libcoap 4.3.5-develop-e59df82
Loading...
Searching...
No Matches
coap_oscore.c
Go to the documentation of this file.
1/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
3/*
4 * coap_oscore.c -- Object Security for Constrained RESTful Environments
5 * (OSCORE) support for libcoap
6 *
7 * Copyright (C) 2019-2021 Olaf Bergmann <bergmann@tzi.org>
8 * Copyright (C) 2021-2026 Jon Shallow <supjps-libcoap@jpshallow.com>
9 *
10 * SPDX-License-Identifier: BSD-2-Clause
11 *
12 * This file is part of the CoAP library libcoap. Please see README for terms
13 * of use.
14 */
15
21#include "coap3/coap_libcoap_build.h"
22
23#if COAP_OSCORE_SUPPORT
24#include <ctype.h>
25
26#define AAD_BUF_LEN 200 /* length of aad_buffer */
27
28static oscore_ctx_t *coap_oscore_init(coap_context_t *c_context,
29 coap_oscore_conf_t *oscore_conf);
30
31#if COAP_CLIENT_SUPPORT
32
33int
34coap_oscore_initiate(coap_session_t *session, coap_oscore_conf_t *oscore_conf) {
35 if (oscore_conf) {
36 oscore_ctx_t *osc_ctx;
37
38 if (oscore_conf->recipient_id_count == 0) {
39 coap_log_warn("OSCORE: Recipient ID must be defined for a client\n");
40 return 0;
41 }
42 if (oscore_conf->rfc8613_b_2) {
43 /* Need to replace id_context with random value */
44 coap_binary_t *id_context = coap_new_binary(8);
45
46 if (id_context == NULL)
47 return 0;
48 coap_delete_bin_const(oscore_conf->id_context);
49 coap_prng_lkd(id_context->s, id_context->length);
50 oscore_conf->id_context = (coap_bin_const_t *)id_context;
51 session->b_2_step = COAP_OSCORE_B_2_STEP_1;
52 coap_log_oscore("Appendix B.2 client step 1 (Generated ID1)\n");
53 }
54
55 osc_ctx = coap_oscore_init(session->context, oscore_conf);
56 if (osc_ctx == NULL) {
57 return 0;
58 }
59 session->recipient_ctx = osc_ctx->recipient_chain;
60 session->oscore_encryption = 1;
61 }
62 return 1;
63}
64
65COAP_API coap_session_t *
66coap_new_client_session_oscore(coap_context_t *ctx,
67 const coap_address_t *local_if,
68 const coap_address_t *server,
69 coap_proto_t proto,
70 coap_oscore_conf_t *oscore_conf) {
71 coap_session_t *session;
72
73 coap_lock_lock(return NULL);
74 session = coap_new_client_session_oscore3_lkd(ctx, local_if, server, proto, oscore_conf, NULL,
75 NULL, NULL);
76 coap_lock_unlock();
77 return session;
78}
79
80COAP_API coap_session_t *
81coap_new_client_session_oscore3(coap_context_t *ctx,
82 const coap_address_t *local_if,
83 const coap_address_t *server,
84 coap_proto_t proto,
85 coap_oscore_conf_t *oscore_conf,
86 void *app_data,
87 coap_app_data_free_callback_t callback,
88 coap_str_const_t *ws_host) {
89 coap_session_t *session;
90
91 coap_lock_lock(return NULL);
92 session = coap_new_client_session_oscore3_lkd(ctx, local_if, server, proto, oscore_conf, app_data,
93 callback, ws_host);
94 coap_lock_unlock();
95 return session;
96}
97
98coap_session_t *
99coap_new_client_session_oscore3_lkd(coap_context_t *ctx,
100 const coap_address_t *local_if,
101 const coap_address_t *server,
102 coap_proto_t proto,
103 coap_oscore_conf_t *oscore_conf,
104 void *app_data,
105 coap_app_data_free_callback_t callback,
106 coap_str_const_t *ws_host) {
107 coap_session_t *session =
108 coap_new_client_session3_lkd(ctx, local_if, server, proto, app_data, callback, ws_host);
109
110 if (!session)
111 return NULL;
112
113 if (coap_oscore_initiate(session, oscore_conf) == 0) {
114 coap_session_release_lkd(session);
115 return NULL;
116 }
117 return session;
118}
119
120COAP_API coap_session_t *
121coap_new_client_session_oscore_psk(coap_context_t *ctx,
122 const coap_address_t *local_if,
123 const coap_address_t *server,
124 coap_proto_t proto,
125 coap_dtls_cpsk_t *psk_data,
126 coap_oscore_conf_t *oscore_conf) {
127 coap_session_t *session;
128
129 coap_lock_lock(return NULL);
130 session = coap_new_client_session_oscore_psk3_lkd(ctx, local_if, server, proto, psk_data,
131 oscore_conf, NULL, NULL, NULL);
132 coap_lock_unlock();
133 return session;
134}
135
136COAP_API coap_session_t *
137coap_new_client_session_oscore_psk3(coap_context_t *ctx,
138 const coap_address_t *local_if,
139 const coap_address_t *server,
140 coap_proto_t proto,
141 coap_dtls_cpsk_t *psk_data,
142 coap_oscore_conf_t *oscore_conf,
143 void *app_data,
144 coap_app_data_free_callback_t callback,
145 coap_str_const_t *ws_host) {
146 coap_session_t *session;
147
148 coap_lock_lock(return NULL);
149 session = coap_new_client_session_oscore_psk3_lkd(ctx, local_if, server, proto, psk_data,
150 oscore_conf, app_data, callback, ws_host);
151 coap_lock_unlock();
152 return session;
153}
154
155coap_session_t *
156coap_new_client_session_oscore_psk3_lkd(coap_context_t *ctx,
157 const coap_address_t *local_if,
158 const coap_address_t *server,
159 coap_proto_t proto,
160 coap_dtls_cpsk_t *psk_data,
161 coap_oscore_conf_t *oscore_conf,
162 void *app_data,
163 coap_app_data_free_callback_t callback,
164 coap_str_const_t *ws_host) {
165 coap_session_t *session;
166
167 coap_lock_check_locked();
168 session = coap_new_client_session_psk3_lkd(ctx, local_if, server, proto, psk_data,
169 app_data, callback, ws_host);
170
171 if (!session)
172 return NULL;
173
174 if (coap_oscore_initiate(session, oscore_conf) == 0) {
175 coap_session_release_lkd(session);
176 return NULL;
177 }
178 return session;
179}
180
181COAP_API coap_session_t *
182coap_new_client_session_oscore_pki(coap_context_t *ctx,
183 const coap_address_t *local_if,
184 const coap_address_t *server,
185 coap_proto_t proto,
186 coap_dtls_pki_t *pki_data,
187 coap_oscore_conf_t *oscore_conf) {
188 coap_session_t *session;
189
190 coap_lock_lock(return NULL);
191 session = coap_new_client_session_oscore_pki3_lkd(ctx, local_if, server, proto, pki_data,
192 oscore_conf, NULL, NULL, NULL);
193 coap_lock_unlock();
194 return session;
195}
196
197COAP_API coap_session_t *
198coap_new_client_session_oscore_pki3(coap_context_t *ctx,
199 const coap_address_t *local_if,
200 const coap_address_t *server,
201 coap_proto_t proto,
202 coap_dtls_pki_t *pki_data,
203 coap_oscore_conf_t *oscore_conf,
204 void *app_data,
205 coap_app_data_free_callback_t callback,
206 coap_str_const_t *ws_host) {
207 coap_session_t *session;
208
209 coap_lock_lock(return NULL);
210 session = coap_new_client_session_oscore_pki3_lkd(ctx, local_if, server, proto, pki_data,
211 oscore_conf, app_data, callback, ws_host);
212 coap_lock_unlock();
213 return session;
214}
215
216coap_session_t *
217coap_new_client_session_oscore_pki3_lkd(coap_context_t *ctx,
218 const coap_address_t *local_if,
219 const coap_address_t *server,
220 coap_proto_t proto,
221 coap_dtls_pki_t *pki_data,
222 coap_oscore_conf_t *oscore_conf,
223 void *app_data,
224 coap_app_data_free_callback_t callback,
225 coap_str_const_t *ws_host) {
226 coap_session_t *session;
227
228 coap_lock_check_locked();
229 session = coap_new_client_session_pki3_lkd(ctx, local_if, server, proto, pki_data,
230 app_data, callback, ws_host);
231
232 if (!session)
233 return NULL;
234
235 if (coap_oscore_initiate(session, oscore_conf) == 0) {
236 coap_session_release_lkd(session);
237 return NULL;
238 }
239 return session;
240}
241#endif /* COAP_CLIENT_SUPPORT */
242#if COAP_SERVER_SUPPORT
243
244COAP_API int
245coap_context_oscore_server(coap_context_t *context,
246 coap_oscore_conf_t *oscore_conf) {
247 int ret;
248
249 coap_lock_lock(return 0);
250 ret = coap_context_oscore_server_lkd(context, oscore_conf);
251 coap_lock_unlock();
252 return ret;
253}
254
255int
256coap_context_oscore_server_lkd(coap_context_t *context,
257 coap_oscore_conf_t *oscore_conf) {
258 oscore_ctx_t *osc_ctx;
259
260 coap_lock_check_locked();
261 osc_ctx = coap_oscore_init(context, oscore_conf);
262 /* osc_ctx already added to context->osc_ctx */
263 if (osc_ctx)
264 return 1;
265 return 0;
266}
267
268#endif /* COAP_SERVER_SUPPORT */
269
270int
271coap_rebuild_pdu_for_proxy(coap_pdu_t *pdu) {
272 coap_uri_t uri;
273 coap_opt_iterator_t opt_iter;
274 coap_opt_t *option;
275 uint8_t option_value_buffer[15];
276 coap_optlist_t *optlist_chain = NULL;
277
278 if ((option =
279 coap_check_option(pdu, COAP_OPTION_PROXY_URI, &opt_iter)) == NULL)
280 return 1;
281
282 /* Need to break down into the component parts, but keep data safe */
283 memset(&uri, 0, sizeof(uri));
284
285 if (coap_split_proxy_uri(coap_opt_value(option),
286 coap_opt_length(option),
287 &uri) < 0 || uri.scheme >= COAP_URI_SCHEME_LAST) {
288 coap_log_warn("Proxy URI '%.*s' not decodable\n",
289 coap_opt_length(option),
290 (const char *)coap_opt_value(option));
291 goto error;
292 }
293 if (!coap_remove_option(pdu, COAP_OPTION_PROXY_URI))
294 goto error;
295
296 if (!coap_insert_option(pdu,
297 COAP_OPTION_URI_HOST,
298 uri.host.length,
299 uri.host.s))
300 goto error;
301 if (uri.port != (coap_uri_scheme_is_secure(&uri) ? COAPS_DEFAULT_PORT : COAP_DEFAULT_PORT) &&
302 !coap_insert_option(pdu,
303 COAP_OPTION_URI_PORT,
304 coap_encode_var_safe(option_value_buffer,
305 sizeof(option_value_buffer),
306 uri.port & 0xffff),
307 option_value_buffer))
308 goto error;
309 if (uri.path.length) {
310 /* Add in the Uri-Path options */
311 if (!coap_path_into_optlist(uri.path.s, uri.path.length, COAP_OPTION_URI_PATH,
312 &optlist_chain))
313 goto error;
314 }
315 if (uri.query.length) {
316 /* Add in the Uri-Query options */
317 if (!coap_query_into_optlist(uri.query.s, uri.query.length, COAP_OPTION_URI_QUERY,
318 &optlist_chain))
319 goto error;
320 }
321 if (!coap_add_optlist_pdu(pdu, &optlist_chain))
322 goto error;
323
324 if (!coap_insert_option(pdu,
325 COAP_OPTION_PROXY_SCHEME,
326 strlen(coap_uri_scheme[uri.scheme].name),
327 (const uint8_t *)coap_uri_scheme[uri.scheme].name))
328 goto error;
329
330 coap_delete_optlist(optlist_chain);
331 return 1;
332
333error:
334 coap_delete_optlist(optlist_chain);
335 return 0;
336}
337
338static void
339dump_cose(cose_encrypt0_t *cose, const char *message) {
340#if COAP_MAX_LOGGING_LEVEL < _COAP_LOG_OSCORE
341 (void)cose;
342 (void)message;
343#else /* COAP_MAX_LOGGING_LEVEL >= _COAP_LOG_OSCORE */
344 if (coap_get_log_level() >= COAP_LOG_OSCORE) {
345 char buffer[30];
346
347 coap_log_oscore("%s Cose information\n", message);
348 oscore_log_char_value(COAP_LOG_OSCORE, "alg",
349 cose_get_alg_name(cose->alg, buffer, sizeof(buffer)));
350 oscore_log_hex_value(COAP_LOG_OSCORE, "key", &cose->key);
351 oscore_log_hex_value(COAP_LOG_OSCORE, "partial_iv", &cose->partial_iv);
352 oscore_log_hex_value(COAP_LOG_OSCORE, "key_id", &cose->key_id);
353 oscore_log_hex_value(COAP_LOG_OSCORE, "kid_context", &cose->kid_context);
354 oscore_log_hex_value(COAP_LOG_OSCORE,
355 "oscore_option",
356 &cose->oscore_option);
357 oscore_log_hex_value(COAP_LOG_OSCORE, "nonce", &cose->nonce);
358 oscore_log_hex_value(COAP_LOG_OSCORE, "external_aad", &cose->external_aad);
359 oscore_log_hex_value(COAP_LOG_OSCORE, "aad", &cose->aad);
360 }
361#endif /* COAP_MAX_LOGGING_LEVEL >= _COAP_LOG_OSCORE */
362}
363
364COAP_API coap_pdu_t *
365coap_oscore_new_pdu_encrypted(coap_session_t *session,
366 coap_pdu_t *pdu,
367 coap_bin_const_t *kid_context,
368 oscore_partial_iv_t send_partial_iv) {
369 coap_pdu_t *ret_pdu;
370
371 coap_lock_lock(return NULL);
372 ret_pdu = coap_oscore_new_pdu_encrypted_lkd(session, pdu, kid_context, send_partial_iv);
373 coap_lock_unlock();
374
375 return ret_pdu;
376}
377
378/*
379 * Take current PDU, create a new one approriately separated as per RFC8613
380 * and then encrypt / integrity check the OSCORE data
381 */
382coap_pdu_t *
383coap_oscore_new_pdu_encrypted_lkd(coap_session_t *session,
384 coap_pdu_t *pdu,
385 coap_bin_const_t *kid_context,
386 oscore_partial_iv_t send_partial_iv) {
387 uint8_t coap_request = COAP_PDU_IS_REQUEST(pdu) || COAP_PDU_IS_PING(pdu);
388 coap_pdu_code_t code =
389 coap_request ? COAP_REQUEST_CODE_POST : COAP_RESPONSE_CODE(204);
390 coap_pdu_t *osc_pdu;
391 coap_pdu_t *plain_pdu = NULL;
392 coap_bin_const_t pdu_token;
393 coap_opt_iterator_t opt_iter;
394 coap_opt_t *option;
395 uint8_t pdu_code = pdu->code;
396 size_t length;
397 const uint8_t *data;
398 uint8_t *ciphertext_buffer = NULL;
399 size_t ciphertext_len = 0;
400 uint8_t aad_buffer[AAD_BUF_LEN];
401 uint8_t nonce_buffer[13];
402 coap_bin_const_t aad;
403 coap_bin_const_t nonce;
404 oscore_recipient_ctx_t *rcp_ctx;
405 oscore_ctx_t *osc_ctx;
406 cose_encrypt0_t cose[1];
407 uint8_t group_flag = 0;
408 int show_pdu = 0;
409 int doing_observe = 0;
410 uint32_t observe_value = 0;
411 oscore_association_t *association = NULL;
412 oscore_sender_ctx_t *snd_ctx;
413 uint8_t external_aad_buffer[200];
414 coap_bin_const_t external_aad;
415 uint8_t oscore_option[48];
416 size_t oscore_option_len;
417
418 /* Check that OSCORE has not already been done */
419 if (coap_check_option(pdu, COAP_OPTION_OSCORE, &opt_iter))
420 return NULL;
421
422 if (coap_check_option(pdu, COAP_OPTION_OBSERVE, &opt_iter))
423 doing_observe = 1;
424
425 coap_log_debug("PDU to encrypt\n");
426 coap_show_pdu(COAP_LOG_DEBUG, pdu);
427 osc_pdu = coap_pdu_init(pdu->type == COAP_MESSAGE_NON &&
428 session->b_2_step != COAP_OSCORE_B_2_NONE ?
