libcoap 4.3.5-develop-bd47692
Loading...
Searching...
No Matches
coap_oscore.c
Go to the documentation of this file.
1/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
3/*
4 * coap_oscore.c -- Object Security for Constrained RESTful Environments
5 * (OSCORE) support for libcoap
6 *
7 * Copyright (C) 2019-2021 Olaf Bergmann <bergmann@tzi.org>
8 * Copyright (C) 2021-2026 Jon Shallow <supjps-libcoap@jpshallow.com>
9 *
10 * SPDX-License-Identifier: BSD-2-Clause
11 *
12 * This file is part of the CoAP library libcoap. Please see README for terms
13 * of use.
14 */
15
21#include "coap3/coap_libcoap_build.h"
22
23#if COAP_OSCORE_SUPPORT
24#include <ctype.h>
25
26#define AAD_BUF_LEN 200 /* length of aad_buffer */
27
28static oscore_ctx_t *coap_oscore_init(coap_context_t *c_context,
29 coap_oscore_conf_t *oscore_conf);
30
31#if COAP_CLIENT_SUPPORT
32
33int
34coap_oscore_initiate(coap_session_t *session, coap_oscore_conf_t *oscore_conf) {
35 if (oscore_conf) {
36 oscore_ctx_t *osc_ctx;
37
38 if (oscore_conf->recipient_chain == NULL) {
39 coap_log_warn("OSCORE: Recipient ID must be defined for a client\n");
40 coap_delete_oscore_conf(oscore_conf);
41 return 0;
42 }
43 if (oscore_conf->rfc8613_b_2) {
44 /* Need to replace id_context with random value */
45 coap_binary_t *id_context = coap_new_binary(8);
46
47 if (id_context == NULL) {
48 coap_delete_oscore_conf(oscore_conf);
49 return 0;
50 }
51 coap_delete_bin_const(oscore_conf->id_context);
52 coap_prng_lkd(id_context->s, id_context->length);
53 oscore_conf->id_context = (coap_bin_const_t *)id_context;
54 session->b_2_step = COAP_OSCORE_B_2_STEP_1;
55 coap_log_oscore("Appendix B.2 client step 1 (Generated ID1)\n");
56 }
57
58 osc_ctx = coap_oscore_init(session->context, oscore_conf);
59 if (osc_ctx == NULL) {
60 return 0;
61 }
62 coap_oscore_session_set_recipient_ctx(session, osc_ctx->recipient_chain);
63 session->oscore_encryption = 1;
64 }
65 return 1;
66}
67
68COAP_API coap_session_t *
69coap_new_client_session_oscore(coap_context_t *ctx,
70 const coap_address_t *local_if,
71 const coap_address_t *server,
72 coap_proto_t proto,
73 coap_oscore_conf_t *oscore_conf) {
74 coap_session_t *session;
75
76 coap_lock_lock(return NULL);
77 session = coap_new_client_session_oscore3_lkd(ctx, local_if, server, proto, oscore_conf, NULL,
78 NULL, NULL);
79 coap_lock_unlock();
80 return session;
81}
82
83COAP_API coap_session_t *
84coap_new_client_session_oscore3(coap_context_t *ctx,
85 const coap_address_t *local_if,
86 const coap_address_t *server,
87 coap_proto_t proto,
88 coap_oscore_conf_t *oscore_conf,
89 void *app_data,
90 coap_app_data_free_callback_t callback,
91 coap_str_const_t *ws_host) {
92 coap_session_t *session;
93
94 coap_lock_lock(return NULL);
95 session = coap_new_client_session_oscore3_lkd(ctx, local_if, server, proto, oscore_conf, app_data,
96 callback, ws_host);
97 coap_lock_unlock();
98 return session;
99}
100
101coap_session_t *
102coap_new_client_session_oscore3_lkd(coap_context_t *ctx,
103 const coap_address_t *local_if,
104 const coap_address_t *server,
105 coap_proto_t proto,
106 coap_oscore_conf_t *oscore_conf,
107 void *app_data,
108 coap_app_data_free_callback_t callback,
109 coap_str_const_t *ws_host) {
110 coap_session_t *session =
111 coap_new_client_session3_lkd(ctx, local_if, server, proto, app_data, callback, ws_host);
112
113 if (!session)
114 return NULL;
115
116 if (coap_oscore_initiate(session, oscore_conf) == 0) {
117 coap_session_release_lkd(session);
118 return NULL;
119 }
120 return session;
121}
122
123COAP_API coap_session_t *
124coap_new_client_session_oscore_psk(coap_context_t *ctx,
125 const coap_address_t *local_if,
126 const coap_address_t *server,
127 coap_proto_t proto,
128 coap_dtls_cpsk_t *psk_data,
129 coap_oscore_conf_t *oscore_conf) {
130 coap_session_t *session;
131
132 coap_lock_lock(return NULL);
133 session = coap_new_client_session_oscore_psk3_lkd(ctx, local_if, server, proto, psk_data,
134 oscore_conf, NULL, NULL, NULL);
135 coap_lock_unlock();
136 return session;
137}
138
139COAP_API coap_session_t *
140coap_new_client_session_oscore_psk3(coap_context_t *ctx,
141 const coap_address_t *local_if,
142 const coap_address_t *server,
143 coap_proto_t proto,
144 coap_dtls_cpsk_t *psk_data,
145 coap_oscore_conf_t *oscore_conf,
146 void *app_data,
147 coap_app_data_free_callback_t callback,
148 coap_str_const_t *ws_host) {
149 coap_session_t *session;
150
151 coap_lock_lock(return NULL);
152 session = coap_new_client_session_oscore_psk3_lkd(ctx, local_if, server, proto, psk_data,
153 oscore_conf, app_data, callback, ws_host);
154 coap_lock_unlock();
155 return session;
156}
157
158coap_session_t *
159coap_new_client_session_oscore_psk3_lkd(coap_context_t *ctx,
160 const coap_address_t *local_if,
161 const coap_address_t *server,
162 coap_proto_t proto,
163 coap_dtls_cpsk_t *psk_data,
164 coap_oscore_conf_t *oscore_conf,
165 void *app_data,
166 coap_app_data_free_callback_t callback,
167 coap_str_const_t *ws_host) {
168 coap_session_t *session;
169
170 coap_lock_check_locked();
171 session = coap_new_client_session_psk3_lkd(ctx, local_if, server, proto, psk_data,
172 app_data, callback, ws_host);
173
174 if (!session)
175 return NULL;
176
177 if (coap_oscore_initiate(session, oscore_conf) == 0) {
178 coap_session_release_lkd(session);
179 return NULL;
180 }
181 return session;
182}
183
184COAP_API coap_session_t *
185coap_new_client_session_oscore_pki(coap_context_t *ctx,
186 const coap_address_t *local_if,
187 const coap_address_t *server,
188 coap_proto_t proto,
189 coap_dtls_pki_t *pki_data,
190 coap_oscore_conf_t *oscore_conf) {
191 coap_session_t *session;
192
193 coap_lock_lock(return NULL);
194 session = coap_new_client_session_oscore_pki3_lkd(ctx, local_if, server, proto, pki_data,
195 oscore_conf, NULL, NULL, NULL);
196 coap_lock_unlock();
197 return session;
198}
199
200COAP_API coap_session_t *
201coap_new_client_session_oscore_pki3(coap_context_t *ctx,
202 const coap_address_t *local_if,
203 const coap_address_t *server,
204 coap_proto_t proto,
205 coap_dtls_pki_t *pki_data,
206 coap_oscore_conf_t *oscore_conf,
207 void *app_data,
208 coap_app_data_free_callback_t callback,
209 coap_str_const_t *ws_host) {
210 coap_session_t *session;
211
212 coap_lock_lock(return NULL);
213 session = coap_new_client_session_oscore_pki3_lkd(ctx, local_if, server, proto, pki_data,
214 oscore_conf, app_data, callback, ws_host);
215 coap_lock_unlock();
216 return session;
217}
218
219coap_session_t *
220coap_new_client_session_oscore_pki3_lkd(coap_context_t *ctx,
221 const coap_address_t *local_if,
222 const coap_address_t *server,
223 coap_proto_t proto,
224 coap_dtls_pki_t *pki_data,
225 coap_oscore_conf_t *oscore_conf,
226 void *app_data,
227 coap_app_data_free_callback_t callback,
228 coap_str_const_t *ws_host) {
229 coap_session_t *session;
230
231 coap_lock_check_locked();
232 session = coap_new_client_session_pki3_lkd(ctx, local_if, server, proto, pki_data,
233 app_data, callback, ws_host);
234
235 if (!session)
236 return NULL;
237
238 if (coap_oscore_initiate(session, oscore_conf) == 0) {
239 coap_session_release_lkd(session);
240 return NULL;
241 }
242 return session;
243}
244#endif /* COAP_CLIENT_SUPPORT */
245#if COAP_SERVER_SUPPORT
246
247COAP_API int
248coap_context_oscore_server(coap_context_t *context,
249 coap_oscore_conf_t *oscore_conf) {
250 int ret;
251
252 coap_lock_lock(return 0);
253 ret = coap_context_oscore_server_lkd(context, oscore_conf);
254 coap_lock_unlock();
255 return ret;
256}
257
258int
259coap_context_oscore_server_lkd(coap_context_t *context,
260 coap_oscore_conf_t *oscore_conf) {
261 oscore_ctx_t *osc_ctx;
262
263 coap_lock_check_locked();
264 osc_ctx = coap_oscore_init(context, oscore_conf);
265 /* osc_ctx already added to context->osc_ctx */
266 if (osc_ctx)
267 return 1;
268 return 0;
269}
270
271#endif /* COAP_SERVER_SUPPORT */
272
273int
274coap_rebuild_pdu_for_proxy(coap_pdu_t *pdu) {
275 coap_uri_t uri;
276 coap_opt_iterator_t opt_iter;
277 coap_opt_t *option;
278 uint8_t option_value_buffer[15];
279 coap_optlist_t *optlist_chain = NULL;
280
281 if ((option =
282 coap_check_option(pdu, COAP_OPTION_PROXY_URI, &opt_iter)) == NULL)
283 return 1;
284
285 /* Need to break down into the component parts, but keep data safe */
286 memset(&uri, 0, sizeof(uri));
287
288 if (coap_split_proxy_uri(coap_opt_value(option),
289 coap_opt_length(option),
290 &uri) < 0 || uri.scheme >= COAP_URI_SCHEME_LAST) {
291 coap_log_warn("Proxy URI '%.*s' not decodable\n",
292 coap_opt_length(option),
293 (const char *)coap_opt_value(option));
294 goto error;
295 }
296 if (!coap_remove_option(pdu, COAP_OPTION_PROXY_URI))
297 goto error;
298
299 if (!coap_insert_option(pdu,
300 COAP_OPTION_URI_HOST,
301 uri.host.length,
302 uri.host.s))
303 goto error;
304 if (uri.port != (coap_uri_scheme_is_secure(&uri) ? COAPS_DEFAULT_PORT : COAP_DEFAULT_PORT) &&
305 !coap_insert_option(pdu,
306 COAP_OPTION_URI_PORT,
307 coap_encode_var_safe(option_value_buffer,
308 sizeof(option_value_buffer),
309 uri.port & 0xffff),
310 option_value_buffer))
311 goto error;
312 if (uri.path.length) {
313 /* Add in the Uri-Path options */
314 if (!coap_path_into_optlist(uri.path.s, uri.path.length, COAP_OPTION_URI_PATH,
315 &optlist_chain))
316 goto error;
317 }
318 if (uri.query.length) {
319 /* Add in the Uri-Query options */
320 if (!coap_query_into_optlist(uri.query.s, uri.query.length, COAP_OPTION_URI_QUERY,
321 &optlist_chain))
322 goto error;
323 }
324 if (!coap_add_optlist_pdu(pdu, &optlist_chain))
325 goto error;
326
327 if (!coap_insert_option(pdu,
328 COAP_OPTION_PROXY_SCHEME,
329 strlen(coap_uri_scheme[uri.scheme].name),
330 (const uint8_t *)coap_uri_scheme[uri.scheme].name))
331 goto error;
332
333 coap_delete_optlist(optlist_chain);
334 return 1;
335
336error:
337 coap_delete_optlist(optlist_chain);
338 return 0;
339}
340
341static void
342dump_cose(cose_encrypt0_t *cose, const char *message) {
343#if COAP_MAX_LOGGING_LEVEL < _COAP_LOG_OSCORE
344 (void)cose;
345 (void)message;
346#else /* COAP_MAX_LOGGING_LEVEL >= _COAP_LOG_OSCORE */
347 if (coap_get_log_level() >= COAP_LOG_OSCORE) {
348 char buffer[30];
349
350 coap_log_oscore("%s COSE information\n", message);
351 oscore_log_char_value(COAP_LOG_OSCORE, "alg",
352 cose_get_alg_name(cose->alg, buffer, sizeof(buffer)));
353 oscore_log_hex_value(COAP_LOG_OSCORE, "key", &cose->key);
354 oscore_log_hex_value(COAP_LOG_OSCORE, "partial_iv", &cose->partial_iv);
355 oscore_log_hex_value(COAP_LOG_OSCORE, "key_id", &cose->key_id);
356 oscore_log_hex_value(COAP_LOG_OSCORE, "kid_context", &cose->kid_context);
357 oscore_log_hex_value(COAP_LOG_OSCORE,
358 "oscore_option",
359 &cose->oscore_option);
360 oscore_log_hex_value(COAP_LOG_OSCORE, "nonce", &cose->nonce);
361 oscore_log_hex_value(COAP_LOG_OSCORE, "external_aad", &cose->external_aad);
362 oscore_log_hex_value(COAP_LOG_OSCORE, "aad", &cose->aad);
363 }
364#endif /* COAP_MAX_LOGGING_LEVEL >= _COAP_LOG_OSCORE */
365}
366
367COAP_API coap_pdu_t *
368coap_oscore_new_pdu_encrypted(coap_session_t *session,
369 coap_pdu_t *pdu,
370 coap_bin_const_t *kid_context,
371 oscore_partial_iv_t send_partial_iv) {
372 coap_pdu_t *ret_pdu;
373
374 coap_lock_lock(return NULL);
375 ret_pdu = coap_oscore_new_pdu_encrypted_lkd(session, pdu, kid_context, send_partial_iv);
376 coap_lock_unlock();
377
378 return ret_pdu;
379}
380
381/*
382 * Take current PDU, create a new one approriately separated as per RFC8613
383 * and then encrypt / integrity check the OSCORE data
384 */
385coap_pdu_t *
386coap_oscore_new_pdu_encrypted_lkd(coap_session_t *session,
387 coap_pdu_t *pdu,
388 coap_bin_const_t *kid_context,
389 oscore_partial_iv_t send_partial_iv) {
390 uint8_t coap_request = COAP_PDU_IS_REQUEST(pdu) || COAP_PDU_IS_PING(pdu);
391 coap_pdu_code_t code =
392 coap_request ? COAP_REQUEST_CODE_POST : COAP_RESPONSE_CODE(204);
393 coap_pdu_t *osc_pdu;
394 coap_pdu_t *plain_pdu = NULL;
395 coap_bin_const_t pdu_token;
396 coap_opt_iterator_t opt_iter;
397 coap_opt_t *option;
398 uint8_t pdu_code = pdu->code;
399 size_t length;
400 const uint8_t *data;
401 uint8_t *ciphertext_buffer = NULL;
402 size_t ciphertext_len = 0;
403 uint8_t aad_buffer[AAD_BUF_LEN];
404 uint8_t nonce_buffer[13];
405 coap_bin_const_t aad;
406 coap_bin_const_t nonce;
407 oscore_recipient_ctx_t *rcp_ctx;
408 oscore_ctx_t *osc_ctx;
409 cose_encrypt0_t cose[1];
410 uint8_t group_flag = 0;
411 int show_pdu = 0;
412 int doing_observe = 0;
413 uint32_t observe_value = 0;
414 oscore_association_t *association = NULL;
415 oscore_sender_ctx_t *snd_ctx;
416 uint8_t external_aad_buffer[200];
417 coap_bin_const_t external_aad;
418 uint8_t oscore_option[48];
419 size_t oscore_option_len;
420
421 /* Check that OSCORE has not already been done */
422 if (coap_check_option(pdu, COAP_OPTION_OSCORE, &opt_iter))
423 return NULL;
424
425 if (coap_check_option(pdu, COAP_OPTION_OBSERVE, &opt_iter))
426 doing_observe = 1;
427
428 coap_log_debug("PDU to encrypt\n");
429 coap_show_pdu(COAP_LOG_DEBUG, pdu);
430 osc_pdu = coap_pdu_init(pdu->type == COAP_MESSAGE_NON &&
431 session->b_2_step != COAP_OSCORE_B_2_NONE ?
432 COAP_MESSAGE_CON : pdu->type,
433 code,
434 pdu->mid,
435 pdu->used_size + coap_oscore_overhead(session, pdu));
436 if (osc_pdu == NULL)
437 return NULL;
438
439 cose_encrypt0_init(cose); /* clears cose memory */
440 pdu_token = coap_pdu_get_token(pdu);
441 if (coap_request) {
442 /*
443 * RFC8613 8.1 Step 1. Protecting the client's request
444 * Get the Sender Context
445 */
446 rcp_ctx = session->recipient_ctx;
447 if (rcp_ctx == NULL)
448 goto error;
449 osc_ctx = rcp_ctx->osc_ctx;
450 assert(osc_ctx);
451 snd_ctx = osc_ctx->sender_context;
452 } else {
453 /*
454 * RFC8613 8.3 Step 1. Protecting the server's response
455 * Get the Sender Context
456 */
457 association = oscore_find_association(session, &pdu_token);
458 if (association == NULL)
459 goto error;
460
461 rcp_ctx = association->recipient_ctx;
462 osc_ctx = rcp_ctx->osc_ctx;
463 snd_ctx = osc_ctx->sender_context;
464 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
465 cose_encrypt0_set_aad(cose, association->aad);
466 }
467
468 cose_encrypt0_set_alg(cose, osc_ctx->aead_alg);
469
470 if (coap_request || doing_observe ||
471 send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
472 uint8_t partial_iv_buffer[8];
473 size_t partial_iv_len;
474 coap_bin_const_t partial_iv;
475 partial_iv_len = coap_encode_var_safe8(partial_iv_buffer,
476 sizeof(partial_iv_buffer),
477 snd_ctx->seq);
478 if (snd_ctx->seq == 0) {
479 /* Need to special case */
480 partial_iv_buffer[0] = '\000';
481 partial_iv_len = 1;
482 }
483 partial_iv.s = partial_iv_buffer;
484 partial_iv.length = partial_iv_len;
485 cose_encrypt0_set_partial_iv(cose, &partial_iv);
486 }
487
488 if (coap_request)
489 cose_encrypt0_set_kid_context(cose, osc_ctx->id_context);
490
491 cose_encrypt0_set_key_id(cose, snd_ctx->sender_id);
492
493 /* nonce (needs to have sender information correctly set up) */
494
495 if (coap_request || doing_observe ||
496 send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
497 /*
498 * 8.1 Step 3 or RFC8613 8.3.1 Step A
499 * Compose the AEAD nonce
500 *
501 * Requires in COSE object as appropriate
502 * key_id (kid) (sender)
503 * partial_iv (sender)
504 * common_iv (already in osc_ctx)
505 */
506 nonce.s = nonce_buffer;
507 nonce.length = 13;
508 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
509 cose_encrypt0_set_nonce(cose, &nonce);
510 if (!oscore_increment_sender_seq(osc_ctx))
511 goto error;
512 if (osc_ctx->save_seq_num_func) {
513 if (osc_ctx->sender_context->seq > osc_ctx->sender_context->next_seq) {
514 /* Only update at ssn_freq rate */
515 osc_ctx->sender_context->next_seq += osc_ctx->ssn_freq;
516 osc_ctx->save_seq_num_func(osc_ctx->sender_context->next_seq,
517 osc_ctx->save_seq_num_func_param);
518 }
519 }
520 } else {
521 /*
522 * 8.3 Step 3.
523 * Use nonce from request
524 */
525 cose_encrypt0_set_nonce(cose, association->nonce);
526 }
527
528 /* OSCORE_option (needs to be before AAD as included in AAD if group) */
529
530 /* cose is modified for encode option in response message */
531 if (!coap_request) {
532 /* no kid on response */
533 cose_encrypt0_set_key_id(cose, NULL);
534 if (!doing_observe && send_partial_iv == OSCORE_SEND_NO_IV)
535 cose_encrypt0_set_partial_iv(cose, NULL);
536 }
537 if (kid_context) {
538 cose_encrypt0_set_kid_context(cose, kid_context);
539 }
540 oscore_option_len =
541 oscore_encode_option_value(oscore_option, sizeof(oscore_option), cose,
542 group_flag,
543 session->b_2_step != COAP_OSCORE_B_2_NONE);
544 if (!coap_request) {
545 /* Reset what was just unset as appropriate for AAD */
546 cose_encrypt0_set_key_id(cose, rcp_ctx->recipient_id);
547 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
548 }
549 if (kid_context)
550 cose_encrypt0_set_kid_context(cose, osc_ctx->id_context);
551
552 /*
553 * RFC8613 8.1/8.3 Step 2(a) (5.4).
