2718 coap_proto_t proto,
2719 coap_dtls_cpsk_t *psk_data,
2720 coap_oscore_conf_t *oscore_conf) {
2721 (void)ctx;
2722 (void)local_if;
2723 (void)server;
2724 (void)proto;
2725 (void)psk_data;
2726 (void)oscore_conf;
2727 return NULL;
2728}
2729
2730coap_session_t *
2731coap_new_client_session_oscore_psk3(coap_context_t *ctx,
2732 const coap_address_t *local_if,
2733 const coap_address_t *server,
2734 coap_proto_t proto,
2735 coap_dtls_cpsk_t *psk_data,
2736 coap_oscore_conf_t *oscore_conf,
2737 void *app_data,
2738 coap_app_data_free_callback_t callback,
2739 coap_str_const_t *ws_host) {
2740 (void)ctx;
2741 (void)local_if;
2742 (void)server;
2743 (void)proto;
2744 (void)psk_data;
2745 (void)oscore_conf;
2746 (void)app_data;
2747 (void)callback;
2748 (void)ws_host;
2749 return NULL;
2750}
2751
2752coap_session_t *
2753coap_new_client_session_oscore_pki(coap_context_t *ctx,
2754 const coap_address_t *local_if,
2755 const coap_address_t *server,
2756 coap_proto_t proto,
2757 coap_dtls_pki_t *pki_data,
2758 coap_oscore_conf_t *oscore_conf) {
2759 (void)ctx;
2760 (void)local_if;
2761 (void)server;
2762 (void)proto;
2763 (void)pki_data;
2764 (void)oscore_conf;
2765 return NULL;
2766}
2767
2768coap_session_t *
2769coap_new_client_session_oscore_pki3(coap_context_t *ctx,
2770 const coap_address_t *local_if,
2771 const coap_address_t *server,
2772 coap_proto_t proto,
2773 coap_dtls_pki_t *pki_data,
2774 coap_oscore_conf_t *oscore_conf,
2775 void *app_data,
2776 coap_app_data_free_callback_t callback,
2777 coap_str_const_t *ws_host) {
2778 (void)ctx;
2779 (void)local_if;
2780 (void)server;
2781 (void)proto;
2782 (void)pki_data;
2783 (void)oscore_conf;
2784 (void)app_data;
2785 (void)callback;
2786 (void)ws_host;
2787 return NULL;
2788}
2789
2790int
2791coap_context_oscore_server(coap_context_t *context,
2792 coap_oscore_conf_t *oscore_conf) {
2793 (void)context;
2794 (void)oscore_conf;
2795 return 0;
2796}
2797
2798coap_oscore_conf_t *
2799coap_new_oscore_conf(coap_str_const_t conf_mem,
2800 coap_oscore_save_seq_num_t save_seq_num_func,
2801 void *save_seq_num_func_param,
2802 uint64_t start_seq_num) {
2803 (void)conf_mem;
2804 (void)save_seq_num_func;
2805 (void)save_seq_num_func_param;
2806 (void)start_seq_num;
2807 return NULL;
2808}
2809
2810int
2811coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf) {
2812 (void)oscore_conf;
2813 return 0;
2814}
2815
2816int
2817coap_new_oscore_recipient(coap_context_t *context,
2818 coap_bin_const_t *recipient_id) {
2819 (void)context;
2820 (void)recipient_id;
2821 return 0;
2822}
2823
2824int
2825coap_delete_oscore_recipient(coap_context_t *context,
2826 coap_bin_const_t *recipient_id) {
2827 (void)context;
2828 (void)recipient_id;
2829 return 0;
2830}
2831
2832#endif /* !COAP_OSCORE_SUPPORT */
coap_lg_crcv_t
struct coap_lg_crcv_t coap_lg_crcv_t
Definition coap_forward_decls.h:55
PRIu64
#define PRIu64
Definition coap_internal.h:59
coap_libcoap_build.h
Library specific build wrapper for coap_internal.h.
COAP_API
#define COAP_API
Definition coap_libcoap_build.h:41
COAP_OSCORE_BUF
@ COAP_OSCORE_BUF
Definition coap_mem.h:60
COAP_STRING
@ COAP_STRING
Definition coap_mem.h:33
coap_malloc_type
void * coap_malloc_type(coap_memory_tag_t type, size_t size)
Allocates a chunk of size bytes and returns a pointer to the newly allocated memory.
coap_free_type
void coap_free_type(coap_memory_tag_t type, void *p)
Releases the memory that was allocated by coap_malloc_type().
NULL
#define NULL
Definition coap_option.h:30
coap_opt_t
uint8_t coap_opt_t
Use byte-oriented access methods here because sliding a complex struct coap_opt_t over the data buffe...
Definition coap_option.h:43
coap_uri_scheme_is_secure
static int coap_uri_scheme_is_secure(const coap_uri_t *uri)
Definition coap_uri.h:92
COAP_URI_SCHEME_LAST
@ COAP_URI_SCHEME_LAST
Definition coap_uri.h:39
coap_send_ack_lkd
coap_mid_t coap_send_ack_lkd(coap_session_t *session, const coap_pdu_t *request)
Sends an ACK message with code 0 for the specified request to dst.
Definition coap_net.c:1120
COAP_BLOCK_CACHE_RESPONSE
#define COAP_BLOCK_CACHE_RESPONSE
Definition coap_block.h:73
coap_prng_lkd
int coap_prng_lkd(void *buf, size_t len)
Fills buf with len random bytes using the default pseudo random number generator.
Definition coap_prng.c:190
coap_handle_event_lkd
int coap_handle_event_lkd(coap_context_t *context, coap_event_t event, coap_session_t *session)
Invokes the event handler of context for the given event and data.
Definition coap_net.c:5107
coap_new_message_id_lkd
uint16_t coap_new_message_id_lkd(coap_session_t *session)
Returns a new message id and updates session->tx_mid accordingly.
Definition coap_session.c:2287
coap_send_internal
coap_mid_t coap_send_internal(coap_session_t *session, coap_pdu_t *pdu, coap_pdu_t *request_pdu)
Sends a CoAP message to given peer.