429 COAP_MESSAGE_CON : pdu->type,
430 code,
431 pdu->mid,
432 pdu->used_size + coap_oscore_overhead(session, pdu));
433 if (osc_pdu == NULL)
434 return NULL;
435
436 cose_encrypt0_init(cose); /* clears cose memory */
437 pdu_token = coap_pdu_get_token(pdu);
438 if (coap_request) {
439 /*
440 * RFC8613 8.1 Step 1. Protecting the client's request
441 * Get the Sender Context
442 */
443 rcp_ctx = session->recipient_ctx;
444 if (rcp_ctx == NULL)
445 goto error;
446 osc_ctx = rcp_ctx->osc_ctx;
447 assert(osc_ctx);
448 snd_ctx = osc_ctx->sender_context;
449 } else {
450 /*
451 * RFC8613 8.3 Step 1. Protecting the server's response
452 * Get the Sender Context
453 */
454 association = oscore_find_association(session, &pdu_token);
455 if (association == NULL)
456 goto error;
457
458 rcp_ctx = association->recipient_ctx;
459 osc_ctx = rcp_ctx->osc_ctx;
460 snd_ctx = osc_ctx->sender_context;
461 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
462 cose_encrypt0_set_aad(cose, association->aad);
463 }
464
465 cose_encrypt0_set_alg(cose, osc_ctx->aead_alg);
466
467 if (coap_request || doing_observe ||
468 send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
469 uint8_t partial_iv_buffer[8];
470 size_t partial_iv_len;
471 coap_bin_const_t partial_iv;
472 partial_iv_len = coap_encode_var_safe8(partial_iv_buffer,
473 sizeof(partial_iv_buffer),
474 snd_ctx->seq);
475 if (snd_ctx->seq == 0) {
476 /* Need to special case */
477 partial_iv_buffer[0] = '\000';
478 partial_iv_len = 1;
479 }
480 partial_iv.s = partial_iv_buffer;
481 partial_iv.length = partial_iv_len;
482 cose_encrypt0_set_partial_iv(cose, &partial_iv);
483 }
484
485 if (coap_request)
486 cose_encrypt0_set_kid_context(cose, osc_ctx->id_context);
487
488 cose_encrypt0_set_key_id(cose, snd_ctx->sender_id);
489
490 /* nonce (needs to have sender information correctly set up) */
491
492 if (coap_request || doing_observe ||
493 send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
494 /*
495 * 8.1 Step 3 or RFC8613 8.3.1 Step A
496 * Compose the AEAD nonce
497 *
498 * Requires in COSE object as appropriate
499 * key_id (kid) (sender)
500 * partial_iv (sender)
501 * common_iv (already in osc_ctx)
502 */
503 nonce.s = nonce_buffer;
504 nonce.length = 13;
505 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
506 cose_encrypt0_set_nonce(cose, &nonce);
507 if (!oscore_increment_sender_seq(osc_ctx))
508 goto error;
509 if (osc_ctx->save_seq_num_func) {
510 if (osc_ctx->sender_context->seq > osc_ctx->sender_context->next_seq) {
511 /* Only update at ssn_freq rate */
512 osc_ctx->sender_context->next_seq += osc_ctx->ssn_freq;
513 osc_ctx->save_seq_num_func(osc_ctx->sender_context->next_seq,
514 osc_ctx->save_seq_num_func_param);
515 }
516 }
517 } else {
518 /*
519 * 8.3 Step 3.
520 * Use nonce from request
521 */
522 cose_encrypt0_set_nonce(cose, association->nonce);
523 }
524
525 /* OSCORE_option (needs to be before AAD as included in AAD if group) */
526
527 /* cose is modified for encode option in response message */
528 if (!coap_request) {
529 /* no kid on response */
530 cose_encrypt0_set_key_id(cose, NULL);
531 if (!doing_observe && send_partial_iv == OSCORE_SEND_NO_IV)
532 cose_encrypt0_set_partial_iv(cose, NULL);
533 }
534 if (kid_context) {
535 cose_encrypt0_set_kid_context(cose, kid_context);
536 }
537 oscore_option_len =
538 oscore_encode_option_value(oscore_option, sizeof(oscore_option), cose,
539 group_flag,
540 session->b_2_step != COAP_OSCORE_B_2_NONE);
541 if (!coap_request) {
542 /* Reset what was just unset as appropriate for AAD */
543 cose_encrypt0_set_key_id(cose, rcp_ctx->recipient_id);
544 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
545 }
546 if (kid_context)
547 cose_encrypt0_set_kid_context(cose, osc_ctx->id_context);
548
549 /*
550 * RFC8613 8.1/8.3 Step 2(a) (5.4).
551 * Compose the External AAD and then AAD
552 *
553 * OSCORE_option requires
554 * partial_iv (cose partial_iv)
555 * kid_context (cose kid_context)
556 * key_id (cose key_id)
557 * group_flag
558 *
559 * Non Group (based on osc_tx->mode) requires the following
560 * aead_alg (osc_ctx)
561 * request_kid (request key_id using cose)
562 * request_piv (request partial_iv using cose)
563 * options (none at present)
564 * Group (based on osc_tx->mode) requires the following
565 * aead_alg (osc_ctx) (pairwise mode)
566 * sign_enc_alg (osc_ctx) (group mode)
567 * sign_alg (osc_ctx) (group mode)
568 * alg_pairwise_key_agreement (osc_ctx) (pairwise mode)
569 * request_kid (request key_id using cose)
570 * request_piv (request partial_iv using cose)
571 * options (none at present)
572 * request_kid_context (osc_ctx id_context)
573 * OSCORE_option (parameter)
574 * test_gs_public_key (osc_ctx sender_context public_key)
575 * gm_public_key (osc_ctx gm_public_key)
576 *
577 * Note: No I options at present
578 */
579 if (coap_request || osc_ctx->mode != OSCORE_MODE_SINGLE ||
580 send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
581 /* External AAD */
582 external_aad.s = external_aad_buffer;
583 external_aad.length = oscore_prepare_e_aad(osc_ctx,
584 cose,
585 NULL,
586 0,
587 NULL,
588 external_aad_buffer,
589 sizeof(external_aad_buffer));
590 cose_encrypt0_set_external_aad(cose, &external_aad);
591
592 /* AAD */
593 aad.s = aad_buffer;
594 aad.length = oscore_prepare_aad(external_aad_buffer,
595 external_aad.length,
596 aad_buffer,
597 sizeof(aad_buffer));
598 assert(aad.length < AAD_BUF_LEN);
599 cose_encrypt0_set_aad(cose, &aad);
600 }
601
602 /*
603 * RFC8613 8.1/8.3 Step 2(b) (5.3).
604 *
605 * Set up temp plaintext pdu, the data including token, options and
606 * optional payload will get encrypted as COSE ciphertext.
607 */
608 plain_pdu = coap_pdu_init(pdu->type,
609 pdu->code,
610 pdu->mid,
611 pdu->used_size + 1 /* pseudo-token with actual code */);
612 if (plain_pdu == NULL)
613 goto error;
614
615 coap_add_token(osc_pdu, pdu_token.length, pdu_token.s);
616
617 /* First byte of plain is real CoAP code. Pretend it is token */
618 coap_add_token(plain_pdu, 1, &pdu_code);
619
620 /* Copy across the Outer/Inner Options to respective PDUs */
621 coap_option_iterator_init(pdu, &opt_iter, COAP_OPT_ALL);
622 while ((option = coap_option_next(&opt_iter))) {
623 switch (opt_iter.number) {
624 case COAP_OPTION_URI_HOST:
625 case COAP_OPTION_URI_PORT:
626 case COAP_OPTION_PROXY_SCHEME:
627 case COAP_OPTION_HOP_LIMIT:
628 /* Outer only */
629 if (!coap_insert_option(osc_pdu,
630 opt_iter.number,
631 coap_opt_length(option),
632 coap_opt_value(option)))
633 goto error;
634 break;
635 case COAP_OPTION_OBSERVE:
636 /* Make as Outer option as-is */
637 if (!coap_insert_option(osc_pdu,
638 opt_iter.number,
639 coap_opt_length(option),
640 coap_opt_value(option)))
641 goto error;
642 if (coap_request) {
643 /* Make as Inner option (unchanged) */
644 if (!coap_insert_option(plain_pdu,
645 opt_iter.number,
646 coap_opt_length(option),
647 coap_opt_value(option)))
648 goto error;
649 osc_pdu->code = COAP_REQUEST_CODE_FETCH;
650 } else {
651 /* Make as Inner option but empty */
652 if (!coap_insert_option(plain_pdu, opt_iter.number, 0, NULL))
653 goto error;
654 osc_pdu->code = COAP_RESPONSE_CODE(205);
655 }
656 show_pdu = 1;
657 doing_observe = 1;
658 observe_value = coap_decode_var_bytes(coap_opt_value(option),
659 coap_opt_length(option));
660 break;
661 case COAP_OPTION_PROXY_URI:
662 /*
663 * Should have already been caught by doing
664 * coap_rebuild_pdu_for_proxy() before calling
665 * coap_oscore_new_pdu_encrypted_lkd()
666 */
667 assert(0);
668 break;
669 default:
670 /* Make as Inner option */
671 if (!coap_insert_option(plain_pdu,
672 opt_iter.number,
673 coap_opt_length(option),
674 coap_opt_value(option)))
675 goto error;
676 break;
677 }
678 }
679 /* Add in data to plain */
680 if (coap_get_data(pdu, &length, &data)) {
681 if (!coap_add_data(plain_pdu, length, data))
682 goto error;
683 }
684 if (show_pdu) {
685 coap_log_oscore("OSCORE payload\n");
686 coap_show_pdu(COAP_LOG_OSCORE, plain_pdu);
687 }
688
689 /*
690 * 8.1/8.3 Step 4.
691 * Encrypt the COSE object.
692 *
693 * Requires in COSE object as appropriate
694 * alg (already set)
695 * key (sender key)
696 * nonce (already set)
697 * aad (already set)
698 * plaintext
699 */
700 cose_encrypt0_set_key(cose, snd_ctx->sender_key);
701 cose_encrypt0_set_plaintext(cose, plain_pdu->token, plain_pdu->used_size);
702 dump_cose(cose, "Pre encrypt");
703 ciphertext_buffer =
704 coap_malloc_type(COAP_OSCORE_BUF, OSCORE_CRYPTO_BUFFER_SIZE);
705 if (ciphertext_buffer == NULL)
706 goto error;
707 ciphertext_len = cose_encrypt0_encrypt(cose,
708 ciphertext_buffer,
709 plain_pdu->used_size + AES_CCM_TAG);
710 if ((int)ciphertext_len <= 0) {
711 coap_log_warn("OSCORE: Encryption Failure, result code: %d \n",
712 (int)ciphertext_len);
713 goto error;
714 }
715 assert(ciphertext_len < OSCORE_CRYPTO_BUFFER_SIZE);
716
717 /* Add in OSCORE option (previously computed) */
718 if (!coap_insert_option(osc_pdu,
719 COAP_OPTION_OSCORE,
720 oscore_option_len,
721 oscore_option))
722 goto error;
723
724 /* Add now encrypted payload */
725 if (!coap_add_data(osc_pdu, ciphertext_len, ciphertext_buffer))
726 goto error;
727
728 coap_free_type(COAP_OSCORE_BUF, ciphertext_buffer);
729 ciphertext_buffer = NULL;
730
731 coap_delete_pdu_lkd(plain_pdu);
732 plain_pdu = NULL;
733
734 if (association && association->is_observe == 0)
735 oscore_delete_association(session, association);
736 association = NULL;
737
738 if (!(session->block_mode & COAP_BLOCK_CACHE_RESPONSE)) {
739 /*
740 * If this is a response ACK with data, make it a separate response
741 * by sending an Empty ACK and changing osc_pdu's MID and type. This
742 * then allows lost response ACK (now CON) with data to be recovered.
743 */
744 if (coap_request == 0 && osc_pdu->type == COAP_MESSAGE_ACK &&
745 COAP_RESPONSE_CLASS(pdu->code) == 2 &&
746 COAP_PROTO_NOT_RELIABLE(session->proto)) {
747 coap_pdu_t *empty = coap_pdu_init(COAP_MESSAGE_ACK,
748 0,
749 osc_pdu->mid,
750 0);
751 if (empty) {
752 if (coap_send_internal(session, empty, NULL) != COAP_INVALID_MID) {
753 osc_pdu->mid = coap_new_message_id_lkd(session);
754 osc_pdu->type = COAP_MESSAGE_CON;
755 }
756 }
757 }
758 }
759
760 if (!coap_pdu_encode_header(osc_pdu, session->proto)) {
761 goto error;
762 }
763
764 /*
765 * Set up an association for handling a response if this is a request
766 */
767 if (coap_request) {
768 association = oscore_find_association(session, &pdu_token);
769 if (association) {
770 /* Refresh the association */
771 coap_delete_bin_const(association->nonce);
772 association->nonce =
773 coap_new_bin_const(cose->nonce.s, cose->nonce.length);
774 if (association->nonce == NULL)
775 goto error;
776 coap_delete_bin_const(association->aad);
777 association->aad = coap_new_bin_const(cose->aad.s, cose->aad.length);
778 if (association->aad == NULL)
779 goto error;
780 if (doing_observe && observe_value == 1) {
781 coap_delete_bin_const(association->obs_partial_iv);
782 association->obs_partial_iv = association->partial_iv;
783 } else {
784 coap_delete_bin_const(association->partial_iv);
785 }
786 association->partial_iv =
787 coap_new_bin_const(cose->partial_iv.s, cose->partial_iv.length);
788 if (association->partial_iv == NULL)
789 goto error;
790 association->recipient_ctx = rcp_ctx;
791 coap_delete_pdu_lkd(association->sent_pdu);
792 if (session->b_2_step != COAP_OSCORE_B_2_NONE || association->just_set_up) {
793 size_t size;
794
795 association->sent_pdu = coap_pdu_duplicate_lkd(pdu, session,
796 pdu_token.length,
797 pdu_token.s, NULL);
798 if (association->sent_pdu == NULL)
799 goto error;
800 if (coap_get_data(pdu, &size, &data)) {
801 coap_add_data(association->sent_pdu, size, data);
802 }
803 association->just_set_up = 0;
804 } else {
805 association->sent_pdu = NULL;
806 }
807 } else if (!oscore_new_association(session,
808 pdu,
809 &pdu_token,
810 rcp_ctx,
811 &cose->aad,
812 &cose->nonce,
813 &cose->partial_iv,
814 doing_observe)) {
815 goto error;
816 }
817 }
818 return osc_pdu;
819
820error:
821 if (ciphertext_buffer)
822 coap_free_type(COAP_OSCORE_BUF, ciphertext_buffer);
823 coap_delete_pdu_lkd(osc_pdu);
824 coap_delete_pdu_lkd(plain_pdu);
825 return NULL;
826}
827
828static void
829build_and_send_error_pdu(coap_session_t *session,
830 coap_pdu_t *rcvd,
831 coap_pdu_code_t code,
832 const char *diagnostic,
833 uint8_t *echo_data,
834 coap_bin_const_t *kid_context,
835 int encrypt_oscore) {
836 coap_pdu_t *err_pdu = NULL;
837 coap_bin_const_t token;
838 int oscore_encryption = session->oscore_encryption;
839 unsigned char buf[4];
840
841 token = coap_pdu_get_token(rcvd);
842 err_pdu = coap_pdu_init(rcvd->type == COAP_MESSAGE_NON ? COAP_MESSAGE_NON :
843 COAP_MESSAGE_ACK,
844 code,
845 rcvd->mid,
846 token.length + 2 + 8 +
847 (diagnostic ? strlen(diagnostic) : 0));
848 if (!err_pdu)
849 return;
850 coap_add_token(err_pdu, token.length, token.s);
851 if (echo_data) {
852 coap_add_option_internal(err_pdu, COAP_OPTION_ECHO, 8, echo_data);
853 } else if (kid_context == NULL) {
854 coap_add_option_internal(err_pdu,
855 COAP_OPTION_MAXAGE,
856 coap_encode_var_safe(buf, sizeof(buf), 0),
857 buf);
858 }
859 if (diagnostic)
860 coap_add_data(err_pdu, strlen(diagnostic), (const uint8_t *)diagnostic);
861 session->oscore_encryption = encrypt_oscore;
862
863 if ((echo_data || kid_context) && encrypt_oscore) {
864 coap_pdu_t *osc_pdu;
865
866 osc_pdu =
867 coap_oscore_new_pdu_encrypted_lkd(session, err_pdu, kid_context,
868 echo_data ? 1 : 0);
869 if (!osc_pdu)
870 goto fail_resp;
871 session->oscore_encryption = 0;
872 coap_send_internal(session, osc_pdu, NULL);
873 coap_delete_pdu_lkd(err_pdu);
874 err_pdu = NULL;
875 } else {
876 coap_send_internal(session, err_pdu, NULL);
877 err_pdu = NULL;
878 }
879fail_resp:
880 session->oscore_encryption = oscore_encryption;
881 coap_delete_pdu_lkd(err_pdu);
882 return;
883}
884
885/* pdu contains incoming message with encrypted COSE ciphertext payload
886 * function returns decrypted message
887 * and verifies signature, if present
888 * returns NULL when decryption,verification fails
889 */
890coap_pdu_t *
891coap_oscore_decrypt_pdu(coap_session_t *session,
892 coap_pdu_t *pdu) {
893 coap_pdu_t *decrypt_pdu = NULL;
894 coap_pdu_t *plain_pdu = NULL;
895 const uint8_t *osc_value; /* value of OSCORE option */
896 uint8_t osc_size; /* size of OSCORE OPTION */
897 coap_opt_iterator_t opt_iter;
898 coap_opt_t *opt = NULL;
899 cose_encrypt0_t cose[1];
900 oscore_ctx_t *osc_ctx = NULL;
901 uint8_t aad_buffer[AAD_BUF_LEN];
902 uint8_t nonce_buffer[13];
903 coap_bin_const_t aad;
904 coap_bin_const_t nonce;
905 int pltxt_size = 0;
906 int got_resp_piv = 0;
907 int doing_resp_observe = 0;
908 uint8_t coap_request = COAP_PDU_IS_REQUEST(pdu);
909 coap_bin_const_t pdu_token;
910 uint8_t *st_encrypt;
911 size_t encrypt_len;
912 size_t tag_len;
913 oscore_recipient_ctx_t *rcp_ctx = NULL;
914 oscore_association_t *association = NULL;
915 uint8_t external_aad_buffer[100];
916 coap_bin_const_t external_aad;
917 oscore_sender_ctx_t *snd_ctx = NULL;
918#if COAP_CLIENT_SUPPORT
919 coap_pdu_t *sent_pdu = NULL;
920#endif /* COAP_CLIENT_SUPPORT */
921
922 opt = coap_check_option(pdu, COAP_OPTION_OSCORE, &opt_iter);
923 assert(opt);
924 if (opt == NULL)
925 return NULL;
926
927 if (session->context->p_osc_ctx == NULL) {
928 coap_log_warn("OSCORE: Not enabled\n");
929 if (!coap_request)
930 coap_handle_event_lkd(session->context,
931 COAP_EVENT_OSCORE_NOT_ENABLED,
932 session);
933 return NULL;
934 }
935
936 if (pdu->data == NULL) {
937 coap_log_warn("OSCORE: No protected payload\n");
938 if (!coap_request)
939 coap_handle_event_lkd(session->context,
940 COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD,
941 session);
942 return NULL;
943 }
944
945 osc_size = coap_opt_length(opt);
946 osc_value = coap_opt_value(opt);
947
948 cose_encrypt0_init(cose); /* clear cose memory */
949
950 /* PDU code will be filled in after decryption */
951 decrypt_pdu =
952 coap_pdu_init(pdu->type, 0, pdu->mid, pdu->used_size);
953 if (decrypt_pdu == NULL) {
954 if (!coap_request)
955 coap_handle_event_lkd(session->context,
956 COAP_EVENT_OSCORE_INTERNAL_ERROR,
957 session);
958 goto error;
959 }
960
961 /* Copy across the Token */
962 pdu_token = coap_pdu_get_token(pdu);
963 coap_add_token(decrypt_pdu, pdu_token.length, pdu_token.s);
964
965 /*
966 * 8.2/8.4 Step 1.