554 * Compose the External AAD and then AAD
555 *
556 * OSCORE_option requires
557 * partial_iv (cose partial_iv)
558 * kid_context (cose kid_context)
559 * key_id (cose key_id)
560 * group_flag
561 *
562 * Non Group requires the following
563 * RFC8613 5.4
564 * oscore_version 1
565 * algorithms [
566 * aead_alg (osc_ctx)
567 * ]
568 * request_kid (request key_id using cose)
569 * request_piv (request partial_iv using cose)
570 * options (none at present)
571 *
572 * Note: No I options at present
573 */
574 if (coap_request || send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
575 /* External AAD */
576 external_aad.s = external_aad_buffer;
577 external_aad.length = oscore_prepare_e_aad(osc_ctx,
578 cose,
579 NULL,
580 0,
581 NULL,
582 external_aad_buffer,
583 sizeof(external_aad_buffer));
584 cose_encrypt0_set_external_aad(cose, &external_aad);
585
586 /* AAD */
587 aad.s = aad_buffer;
588 aad.length = oscore_prepare_aad(external_aad_buffer,
589 external_aad.length,
590 aad_buffer,
591 sizeof(aad_buffer));
592 assert(aad.length < AAD_BUF_LEN);
593 cose_encrypt0_set_aad(cose, &aad);
594 }
595
596 /*
597 * RFC8613 8.1/8.3 Step 2(b) (5.3).
598 *
599 * Set up temp plaintext pdu, the data including token, options and
600 * optional payload will get encrypted as COSE ciphertext.
601 */
602 plain_pdu = coap_pdu_init(pdu->type,
603 pdu->code,
604 pdu->mid,
605 pdu->used_size + 1 /* pseudo-token with actual code */);
606 if (plain_pdu == NULL)
607 goto error;
608
609 coap_add_token(osc_pdu, pdu_token.length, pdu_token.s);
610
611 /* First byte of plain is real CoAP code. Pretend it is token */
612 coap_add_token(plain_pdu, 1, &pdu_code);
613
614 /* Copy across the Outer/Inner Options to respective PDUs */
615 coap_option_iterator_init(pdu, &opt_iter, COAP_OPT_ALL);
616 while ((option = coap_option_next(&opt_iter))) {
617 switch (opt_iter.number) {
618 case COAP_OPTION_URI_HOST:
619 case COAP_OPTION_URI_PORT:
620 case COAP_OPTION_PROXY_SCHEME:
621 case COAP_OPTION_HOP_LIMIT:
622 /* Outer only */
623 if (!coap_insert_option(osc_pdu,
624 opt_iter.number,
625 coap_opt_length(option),
626 coap_opt_value(option)))
627 goto error;
628 break;
629 case COAP_OPTION_OBSERVE:
630 /* Make as Outer option as-is */
631 if (!coap_insert_option(osc_pdu,
632 opt_iter.number,
633 coap_opt_length(option),
634 coap_opt_value(option)))
635 goto error;
636 if (coap_request) {
637 /* Make as Inner option (unchanged) */
638 if (!coap_insert_option(plain_pdu,
639 opt_iter.number,
640 coap_opt_length(option),
641 coap_opt_value(option)))
642 goto error;
643 osc_pdu->code = COAP_REQUEST_CODE_FETCH;
644 } else {
645 /* Make as Inner option but empty */
646 if (!coap_insert_option(plain_pdu, opt_iter.number, 0, NULL))
647 goto error;
648 osc_pdu->code = COAP_RESPONSE_CODE(205);
649 }
650 show_pdu = 1;
651 doing_observe = 1;
652 observe_value = coap_decode_var_bytes(coap_opt_value(option),
653 coap_opt_length(option));
654 break;
655 case COAP_OPTION_PROXY_URI:
656 /*
657 * Should have already been caught by doing
658 * coap_rebuild_pdu_for_proxy() before calling
659 * coap_oscore_new_pdu_encrypted_lkd()
660 */
661 assert(0);
662 break;
663 default:
664 /* Make as Inner option */
665 if (!coap_insert_option(plain_pdu,
666 opt_iter.number,
667 coap_opt_length(option),
668 coap_opt_value(option)))
669 goto error;
670 break;
671 }
672 }
673 /* Add in data to plain */
674 if (coap_get_data(pdu, &length, &data)) {
675 if (!coap_add_data(plain_pdu, length, data))
676 goto error;
677 }
678 if (show_pdu) {
679 coap_log_oscore("OSCORE payload\n");
680 coap_show_pdu(COAP_LOG_OSCORE, plain_pdu);
681 }
682
683 /*
684 * 8.1/8.3 Step 4.
685 * Encrypt the COSE object.
686 *
687 * Requires in COSE object as appropriate
688 * alg (already set)
689 * key (sender key)
690 * nonce (already set)
691 * aad (already set)
692 * plaintext
693 */
694 cose_encrypt0_set_key(cose, snd_ctx->sender_key);
695 cose_encrypt0_set_plaintext(cose, plain_pdu->token, plain_pdu->used_size);
696 dump_cose(cose, "Pre encrypt");
697 ciphertext_buffer =
698 coap_malloc_type(COAP_OSCORE_BUF, OSCORE_CRYPTO_BUFFER_SIZE);
699 if (ciphertext_buffer == NULL)
700 goto error;
701 ciphertext_len = cose_encrypt0_encrypt(cose,
702 ciphertext_buffer,
703 plain_pdu->used_size + AES_CCM_TAG);
704 if ((int)ciphertext_len <= 0) {
705 coap_log_warn("OSCORE: Encryption Failure, result code: %d \n",
706 (int)ciphertext_len);
707 goto error;
708 }
709 assert(ciphertext_len < OSCORE_CRYPTO_BUFFER_SIZE);
710
711 /* Add in OSCORE option (previously computed) */
712 if (!coap_insert_option(osc_pdu,
713 COAP_OPTION_OSCORE,
714 oscore_option_len,
715 oscore_option))
716 goto error;
717
718 /* Add now encrypted payload */
719 if (!coap_add_data(osc_pdu, ciphertext_len, ciphertext_buffer))
720 goto error;
721
722 coap_free_type(COAP_OSCORE_BUF, ciphertext_buffer);
723 ciphertext_buffer = NULL;
724
725 coap_delete_pdu_lkd(plain_pdu);
726 plain_pdu = NULL;
727
728 if (association && association->is_observe == 0)
729 oscore_delete_association(session, association);
730 association = NULL;
731
732 if (!(session->block_mode & COAP_BLOCK_CACHE_RESPONSE)) {
733 /*
734 * If this is a response ACK with data, make it a separate response
735 * by sending an Empty ACK and changing osc_pdu's MID and type. This
736 * then allows lost response ACK (now CON) with data to be recovered.
737 */
738 if (coap_request == 0 && osc_pdu->type == COAP_MESSAGE_ACK &&
739 COAP_RESPONSE_CLASS(pdu->code) == 2 &&
740 COAP_PROTO_NOT_RELIABLE(session->proto)) {
741 coap_pdu_t *empty = coap_pdu_init(COAP_MESSAGE_ACK,
742 0,
743 osc_pdu->mid,
744 0);
745 if (empty) {
746 if (coap_send_internal(session, empty, NULL) != COAP_INVALID_MID) {
747 osc_pdu->mid = coap_new_message_id_lkd(session);
748 osc_pdu->type = COAP_MESSAGE_CON;
749 }
750 }
751 }
752 }
753
754 if (!coap_pdu_encode_header(osc_pdu, session->proto)) {
755 goto error;
756 }
757
758 /*
759 * Set up an association for handling a response if this is a request
760 */
761 if (coap_request) {
762 association = oscore_find_association(session, &pdu_token);
763 if (association) {
764 /* Refresh the association */
765 coap_delete_bin_const(association->nonce);
766 association->nonce =
767 coap_new_bin_const(cose->nonce.s, cose->nonce.length);
768 if (association->nonce == NULL)
769 goto error;
770 coap_delete_bin_const(association->aad);
771 association->aad = coap_new_bin_const(cose->aad.s, cose->aad.length);
772 if (association->aad == NULL)
773 goto error;
774 if (doing_observe && observe_value == 1) {
775 coap_delete_bin_const(association->obs_partial_iv);
776 association->obs_partial_iv = association->partial_iv;
777 } else {
778 coap_delete_bin_const(association->partial_iv);
779 }
780 association->partial_iv =
781 coap_new_bin_const(cose->partial_iv.s, cose->partial_iv.length);
782 if (association->partial_iv == NULL)
783 goto error;
784 coap_oscore_association_set_recipient_ctx(association, rcp_ctx);
785 coap_delete_pdu_lkd(association->sent_pdu);
786 if (session->b_2_step != COAP_OSCORE_B_2_NONE || association->just_set_up) {
787 size_t size;
788
789 association->sent_pdu = coap_pdu_duplicate_lkd(pdu, session,
790 pdu_token.length,
791 pdu_token.s, NULL,
792 COAP_BOOL_FALSE);
793 if (association->sent_pdu == NULL)
794 goto error;
795 if (coap_get_data(pdu, &size, &data)) {
796 coap_add_data(association->sent_pdu, size, data);
797 }
798 association->just_set_up = 0;
799 } else {
800 association->sent_pdu = NULL;
801 }
802 } else if (!oscore_new_association(session,
803 pdu,
804 &pdu_token,
805 rcp_ctx,
806 &cose->aad,
807 &cose->nonce,
808 &cose->partial_iv,
809 doing_observe)) {
810 goto error;
811 }
812 }
813 return osc_pdu;
814
815error:
816 if (ciphertext_buffer)
817 coap_free_type(COAP_OSCORE_BUF, ciphertext_buffer);
818 coap_delete_pdu_lkd(osc_pdu);
819 coap_delete_pdu_lkd(plain_pdu);
820 return NULL;
821}
822
823static void
824build_and_send_error_pdu(coap_session_t *session,
825 coap_pdu_t *rcvd,
826 coap_pdu_code_t code,
827 const char *diagnostic,
828 uint8_t *echo_data,
829 coap_bin_const_t *kid_context,
830 int encrypt_oscore) {
831 coap_pdu_t *err_pdu = NULL;
832 coap_bin_const_t token;
833 int oscore_encryption = session->oscore_encryption;
834 unsigned char buf[4];
835
836 token = coap_pdu_get_token(rcvd);
837 err_pdu = coap_pdu_init(rcvd->type == COAP_MESSAGE_NON ? COAP_MESSAGE_NON :
838 COAP_MESSAGE_ACK,
839 code,
840 rcvd->mid,
841 token.length + 2 + 8 +
842 (diagnostic ? strlen(diagnostic) : 0));
843 if (!err_pdu)
844 return;
845 coap_add_token(err_pdu, token.length, token.s);
846 if (echo_data) {
847 coap_add_option_internal(err_pdu, COAP_OPTION_ECHO, 8, echo_data);
848 } else if (kid_context == NULL) {
849 coap_add_option_internal(err_pdu,
850 COAP_OPTION_MAXAGE,
851 coap_encode_var_safe(buf, sizeof(buf), 0),
852 buf);
853 }
854 if (diagnostic)
855 coap_add_data(err_pdu, strlen(diagnostic), (const uint8_t *)diagnostic);
856 session->oscore_encryption = encrypt_oscore;
857
858 if ((echo_data || kid_context) && encrypt_oscore) {
859 coap_pdu_t *osc_pdu;
860
861 osc_pdu =
862 coap_oscore_new_pdu_encrypted_lkd(session, err_pdu, kid_context,
863 echo_data ? 1 : 0);
864 if (!osc_pdu)
865 goto fail_resp;
866 session->oscore_encryption = 0;
867 coap_send_internal(session, osc_pdu, NULL);
868 coap_delete_pdu_lkd(err_pdu);
869 err_pdu = NULL;
870 } else {
871 coap_send_internal(session, err_pdu, NULL);
872 err_pdu = NULL;
873 }
874fail_resp:
875 session->oscore_encryption = oscore_encryption;
876 coap_delete_pdu_lkd(err_pdu);
877 return;
878}
879
880oscore_ctx_t *
881coap_init_oscore_context_from_conf(coap_oscore_conf_t *oscore_conf) {
882 oscore_ctx_t *oscore_ctx = oscore_derive_ctx_from_conf(oscore_conf);
883
884 if (oscore_ctx == NULL) {
885 goto error;
886 }
887
888 /* As all is stored in osc_ctx, oscore_conf is no longer needed */
889 coap_free_type(COAP_STRING, oscore_conf);
890
891 return oscore_ctx;
892error:
893 coap_delete_oscore_conf(oscore_conf);
894 return NULL;
895}
896
897/* pdu contains incoming message with encrypted COSE ciphertext payload
898 * function returns decrypted message
899 * and verifies signature, if present
900 * returns NULL when decryption,verification fails
901 */
902coap_pdu_t *
903coap_oscore_decrypt_pdu(coap_session_t *session,
904 coap_pdu_t *pdu) {
905 coap_pdu_t *decrypt_pdu = NULL;
906 coap_pdu_t *plain_pdu = NULL;
907 const uint8_t *osc_value; /* value of OSCORE option */
908 uint8_t osc_size; /* size of OSCORE OPTION */
909 coap_opt_iterator_t opt_iter;
910 coap_opt_t *opt = NULL;
911 cose_encrypt0_t cose[1];
912 oscore_ctx_t *osc_ctx = NULL;
913 uint8_t aad_buffer[AAD_BUF_LEN];
914 uint8_t nonce_buffer[13];
915 coap_bin_const_t aad;
916 coap_bin_const_t nonce;
917 int pltxt_size = 0;
918 int got_resp_piv = 0;
919 int doing_resp_observe = 0;
920 uint8_t coap_request = COAP_PDU_IS_REQUEST(pdu);
921 coap_bin_const_t pdu_token;
922 uint8_t *st_encrypt;
923 size_t encrypt_len;
924 size_t tag_len;
925 oscore_recipient_ctx_t *rcp_ctx = NULL;
926 oscore_association_t *association = NULL;
927 uint8_t external_aad_buffer[100];
928 coap_bin_const_t external_aad;
929 oscore_sender_ctx_t *snd_ctx = NULL;
930#if COAP_CLIENT_SUPPORT
931 coap_pdu_t *sent_pdu = NULL;
932#endif /* COAP_CLIENT_SUPPORT */
933
934 opt = coap_check_option(pdu, COAP_OPTION_OSCORE, &opt_iter);
935 assert(opt);
936 if (opt == NULL)
937 return NULL;
938
939 if (session->context->p_osc_ctx == NULL && session->context->oscore_find_cb == NULL) {
940 coap_log_warn("OSCORE: Not enabled\n");
941 if (!coap_request)
942 coap_handle_event_lkd(session->context,
943 COAP_EVENT_OSCORE_NOT_ENABLED,
944 session);
945 return NULL;
946 }
947
948 if (pdu->data == NULL) {
949 coap_log_warn("OSCORE: No protected payload\n");
950 if (!coap_request)
951 coap_handle_event_lkd(session->context,
952 COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD,
953 session);
954 return NULL;
955 }
956
957 osc_size = coap_opt_length(opt);
958 osc_value = coap_opt_value(opt);
959
960 cose_encrypt0_init(cose); /* clear cose memory */
961
962 /* PDU code will be filled in after decryption */
963 decrypt_pdu =
964 coap_pdu_init(pdu->type, 0, pdu->mid, pdu->used_size);
965 if (decrypt_pdu == NULL) {
966 if (!coap_request)
967 coap_handle_event_lkd(session->context,
968 COAP_EVENT_OSCORE_INTERNAL_ERROR,
969 session);
970 goto error;
971 }
972
973 /* Copy across the Token */
974 pdu_token = coap_pdu_get_token(pdu);
975 coap_add_token(decrypt_pdu, pdu_token.length, pdu_token.s);
976
977 /*
978 * 8.2/8.4 Step 1.
979 * Copy outer options across, except E and OSCORE options
980 */
981 coap_option_iterator_init(pdu, &opt_iter, COAP_OPT_ALL);
982 while ((opt = coap_option_next(&opt_iter))) {
983 switch (opt_iter.number) {
984 /* 'E' options skipped */
985 case COAP_OPTION_IF_MATCH:
986 case COAP_OPTION_ETAG:
987 case COAP_OPTION_IF_NONE_MATCH:
988 case COAP_OPTION_OBSERVE:
989 case COAP_OPTION_LOCATION_PATH:
990 case COAP_OPTION_URI_PATH:
991 case COAP_OPTION_CONTENT_FORMAT:
992 case COAP_OPTION_MAXAGE:
993 case COAP_OPTION_URI_QUERY:
994 case COAP_OPTION_ACCEPT:
995 case COAP_OPTION_LOCATION_QUERY:
996 case COAP_OPTION_BLOCK2:
997 case COAP_OPTION_BLOCK1:
998 case COAP_OPTION_SIZE2:
999 case COAP_OPTION_SIZE1:
1000 case COAP_OPTION_NORESPONSE:
1001 case COAP_OPTION_ECHO:
1002 case COAP_OPTION_RTAG:
1003 /* OSCORE does not get copied across */
1004 case COAP_OPTION_OSCORE:
1005 break;
1006 default:
1007 if (!coap_add_option_internal(decrypt_pdu,
1008 opt_iter.number,
1009 coap_opt_length(opt),
1010 coap_opt_value(opt))) {
1011 if (!coap_request)
1012 coap_handle_event_lkd(session->context,
1013 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1014 session);
1015 goto error;
1016 }
1017 break;
1018 }
1019 }
1020
1021 if (coap_request) {
1022 uint64_t incoming_seq;
1023 /*
1024 * 8.2 Step 2
1025 * Decompress COSE object
1026 * Get Recipient Context based on kid and optional kid_context
1027 */
1028 if (oscore_decode_option_value(osc_value, osc_size, cose) == 0) {
1029 coap_log_warn("OSCORE: OSCORE Option cannot be decoded.\n");
1030 build_and_send_error_pdu(session,
1031 pdu,
1032 COAP_RESPONSE_CODE(402),
1033 "Failed to decode COSE",
1034 NULL,
1035 NULL,
1036 0);
1037 goto error_no_ack;
1038 }
1039 osc_ctx = oscore_find_context(session,
1040 cose->key_id,
1041 &cose->kid_context,
1042 NULL,
1043 &rcp_ctx);
1044 if (!osc_ctx) {
1045 if (cose->kid_context.length > 0) {
1046 const uint8_t *ptr;
1047 size_t length;
1048 /* Appendix B.2 protocol check - Is the recipient key_id known */
1049 osc_ctx = oscore_find_context(session,
1050 cose->key_id,
1051 NULL,
1052 session->oscore_r2 != 0 ? (uint8_t *)&session->oscore_r2 : NULL,
1053 &rcp_ctx);
1054 ptr = cose->kid_context.s;
1055 length = cose->kid_context.length;
1056 if (ptr && osc_ctx && osc_ctx->rfc8613_b_2) {
1057 /* Processing Appendix B.2 protocol */
1058 /* Need to CBOR unwrap kid_context */
1059 coap_bin_const_t kid_context;
1060
1061 kid_context.length = oscore_cbor_get_element_size(&ptr, &length);
1062 if (kid_context.length > length)
1063 goto error;
1064 /* This has to fit into an OSCORE option max 255.