Definition coap_net.c:2029
coap_cancel_all_messages
void coap_cancel_all_messages(coap_context_t *context, coap_session_t *session, coap_bin_const_t *token)
Cancels all outstanding messages for session session that have the specified token.
Definition coap_net.c:3224
COAP_OSCORE_DEFAULT_REPLAY_WINDOW
#define COAP_OSCORE_DEFAULT_REPLAY_WINDOW
Definition coap_crypto_internal.h:42
coap_crypto_check_hkdf_alg
int coap_crypto_check_hkdf_alg(cose_hkdf_alg_t hkdf_alg)
Check whether the defined hkdf algorithm is supported by the underlying crypto library.
coap_crypto_check_cipher_alg
int coap_crypto_check_cipher_alg(cose_alg_t alg)
Check whether the defined cipher algorithm is supported by the underlying crypto library.
coap_encode_var_safe
unsigned int coap_encode_var_safe(uint8_t *buf, size_t length, unsigned int val)
Encodes multiple-length byte sequences.
Definition coap_encode.c:47
coap_decode_var_bytes
unsigned int coap_decode_var_bytes(const uint8_t *buf, size_t len)
Decodes multiple-length byte sequences.
Definition coap_encode.c:38
coap_decode_var_bytes8
uint64_t coap_decode_var_bytes8(const uint8_t *buf, size_t len)
Decodes multiple-length byte sequences.
Definition coap_encode.c:71
coap_encode_var_safe8
unsigned int coap_encode_var_safe8(uint8_t *buf, size_t length, uint64_t val)
Encodes multiple-length byte sequences.
Definition coap_encode.c:81
COAP_EVENT_OSCORE_DECODE_ERROR
@ COAP_EVENT_OSCORE_DECODE_ERROR
Triggered when there is an OSCORE decode of OSCORE option failure.
Definition coap_event.h:130
COAP_EVENT_OSCORE_INTERNAL_ERROR
@ COAP_EVENT_OSCORE_INTERNAL_ERROR
Triggered when there is an OSCORE internal error i.e malloc failed.
Definition coap_event.h:128
COAP_EVENT_OSCORE_NOT_ENABLED
@ COAP_EVENT_OSCORE_NOT_ENABLED
Triggered when trying to use OSCORE to decrypt, but it is not enabled.
Definition coap_event.h:122
COAP_EVENT_OSCORE_NO_SECURITY
@ COAP_EVENT_OSCORE_NO_SECURITY
Triggered when there is no OSCORE security definition found.
Definition coap_event.h:126
COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD
@ COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD
Triggered when there is no OSCORE encrypted payload provided.
Definition coap_event.h:124
COAP_EVENT_OSCORE_DECRYPTION_FAILURE
@ COAP_EVENT_OSCORE_DECRYPTION_FAILURE
Triggered when there is an OSCORE decryption failure.
Definition coap_event.h:120
coap_lock_unlock
#define coap_lock_unlock()
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:612
coap_lock_check_locked
#define coap_lock_check_locked()
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:638
coap_lock_lock
#define coap_lock_lock(failed)
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:582
coap_log_debug
#define coap_log_debug(...)
Definition coap_debug.h:126
coap_get_log_level
coap_log_t coap_get_log_level(void)
Get the current logging level.
Definition coap_debug.c:103
coap_show_pdu
void coap_show_pdu(coap_log_t level, const coap_pdu_t *pdu)
Display the contents of the specified pdu.
Definition coap_debug.c:812
coap_log_oscore
#define coap_log_oscore(...)
Definition coap_debug.h:132
coap_log_warn
#define coap_log_warn(...)
Definition coap_debug.h:108
coap_log_err
#define coap_log_err(...)
Definition coap_debug.h:102
coap_log_crit
#define coap_log_crit(...)
Definition coap_debug.h:96
COAP_LOG_OSCORE
@ COAP_LOG_OSCORE
Definition coap_debug.h:65
COAP_LOG_DEBUG
@ COAP_LOG_DEBUG
Definition coap_debug.h:64
coap_option_next
coap_opt_t * coap_option_next(coap_opt_iterator_t *oi)
Updates the iterator oi to point to the next option.
Definition coap_option.c:153
coap_opt_length
uint32_t coap_opt_length(const coap_opt_t *opt)
Returns the length of the given option.
Definition coap_option.c:212
coap_option_iterator_init
coap_opt_iterator_t * coap_option_iterator_init(const coap_pdu_t *pdu, coap_opt_iterator_t *oi, const coap_opt_filter_t *filter)
Initializes the given option iterator oi to point to the beginning of the pdu's option list.
Definition coap_option.c:117
coap_delete_optlist
void coap_delete_optlist(coap_optlist_t *queue)
Removes all entries from the optlist_chain, freeing off their memory usage.
Definition coap_option.c:602
COAP_OPT_ALL
#define COAP_OPT_ALL
Pre-defined filter that includes all options.
Definition coap_option.h:125
coap_add_optlist_pdu
int coap_add_optlist_pdu(coap_pdu_t *pdu, coap_optlist_t **options)
The current optlist of optlist_chain is first sorted (as per RFC7272 ordering requirements) and then ...
Definition coap_option.c:551
coap_check_option
coap_opt_t * coap_check_option(const coap_pdu_t *pdu, coap_option_num_t number, coap_opt_iterator_t *oi)
Retrieves the first option of number number from pdu.
Definition coap_option.c:199
coap_opt_value
const uint8_t * coap_opt_value(const coap_opt_t *opt)
Returns a pointer to the value of the given option.
