libcoap 4.3.5b
Loading...
Searching...
No Matches
coap_oscore.c
Go to the documentation of this file.
1/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
3/*
4 * coap_oscore.c -- Object Security for Constrained RESTful Environments
5 * (OSCORE) support for libcoap
6 *
7 * Copyright (C) 2019-2021 Olaf Bergmann <bergmann@tzi.org>
8 * Copyright (C) 2021-2025 Jon Shallow <supjps-libcoap@jpshallow.com>
9 *
10 * SPDX-License-Identifier: BSD-2-Clause
11 *
12 * This file is part of the CoAP library libcoap. Please see README for terms
13 * of use.
14 */
15
20
21#include "coap3/coap_libcoap_build.h"
22
23#if COAP_OSCORE_SUPPORT
24#include <ctype.h>
25
26#define AAD_BUF_LEN 200 /* length of aad_buffer */
27
28static oscore_ctx_t *coap_oscore_init(coap_context_t *c_context,
29 coap_oscore_conf_t *oscore_conf);
30
31#if COAP_CLIENT_SUPPORT
32
33int
34coap_oscore_initiate(coap_session_t *session, coap_oscore_conf_t *oscore_conf) {
35 if (oscore_conf) {
36 oscore_ctx_t *osc_ctx;
37
38 if (oscore_conf->recipient_id_count == 0) {
39 coap_log_warn("OSCORE: Recipient ID must be defined for a client\n");
40 return 0;
41 }
42 if (oscore_conf->rfc8613_b_2) {
43 /* Need to replace id_context with random value */
44 coap_binary_t *id_context = coap_new_binary(8);
45
46 if (id_context == NULL)
47 return 0;
48 coap_delete_bin_const(oscore_conf->id_context);
49 coap_prng_lkd(id_context->s, id_context->length);
50 oscore_conf->id_context = (coap_bin_const_t *)id_context;
51 session->b_2_step = COAP_OSCORE_B_2_STEP_1;
52 coap_log_oscore("Appendix B.2 client step 1 (Generated ID1)\n");
53 }
54
55 osc_ctx = coap_oscore_init(session->context, oscore_conf);
56 if (osc_ctx == NULL) {
57 return 0;
58 }
59 session->recipient_ctx = osc_ctx->recipient_chain;
60 session->oscore_encryption = 1;
61 }
62 return 1;
63}
64
65COAP_API coap_session_t *
66coap_new_client_session_oscore(coap_context_t *ctx,
67 const coap_address_t *local_if,
68 const coap_address_t *server,
69 coap_proto_t proto,
70 coap_oscore_conf_t *oscore_conf) {
71 coap_session_t *session;
72
73 coap_lock_lock(ctx, return NULL);
74 session = coap_new_client_session_oscore_lkd(ctx, local_if, server, proto, oscore_conf);
75 coap_lock_unlock(ctx);
76 return session;
77}
78
79coap_session_t *
80coap_new_client_session_oscore_lkd(coap_context_t *ctx,
81 const coap_address_t *local_if,
82 const coap_address_t *server,
83 coap_proto_t proto,
84 coap_oscore_conf_t *oscore_conf) {
85 coap_session_t *session =
86 coap_new_client_session_lkd(ctx, local_if, server, proto);
87
88 if (!session)
89 return NULL;
90
91 if (coap_oscore_initiate(session, oscore_conf) == 0) {
92 coap_session_release_lkd(session);
93 return NULL;
94 }
95 return session;
96}
97
98COAP_API coap_session_t *
99coap_new_client_session_oscore_psk(coap_context_t *ctx,
100 const coap_address_t *local_if,
101 const coap_address_t *server,
102 coap_proto_t proto,
103 coap_dtls_cpsk_t *psk_data,
104 coap_oscore_conf_t *oscore_conf) {
105 coap_session_t *session;
106
107 coap_lock_lock(ctx, return NULL);
108 session = coap_new_client_session_oscore_psk_lkd(ctx, local_if, server, proto, psk_data,
109 oscore_conf);
110 coap_lock_unlock(ctx);
111 return session;
112}
113
114coap_session_t *
115coap_new_client_session_oscore_psk_lkd(coap_context_t *ctx,
116 const coap_address_t *local_if,
117 const coap_address_t *server,
118 coap_proto_t proto,
119 coap_dtls_cpsk_t *psk_data,