967 * Copy outer options across, except E and OSCORE options
968 */
969 coap_option_iterator_init(pdu, &opt_iter, COAP_OPT_ALL);
970 while ((opt = coap_option_next(&opt_iter))) {
971 switch (opt_iter.number) {
972 /* 'E' options skipped */
973 case COAP_OPTION_IF_MATCH:
974 case COAP_OPTION_ETAG:
975 case COAP_OPTION_IF_NONE_MATCH:
976 case COAP_OPTION_OBSERVE:
977 case COAP_OPTION_LOCATION_PATH:
978 case COAP_OPTION_URI_PATH:
979 case COAP_OPTION_CONTENT_FORMAT:
980 case COAP_OPTION_MAXAGE:
981 case COAP_OPTION_URI_QUERY:
982 case COAP_OPTION_ACCEPT:
983 case COAP_OPTION_LOCATION_QUERY:
984 case COAP_OPTION_BLOCK2:
985 case COAP_OPTION_BLOCK1:
986 case COAP_OPTION_SIZE2:
987 case COAP_OPTION_SIZE1:
988 case COAP_OPTION_NORESPONSE:
989 case COAP_OPTION_ECHO:
990 case COAP_OPTION_RTAG:
991 /* OSCORE does not get copied across */
992 case COAP_OPTION_OSCORE:
993 break;
994 default:
995 if (!coap_add_option_internal(decrypt_pdu,
996 opt_iter.number,
997 coap_opt_length(opt),
998 coap_opt_value(opt))) {
999 if (!coap_request)
1000 coap_handle_event_lkd(session->context,
1001 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1002 session);
1003 goto error;
1004 }
1005 break;
1006 }
1007 }
1008
1009 if (coap_request) {
1010 uint64_t incoming_seq;
1011 /*
1012 * 8.2 Step 2
1013 * Decompress COSE object
1014 * Get Recipient Context based on kid and optional kid_context
1015 */
1016 if (oscore_decode_option_value(osc_value, osc_size, cose) == 0) {
1017 coap_log_warn("OSCORE: OSCORE Option cannot be decoded.\n");
1018 build_and_send_error_pdu(session,
1019 pdu,
1020 COAP_RESPONSE_CODE(402),
1021 "Failed to decode COSE",
1022 NULL,
1023 NULL,
1024 0);
1025 goto error_no_ack;
1026 }
1027 osc_ctx = oscore_find_context(session->context,
1028 cose->key_id,
1029 &cose->kid_context,
1030 NULL,
1031 &rcp_ctx);
1032 if (!osc_ctx) {
1033 if (cose->kid_context.length > 0) {
1034 const uint8_t *ptr;
1035 size_t length;
1036 /* Appendix B.2 protocol check - Is the recipient key_id known */
1037 osc_ctx = oscore_find_context(session->context,
1038 cose->key_id,
1039 NULL,
1040 session->oscore_r2 != 0 ? (uint8_t *)&session->oscore_r2 : NULL,
1041 &rcp_ctx);
1042 ptr = cose->kid_context.s;
1043 length = cose->kid_context.length;
1044 if (ptr && osc_ctx && osc_ctx->rfc8613_b_2 &&
1045 osc_ctx->mode == OSCORE_MODE_SINGLE) {
1046 /* Processing Appendix B.2 protocol */
1047 /* Need to CBOR unwrap kid_context */
1048 coap_bin_const_t kid_context;
1049
1050 kid_context.length = oscore_cbor_get_element_size(&ptr, &length);
1051 kid_context.s = ptr;
1052 cose_encrypt0_set_kid_context(cose, (coap_bin_const_t *)&kid_context);
1053
1054 if (session->oscore_r2 != 0) {
1055 /* B.2 step 4 */
1056 coap_bin_const_t *kc = coap_new_bin_const(cose->kid_context.s,
1057 cose->kid_context.length);
1058
1059 if (kc == NULL)
1060 goto error;
1061
1062 session->b_2_step = COAP_OSCORE_B_2_STEP_4;
1063 coap_log_oscore("Appendix B.2 server step 4 (R2 || R3)\n");
1064 oscore_update_ctx(osc_ctx, kc);
1065 } else {
1066 session->b_2_step = COAP_OSCORE_B_2_STEP_2;
1067 coap_log_oscore("Appendix B.2 server step 2 (ID1)\n");
1068 osc_ctx = oscore_duplicate_ctx(session->context,
1069 osc_ctx,
1070 osc_ctx->sender_context->sender_id,
1071 &cose->key_id,
1072 &cose->kid_context);
1073 if (osc_ctx == NULL)
1074 goto error;
1075 /*
1076 * Complete the Verify (B.2 step 2)
1077 * before sending back the response
1078 */
1079 rcp_ctx = osc_ctx->recipient_chain;
1080 }
1081 } else {
1082 osc_ctx = NULL;
1083 }
1084 }
1085 } else if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1086 session->b_2_step = COAP_OSCORE_B_2_NONE;
1087 coap_log_oscore("Appendix B.2 server finished\n");
1088 }
1089 if (!osc_ctx) {
1090 coap_log_crit("OSCORE: Security Context not found\n");
1091 oscore_log_hex_value(COAP_LOG_OSCORE, "key_id", &cose->key_id);
1092 oscore_log_hex_value(COAP_LOG_OSCORE, "kid_context", &cose->kid_context);
1093 build_and_send_error_pdu(session,
1094 pdu,
1095 COAP_RESPONSE_CODE(401),
1096 "Security context not found",
1097 NULL,
1098 NULL,
1099 0);
1100 goto error_no_ack;
1101 }
1102 /* to be used for encryption of returned response later */
1103 session->recipient_ctx = rcp_ctx;
1104 snd_ctx = osc_ctx->sender_context;
1105
1106 /*
1107 * 8.2 Step 3.
1108 * Verify Partial IV is not duplicated.
1109 *
1110 * Requires in COSE object as appropriate
1111 * partial_iv (as received)
1112 */
1113 if (rcp_ctx->initial_state == 0 &&
1114 !oscore_validate_sender_seq(rcp_ctx, cose)) {
1115 coap_log_warn("OSCORE: Replayed or old message\n");
1116 build_and_send_error_pdu(session,
1117 pdu,
1118 COAP_RESPONSE_CODE(401),
1119 "Replay detected",
1120 NULL,
1121 NULL,
1122 0);
1123 goto error_no_ack;
1124 }
1125
1126 incoming_seq =
1127 coap_decode_var_bytes8(cose->partial_iv.s, cose->partial_iv.length);
1128 rcp_ctx->last_seq = incoming_seq;
1129 } else { /* !coap_request */
1130 /*
1131 * 8.4 Step 2
1132 * Decompress COSE object
1133 * Get Recipient Context based on token
1134 */
1135 if (oscore_decode_option_value(osc_value, osc_size, cose) == 0) {
1136 coap_log_warn("OSCORE: OSCORE Option cannot be decoded.\n");
1137 coap_handle_event_lkd(session->context,
1138 COAP_EVENT_OSCORE_DECODE_ERROR,
1139 session);
1140 goto error;
1141 }
1142 got_resp_piv = cose->partial_iv.length ? 1 : 0;
1143
1144 association = oscore_find_association(session, &pdu_token);
1145 if (association) {
1146 rcp_ctx = association->recipient_ctx;
1147 osc_ctx = rcp_ctx->osc_ctx;
1148 snd_ctx = osc_ctx->sender_context;
1149#if COAP_CLIENT_SUPPORT
1150 sent_pdu = association->sent_pdu;
1151 if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1152 const uint8_t *ptr = cose->kid_context.s;
1153 size_t length = cose->kid_context.length;
1154
1155 if (ptr) {
1156 /* Need to CBOR unwrap kid_context */
1157 coap_bin_const_t kid_context;
1158
1159 kid_context.length = oscore_cbor_get_element_size(&ptr, &length);
1160 kid_context.s = ptr;
1161 cose_encrypt0_set_kid_context(cose, &kid_context);
1162 }
1163 if (ptr && !coap_binary_equal(osc_ctx->id_context, &cose->kid_context)) {
1164 /* If Appendix B.2 step 3 is in operation */
1165 /* Need to update Security Context with new (R2 || ID1) ID Context */
1166 coap_binary_t *kc = coap_new_binary(cose->kid_context.length +
1167 osc_ctx->id_context->length);
1168
1169 if (kc == NULL) {
1170 coap_handle_event_lkd(session->context,
1171 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1172 session);
1173 goto error;
1174 }
1175
1176 memcpy(kc->s, cose->kid_context.s, cose->kid_context.length);
1177 memcpy(&kc->s[cose->kid_context.length],
1178 osc_ctx->id_context->s,
1179 osc_ctx->id_context->length);
1180
1181 session->b_2_step = COAP_OSCORE_B_2_STEP_3;
1182 coap_log_oscore("Appendix B.2 client step 3 (R2 || ID1)\n");
1183 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1184 } else {
1185 session->b_2_step = COAP_OSCORE_B_2_STEP_5;
1186 coap_log_oscore("Appendix B.2 client step 5 (R2 || R3)\n");
1187 }
1188 }
1189#endif /* COAP_CLIENT_SUPPORT */
1190 } else {
1191 coap_log_crit("OSCORE: Security Context association not found\n");
1192 coap_handle_event_lkd(session->context,
1193 COAP_EVENT_OSCORE_NO_SECURITY,
1194 session);
1195 goto error;
1196 }
1197 }
1198
1199 cose_encrypt0_set_alg(cose, osc_ctx->aead_alg);
1200
1201 if (coap_request) {
1202 /*
1203 * RFC8613 8.2 Step 4.
1204 * Compose the External AAD and then AAD
1205 *
1206 * Non Group (based on osc_tx->mode) requires the following
1207 * aead_alg (osc_ctx)
1208 * request_kid (request key_id using cose)
1209 * request_piv (request partial_iv using cose)
1210 * options (none at present)
1211 * Group (based on osc_tx->mode) requires the following
1212 * aead_alg (osc_ctx) (pairwise mode)
1213 * sign_enc_alg (osc_ctx) (group mode)
1214 * sign_alg (osc_ctx) (group mode)
1215 * alg_pairwise_key_agreement (osc_ctx) (pairwise mode)
1216 * request_kid (request key_id using cose)
1217 * request_piv (request partial_iv using cose)
1218 * options (none at present)
1219 * request_kid_context (osc_ctx id_context)
1220 * OSCORE_option (as received in request)
1221 * test_gs_public_key (recipient public key)
1222 * gm_public_key (osc_ctx gm_public_key)
1223 *
1224 * Note: No I options at present
1225 */
1226
1227 /* External AAD */
1228 external_aad.s = external_aad_buffer;
1229 external_aad.length = oscore_prepare_e_aad(osc_ctx,
1230 cose,
1231 osc_value,
1232 osc_size,
1233 NULL,
1234 external_aad_buffer,
1235 sizeof(external_aad_buffer));
1236 cose_encrypt0_set_external_aad(cose, &external_aad);
1237
1238 /* AAD */
1239 aad.s = aad_buffer;
1240 aad.length = oscore_prepare_aad(external_aad_buffer,
1241 external_aad.length,
1242 aad_buffer,
1243 sizeof(aad_buffer));
1244 assert(aad.length < AAD_BUF_LEN);
1245 cose_encrypt0_set_aad(cose, &aad);
1246
1247 /*
1248 * RFC8613 8.2 Step 5.
1249 * Compute the AEAD nonce.
1250 *
1251 * Requires in COSE object as appropriate
1252 * key_id (kid) (Recipient ID)
1253 * partial_iv (as received in request)
1254 * common_iv (already in osc_ctx)
1255 */
1256 nonce.s = nonce_buffer;
1257 nonce.length = 13;
1258 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
1259 cose_encrypt0_set_nonce(cose, &nonce);
1260 /*
1261 * Set up an association for use in the response
1262 */
1263 association = oscore_find_association(session, &pdu_token);
1264 if (association) {
1265 /* Refresh the association */
1266 coap_delete_bin_const(association->nonce);
1267 association->nonce =
1268 coap_new_bin_const(cose->nonce.s, cose->nonce.length);
1269 if (association->nonce == NULL)
1270 goto error;
1271 coap_delete_bin_const(association->partial_iv);
1272 association->partial_iv =
1273 coap_new_bin_const(cose->partial_iv.s, cose->partial_iv.length);
1274 if (association->partial_iv == NULL)
1275 goto error;
1276 coap_delete_bin_const(association->aad);
1277 association->aad = coap_new_bin_const(cose->aad.s, cose->aad.length);
1278 if (association->aad == NULL)
1279 goto error;
1280 association->recipient_ctx = rcp_ctx;
1281 } else if (!oscore_new_association(session,
1282 NULL,
1283 &pdu_token,
1284 rcp_ctx,
1285 &cose->aad,
1286 &cose->nonce,
1287 &cose->partial_iv,
1288 0)) {
1289 goto error;
1290 }
1291 /* So association is not released when handling decrypt */
1292 association = NULL;
1293 } else { /* ! coap_request */
1294 /* Need to do nonce before AAD because of different partial_iv */
1295 /*
1296 * 8.4 Step 4.
1297 * Compose the AEAD nonce.
1298 */
1299 cose_encrypt0_set_key_id(cose, rcp_ctx->recipient_id);
1300 if (cose->partial_iv.length == 0) {
1301 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
1302 cose_encrypt0_set_nonce(cose, association->nonce);
1303 } else {
1304 uint64_t last_seq;
1305
1306 if (rcp_ctx->initial_state == 0 &&
1307 !oscore_validate_sender_seq(rcp_ctx, cose)) {
1308 coap_log_warn("OSCORE: Replayed or old message\n");
1309 goto error;
1310 }
1311 last_seq =
1312 coap_decode_var_bytes8(cose->partial_iv.s, cose->partial_iv.length);
1313 if (rcp_ctx->last_seq>= OSCORE_SEQ_MAX) {
1314 coap_log_warn("OSCORE Replay protection, SEQ larger than SEQ_MAX.\n");
1315 goto error;
1316 }
1317 if (last_seq > rcp_ctx->last_seq)
1318 rcp_ctx->last_seq = last_seq;
1319 /*
1320 * Requires in COSE object as appropriate
1321 * kid (set above)
1322 * partial_iv (as received)
1323 * common_iv (already in osc_ctx)
1324 */
1325 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
1326 nonce.s = nonce_buffer;
1327 nonce.length = 13;
1328 cose_encrypt0_set_nonce(cose, &nonce);
1329 }
1330#ifdef OSCORE_EXTRA_DEBUG
1331 dump_cose(cose, "!req post set nonce");
1332#endif /* OSCORE_EXTRA_DEBUG */
1333 /*
1334 * 8.4 Step 3.