Definition coap_option.c:249
oscore_cbor_get_element_size
size_t oscore_cbor_get_element_size(const uint8_t **buffer, size_t *buf_size)
cose_encrypt0_set_plaintext
void cose_encrypt0_set_plaintext(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size)
cose_encrypt0_set_key
int cose_encrypt0_set_key(cose_encrypt0_t *ptr, coap_bin_const_t *key)
cose_encrypt0_set_kid_context
void cose_encrypt0_set_kid_context(cose_encrypt0_t *ptr, coap_bin_const_t *kid_context)
cose_get_alg_name
const char * cose_get_alg_name(cose_alg_t id, char *buffer, size_t buflen)
cose_encrypt0_set_ciphertext
void cose_encrypt0_set_ciphertext(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size)
cose_encrypt0_decrypt
int cose_encrypt0_decrypt(cose_encrypt0_t *ptr, uint8_t *plaintext_buffer, size_t plaintext_len)
cose_tag_len
size_t cose_tag_len(cose_alg_t cose_alg)
cose_encrypt0_set_aad
void cose_encrypt0_set_aad(cose_encrypt0_t *ptr, coap_bin_const_t *aad)
cose_curve_t
cose_curve_t
Definition oscore_cose.h:62
cose_encrypt0_encrypt
int cose_encrypt0_encrypt(cose_encrypt0_t *ptr, uint8_t *ciphertext_buffer, size_t ciphertext_len)
cose_encrypt0_set_partial_iv
void cose_encrypt0_set_partial_iv(cose_encrypt0_t *ptr, coap_bin_const_t *partial_iv)
cose_encrypt0_set_external_aad
void cose_encrypt0_set_external_aad(cose_encrypt0_t *ptr, coap_bin_const_t *external_aad)
cose_encrypt0_init
void cose_encrypt0_init(cose_encrypt0_t *ptr)
cose_encrypt0_set_alg
void cose_encrypt0_set_alg(cose_encrypt0_t *ptr, uint8_t alg)
cose_encrypt0_set_key_id
void cose_encrypt0_set_key_id(cose_encrypt0_t *ptr, coap_bin_const_t *key_id)
cose_encrypt0_set_nonce
void cose_encrypt0_set_nonce(cose_encrypt0_t *ptr, coap_bin_const_t *nonce)
COSE_HKDF_ALG_HKDF_SHA_256
@ COSE_HKDF_ALG_HKDF_SHA_256
Definition oscore_cose.h:169
COSE_ALGORITHM_AES_CCM_16_64_128
@ COSE_ALGORITHM_AES_CCM_16_64_128
Definition oscore_cose.h:147
COSE_ALGORITHM_AES_CCM_16_64_256
@ COSE_ALGORITHM_AES_CCM_16_64_256
Definition oscore_cose.h:148
oscore_prepare_aad
size_t oscore_prepare_aad(const uint8_t *external_aad_buffer, size_t external_aad_len, uint8_t *aad_buffer, size_t aad_size)
oscore_encode_option_value
size_t oscore_encode_option_value(uint8_t *option_buffer, size_t option_buf_len, cose_encrypt0_t *cose, uint8_t group, uint8_t appendix_b_2)
coap_delete_oscore_recipient_lkd
int coap_delete_oscore_recipient_lkd(coap_context_t *context, coap_bin_const_t *recipient_id)
Release all the information associated for the specific Recipient ID (and hence and stop any further ...
oscore_delete_association
int oscore_delete_association(coap_session_t *session, oscore_association_t *association)
coap_new_client_session_oscore3_lkd
coap_session_t * coap_new_client_session_oscore3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, protecting the data using OSCORE,...
oscore_validate_sender_seq
uint8_t oscore_validate_sender_seq(oscore_recipient_ctx_t *ctx, cose_encrypt0_t *cose)
oscore_add_recipient
oscore_recipient_ctx_t * oscore_add_recipient(oscore_ctx_t *ctx, coap_oscore_rcp_conf_t *rcp_conf, uint32_t break_key)
oscore_add_recipient - add in recipient information
OSCORE_SEQ_MAX
#define OSCORE_SEQ_MAX
Definition oscore_context.h:74
AES_CCM_TAG
#define AES_CCM_TAG
Definition oscore_crypto.h:63
oscore_decode_option_value
int oscore_decode_option_value(const uint8_t *option_value, size_t option_len, cose_encrypt0_t *cose)
coap_delete_oscore_snd_conf
int coap_delete_oscore_snd_conf(coap_oscore_snd_conf_t *oscore_snd_conf)
Release all the information associated with the OSCORE complex Sender configuration.
coap_oscore_new_pdu_encrypted_lkd
coap_pdu_t * coap_oscore_new_pdu_encrypted_lkd(coap_session_t *session, coap_pdu_t *pdu, coap_bin_const_t *kid_context, oscore_partial_iv_t send_partial_iv)
Encrypts the specified pdu when OSCORE encryption is required on session.
oscore_delete_recipient
int oscore_delete_recipient(oscore_ctx_t *osc_ctx, coap_bin_const_t *rid)
oscore_increment_sender_seq
uint8_t oscore_increment_sender_seq(oscore_ctx_t *ctx)
oscore_update_ctx
void oscore_update_ctx(oscore_ctx_t *osc_ctx, coap_bin_const_t *id_context)
oscore_update_ctx - update a osc_ctx with a new id_context
coap_new_client_session_oscore_psk3_lkd
coap_session_t * coap_new_client_session_oscore_psk3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PSK credentials protecting the data using...
oscore_derive_ctx
oscore_ctx_t * oscore_derive_ctx(coap_context_t *c_context, coap_oscore_conf_t *oscore_conf)
oscore_derive_ctx - derive a osc_ctx from oscore_conf information
coap_oscore_new_pdu_encrypted
COAP_API coap_pdu_t * coap_oscore_new_pdu_encrypted(coap_session_t *session, coap_pdu_t *pdu, coap_bin_const_t *kid_context, oscore_partial_iv_t send_partial_iv)
Encrypts the specified pdu when OSCORE encryption is required on session.