1065 * Initial byte, kid_context size, partial IV size and kid size have to be there
1066 */
1067 if (kid_context.length >= 255 - 1 - 1 - cose->partial_iv.length - cose->key_id.length)
1068 goto error;
1069 kid_context.s = ptr;
1070 cose_encrypt0_set_kid_context(cose, (coap_bin_const_t *)&kid_context);
1071
1072 if (session->oscore_r2 != 0) {
1073 /* B.2 step 4 */
1074 coap_bin_const_t *kc = coap_new_bin_const(cose->kid_context.s,
1075 cose->kid_context.length);
1076
1077 if (kc == NULL)
1078 goto error;
1079
1080 session->b_2_step = COAP_OSCORE_B_2_STEP_4;
1081 coap_log_oscore("Appendix B.2 server step 4 (R2 || R3)\n");
1082 oscore_update_ctx(osc_ctx, kc);
1083 } else {
1084 session->b_2_step = COAP_OSCORE_B_2_STEP_2;
1085 coap_log_oscore("Appendix B.2 server step 2 (ID1)\n");
1086 osc_ctx = oscore_duplicate_ctx(session->context,
1087 osc_ctx,
1088 osc_ctx->sender_context->sender_id,
1089 &cose->key_id,
1090 &cose->kid_context);
1091 if (osc_ctx == NULL)
1092 goto error;
1093 /*
1094 * Complete the Verify (B.2 step 2)
1095 * before sending back the response
1096 */
1097 rcp_ctx = osc_ctx->recipient_chain;
1098 }
1099 } else {
1100 osc_ctx = NULL;
1101 }
1102 }
1103 } else if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1104 session->b_2_step = COAP_OSCORE_B_2_NONE;
1105 coap_log_oscore("Appendix B.2 server finished\n");
1106 }
1107 if (!osc_ctx) {
1108 coap_log_err("OSCORE: Security Context not found\n");
1109 oscore_log_hex_value(COAP_LOG_OSCORE, "key_id", &cose->key_id);
1110 oscore_log_hex_value(COAP_LOG_OSCORE, "kid_context", &cose->kid_context);
1111 build_and_send_error_pdu(session,
1112 pdu,
1113 COAP_RESPONSE_CODE(401),
1114 "Security context not found",
1115 NULL,
1116 NULL,
1117 0);
1118 goto error_no_ack;
1119 }
1120 /* to be used for encryption of returned response later */
1121 coap_oscore_session_set_recipient_ctx(session, rcp_ctx);
1122 snd_ctx = osc_ctx->sender_context;
1123
1124 /*
1125 * 8.2 Step 3.
1126 * Verify Partial IV is not duplicated.
1127 *
1128 * Requires in COSE object as appropriate
1129 * partial_iv (as received)
1130 */
1131 if ((rcp_ctx->initial_state == 0 || osc_ctx->rfc8613_b_1_2 == 0) &&
1132 !oscore_validate_sender_seq(rcp_ctx, cose)) {
1133 coap_log_warn("OSCORE: Replayed or old message\n");
1134 build_and_send_error_pdu(session,
1135 pdu,
1136 COAP_RESPONSE_CODE(401),
1137 "Replay detected",
1138 NULL,
1139 NULL,
1140 0);
1141 goto error_no_ack;
1142 }
1143 if (rcp_ctx->initial_state == 1) {
1144 incoming_seq =
1145 coap_decode_var_bytes8(cose->partial_iv.s, cose->partial_iv.length);
1146 rcp_ctx->last_seq = incoming_seq;
1147 } else if (session->context->oscore_update_seq_num_cb != NULL) {
1148 /* notify custom credential storage */
1149 coap_lock_callback(session->context->oscore_update_seq_num_cb(session,
1150 rcp_ctx->recipient_id,
1151 osc_ctx->id_context,
1152 rcp_ctx->last_seq,
1153 rcp_ctx->sliding_window));
1154 }
1155 } else { /* !coap_request */
1156 /*
1157 * 8.4 Step 2
1158 * Decompress COSE object
1159 * Get Recipient Context based on token
1160 */
1161 if (oscore_decode_option_value(osc_value, osc_size, cose) == 0) {
1162 coap_log_warn("OSCORE: OSCORE Option cannot be decoded.\n");
1163 coap_handle_event_lkd(session->context,
1164 COAP_EVENT_OSCORE_DECODE_ERROR,
1165 session);
1166 goto error;
1167 }
1168 got_resp_piv = cose->partial_iv.length ? 1 : 0;
1169
1170 association = oscore_find_association(session, &pdu_token);
1171 if (association) {
1172 rcp_ctx = association->recipient_ctx;
1173 osc_ctx = rcp_ctx->osc_ctx;
1174 snd_ctx = osc_ctx->sender_context;
1175#if COAP_CLIENT_SUPPORT
1176 sent_pdu = association->sent_pdu;
1177 if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1178 const uint8_t *ptr = cose->kid_context.s;
1179 size_t length = cose->kid_context.length;
1180
1181 if (ptr) {
1182 /* Need to CBOR unwrap kid_context */
1183 coap_bin_const_t kid_context;
1184
1185 kid_context.length = oscore_cbor_get_element_size(&ptr, &length);
1186 if (kid_context.length > length)
1187 goto error;
1188 /* This has to fit into an OSCORE option max 255.
1189 * Initial byte, kid_context size, partial IV size and kid size have to be there
1190 */
1191 if (kid_context.length >= 255 - 1 - 1 - cose->partial_iv.length - cose->key_id.length)
1192 goto error;
1193 kid_context.s = ptr;
1194 cose_encrypt0_set_kid_context(cose, &kid_context);
1195 }
1196 if (ptr && !coap_binary_equal(osc_ctx->id_context, &cose->kid_context)) {
1197 /* If Appendix B.2 step 3 is in operation */
1198 /* Need to update Security Context with new (R2 || ID1) ID Context */
1199 coap_binary_t *kc = coap_new_binary(cose->kid_context.length +
1200 osc_ctx->id_context->length);
1201
1202 if (kc == NULL) {
1203 coap_handle_event_lkd(session->context,
1204 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1205 session);
1206 goto error;
1207 }
1208
1209 memcpy(kc->s, cose->kid_context.s, cose->kid_context.length);
1210 memcpy(&kc->s[cose->kid_context.length],
1211 osc_ctx->id_context->s,
1212 osc_ctx->id_context->length);
1213
1214 session->b_2_step = COAP_OSCORE_B_2_STEP_3;
1215 coap_log_oscore("Appendix B.2 client step 3 (R2 || ID1)\n");
1216 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1217 } else {
1218 session->b_2_step = COAP_OSCORE_B_2_STEP_5;
1219 coap_log_oscore("Appendix B.2 client step 5 (R2 || R3)\n");
1220 }
1221 }
1222#endif /* COAP_CLIENT_SUPPORT */
1223 } else {
1224 coap_log_crit("OSCORE: Security Context association not found\n");
1225 coap_handle_event_lkd(session->context,
1226 COAP_EVENT_OSCORE_NO_SECURITY,
1227 session);
1228 goto error;
1229 }
1230 }
1231
1232 cose_encrypt0_set_alg(cose, osc_ctx->aead_alg);
1233
1234 if (coap_request) {
1235 /*
1236 * RFC8613 8.2 Step 4.
1237 * Compose the External AAD and then AAD
1238 *
1239 * OSCORE_option requires
1240 * partial_iv (cose partial_iv)
1241 * kid_context (cose kid_context)
1242 * key_id (cose key_id)
1243 * group_flag
1244 *
1245 * Non Group requires the following
1246 * RFC8613 5.4
1247 * oscore_version 1
1248 * algorithms [
1249 * aead_alg (osc_ctx)
1250 * ]
1251 * request_kid (request key_id using cose)
1252 * request_piv (request partial_iv using cose)
1253 * options (none at present)
1254 *
1255 * Note: No I options at present
1256 */
1257
1258 /* External AAD */
1259 external_aad.s = external_aad_buffer;
1260 external_aad.length = oscore_prepare_e_aad(osc_ctx,
1261 cose,
1262 osc_value,
1263 osc_size,
1264 NULL,
1265 external_aad_buffer,
1266 sizeof(external_aad_buffer));
1267 cose_encrypt0_set_external_aad(cose, &external_aad);
1268
1269 /* AAD */
1270 aad.s = aad_buffer;
1271 aad.length = oscore_prepare_aad(external_aad_buffer,
1272 external_aad.length,
1273 aad_buffer,
1274 sizeof(aad_buffer));
1275 assert(aad.length < AAD_BUF_LEN);
1276 cose_encrypt0_set_aad(cose, &aad);
1277
1278 /*
1279 * RFC8613 8.2 Step 5.
1280 * Compute the AEAD nonce.
1281 *
1282 * Requires in COSE object as appropriate
1283 * key_id (kid) (Recipient ID)
1284 * partial_iv (as received in request)
1285 * common_iv (already in osc_ctx)
1286 */
1287 nonce.s = nonce_buffer;
1288 nonce.length = 13;
1289 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
1290 cose_encrypt0_set_nonce(cose, &nonce);
1291 /*
1292 * Set up an association for use in the response
1293 */
1294 association = oscore_find_association(session, &pdu_token);
1295 if (association) {
1296 /* Refresh the association */
1297 coap_delete_bin_const(association->nonce);
1298 association->nonce =
1299 coap_new_bin_const(cose->nonce.s, cose->nonce.length);
1300 if (association->nonce == NULL)
1301 goto error;
1302 coap_delete_bin_const(association->partial_iv);
1303 association->partial_iv =
1304 coap_new_bin_const(cose->partial_iv.s, cose->partial_iv.length);
1305 if (association->partial_iv == NULL)
1306 goto error;
1307 coap_delete_bin_const(association->aad);
1308 association->aad = coap_new_bin_const(cose->aad.s, cose->aad.length);
1309 if (association->aad == NULL)
1310 goto error;
1311 coap_oscore_association_set_recipient_ctx(association, rcp_ctx);
1312 /* So association is not released when handling decrypt */
1313 association = NULL;
1314 } else if (!oscore_new_association(session,
1315 NULL,
1316 &pdu_token,
1317 rcp_ctx,
1318 &cose->aad,
1319 &cose->nonce,
1320 &cose->partial_iv,
1321 0)) {
1322 goto error;
1323 }
1324 /* So association is not released when handling decrypt */
1325 association = NULL;
1326 } else { /* ! coap_request */
1327 /* Need to do nonce before AAD because of different partial_iv */
1328 /*
1329 * 8.4 Step 4.
1330 * Compose the AEAD nonce.
1331 */
1332 cose_encrypt0_set_key_id(cose, rcp_ctx->recipient_id);
1333 if (cose->partial_iv.length == 0) {
1334 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
1335 cose_encrypt0_set_nonce(cose, association->nonce);
1336 } else {
1337 uint64_t last_seq;
1338
1339 if ((rcp_ctx->initial_state == 0 || osc_ctx->rfc8613_b_1_2 == 0) &&
1340 !oscore_validate_sender_seq(rcp_ctx, cose)) {
1341 coap_log_warn("OSCORE: Replayed or old message\n");
1342 goto error;
1343 }
1344 last_seq =
1345 coap_decode_var_bytes8(cose->partial_iv.s, cose->partial_iv.length);
1346 if (rcp_ctx->last_seq>= OSCORE_SEQ_MAX) {
1347 coap_log_warn("OSCORE Replay protection, SEQ larger than SEQ_MAX.\n");
1348 goto error;
1349 }
1350 if (last_seq > rcp_ctx->last_seq)
1351 rcp_ctx->last_seq = last_seq;
1352 /*
1353 * Requires in COSE object as appropriate
1354 * kid (set above)
1355 * partial_iv (as received)
1356 * common_iv (already in osc_ctx)
1357 */
1358 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
1359 nonce.s = nonce_buffer;
1360 nonce.length = 13;
1361 cose_encrypt0_set_nonce(cose, &nonce);
1362 }
1363#ifdef OSCORE_EXTRA_DEBUG
1364 dump_cose(cose, "!req post set nonce");
1365#endif /* OSCORE_EXTRA_DEBUG */
1366 /*
1367 * 8.4 Step 3.
1368 * Compose the External AAD and then AAD
1369 *
1370 * OSCORE_option requires
1371 * partial_iv (cose partial_iv)
1372 * kid_context (cose kid_context)
1373 * key_id (cose key_id)
1374 * group_flag
1375 *
1376 * Non Group requires the following
1377 * RFC8613 5.4
1378 * oscore_version 1
1379 * algorithms [
1380 * aead_alg (osc_ctx)
1381 * ]
1382 * request_kid (request key_id using cose)
1383 * request_piv (request partial_iv using cose)
1384 * options (none at present)
1385 *
1386 * Note: No I options at present
1387 */
1388
1389 /* External AAD */
1390 cose_encrypt0_set_key_id(cose, snd_ctx->sender_id);
1391 if (association->is_observe && association->obs_partial_iv && got_resp_piv) {
1392 cose_encrypt0_set_partial_iv(cose, association->obs_partial_iv);
1393 } else {
1394 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
1395 }
1396#ifdef OSCORE_EXTRA_DEBUG
1397 dump_cose(cose, "!req pre aad");
1398#endif /* OSCORE_EXTRA_DEBUG */
1399 external_aad.s = external_aad_buffer;
1400 external_aad.length = oscore_prepare_e_aad(osc_ctx,
1401 cose,
1402 NULL,
1403 0,
1404 NULL,
1405 external_aad_buffer,
1406 sizeof(external_aad_buffer));
1407 cose_encrypt0_set_external_aad(cose, &external_aad);
1408
1409 /* AAD */
1410 aad.s = aad_buffer;
1411 aad.length = oscore_prepare_aad(external_aad_buffer,
1412 external_aad.length,
1413 aad_buffer,
1414 sizeof(aad_buffer));
1415 assert(aad.length < AAD_BUF_LEN);
1416 cose_encrypt0_set_aad(cose, &aad);
1417#ifdef OSCORE_EXTRA_DEBUG
1418 dump_cose(cose, "!req post set aad");
1419#endif /* OSCORE_EXTRA_DEBUG */
1420 }
1421
1422 /*
1423 * 8.2 Step 6 / 8.4 Step 5.
1424 * Decrypt the COSE object.
1425 *
1426 * Requires in COSE object as appropriate
1427 * alg (already set)
1428 * key
1429 * nonce (already set)
1430 * aad (already set)
1431 * ciphertext
1432 */
1433 st_encrypt = pdu->data;
1434 encrypt_len = pdu->used_size - (pdu->data - pdu->token);
1435 if (encrypt_len <= 0) {
1436 coap_log_warn("OSCORE: No protected payload\n");
1437 if (!coap_request)
1438 coap_handle_event_lkd(session->context,
1439 COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD,
1440 session);
1441 goto error;
1442 }
1443 cose_encrypt0_set_key(cose, rcp_ctx->recipient_key);
1444 cose_encrypt0_set_ciphertext(cose, st_encrypt, encrypt_len);
1445
1446 tag_len = cose_tag_len(cose->alg);
1447 /* Decrypt into plain_pdu, so code (token), options and data are in place */
1448 plain_pdu = coap_pdu_init(pdu->type, 0, 0, encrypt_len /* - tag_len */);
1449 if (plain_pdu == NULL) {
1450 if (!coap_request)
1451 coap_handle_event_lkd(session->context,
1452 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1453 session);
1454 goto error;
1455 }
1456
1457 /* need the tag_len on the end for TinyDTLS to do its work - yuk */
1458 if (!coap_pdu_resize(plain_pdu, encrypt_len /* - tag_len */)) {
1459 if (!coap_request)
1460 coap_handle_event_lkd(session->context,
1461 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1462 session);
1463 goto error;
1464 }
1465
1466 /* Account for 1 byte 'code' used as token */
1467 plain_pdu->e_token_length = 1;
1468 plain_pdu->actual_token.length = 1;
1469 /* Account for the decrypted data */
1470 plain_pdu->used_size = encrypt_len - tag_len;
1471
1472 dump_cose(cose, "Pre decrypt");
1473 pltxt_size =
1474 cose_encrypt0_decrypt(cose, plain_pdu->token, encrypt_len - tag_len);
1475 if (pltxt_size <= 0) {
1476 coap_log_warn("OSCORE: Decryption Failure, result code: %d \n",
1477 (int)pltxt_size);
1478 if (coap_request) {
1479 build_and_send_error_pdu(session,
1480 pdu,
1481 COAP_RESPONSE_CODE(400),
1482 "Decryption failed",
1483 NULL,
1484 NULL,
1485 0);
1486 oscore_roll_back_seq(rcp_ctx);
1487 goto error_no_ack;
1488 } else {
1489 coap_handle_event_lkd(session->context,
1490 COAP_EVENT_OSCORE_DECRYPTION_FAILURE,
1491 session);
1492 }
1493 goto error;
1494 }
1495
1496 assert((size_t)pltxt_size < pdu->alloc_size + pdu->max_hdr_size);
1497
1498 /* Appendix B.2 Trap */
1499 if (session->b_2_step == COAP_OSCORE_B_2_STEP_2) {
1500 /* Need to update Security Context with new (R2 || ID1) ID Context */
1501 coap_binary_t *kc =
1502 coap_new_binary(sizeof(session->oscore_r2) + cose->kid_context.length);
1503 coap_bin_const_t oscore_r2;
1504
1505 if (kc == NULL) {
1506 if (!coap_request)
1507 coap_handle_event_lkd(session->context,
1508 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1509 session);
1510 goto error;
1511 }
1512
1513 coap_prng_lkd(&session->oscore_r2, sizeof(session->oscore_r2));
1514 memcpy(kc->s, &session->oscore_r2, sizeof(session->oscore_r2));
1515 memcpy(&kc->s[sizeof(session->oscore_r2)],
1516 cose->kid_context.s,
1517 cose->kid_context.length);
1518
1519 coap_log_oscore("Appendix B.2 server step 2 (R2 || ID1)\n");
1520 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1521
1522 oscore_r2.length = sizeof(session->oscore_r2);
1523 oscore_r2.s = (const uint8_t *)&session->oscore_r2;
1524 coap_log_oscore("Appendix B.2 server step 2 plain response\n");
1525 build_and_send_error_pdu(session,
1526 pdu,
1527 COAP_RESPONSE_CODE(401),
1528 NULL,
1529 NULL,
1530 &oscore_r2,
1531 1);
1532 goto error_no_ack;
1533 }
1534#if COAP_CLIENT_SUPPORT
1535 if (session->b_2_step == COAP_OSCORE_B_2_STEP_3) {
1536 coap_log_oscore("Appendix B.2 client step 3 (R2 || R3)\n");
1537 coap_pdu_encode_header(plain_pdu, session->proto);
1538 plain_pdu->actual_token.s = plain_pdu->token;
1539 plain_pdu->code = plain_pdu->token[0];
1540 if (plain_pdu->code != COAP_RESPONSE_CODE(401)) {
1541 coap_log_warn("OSCORE Appendix B.2: Expected 4.01 response\n");
1542 }
1543 /* Skip the options */
1544 coap_option_iterator_init(plain_pdu, &opt_iter, COAP_OPT_ALL);
1545 while (coap_option_next(&opt_iter)) {
1546 }
1547 if (opt_iter.length > 0 && opt_iter.next_option &&
1548 opt_iter.next_option[0] == COAP_PAYLOAD_START) {
1549 plain_pdu->data = &opt_iter.next_option[1];
1550 }
1551 coap_log_oscore("Inner Response PDU (plaintext)\n");
1552 coap_show_pdu(COAP_LOG_OSCORE, plain_pdu);
1553 /*
1554 * Need to update Security Context with new (R2 || R3) ID Context
1555 * and retransmit the request
1556 */
1557 coap_binary_t *kc = coap_new_binary(cose->kid_context.length + 8);
1558
1559 if (kc == NULL) {
1560 if (!coap_request)
1561 coap_handle_event_lkd(session->context,
1562 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1563 session);
1564 goto error;
1565 }
1566 memcpy(kc->s, cose->kid_context.s, cose->kid_context.length);
1567 coap_prng_lkd(&kc->s[cose->kid_context.length], 8);
1568
1569 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1570
1571 coap_cancel_all_messages(session->context,
1572 session,
1573 &pdu->actual_token);
1574 if (session->con_active)
1575 session->con_active--;
1576 coap_send_ack_lkd(session, pdu);
1577 if (sent_pdu) {
1578 coap_log_oscore("Appendix B.2 retransmit pdu\n");
1579 if (!session->b_2_retransmit_token) {
1580 session->b_2_retransmit_token = coap_new_str_const(sent_pdu->actual_token.s,
1581 sent_pdu->actual_token.length);
1582 }
1583 if (coap_retransmit_oscore_pdu(session, sent_pdu, NULL) ==
1584 COAP_INVALID_MID)
1585 goto error_no_ack;
1586 }
1587 goto error_no_ack;
1588 }
1589#endif /* COAP_CLIENT_SUPPORT */
1590
1591#if COAP_SERVER_SUPPORT
1592 /* Appendix B.1.2 request Trap */
1593 if (coap_request && osc_ctx->rfc8613_b_1_2) {
1594 if (rcp_ctx->initial_state == 1) {
1595 opt = coap_check_option(plain_pdu, COAP_OPTION_ECHO, &opt_iter);
1596 if (opt) {
1597 /* Verify Client is genuine */
1598 if (coap_opt_length(opt) == 8 &&
1599 memcmp(coap_opt_value(opt), rcp_ctx->echo_value, 8) == 0) {
1600 /* This clears rcp_ctx->initial_state */
1601 if (!oscore_validate_sender_seq(rcp_ctx, cose)) {
1602 coap_log_warn("OSCORE: Replayed or old message\n");
1603 build_and_send_error_pdu(session,
1604 pdu,
1605 COAP_RESPONSE_CODE(401),
1606 "Replay detected",
1607 NULL,
1608 NULL,
1609 0);
1610 goto error_no_ack;
1611 } else {
1612 if (session->context->oscore_update_seq_num_cb != NULL) {
1613 /* notify echo challenge changed */
1614 coap_lock_callback(session->context->oscore_update_seq_num_cb(session,
1615 rcp_ctx->recipient_id,
1616 osc_ctx->id_context,
1617 rcp_ctx->last_seq,
1618 rcp_ctx->sliding_window));
1619 }
1620 }
1621 } else
1622 goto error;
1623 } else {
1624 /* RFC 8163 Appendix B.1.2 */
1625 if (session->b_2_step == COAP_OSCORE_B_2_STEP_4) {
1626 session->b_2_step = COAP_OSCORE_B_2_NONE;
1627 coap_log_oscore("Appendix B.2 server finished\n");
1628 }
1629 coap_prng_lkd(rcp_ctx->echo_value, sizeof(rcp_ctx->echo_value));
1630 coap_log_oscore("Appendix B.1.2 server plain response\n");
1631
1632 build_and_send_error_pdu(session,
1633 pdu,
1634 COAP_RESPONSE_CODE(401),
1635 NULL,
1636 rcp_ctx->echo_value,
1637 NULL,
1638 1);
1639 goto error_no_ack;
1640 }
1641 }
1642 }
1643#endif /* COAP_SERVER_SUPPORT */
1644
1645 /*
1646 * 8.2 Step 7 / 8.4 Step 6.