1335 * Compose the External AAD and then AAD (same as request non-group (5.4)
1336 *
1337 * Non Group (based on osc_tx->mode) requires the following
1338 * aead_alg (osc_ctx)
1339 * request_kid (request key_id using cose)
1340 * request_piv (request partial_iv using cose)
1341 * options (none at present)
1342 * Group (based on osc_tx->mode) requires the following
1343 * aead_alg (osc_ctx) (pairwise mode)
1344 * sign_enc_alg (osc_ctx) (group mode)
1345 * sign_alg (osc_ctx) (group mode)
1346 * alg_pairwise_key_agreement (osc_ctx) (pairwise mode)
1347 * request_kid (request key_id using cose)
1348 * request_piv (request partial_iv using cose)
1349 * options (none at present)
1350 * request_kid_context (osc_ctx id_context)
1351 * OSCORE_option (as received in request)
1352 * test_gs_public_key (recipient public key)
1353 * gm_public_key (osc_ctx gm_public_key)
1354 *
1355 * Note: No I options at present
1356 */
1357
1358 /* External AAD */
1359 cose_encrypt0_set_key_id(cose, snd_ctx->sender_id);
1360 if (association->is_observe && association->obs_partial_iv && got_resp_piv) {
1361 cose_encrypt0_set_partial_iv(cose, association->obs_partial_iv);
1362 } else {
1363 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
1364 }
1365#ifdef OSCORE_EXTRA_DEBUG
1366 dump_cose(cose, "!req pre aad");
1367#endif /* OSCORE_EXTRA_DEBUG */
1368 external_aad.s = external_aad_buffer;
1369 external_aad.length = oscore_prepare_e_aad(osc_ctx,
1370 cose,
1371 NULL,
1372 0,
1373 NULL,
1374 external_aad_buffer,
1375 sizeof(external_aad_buffer));
1376 cose_encrypt0_set_external_aad(cose, &external_aad);
1377
1378 /* AAD */
1379 aad.s = aad_buffer;
1380 aad.length = oscore_prepare_aad(external_aad_buffer,
1381 external_aad.length,
1382 aad_buffer,
1383 sizeof(aad_buffer));
1384 assert(aad.length < AAD_BUF_LEN);
1385 cose_encrypt0_set_aad(cose, &aad);
1386#ifdef OSCORE_EXTRA_DEBUG
1387 dump_cose(cose, "!req post set aad");
1388#endif /* OSCORE_EXTRA_DEBUG */
1389 }
1390
1391 /*
1392 * 8.2 Step 6 / 8.4 Step 5.
1393 * Decrypt the COSE object.
1394 *
1395 * Requires in COSE object as appropriate
1396 * alg (already set)
1397 * key
1398 * nonce (already set)
1399 * aad (already set)
1400 * ciphertext
1401 */
1402 st_encrypt = pdu->data;
1403 encrypt_len = pdu->used_size - (pdu->data - pdu->token);
1404 if (encrypt_len <= 0) {
1405 coap_log_warn("OSCORE: No protected payload\n");
1406 if (!coap_request)
1407 coap_handle_event_lkd(session->context,
1408 COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD,
1409 session);
1410 goto error;
1411 }
1412 cose_encrypt0_set_key(cose, rcp_ctx->recipient_key);
1413 cose_encrypt0_set_ciphertext(cose, st_encrypt, encrypt_len);
1414
1415 tag_len = cose_tag_len(cose->alg);
1416 /* Decrypt into plain_pdu, so code (token), options and data are in place */
1417 plain_pdu = coap_pdu_init(0, 0, 0, encrypt_len /* - tag_len */);
1418 if (plain_pdu == NULL) {
1419 if (!coap_request)
1420 coap_handle_event_lkd(session->context,
1421 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1422 session);
1423 goto error;
1424 }
1425
1426 /* need the tag_len on the end for TinyDTLS to do its work - yuk */
1427 if (!coap_pdu_resize(plain_pdu, encrypt_len /* - tag_len */)) {
1428 if (!coap_request)
1429 coap_handle_event_lkd(session->context,
1430 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1431 session);
1432 goto error;
1433 }
1434
1435 /* Account for 1 byte 'code' used as token */
1436 plain_pdu->e_token_length = 1;
1437 plain_pdu->actual_token.length = 1;
1438 /* Account for the decrypted data */
1439 plain_pdu->used_size = encrypt_len - tag_len;
1440
1441 dump_cose(cose, "Pre decrypt");
1442 pltxt_size =
1443 cose_encrypt0_decrypt(cose, plain_pdu->token, encrypt_len - tag_len);
1444 if (pltxt_size <= 0) {
1445 coap_log_warn("OSCORE: Decryption Failure, result code: %d \n",
1446 (int)pltxt_size);
1447 if (coap_request) {
1448 build_and_send_error_pdu(session,
1449 pdu,
1450 COAP_RESPONSE_CODE(400),
1451 "Decryption failed",
1452 NULL,
1453 NULL,
1454 0);
1455 oscore_roll_back_seq(rcp_ctx);
1456 goto error_no_ack;
1457 } else {
1458 coap_handle_event_lkd(session->context,
1459 COAP_EVENT_OSCORE_DECRYPTION_FAILURE,
1460 session);
1461 }
1462 goto error;
1463 }
1464
1465 assert((size_t)pltxt_size < pdu->alloc_size + pdu->max_hdr_size);
1466
1467 /* Appendix B.2 Trap */
1468 if (session->b_2_step == COAP_OSCORE_B_2_STEP_2) {
1469 /* Need to update Security Context with new (R2 || ID1) ID Context */
1470 coap_binary_t *kc =
1471 coap_new_binary(sizeof(session->oscore_r2) + cose->kid_context.length);
1472 coap_bin_const_t oscore_r2;
1473
1474 if (kc == NULL) {
1475 if (!coap_request)
1476 coap_handle_event_lkd(session->context,
1477 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1478 session);
1479 goto error;
1480 }
1481
1482 coap_prng_lkd(&session->oscore_r2, sizeof(session->oscore_r2));
1483 memcpy(kc->s, &session->oscore_r2, sizeof(session->oscore_r2));
1484 memcpy(&kc->s[sizeof(session->oscore_r2)],
1485 cose->kid_context.s,
1486 cose->kid_context.length);
1487
1488 coap_log_oscore("Appendix B.2 server step 2 (R2 || ID1)\n");
1489 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1490
1491 oscore_r2.length = sizeof(session->oscore_r2);
1492 oscore_r2.s = (const uint8_t *)&session->oscore_r2;
1493 coap_log_oscore("Appendix B.2 server step 2 plain response\n");
1494 build_and_send_error_pdu(session,
1495 pdu,
1496 COAP_RESPONSE_CODE(401),
1497 NULL,
1498 NULL,
1499 &oscore_r2,
1500 1);
1501 goto error_no_ack;
1502 }
1503#if COAP_CLIENT_SUPPORT
1504 if (session->b_2_step == COAP_OSCORE_B_2_STEP_3) {
1505 coap_log_oscore("Appendix B.2 client step 3 (R2 || R3)\n");
1506 coap_pdu_encode_header(plain_pdu, session->proto);
1507 plain_pdu->actual_token.s = plain_pdu->token;
1508 plain_pdu->code = plain_pdu->token[0];
1509 if (plain_pdu->code != COAP_RESPONSE_CODE(401)) {
1510 coap_log_warn("OSCORE Appendix B.2: Expected 4.01 response\n");
1511 }
1512 /* Skip the options */
1513 coap_option_iterator_init(plain_pdu, &opt_iter, COAP_OPT_ALL);
1514 while (coap_option_next(&opt_iter)) {
1515 }
1516 if (opt_iter.length > 0 && opt_iter.next_option &&
1517 opt_iter.next_option[0] == COAP_PAYLOAD_START) {
1518 plain_pdu->data = &opt_iter.next_option[1];
1519 }
1520 coap_log_oscore("Inner Response PDU (plaintext)\n");
1521 coap_show_pdu(COAP_LOG_OSCORE, plain_pdu);
1522 /*
1523 * Need to update Security Context with new (R2 || R3) ID Context
1524 * and retransmit the request
1525 */
1526 coap_binary_t *kc = coap_new_binary(cose->kid_context.length + 8);
1527
1528 if (kc == NULL) {
1529 if (!coap_request)
1530 coap_handle_event_lkd(session->context,
1531 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1532 session);
1533 goto error;
1534 }
1535 memcpy(kc->s, cose->kid_context.s, cose->kid_context.length);
1536 coap_prng_lkd(&kc->s[cose->kid_context.length], 8);
1537
1538 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1539
1540 coap_cancel_all_messages(session->context,
1541 session,
1542 &pdu->actual_token);
1543 if (session->con_active)
1544 session->con_active--;
1545 coap_send_ack_lkd(session, pdu);
1546 if (sent_pdu) {
1547 coap_log_oscore("Appendix B.2 retransmit pdu\n");
1548 if (coap_retransmit_oscore_pdu(session, sent_pdu, NULL) ==
1549 COAP_INVALID_MID)
1550 goto error_no_ack;
1551 }
1552 goto error_no_ack;
1553 }
1554#endif /* COAP_CLIENT_SUPPORT */
1555
1556#if COAP_SERVER_SUPPORT
1557 /* Appendix B.1.2 request Trap */
1558 if (coap_request && osc_ctx->rfc8613_b_1_2) {
1559 if (rcp_ctx->initial_state == 1) {
1560 opt = coap_check_option(plain_pdu, COAP_OPTION_ECHO, &opt_iter);
1561 if (opt) {
1562 /* Verify Client is genuine */
1563 if (coap_opt_length(opt) == 8 &&
1564 memcmp(coap_opt_value(opt), rcp_ctx->echo_value, 8) == 0) {
1565 if (!oscore_validate_sender_seq(rcp_ctx, cose)) {
1566 coap_log_warn("OSCORE: Replayed or old message\n");
1567 build_and_send_error_pdu(session,
1568 pdu,
1569 COAP_RESPONSE_CODE(401),
1570 "Replay detected",
1571 NULL,
1572 NULL,
1573 0);
1574 goto error_no_ack;
1575 }
1576 } else
1577 goto error;
1578 } else {
1579 /* RFC 8163 Appendix B.1.2 */
1580 if (session->b_2_step == COAP_OSCORE_B_2_STEP_4) {
1581 session->b_2_step = COAP_OSCORE_B_2_NONE;
1582 coap_log_oscore("Appendix B.2 server finished\n");
1583 }
1584 coap_prng_lkd(rcp_ctx->echo_value, sizeof(rcp_ctx->echo_value));
1585 coap_log_oscore("Appendix B.1.2 server plain response\n");
1586 build_and_send_error_pdu(session,
1587 pdu,
1588 COAP_RESPONSE_CODE(401),
1589 NULL,
1590 rcp_ctx->echo_value,
1591 NULL,
1592 1);
1593 goto error_no_ack;
1594 }
1595 }
1596 }
1597#endif /* COAP_SERVER_SUPPORT */
1598
1599 /*
1600 * 8.2 Step 7 / 8.4 Step 6.
1601 * Add decrypted Code, options and payload
1602 * [OSCORE option not copied across previously]
1603 */
1604
1605 /* PDU code is pseudo plain_pdu token */
1606 decrypt_pdu->code = plain_pdu->token[0];
1607
1608 /* Copy inner decrypted options across */
1609 coap_option_iterator_init(plain_pdu, &opt_iter, COAP_OPT_ALL);
1610 while ((opt = coap_option_next(&opt_iter))) {
1611 size_t len;
1612 size_t bias;
1613
1614 switch (opt_iter.number) {
1615 case COAP_OPTION_OSCORE:
1616 break;
1617 case COAP_OPTION_OBSERVE:
1618 if (!coap_request) {
1619 bias = cose->partial_iv.length > 3 ? cose->partial_iv.length - 3 : 0;
1620 len = cose->partial_iv.length > 3 ? 3 : cose->partial_iv.length;
1621 /* Make Observe option reflect last 3 bytes of partial_iv */
1622 if (!coap_add_option_internal(
1623 decrypt_pdu,
1624 opt_iter.number,
1625 len,
1626 cose->partial_iv.s ? &cose->partial_iv.s[bias] : NULL)) {
1627 coap_handle_event_lkd(session->context,
1628 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1629 session);
1630 goto error;
1631 }
1632 doing_resp_observe = 1;
1633 break;
1634 }
1635 association = oscore_find_association(session, &pdu_token);
1636 if (association) {
1637 association->is_observe = 1;
1638 association = NULL;
1639 }
1640 /* Fall Through */
1641 default:
1642 if (!coap_insert_option(decrypt_pdu,
1643 opt_iter.number,
1644 coap_opt_length(opt),
1645 coap_opt_value(opt))) {
1646 if (!coap_request)
1647 coap_handle_event_lkd(session->context,
1648 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1649 session);
1650 goto error;
1651 }
1652 break;
1653 }
1654 }
1655 if (!coap_request && !doing_resp_observe) {
1656 if (association) {
1657 association->is_observe = 0;
1658 }
1659 }
1660 /* Need to copy across any data */
1661 if (opt_iter.length > 0 && opt_iter.next_option &&
1662 opt_iter.next_option[0] == COAP_PAYLOAD_START) {
1663 plain_pdu->data = &opt_iter.next_option[1];
1664 if (!coap_add_data(decrypt_pdu,
1665 plain_pdu->used_size -
1666 (plain_pdu->data - plain_pdu->token),
1667 plain_pdu->data)) {
1668 if (!coap_request)
1669 coap_handle_event_lkd(session->context,
1670 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1671 session);
1672 goto error;
1673 }
1674 }
1675 coap_delete_pdu_lkd(plain_pdu);
1676 plain_pdu = NULL;
1677
1678 /* Make sure headers are correctly set up */
1679 if (!coap_pdu_encode_header(decrypt_pdu, session->proto)) {
1680 if (!coap_request)
1681 coap_handle_event_lkd(session->context,
1682 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1683 session);
1684 goto error;
1685 }
1686
1687 if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1688 session->b_2_step = COAP_OSCORE_B_2_NONE;
1689 coap_log_oscore("Appendix B.2 client finished\n");
1690 }
1691#if COAP_CLIENT_SUPPORT
1692 if (decrypt_pdu->code == COAP_RESPONSE_CODE(401) &&
1693 (opt = coap_check_option(decrypt_pdu, COAP_OPTION_ECHO, &opt_iter))) {
1694 /* Server is requesting Echo refresh check */
1695 coap_cancel_all_messages(session->context,
1696 session,
1697 &pdu->actual_token);
1698 if (session->con_active)
1699 session->con_active--;
1700 if (!sent_pdu) {
1701 coap_lg_crcv_t *lg_crcv = coap_find_lg_crcv(session, pdu);
1702
1703 if (lg_crcv)
1704 sent_pdu = lg_crcv->sent_pdu;
1705 }
1706 if (sent_pdu) {
1707 coap_send_ack_lkd(session, pdu);
1708 coap_log_debug("PDU requesting re-transmit\n");
1709 coap_show_pdu(COAP_LOG_DEBUG, decrypt_pdu);
1710 coap_log_oscore("RFC9175 retransmit pdu\n");
1711 /* Do not care if this fails */
1712 if (coap_retransmit_oscore_pdu(session, sent_pdu, opt) != COAP_INVALID_MID) {
1713 session->doing_b_1_2 = 1;
1714 }
1715 goto error_no_ack;
1716 }
1717 } else if (session->doing_b_1_2) {
1718 coap_lg_crcv_t *lg_crcv = coap_find_lg_crcv(session, pdu);
1719
1720 if (lg_crcv) {
1721 if (!coap_binary_equal(&decrypt_pdu->actual_token, lg_crcv->app_token)) {
1722 coap_update_token(decrypt_pdu, lg_crcv->app_token->length, lg_crcv->app_token->s);
1723 }
1724 }
1725 session->doing_b_1_2 = 0;
1726 }
1727#endif /* COAP_CLIENT_SUPPORT */
1728 if (association && association->is_observe == 0)
1729 oscore_delete_association(session, association);
1730 return decrypt_pdu;
1731
1732error:
1733 coap_send_ack_lkd(session, pdu);
1734error_no_ack:
1735 if (association && association->is_observe == 0)