oscore_roll_back_seq
void oscore_roll_back_seq(oscore_recipient_ctx_t *ctx)
oscore_new_association
int oscore_new_association(coap_session_t *session, coap_pdu_t *sent_pdu, coap_bin_const_t *token, oscore_recipient_ctx_t *recipient_ctx, coap_bin_const_t *aad, coap_bin_const_t *nonce, coap_bin_const_t *partial_iv, int is_observe)
oscore_prepare_e_aad
size_t oscore_prepare_e_aad(oscore_ctx_t *ctx, cose_encrypt0_t *cose, const uint8_t *oscore_option, size_t oscore_option_len, coap_bin_const_t *sender_public_key, uint8_t *external_aad_ptr, size_t external_aad_size)
oscore_delete_server_associations
void oscore_delete_server_associations(coap_session_t *session)
oscore_log_char_value
void oscore_log_char_value(coap_log_t level, const char *name, const char *value)
coap_oscore_decrypt_pdu
struct coap_pdu_t * coap_oscore_decrypt_pdu(coap_session_t *session, coap_pdu_t *pdu)
Decrypts the OSCORE-encrypted parts of pdu when OSCORE is used.
coap_rebuild_pdu_for_proxy
int coap_rebuild_pdu_for_proxy(coap_pdu_t *pdu)
Convert PDU to use Proxy-Scheme option if Proxy-Uri option is present.
oscore_free_contexts
void oscore_free_contexts(coap_context_t *c_context)
oscore_log_hex_value
void oscore_log_hex_value(coap_log_t level, const char *name, coap_bin_const_t *value)
coap_delete_oscore_associations
void coap_delete_oscore_associations(coap_session_t *session)
Cleanup all allocated OSCORE association information.
coap_oscore_initiate
int coap_oscore_initiate(coap_session_t *session, coap_oscore_conf_t *oscore_conf)
Initiate an OSCORE session.
coap_new_oscore_recipient_lkd
int coap_new_oscore_recipient_lkd(coap_context_t *context, coap_bin_const_t *recipient_id)
Add in the specific Recipient ID into the OSCORE context (server only).
oscore_duplicate_ctx
oscore_ctx_t * oscore_duplicate_ctx(coap_context_t *c_context, oscore_ctx_t *o_osc_ctx, coap_bin_const_t *sender_id, coap_bin_const_t *recipient_id, coap_bin_const_t *id_context)
oscore_duplicate_ctx - duplicate a osc_ctx
oscore_partial_iv_t
oscore_partial_iv_t
Definition coap_oscore_internal.h:81
coap_delete_all_oscore
void coap_delete_all_oscore(coap_context_t *context)
Cleanup all allocated OSCORE information.
oscore_generate_nonce
void oscore_generate_nonce(cose_encrypt0_t *ptr, oscore_ctx_t *ctx, uint8_t *buffer, uint8_t size)
oscore_remove_context
int oscore_remove_context(coap_context_t *c_context, oscore_ctx_t *osc_ctx)
oscore_find_association
oscore_association_t * oscore_find_association(coap_session_t *session, coap_bin_const_t *token)
coap_context_oscore_server_lkd
int coap_context_oscore_server_lkd(coap_context_t *context, coap_oscore_conf_t *oscore_conf)
Set the context's default OSCORE configuration for a server.
coap_delete_oscore_rcp_conf
int coap_delete_oscore_rcp_conf(coap_oscore_rcp_conf_t *oscore_rcp_conf)
Release all the information associated with the OSCORE complex Recipient configuration.
oscore_find_context
oscore_ctx_t * oscore_find_context(const coap_session_t *session, const coap_bin_const_t rcpkey_id, const coap_bin_const_t *ctxkey_id, uint8_t *oscore_r2, oscore_recipient_ctx_t **recipient_ctx)
oscore_find_context - Locate recipient context (and hence OSCORE context)
coap_new_client_session_oscore_pki3_lkd
coap_session_t * coap_new_client_session_oscore_pki3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PKI credentials protecting the data using...
coap_oscore_overhead
size_t coap_oscore_overhead(coap_session_t *session, coap_pdu_t *pdu)
Determine the additional data size requirements for adding in OSCORE.
OSCORE_SEND_PARTIAL_IV
@ OSCORE_SEND_PARTIAL_IV
Send partial IV with encrypted PDU.
Definition coap_oscore_internal.h:83
OSCORE_SEND_NO_IV
@ OSCORE_SEND_NO_IV
Do not send partial IV unless added by a response.
Definition coap_oscore_internal.h:82
coap_new_oscore_conf
coap_oscore_conf_t * coap_new_oscore_conf(coap_str_const_t conf_mem, coap_oscore_save_seq_num_t save_seq_num_func, void *save_seq_num_func_param, uint64_t start_seq_num)
Parse an OSCORE configuration (held in memory) and populate a OSCORE configuration structure.
Definition coap_oscore.c:2799
coap_new_client_session_oscore_psk
coap_session_t * coap_new_client_session_oscore_psk(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PSK credentials as well as protecting the ...
Definition coap_oscore.c:2715
coap_new_client_session_oscore_psk3
coap_session_t * coap_new_client_session_oscore_psk3(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PSK credentials protecting the data using...
Definition coap_oscore.c:2731
coap_delete_oscore_conf
int coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf)
Release all the information associated with the OSCORE configuration.
Definition coap_oscore.c:2811
coap_new_client_session_oscore
coap_session_t * coap_new_client_session_oscore(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server, protecting the data using OSCORE.
Definition coap_oscore.c:2681
coap_context_oscore_server
int coap_context_oscore_server(coap_context_t *context, coap_oscore_conf_t *oscore_conf)
Set the context's default OSCORE configuration for a server.
Definition coap_oscore.c:2791
coap_new_client_session_oscore_pki
coap_session_t * coap_new_client_session_oscore_pki(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PKI credentials as well as protecting the ...
Definition coap_oscore.c:2753
coap_new_client_session_oscore3
coap_session_t * coap_new_client_session_oscore3(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, protecting the data using OSCORE,...
Definition coap_oscore.c:2695
coap_new_oscore_recipient
int coap_new_oscore_recipient(coap_context_t *context, coap_bin_const_t *recipient_id)
Add in the specific Recipient ID into the OSCORE context (server only).
Definition coap_oscore.c:2817
coap_oscore_save_seq_num_t
int(* coap_oscore_save_seq_num_t)(uint64_t sender_seq_num, void *param)
Definition of the function used to save the current Sender Sequence Number.
Definition coap_oscore.h:263
coap_delete_oscore_recipient
int coap_delete_oscore_recipient(coap_context_t *context, coap_bin_const_t *recipient_id)
Release all the information associated for the specific Recipient ID (and hence and stop any further ...