120 coap_oscore_conf_t *oscore_conf) {
121 coap_session_t *session;
122
123 coap_lock_check_locked(ctx);
124 session = coap_new_client_session_psk2_lkd(ctx, local_if, server, proto, psk_data);
125
126 if (!session)
127 return NULL;
128
129 if (coap_oscore_initiate(session, oscore_conf) == 0) {
130 coap_session_release_lkd(session);
131 return NULL;
132 }
133 return session;
134}
135
136COAP_API coap_session_t *
137coap_new_client_session_oscore_pki(coap_context_t *ctx,
138 const coap_address_t *local_if,
139 const coap_address_t *server,
140 coap_proto_t proto,
141 coap_dtls_pki_t *pki_data,
142 coap_oscore_conf_t *oscore_conf) {
143 coap_session_t *session;
144
145 coap_lock_lock(ctx, return NULL);
146 session = coap_new_client_session_oscore_pki_lkd(ctx, local_if, server, proto, pki_data,
147 oscore_conf);
148 coap_lock_unlock(ctx);
149 return session;
150}
151
152coap_session_t *
153coap_new_client_session_oscore_pki_lkd(coap_context_t *ctx,
154 const coap_address_t *local_if,
155 const coap_address_t *server,
156 coap_proto_t proto,
157 coap_dtls_pki_t *pki_data,
158 coap_oscore_conf_t *oscore_conf) {
159 coap_session_t *session;
160
161 coap_lock_check_locked(ctx);
162 session = coap_new_client_session_pki_lkd(ctx, local_if, server, proto, pki_data);
163
164 if (!session)
165 return NULL;
166
167 if (coap_oscore_initiate(session, oscore_conf) == 0) {
168 coap_session_release_lkd(session);
169 return NULL;
170 }
171 return session;
172}
173#endif /* COAP_CLIENT_SUPPORT */
174#if COAP_SERVER_SUPPORT
175
176COAP_API int
177coap_context_oscore_server(coap_context_t *context,
178 coap_oscore_conf_t *oscore_conf) {
179 int ret;
180
181 coap_lock_lock(context, return 0);
182 ret = coap_context_oscore_server_lkd(context, oscore_conf);
183 coap_lock_unlock(context);
184 return ret;
185}
186
187int
188coap_context_oscore_server_lkd(coap_context_t *context,
189 coap_oscore_conf_t *oscore_conf) {
190 oscore_ctx_t *osc_ctx;
191
192 coap_lock_check_locked(context);
193 osc_ctx = coap_oscore_init(context, oscore_conf);
194 /* osc_ctx already added to context->osc_ctx */
195 if (osc_ctx)
196 return 1;
197 return 0;
198}
199
200#endif /* COAP_SERVER_SUPPORT */
201
202int
203coap_rebuild_pdu_for_proxy(coap_pdu_t *pdu) {
204 coap_uri_t uri;
205 coap_opt_iterator_t opt_iter;
206 coap_opt_t *option;
207 uint8_t option_value_buffer[15];
208 coap_optlist_t *optlist_chain = NULL;
209
210 if ((option =
211 coap_check_option(pdu, COAP_OPTION_PROXY_URI, &opt_iter)) == NULL)
212 return 1;
213
214 /* Need to break down into the component parts, but keep data safe */
215 memset(&uri, 0, sizeof(uri));
216
217 if (coap_split_proxy_uri(coap_opt_value(option),
218 coap_opt_length(option),
219 &uri) < 0 || uri.scheme >= COAP_URI_SCHEME_LAST) {
220 coap_log_warn("Proxy URI '%.*s' not decodable\n",
221 coap_opt_length(option),
222 (const char *)coap_opt_value(option));
223 goto error;
224 }
225 if (!coap_remove_option(pdu, COAP_OPTION_PROXY_URI))
226 goto error;
227
228 if (!coap_insert_option(pdu,
229 COAP_OPTION_URI_HOST,
230 uri.host.length,
231 uri.host.s))
232 goto error;
233 if (uri.port != (coap_uri_scheme_is_secure(&uri) ? COAPS_DEFAULT_PORT : COAP_DEFAULT_PORT) &&
234 !coap_insert_option(pdu,
235 COAP_OPTION_URI_PORT,
236 coap_encode_var_safe(option_value_buffer,
237 sizeof(option_value_buffer),
238 uri.port & 0xffff),
239 option_value_buffer))
240 goto error;
241 if (uri.path.length) {