1647 * Add decrypted Code, options and payload
1648 * [OSCORE option not copied across previously]
1649 */
1650
1651 /* PDU code is pseudo plain_pdu token */
1652 decrypt_pdu->code = plain_pdu->token[0];
1653
1654 /* Copy inner decrypted options across */
1655 coap_option_iterator_init(plain_pdu, &opt_iter, COAP_OPT_ALL);
1656 while ((opt = coap_option_next(&opt_iter))) {
1657 size_t len;
1658 size_t bias;
1659
1660 switch (opt_iter.number) {
1661 case COAP_OPTION_OSCORE:
1662 break;
1663 case COAP_OPTION_OBSERVE:
1664 if (!coap_request) {
1665 bias = cose->partial_iv.length > 3 ? cose->partial_iv.length - 3 : 0;
1666 len = cose->partial_iv.length > 3 ? 3 : cose->partial_iv.length;
1667 /* Make Observe option reflect last 3 bytes of partial_iv */
1668 if (!coap_add_option_internal(
1669 decrypt_pdu,
1670 opt_iter.number,
1671 len,
1672 cose->partial_iv.s ? &cose->partial_iv.s[bias] : NULL)) {
1673 coap_handle_event_lkd(session->context,
1674 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1675 session);
1676 goto error;
1677 }
1678 doing_resp_observe = 1;
1679 break;
1680 }
1681 association = oscore_find_association(session, &pdu_token);
1682 if (association) {
1683 association->is_observe = 1;
1684 association = NULL;
1685 }
1686 /* Fall Through */
1687 default:
1688 if (!coap_insert_option(decrypt_pdu,
1689 opt_iter.number,
1690 coap_opt_length(opt),
1691 coap_opt_value(opt))) {
1692 if (!coap_request)
1693 coap_handle_event_lkd(session->context,
1694 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1695 session);
1696 goto error;
1697 }
1698 break;
1699 }
1700 }
1701 if (!coap_request && !doing_resp_observe) {
1702 if (association) {
1703 association->is_observe = 0;
1704 }
1705 }
1706 /* Need to copy across any data */
1707 if (opt_iter.length > 0 && opt_iter.next_option &&
1708 opt_iter.next_option[0] == COAP_PAYLOAD_START) {
1709 plain_pdu->data = &opt_iter.next_option[1];
1710 if (!coap_add_data(decrypt_pdu,
1711 plain_pdu->used_size -
1712 (plain_pdu->data - plain_pdu->token),
1713 plain_pdu->data)) {
1714 if (!coap_request)
1715 coap_handle_event_lkd(session->context,
1716 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1717 session);
1718 goto error;
1719 }
1720 }
1721 coap_delete_pdu_lkd(plain_pdu);
1722 plain_pdu = NULL;
1723
1724 /* Make sure headers are correctly set up */
1725 if (!coap_pdu_encode_header(decrypt_pdu, session->proto)) {
1726 if (!coap_request)
1727 coap_handle_event_lkd(session->context,
1728 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1729 session);
1730 goto error;
1731 }
1732
1733 if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1734 session->b_2_step = COAP_OSCORE_B_2_NONE;
1735 coap_log_oscore("Appendix B.2 client finished\n");
1736 if (session->b_2_retransmit_token) {
1737 coap_update_token(decrypt_pdu, session->b_2_retransmit_token->length,
1738 session->b_2_retransmit_token->s);
1739 coap_delete_str_const(session->b_2_retransmit_token);
1740 session->b_2_retransmit_token = NULL;
1741 }
1742 }
1743#if COAP_CLIENT_SUPPORT
1744 if (decrypt_pdu->code == COAP_RESPONSE_CODE(401) &&
1745 (opt = coap_check_option(decrypt_pdu, COAP_OPTION_ECHO, &opt_iter))) {
1746 /* Server is requesting Echo refresh check */
1747 coap_cancel_all_messages(session->context,
1748 session,
1749 &pdu->actual_token);
1750 if (session->con_active)
1751 session->con_active--;
1752 if (!sent_pdu) {
1753 coap_lg_crcv_t *lg_crcv = coap_find_lg_crcv(session, pdu);
1754
1755 if (lg_crcv)
1756 sent_pdu = lg_crcv->sent_pdu;
1757 }
1758 if (sent_pdu) {
1759 coap_send_ack_lkd(session, pdu);
1760 coap_log_debug("PDU requesting re-transmit\n");
1761 coap_show_pdu(COAP_LOG_DEBUG, decrypt_pdu);
1762 coap_log_oscore("RFC9175 retransmit pdu\n");
1763 /* Do not care if this fails */
1764 if (coap_retransmit_oscore_pdu(session, sent_pdu, opt) != COAP_INVALID_MID) {
1765 session->doing_b_1_2 = 1;
1766 }
1767 goto error_no_ack;
1768 }
1769 } else if (session->doing_b_1_2) {
1770 coap_lg_crcv_t *lg_crcv = coap_find_lg_crcv(session, pdu);
1771
1772 if (lg_crcv) {
1773 if (!coap_binary_equal(&decrypt_pdu->actual_token, lg_crcv->app_token)) {
1774 coap_update_token(decrypt_pdu, lg_crcv->app_token->length, lg_crcv->app_token->s);
1775 }
1776 }
1777 session->doing_b_1_2 = 0;
1778 }
1779#endif /* COAP_CLIENT_SUPPORT */
1780 if (association && association->is_observe == 0)
1781 oscore_delete_association(session, association);
1782 return decrypt_pdu;
1783
1784error:
1785 coap_send_ack_lkd(session, pdu);
1786error_no_ack:
1787 if (association && association->is_observe == 0)
1788 oscore_delete_association(session, association);
1789 coap_delete_pdu_lkd(decrypt_pdu);
1790 coap_delete_pdu_lkd(plain_pdu);
1791 return NULL;
1792}
1793
1794typedef enum {
1795 COAP_ENC_ASCII = 0x001,
1796 COAP_ENC_HEX = 0x002,
1797 COAP_ENC_CONFIG = 0x0200,
1798 COAP_ENC_INTEGER = 0x400,
1799 COAP_ENC_TEXT = 0x800,
1800 COAP_ENC_BOOL = 0x1000,
1801 COAP_ENC_UNSIGNED64 = 0x2000,
1802 COAP_ENC_LAST
1803} coap_oscore_coding_t;
1804
1805#undef TEXT_MAPPING
1806#define TEXT_MAPPING(t, v) \
1807 { { sizeof(#t)-1, (const uint8_t *)#t }, v }
1808
1809static struct coap_oscore_encoding_t {
1810 coap_str_const_t name;
1811 coap_oscore_coding_t encoding;
1812} oscore_encoding[] = {
1813 TEXT_MAPPING(ascii, COAP_ENC_ASCII),
1814 TEXT_MAPPING(hex, COAP_ENC_HEX),
1815 TEXT_MAPPING(config, COAP_ENC_CONFIG),
1816 TEXT_MAPPING(integer, COAP_ENC_INTEGER),
1817 TEXT_MAPPING(unsigned64, COAP_ENC_UNSIGNED64),
1818 TEXT_MAPPING(text, COAP_ENC_TEXT),
1819 TEXT_MAPPING(bool, COAP_ENC_BOOL),
1820 {{0, NULL}, COAP_ENC_LAST}
1821};
1822
1823typedef struct {
1824 coap_oscore_coding_t encoding;
1825 const char *encoding_name;
1826 union {
1827 int value_int;
1828 uint64_t value_int64;
1829 coap_bin_const_t *value_bin;
1830 coap_str_const_t value_str;
1831 } u;
1832} oscore_value_t;
1833
1834/*
1835 * Return 1 if hex character
1836 * 0 not hex character
1837 */
1838static int
1839hex_to_char(char c, uint8_t *value) {
1840 if ('a' <= c && c <= 'f') {
1841 *value = c - 'a' + 10;
1842 } else if ('A' <= c && c <= 'F') {
1843 *value = c - 'A' + 10;
1844 } else if ('0' <= c && c <= '9') {
1845 *value = c - '0';
1846 } else {
1847 *value = 0;
1848 return 0;
1849 }
1850 return 1;
1851}
1852
1853/* Parse the hex into binary */
1854static coap_bin_const_t *
1855parse_hex_bin(const char *begin, const char *end) {
1856 coap_binary_t *binary = NULL;
1857 size_t i;
1858 size_t o = 0;
1859
1860 binary = coap_new_binary((end - begin) / 2);
1861 if (binary == NULL)
1862 goto bad_entry;
1863 for (i = 0; (i < (size_t)(end - begin)); i++) {
1864 while ((i < (size_t)(end - begin)) &&
1865 (begin[i] == '\r' || begin[i] == '\n' || begin[i] == ' ')) {
1866 i++;
1867 }
1868 if (i == (size_t)(end - begin))
1869 break;
1870 if (isxdigit((uint8_t)begin[i])) {
1871 uint8_t value;
1872
1873 if (!hex_to_char(begin[i], &value)) {
1874 goto bad_entry;
1875 }
1876 binary->s[o] = value << 4;
1877 i++;
1878 while ((i < (size_t)(end - begin)) &&
1879 (begin[i] == '\r' || begin[i] == '\n' || begin[i] == ' ')) {
1880 i++;
1881 }
1882 if (i == (size_t)(end - begin))
1883 goto bad_entry;
1884 if (!hex_to_char(begin[i], &value)) {
1885 goto bad_entry;
1886 }
1887 binary->s[o++] += value;
1888 } else {
1889 break;
1890 }
1891 }
1892 if (i != (size_t)(end - begin))
1893 goto bad_entry;
1894 return (coap_bin_const_t *)binary;
1895
1896bad_entry:
1897 coap_delete_binary(binary);
1898 return NULL;
1899}
1900
1901/*
1902 * Break up each OSCORE Configuration line entry into the 3 parts which
1903 * are comma separated
1904 *
1905 * keyword,encoding,value
1906 */
1907static int
1908get_split_entry(const char **start,
1909 size_t size,
1910 coap_str_const_t *keyword,
1911 oscore_value_t *value,
1912 cose_curve_t sign_curve) {
1913 const char *begin = *start;
1914 const char *keep_start = *start;
1915 const char *end;
1916 const char *kend;
1917 const char *tend;
1918 const char *split;
1919 size_t i;
1920 size_t len;
1921 (void)sign_curve;
1922
1923retry:
1924 kend = end = memchr(begin, '\n', size);
1925 if (end == NULL)
1926 return 0;
1927
1928 /* Check for multi-line */
1929 if ((tend = memchr(begin, '"', end - begin))) {
1930 /* See if " terminator is on the same line */
1931 if (!memchr(tend + 1, '"', end - tend -1)) {
1932 /* Over multiple lines */
1933 kend = end = memchr(end, '"', size - (end - begin));
1934 if (end == NULL)
1935 return 0;
1936 kend = end = memchr(kend, '\n', size - (kend - begin));
1937 if (end == NULL)
1938 return 0;
1939 }
1940 }
1941
1942 /* Track beginning of next line */
1943 *start = end + 1;
1944 if (end > begin && end[-1] == '\r')
1945 end--;
1946
1947 if (begin[0] == '#' || (end - begin) == 0) {
1948 /* Skip comment / blank line */
1949 size -= kend - begin + 1;
1950 begin = *start;
1951 keep_start = *start;
1952 goto retry;
1953 }
1954
1955 /* Get in the keyword */
1956 split = memchr(begin, ',', end - begin);
1957 if (split == NULL)
1958 goto bad_entry;
1959
1960 keyword->s = (const uint8_t *)begin;
1961 keyword->length = split - begin;
1962
1963 begin = split + 1;
1964 if ((end - begin) == 0)
1965 goto bad_entry;
1966 /* Get in the encoding */
1967 split = memchr(begin, ',', end - begin);
1968 if (split == NULL)
1969 goto bad_entry;
1970
1971 for (i = 0; oscore_encoding[i].name.s; i++) {
1972 coap_str_const_t temp = { split - begin, (const uint8_t *)begin };
1973
1974 if (coap_string_equal(&temp, &oscore_encoding[i].name)) {
1975 value->encoding = oscore_encoding[i].encoding;
1976 value->encoding_name = (const char *)oscore_encoding[i].name.s;
1977 break;
1978 }
1979 }
1980 if (oscore_encoding[i].name.s == NULL)
1981 goto bad_entry;
1982
1983 begin = split + 1;
1984 if ((end - begin) == 0)
1985 goto bad_entry;
1986 /* Get in the keyword's value */
1987 if (value->encoding == COAP_ENC_CONFIG && begin[0] == '\'') {
1988 split = memchr(&begin[1], '\'', size - (begin - keep_start) - 1);
1989 if (split == NULL)
1990 goto bad_entry;
1991 end = memchr(split, '\n', size - (split - keep_start));
1992 if (end == NULL)
1993 return 0;
1994 *start = end + 1;
1995 end = split;
1996 begin++;
1997 } else {
1998 if (begin[0] == '"') {
1999 split = memchr(&begin[1], '"', end - split - 1);
2000 if (split == NULL)
2001 goto bad_entry;
2002 end = split;
2003 begin++;
2004 }
2005 }
2006 switch (value->encoding) {
2007 case COAP_ENC_CONFIG:
2008 case COAP_ENC_ASCII:
2009 value->u.value_bin =
2010 coap_new_bin_const((const uint8_t *)begin, end - begin);
2011 if (value->u.value_bin == NULL)
2012 goto bad_entry;
2013 break;
2014 case COAP_ENC_HEX:
2015 /* Parse the hex into binary */
2016 value->u.value_bin = parse_hex_bin(begin, end);
2017 if (value->u.value_bin == NULL)
2018 goto bad_entry;
2019 break;
2020 case COAP_ENC_INTEGER:
2021 value->u.value_int = atoi(begin);
2022 break;
2023 case COAP_ENC_UNSIGNED64: {
2024 value->u.value_int64 = strtoull(begin, NULL, 10);
2025 break;
2026 }
2027 case COAP_ENC_TEXT:
2028 value->u.value_str.s = (const uint8_t *)begin;
2029 value->u.value_str.length = end - begin;
2030 break;
2031 case COAP_ENC_BOOL:
2032 len = (size_t)(end - begin);
2033 if (len == 4 && memcmp("true", begin, len) == 0)
2034 value->u.value_int = 1;
2035 else if (len == 5 && memcmp("false", begin, len) == 0)
2036 value->u.value_int = 0;
2037 else
2038 goto bad_entry;
2039 break;
2040 case COAP_ENC_LAST:
2041 default:
2042 goto bad_entry;
2043 }
2044 return 1;
2045
2046bad_entry:
2047 coap_log_warn("oscore_conf: Unrecognized configuration entry '%.*s'\n",
2048 (int)(end - begin),
2049 begin);
2050 return -1;
2051
2052}
2053
2054#undef CONFIG_ENTRY
2055#define CONFIG_ENTRY(n, e, t) \
2056 { { sizeof(#n)-1, (const uint8_t *)#n }, e, \
2057 offsetof(coap_oscore_conf_t, n), t }
2058
2059#undef CONFIG_SND_ENTRY
2060#define CONFIG_SND_ENTRY(n, e, t) \
2061 { { sizeof(#n)-1, (const uint8_t *)#n }, e, \
2062 offsetof(coap_oscore_snd_conf_t, n), t }
2063
2064#undef CONFIG_RCP_ENTRY
2065#define CONFIG_RCP_ENTRY(n, e, t) \
2066 { { sizeof(#n)-1, (const uint8_t *)#n }, e, \
2067 offsetof(coap_oscore_rcp_conf_t, n), t }
2068
2069#undef CONFIG_DUMMY_ENTRY
2070#define CONFIG_DUMMY_ENTRY(n, e, t) \
2071 { { sizeof(#n)-1, (const uint8_t *)#n }, e, 0, t }
2072
2073typedef struct oscore_text_mapping_t {
2074 coap_str_const_t text;
2075 int value;
2076} oscore_text_mapping_t;
2077
2078/* Naming as per https://www.iana.org/assignments/cose/cose.xhtml#algorithms */
2079static oscore_text_mapping_t text_aead_alg[] = {
2080 TEXT_MAPPING(AES-CCM-16-64-128, COSE_ALGORITHM_AES_CCM_16_64_128),
2081 TEXT_MAPPING(AES-CCM-16-64-256, COSE_ALGORITHM_AES_CCM_16_64_256),
2082 {{0, NULL}, 0}
2083};
2084
2085static oscore_text_mapping_t text_hkdf_alg[] = {
2086 TEXT_MAPPING(direct+HKDF-SHA-256, COSE_HKDF_ALG_HKDF_SHA_256),
2087 {{0, NULL}, 0}
2088};
2089
2090typedef struct oscore_config_t {
2091 coap_str_const_t str_keyword;
2092 coap_oscore_coding_t encoding;
2093 size_t offset;
2094 oscore_text_mapping_t *text_mapping;
2095} oscore_config_t;
2096
2097static oscore_config_t oscore_config[] = {
2098 CONFIG_ENTRY(aead_alg, COAP_ENC_INTEGER | COAP_ENC_TEXT, text_aead_alg),
2099 CONFIG_ENTRY(hkdf_alg, COAP_ENC_INTEGER | COAP_ENC_TEXT, text_hkdf_alg),
2100 CONFIG_ENTRY(master_secret, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2101 CONFIG_ENTRY(master_salt, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2102 CONFIG_ENTRY(id_context, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2103
2104 CONFIG_DUMMY_ENTRY(sender_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2105
2106 CONFIG_DUMMY_ENTRY(recipient_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2107
2108 CONFIG_ENTRY(replay_window, COAP_ENC_INTEGER, NULL),
2109 CONFIG_ENTRY(ssn_freq, COAP_ENC_INTEGER, NULL),
2110 CONFIG_ENTRY(rfc8613_b_1_2, COAP_ENC_BOOL, NULL),
2111 CONFIG_ENTRY(rfc8613_b_2, COAP_ENC_BOOL, NULL),
2112 CONFIG_ENTRY(break_sender_key, COAP_ENC_BOOL, NULL),
2113 CONFIG_ENTRY(break_recipient_key, COAP_ENC_BOOL, NULL),
2114 CONFIG_DUMMY_ENTRY(complex_sender, COAP_ENC_CONFIG, NULL),
2115 CONFIG_DUMMY_ENTRY(complex_recipient, COAP_ENC_CONFIG, NULL),
2116};
2117
2118static oscore_config_t oscore_snd_config[] = {
2119 CONFIG_SND_ENTRY(sender_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2120};
2121
2122static oscore_config_t oscore_rcp_config[] = {
2123 CONFIG_RCP_ENTRY(recipient_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
2124 CONFIG_RCP_ENTRY(silent_server, COAP_ENC_BOOL, NULL),
2125 CONFIG_DUMMY_ENTRY(last_seq, COAP_ENC_UNSIGNED64, NULL),
2126 CONFIG_DUMMY_ENTRY(sliding_window, COAP_ENC_UNSIGNED64, NULL),
2127};
2128
2129
2130int
2131coap_delete_oscore_snd_conf(coap_oscore_snd_conf_t *snd_conf) {
2132 if (snd_conf == NULL)
2133 return 0;
2134
2135 coap_delete_bin_const(snd_conf->sender_id);
2136 coap_free_type(COAP_STRING, snd_conf);
2137 return 1;
2138}
2139
2140int
2141coap_delete_oscore_rcp_conf(coap_oscore_rcp_conf_t *rcp_conf) {
2142 if (rcp_conf == NULL)
2143 return 0;
2144
2145 coap_delete_bin_const(rcp_conf->recipient_id);
2146 coap_free_type(COAP_STRING, rcp_conf);
2147 return 1;
2148}
2149
2150int
2151coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf) {
2152 coap_oscore_rcp_conf_t *rcp_conf;
2153 if (oscore_conf == NULL)
2154 return 0;
2155
2156 coap_delete_bin_const(oscore_conf->master_secret);
2157 coap_delete_bin_const(oscore_conf->master_salt);
2158 coap_delete_bin_const(oscore_conf->id_context);
2159 coap_delete_oscore_snd_conf(oscore_conf->sender);
2160
2161 rcp_conf = oscore_conf->recipient_chain;
2162 while (rcp_conf) {
2163 coap_oscore_rcp_conf_t *rcp_next = rcp_conf->next_recipient;
2164
2165 coap_delete_oscore_rcp_conf(rcp_conf);
2166 rcp_conf = rcp_next;
2167 }
2168
2169 coap_free_type(COAP_STRING, oscore_conf);
2170 return 1;
2171}
2172
2173static coap_oscore_snd_conf_t *
2174coap_parse_oscore_snd_conf_mem(coap_bin_const_t conf_mem) {
2175 const char *start = (const char *)conf_mem.s;
2176 const char *end = start + conf_mem.length;