Definition coap_oscore.c:2825
coap_new_client_session_oscore_pki3
coap_session_t * coap_new_client_session_oscore_pki3(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PKI credentials protecting the data using...
Definition coap_oscore.c:2769
coap_delete_pdu_lkd
void coap_delete_pdu_lkd(coap_pdu_t *pdu)
Dispose of an CoAP PDU and free off associated storage.
Definition coap_pdu.c:194
coap_insert_option
size_t coap_insert_option(coap_pdu_t *pdu, coap_option_num_t number, size_t len, const uint8_t *data)
Inserts option of given number in the pdu with the appropriate data.
Definition coap_pdu.c:683
coap_remove_option
int coap_remove_option(coap_pdu_t *pdu, coap_option_num_t number)
Removes (first) option of given number from the pdu.
Definition coap_pdu.c:542
coap_update_token
int coap_update_token(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Updates token in pdu with length len and data.
Definition coap_pdu.c:466
COAP_PDU_IS_PING
#define COAP_PDU_IS_PING(pdu)
Definition coap_pdu_internal.h:103
coap_pdu_duplicate_lkd
coap_pdu_t * coap_pdu_duplicate_lkd(const coap_pdu_t *old_pdu, coap_session_t *session, size_t token_length, const uint8_t *token, coap_opt_filter_t *drop_options, coap_bool_t expand_opt_abb)
Duplicate an existing PDU.
Definition coap_pdu.c:234
coap_pdu_encode_header
size_t coap_pdu_encode_header(coap_pdu_t *pdu, coap_proto_t proto)
Compose the protocol specific header for the specified PDU.
Definition coap_pdu.c:1573
COAP_PAYLOAD_START
#define COAP_PAYLOAD_START
Definition coap_pdu_internal.h:96
coap_pdu_resize
int coap_pdu_resize(coap_pdu_t *pdu, size_t new_size)
Dynamically grows the size of pdu to new_size.
Definition coap_pdu.c:337
COAP_PDU_IS_REQUEST
#define COAP_PDU_IS_REQUEST(pdu)
Definition coap_pdu_internal.h:99
coap_add_option_internal
size_t coap_add_option_internal(coap_pdu_t *pdu, coap_option_num_t number, size_t len, const uint8_t *data)
Adds option of given number to pdu that is passed as first parameter.
Definition coap_pdu.c:838
COAP_OPTION_HOP_LIMIT
#define COAP_OPTION_HOP_LIMIT
Definition coap_pdu.h:136
COAP_OPTION_NORESPONSE
#define COAP_OPTION_NORESPONSE
Definition coap_pdu.h:149
COAP_OPTION_URI_HOST
#define COAP_OPTION_URI_HOST
Definition coap_pdu.h:122
COAP_OPTION_IF_MATCH
#define COAP_OPTION_IF_MATCH
Definition coap_pdu.h:121
COAP_OPTION_BLOCK2
#define COAP_OPTION_BLOCK2
Definition coap_pdu.h:141
COAP_OPTION_CONTENT_FORMAT
#define COAP_OPTION_CONTENT_FORMAT
Definition coap_pdu.h:130
COAP_OPTION_SIZE2
#define COAP_OPTION_SIZE2
Definition coap_pdu.h:143
COAP_OPTION_BLOCK1
#define COAP_OPTION_BLOCK1
Definition coap_pdu.h:142
COAP_OPTION_PROXY_SCHEME
#define COAP_OPTION_PROXY_SCHEME
Definition coap_pdu.h:146
COAP_DEFAULT_PORT
#define COAP_DEFAULT_PORT
Definition coap_pdu.h:39
COAP_OPTION_URI_QUERY
#define COAP_OPTION_URI_QUERY
Definition coap_pdu.h:135
COAP_OPTION_IF_NONE_MATCH
#define COAP_OPTION_IF_NONE_MATCH
Definition coap_pdu.h:124
COAP_OPTION_LOCATION_PATH
#define COAP_OPTION_LOCATION_PATH
Definition coap_pdu.h:127
COAP_OPTION_URI_PATH
#define COAP_OPTION_URI_PATH
Definition coap_pdu.h:129
COAP_RESPONSE_CODE
#define COAP_RESPONSE_CODE(N)
Definition coap_pdu.h:164
COAP_RESPONSE_CLASS
#define COAP_RESPONSE_CLASS(C)
Definition coap_pdu.h:167
coap_proto_t
coap_proto_t
CoAP protocol types Note: coap_layers_coap[] needs updating if extended.
Definition coap_pdu.h:317
coap_pdu_code_t
coap_pdu_code_t
Set of codes available for a PDU.
Definition coap_pdu.h:331
COAP_OPTION_OSCORE
#define COAP_OPTION_OSCORE
Definition coap_pdu.h:128
COAP_OPTION_SIZE1
#define COAP_OPTION_SIZE1
Definition coap_pdu.h:147
coap_add_token
int coap_add_token(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Adds token of length len to pdu.
Definition coap_pdu.c:409
COAP_OPTION_LOCATION_QUERY
#define COAP_OPTION_LOCATION_QUERY
Definition coap_pdu.h:139
COAPS_DEFAULT_PORT
#define COAPS_DEFAULT_PORT
Definition coap_pdu.h:40
coap_get_data
int coap_get_data(const coap_pdu_t *pdu, size_t *len, const uint8_t **data)
Retrieves the length and data pointer of specified PDU.
Definition coap_pdu.c:934
COAP_OPTION_RTAG
#define COAP_OPTION_RTAG
Definition coap_pdu.h:150
COAP_OPTION_URI_PORT
#define COAP_OPTION_URI_PORT
Definition coap_pdu.h:126
coap_pdu_init
coap_pdu_t * coap_pdu_init(coap_pdu_type_t type, coap_pdu_code_t code, coap_mid_t mid, size_t size)
Creates a new CoAP PDU with at least enough storage space for the given size maximum message size.
Definition coap_pdu.c:102
COAP_OPTION_ACCEPT
#define COAP_OPTION_ACCEPT
Definition coap_pdu.h:137
COAP_INVALID_MID
#define COAP_INVALID_MID
Indicates an invalid message id.