242 /* Add in the Uri-Path options */
243 if (!coap_path_into_optlist(uri.path.s, uri.path.length, COAP_OPTION_URI_PATH,
244 &optlist_chain))
245 goto error;
246 }
247 if (uri.query.length) {
248 /* Add in the Uri-Query options */
249 if (!coap_query_into_optlist(uri.query.s, uri.query.length, COAP_OPTION_URI_QUERY,
250 &optlist_chain))
251 goto error;
252 }
253 if (!coap_add_optlist_pdu(pdu, &optlist_chain))
254 goto error;
255
256 if (!coap_insert_option(pdu,
257 COAP_OPTION_PROXY_SCHEME,
258 strlen(coap_uri_scheme[uri.scheme].name),
259 (const uint8_t *)coap_uri_scheme[uri.scheme].name))
260 goto error;
261
262 coap_delete_optlist(optlist_chain);
263 return 1;
264
265error:
266 coap_delete_optlist(optlist_chain);
267 return 0;
268}
269
270static void
271dump_cose(cose_encrypt0_t *cose, const char *message) {
272#if COAP_MAX_LOGGING_LEVEL < _COAP_LOG_OSCORE
273 (void)cose;
274 (void)message;
275#else /* COAP_MAX_LOGGING_LEVEL >= _COAP_LOG_OSCORE */
276 if (coap_get_log_level() >= COAP_LOG_OSCORE) {
277 char buffer[30];
278
279 coap_log_oscore("%s Cose information\n", message);
280 oscore_log_char_value(COAP_LOG_OSCORE, "alg",
281 cose_get_alg_name(cose->alg, buffer, sizeof(buffer)));
282 oscore_log_hex_value(COAP_LOG_OSCORE, "key", &cose->key);
283 oscore_log_hex_value(COAP_LOG_OSCORE, "partial_iv", &cose->partial_iv);
284 oscore_log_hex_value(COAP_LOG_OSCORE, "key_id", &cose->key_id);
285 oscore_log_hex_value(COAP_LOG_OSCORE, "kid_context", &cose->kid_context);
286 oscore_log_hex_value(COAP_LOG_OSCORE,
287 "oscore_option",
288 &cose->oscore_option);
289 oscore_log_hex_value(COAP_LOG_OSCORE, "nonce", &cose->nonce);
290 oscore_log_hex_value(COAP_LOG_OSCORE, "external_aad", &cose->external_aad);
291 oscore_log_hex_value(COAP_LOG_OSCORE, "aad", &cose->aad);
292 }
293#endif /* COAP_MAX_LOGGING_LEVEL >= _COAP_LOG_OSCORE */
294}
295
296COAP_API coap_pdu_t *
297coap_oscore_new_pdu_encrypted(coap_session_t *session,
298 coap_pdu_t *pdu,
299 coap_bin_const_t *kid_context,
300 oscore_partial_iv_t send_partial_iv) {
301 coap_pdu_t *ret_pdu;
302
303 coap_lock_lock(session->context, return NULL);
304 ret_pdu = coap_oscore_new_pdu_encrypted_lkd(session, pdu, kid_context, send_partial_iv);
305 coap_lock_unlock(session->context);
306
307 return ret_pdu;
308}
309
310/*
311 * Take current PDU, create a new one approriately separated as per RFC8613
312 * and then encrypt / integrity check the OSCORE data
313 */
314coap_pdu_t *
315coap_oscore_new_pdu_encrypted_lkd(coap_session_t *session,
316 coap_pdu_t *pdu,
317 coap_bin_const_t *kid_context,
318 oscore_partial_iv_t send_partial_iv) {
319 uint8_t coap_request = COAP_PDU_IS_REQUEST(pdu) || COAP_PDU_IS_PING(pdu);
320 coap_pdu_code_t code =
321 coap_request ? COAP_REQUEST_CODE_POST : COAP_RESPONSE_CODE(204);
322 coap_pdu_t *osc_pdu;
323 coap_pdu_t *plain_pdu = NULL;
324 coap_bin_const_t pdu_token;
325 coap_opt_iterator_t opt_iter;
326 coap_opt_t *option;
327 uint8_t pdu_code = pdu->code;
328 size_t length;
329 const uint8_t *data;
330 uint8_t *ciphertext_buffer = NULL;
331 size_t ciphertext_len = 0;
332 uint8_t aad_buffer[AAD_BUF_LEN];
333 uint8_t nonce_buffer[13];
334 coap_bin_const_t aad;
335 coap_bin_const_t nonce;
336 oscore_recipient_ctx_t *rcp_ctx;
337 oscore_ctx_t *osc_ctx;
338 cose_encrypt0_t cose[1];
339 uint8_t group_flag = 0;
340 int show_pdu = 0;
341 int doing_observe = 0;
342 uint32_t observe_value = 0;