1736 oscore_delete_association(session, association);
1737 coap_delete_pdu_lkd(decrypt_pdu);
1738 coap_delete_pdu_lkd(plain_pdu);
1739 return NULL;
1740}
1741
1742typedef enum {
1743 COAP_ENC_ASCII = 0x01,
1744 COAP_ENC_HEX = 0x02,
1745 COAP_ENC_INTEGER = 0x08,
1746 COAP_ENC_TEXT = 0x10,
1747 COAP_ENC_BOOL = 0x20,
1748 COAP_ENC_LAST
1749} coap_oscore_coding_t;
1750
1751#undef TEXT_MAPPING
1752#define TEXT_MAPPING(t, v) \
1753 { { sizeof(#t)-1, (const uint8_t *)#t }, v }
1754
1755static struct coap_oscore_encoding_t {
1756 coap_str_const_t name;
1757 coap_oscore_coding_t encoding;
1758} oscore_encoding[] = {
1759 TEXT_MAPPING(ascii, COAP_ENC_ASCII),
1760 TEXT_MAPPING(hex, COAP_ENC_HEX),
1761 TEXT_MAPPING(integer, COAP_ENC_INTEGER),
1762 TEXT_MAPPING(text, COAP_ENC_TEXT),
1763 TEXT_MAPPING(bool, COAP_ENC_BOOL),
1764 {{0, NULL}, COAP_ENC_LAST}
1765};
1766
1767typedef struct {
1768 coap_oscore_coding_t encoding;
1769 const char *encoding_name;
1770 union {
1771 int value_int;
1772 coap_bin_const_t *value_bin;
1773 coap_str_const_t value_str;
1774 } u;
1775} oscore_value_t;
1776
1777static uint8_t
1778hex2char(char c) {
1779 assert(isxdigit(c));
1780 if ('a' <= c && c <= 'f')
1781 return c - 'a' + 10;
1782 else if ('A' <= c && c <= 'F')
1783 return c - 'A' + 10;
1784 else
1785 return c - '0';
1786}
1787
1788/* Parse the hex into binary */
1789static coap_bin_const_t *
1790parse_hex_bin(const char *begin, const char *end) {
1791 coap_binary_t *binary = NULL;
1792 size_t i;
1793
1794 if ((end - begin) % 2 != 0)
1795 goto bad_entry;
1796 binary = coap_new_binary((end - begin) / 2);
1797 if (binary == NULL)
1798 goto bad_entry;
1799 for (i = 0; (i < (size_t)(end - begin)) && isxdigit((uint8_t)begin[i]) &&
1800 isxdigit((uint8_t)begin[i + 1]);
1801 i += 2) {
1802 binary->s[i / 2] = (hex2char(begin[i]) << 4) + hex2char(begin[i + 1]);
1803 }
1804 if (i != (size_t)(end - begin))
1805 goto bad_entry;
1806 return (coap_bin_const_t *)binary;
1807
1808bad_entry:
1809 coap_delete_binary(binary);
1810 return NULL;
1811}
1812
1813/*
1814 * Break up each OSCORE Configuration line entry into the 3 parts which
1815 * are comma separated
1816 *
1817 * keyword,encoding,value
1818 */
1819static int
1820get_split_entry(const char **start,
1821 size_t size,
1822 coap_str_const_t *keyword,
1823 oscore_value_t *value) {
1824 const char *begin = *start;
1825 const char *end;
1826 const char *kend;
1827 const char *split;
1828 size_t i;
1829 size_t len;
1830
1831retry:
1832 kend = end = memchr(begin, '\n', size);
1833 if (end == NULL)
1834 return 0;
1835
1836 /* Track beginning of next line */
1837 *start = end + 1;
1838 if (end > begin && end[-1] == '\r')
1839 end--;
1840
1841 if (begin[0] == '#' || (end - begin) == 0) {
1842 /* Skip comment / blank line */
1843 size -= kend - begin + 1;
1844 begin = *start;
1845 goto retry;
1846 }
1847
1848 /* Get in the keyword */
1849 split = memchr(begin, ',', end - begin);
1850 if (split == NULL)
1851 goto bad_entry;
1852
1853 keyword->s = (const uint8_t *)begin;
1854 keyword->length = split - begin;
1855
1856 begin = split + 1;
1857 if ((end - begin) == 0)
1858 goto bad_entry;
1859 /* Get in the encoding */
1860 split = memchr(begin, ',', end - begin);
1861 if (split == NULL)
1862 goto bad_entry;
1863
1864 for (i = 0; oscore_encoding[i].name.s; i++) {
1865 coap_str_const_t temp = { split - begin, (const uint8_t *)begin };
1866
1867 if (coap_string_equal(&temp, &oscore_encoding[i].name)) {
1868 value->encoding = oscore_encoding[i].encoding;
1869 value->encoding_name = (const char *)oscore_encoding[i].name.s;
1870 break;
1871 }
1872 }
1873 if (oscore_encoding[i].name.s == NULL)
1874 goto bad_entry;
1875
1876 begin = split + 1;
1877 if ((end - begin) == 0)
1878 goto bad_entry;
1879 /* Get in the keyword's value */
1880 if (begin[0] == '"') {
1881 split = memchr(&begin[1], '"', end - split - 1);
1882 if (split == NULL)
1883 goto bad_entry;
1884 end = split;
1885 begin++;
1886 }
1887 switch (value->encoding) {
1888 case COAP_ENC_ASCII:
1889 value->u.value_bin =
1890 coap_new_bin_const((const uint8_t *)begin, end - begin);
1891 break;
1892 case COAP_ENC_HEX:
1893 /* Parse the hex into binary */
1894 value->u.value_bin = parse_hex_bin(begin, end);
1895 if (value->u.value_bin == NULL)
1896 goto bad_entry;
1897 break;
1898 case COAP_ENC_INTEGER:
1899 value->u.value_int = atoi(begin);
1900 break;
1901 case COAP_ENC_TEXT:
1902 value->u.value_str.s = (const uint8_t *)begin;
1903 value->u.value_str.length = end - begin;
1904 break;
1905 case COAP_ENC_BOOL:
1906 len = (size_t)(end - begin);
1907 if (len == 4 && memcmp("true", begin, len) == 0)
1908 value->u.value_int = 1;
1909 else if (len == 5 && memcmp("false", begin, len) == 0)
1910 value->u.value_int = 0;
1911 else
1912 goto bad_entry;
1913 break;
1914 case COAP_ENC_LAST:
1915 default:
1916 goto bad_entry;
1917 }
1918 return 1;
1919
1920bad_entry:
1921 coap_log_warn("oscore_conf: Unrecognized configuration entry '%.*s'\n",
1922 (int)(end - begin),
1923 begin);
1924 return -1;
1925}
1926
1927#undef CONFIG_ENTRY
1928#define CONFIG_ENTRY(n, e, t) \
1929 { { sizeof(#n)-1, (const uint8_t *)#n }, e, \
1930 offsetof(coap_oscore_conf_t, n), t }
1931
1932typedef struct oscore_text_mapping_t {
1933 coap_str_const_t text;
1934 int value;
1935} oscore_text_mapping_t;
1936
1937/* Naming as per https://www.iana.org/assignments/cose/cose.xhtml#algorithms */
1938static oscore_text_mapping_t text_aead_alg[] = {
1939 TEXT_MAPPING(AES-CCM-16-64-128, COSE_ALGORITHM_AES_CCM_16_64_128),
1940 TEXT_MAPPING(AES-CCM-16-64-256, COSE_ALGORITHM_AES_CCM_16_64_256),
1941 {{0, NULL}, 0}
1942};
1943
1944static oscore_text_mapping_t text_hkdf_alg[] = {
1945 TEXT_MAPPING(direct+HKDF-SHA-256, COSE_HKDF_ALG_HKDF_SHA_256),
1946 {{0, NULL}, 0}
1947};
1948
1949static struct oscore_config_t {
1950 coap_str_const_t str_keyword;
1951 coap_oscore_coding_t encoding;
1952 size_t offset;
1953 oscore_text_mapping_t *text_mapping;
1954} oscore_config[] = {
1955 CONFIG_ENTRY(master_secret, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1956 CONFIG_ENTRY(master_salt, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1957 CONFIG_ENTRY(sender_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1958 CONFIG_ENTRY(id_context, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1959 CONFIG_ENTRY(recipient_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1960 CONFIG_ENTRY(replay_window, COAP_ENC_INTEGER, NULL),
1961 CONFIG_ENTRY(ssn_freq, COAP_ENC_INTEGER, NULL),
1962 CONFIG_ENTRY(aead_alg, COAP_ENC_INTEGER | COAP_ENC_TEXT, text_aead_alg),
1963 CONFIG_ENTRY(hkdf_alg, COAP_ENC_INTEGER | COAP_ENC_TEXT, text_hkdf_alg),
1964 CONFIG_ENTRY(rfc8613_b_1_2, COAP_ENC_BOOL, NULL),
1965 CONFIG_ENTRY(rfc8613_b_2, COAP_ENC_BOOL, NULL),
1966 CONFIG_ENTRY(break_sender_key, COAP_ENC_BOOL, NULL),
1967 CONFIG_ENTRY(break_recipient_key, COAP_ENC_BOOL, NULL),
1968};
1969
1970int
1971coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf) {
1972 uint32_t i;
1973
1974 if (oscore_conf == NULL)
1975 return 0;
1976
1977 coap_delete_bin_const(oscore_conf->master_secret);
1978 coap_delete_bin_const(oscore_conf->master_salt);
1979 coap_delete_bin_const(oscore_conf->id_context);
1980 coap_delete_bin_const(oscore_conf->sender_id);
1981 for (i = 0; i < oscore_conf->recipient_id_count; i++) {
1982 coap_delete_bin_const(oscore_conf->recipient_id[i]);
1983 }
1984 coap_free_type(COAP_STRING, oscore_conf->recipient_id);
1985 coap_free_type(COAP_STRING, oscore_conf);
1986 return 1;
1987}
1988
1989static coap_oscore_conf_t *
1990coap_parse_oscore_conf_mem(coap_str_const_t conf_mem) {
1991 const char *start = (const char *)conf_mem.s;
1992 const char *end = start + conf_mem.length;
1993 coap_str_const_t keyword;
1994 oscore_value_t value;
1995 coap_oscore_conf_t *oscore_conf;
1996 int split_ok = -1;
1997
1998 oscore_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_conf_t));
1999 if (oscore_conf == NULL)
2000 return NULL;
2001 memset(oscore_conf, 0, sizeof(coap_oscore_conf_t));
2002
2003 memset(&value, 0, sizeof(value));
2004 /* Preset with defaults */
2005 oscore_conf->replay_window = COAP_OSCORE_DEFAULT_REPLAY_WINDOW;
2006 oscore_conf->ssn_freq = 1;
2007 oscore_conf->aead_alg = COSE_ALGORITHM_AES_CCM_16_64_128;
2008 oscore_conf->hkdf_alg = COSE_HKDF_ALG_HKDF_SHA_256;
2009 oscore_conf->rfc8613_b_1_2 = 1;
2010 oscore_conf->rfc8613_b_2 = 0;
2011 oscore_conf->break_sender_key = 0;
2012 oscore_conf->break_recipient_key = 0;
2013
2014 while (end > start &&
2015 (split_ok = get_split_entry(&start, end - start, &keyword, &value)) > 0) {
2016 size_t i;
2017 size_t j;
2018
2019 for (i = 0; i < sizeof(oscore_config) / sizeof(oscore_config[0]); i++) {
2020 if (coap_string_equal(&oscore_config[i].str_keyword, &keyword) != 0 &&
2021 value.encoding & oscore_config[i].encoding) {
2022 if (coap_string_equal(coap_make_str_const("recipient_id"), &keyword)) {
2023 if (value.u.value_bin->length > 7) {
2024 coap_log_warn("oscore_conf: Maximum size of recipient_id is 7 bytes\n");
2025 goto error_free_value_bin;
2026 }
2027 /* Special case as there are potentially multiple entries */
2028 oscore_conf->recipient_id =
2029 coap_realloc_type(COAP_STRING,
2030 oscore_conf->recipient_id,
2031 sizeof(oscore_conf->recipient_id[0]) *
2032 (oscore_conf->recipient_id_count + 1));
2033 if (oscore_conf->recipient_id == NULL) {
2034 goto error_free_value_bin;
2035 }
2036 oscore_conf->recipient_id[oscore_conf->recipient_id_count++] =
2037 value.u.value_bin;
2038 } else {
2039 coap_bin_const_t *unused_check;
2040
2041 switch (value.encoding) {
2042 case COAP_ENC_HEX:
2043 case COAP_ENC_ASCII:
2044 memcpy(&unused_check,
2045 &(((char *)oscore_conf)[oscore_config[i].offset]),
2046 sizeof(unused_check));
2047 if (unused_check != NULL) {
2048 coap_log_warn("oscore_conf: Keyword '%.*s' duplicated\n",
2049 (int)keyword.length,
2050 (const char *)keyword.s);
2051 goto error;
2052 }
2053 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
2054 &value.u.value_bin,
2055 sizeof(value.u.value_bin));
2056 break;
2057 case COAP_ENC_INTEGER:
2058 case COAP_ENC_BOOL:
2059 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
2060 &value.u.value_int,
2061 sizeof(value.u.value_int));
2062 break;
2063 case COAP_ENC_TEXT:
2064 for (j = 0; oscore_config[i].text_mapping[j].text.s != NULL; j++) {
2065 if (coap_string_equal(&value.u.value_str,
2066 &oscore_config[i].text_mapping[j].text)) {
2067 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
2068 &oscore_config[i].text_mapping[j].value,
2069 sizeof(oscore_config[i].text_mapping[j].value));
2070 break;
2071 }
2072 }
2073 if (oscore_config[i].text_mapping[j].text.s == NULL) {
2074 coap_log_warn("oscore_conf: Keyword '%.*s': value '%.*s' unknown\n",
2075 (int)keyword.length,
2076 (const char *)keyword.s,
2077 (int)value.u.value_str.length,
2078 (const char *)value.u.value_str.s);
2079 goto error;
2080 }
2081 break;
2082 case COAP_ENC_LAST:
2083 default:
2084 assert(0);
2085 break;
2086 }
2087 }
2088 break;
2089 }
2090 }
2091 if (i == sizeof(oscore_config) / sizeof(oscore_config[0])) {
2092 coap_log_warn("oscore_conf: Keyword '%.*s', type '%s' unknown\n",
2093 (int)keyword.length,
2094 (const char *)keyword.s,
2095 value.encoding_name);
2096 if (value.encoding == COAP_ENC_HEX || value.encoding == COAP_ENC_ASCII)
2097 coap_delete_bin_const(value.u.value_bin);
2098 goto error;
2099 }
2100 }
2101 if (split_ok == -1)
2102 goto error;
2103 if (!oscore_conf->master_secret) {
2104 coap_log_warn("oscore_conf: master_secret not defined\n");
2105 goto error;
2106 }
2107 if (!oscore_conf->sender_id) {
2108 coap_log_warn("oscore_conf: sender_id not defined\n");
2109 goto error;
2110 }
2111 if (oscore_conf->sender_id->length > 7) {
2112 coap_log_warn("oscore_conf: Maximum size of sender_id is 7 bytes\n");
2113 goto error;
2114 }
2115 if (oscore_conf->recipient_id && oscore_conf->recipient_id[0]->length > 7) {
2116 coap_log_warn("oscore_conf: Maximum size of recipient_id is 7 bytes\n");
2117 goto error;
2118 }
2119 return oscore_conf;
2120
2121error_free_value_bin:
2122 coap_delete_bin_const(value.u.value_bin);
2123error:
2124 coap_delete_oscore_conf(oscore_conf);
2125 return NULL;
2126}
2127
2128static oscore_ctx_t *
2129coap_oscore_init(coap_context_t *c_context, coap_oscore_conf_t *oscore_conf) {
2130 oscore_ctx_t *osc_ctx = NULL;
2131
2132 if (!coap_crypto_check_cipher_alg(oscore_conf->aead_alg)) {
2133 coap_log_warn("COSE: Cipher Algorithm %d not supported\n",
2134 oscore_conf->aead_alg);
2135 goto error;
2136 }
2137 if (!coap_crypto_check_hkdf_alg(oscore_conf->hkdf_alg)) {
2138 coap_log_warn("COSE: HKDF Algorithm %d not supported\n",
2139 oscore_conf->hkdf_alg);
2140 goto error;
2141 }
2142
2143 osc_ctx = oscore_derive_ctx(c_context, oscore_conf);
2144 if (!osc_ctx) {
2145 coap_log_crit("OSCORE: Could not create Security Context!\n");
2146 goto error;
2147 }
2148
2149 /* Free off the recipient_id array */
2150 coap_free_type(COAP_STRING, oscore_conf->recipient_id);
2151 oscore_conf->recipient_id = NULL;
2152