Definition coap_pdu.h:270
COAP_OPTION_MAXAGE
#define COAP_OPTION_MAXAGE
Definition coap_pdu.h:134
COAP_OPTION_ETAG
#define COAP_OPTION_ETAG
Definition coap_pdu.h:123
COAP_OPTION_PROXY_URI
#define COAP_OPTION_PROXY_URI
Definition coap_pdu.h:145
COAP_OPTION_OBSERVE
#define COAP_OPTION_OBSERVE
Definition coap_pdu.h:125
COAP_OPTION_ECHO
#define COAP_OPTION_ECHO
Definition coap_pdu.h:148
coap_add_data
int coap_add_data(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Adds given data to the pdu that is passed as first parameter.
Definition coap_pdu.c:903
coap_pdu_get_token
coap_bin_const_t coap_pdu_get_token(const coap_pdu_t *pdu)
Gets the token associated with pdu.
Definition coap_pdu.c:1693
COAP_BOOL_FALSE
@ COAP_BOOL_FALSE
Definition coap_pdu.h:378
COAP_REQUEST_CODE_POST
@ COAP_REQUEST_CODE_POST
Definition coap_pdu.h:335
COAP_REQUEST_CODE_FETCH
@ COAP_REQUEST_CODE_FETCH
Definition coap_pdu.h:338
COAP_MESSAGE_NON
@ COAP_MESSAGE_NON
Definition coap_pdu.h:72
COAP_MESSAGE_ACK
@ COAP_MESSAGE_ACK
Definition coap_pdu.h:73
COAP_MESSAGE_CON
@ COAP_MESSAGE_CON
Definition coap_pdu.h:71
coap_new_client_session_pki3_lkd
coap_session_t * coap_new_client_session_pki3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *setup_data, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PKI credentials along with app_data infor...
coap_new_client_session_psk3_lkd
coap_session_t * coap_new_client_session_psk3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *setup_data, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PSK credentials along with app_data infor...
coap_session_release_lkd
void coap_session_release_lkd(coap_session_t *session)
Decrement reference counter on a session.
Definition coap_session.c:378
coap_new_client_session3_lkd
coap_session_t * coap_new_client_session3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PSK credentials along with app_data infor...
COAP_OSCORE_B_2_NONE
@ COAP_OSCORE_B_2_NONE
Definition coap_session_internal.h:52
COAP_OSCORE_B_2_STEP_3
@ COAP_OSCORE_B_2_STEP_3
Definition coap_session_internal.h:55
COAP_OSCORE_B_2_STEP_1
@ COAP_OSCORE_B_2_STEP_1
Definition coap_session_internal.h:53
COAP_OSCORE_B_2_STEP_4
@ COAP_OSCORE_B_2_STEP_4
Definition coap_session_internal.h:56
COAP_OSCORE_B_2_STEP_5
@ COAP_OSCORE_B_2_STEP_5
Definition coap_session_internal.h:57
COAP_OSCORE_B_2_STEP_2
@ COAP_OSCORE_B_2_STEP_2
Definition coap_session_internal.h:54
COAP_PROTO_NOT_RELIABLE
#define COAP_PROTO_NOT_RELIABLE(p)
Definition coap_session.h:41
coap_app_data_free_callback_t
void(* coap_app_data_free_callback_t)(void *data)
Callback to free off the app data when the entry is being deleted / freed off.
Definition coap_session.h:124
coap_delete_bin_const
void coap_delete_bin_const(coap_bin_const_t *s)
Deletes the given const binary data and releases any memory allocated.
Definition coap_str.c:130
coap_new_binary
coap_binary_t * coap_new_binary(size_t size)
Returns a new binary object with at least size bytes storage allocated.
Definition coap_str.c:81
coap_make_str_const
coap_str_const_t * coap_make_str_const(const char *string)
Take the specified byte array (text) and create a coap_str_const_t *.
Definition coap_str.c:70
coap_new_bin_const
coap_bin_const_t * coap_new_bin_const(const uint8_t *data, size_t size)
Take the specified byte array (text) and create a coap_bin_const_t * Returns a new const binary objec...
Definition coap_str.c:119
coap_delete_binary
void coap_delete_binary(coap_binary_t *s)
Deletes the given coap_binary_t object and releases any memory allocated.
Definition coap_str.c:114
coap_binary_equal
#define coap_binary_equal(binary1, binary2)
Compares the two binary data for equality.
Definition coap_str.h:222
coap_string_equal
#define coap_string_equal(string1, string2)
Compares the two strings for equality.
Definition coap_str.h:208
coap_oscore_is_supported
int coap_oscore_is_supported(void)
Check whether OSCORE is available.
Definition coap_oscore.c:2676
coap_query_into_optlist
int coap_query_into_optlist(const uint8_t *s, size_t length, coap_option_num_t optnum, coap_optlist_t **optlist_chain)
Splits the given URI query into '&' separate segments, and then adds the Uri-Query / Location-Query o...
Definition coap_uri.c:985
coap_path_into_optlist
int coap_path_into_optlist(const uint8_t *s, size_t length, coap_option_num_t optnum, coap_optlist_t **optlist_chain)
Splits the given URI path into '/' separate segments, and then adds the Uri-Path / Location-Path opti...
Definition coap_uri.c:865
coap_split_proxy_uri
int coap_split_proxy_uri(const uint8_t *str_var, size_t len, coap_uri_t *uri)
Parses a given string into URI components.
Definition coap_uri.c:351
coap_uri_scheme
coap_uri_info_t coap_uri_scheme[COAP_URI_SCHEME_LAST]
Definition coap_uri.c:59
coap_address_t
Multi-purpose address abstraction.
Definition coap_address.h:185
coap_bin_const_t
CoAP binary data definition with const data.
Definition coap_str.h:65
coap_bin_const_t::length
size_t length
length of binary data
Definition coap_str.h:66
coap_bin_const_t::s
const uint8_t * s
read-only binary data
Definition coap_str.h:67
coap_binary_t
CoAP binary data definition.