343 oscore_association_t *association = NULL;
344 oscore_sender_ctx_t *snd_ctx;
345 uint8_t external_aad_buffer[200];
346 coap_bin_const_t external_aad;
347 uint8_t oscore_option[48];
348 size_t oscore_option_len;
349
350 /* Check that OSCORE has not already been done */
351 if (coap_check_option(pdu, COAP_OPTION_OSCORE, &opt_iter))
352 return NULL;
353
354 if (coap_check_option(pdu, COAP_OPTION_OBSERVE, &opt_iter))
355 doing_observe = 1;
356
357 coap_log_debug("PDU to encrypt\n");
358 coap_show_pdu(COAP_LOG_DEBUG, pdu);
359 osc_pdu = coap_pdu_init(pdu->type == COAP_MESSAGE_NON &&
360 session->b_2_step != COAP_OSCORE_B_2_NONE ?
361 COAP_MESSAGE_CON : pdu->type,
362 code,
363 pdu->mid,
364 pdu->used_size + coap_oscore_overhead(session, pdu));
365 if (osc_pdu == NULL)
366 return NULL;
367
368 cose_encrypt0_init(cose); /* clears cose memory */
369 pdu_token = coap_pdu_get_token(pdu);
370 if (coap_request) {
371 /*
372 * RFC8613 8.1 Step 1. Protecting the client's request
373 * Get the Sender Context
374 */
375 rcp_ctx = session->recipient_ctx;
376 if (rcp_ctx == NULL)
377 goto error;
378 osc_ctx = rcp_ctx->osc_ctx;
379 assert(osc_ctx);
380 snd_ctx = osc_ctx->sender_context;
381 } else {
382 /*
383 * RFC8613 8.3 Step 1. Protecting the server's response
384 * Get the Sender Context
385 */
386 association = oscore_find_association(session, &pdu_token);
387 if (association == NULL)
388 goto error;
389
390 rcp_ctx = association->recipient_ctx;
391 osc_ctx = rcp_ctx->osc_ctx;
392 snd_ctx = osc_ctx->sender_context;
393 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
394 cose_encrypt0_set_aad(cose, association->aad);
395 }
396
397 cose_encrypt0_set_alg(cose, osc_ctx->aead_alg);
398
399 if (coap_request || doing_observe ||
400 send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
401 uint8_t partial_iv_buffer[8];
402 size_t partial_iv_len;
403 coap_bin_const_t partial_iv;
404 partial_iv_len = coap_encode_var_safe8(partial_iv_buffer,
405 sizeof(partial_iv_buffer),
406 snd_ctx->seq);
407 if (snd_ctx->seq == 0) {
408 /* Need to special case */
409 partial_iv_buffer[0] = '\000';
410 partial_iv_len = 1;
411 }
412 partial_iv.s = partial_iv_buffer;
413 partial_iv.length = partial_iv_len;
414 cose_encrypt0_set_partial_iv(cose, &partial_iv);
415 }
416
417 if (coap_request)
418 cose_encrypt0_set_kid_context(cose, osc_ctx->id_context);
419
420 cose_encrypt0_set_key_id(cose, snd_ctx->sender_id);
421
422 /* nonce (needs to have sender information correctly set up) */
423
424 if (coap_request || doing_observe ||
425 send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
426 /*
427 * 8.1 Step 3 or RFC8613 8.3.1 Step A
428 * Compose the AEAD nonce
429 *
430 * Requires in COSE object as appropriate
431 * key_id (kid) (sender)
432 * partial_iv (sender)
433 * common_iv (already in osc_ctx)
434 */
435 nonce.s = nonce_buffer;
436 nonce.length = 13;
437 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
438 cose_encrypt0_set_nonce(cose, &nonce);
439 if (!oscore_increment_sender_seq(osc_ctx))
440 goto error;
441 if (osc_ctx->save_seq_num_func) {
442 if (osc_ctx->sender_context->seq > osc_ctx->sender_context->next_seq) {
443 /* Only update at ssn_freq rate */
444 osc_ctx->sender_context->next_seq += osc_ctx->ssn_freq;
445 osc_ctx->save_seq_num_func(osc_ctx->sender_context->next_seq,
446 osc_ctx->save_seq_num_func_param);
447 }
448 }
449 } else {
450 /*
451 * 8.3 Step 3.