2177 coap_str_const_t keyword;
2178 oscore_value_t value;
2179 coap_oscore_snd_conf_t *snd_conf;
2180
2181 snd_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_snd_conf_t));
2182 if (snd_conf == NULL)
2183 return NULL;
2184 memset(snd_conf, 0, sizeof(coap_oscore_snd_conf_t));
2185
2186 memset(&value, 0, sizeof(value));
2187
2188 while (end > start &&
2189 get_split_entry(&start, end - start, &keyword, &value, 0) > 0) {
2190 size_t i;
2191 size_t j;
2192
2193 for (i = 0; i < sizeof(oscore_snd_config) / sizeof(oscore_snd_config[0]); i++) {
2194 if (coap_string_equal(&oscore_snd_config[i].str_keyword, &keyword) != 0 &&
2195 value.encoding & oscore_snd_config[i].encoding) {
2196 coap_bin_const_t *unused_check;
2197
2198 switch (value.encoding) {
2199 case COAP_ENC_HEX:
2200 case COAP_ENC_ASCII:
2201 memcpy(&unused_check,
2202 &(((char *)snd_conf)[oscore_snd_config[i].offset]),
2203 sizeof(unused_check));
2204 if (unused_check != NULL) {
2205 coap_log_warn("oscore_snd_conf: Keyword '%.*s' duplicated\n",
2206 (int)keyword.length,
2207 (const char *)keyword.s);
2208 coap_delete_bin_const(value.u.value_bin);
2209 goto error;
2210 }
2211 memcpy(&(((char *)snd_conf)[oscore_snd_config[i].offset]),
2212 &value.u.value_bin,
2213 sizeof(value.u.value_bin));
2214 break;
2215 case COAP_ENC_INTEGER:
2216 case COAP_ENC_BOOL:
2217 memcpy(&(((char *)snd_conf)[oscore_snd_config[i].offset]),
2218 &value.u.value_int,
2219 sizeof(value.u.value_int));
2220 break;
2221 case COAP_ENC_TEXT:
2222 for (j = 0; oscore_snd_config[i].text_mapping[j].text.s != NULL; j++) {
2223 if (memcmp(value.u.value_str.s,
2224 oscore_snd_config[i].text_mapping[j].text.s,
2225 value.u.value_str.length) == 0) {
2226 memcpy(&(((char *)snd_conf)[oscore_snd_config[i].offset]),
2227 &oscore_snd_config[i].text_mapping[j].value,
2228 sizeof(oscore_snd_config[i].text_mapping[j].value));
2229 break;
2230 }
2231 }
2232 if (oscore_snd_config[i].text_mapping[j].text.s == NULL) {
2233 coap_log_warn("oscore_snd_conf: Keyword '%.*s': value '%.*s' unknown\n",
2234 (int)keyword.length,
2235 (const char *)keyword.s,
2236 (int)value.u.value_str.length,
2237 (const char *)value.u.value_str.s);
2238 goto error;
2239 }
2240 break;
2241 case COAP_ENC_CONFIG:
2242 case COAP_ENC_UNSIGNED64:
2243 case COAP_ENC_LAST:
2244 default:
2245 assert(0);
2246 break;
2247 }
2248 break;
2249 }
2250 }
2251 if (i == sizeof(oscore_snd_config) / sizeof(oscore_snd_config[0])) {
2252 coap_log_warn("oscore_snd_conf: Keyword '%.*s', type '%s' unknown\n",
2253 (int)keyword.length,
2254 (const char *)keyword.s,
2255 value.encoding_name);
2256 if (value.encoding == COAP_ENC_HEX || value.encoding == COAP_ENC_ASCII ||
2257 value.encoding == COAP_ENC_CONFIG)
2258 coap_delete_bin_const(value.u.value_bin);
2259 goto error;
2260 }
2261 }
2262 if (!snd_conf->sender_id) {
2263 coap_log_warn("oscore_snd_conf: sender_id not defined\n");
2264 goto error;
2265 }
2266 if (snd_conf->sender_id->length > 7) {
2267 coap_log_warn("oscore_snd_conf: Maximum size of sender_id is 7 bytes\n");
2268 goto error;
2269 }
2270 return snd_conf;
2271
2272error:
2273 coap_delete_oscore_snd_conf(snd_conf);
2274 return NULL;
2275}
2276
2277static coap_oscore_rcp_conf_t *
2278coap_parse_oscore_rcp_conf_mem(coap_bin_const_t conf_mem) {
2279 const char *start = (const char *)conf_mem.s;
2280 const char *end = start + conf_mem.length;
2281 coap_str_const_t keyword;
2282 oscore_value_t value;
2283 coap_oscore_rcp_conf_t *rcp_conf;
2284
2285 rcp_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_rcp_conf_t));
2286 if (rcp_conf == NULL)
2287 return NULL;
2288 memset(rcp_conf, 0, sizeof(coap_oscore_rcp_conf_t));
2289
2290 memset(&value, 0, sizeof(value));
2291
2292 while (end > start &&
2293 get_split_entry(&start, end - start, &keyword, &value, 0) > 0) {
2294 size_t i;
2295 size_t j;
2296
2297 for (i = 0; i < sizeof(oscore_rcp_config) / sizeof(oscore_rcp_config[0]); i++) {
2298 if (coap_string_equal(&oscore_rcp_config[i].str_keyword, &keyword) != 0 &&
2299 value.encoding & oscore_rcp_config[i].encoding) {
2300 if (coap_string_equal(coap_make_str_const("last_seq"), &keyword)) {
2301 rcp_conf->last_seq = value.u.value_int64;
2302 rcp_conf->window_initialized = 1;
2303 } else if (coap_string_equal(coap_make_str_const("sliding_window"), &keyword)) {
2304 rcp_conf->sliding_window = value.u.value_int64;
2305 rcp_conf->window_initialized = 1;
2306 } else {
2307 coap_bin_const_t *unused_check;
2308
2309 switch (value.encoding) {
2310 case COAP_ENC_HEX:
2311 case COAP_ENC_ASCII:
2312 memcpy(&unused_check,
2313 &(((char *)rcp_conf)[oscore_rcp_config[i].offset]),
2314 sizeof(unused_check));
2315 if (unused_check != NULL) {
2316 coap_log_warn("oscore_rcp_conf: Keyword '%.*s' duplicated\n",
2317 (int)keyword.length,
2318 (const char *)keyword.s);
2319 coap_delete_bin_const(value.u.value_bin);
2320 goto error;
2321 }
2322 memcpy(&(((char *)rcp_conf)[oscore_rcp_config[i].offset]),
2323 &value.u.value_bin,
2324 sizeof(value.u.value_bin));
2325 break;
2326 case COAP_ENC_INTEGER:
2327 case COAP_ENC_BOOL:
2328 memcpy(&(((char *)rcp_conf)[oscore_rcp_config[i].offset]),
2329 &value.u.value_int,
2330 sizeof(value.u.value_int));
2331 break;
2332 case COAP_ENC_TEXT:
2333 for (j = 0; oscore_rcp_config[i].text_mapping[j].text.s != NULL; j++) {
2334 if (memcmp(value.u.value_str.s,
2335 oscore_rcp_config[i].text_mapping[j].text.s,
2336 value.u.value_str.length) == 0) {
2337 memcpy(&(((char *)rcp_conf)[oscore_rcp_config[i].offset]),
2338 &oscore_rcp_config[i].text_mapping[j].value,
2339 sizeof(oscore_rcp_config[i].text_mapping[j].value));
2340 break;
2341 }
2342 }
2343 if (oscore_rcp_config[i].text_mapping[j].text.s == NULL) {
2344 coap_log_warn("oscore_rcp_conf: Keyword '%.*s': value '%.*s' unknown\n",
2345 (int)keyword.length,
2346 (const char *)keyword.s,
2347 (int)value.u.value_str.length,
2348 (const char *)value.u.value_str.s);
2349 goto error;
2350 }
2351 break;
2352 case COAP_ENC_CONFIG:
2353 case COAP_ENC_UNSIGNED64:
2354 case COAP_ENC_LAST:
2355 default:
2356 assert(0);
2357 break;
2358 }
2359 }
2360 break;
2361 }
2362 }
2363 if (i == sizeof(oscore_rcp_config) / sizeof(oscore_rcp_config[0])) {
2364 coap_log_warn("oscore_rcp_conf: Keyword '%.*s', type '%s' unknown\n",
2365 (int)keyword.length,
2366 (const char *)keyword.s,
2367 value.encoding_name);
2368 if (value.encoding == COAP_ENC_HEX || value.encoding == COAP_ENC_ASCII ||
2369 value.encoding == COAP_ENC_CONFIG)
2370 coap_delete_bin_const(value.u.value_bin);
2371 goto error;
2372 }
2373 }
2374 if (!rcp_conf->recipient_id) {
2375 coap_log_warn("oscore_rcp_conf: recipient_id not defined\n");
2376 goto error;
2377 }
2378 if (rcp_conf->recipient_id->length > 7) {
2379 coap_log_warn("oscore_rcp_conf: Maximum size of recipient_id is 7 bytes\n");
2380 goto error;
2381 }
2382 return rcp_conf;
2383
2384error:
2385 coap_delete_oscore_rcp_conf(rcp_conf);
2386 return NULL;
2387}
2388
2389static coap_oscore_conf_t *
2390coap_parse_oscore_conf_mem(coap_str_const_t conf_mem) {
2391 const char *start = (const char *)conf_mem.s;
2392 const char *end = start + conf_mem.length;
2393 coap_str_const_t keyword;
2394 oscore_value_t value;
2395 coap_oscore_conf_t *oscore_conf;
2396 int split_ok = -1;
2397
2398 oscore_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_conf_t));
2399 if (oscore_conf == NULL)
2400 return NULL;
2401 memset(oscore_conf, 0, sizeof(coap_oscore_conf_t));
2402
2403 memset(&value, 0, sizeof(value));
2404 /* Preset with defaults RFC8612 3.2 */
2405 oscore_conf->replay_window = COAP_OSCORE_DEFAULT_REPLAY_WINDOW;
2406 oscore_conf->ssn_freq = 1;
2407 oscore_conf->aead_alg = COSE_ALGORITHM_AES_CCM_16_64_128;
2408 oscore_conf->hkdf_alg = COSE_HKDF_ALG_HKDF_SHA_256;
2409
2410 oscore_conf->rfc8613_b_1_2 = 1;
2411 oscore_conf->rfc8613_b_2 = 0;
2412 /* For debugging only */
2413 oscore_conf->break_sender_key = 0;
2414 oscore_conf->break_recipient_key = 0;
2415
2416 while (end > start &&
2417 (split_ok = get_split_entry(&start, end - start, &keyword, &value, 0)) > 0) {
2418 size_t i;
2419 size_t j;
2420
2421 for (i = 0; i < sizeof(oscore_config) / sizeof(oscore_config[0]); i++) {
2422 if (coap_string_equal(&oscore_config[i].str_keyword, &keyword) != 0 &&
2423 value.encoding & oscore_config[i].encoding) {
2424 if (coap_string_equal(coap_make_str_const("sender_id"), &keyword)) {
2425 if (value.u.value_bin->length > 7) {
2426 coap_log_warn("oscore_conf: Maximum size of sender_id is 7 bytes\n");
2427 goto error_free_value_bin;
2428 }
2429 if (oscore_conf->sender) {
2430 coap_log_warn("oscore_conf: sender_id duplicated\n");
2431 goto error_free_value_bin;
2432 }
2433 oscore_conf->sender = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_snd_conf_t));
2434 if (!oscore_conf->sender)
2435 goto error_free_value_bin;
2436
2437 memset(oscore_conf->sender, 0, sizeof(coap_oscore_snd_conf_t));
2438 oscore_conf->sender->sender_id = value.u.value_bin;
2439 } else if (coap_string_equal(coap_make_str_const("recipient_id"), &keyword)) {
2440 coap_oscore_rcp_conf_t *rcp_conf;
2441
2442 if (value.u.value_bin->length > 7) {
2443 coap_log_warn("oscore_conf: Maximum size of recipient_id is 7 bytes\n");
2444 goto error_free_value_bin;
2445 }
2446 /* Special case as there are potentially multiple entries */
2447 rcp_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_rcp_conf_t));
2448 if (!rcp_conf)
2449 goto error_free_value_bin;
2450
2451 memset(rcp_conf, 0, sizeof(coap_oscore_rcp_conf_t));
2452 rcp_conf->recipient_id = value.u.value_bin;
2453 rcp_conf->next_recipient = oscore_conf->recipient_chain;
2454 oscore_conf->recipient_chain = rcp_conf;
2455 } else {
2456 coap_bin_const_t *unused_check;
2457
2458 switch (value.encoding) {
2459 case COAP_ENC_CONFIG:
2460 if (keyword.length == sizeof("complex_sender") - 1 &&
2461 memcmp(keyword.s, "complex_sender", keyword.length) == 0) {
2462 coap_oscore_snd_conf_t *snd_conf =
2463 coap_parse_oscore_snd_conf_mem(*value.u.value_bin);
2464
2465 if (!snd_conf) {
2466 coap_log_warn("oscore_conf: Keyword '%.*s' invalid\n",
2467 (int)keyword.length,
2468 (const char *)keyword.s);
2469 goto error_free_value_bin;
2470 }
2471 if (oscore_conf->sender) {
2472 coap_log_warn("oscore_conf: complex_sender duplicated\n");
2473 coap_delete_oscore_snd_conf(snd_conf);
2474 goto error_free_value_bin;
2475 }
2476 oscore_conf->sender = snd_conf;
2477 coap_delete_bin_const(value.u.value_bin);
2478 break;
2479 }
2480 if (keyword.length == sizeof("complex_recipient") - 1 &&
2481 memcmp(keyword.s, "complex_recipient", keyword.length) == 0) {
2482 coap_oscore_rcp_conf_t *rcp_conf =
2483 coap_parse_oscore_rcp_conf_mem(*value.u.value_bin);
2484
2485 if (!rcp_conf) {
2486 coap_log_warn("oscore_conf: Keyword '%.*s' invalid\n",
2487 (int)keyword.length,
2488 (const char *)keyword.s);
2489 goto error_free_value_bin;
2490 }
2491 rcp_conf->next_recipient = oscore_conf->recipient_chain;
2492 oscore_conf->recipient_chain = rcp_conf;
2493 coap_delete_bin_const(value.u.value_bin);
2494 }
2495 break;
2496 case COAP_ENC_ASCII:
2497 case COAP_ENC_HEX:
2498 memcpy(&unused_check,
2499 &(((char *)oscore_conf)[oscore_config[i].offset]),
2500 sizeof(unused_check));
2501 if (unused_check != NULL) {
2502 coap_log_warn("oscore_conf: Keyword '%.*s' duplicated\n",
2503 (int)keyword.length,
2504 (const char *)keyword.s);
2505 goto error_free_value_bin;
2506 }
2507 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
2508 &value.u.value_bin,
2509 sizeof(value.u.value_bin));
2510 break;
2511 case COAP_ENC_INTEGER:
2512 case COAP_ENC_BOOL:
2513 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
2514 &value.u.value_int,
2515 sizeof(value.u.value_int));
2516 break;
2517 case COAP_ENC_TEXT:
2518 for (j = 0; oscore_config[i].text_mapping[j].text.s != NULL; j++) {
2519 if (coap_string_equal(&value.u.value_str,
2520 &oscore_config[i].text_mapping[j].text)) {
2521 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
2522 &oscore_config[i].text_mapping[j].value,
2523 sizeof(oscore_config[i].text_mapping[j].value));
2524 break;
2525 }
2526 }
2527 if (oscore_config[i].text_mapping[j].text.s == NULL) {
2528 coap_log_warn("oscore_conf: Keyword '%.*s': value '%.*s' unknown\n",
2529 (int)keyword.length,
2530 (const char *)keyword.s,
2531 (int)value.u.value_str.length,
2532 (const char *)value.u.value_str.s);
2533 goto error;
2534 }
2535 break;
2536 case COAP_ENC_UNSIGNED64:
2537 case COAP_ENC_LAST:
2538 default:
2539 assert(0);
2540 break;
2541 }
2542 }
2543 break;
2544 }
2545 }
2546 if (i == sizeof(oscore_config) / sizeof(oscore_config[0])) {
2547 coap_log_warn("oscore_conf: Keyword '%.*s', type '%s' unknown\n",
2548 (int)keyword.length,
2549 (const char *)keyword.s,
2550 value.encoding_name);
2551 if (value.encoding == COAP_ENC_HEX || value.encoding == COAP_ENC_ASCII ||
2552 value.encoding == COAP_ENC_CONFIG) {
2553 coap_delete_bin_const(value.u.value_bin);
2554 }
2555 goto error;
2556 }
2557 }
2558 if (split_ok == -1)
2559 goto error;
2560 if (!oscore_conf->master_secret) {
2561 coap_log_warn("oscore_conf: master_secret not defined\n");
2562 goto error;
2563 }
2564 if (!oscore_conf->sender) {
2565 coap_log_warn("oscore_conf: sender_id not defined\n");
2566 goto error;
2567 }
2568 return oscore_conf;
2569
2570error_free_value_bin:
2571 coap_delete_bin_const(value.u.value_bin);
2572error:
2573 coap_delete_oscore_conf(oscore_conf);
2574 return NULL;
2575}
2576
2577static oscore_ctx_t *
2578coap_oscore_init(coap_context_t *c_context, coap_oscore_conf_t *oscore_conf) {
2579 oscore_ctx_t *osc_ctx = NULL;
2580
2581 if (!coap_crypto_check_cipher_alg(oscore_conf->aead_alg)) {
2582 coap_log_warn("COSE: Cipher Algorithm %d not supported\n",
2583 oscore_conf->aead_alg);
2584 goto error;
2585 }
2586 if (!coap_crypto_check_hkdf_alg(oscore_conf->hkdf_alg)) {
2587 coap_log_warn("COSE: HKDF Algorithm %d not supported\n",
2588 oscore_conf->hkdf_alg);
2589 goto error;
2590 }
2591
2592 osc_ctx = oscore_derive_ctx(c_context, oscore_conf);
2593 if (!osc_ctx) {
2594 coap_log_crit("OSCORE: Could not create Security Context!\n");
2595 coap_free_type(COAP_STRING, oscore_conf);
2596 return NULL;
2597 }
2598
2599 /* As all is stored in osc_ctx, oscore_conf is no longer needed */
2600 coap_free_type(COAP_STRING, oscore_conf);
2601
2602 /* return default first context */
2603 return osc_ctx;
2604
2605error:
2606 /* Remove from linked chain */
2607 oscore_remove_context(c_context, osc_ctx);
2608
2609 coap_delete_oscore_conf(oscore_conf);
2610 return NULL;
2611}
2612
2613void
2614coap_delete_all_oscore(coap_context_t *c_context) {
2615 oscore_free_contexts(c_context);
2616}
2617
2618void
2619coap_delete_oscore_associations(coap_session_t *session) {
2620 oscore_delete_server_associations(session);
2621}
2622
2623void
2624coap_oscore_session_set_recipient_ctx(coap_session_t *session,
2625 oscore_recipient_ctx_t *recipient_ctx) {
2626 oscore_recipient_ctx_t *old_ctx;
2627
2628 if (session == NULL || recipient_ctx == NULL)
2629 return;
2630
2631 if (session->recipient_ctx == recipient_ctx) {
2632 /* already attached */
2633 return;
2634 }
2635
2636 old_ctx = session->recipient_ctx;
2637
2638 /* attach recipient context */
2639 session->recipient_ctx = recipient_ctx;
2640 session->recipient_ctx->ref++;
2641
2642 if (old_ctx != NULL) {
2643 oscore_release_recipient_ctx(&old_ctx);
2644 }
2645}
2646
2647void
2648coap_oscore_association_set_recipient_ctx(oscore_association_t *association,
2649 oscore_recipient_ctx_t *recipient_ctx) {
2650 if (association == NULL)
2651 return;
2652
2653 if (association->recipient_ctx == recipient_ctx)
2654 return;
2655
2656 if (association->recipient_ctx != NULL) {
2657 association->recipient_ctx->ref--;
2658 }
2659
2660 association->recipient_ctx = recipient_ctx;
2661 association->recipient_ctx->ref++;
2662}
2663
2664coap_oscore_conf_t *
2665coap_new_oscore_conf(coap_str_const_t conf_mem,
2666 coap_oscore_save_seq_num_t save_seq_num_func,