Definition coap_str.h:57
coap_binary_t::length
size_t length
length of binary data
Definition coap_str.h:58
coap_binary_t::s
uint8_t * s
binary data
Definition coap_str.h:59
coap_context_t
The CoAP stack's global state is stored in a coap_context_t object.
Definition coap_net_internal.h:54
coap_dtls_cpsk_t
The structure used for defining the Client PSK setup data to be used.
Definition coap_dtls.h:414
coap_dtls_pki_t
The structure used for defining the PKI setup data to be used.
Definition coap_dtls.h:316
coap_opt_iterator_t
Iterator to run through PDU options.
Definition coap_option.h:185
coap_opt_iterator_t::next_option
coap_opt_t * next_option
pointer to the unparsed next option
Definition coap_option.h:190
coap_opt_iterator_t::length
size_t length
remaining length of PDU
Definition coap_option.h:186
coap_opt_iterator_t::number
coap_option_num_t number
decoded option number
Definition coap_option.h:187
coap_optlist_t
Representation of chained list of CoAP options to install.
Definition coap_option.h:342
coap_oscore_conf_t
The structure used to hold the OSCORE configuration information.
Definition coap_oscore_internal.h:56
coap_oscore_conf_t::save_seq_num_func_param
void * save_seq_num_func_param
Passed to save_seq_num_func()
Definition coap_oscore_internal.h:77
coap_oscore_conf_t::rfc8613_b_2
uint32_t rfc8613_b_2
1 if rfc8613 B.2 protocol else 0
Definition coap_oscore_internal.h:68
coap_oscore_conf_t::hkdf_alg
cose_hkdf_alg_t hkdf_alg
Set to one of COSE_HKDF_ALG_*.
Definition coap_oscore_internal.h:66
coap_oscore_conf_t::break_sender_key
uint32_t break_sender_key
1 if sender key to be broken, else 0
Definition coap_oscore_internal.h:71
coap_oscore_conf_t::sender
coap_oscore_snd_conf_t * sender
The sender - i.e.
Definition coap_oscore_internal.h:60
coap_oscore_conf_t::recipient_chain
coap_oscore_rcp_conf_t * recipient_chain
The recipients as a chain.
Definition coap_oscore_internal.h:61
coap_oscore_conf_t::ssn_freq
uint32_t ssn_freq
Sender Seq Num update frequency.
Definition coap_oscore_internal.h:64
coap_oscore_conf_t::save_seq_num_func
coap_oscore_save_seq_num_t save_seq_num_func
Called every seq num change.
Definition coap_oscore_internal.h:75
coap_oscore_conf_t::rfc8613_b_1_2
uint32_t rfc8613_b_1_2
1 if rfc8613 B.1.2 enabled else 0
Definition coap_oscore_internal.h:67
coap_oscore_conf_t::start_seq_num
uint64_t start_seq_num
Used for ssn_freq updating.
Definition coap_oscore_internal.h:78
coap_oscore_conf_t::break_recipient_key
uint32_t break_recipient_key
1 if recipient key to be broken, else 0
Definition coap_oscore_internal.h:72
coap_oscore_conf_t::master_secret
coap_bin_const_t * master_secret
Common Master Secret.
Definition coap_oscore_internal.h:57
coap_oscore_conf_t::aead_alg
cose_alg_t aead_alg
Set to one of COSE_ALGORITHM_AES*.
Definition coap_oscore_internal.h:65
coap_oscore_conf_t::master_salt
coap_bin_const_t * master_salt
Common Master Salt.
Definition coap_oscore_internal.h:58
coap_oscore_conf_t::replay_window
uint32_t replay_window
Replay window size Use COAP_OSCORE_DEFAULT_REPLAY_WINDOW.
Definition coap_oscore_internal.h:62
coap_oscore_conf_t::id_context
coap_bin_const_t * id_context
Common ID context.
Definition coap_oscore_internal.h:59
coap_oscore_rcp_conf_t
The structure used to hold the OSCORE Recipient configuration.
Definition coap_oscore_internal.h:45
coap_oscore_rcp_conf_t::recipient_id
coap_bin_const_t * recipient_id
Recipient ID (i.e.
Definition coap_oscore_internal.h:48
coap_oscore_rcp_conf_t::next_recipient
struct coap_oscore_rcp_conf_t * next_recipient
Used to maintain the chain.
Definition coap_oscore_internal.h:46
coap_oscore_snd_conf_t
The structure used to hold the OSCORE Sender configuration information.
Definition coap_oscore_internal.h:38
coap_oscore_snd_conf_t::sender_id
coap_bin_const_t * sender_id
Sender ID (i.e.
Definition coap_oscore_internal.h:39
coap_pdu_t
structure for CoAP PDUs
Definition coap_pdu_internal.h:132
coap_pdu_t::max_hdr_size
uint8_t max_hdr_size
space reserved for protocol-specific header
Definition coap_pdu_internal.h:139
coap_pdu_t::token
uint8_t * token
first byte of token (or extended length bytes prefix), if any, or options
Definition coap_pdu_internal.h:154
coap_pdu_t::code
coap_pdu_code_t code
request method (value 1–31) or response code (value 64-255)
Definition coap_pdu_internal.h:135
coap_pdu_t::actual_token
coap_bin_const_t actual_token
Actual token in pdu.
Definition coap_pdu_internal.h:147
coap_pdu_t::data
uint8_t * data
first byte of payload, if any
Definition coap_pdu_internal.h:156
coap_pdu_t::mid
coap_mid_t mid
message id, if any, in regular host byte order
Definition coap_pdu_internal.h:137
coap_pdu_t::e_token_length
uint32_t e_token_length
length of Token space (includes leading extended bytes
Definition coap_pdu_internal.h:144
coap_pdu_t::used_size
size_t used_size
used bytes of storage for token, options and payload
Definition coap_pdu_internal.h:150
coap_pdu_t::type
coap_pdu_type_t type
message type
Definition coap_pdu_internal.h:134
coap_session_t
Abstraction of virtual session that can be attached to coap_context_t (client) or coap_endpoint_t (se...