2153 /* As all is stored in osc_ctx, oscore_conf is no longer needed */
2154 coap_free_type(COAP_STRING, oscore_conf);
2155
2156 /* return default first context */
2157 return osc_ctx;
2158
2159error:
2160 /* Remove from linked chain */
2161 oscore_remove_context(c_context, osc_ctx);
2162
2163 coap_delete_oscore_conf(oscore_conf);
2164 return NULL;
2165}
2166
2167void
2168coap_delete_all_oscore(coap_context_t *c_context) {
2169 oscore_free_contexts(c_context);
2170}
2171
2172void
2173coap_delete_oscore_associations(coap_session_t *session) {
2174 oscore_delete_server_associations(session);
2175}
2176
2177coap_oscore_conf_t *
2178coap_new_oscore_conf(coap_str_const_t conf_mem,
2179 coap_oscore_save_seq_num_t save_seq_num_func,
2180 void *save_seq_num_func_param,
2181 uint64_t start_seq_num) {
2182 coap_oscore_conf_t *oscore_conf = coap_parse_oscore_conf_mem(conf_mem);
2183
2184 if (oscore_conf == NULL)
2185 return NULL;
2186
2187 oscore_conf->save_seq_num_func = save_seq_num_func;
2188 oscore_conf->save_seq_num_func_param = save_seq_num_func_param;
2189 oscore_conf->start_seq_num = start_seq_num;
2190 coap_log_oscore("Start Seq no %" PRIu64 "\n", start_seq_num);
2191 return oscore_conf;
2192}
2193
2194/*
2195 * Compute the size of the potential OSCORE overhead
2196 */
2197size_t
2198coap_oscore_overhead(coap_session_t *session, coap_pdu_t *pdu) {
2199 size_t overhead = 0;
2200 oscore_recipient_ctx_t *rcp_ctx = session->recipient_ctx;
2201 oscore_ctx_t *osc_ctx = rcp_ctx ? rcp_ctx->osc_ctx : NULL;
2202 coap_opt_iterator_t opt_iter;
2203 coap_opt_t *option;
2204
2205 if (osc_ctx == NULL)
2206 return 0;
2207
2208 /* Protected code held in inner PDU as token */
2209 overhead += 1;
2210
2211 /* Observe option (creates inner and outer */
2212 option = coap_check_option(pdu, COAP_OPTION_OBSERVE, &opt_iter);
2213 if (option) {
2214 /* Assume delta is small */
2215 overhead += 2 + coap_opt_length(option);
2216 }
2217
2218 /* Proxy URI option Split - covered by coap_rebuild_pdu_for_proxy () */
2219
2220 /* OSCORE option */
2221 /* Option header */
2222 overhead += 1 +
2223 /* Partial IV (64 bits max)*/
2224 8 +
2225 /* kid context */
2226 (osc_ctx->id_context ? osc_ctx->id_context->length : 0) +
2227 /* kid */
2228 osc_ctx->sender_context->sender_id->length;
2229
2230 /* AAD overhead */
2231 overhead += AES_CCM_TAG;
2232
2233 /* End of options marker */
2234 overhead += 1;
2235
2236 return overhead;
2237}
2238
2239COAP_API int
2240coap_new_oscore_recipient(coap_context_t *context,
2241 coap_bin_const_t *recipient_id) {
2242 int ret;
2243
2244 coap_lock_lock(return 0);
2245 ret = coap_new_oscore_recipient_lkd(context, recipient_id);
2246 coap_lock_unlock();
2247 return ret;
2248}
2249
2250int
2251coap_new_oscore_recipient_lkd(coap_context_t *context,
2252 coap_bin_const_t *recipient_id) {
2253 coap_lock_check_locked();
2254 if (context->p_osc_ctx == NULL)
2255 return 0;
2256 if (oscore_add_recipient(context->p_osc_ctx, recipient_id, 0) == NULL)
2257 return 0;
2258 return 1;
2259}
2260
2261COAP_API int
2262coap_delete_oscore_recipient(coap_context_t *context,
2263 coap_bin_const_t *recipient_id) {
2264 int ret;
2265
2266 if (!context || !recipient_id)
2267 return 0;
2268 coap_lock_lock(return 0);
2269 ret = coap_delete_oscore_recipient_lkd(context, recipient_id);
2270 coap_lock_unlock();
2271 return ret;
2272}
2273
2274int
2275coap_delete_oscore_recipient_lkd(coap_context_t *context,
2276 coap_bin_const_t *recipient_id) {
2277 coap_lock_check_locked();
2278 if (context->p_osc_ctx == NULL)
2279 return 0;
2280 return oscore_delete_recipient(context->p_osc_ctx, recipient_id);
2281}
2282
2285#else /* !COAP_OSCORE_SUPPORT */
2286int
2287coap_oscore_is_supported(void) {
2288 return 0;
2289}
2290
2291coap_session_t *
2292coap_new_client_session_oscore(coap_context_t *ctx,
2293 const coap_address_t *local_if,
2294 const coap_address_t *server,
2295 coap_proto_t proto,
2296 coap_oscore_conf_t *oscore_conf) {
2297 (void)ctx;
2298 (void)local_if;
2299 (void)server;
2300 (void)proto;
2301 (void)oscore_conf;
2302 return NULL;
2303}
2304
2305coap_session_t *
2306coap_new_client_session_oscore_psk(coap_context_t *ctx,
2307 const coap_address_t *local_if,
2308 const coap_address_t *server,
2309 coap_proto_t proto,
2310 coap_dtls_cpsk_t *psk_data,
2311 coap_oscore_conf_t *oscore_conf) {
2312 (void)ctx;
2313 (void)local_if;
2314 (void)server;
2315 (void)proto;
2316 (void)psk_data;
2317 (void)oscore_conf;
2318 return NULL;
2319}
2320
2321coap_session_t *
2322coap_new_client_session_oscore_pki(coap_context_t *ctx,
2323 const coap_address_t *local_if,
2324 const coap_address_t *server,
2325 coap_proto_t proto,
2326 coap_dtls_pki_t *pki_data,
2327 coap_oscore_conf_t *oscore_conf) {
2328 (void)ctx;
2329 (void)local_if;
2330 (void)server;
2331 (void)proto;
2332 (void)pki_data;
2333 (void)oscore_conf;
2334 return NULL;
2335}
2336
2337int
2338coap_context_oscore_server(coap_context_t *context,
2339 coap_oscore_conf_t *oscore_conf) {
2340 (void)context;
2341 (void)oscore_conf;
2342 return 0;
2343}
2344
2345coap_oscore_conf_t *
2346coap_new_oscore_conf(coap_str_const_t conf_mem,
2347 coap_oscore_save_seq_num_t save_seq_num_func,
2348 void *save_seq_num_func_param,
2349 uint64_t start_seq_num) {
2350 (void)conf_mem;
2351 (void)save_seq_num_func;
2352 (void)save_seq_num_func_param;
2353 (void)start_seq_num;
2354 return NULL;
2355}
2356
2357int
2358coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf) {
2359 (void)oscore_conf;
2360 return 0;
2361}
2362
2363int
2364coap_new_oscore_recipient(coap_context_t *context,
2365 coap_bin_const_t *recipient_id) {
2366 (void)context;
2367 (void)recipient_id;
2368 return 0;
2369}
2370
2371int
2372coap_delete_oscore_recipient(coap_context_t *context,
2373 coap_bin_const_t *recipient_id) {
2374 (void)context;
2375 (void)recipient_id;
2376 return 0;
2377}
2378
2379#endif /* !COAP_OSCORE_SUPPORT */
PRIu64
#define PRIu64
Definition coap_internal.h:51
coap_libcoap_build.h
Library specific build wrapper for coap_internal.h.
COAP_API
#define COAP_API
Definition coap_libcoap_build.h:41
COAP_OSCORE_BUF
@ COAP_OSCORE_BUF
Definition coap_mem.h:61
COAP_STRING
@ COAP_STRING
Definition coap_mem.h:34
coap_realloc_type
void * coap_realloc_type(coap_memory_tag_t type, void *p, size_t size)
Reallocates a chunk p of bytes created by coap_malloc_type() or coap_realloc_type() and returns a poi...
coap_malloc_type
void * coap_malloc_type(coap_memory_tag_t type, size_t size)
Allocates a chunk of size bytes and returns a pointer to the newly allocated memory.
coap_free_type
void coap_free_type(coap_memory_tag_t type, void *p)
Releases the memory that was allocated by coap_malloc_type().
coap_opt_t
uint8_t coap_opt_t
Use byte-oriented access methods here because sliding a complex struct coap_opt_t over the data buffe...
Definition coap_option.h:30
coap_uri_scheme_is_secure
static int coap_uri_scheme_is_secure(const coap_uri_t *uri)
Definition coap_uri.h:88
COAP_URI_SCHEME_LAST
@ COAP_URI_SCHEME_LAST
Definition coap_uri.h:41
coap_send_ack_lkd
coap_mid_t coap_send_ack_lkd(coap_session_t *session, const coap_pdu_t *request)
Sends an ACK message with code 0 for the specified request to dst.
Definition coap_net.c:1095
coap_retransmit_oscore_pdu
coap_mid_t coap_retransmit_oscore_pdu(coap_session_t *session, coap_pdu_t *pdu, coap_opt_t *echo)
coap_find_lg_crcv
coap_lg_crcv_t * coap_find_lg_crcv(coap_session_t *session, coap_pdu_t *pdu)
Find the current lg_crcv for the session that matches the pdu.
COAP_BLOCK_CACHE_RESPONSE
#define COAP_BLOCK_CACHE_RESPONSE
Definition coap_block.h:73
coap_prng_lkd
int coap_prng_lkd(void *buf, size_t len)
Fills buf with len random bytes using the default pseudo random number generator.
Definition coap_prng.c:190
coap_handle_event_lkd
int coap_handle_event_lkd(coap_context_t *context, coap_event_t event, coap_session_t *session)
Invokes the event handler of context for the given event and data.
Definition coap_net.c:5000
coap_new_message_id_lkd
uint16_t coap_new_message_id_lkd(coap_session_t *session)
Returns a new message id and updates session->tx_mid accordingly.
Definition coap_session.c:2286
coap_send_internal
coap_mid_t coap_send_internal(coap_session_t *session, coap_pdu_t *pdu, coap_pdu_t *request_pdu)
Sends a CoAP message to given peer.
Definition coap_net.c:1872
coap_cancel_all_messages
void coap_cancel_all_messages(coap_context_t *context, coap_session_t *session, coap_bin_const_t *token)
Cancels all outstanding messages for session session that have the specified token.
Definition coap_net.c:3141
COAP_OSCORE_DEFAULT_REPLAY_WINDOW
#define COAP_OSCORE_DEFAULT_REPLAY_WINDOW
Definition coap_crypto_internal.h:42
coap_crypto_check_hkdf_alg
int coap_crypto_check_hkdf_alg(cose_hkdf_alg_t hkdf_alg)
Check whether the defined hkdf algorithm is supported by the underlying crypto library.
coap_crypto_check_cipher_alg
int coap_crypto_check_cipher_alg(cose_alg_t alg)
Check whether the defined cipher algorithm is supported by the underlying crypto library.
coap_encode_var_safe
unsigned int coap_encode_var_safe(uint8_t *buf, size_t length, unsigned int val)
Encodes multiple-length byte sequences.
Definition coap_encode.c:47
coap_decode_var_bytes
unsigned int coap_decode_var_bytes(const uint8_t *buf, size_t len)
Decodes multiple-length byte sequences.
Definition coap_encode.c:38
coap_decode_var_bytes8
uint64_t coap_decode_var_bytes8(const uint8_t *buf, size_t len)
Decodes multiple-length byte sequences.
Definition coap_encode.c:70
coap_encode_var_safe8
unsigned int coap_encode_var_safe8(uint8_t *buf, size_t length, uint64_t val)
Encodes multiple-length byte sequences.
Definition coap_encode.c:80
COAP_EVENT_OSCORE_DECODE_ERROR
@ COAP_EVENT_OSCORE_DECODE_ERROR
Triggered when there is an OSCORE decode of OSCORE option failure.
Definition coap_event.h:130
COAP_EVENT_OSCORE_INTERNAL_ERROR
@ COAP_EVENT_OSCORE_INTERNAL_ERROR
Triggered when there is an OSCORE internal error i.e malloc failed.
Definition coap_event.h:128
COAP_EVENT_OSCORE_NOT_ENABLED
@ COAP_EVENT_OSCORE_NOT_ENABLED
Triggered when trying to use OSCORE to decrypt, but it is not enabled.
Definition coap_event.h:122
COAP_EVENT_OSCORE_NO_SECURITY
@ COAP_EVENT_OSCORE_NO_SECURITY
Triggered when there is no OSCORE security definition found.
Definition coap_event.h:126
COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD
@ COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD
Triggered when there is no OSCORE encrypted payload provided.
Definition coap_event.h:124
COAP_EVENT_OSCORE_DECRYPTION_FAILURE
@ COAP_EVENT_OSCORE_DECRYPTION_FAILURE
Triggered when there is an OSCORE decryption failure.
Definition coap_event.h:120
coap_lock_unlock
#define coap_lock_unlock()
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:460
coap_lock_check_locked
#define coap_lock_check_locked()
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:474
coap_lock_lock
#define coap_lock_lock(failed)
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:450
coap_log_debug
#define coap_log_debug(...)
Definition coap_debug.h:126
coap_get_log_level
coap_log_t coap_get_log_level(void)
Get the current logging level.
Definition coap_debug.c:103
coap_show_pdu
void coap_show_pdu(coap_log_t level, const coap_pdu_t *pdu)
Display the contents of the specified pdu.
Definition coap_debug.c:793
coap_log_oscore
#define coap_log_oscore(...)
Definition coap_debug.h:132
coap_log_warn
#define coap_log_warn(...)
Definition coap_debug.h:108
coap_log_crit
#define coap_log_crit(...)
Definition coap_debug.h:96
COAP_LOG_OSCORE
@ COAP_LOG_OSCORE
Definition coap_debug.h:65
COAP_LOG_DEBUG
@ COAP_LOG_DEBUG
Definition coap_debug.h:64
coap_option_next
coap_opt_t * coap_option_next(coap_opt_iterator_t *oi)
Updates the iterator oi to point to the next option.
Definition coap_option.c:153
coap_opt_length
uint32_t coap_opt_length(const coap_opt_t *opt)
Returns the length of the given option.
Definition coap_option.c:212
coap_option_iterator_init
coap_opt_iterator_t * coap_option_iterator_init(const coap_pdu_t *pdu, coap_opt_iterator_t *oi, const coap_opt_filter_t *filter)
Initializes the given option iterator oi to point to the beginning of the pdu's option list.
Definition coap_option.c:117
coap_delete_optlist
void coap_delete_optlist(coap_optlist_t *queue)
Removes all entries from the optlist_chain, freeing off their memory usage.
Definition coap_option.c:592
COAP_OPT_ALL
#define COAP_OPT_ALL
Pre-defined filter that includes all options.
Definition coap_option.h:112
coap_add_optlist_pdu
int coap_add_optlist_pdu(coap_pdu_t *pdu, coap_optlist_t **options)
The current optlist of optlist_chain is first sorted (as per RFC7272 ordering requirements) and then ...
Definition coap_option.c:551
coap_check_option
coap_opt_t * coap_check_option(const coap_pdu_t *pdu, coap_option_num_t number, coap_opt_iterator_t *oi)
Retrieves the first option of number number from pdu.
Definition coap_option.c:199
coap_opt_value
const uint8_t * coap_opt_value(const coap_opt_t *opt)
Returns a pointer to the value of the given option.