2667 void *save_seq_num_func_param,
2668 uint64_t start_seq_num) {
2669 coap_oscore_conf_t *oscore_conf = coap_parse_oscore_conf_mem(conf_mem);
2670
2671 if (oscore_conf == NULL)
2672 return NULL;
2673
2674 oscore_conf->save_seq_num_func = save_seq_num_func;
2675 oscore_conf->save_seq_num_func_param = save_seq_num_func_param;
2676 oscore_conf->start_seq_num = start_seq_num;
2677 coap_log_oscore("Start Seq no %" PRIu64 "\n", start_seq_num);
2678 return oscore_conf;
2679}
2680
2681/*
2682 * Compute the size of the potential OSCORE overhead
2683 */
2684size_t
2685coap_oscore_overhead(coap_session_t *session, coap_pdu_t *pdu) {
2686 size_t overhead = 0;
2687 oscore_recipient_ctx_t *rcp_ctx = session->recipient_ctx;
2688 oscore_ctx_t *osc_ctx = rcp_ctx ? rcp_ctx->osc_ctx : NULL;
2689 coap_opt_iterator_t opt_iter;
2690 coap_opt_t *option;
2691
2692 if (osc_ctx == NULL)
2693 return 0;
2694
2695 /* Protected code held in inner PDU as token */
2696 overhead += 1;
2697
2698 /* Observe option (creates inner and outer */
2699 option = coap_check_option(pdu, COAP_OPTION_OBSERVE, &opt_iter);
2700 if (option) {
2701 /* Assume delta is small */
2702 overhead += 2 + coap_opt_length(option);
2703 }
2704
2705 /* Proxy URI option Split - covered by coap_rebuild_pdu_for_proxy () */
2706
2707 /* OSCORE option */
2708 /* Option header */
2709 overhead += 1 +
2710 /* Partial IV (64 bits max)*/
2711 8 +
2712 /* kid context */
2713 (osc_ctx->id_context ? osc_ctx->id_context->length : 0) +
2714 /* kid */
2715 osc_ctx->sender_context->sender_id->length;
2716
2717 /* AAD overhead */
2718 overhead += AES_CCM_TAG;
2719
2720 /* End of options marker */
2721 overhead += 1;
2722
2723 return overhead;
2724}
2725
2726COAP_API int
2727coap_new_oscore_recipient(coap_context_t *context,
2728 coap_bin_const_t *recipient_id) {
2729 int ret;
2730
2731 coap_lock_lock(return 0);
2732 ret = coap_new_oscore_recipient_lkd(context, recipient_id);
2733 coap_lock_unlock();
2734 return ret;
2735}
2736
2737int
2738coap_new_oscore_recipient_lkd(coap_context_t *context,
2739 coap_bin_const_t *recipient_id) {
2740 coap_oscore_rcp_conf_t *rcp_conf;
2741 oscore_recipient_ctx_t *rcp_ctx;
2742
2743 coap_lock_check_locked();
2744
2745 if (context->p_osc_ctx == NULL) {
2746 coap_delete_bin_const(recipient_id);
2747 return 0;
2748 }
2749 rcp_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_rcp_conf_t));
2750 if (rcp_conf == NULL) {
2751 coap_delete_bin_const(recipient_id);
2752 return 0;
2753 }
2754 memset(rcp_conf, 0, sizeof(coap_oscore_rcp_conf_t));
2755 rcp_conf->recipient_id = recipient_id;
2756 /* rcp_conf is released in oscore_add_recipient() */
2757 rcp_ctx = oscore_add_recipient(context->p_osc_ctx, rcp_conf, 0);
2758 if (rcp_ctx == NULL)
2759 return 0;
2760 return 1;
2761}
2762
2763COAP_API int
2764coap_delete_oscore_recipient(coap_context_t *context,
2765 coap_bin_const_t *recipient_id) {
2766 int ret;
2767
2768 if (!context || !recipient_id)
2769 return 0;
2770 coap_lock_lock(return 0);
2771 ret = coap_delete_oscore_recipient_lkd(context, recipient_id);
2772 coap_lock_unlock();
2773 return ret;
2774}
2775
2776int
2777coap_delete_oscore_recipient_lkd(coap_context_t *context,
2778 coap_bin_const_t *recipient_id) {
2779 coap_lock_check_locked();
2780 if (context->p_osc_ctx == NULL)
2781 return 0;
2782 return oscore_delete_recipient(context->p_osc_ctx, recipient_id);
2783}
2784
2785void
2786coap_oscore_register_external_handlers(coap_context_t *context,
2787 coap_oscore_find_handler_t find_handler,
2788 coap_oscore_update_seq_num_handler_t update_seq_num_handler) {
2789 if (context == NULL)
2790 return;
2791
2792 coap_lock_lock(return);
2793 context->oscore_find_cb = find_handler;
2794 context->oscore_update_seq_num_cb = update_seq_num_handler;
2795 coap_lock_unlock();
2796}
2797
2798static coap_oscore_rcp_conf_t *
2799coap_oscore_get_recipient_conf(coap_oscore_conf_t *oscore_conf,
2800 const coap_bin_const_t *rid) {
2801 coap_oscore_rcp_conf_t *next = oscore_conf->recipient_chain;
2802
2803 while (next) {
2804 if (coap_binary_equal(next->recipient_id, rid)) {
2805 return next;
2806 }
2807 next = next->next_recipient;
2808 }
2809 return NULL;
2810}
2811
2812
2813COAP_API int
2814coap_oscore_recipient_set_latest_seq(coap_oscore_conf_t *oscore_conf,
2815 const coap_bin_const_t *recipient_id,
2816 uint64_t last_seq, uint64_t seq_window) {
2817 int ret;
2818
2819 coap_lock_lock(return 0);
2820 ret = coap_oscore_recipient_set_latest_seq_lkd(oscore_conf, recipient_id, last_seq,
2821 seq_window);
2822 coap_lock_unlock();
2823 return ret;
2824}
2825
2826int
2827coap_oscore_recipient_set_latest_seq_lkd(coap_oscore_conf_t *oscore_conf,
2828 const coap_bin_const_t *recipient_id,
2829 uint64_t last_seq, uint64_t seq_window) {
2830 coap_oscore_rcp_conf_t *rcp_conf;
2831
2832 rcp_conf = coap_oscore_get_recipient_conf(oscore_conf, recipient_id);
2833 if (rcp_conf) {
2834 rcp_conf->last_seq = last_seq;
2835 rcp_conf->sliding_window = seq_window;
2836 return 1;
2837 }
2838 return 0;
2839}
2840
2843#else /* !COAP_OSCORE_SUPPORT */
2844int
2845coap_oscore_is_supported(void) {
2846 return 0;
2847}
2848
2849coap_session_t *
2850coap_new_client_session_oscore(coap_context_t *ctx,
2851 const coap_address_t *local_if,
2852 const coap_address_t *server,
2853 coap_proto_t proto,
2854 coap_oscore_conf_t *oscore_conf) {
2855 (void)ctx;
2856 (void)local_if;
2857 (void)server;
2858 (void)proto;
2859 (void)oscore_conf;
2860 return NULL;
2861}
2862
2863coap_session_t *
2864coap_new_client_session_oscore3(coap_context_t *ctx,
2865 const coap_address_t *local_if,
2866 const coap_address_t *server,
2867 coap_proto_t proto,
2868 coap_oscore_conf_t *oscore_conf,
2869 void *app_data,
2870 coap_app_data_free_callback_t callback,
2871 coap_str_const_t *ws_host) {
2872 (void)ctx;
2873 (void)local_if;
2874 (void)server;
2875 (void)proto;
2876 (void)oscore_conf;
2877 (void)app_data;
2878 (void)callback;
2879 (void)ws_host;
2880 return NULL;
2881}
2882
2883coap_session_t *
2884coap_new_client_session_oscore_psk(coap_context_t *ctx,
2885 const coap_address_t *local_if,
2886 const coap_address_t *server,
2887 coap_proto_t proto,
2888 coap_dtls_cpsk_t *psk_data,
2889 coap_oscore_conf_t *oscore_conf) {
2890 (void)ctx;
2891 (void)local_if;
2892 (void)server;
2893 (void)proto;
2894 (void)psk_data;
2895 (void)oscore_conf;
2896 return NULL;
2897}
2898
2899coap_session_t *
2900coap_new_client_session_oscore_psk3(coap_context_t *ctx,
2901 const coap_address_t *local_if,
2902 const coap_address_t *server,
2903 coap_proto_t proto,
2904 coap_dtls_cpsk_t *psk_data,
2905 coap_oscore_conf_t *oscore_conf,
2906 void *app_data,
2907 coap_app_data_free_callback_t callback,
2908 coap_str_const_t *ws_host) {
2909 (void)ctx;
2910 (void)local_if;
2911 (void)server;
2912 (void)proto;
2913 (void)psk_data;
2914 (void)oscore_conf;
2915 (void)app_data;
2916 (void)callback;
2917 (void)ws_host;
2918 return NULL;
2919}
2920
2921coap_session_t *
2922coap_new_client_session_oscore_pki(coap_context_t *ctx,
2923 const coap_address_t *local_if,
2924 const coap_address_t *server,
2925 coap_proto_t proto,
2926 coap_dtls_pki_t *pki_data,
2927 coap_oscore_conf_t *oscore_conf) {
2928 (void)ctx;
2929 (void)local_if;
2930 (void)server;
2931 (void)proto;
2932 (void)pki_data;
2933 (void)oscore_conf;
2934 return NULL;
2935}
2936
2937coap_session_t *
2938coap_new_client_session_oscore_pki3(coap_context_t *ctx,
2939 const coap_address_t *local_if,
2940 const coap_address_t *server,
2941 coap_proto_t proto,
2942 coap_dtls_pki_t *pki_data,
2943 coap_oscore_conf_t *oscore_conf,
2944 void *app_data,
2945 coap_app_data_free_callback_t callback,
2946 coap_str_const_t *ws_host) {
2947 (void)ctx;
2948 (void)local_if;
2949 (void)server;
2950 (void)proto;
2951 (void)pki_data;
2952 (void)oscore_conf;
2953 (void)app_data;
2954 (void)callback;
2955 (void)ws_host;
2956 return NULL;
2957}
2958
2959int
2960coap_context_oscore_server(coap_context_t *context,
2961 coap_oscore_conf_t *oscore_conf) {
2962 (void)context;
2963 (void)oscore_conf;
2964 return 0;
2965}
2966
2967coap_oscore_conf_t *
2968coap_new_oscore_conf(coap_str_const_t conf_mem,
2969 coap_oscore_save_seq_num_t save_seq_num_func,
2970 void *save_seq_num_func_param,
2971 uint64_t start_seq_num) {
2972 (void)conf_mem;
2973 (void)save_seq_num_func;
2974 (void)save_seq_num_func_param;
2975 (void)start_seq_num;
2976 return NULL;
2977}
2978
2979int
2980coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf) {
2981 (void)oscore_conf;
2982 return 0;
2983}
2984
2985int
2986coap_new_oscore_recipient(coap_context_t *context,
2987 coap_bin_const_t *recipient_id) {
2988 (void)context;
2989 (void)recipient_id;
2990 return 0;
2991}
2992
2993int
2994coap_delete_oscore_recipient(coap_context_t *context,
2995 coap_bin_const_t *recipient_id) {
2996 (void)context;
2997 (void)recipient_id;
2998 return 0;
2999}
3000
3001void
3002coap_oscore_register_external_handlers(coap_context_t *context,
3003 coap_oscore_find_handler_t find_handler,
3004 coap_oscore_update_seq_num_handler_t update_seq_num_handler) {
3005 (void)context;
3006 (void)find_handler;
3007 (void)update_seq_num_handler;
3008}
3009
3010COAP_API int
3011coap_oscore_recipient_set_last_seq(coap_oscore_conf_t *oscore_conf,
3012 const coap_bin_const_t *recipient_id,
3013 uint64_t last_seq) {
3014 (void)oscore_conf;
3015 (void)recipient_id;
3016 (void)last_seq;
3017 return 0;
3018}
3019
3020COAP_API int
3021coap_oscore_recipient_set_seq_window(coap_oscore_conf_t *oscore_conf,
3022 const coap_bin_const_t *recipient_id,
3023 uint64_t seq_window) {
3024 (void)oscore_conf;
3025 (void)recipient_id;
3026 (void)seq_window;
3027 return 0;
3028}
3029
3030#endif /* !COAP_OSCORE_SUPPORT */
coap_lg_crcv_t
struct coap_lg_crcv_t coap_lg_crcv_t
Definition coap_forward_decls.h:55
PRIu64
#define PRIu64
Definition coap_internal.h:59
coap_libcoap_build.h
Library specific build wrapper for coap_internal.h.
COAP_API
#define COAP_API
Definition coap_libcoap_build.h:41
COAP_OSCORE_BUF
@ COAP_OSCORE_BUF
Definition coap_mem.h:60
COAP_STRING
@ COAP_STRING
Definition coap_mem.h:33
coap_malloc_type
void * coap_malloc_type(coap_memory_tag_t type, size_t size)
Allocates a chunk of size bytes and returns a pointer to the newly allocated memory.
coap_free_type
void coap_free_type(coap_memory_tag_t type, void *p)
Releases the memory that was allocated by coap_malloc_type().
NULL
#define NULL
Definition coap_option.h:30
coap_opt_t
uint8_t coap_opt_t
Use byte-oriented access methods here because sliding a complex struct coap_opt_t over the data buffe...
Definition coap_option.h:43
coap_oscore_recipient_set_seq_window
COAP_API int coap_oscore_recipient_set_seq_window(coap_oscore_conf_t *oscore_conf, const coap_bin_const_t *recipient_id, uint64_t seq_window)
Definition coap_oscore.c:3021
coap_oscore_recipient_set_last_seq
COAP_API int coap_oscore_recipient_set_last_seq(coap_oscore_conf_t *oscore_conf, const coap_bin_const_t *recipient_id, uint64_t last_seq)
Definition coap_oscore.c:3011
coap_uri_scheme_is_secure
static int coap_uri_scheme_is_secure(const coap_uri_t *uri)
Definition coap_uri.h:92
COAP_URI_SCHEME_LAST
@ COAP_URI_SCHEME_LAST
Definition coap_uri.h:39
coap_send_ack_lkd
coap_mid_t coap_send_ack_lkd(coap_session_t *session, const coap_pdu_t *request)
Sends an ACK message with code 0 for the specified request to dst.
Definition coap_net.c:1132
COAP_BLOCK_CACHE_RESPONSE
#define COAP_BLOCK_CACHE_RESPONSE
Definition coap_block.h:73
coap_prng_lkd
int coap_prng_lkd(void *buf, size_t len)
Fills buf with len random bytes using the default pseudo random number generator.
Definition coap_prng.c:190
coap_handle_event_lkd
int coap_handle_event_lkd(coap_context_t *context, coap_event_t event, coap_session_t *session)
Invokes the event handler of context for the given event and data.
Definition coap_net.c:5123
coap_new_message_id_lkd
uint16_t coap_new_message_id_lkd(coap_session_t *session)
Returns a new message id and updates session->tx_mid accordingly.
Definition coap_session.c:2294
coap_send_internal
coap_mid_t coap_send_internal(coap_session_t *session, coap_pdu_t *pdu, coap_pdu_t *request_pdu)
Sends a CoAP message to given peer.
Definition coap_net.c:2041
coap_cancel_all_messages
void coap_cancel_all_messages(coap_context_t *context, coap_session_t *session, coap_bin_const_t *token)
Cancels all outstanding messages for session session that have the specified token.
Definition coap_net.c:3236
COAP_OSCORE_DEFAULT_REPLAY_WINDOW
#define COAP_OSCORE_DEFAULT_REPLAY_WINDOW
Definition coap_crypto_internal.h:42
coap_crypto_check_hkdf_alg
int coap_crypto_check_hkdf_alg(cose_hkdf_alg_t hkdf_alg)
Check whether the defined hkdf algorithm is supported by the underlying crypto library.
coap_crypto_check_cipher_alg
int coap_crypto_check_cipher_alg(cose_alg_t alg)
Check whether the defined cipher algorithm is supported by the underlying crypto library.
coap_encode_var_safe
unsigned int coap_encode_var_safe(uint8_t *buf, size_t length, unsigned int val)
Encodes multiple-length byte sequences.
Definition coap_encode.c:47
coap_decode_var_bytes
unsigned int coap_decode_var_bytes(const uint8_t *buf, size_t len)
Decodes multiple-length byte sequences.
Definition coap_encode.c:38
coap_decode_var_bytes8
uint64_t coap_decode_var_bytes8(const uint8_t *buf, size_t len)
Decodes multiple-length byte sequences.
Definition coap_encode.c:71
coap_encode_var_safe8
unsigned int coap_encode_var_safe8(uint8_t *buf, size_t length, uint64_t val)
Encodes multiple-length byte sequences.
Definition coap_encode.c:81
COAP_EVENT_OSCORE_DECODE_ERROR
@ COAP_EVENT_OSCORE_DECODE_ERROR
Triggered when there is an OSCORE decode of OSCORE option failure.
Definition coap_event.h:130
COAP_EVENT_OSCORE_INTERNAL_ERROR
@ COAP_EVENT_OSCORE_INTERNAL_ERROR
Triggered when there is an OSCORE internal error i.e malloc failed.
Definition coap_event.h:128
COAP_EVENT_OSCORE_NOT_ENABLED
@ COAP_EVENT_OSCORE_NOT_ENABLED
Triggered when trying to use OSCORE to decrypt, but it is not enabled.
Definition coap_event.h:122
COAP_EVENT_OSCORE_NO_SECURITY
@ COAP_EVENT_OSCORE_NO_SECURITY
Triggered when there is no OSCORE security definition found.
Definition coap_event.h:126
COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD
@ COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD
Triggered when there is no OSCORE encrypted payload provided.
Definition coap_event.h:124
COAP_EVENT_OSCORE_DECRYPTION_FAILURE
@ COAP_EVENT_OSCORE_DECRYPTION_FAILURE
Triggered when there is an OSCORE decryption failure.
Definition coap_event.h:120
coap_lock_callback
#define coap_lock_callback(func)
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:651
coap_lock_unlock
#define coap_lock_unlock()
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:612
coap_lock_check_locked
#define coap_lock_check_locked()
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:638
coap_lock_lock
#define coap_lock_lock(failed)
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:582
coap_log_debug
#define coap_log_debug(...)
Definition coap_debug.h:126
coap_get_log_level
coap_log_t coap_get_log_level(void)
Get the current logging level.
Definition coap_debug.c:103
coap_show_pdu
void coap_show_pdu(coap_log_t level, const coap_pdu_t *pdu)
Display the contents of the specified pdu.
Definition coap_debug.c:812
coap_log_oscore
#define coap_log_oscore(...)
Definition coap_debug.h:132
coap_log_warn
#define coap_log_warn(...)
Definition coap_debug.h:108
coap_log_err
#define coap_log_err(...)
Definition coap_debug.h:102
coap_log_crit
#define coap_log_crit(...)
Definition coap_debug.h:96
COAP_LOG_OSCORE
@ COAP_LOG_OSCORE
Definition coap_debug.h:65
COAP_LOG_DEBUG
@ COAP_LOG_DEBUG
Definition coap_debug.h:64
coap_option_next
coap_opt_t * coap_option_next(coap_opt_iterator_t *oi)
Updates the iterator oi to point to the next option.
Definition coap_option.c:153
coap_opt_length
uint32_t coap_opt_length(const coap_opt_t *opt)
Returns the length of the given option.