Definition coap_session_internal.h:77
coap_session_t::block_mode
uint32_t block_mode
Zero or more COAP_BLOCK_ or'd options.
Definition coap_session_internal.h:196
coap_session_t::proto
coap_proto_t proto
protocol used
Definition coap_session_internal.h:78
coap_session_t::con_active
uint8_t con_active
Active CON request sent.
Definition coap_session_internal.h:106
coap_session_t::context
coap_context_t * context
session's context
Definition coap_session_internal.h:102
coap_str_const_t
CoAP string data definition with const data.
Definition coap_str.h:47
coap_str_const_t::s
const uint8_t * s
read-only string data
Definition coap_str.h:49
coap_str_const_t::length
size_t length
length of string
Definition coap_str.h:48
coap_uri_info_t::name
const char * name
scheme name
Definition coap_uri_internal.h:32
coap_uri_t
Representation of parsed URI.
Definition coap_uri.h:70
coap_uri_t::scheme
enum coap_uri_scheme_t scheme
The parsed scheme specifier.
Definition coap_uri.h:82
coap_uri_t::path
coap_str_const_t path
The complete path if present or {0, NULL}.
Definition coap_uri.h:73
coap_uri_t::port
uint16_t port
The port in host byte order.
Definition coap_uri.h:72
coap_uri_t::query
coap_str_const_t query
The complete query if present or {0, NULL}.
Definition coap_uri.h:77
coap_uri_t::host
coap_str_const_t host
The host part of the URI.
Definition coap_uri.h:71
cose_encrypt0_t
Definition oscore_cose.h:199
cose_encrypt0_t::aad
coap_bin_const_t aad
Definition oscore_cose.h:210
cose_encrypt0_t::key
coap_bin_const_t key
Definition oscore_cose.h:201
cose_encrypt0_t::partial_iv
coap_bin_const_t partial_iv
Definition oscore_cose.h:204
cose_encrypt0_t::kid_context
coap_bin_const_t kid_context
Definition oscore_cose.h:206
cose_encrypt0_t::nonce
coap_bin_const_t nonce
Definition oscore_cose.h:208
cose_encrypt0_t::external_aad
coap_bin_const_t external_aad
Definition oscore_cose.h:209
cose_encrypt0_t::key_id
coap_bin_const_t key_id
Definition oscore_cose.h:205
cose_encrypt0_t::oscore_option
coap_bin_const_t oscore_option
Definition oscore_cose.h:207
cose_encrypt0_t::alg
cose_alg_t alg
Definition oscore_cose.h:200
oscore_association_t
Definition oscore_context.h:151
oscore_association_t::obs_partial_iv
coap_bin_const_t * obs_partial_iv
Definition oscore_context.h:159
oscore_association_t::partial_iv
coap_bin_const_t * partial_iv
Definition oscore_context.h:158
oscore_association_t::sent_pdu
coap_pdu_t * sent_pdu
Definition oscore_context.h:154
oscore_association_t::aad
coap_bin_const_t * aad
Definition oscore_context.h:156
oscore_association_t::nonce
coap_bin_const_t * nonce
Definition oscore_context.h:157
oscore_association_t::recipient_ctx
oscore_recipient_ctx_t * recipient_ctx
Definition oscore_context.h:153
oscore_association_t::is_observe
uint8_t is_observe
Definition oscore_context.h:161
oscore_association_t::just_set_up
uint8_t just_set_up
Definition oscore_context.h:162
oscore_ctx_t
Definition oscore_context.h:86
oscore_ctx_t::rfc8613_b_1_2
uint8_t rfc8613_b_1_2
1 if rfc8613 B.1.2 enabled else 0
Definition oscore_context.h:99
oscore_ctx_t::save_seq_num_func_param
void * save_seq_num_func_param
Passed to save_seq_num_func()
Definition oscore_context.h:107
oscore_ctx_t::sender_context
oscore_sender_ctx_t * sender_context
Definition oscore_context.h:96
oscore_ctx_t::aead_alg
cose_alg_t aead_alg
Set to one of COSE_ALGORITHM_AES*.
Definition oscore_context.h:88
oscore_ctx_t::rfc8613_b_2
uint8_t rfc8613_b_2
1 if rfc8613 B.2 protocol else 0
Definition oscore_context.h:101
oscore_ctx_t::save_seq_num_func
coap_oscore_save_seq_num_t save_seq_num_func
Called every seq num change.
Definition oscore_context.h:105
oscore_ctx_t::recipient_chain
oscore_recipient_ctx_t * recipient_chain
Definition oscore_context.h:97
oscore_ctx_t::id_context
coap_bin_const_t * id_context
contains GID in case of group
Definition oscore_context.h:93
oscore_ctx_t::ssn_freq
uint32_t ssn_freq
Sender Seq Num update frequency.
Definition oscore_context.h:104
oscore_recipient_ctx_t
Definition oscore_context.h:119
oscore_recipient_ctx_t::echo_value
uint8_t echo_value[8]
Definition oscore_context.h:131
oscore_recipient_ctx_t::last_seq
uint64_t last_seq
Definition oscore_context.h:126
oscore_recipient_ctx_t::recipient_key
coap_bin_const_t * recipient_key
Definition oscore_context.h:125
oscore_recipient_ctx_t::recipient_id
coap_bin_const_t * recipient_id
Definition oscore_context.h:124
oscore_recipient_ctx_t::initial_state
uint8_t initial_state
Definition oscore_context.h:132
oscore_recipient_ctx_t::osc_ctx
oscore_ctx_t * osc_ctx
Definition oscore_context.h:122
oscore_sender_ctx_t
Definition oscore_context.h:110
oscore_sender_ctx_t::sender_id
coap_bin_const_t * sender_id
Definition oscore_context.h:112
oscore_sender_ctx_t::seq
uint64_t seq
Sender Sequence Number.
Definition oscore_context.h:114
oscore_sender_ctx_t::sender_key
coap_bin_const_t * sender_key
Definition oscore_context.h:113
oscore_sender_ctx_t::next_seq
uint64_t next_seq
Used for ssn_freq updating.
Definition oscore_context.h:116