452 * Use nonce from request
453 */
454 cose_encrypt0_set_nonce(cose, association->nonce);
455 }
456
457 /* OSCORE_option (needs to be before AAD as included in AAD if group) */
458
459 /* cose is modified for encode option in response message */
460 if (!coap_request) {
461 /* no kid on response */
462 cose_encrypt0_set_key_id(cose, NULL);
463 if (!doing_observe && send_partial_iv == OSCORE_SEND_NO_IV)
464 cose_encrypt0_set_partial_iv(cose, NULL);
465 }
466 if (kid_context) {
467 cose_encrypt0_set_kid_context(cose, kid_context);
468 }
469 oscore_option_len =
470 oscore_encode_option_value(oscore_option, sizeof(oscore_option), cose,
471 group_flag,
472 session->b_2_step != COAP_OSCORE_B_2_NONE);
473 if (!coap_request) {
474 /* Reset what was just unset as appropriate for AAD */
475 cose_encrypt0_set_key_id(cose, rcp_ctx->recipient_id);
476 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
477 }
478 if (kid_context)
479 cose_encrypt0_set_kid_context(cose, osc_ctx->id_context);
480
481 /*
482 * RFC8613 8.1/8.3 Step 2(a) (5.4).
483 * Compose the External AAD and then AAD
484 *
485 * OSCORE_option requires
486 * partial_iv (cose partial_iv)
487 * kid_context (cose kid_context)
488 * key_id (cose key_id)
489 * group_flag
490 *
491 * Non Group (based on osc_tx->mode) requires the following
492 * aead_alg (osc_ctx)
493 * request_kid (request key_id using cose)
494 * request_piv (request partial_iv using cose)
495 * options (none at present)
496 * Group (based on osc_tx->mode) requires the following
497 * aead_alg (osc_ctx) (pairwise mode)
498 * sign_enc_alg (osc_ctx) (group mode)
499 * sign_alg (osc_ctx) (group mode)
500 * alg_pairwise_key_agreement (osc_ctx) (pairwise mode)
501 * request_kid (request key_id using cose)
502 * request_piv (request partial_iv using cose)
503 * options (none at present)
504 * request_kid_context (osc_ctx id_context)
505 * OSCORE_option (parameter)
506 * test_gs_public_key (osc_ctx sender_context public_key)
507 * gm_public_key (osc_ctx gm_public_key)
508 *
509 * Note: No I options at present
510 */
511 if (coap_request || osc_ctx->mode != OSCORE_MODE_SINGLE ||
512 send_partial_iv == OSCORE_SEND_PARTIAL_IV) {
513 /* External AAD */
514 external_aad.s = external_aad_buffer;
515 external_aad.length = oscore_prepare_e_aad(osc_ctx,
516 cose,
517 NULL,
518 0,
519 NULL,
520 external_aad_buffer,
521 sizeof(external_aad_buffer));
522 cose_encrypt0_set_external_aad(cose, &external_aad);
523
524 /* AAD */
525 aad.s = aad_buffer;
526 aad.length = oscore_prepare_aad(external_aad_buffer,
527 external_aad.length,
528 aad_buffer,
529 sizeof(aad_buffer));
530 assert(aad.length < AAD_BUF_LEN);
531 cose_encrypt0_set_aad(cose, &aad);
532 }
533
534 /*
535 * RFC8613 8.1/8.3 Step 2(b) (5.3).