Definition coap_option.c:212
coap_option_iterator_init
coap_opt_iterator_t * coap_option_iterator_init(const coap_pdu_t *pdu, coap_opt_iterator_t *oi, const coap_opt_filter_t *filter)
Initializes the given option iterator oi to point to the beginning of the pdu's option list.
Definition coap_option.c:117
coap_delete_optlist
void coap_delete_optlist(coap_optlist_t *queue)
Removes all entries from the optlist_chain, freeing off their memory usage.
Definition coap_option.c:605
COAP_OPT_ALL
#define COAP_OPT_ALL
Pre-defined filter that includes all options.
Definition coap_option.h:125
coap_add_optlist_pdu
int coap_add_optlist_pdu(coap_pdu_t *pdu, coap_optlist_t **options)
The current optlist of optlist_chain is first sorted (as per RFC7272 ordering requirements) and then ...
Definition coap_option.c:554
coap_check_option
coap_opt_t * coap_check_option(const coap_pdu_t *pdu, coap_option_num_t number, coap_opt_iterator_t *oi)
Retrieves the first option of number number from pdu.
Definition coap_option.c:199
coap_opt_value
const uint8_t * coap_opt_value(const coap_opt_t *opt)
Returns a pointer to the value of the given option.
Definition coap_option.c:249
oscore_cbor_get_element_size
size_t oscore_cbor_get_element_size(const uint8_t **buffer, size_t *buf_size)
cose_encrypt0_set_plaintext
void cose_encrypt0_set_plaintext(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size)
cose_encrypt0_set_key
int cose_encrypt0_set_key(cose_encrypt0_t *ptr, coap_bin_const_t *key)
cose_encrypt0_set_kid_context
void cose_encrypt0_set_kid_context(cose_encrypt0_t *ptr, coap_bin_const_t *kid_context)
cose_get_alg_name
const char * cose_get_alg_name(cose_alg_t id, char *buffer, size_t buflen)
cose_encrypt0_set_ciphertext
void cose_encrypt0_set_ciphertext(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size)
cose_encrypt0_decrypt
int cose_encrypt0_decrypt(cose_encrypt0_t *ptr, uint8_t *plaintext_buffer, size_t plaintext_len)
cose_tag_len
size_t cose_tag_len(cose_alg_t cose_alg)
cose_encrypt0_set_aad
void cose_encrypt0_set_aad(cose_encrypt0_t *ptr, coap_bin_const_t *aad)
cose_curve_t
cose_curve_t
Definition oscore_cose.h:62
cose_encrypt0_encrypt
int cose_encrypt0_encrypt(cose_encrypt0_t *ptr, uint8_t *ciphertext_buffer, size_t ciphertext_len)
cose_encrypt0_set_partial_iv
void cose_encrypt0_set_partial_iv(cose_encrypt0_t *ptr, coap_bin_const_t *partial_iv)
cose_encrypt0_set_external_aad
void cose_encrypt0_set_external_aad(cose_encrypt0_t *ptr, coap_bin_const_t *external_aad)
cose_encrypt0_init
void cose_encrypt0_init(cose_encrypt0_t *ptr)
cose_encrypt0_set_alg
void cose_encrypt0_set_alg(cose_encrypt0_t *ptr, uint8_t alg)
cose_encrypt0_set_key_id
void cose_encrypt0_set_key_id(cose_encrypt0_t *ptr, coap_bin_const_t *key_id)
cose_encrypt0_set_nonce
void cose_encrypt0_set_nonce(cose_encrypt0_t *ptr, coap_bin_const_t *nonce)
COSE_HKDF_ALG_HKDF_SHA_256
@ COSE_HKDF_ALG_HKDF_SHA_256
Definition oscore_cose.h:169
COSE_ALGORITHM_AES_CCM_16_64_128
@ COSE_ALGORITHM_AES_CCM_16_64_128
Definition oscore_cose.h:147
COSE_ALGORITHM_AES_CCM_16_64_256
@ COSE_ALGORITHM_AES_CCM_16_64_256
Definition oscore_cose.h:148
oscore_prepare_aad
size_t oscore_prepare_aad(const uint8_t *external_aad_buffer, size_t external_aad_len, uint8_t *aad_buffer, size_t aad_size)
oscore_encode_option_value
size_t oscore_encode_option_value(uint8_t *option_buffer, size_t option_buf_len, cose_encrypt0_t *cose, uint8_t group, uint8_t appendix_b_2)
coap_oscore_association_set_recipient_ctx
void coap_oscore_association_set_recipient_ctx(oscore_association_t *association, oscore_recipient_ctx_t *recipient_ctx)
Set the recipient context of an association.
oscore_derive_ctx_from_conf
oscore_ctx_t * oscore_derive_ctx_from_conf(coap_oscore_conf_t *oscore_conf)
oscore_derive_ctx_from_conf - derive a osc_ctx from oscore_conf information
coap_delete_oscore_recipient_lkd
int coap_delete_oscore_recipient_lkd(coap_context_t *context, coap_bin_const_t *recipient_id)
Release all the information associated for the specific Recipient ID (and hence and stop any further ...
oscore_delete_association
int oscore_delete_association(coap_session_t *session, oscore_association_t *association)
coap_new_client_session_oscore3_lkd
coap_session_t * coap_new_client_session_oscore3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, protecting the data using OSCORE,...
oscore_validate_sender_seq
uint8_t oscore_validate_sender_seq(oscore_recipient_ctx_t *ctx, cose_encrypt0_t *cose)
oscore_add_recipient
oscore_recipient_ctx_t * oscore_add_recipient(oscore_ctx_t *ctx, coap_oscore_rcp_conf_t *rcp_conf, uint32_t break_key)
oscore_add_recipient - add in recipient information
OSCORE_SEQ_MAX
#define OSCORE_SEQ_MAX
Definition oscore_context.h:74
coap_init_oscore_context_from_conf
oscore_ctx_t * coap_init_oscore_context_from_conf(coap_oscore_conf_t *oscore_conf)
Initializes an OSCORE context from the given configuration.
AES_CCM_TAG
#define AES_CCM_TAG
Definition oscore_crypto.h:63
coap_oscore_session_set_recipient_ctx
void coap_oscore_session_set_recipient_ctx(coap_session_t *session, oscore_recipient_ctx_t *recipient_ctx)
Attach the OSCORE recipient context information to the session.
oscore_decode_option_value
int oscore_decode_option_value(const uint8_t *option_value, size_t option_len, cose_encrypt0_t *cose)
coap_delete_oscore_snd_conf
int coap_delete_oscore_snd_conf(coap_oscore_snd_conf_t *oscore_snd_conf)
Release all the information associated with the OSCORE complex Sender configuration.
coap_oscore_new_pdu_encrypted_lkd
coap_pdu_t * coap_oscore_new_pdu_encrypted_lkd(coap_session_t *session, coap_pdu_t *pdu, coap_bin_const_t *kid_context, oscore_partial_iv_t send_partial_iv)
Encrypts the specified pdu when OSCORE encryption is required on session.
oscore_delete_recipient
int oscore_delete_recipient(oscore_ctx_t *osc_ctx, coap_bin_const_t *rid)
oscore_increment_sender_seq
uint8_t oscore_increment_sender_seq(oscore_ctx_t *ctx)
oscore_update_ctx
void oscore_update_ctx(oscore_ctx_t *osc_ctx, coap_bin_const_t *id_context)
oscore_update_ctx - update a osc_ctx with a new id_context
coap_new_client_session_oscore_psk3_lkd
coap_session_t * coap_new_client_session_oscore_psk3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PSK credentials protecting the data using...
oscore_derive_ctx
oscore_ctx_t * oscore_derive_ctx(coap_context_t *c_context, coap_oscore_conf_t *oscore_conf)
oscore_derive_ctx - derive a osc_ctx from oscore_conf information
coap_oscore_new_pdu_encrypted
COAP_API coap_pdu_t * coap_oscore_new_pdu_encrypted(coap_session_t *session, coap_pdu_t *pdu, coap_bin_const_t *kid_context, oscore_partial_iv_t send_partial_iv)
Encrypts the specified pdu when OSCORE encryption is required on session.
oscore_roll_back_seq
void oscore_roll_back_seq(oscore_recipient_ctx_t *ctx)
oscore_new_association
int oscore_new_association(coap_session_t *session, coap_pdu_t *sent_pdu, coap_bin_const_t *token, oscore_recipient_ctx_t *recipient_ctx, coap_bin_const_t *aad, coap_bin_const_t *nonce, coap_bin_const_t *partial_iv, int is_observe)
oscore_prepare_e_aad
size_t oscore_prepare_e_aad(oscore_ctx_t *ctx, cose_encrypt0_t *cose, const uint8_t *oscore_option, size_t oscore_option_len, coap_bin_const_t *sender_public_key, uint8_t *external_aad_ptr, size_t external_aad_size)
oscore_delete_server_associations
void oscore_delete_server_associations(coap_session_t *session)
oscore_log_char_value
void oscore_log_char_value(coap_log_t level, const char *name, const char *value)
oscore_find_context
oscore_ctx_t * oscore_find_context(coap_session_t *session, const coap_bin_const_t rcpkey_id, const coap_bin_const_t *ctxkey_id, uint8_t *oscore_r2, oscore_recipient_ctx_t **recipient_ctx)
oscore_find_context - Locate recipient context (and hence OSCORE context)
coap_oscore_decrypt_pdu
struct coap_pdu_t * coap_oscore_decrypt_pdu(coap_session_t *session, coap_pdu_t *pdu)
Decrypts the OSCORE-encrypted parts of pdu when OSCORE is used.
coap_oscore_recipient_set_latest_seq_lkd
int coap_oscore_recipient_set_latest_seq_lkd(coap_oscore_conf_t *oscore_conf, const coap_bin_const_t *recipient_id, uint64_t last_seq, uint64_t seq_window)
Set the latest sequence number and sliding window for the specified recipient id in the compiled conf...
coap_rebuild_pdu_for_proxy
int coap_rebuild_pdu_for_proxy(coap_pdu_t *pdu)
Convert PDU to use Proxy-Scheme option if Proxy-Uri option is present.
oscore_free_contexts
void oscore_free_contexts(coap_context_t *c_context)
oscore_log_hex_value
void oscore_log_hex_value(coap_log_t level, const char *name, coap_bin_const_t *value)
coap_delete_oscore_associations
void coap_delete_oscore_associations(coap_session_t *session)
Cleanup all allocated OSCORE association information.
coap_oscore_initiate
int coap_oscore_initiate(coap_session_t *session, coap_oscore_conf_t *oscore_conf)
Initiate an OSCORE session.
coap_new_oscore_recipient_lkd
int coap_new_oscore_recipient_lkd(coap_context_t *context, coap_bin_const_t *recipient_id)
Add in the specific Recipient ID into the OSCORE context (server only).
oscore_duplicate_ctx
oscore_ctx_t * oscore_duplicate_ctx(coap_context_t *c_context, oscore_ctx_t *o_osc_ctx, coap_bin_const_t *sender_id, coap_bin_const_t *recipient_id, coap_bin_const_t *id_context)
oscore_duplicate_ctx - duplicate a osc_ctx
oscore_partial_iv_t
oscore_partial_iv_t
Definition coap_oscore_internal.h:87
coap_delete_all_oscore
void coap_delete_all_oscore(coap_context_t *context)
Cleanup all allocated OSCORE information.
oscore_generate_nonce
void oscore_generate_nonce(cose_encrypt0_t *ptr, oscore_ctx_t *ctx, uint8_t *buffer, uint8_t size)
oscore_remove_context
int oscore_remove_context(coap_context_t *c_context, oscore_ctx_t *osc_ctx)
oscore_find_association
oscore_association_t * oscore_find_association(coap_session_t *session, coap_bin_const_t *token)
coap_context_oscore_server_lkd
int coap_context_oscore_server_lkd(coap_context_t *context, coap_oscore_conf_t *oscore_conf)
Set the context's default OSCORE configuration for a server.
coap_delete_oscore_rcp_conf
int coap_delete_oscore_rcp_conf(coap_oscore_rcp_conf_t *oscore_rcp_conf)
Release all the information associated with the OSCORE complex Recipient configuration.
oscore_release_recipient_ctx
void oscore_release_recipient_ctx(oscore_recipient_ctx_t **recipient_ctx)
Cleanup recipient context, including releasing the oscore context if the oscore context referenced is...
coap_new_client_session_oscore_pki3_lkd
coap_session_t * coap_new_client_session_oscore_pki3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PKI credentials protecting the data using...
coap_oscore_overhead
size_t coap_oscore_overhead(coap_session_t *session, coap_pdu_t *pdu)
Determine the additional data size requirements for adding in OSCORE.
OSCORE_SEND_PARTIAL_IV
@ OSCORE_SEND_PARTIAL_IV
Send partial IV with encrypted PDU.
Definition coap_oscore_internal.h:89
OSCORE_SEND_NO_IV
@ OSCORE_SEND_NO_IV
Do not send partial IV unless added by a response.
Definition coap_oscore_internal.h:88
coap_oscore_recipient_set_latest_seq
COAP_API int coap_oscore_recipient_set_latest_seq(coap_oscore_conf_t *oscore_conf, const coap_bin_const_t *recipient_id, uint64_t last_seq, uint64_t seq_window)
Set the latest sequence number and sliding window for the specified recipient id in the compiled conf...
coap_new_oscore_conf
coap_oscore_conf_t * coap_new_oscore_conf(coap_str_const_t conf_mem, coap_oscore_save_seq_num_t save_seq_num_func, void *save_seq_num_func_param, uint64_t start_seq_num)
Parse an OSCORE configuration (held in memory) and populate a OSCORE configuration structure.
Definition coap_oscore.c:2968
coap_new_client_session_oscore_psk
coap_session_t * coap_new_client_session_oscore_psk(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PSK credentials as well as protecting the ...
Definition coap_oscore.c:2884
coap_new_client_session_oscore_psk3
coap_session_t * coap_new_client_session_oscore_psk3(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PSK credentials protecting the data using...
Definition coap_oscore.c:2900
coap_oscore_update_seq_num_handler_t
int(* coap_oscore_update_seq_num_handler_t)(const coap_session_t *session, const coap_bin_const_t *rcpkey_id, const coap_bin_const_t *ctxkey_id, uint64_t receiver_seq_num, uint64_t seq_num_window)
Callback function type for persisting the OSCORE receiver sequence number and anti-replay sliding win...
Definition coap_oscore.h:77
coap_delete_oscore_conf
int coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf)
Release all the information associated with the OSCORE configuration.
Definition coap_oscore.c:2980
coap_new_client_session_oscore
coap_session_t * coap_new_client_session_oscore(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server, protecting the data using OSCORE.
Definition coap_oscore.c:2850
coap_context_oscore_server
int coap_context_oscore_server(coap_context_t *context, coap_oscore_conf_t *oscore_conf)
Set the context's default OSCORE configuration for a server.
Definition coap_oscore.c:2960
coap_oscore_find_handler_t
coap_oscore_conf_t *(* coap_oscore_find_handler_t)(const coap_session_t *session, const coap_bin_const_t *rcpkey_id, const coap_bin_const_t *ctxkey_id)
Callback function type for overriding oscore_find_context().
Definition coap_oscore.h:54
coap_new_client_session_oscore_pki
coap_session_t * coap_new_client_session_oscore_pki(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PKI credentials as well as protecting the ...
Definition coap_oscore.c:2922
coap_new_client_session_oscore3
coap_session_t * coap_new_client_session_oscore3(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, protecting the data using OSCORE,...
Definition coap_oscore.c:2864
coap_new_oscore_recipient
int coap_new_oscore_recipient(coap_context_t *context, coap_bin_const_t *recipient_id)
Add in the specific Recipient ID into the OSCORE context (server only).
Definition coap_oscore.c:2986
coap_oscore_save_seq_num_t
int(* coap_oscore_save_seq_num_t)(uint64_t sender_seq_num, void *param)
Definition of the function used to save the current Sender Sequence Number.
Definition coap_oscore.h:314
coap_delete_oscore_recipient
int coap_delete_oscore_recipient(coap_context_t *context, coap_bin_const_t *recipient_id)
Release all the information associated for the specific Recipient ID (and hence stop any further OSCO...
Definition coap_oscore.c:2994
coap_oscore_register_external_handlers
void coap_oscore_register_external_handlers(coap_context_t *context, coap_oscore_find_handler_t find_handler, coap_oscore_update_seq_num_handler_t update_seq_num_handler)
Register external storage handlers for OSCORE session state.
Definition coap_oscore.c:3002
coap_new_client_session_oscore_pki3
coap_session_t * coap_new_client_session_oscore_pki3(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PKI credentials protecting the data using...
Definition coap_oscore.c:2938
coap_delete_pdu_lkd
void coap_delete_pdu_lkd(coap_pdu_t *pdu)
Dispose of an CoAP PDU and free off associated storage.
Definition coap_pdu.c:195
coap_insert_option
size_t coap_insert_option(coap_pdu_t *pdu, coap_option_num_t number, size_t len, const uint8_t *data)
Inserts option of given number in the pdu with the appropriate data.
Definition coap_pdu.c:685
coap_remove_option
int coap_remove_option(coap_pdu_t *pdu, coap_option_num_t number)
Removes (first) option of given number from the pdu.
Definition coap_pdu.c:544
coap_update_token
int coap_update_token(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Updates token in pdu with length len and data.
Definition coap_pdu.c:468
COAP_PDU_IS_PING
#define COAP_PDU_IS_PING(pdu)
Definition coap_pdu_internal.h:103
coap_pdu_duplicate_lkd
coap_pdu_t * coap_pdu_duplicate_lkd(const coap_pdu_t *old_pdu, coap_session_t *session, size_t token_length, const uint8_t *token, coap_opt_filter_t *drop_options, coap_bool_t expand_opt_abb)
Duplicate an existing PDU.
Definition coap_pdu.c:235
coap_pdu_encode_header
size_t coap_pdu_encode_header(coap_pdu_t *pdu, coap_proto_t proto)
Compose the protocol specific header for the specified PDU.
Definition coap_pdu.c:1592
COAP_PAYLOAD_START
#define COAP_PAYLOAD_START
Definition coap_pdu_internal.h:96
coap_pdu_resize
int coap_pdu_resize(coap_pdu_t *pdu, size_t new_size)
Dynamically grows the size of pdu to new_size.
Definition coap_pdu.c:339
COAP_PDU_IS_REQUEST
#define COAP_PDU_IS_REQUEST(pdu)
Definition coap_pdu_internal.h:99
coap_add_option_internal
size_t coap_add_option_internal(coap_pdu_t *pdu, coap_option_num_t number, size_t len, const uint8_t *data)
Adds option of given number to pdu that is passed as first parameter.
Definition coap_pdu.c:844
COAP_OPTION_HOP_LIMIT
#define COAP_OPTION_HOP_LIMIT
Definition coap_pdu.h:136
COAP_OPTION_NORESPONSE
#define COAP_OPTION_NORESPONSE
Definition coap_pdu.h:149
COAP_OPTION_URI_HOST
#define COAP_OPTION_URI_HOST
Definition coap_pdu.h:122
COAP_OPTION_IF_MATCH
#define COAP_OPTION_IF_MATCH
Definition coap_pdu.h:121
COAP_OPTION_BLOCK2
#define COAP_OPTION_BLOCK2
Definition coap_pdu.h:141
COAP_OPTION_CONTENT_FORMAT
#define COAP_OPTION_CONTENT_FORMAT
Definition coap_pdu.h:130
COAP_OPTION_SIZE2
#define COAP_OPTION_SIZE2
Definition coap_pdu.h:143
COAP_OPTION_BLOCK1
#define COAP_OPTION_BLOCK1
Definition coap_pdu.h:142
COAP_OPTION_PROXY_SCHEME
#define COAP_OPTION_PROXY_SCHEME
Definition coap_pdu.h:146
COAP_DEFAULT_PORT
#define COAP_DEFAULT_PORT
Definition coap_pdu.h:39
COAP_OPTION_URI_QUERY
#define COAP_OPTION_URI_QUERY
Definition coap_pdu.h:135
COAP_OPTION_IF_NONE_MATCH
#define COAP_OPTION_IF_NONE_MATCH
Definition coap_pdu.h:124
COAP_OPTION_LOCATION_PATH
#define COAP_OPTION_LOCATION_PATH
Definition coap_pdu.h:127
COAP_OPTION_URI_PATH
#define COAP_OPTION_URI_PATH
Definition coap_pdu.h:129
COAP_RESPONSE_CODE
#define COAP_RESPONSE_CODE(N)
Definition coap_pdu.h:164
COAP_RESPONSE_CLASS
#define COAP_RESPONSE_CLASS(C)
Definition coap_pdu.h:167
coap_proto_t
coap_proto_t
CoAP protocol types Note: coap_layers_coap[] needs updating if extended.