Definition coap_option.c:249
oscore_cbor_get_element_size
size_t oscore_cbor_get_element_size(const uint8_t **buffer, size_t *buf_size)
cose_encrypt0_set_plaintext
void cose_encrypt0_set_plaintext(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size)
cose_encrypt0_set_key
int cose_encrypt0_set_key(cose_encrypt0_t *ptr, coap_bin_const_t *key)
cose_encrypt0_set_kid_context
void cose_encrypt0_set_kid_context(cose_encrypt0_t *ptr, coap_bin_const_t *kid_context)
cose_get_alg_name
const char * cose_get_alg_name(cose_alg_t id, char *buffer, size_t buflen)
cose_encrypt0_set_ciphertext
void cose_encrypt0_set_ciphertext(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size)
cose_encrypt0_decrypt
int cose_encrypt0_decrypt(cose_encrypt0_t *ptr, uint8_t *plaintext_buffer, size_t plaintext_len)
cose_tag_len
size_t cose_tag_len(cose_alg_t cose_alg)
cose_encrypt0_set_aad
void cose_encrypt0_set_aad(cose_encrypt0_t *ptr, coap_bin_const_t *aad)
cose_encrypt0_encrypt
int cose_encrypt0_encrypt(cose_encrypt0_t *ptr, uint8_t *ciphertext_buffer, size_t ciphertext_len)
cose_encrypt0_set_partial_iv
void cose_encrypt0_set_partial_iv(cose_encrypt0_t *ptr, coap_bin_const_t *partial_iv)
cose_encrypt0_set_external_aad
void cose_encrypt0_set_external_aad(cose_encrypt0_t *ptr, coap_bin_const_t *external_aad)
cose_encrypt0_init
void cose_encrypt0_init(cose_encrypt0_t *ptr)
cose_encrypt0_set_alg
void cose_encrypt0_set_alg(cose_encrypt0_t *ptr, uint8_t alg)
cose_encrypt0_set_key_id
void cose_encrypt0_set_key_id(cose_encrypt0_t *ptr, coap_bin_const_t *key_id)
cose_encrypt0_set_nonce
void cose_encrypt0_set_nonce(cose_encrypt0_t *ptr, coap_bin_const_t *nonce)
COSE_HKDF_ALG_HKDF_SHA_256
@ COSE_HKDF_ALG_HKDF_SHA_256
Definition oscore_cose.h:171
COSE_ALGORITHM_AES_CCM_16_64_128
@ COSE_ALGORITHM_AES_CCM_16_64_128
Definition oscore_cose.h:149
COSE_ALGORITHM_AES_CCM_16_64_256
@ COSE_ALGORITHM_AES_CCM_16_64_256
Definition oscore_cose.h:150
oscore_prepare_aad
size_t oscore_prepare_aad(const uint8_t *external_aad_buffer, size_t external_aad_len, uint8_t *aad_buffer, size_t aad_size)
oscore_encode_option_value
size_t oscore_encode_option_value(uint8_t *option_buffer, size_t option_buf_len, cose_encrypt0_t *cose, uint8_t group, uint8_t appendix_b_2)
coap_delete_oscore_recipient_lkd
int coap_delete_oscore_recipient_lkd(coap_context_t *context, coap_bin_const_t *recipient_id)
Release all the information associated for the specific Recipient ID (and hence and stop any further ...
oscore_delete_association
int oscore_delete_association(coap_session_t *session, oscore_association_t *association)
coap_new_client_session_oscore3_lkd
coap_session_t * coap_new_client_session_oscore3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, protecting the data using OSCORE,...
oscore_validate_sender_seq
uint8_t oscore_validate_sender_seq(oscore_recipient_ctx_t *ctx, cose_encrypt0_t *cose)
oscore_add_recipient
oscore_recipient_ctx_t * oscore_add_recipient(oscore_ctx_t *ctx, coap_bin_const_t *rid, uint32_t break_key)
oscore_add_recipient - add in recipient information
OSCORE_SEQ_MAX
#define OSCORE_SEQ_MAX
Definition oscore_context.h:76
AES_CCM_TAG
#define AES_CCM_TAG
Definition oscore_crypto.h:65
oscore_decode_option_value
int oscore_decode_option_value(const uint8_t *option_value, size_t option_len, cose_encrypt0_t *cose)
coap_oscore_new_pdu_encrypted_lkd
coap_pdu_t * coap_oscore_new_pdu_encrypted_lkd(coap_session_t *session, coap_pdu_t *pdu, coap_bin_const_t *kid_context, oscore_partial_iv_t send_partial_iv)
Encrypts the specified pdu when OSCORE encryption is required on session.
oscore_delete_recipient
int oscore_delete_recipient(oscore_ctx_t *osc_ctx, coap_bin_const_t *rid)
oscore_increment_sender_seq
uint8_t oscore_increment_sender_seq(oscore_ctx_t *ctx)
oscore_update_ctx
void oscore_update_ctx(oscore_ctx_t *osc_ctx, coap_bin_const_t *id_context)
oscore_update_ctx - update a osc_ctx with a new id_context
coap_new_client_session_oscore_psk3_lkd
coap_session_t * coap_new_client_session_oscore_psk3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PSK credentials protecting the data using...
oscore_derive_ctx
oscore_ctx_t * oscore_derive_ctx(coap_context_t *c_context, coap_oscore_conf_t *oscore_conf)
oscore_derive_ctx - derive a osc_ctx from oscore_conf information
coap_oscore_new_pdu_encrypted
COAP_API coap_pdu_t * coap_oscore_new_pdu_encrypted(coap_session_t *session, coap_pdu_t *pdu, coap_bin_const_t *kid_context, oscore_partial_iv_t send_partial_iv)
Encrypts the specified pdu when OSCORE encryption is required on session.
oscore_roll_back_seq
void oscore_roll_back_seq(oscore_recipient_ctx_t *ctx)
oscore_new_association
int oscore_new_association(coap_session_t *session, coap_pdu_t *sent_pdu, coap_bin_const_t *token, oscore_recipient_ctx_t *recipient_ctx, coap_bin_const_t *aad, coap_bin_const_t *nonce, coap_bin_const_t *partial_iv, int is_observe)
oscore_prepare_e_aad
size_t oscore_prepare_e_aad(oscore_ctx_t *ctx, cose_encrypt0_t *cose, const uint8_t *oscore_option, size_t oscore_option_len, coap_bin_const_t *sender_public_key, uint8_t *external_aad_ptr, size_t external_aad_size)
oscore_delete_server_associations
void oscore_delete_server_associations(coap_session_t *session)
oscore_log_char_value
void oscore_log_char_value(coap_log_t level, const char *name, const char *value)
coap_oscore_decrypt_pdu
struct coap_pdu_t * coap_oscore_decrypt_pdu(coap_session_t *session, coap_pdu_t *pdu)
Decrypts the OSCORE-encrypted parts of pdu when OSCORE is used.
coap_rebuild_pdu_for_proxy
int coap_rebuild_pdu_for_proxy(coap_pdu_t *pdu)
Convert PDU to use Proxy-Scheme option if Proxy-Uri option is present.
oscore_free_contexts
void oscore_free_contexts(coap_context_t *c_context)
oscore_log_hex_value
void oscore_log_hex_value(coap_log_t level, const char *name, coap_bin_const_t *value)
coap_delete_oscore_associations
void coap_delete_oscore_associations(coap_session_t *session)
Cleanup all allocated OSCORE association information.
coap_oscore_initiate
int coap_oscore_initiate(coap_session_t *session, coap_oscore_conf_t *oscore_conf)
Initiate an OSCORE session.
coap_new_oscore_recipient_lkd
int coap_new_oscore_recipient_lkd(coap_context_t *context, coap_bin_const_t *recipient_id)
Add in the specific Recipient ID into the OSCORE context (server only).
oscore_duplicate_ctx
oscore_ctx_t * oscore_duplicate_ctx(coap_context_t *c_context, oscore_ctx_t *o_osc_ctx, coap_bin_const_t *sender_id, coap_bin_const_t *recipient_id, coap_bin_const_t *id_context)
oscore_duplicate_ctx - duplicate a osc_ctx
oscore_partial_iv_t
oscore_partial_iv_t
Definition coap_oscore_internal.h:67
coap_delete_all_oscore
void coap_delete_all_oscore(coap_context_t *context)
Cleanup all allocated OSCORE information.
oscore_generate_nonce
void oscore_generate_nonce(cose_encrypt0_t *ptr, oscore_ctx_t *ctx, uint8_t *buffer, uint8_t size)
oscore_remove_context
int oscore_remove_context(coap_context_t *c_context, oscore_ctx_t *osc_ctx)
oscore_find_association
oscore_association_t * oscore_find_association(coap_session_t *session, coap_bin_const_t *token)
coap_context_oscore_server_lkd
int coap_context_oscore_server_lkd(coap_context_t *context, coap_oscore_conf_t *oscore_conf)
Set the context's default OSCORE configuration for a server.
oscore_find_context
oscore_ctx_t * oscore_find_context(const coap_context_t *c_context, const coap_bin_const_t rcpkey_id, const coap_bin_const_t *ctxkey_id, uint8_t *oscore_r2, oscore_recipient_ctx_t **recipient_ctx)
oscore_find_context - Locate recipient context (and hence OSCORE context)
coap_new_client_session_oscore_pki3_lkd
coap_session_t * coap_new_client_session_oscore_pki3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PKI credentials protecting the data using...
coap_oscore_overhead
size_t coap_oscore_overhead(coap_session_t *session, coap_pdu_t *pdu)
Determine the additional data size requirements for adding in OSCORE.
OSCORE_MODE_SINGLE
@ OSCORE_MODE_SINGLE
Vanilla RFC8613 support.
Definition oscore_context.h:79
OSCORE_SEND_PARTIAL_IV
@ OSCORE_SEND_PARTIAL_IV
Send partial IV with encrypted PDU.
Definition coap_oscore_internal.h:69
OSCORE_SEND_NO_IV
@ OSCORE_SEND_NO_IV
Do not send partial IV unless added by a response.
Definition coap_oscore_internal.h:68
coap_new_oscore_conf
coap_oscore_conf_t * coap_new_oscore_conf(coap_str_const_t conf_mem, coap_oscore_save_seq_num_t save_seq_num_func, void *save_seq_num_func_param, uint64_t start_seq_num)
Parse an OSCORE configuration (held in memory) and populate a OSCORE configuration structure.
Definition coap_oscore.c:2346
coap_new_client_session_oscore_psk
coap_session_t * coap_new_client_session_oscore_psk(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PSK credentials as well as protecting the ...
Definition coap_oscore.c:2306
coap_new_client_session_oscore_psk3
COAP_API coap_session_t * coap_new_client_session_oscore_psk3(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PSK credentials protecting the data using...
coap_delete_oscore_conf
int coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf)
Release all the information associated with the OSCORE configuration.
Definition coap_oscore.c:2358
coap_new_client_session_oscore
coap_session_t * coap_new_client_session_oscore(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server, protecting the data using OSCORE.
Definition coap_oscore.c:2292
coap_context_oscore_server
int coap_context_oscore_server(coap_context_t *context, coap_oscore_conf_t *oscore_conf)
Set the context's default OSCORE configuration for a server.
Definition coap_oscore.c:2338
coap_new_client_session_oscore_pki
coap_session_t * coap_new_client_session_oscore_pki(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PKI credentials as well as protecting the ...
Definition coap_oscore.c:2322
coap_new_client_session_oscore3
COAP_API coap_session_t * coap_new_client_session_oscore3(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, protecting the data using OSCORE,...
coap_new_oscore_recipient
int coap_new_oscore_recipient(coap_context_t *context, coap_bin_const_t *recipient_id)
Add in the specific Recipient ID into the OSCORE context (server only).
Definition coap_oscore.c:2364
coap_oscore_save_seq_num_t
int(* coap_oscore_save_seq_num_t)(uint64_t sender_seq_num, void *param)
Definition of the function used to save the current Sender Sequence Number.
Definition coap_oscore.h:263
coap_delete_oscore_recipient
int coap_delete_oscore_recipient(coap_context_t *context, coap_bin_const_t *recipient_id)
Release all the information associated for the specific Recipient ID (and hence and stop any further ...
Definition coap_oscore.c:2372
coap_new_client_session_oscore_pki3
COAP_API coap_session_t * coap_new_client_session_oscore_pki3(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PKI credentials protecting the data using...
coap_delete_pdu_lkd
void coap_delete_pdu_lkd(coap_pdu_t *pdu)
Dispose of an CoAP PDU and free off associated storage.
Definition coap_pdu.c:194
coap_insert_option
size_t coap_insert_option(coap_pdu_t *pdu, coap_option_num_t number, size_t len, const uint8_t *data)
Inserts option of given number in the pdu with the appropriate data.
Definition coap_pdu.c:639
coap_remove_option
int coap_remove_option(coap_pdu_t *pdu, coap_option_num_t number)
Removes (first) option of given number from the pdu.
Definition coap_pdu.c:499
coap_update_token
int coap_update_token(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Updates token in pdu with length len and data.
Definition coap_pdu.c:423
COAP_PDU_IS_PING
#define COAP_PDU_IS_PING(pdu)
Definition coap_pdu_internal.h:115
coap_pdu_encode_header
size_t coap_pdu_encode_header(coap_pdu_t *pdu, coap_proto_t proto)
Compose the protocol specific header for the specified PDU.
Definition coap_pdu.c:1523
coap_pdu_duplicate_lkd
coap_pdu_t * coap_pdu_duplicate_lkd(const coap_pdu_t *old_pdu, coap_session_t *session, size_t token_length, const uint8_t *token, coap_opt_filter_t *drop_options)
Duplicate an existing PDU.
Definition coap_pdu.c:234
COAP_PAYLOAD_START
#define COAP_PAYLOAD_START
Definition coap_pdu_internal.h:108
coap_pdu_resize
int coap_pdu_resize(coap_pdu_t *pdu, size_t new_size)
Dynamically grows the size of pdu to new_size.
Definition coap_pdu.c:307
COAP_PDU_IS_REQUEST
#define COAP_PDU_IS_REQUEST(pdu)
Definition coap_pdu_internal.h:111
coap_add_option_internal
size_t coap_add_option_internal(coap_pdu_t *pdu, coap_option_num_t number, size_t len, const uint8_t *data)
Adds option of given number to pdu that is passed as first parameter.
Definition coap_pdu.c:789
COAP_OPTION_HOP_LIMIT
#define COAP_OPTION_HOP_LIMIT
Definition coap_pdu.h:137
COAP_OPTION_NORESPONSE
#define COAP_OPTION_NORESPONSE
Definition coap_pdu.h:150
COAP_OPTION_URI_HOST
#define COAP_OPTION_URI_HOST
Definition coap_pdu.h:124
COAP_OPTION_IF_MATCH
#define COAP_OPTION_IF_MATCH
Definition coap_pdu.h:123
COAP_OPTION_BLOCK2
#define COAP_OPTION_BLOCK2
Definition coap_pdu.h:142
COAP_OPTION_CONTENT_FORMAT
#define COAP_OPTION_CONTENT_FORMAT
Definition coap_pdu.h:132
COAP_OPTION_SIZE2
#define COAP_OPTION_SIZE2
Definition coap_pdu.h:144
COAP_OPTION_BLOCK1
#define COAP_OPTION_BLOCK1
Definition coap_pdu.h:143
COAP_OPTION_PROXY_SCHEME
#define COAP_OPTION_PROXY_SCHEME
Definition coap_pdu.h:147
COAP_DEFAULT_PORT
#define COAP_DEFAULT_PORT
Definition coap_pdu.h:41
COAP_OPTION_URI_QUERY
#define COAP_OPTION_URI_QUERY
Definition coap_pdu.h:136
COAP_OPTION_IF_NONE_MATCH
#define COAP_OPTION_IF_NONE_MATCH
Definition coap_pdu.h:126
COAP_OPTION_LOCATION_PATH
#define COAP_OPTION_LOCATION_PATH
Definition coap_pdu.h:129
COAP_OPTION_URI_PATH
#define COAP_OPTION_URI_PATH
Definition coap_pdu.h:131
COAP_RESPONSE_CODE
#define COAP_RESPONSE_CODE(N)
Definition coap_pdu.h:165
COAP_RESPONSE_CLASS
#define COAP_RESPONSE_CLASS(C)
Definition coap_pdu.h:168
coap_proto_t
coap_proto_t
CoAP protocol types Note: coap_layers_coap[] needs updating if extended.
Definition coap_pdu.h:318
coap_pdu_code_t
coap_pdu_code_t
Set of codes available for a PDU.
Definition coap_pdu.h:332
COAP_OPTION_OSCORE
#define COAP_OPTION_OSCORE
Definition coap_pdu.h:130
COAP_OPTION_SIZE1
#define COAP_OPTION_SIZE1
Definition coap_pdu.h:148
coap_add_token
int coap_add_token(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Adds token of length len to pdu.
Definition coap_pdu.c:366
COAP_OPTION_LOCATION_QUERY
#define COAP_OPTION_LOCATION_QUERY
Definition coap_pdu.h:140
COAPS_DEFAULT_PORT
#define COAPS_DEFAULT_PORT
Definition coap_pdu.h:42
coap_get_data
int coap_get_data(const coap_pdu_t *pdu, size_t *len, const uint8_t **data)
Retrieves the length and data pointer of specified PDU.
Definition coap_pdu.c:885
COAP_OPTION_RTAG
#define COAP_OPTION_RTAG
Definition coap_pdu.h:151
COAP_OPTION_URI_PORT
#define COAP_OPTION_URI_PORT
Definition coap_pdu.h:128
coap_pdu_init
coap_pdu_t * coap_pdu_init(coap_pdu_type_t type, coap_pdu_code_t code, coap_mid_t mid, size_t size)
Creates a new CoAP PDU with at least enough storage space for the given size maximum message size.
Definition coap_pdu.c:102
COAP_OPTION_ACCEPT
#define COAP_OPTION_ACCEPT
Definition coap_pdu.h:138
COAP_INVALID_MID
#define COAP_INVALID_MID
Indicates an invalid message id.
Definition coap_pdu.h:271
COAP_OPTION_MAXAGE
#define COAP_OPTION_MAXAGE
Definition coap_pdu.h:135
COAP_OPTION_ETAG
#define COAP_OPTION_ETAG
Definition coap_pdu.h:125
COAP_OPTION_PROXY_URI
#define COAP_OPTION_PROXY_URI
Definition coap_pdu.h:146
COAP_OPTION_OBSERVE
#define COAP_OPTION_OBSERVE
Definition coap_pdu.h:127
COAP_OPTION_ECHO
#define COAP_OPTION_ECHO
Definition coap_pdu.h:149
coap_add_data
int coap_add_data(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Adds given data to the pdu that is passed as first parameter.