Definition coap_pdu.h:317
coap_pdu_code_t
coap_pdu_code_t
Set of codes available for a PDU.
Definition coap_pdu.h:331
COAP_OPTION_OSCORE
#define COAP_OPTION_OSCORE
Definition coap_pdu.h:128
COAP_OPTION_SIZE1
#define COAP_OPTION_SIZE1
Definition coap_pdu.h:147
coap_add_token
int coap_add_token(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Adds token of length len to pdu.
Definition coap_pdu.c:411
COAP_OPTION_LOCATION_QUERY
#define COAP_OPTION_LOCATION_QUERY
Definition coap_pdu.h:139
COAPS_DEFAULT_PORT
#define COAPS_DEFAULT_PORT
Definition coap_pdu.h:40
coap_get_data
int coap_get_data(const coap_pdu_t *pdu, size_t *len, const uint8_t **data)
Retrieves the length and data pointer of specified PDU.
Definition coap_pdu.c:940
COAP_OPTION_RTAG
#define COAP_OPTION_RTAG
Definition coap_pdu.h:150
COAP_OPTION_URI_PORT
#define COAP_OPTION_URI_PORT
Definition coap_pdu.h:126
coap_pdu_init
coap_pdu_t * coap_pdu_init(coap_pdu_type_t type, coap_pdu_code_t code, coap_mid_t mid, size_t size)
Creates a new CoAP PDU with at least enough storage space for the given size maximum message size.
Definition coap_pdu.c:102
COAP_OPTION_ACCEPT
#define COAP_OPTION_ACCEPT
Definition coap_pdu.h:137
COAP_INVALID_MID
#define COAP_INVALID_MID
Indicates an invalid message id.
Definition coap_pdu.h:270
COAP_OPTION_MAXAGE
#define COAP_OPTION_MAXAGE
Definition coap_pdu.h:134
COAP_OPTION_ETAG
#define COAP_OPTION_ETAG
Definition coap_pdu.h:123
COAP_OPTION_PROXY_URI
#define COAP_OPTION_PROXY_URI
Definition coap_pdu.h:145
COAP_OPTION_OBSERVE
#define COAP_OPTION_OBSERVE
Definition coap_pdu.h:125
COAP_OPTION_ECHO
#define COAP_OPTION_ECHO
Definition coap_pdu.h:148
coap_add_data
int coap_add_data(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Adds given data to the pdu that is passed as first parameter.
Definition coap_pdu.c:909
coap_pdu_get_token
coap_bin_const_t coap_pdu_get_token(const coap_pdu_t *pdu)
Gets the token associated with pdu.
Definition coap_pdu.c:1712
COAP_BOOL_FALSE
@ COAP_BOOL_FALSE
Definition coap_pdu.h:378
COAP_REQUEST_CODE_POST
@ COAP_REQUEST_CODE_POST
Definition coap_pdu.h:335
COAP_REQUEST_CODE_FETCH
@ COAP_REQUEST_CODE_FETCH
Definition coap_pdu.h:338
COAP_MESSAGE_NON
@ COAP_MESSAGE_NON
Definition coap_pdu.h:72
COAP_MESSAGE_ACK
@ COAP_MESSAGE_ACK
Definition coap_pdu.h:73
COAP_MESSAGE_CON
@ COAP_MESSAGE_CON
Definition coap_pdu.h:71
coap_new_client_session_pki3_lkd
coap_session_t * coap_new_client_session_pki3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *setup_data, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PKI credentials along with app_data infor...
coap_new_client_session_psk3_lkd
coap_session_t * coap_new_client_session_psk3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *setup_data, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PSK credentials along with app_data infor...
coap_session_release_lkd
void coap_session_release_lkd(coap_session_t *session)
Decrement reference counter on a session.
Definition coap_session.c:378
coap_new_client_session3_lkd
coap_session_t * coap_new_client_session3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PSK credentials along with app_data infor...
COAP_OSCORE_B_2_NONE
@ COAP_OSCORE_B_2_NONE
Definition coap_session_internal.h:52
COAP_OSCORE_B_2_STEP_3
@ COAP_OSCORE_B_2_STEP_3
Definition coap_session_internal.h:55
COAP_OSCORE_B_2_STEP_1
@ COAP_OSCORE_B_2_STEP_1
Definition coap_session_internal.h:53
COAP_OSCORE_B_2_STEP_4
@ COAP_OSCORE_B_2_STEP_4
Definition coap_session_internal.h:56
COAP_OSCORE_B_2_STEP_5
@ COAP_OSCORE_B_2_STEP_5
Definition coap_session_internal.h:57
COAP_OSCORE_B_2_STEP_2
@ COAP_OSCORE_B_2_STEP_2
Definition coap_session_internal.h:54
COAP_PROTO_NOT_RELIABLE
#define COAP_PROTO_NOT_RELIABLE(p)
Definition coap_session.h:41
coap_app_data_free_callback_t
void(* coap_app_data_free_callback_t)(void *data)
Callback to free off the app data when the entry is being deleted / freed off.
Definition coap_session.h:124
coap_delete_bin_const
void coap_delete_bin_const(coap_bin_const_t *s)
Deletes the given const binary data and releases any memory allocated.
Definition coap_str.c:130
coap_delete_str_const
void coap_delete_str_const(coap_str_const_t *s)
Deletes the given const string and releases any memory allocated.
Definition coap_str.c:65
coap_new_binary
coap_binary_t * coap_new_binary(size_t size)
Returns a new binary object with at least size bytes storage allocated.
Definition coap_str.c:81
coap_make_str_const
coap_str_const_t * coap_make_str_const(const char *string)
Take the specified byte array (text) and create a coap_str_const_t *.
Definition coap_str.c:70
coap_new_bin_const
coap_bin_const_t * coap_new_bin_const(const uint8_t *data, size_t size)
Take the specified byte array (text) and create a coap_bin_const_t * Returns a new const binary objec...
Definition coap_str.c:119
coap_delete_binary
void coap_delete_binary(coap_binary_t *s)
Deletes the given coap_binary_t object and releases any memory allocated.
Definition coap_str.c:114
coap_binary_equal
#define coap_binary_equal(binary1, binary2)
Compares the two binary data for equality.
Definition coap_str.h:222
coap_string_equal
#define coap_string_equal(string1, string2)
Compares the two strings for equality.
Definition coap_str.h:208
coap_new_str_const
coap_str_const_t * coap_new_str_const(const uint8_t *data, size_t size)
Returns a new const string object with at least size+1 bytes storage allocated, and the provided data...
Definition coap_str.c:55
coap_oscore_is_supported
int coap_oscore_is_supported(void)
Check whether OSCORE is available.
Definition coap_oscore.c:2845
coap_query_into_optlist
int coap_query_into_optlist(const uint8_t *s, size_t length, coap_option_num_t optnum, coap_optlist_t **optlist_chain)
Splits the given URI query into '&' separate segments, and then adds the Uri-Query / Location-Query o...
Definition coap_uri.c:985
coap_path_into_optlist
int coap_path_into_optlist(const uint8_t *s, size_t length, coap_option_num_t optnum, coap_optlist_t **optlist_chain)
Splits the given URI path into '/' separate segments, and then adds the Uri-Path / Location-Path opti...
Definition coap_uri.c:865
coap_split_proxy_uri
int coap_split_proxy_uri(const uint8_t *str_var, size_t len, coap_uri_t *uri)
Parses a given string into URI components.
Definition coap_uri.c:351
coap_uri_scheme
coap_uri_info_t coap_uri_scheme[COAP_URI_SCHEME_LAST]
Definition coap_uri.c:59
coap_address_t
Multi-purpose address abstraction.
Definition coap_address.h:185
coap_bin_const_t
CoAP binary data definition with const data.
Definition coap_str.h:65
coap_bin_const_t::length
size_t length
length of binary data
Definition coap_str.h:66
coap_bin_const_t::s
const uint8_t * s
read-only binary data
Definition coap_str.h:67
coap_binary_t
CoAP binary data definition.
Definition coap_str.h:57
coap_binary_t::length
size_t length
length of binary data
Definition coap_str.h:58
coap_binary_t::s
uint8_t * s
binary data
Definition coap_str.h:59
coap_context_t
The CoAP stack's global state is stored in a coap_context_t object.
Definition coap_net_internal.h:55
coap_dtls_cpsk_t
The structure used for defining the Client PSK setup data to be used.
Definition coap_dtls.h:414
coap_dtls_pki_t
The structure used for defining the PKI setup data to be used.
Definition coap_dtls.h:316
coap_opt_iterator_t
Iterator to run through PDU options.
Definition coap_option.h:185
coap_opt_iterator_t::next_option
coap_opt_t * next_option
pointer to the unparsed next option
Definition coap_option.h:190
coap_opt_iterator_t::length
size_t length
remaining length of PDU
Definition coap_option.h:186
coap_opt_iterator_t::number
coap_option_num_t number
decoded option number
Definition coap_option.h:187
coap_optlist_t
Representation of chained list of CoAP options to install.
Definition coap_option.h:342
coap_oscore_conf_t
The structure used to hold the OSCORE configuration information.
Definition coap_oscore_internal.h:62
coap_oscore_conf_t::save_seq_num_func_param
void * save_seq_num_func_param
Passed to save_seq_num_func()
Definition coap_oscore_internal.h:83
coap_oscore_conf_t::rfc8613_b_2
uint32_t rfc8613_b_2
1 if rfc8613 B.2 protocol else 0
Definition coap_oscore_internal.h:74
coap_oscore_conf_t::hkdf_alg
cose_hkdf_alg_t hkdf_alg
Set to one of COSE_HKDF_ALG_*.
Definition coap_oscore_internal.h:72
coap_oscore_conf_t::break_sender_key
uint32_t break_sender_key
1 if sender key to be broken, else 0
Definition coap_oscore_internal.h:77
coap_oscore_conf_t::sender
coap_oscore_snd_conf_t * sender
The sender - i.e.
Definition coap_oscore_internal.h:66
coap_oscore_conf_t::recipient_chain
coap_oscore_rcp_conf_t * recipient_chain
The recipients as a chain.
Definition coap_oscore_internal.h:67
coap_oscore_conf_t::ssn_freq
uint32_t ssn_freq
Sender Seq Num update frequency.
Definition coap_oscore_internal.h:70
coap_oscore_conf_t::save_seq_num_func
coap_oscore_save_seq_num_t save_seq_num_func
Called every seq num change.
Definition coap_oscore_internal.h:81
coap_oscore_conf_t::rfc8613_b_1_2
uint32_t rfc8613_b_1_2
1 if rfc8613 B.1.2 enabled else 0
Definition coap_oscore_internal.h:73
coap_oscore_conf_t::start_seq_num
uint64_t start_seq_num
Used for ssn_freq updating.
Definition coap_oscore_internal.h:84
coap_oscore_conf_t::break_recipient_key
uint32_t break_recipient_key
1 if recipient key to be broken, else 0
Definition coap_oscore_internal.h:78
coap_oscore_conf_t::master_secret
coap_bin_const_t * master_secret
Common Master Secret.
Definition coap_oscore_internal.h:63
coap_oscore_conf_t::aead_alg
cose_alg_t aead_alg
Set to one of COSE_ALGORITHM_AES*.
Definition coap_oscore_internal.h:71
coap_oscore_conf_t::master_salt
coap_bin_const_t * master_salt
Common Master Salt.
Definition coap_oscore_internal.h:64
coap_oscore_conf_t::replay_window
uint32_t replay_window
Replay window size Use COAP_OSCORE_DEFAULT_REPLAY_WINDOW.
Definition coap_oscore_internal.h:68
coap_oscore_conf_t::id_context
coap_bin_const_t * id_context
Common ID context.
Definition coap_oscore_internal.h:65
coap_oscore_rcp_conf_t
The structure used to hold the OSCORE Recipient configuration.
Definition coap_oscore_internal.h:45
coap_oscore_rcp_conf_t::recipient_id
coap_bin_const_t * recipient_id
Recipient ID (i.e.
Definition coap_oscore_internal.h:48
coap_oscore_rcp_conf_t::last_seq
uint64_t last_seq
Highest sequence number used for this recipient.
Definition coap_oscore_internal.h:55
coap_oscore_rcp_conf_t::window_initialized
uint8_t window_initialized
Contains if the sliding window is initialized 1 if initialized, 0 otherwise.
Definition coap_oscore_internal.h:53
coap_oscore_rcp_conf_t::next_recipient
struct coap_oscore_rcp_conf_t * next_recipient
Used to maintain the chain.
Definition coap_oscore_internal.h:46
coap_oscore_rcp_conf_t::sliding_window
uint64_t sliding_window
bitfield sequence counter window
Definition coap_oscore_internal.h:56
coap_oscore_snd_conf_t
The structure used to hold the OSCORE Sender configuration information.
Definition coap_oscore_internal.h:38
coap_oscore_snd_conf_t::sender_id
coap_bin_const_t * sender_id
Sender ID (i.e.
Definition coap_oscore_internal.h:39
coap_pdu_t
structure for CoAP PDUs
Definition coap_pdu_internal.h:132
coap_pdu_t::max_hdr_size
uint8_t max_hdr_size
space reserved for protocol-specific header
Definition coap_pdu_internal.h:139
coap_pdu_t::token
uint8_t * token
first byte of token (or extended length bytes prefix), if any, or options
Definition coap_pdu_internal.h:154
coap_pdu_t::code
coap_pdu_code_t code
request method (value 1–31) or response code (value 64-255)
Definition coap_pdu_internal.h:135
coap_pdu_t::actual_token
coap_bin_const_t actual_token
Actual token in pdu.
Definition coap_pdu_internal.h:147
coap_pdu_t::data
uint8_t * data
first byte of payload, if any
Definition coap_pdu_internal.h:156
coap_pdu_t::mid
coap_mid_t mid
message id, if any, in regular host byte order
Definition coap_pdu_internal.h:137
coap_pdu_t::e_token_length
uint32_t e_token_length
length of Token space (includes leading extended bytes
Definition coap_pdu_internal.h:144
coap_pdu_t::used_size
size_t used_size
used bytes of storage for token, options and payload
Definition coap_pdu_internal.h:150
coap_pdu_t::type
coap_pdu_type_t type
message type
Definition coap_pdu_internal.h:134
coap_session_t
Abstraction of virtual session that can be attached to coap_context_t (client) or coap_endpoint_t (se...
Definition coap_session_internal.h:77
coap_session_t::block_mode
uint32_t block_mode
Zero or more COAP_BLOCK_ or'd options.
Definition coap_session_internal.h:196
coap_session_t::proto
coap_proto_t proto
protocol used
Definition coap_session_internal.h:78
coap_session_t::ref
unsigned ref
reference count from queues
Definition coap_session_internal.h:82
coap_session_t::con_active
uint8_t con_active
Active CON request sent.
Definition coap_session_internal.h:106
coap_session_t::context
coap_context_t * context
session's context
Definition coap_session_internal.h:102
coap_str_const_t
CoAP string data definition with const data.
Definition coap_str.h:47
coap_str_const_t::s
const uint8_t * s
read-only string data
Definition coap_str.h:49
coap_str_const_t::length
size_t length
length of string
Definition coap_str.h:48
coap_uri_info_t::name
const char * name
scheme name
Definition coap_uri_internal.h:32
coap_uri_t
Representation of parsed URI.
Definition coap_uri.h:70
coap_uri_t::scheme
enum coap_uri_scheme_t scheme
The parsed scheme specifier.
Definition coap_uri.h:82
coap_uri_t::path
coap_str_const_t path
The complete path if present or {0, NULL}.
Definition coap_uri.h:73
coap_uri_t::port
uint16_t port
The port in host byte order.
Definition coap_uri.h:72
coap_uri_t::query
coap_str_const_t query
The complete query if present or {0, NULL}.
Definition coap_uri.h:77
coap_uri_t::host
coap_str_const_t host
The host part of the URI.
Definition coap_uri.h:71
cose_encrypt0_t
Definition oscore_cose.h:199
cose_encrypt0_t::aad
coap_bin_const_t aad
Definition oscore_cose.h:210
cose_encrypt0_t::key
coap_bin_const_t key
Definition oscore_cose.h:201
cose_encrypt0_t::partial_iv
coap_bin_const_t partial_iv
Definition oscore_cose.h:204
cose_encrypt0_t::kid_context
coap_bin_const_t kid_context
Definition oscore_cose.h:206
cose_encrypt0_t::nonce
coap_bin_const_t nonce
Definition oscore_cose.h:208
cose_encrypt0_t::external_aad
coap_bin_const_t external_aad
Definition oscore_cose.h:209
cose_encrypt0_t::key_id
coap_bin_const_t key_id
Definition oscore_cose.h:205
cose_encrypt0_t::oscore_option
coap_bin_const_t oscore_option
Definition oscore_cose.h:207
cose_encrypt0_t::alg
cose_alg_t alg
Definition oscore_cose.h:200
oscore_association_t
Definition oscore_context.h:152
oscore_association_t::obs_partial_iv
coap_bin_const_t * obs_partial_iv
Definition oscore_context.h:160
oscore_association_t::partial_iv
coap_bin_const_t * partial_iv
Definition oscore_context.h:159
oscore_association_t::sent_pdu
coap_pdu_t * sent_pdu
Definition oscore_context.h:155
oscore_association_t::aad
coap_bin_const_t * aad
Definition oscore_context.h:157
oscore_association_t::nonce
coap_bin_const_t * nonce
Definition oscore_context.h:158
oscore_association_t::recipient_ctx
oscore_recipient_ctx_t * recipient_ctx
Definition oscore_context.h:154
oscore_association_t::is_observe
uint8_t is_observe
Definition oscore_context.h:162
oscore_association_t::just_set_up
uint8_t just_set_up
Definition oscore_context.h:163
oscore_ctx_t
Definition oscore_context.h:86
oscore_ctx_t::rfc8613_b_1_2
uint8_t rfc8613_b_1_2
1 if rfc8613 B.1.2 enabled else 0
Definition oscore_context.h:99
oscore_ctx_t::save_seq_num_func_param
void * save_seq_num_func_param
Passed to save_seq_num_func()
Definition oscore_context.h:107
oscore_ctx_t::sender_context
oscore_sender_ctx_t * sender_context
Definition oscore_context.h:96
oscore_ctx_t::aead_alg
cose_alg_t aead_alg
Set to one of COSE_ALGORITHM_AES*.
Definition oscore_context.h:88
oscore_ctx_t::rfc8613_b_2
uint8_t rfc8613_b_2
1 if rfc8613 B.2 protocol else 0
Definition oscore_context.h:101
oscore_ctx_t::save_seq_num_func
coap_oscore_save_seq_num_t save_seq_num_func
Called every seq num change.
Definition oscore_context.h:105
oscore_ctx_t::recipient_chain
oscore_recipient_ctx_t * recipient_chain
Definition oscore_context.h:97
oscore_ctx_t::id_context
coap_bin_const_t * id_context
contains GID in case of group
Definition oscore_context.h:93
oscore_ctx_t::ssn_freq
uint32_t ssn_freq
Sender Seq Num update frequency.
Definition oscore_context.h:104
oscore_recipient_ctx_t
Definition oscore_context.h:119
oscore_recipient_ctx_t::sliding_window
uint64_t sliding_window
Definition oscore_context.h:129
oscore_recipient_ctx_t::ref
unsigned ref
Reference counter to keep track of linked associations / active sessions.
Definition oscore_context.h:120
oscore_recipient_ctx_t::echo_value
uint8_t echo_value[8]
Definition oscore_context.h:132
oscore_recipient_ctx_t::last_seq
uint64_t last_seq
Definition oscore_context.h:127
oscore_recipient_ctx_t::recipient_key
coap_bin_const_t * recipient_key
Definition oscore_context.h:126
oscore_recipient_ctx_t::recipient_id
coap_bin_const_t * recipient_id
Definition oscore_context.h:125
oscore_recipient_ctx_t::initial_state
uint8_t initial_state
Definition oscore_context.h:133
oscore_recipient_ctx_t::osc_ctx
oscore_ctx_t * osc_ctx
Definition oscore_context.h:123
oscore_sender_ctx_t
Definition oscore_context.h:110
oscore_sender_ctx_t::sender_id
coap_bin_const_t * sender_id
Definition oscore_context.h:112
oscore_sender_ctx_t::seq
uint64_t seq
Sender Sequence Number.
Definition oscore_context.h:114
oscore_sender_ctx_t::sender_key
coap_bin_const_t * sender_key
Definition oscore_context.h:113
oscore_sender_ctx_t::next_seq
uint64_t next_seq
Used for ssn_freq updating.
Definition oscore_context.h:116