Definition coap_pdu.c:854
coap_pdu_get_token
coap_bin_const_t coap_pdu_get_token(const coap_pdu_t *pdu)
Gets the token associated with pdu.
Definition coap_pdu.c:1643
COAP_REQUEST_CODE_POST
@ COAP_REQUEST_CODE_POST
Definition coap_pdu.h:336
COAP_REQUEST_CODE_FETCH
@ COAP_REQUEST_CODE_FETCH
Definition coap_pdu.h:339
COAP_MESSAGE_NON
@ COAP_MESSAGE_NON
Definition coap_pdu.h:74
COAP_MESSAGE_ACK
@ COAP_MESSAGE_ACK
Definition coap_pdu.h:75
COAP_MESSAGE_CON
@ COAP_MESSAGE_CON
Definition coap_pdu.h:73
coap_new_client_session_pki3_lkd
coap_session_t * coap_new_client_session_pki3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *setup_data, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PKI credentials along with app_data infor...
coap_new_client_session_psk3_lkd
coap_session_t * coap_new_client_session_psk3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *setup_data, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PSK credentials along with app_data infor...
coap_session_release_lkd
void coap_session_release_lkd(coap_session_t *session)
Decrement reference counter on a session.
Definition coap_session.c:378
coap_new_client_session3_lkd
coap_session_t * coap_new_client_session3_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, void *app_data, coap_app_data_free_callback_t callback, coap_str_const_t *ws_host)
Creates a new client session to the designated server, with PSK credentials along with app_data infor...
COAP_OSCORE_B_2_NONE
@ COAP_OSCORE_B_2_NONE
Definition coap_session_internal.h:51
COAP_OSCORE_B_2_STEP_3
@ COAP_OSCORE_B_2_STEP_3
Definition coap_session_internal.h:54
COAP_OSCORE_B_2_STEP_1
@ COAP_OSCORE_B_2_STEP_1
Definition coap_session_internal.h:52
COAP_OSCORE_B_2_STEP_4
@ COAP_OSCORE_B_2_STEP_4
Definition coap_session_internal.h:55
COAP_OSCORE_B_2_STEP_5
@ COAP_OSCORE_B_2_STEP_5
Definition coap_session_internal.h:56
COAP_OSCORE_B_2_STEP_2
@ COAP_OSCORE_B_2_STEP_2
Definition coap_session_internal.h:53
COAP_PROTO_NOT_RELIABLE
#define COAP_PROTO_NOT_RELIABLE(p)
Definition coap_session.h:41
coap_app_data_free_callback_t
void(* coap_app_data_free_callback_t)(void *data)
Callback to free off the app data when the entry is being deleted / freed off.
Definition coap_session.h:124
coap_delete_bin_const
void coap_delete_bin_const(coap_bin_const_t *s)
Deletes the given const binary data and releases any memory allocated.
Definition coap_str.c:120
coap_new_binary
coap_binary_t * coap_new_binary(size_t size)
Returns a new binary object with at least size bytes storage allocated.
Definition coap_str.c:77
coap_make_str_const
coap_str_const_t * coap_make_str_const(const char *string)
Take the specified byte array (text) and create a coap_str_const_t *.
Definition coap_str.c:66
coap_new_bin_const
coap_bin_const_t * coap_new_bin_const(const uint8_t *data, size_t size)
Take the specified byte array (text) and create a coap_bin_const_t * Returns a new const binary objec...
Definition coap_str.c:110
coap_delete_binary
void coap_delete_binary(coap_binary_t *s)
Deletes the given coap_binary_t object and releases any memory allocated.
Definition coap_str.c:105
coap_binary_equal
#define coap_binary_equal(binary1, binary2)
Compares the two binary data for equality.
Definition coap_str.h:214
coap_string_equal
#define coap_string_equal(string1, string2)
Compares the two strings for equality.
Definition coap_str.h:200
coap_oscore_is_supported
int coap_oscore_is_supported(void)
Check whether OSCORE is available.
Definition coap_oscore.c:2287
coap_query_into_optlist
int coap_query_into_optlist(const uint8_t *s, size_t length, coap_option_num_t optnum, coap_optlist_t **optlist_chain)
Splits the given URI query into '&' separate segments, and then adds the Uri-Query / Location-Query o...
Definition coap_uri.c:851
coap_path_into_optlist
int coap_path_into_optlist(const uint8_t *s, size_t length, coap_option_num_t optnum, coap_optlist_t **optlist_chain)
Splits the given URI path into '/' separate segments, and then adds the Uri-Path / Location-Path opti...
Definition coap_uri.c:755
coap_split_proxy_uri
int coap_split_proxy_uri(const uint8_t *str_var, size_t len, coap_uri_t *uri)
Parses a given string into URI components.
Definition coap_uri.c:299
coap_uri_scheme
coap_uri_info_t coap_uri_scheme[COAP_URI_SCHEME_LAST]
Definition coap_uri.c:56
coap_address_t
Multi-purpose address abstraction.
Definition coap_address.h:174
coap_bin_const_t
CoAP binary data definition with const data.
Definition coap_str.h:67
coap_bin_const_t::length
size_t length
length of binary data
Definition coap_str.h:68
coap_bin_const_t::s
const uint8_t * s
read-only binary data
Definition coap_str.h:69
coap_binary_t
CoAP binary data definition.
Definition coap_str.h:59
coap_binary_t::length
size_t length
length of binary data
Definition coap_str.h:60
coap_binary_t::s
uint8_t * s
binary data
Definition coap_str.h:61
coap_context_t
The CoAP stack's global state is stored in a coap_context_t object.
Definition coap_net_internal.h:55
coap_dtls_cpsk_t
The structure used for defining the Client PSK setup data to be used.
Definition coap_dtls.h:414
coap_dtls_pki_t
The structure used for defining the PKI setup data to be used.
Definition coap_dtls.h:316
coap_lg_crcv_t
Structure to hold large body (many blocks) client receive information.
Definition coap_block_internal.h:191
coap_lg_crcv_t::app_token
coap_binary_t * app_token
app requesting PDU token
Definition coap_block_internal.h:207
coap_lg_crcv_t::sent_pdu
coap_pdu_t * sent_pdu
The sent pdu with all the data.
Definition coap_block_internal.h:214
coap_opt_iterator_t
Iterator to run through PDU options.
Definition coap_option.h:172
coap_opt_iterator_t::next_option
coap_opt_t * next_option
pointer to the unparsed next option
Definition coap_option.h:177
coap_opt_iterator_t::length
size_t length
remaining length of PDU
Definition coap_option.h:173
coap_opt_iterator_t::number
coap_option_num_t number
decoded option number
Definition coap_option.h:174
coap_optlist_t
Representation of chained list of CoAP options to install.
Definition coap_option.h:329
coap_oscore_conf_t
The structure used to hold the OSCORE configuration information.
Definition coap_oscore_internal.h:40
coap_oscore_conf_t::save_seq_num_func_param
void * save_seq_num_func_param
Passed to save_seq_num_func()
Definition coap_oscore_internal.h:63
coap_oscore_conf_t::rfc8613_b_2
uint32_t rfc8613_b_2
1 if rfc8613 B.2 protocol else 0
Definition coap_oscore_internal.h:54
coap_oscore_conf_t::hkdf_alg
cose_hkdf_alg_t hkdf_alg
Set to one of COSE_HKDF_ALG_*.
Definition coap_oscore_internal.h:52
coap_oscore_conf_t::break_sender_key
uint32_t break_sender_key
1 if sender key to be broken, else 0
Definition coap_oscore_internal.h:57
coap_oscore_conf_t::ssn_freq
uint32_t ssn_freq
Sender Seq Num update frequency.
Definition coap_oscore_internal.h:50
coap_oscore_conf_t::save_seq_num_func
coap_oscore_save_seq_num_t save_seq_num_func
Called every seq num change.
Definition coap_oscore_internal.h:61
coap_oscore_conf_t::rfc8613_b_1_2
uint32_t rfc8613_b_1_2
1 if rfc8613 B.1.2 enabled else 0
Definition coap_oscore_internal.h:53
coap_oscore_conf_t::start_seq_num
uint64_t start_seq_num
Used for ssn_freq updating.
Definition coap_oscore_internal.h:64
coap_oscore_conf_t::sender_id
coap_bin_const_t * sender_id
Sender ID (i.e.
Definition coap_oscore_internal.h:43
coap_oscore_conf_t::recipient_id
coap_bin_const_t ** recipient_id
Recipient ID (i.e.
Definition coap_oscore_internal.h:45
coap_oscore_conf_t::break_recipient_key
uint32_t break_recipient_key
1 if recipient key to be broken, else 0
Definition coap_oscore_internal.h:58
coap_oscore_conf_t::master_secret
coap_bin_const_t * master_secret
Common Master Secret.
Definition coap_oscore_internal.h:41
coap_oscore_conf_t::aead_alg
cose_alg_t aead_alg
Set to one of COSE_ALGORITHM_AES*.
Definition coap_oscore_internal.h:51
coap_oscore_conf_t::master_salt
coap_bin_const_t * master_salt
Common Master Salt.
Definition coap_oscore_internal.h:42
coap_oscore_conf_t::replay_window
uint32_t replay_window
Replay window size Use COAP_OSCORE_DEFAULT_REPLAY_WINDOW.
Definition coap_oscore_internal.h:48
coap_oscore_conf_t::id_context
coap_bin_const_t * id_context
Common ID context.
Definition coap_oscore_internal.h:44
coap_oscore_conf_t::recipient_id_count
uint32_t recipient_id_count
Number of recipient_id entries.
Definition coap_oscore_internal.h:47
coap_pdu_t
structure for CoAP PDUs
Definition coap_pdu_internal.h:144
coap_pdu_t::max_hdr_size
uint8_t max_hdr_size
space reserved for protocol-specific header
Definition coap_pdu_internal.h:151
coap_pdu_t::token
uint8_t * token
first byte of token (or extended length bytes prefix), if any, or options
Definition coap_pdu_internal.h:166
coap_pdu_t::code
coap_pdu_code_t code
request method (value 1–31) or response code (value 64-255)
Definition coap_pdu_internal.h:147
coap_pdu_t::actual_token
coap_bin_const_t actual_token
Actual token in pdu.
Definition coap_pdu_internal.h:159
coap_pdu_t::data
uint8_t * data
first byte of payload, if any
Definition coap_pdu_internal.h:168
coap_pdu_t::mid
coap_mid_t mid
message id, if any, in regular host byte order
Definition coap_pdu_internal.h:149
coap_pdu_t::e_token_length
uint32_t e_token_length
length of Token space (includes leading extended bytes
Definition coap_pdu_internal.h:156
coap_pdu_t::used_size
size_t used_size
used bytes of storage for token, options and payload
Definition coap_pdu_internal.h:162
coap_pdu_t::type
coap_pdu_type_t type
message type
Definition coap_pdu_internal.h:146
coap_session_t
Abstraction of virtual session that can be attached to coap_context_t (client) or coap_endpoint_t (se...
Definition coap_session_internal.h:72
coap_session_t::block_mode
uint32_t block_mode
Zero or more COAP_BLOCK_ or'd options.
Definition coap_session_internal.h:191
coap_session_t::proto
coap_proto_t proto
protocol used
Definition coap_session_internal.h:73
coap_session_t::con_active
uint8_t con_active
Active CON request sent.
Definition coap_session_internal.h:101
coap_session_t::context
coap_context_t * context
session's context
Definition coap_session_internal.h:97
coap_str_const_t
CoAP string data definition with const data.
Definition coap_str.h:49
coap_str_const_t::s
const uint8_t * s
read-only string data
Definition coap_str.h:51
coap_str_const_t::length
size_t length
length of string
Definition coap_str.h:50
coap_uri_info_t::name
const char * name
scheme name
Definition coap_uri_internal.h:34
coap_uri_t
Representation of parsed URI.
Definition coap_uri.h:72
coap_uri_t::scheme
enum coap_uri_scheme_t scheme
The parsed scheme specifier.
Definition coap_uri.h:84
coap_uri_t::path
coap_str_const_t path
The complete path if present or {0, NULL}.
Definition coap_uri.h:75
coap_uri_t::port
uint16_t port
The port in host byte order.
Definition coap_uri.h:74
coap_uri_t::query
coap_str_const_t query
The complete query if present or {0, NULL}.
Definition coap_uri.h:79
coap_uri_t::host
coap_str_const_t host
The host part of the URI.
Definition coap_uri.h:73
cose_encrypt0_t
Definition oscore_cose.h:201
cose_encrypt0_t::aad
coap_bin_const_t aad
Definition oscore_cose.h:212
cose_encrypt0_t::key
coap_bin_const_t key
Definition oscore_cose.h:203
cose_encrypt0_t::partial_iv
coap_bin_const_t partial_iv
Definition oscore_cose.h:206
cose_encrypt0_t::kid_context
coap_bin_const_t kid_context
Definition oscore_cose.h:208
cose_encrypt0_t::nonce
coap_bin_const_t nonce
Definition oscore_cose.h:210
cose_encrypt0_t::external_aad
coap_bin_const_t external_aad
Definition oscore_cose.h:211
cose_encrypt0_t::key_id
coap_bin_const_t key_id
Definition oscore_cose.h:207
cose_encrypt0_t::oscore_option
coap_bin_const_t oscore_option
Definition oscore_cose.h:209
cose_encrypt0_t::alg
cose_alg_t alg
Definition oscore_cose.h:202
oscore_association_t
Definition oscore_context.h:146
oscore_association_t::obs_partial_iv
coap_bin_const_t * obs_partial_iv
Definition oscore_context.h:154
oscore_association_t::partial_iv
coap_bin_const_t * partial_iv
Definition oscore_context.h:153
oscore_association_t::sent_pdu
coap_pdu_t * sent_pdu
Definition oscore_context.h:149
oscore_association_t::aad
coap_bin_const_t * aad
Definition oscore_context.h:151
oscore_association_t::nonce
coap_bin_const_t * nonce
Definition oscore_context.h:152
oscore_association_t::recipient_ctx
oscore_recipient_ctx_t * recipient_ctx
Definition oscore_context.h:148
oscore_association_t::is_observe
uint8_t is_observe
Definition oscore_context.h:156
oscore_association_t::just_set_up
uint8_t just_set_up
Definition oscore_context.h:157
oscore_ctx_t
Definition oscore_context.h:88
oscore_ctx_t::mode
oscore_mode_t mode
Definition oscore_context.h:99
oscore_ctx_t::rfc8613_b_1_2
uint8_t rfc8613_b_1_2
1 if rfc8613 B.1.2 enabled else 0
Definition oscore_context.h:100
oscore_ctx_t::save_seq_num_func_param
void * save_seq_num_func_param
Passed to save_seq_num_func()
Definition oscore_context.h:106
oscore_ctx_t::sender_context
oscore_sender_ctx_t * sender_context
Definition oscore_context.h:95
oscore_ctx_t::aead_alg
cose_alg_t aead_alg
Definition oscore_context.h:97
oscore_ctx_t::rfc8613_b_2
uint8_t rfc8613_b_2
1 if rfc8613 B.2 protocol else 0
Definition oscore_context.h:101
oscore_ctx_t::save_seq_num_func
coap_oscore_save_seq_num_t save_seq_num_func
Called every seq num change.
Definition oscore_context.h:104
oscore_ctx_t::recipient_chain
oscore_recipient_ctx_t * recipient_chain
Definition oscore_context.h:96
oscore_ctx_t::id_context
coap_bin_const_t * id_context
contains GID in case of group
Definition oscore_context.h:94
oscore_ctx_t::ssn_freq
uint32_t ssn_freq
Sender Seq Num update frequency.
Definition oscore_context.h:102
oscore_recipient_ctx_t
Definition oscore_context.h:116
oscore_recipient_ctx_t::echo_value
uint8_t echo_value[8]
Definition oscore_context.h:127
oscore_recipient_ctx_t::last_seq
uint64_t last_seq
Definition oscore_context.h:120
oscore_recipient_ctx_t::recipient_key
coap_bin_const_t * recipient_key
Definition oscore_context.h:125
oscore_recipient_ctx_t::recipient_id
coap_bin_const_t * recipient_id
Definition oscore_context.h:126
oscore_recipient_ctx_t::initial_state
uint8_t initial_state
Definition oscore_context.h:128
oscore_recipient_ctx_t::osc_ctx
oscore_ctx_t * osc_ctx
Definition oscore_context.h:119
oscore_sender_ctx_t
Definition oscore_context.h:109
oscore_sender_ctx_t::sender_id
coap_bin_const_t * sender_id
Definition oscore_context.h:113
oscore_sender_ctx_t::seq
uint64_t seq
Definition oscore_context.h:110
oscore_sender_ctx_t::sender_key
coap_bin_const_t * sender_key
Definition oscore_context.h:112
oscore_sender_ctx_t::next_seq
uint64_t next_seq
Used for ssn_freq updating.
Definition oscore_context.h:111