536 *
537 * Set up temp plaintext pdu, the data including token, options and
538 * optional payload will get encrypted as COSE ciphertext.
539 */
540 plain_pdu = coap_pdu_init(pdu->type,
541 pdu->code,
542 pdu->mid,
543 pdu->used_size + 1 /* pseudo-token with actual code */);
544 if (plain_pdu == NULL)
545 goto error;
546
547 coap_add_token(osc_pdu, pdu_token.length, pdu_token.s);
548
549 /* First byte of plain is real CoAP code. Pretend it is token */
550 coap_add_token(plain_pdu, 1, &pdu_code);
551
552 /* Copy across the Outer/Inner Options to respective PDUs */
553 coap_option_iterator_init(pdu, &opt_iter, COAP_OPT_ALL);
554 while ((option = coap_option_next(&opt_iter))) {
555 switch (opt_iter.number) {
556 case COAP_OPTION_URI_HOST:
557 case COAP_OPTION_URI_PORT:
558 case COAP_OPTION_PROXY_SCHEME:
559 case COAP_OPTION_HOP_LIMIT:
560 /* Outer only */
561 if (!coap_insert_option(osc_pdu,
562 opt_iter.number,
563 coap_opt_length(option),
564 coap_opt_value(option)))
565 goto error;
566 break;
567 case COAP_OPTION_OBSERVE:
568 /* Make as Outer option as-is */
569 if (!coap_insert_option(osc_pdu,
570 opt_iter.number,
571 coap_opt_length(option),
572 coap_opt_value(option)))
573 goto error;
574 if (coap_request) {
575 /* Make as Inner option (unchanged) */
576 if (!coap_insert_option(plain_pdu,
577 opt_iter.number,
578 coap_opt_length(option),
579 coap_opt_value(option)))
580 goto error;
581 osc_pdu->code = COAP_REQUEST_CODE_FETCH;
582 } else {
583 /* Make as Inner option but empty */
584 if (!coap_insert_option(plain_pdu, opt_iter.number, 0, NULL))
585 goto error;
586 osc_pdu->code = COAP_RESPONSE_CODE(205);
587 }
588 show_pdu = 1;
589 doing_observe = 1;
590 observe_value = coap_decode_var_bytes(coap_opt_value(option),
591 coap_opt_length(option));
592 break;
593 case COAP_OPTION_PROXY_URI:
594 /*
595 * Should have already been caught by doing
596 * coap_rebuild_pdu_for_proxy() before calling
597 * coap_oscore_new_pdu_encrypted_lkd()
598 */
599 assert(0);
600 break;
601 default:
602 /* Make as Inner option */
603 if (!coap_insert_option(plain_pdu,
604 opt_iter.number,
605 coap_opt_length(option),
606 coap_opt_value(option)))
607 goto error;
608 break;
609 }
610 }
611 /* Add in data to plain */
612 if (coap_get_data(pdu, &length, &data)) {
613 if (!coap_add_data(plain_pdu, length, data))
614 goto error;
615 }
616 if (show_pdu) {
617 coap_log_oscore("OSCORE payload\n");
618 coap_show_pdu(COAP_LOG_OSCORE, plain_pdu);
619 }
620
621 /*
622 * 8.1/8.3 Step 4.
623 * Encrypt the COSE object.
624 *
625 * Requires in COSE object as appropriate
626 * alg (already set)
627 * key (sender key)
628 * nonce (already set)
629 * aad (already set)
630 * plaintext
631 */
632 cose_encrypt0_set_key(cose, snd_ctx->sender_key);
633 cose_encrypt0_set_plaintext(cose, plain_pdu->token, plain_pdu->used_size);
634 dump_cose(cose, "Pre encrypt");
635 ciphertext_buffer =
636 coap_malloc_type(COAP_OSCORE_BUF, OSCORE_CRYPTO_BUFFER_SIZE);
637 if (ciphertext_buffer == NULL)
638 goto error;
639 ciphertext_len = cose_encrypt0_encrypt(cose,
640 ciphertext_buffer,
641 plain_pdu->used_size + AES_CCM_TAG);
642 if ((int)ciphertext_len <= 0) {
643 coap_log_warn("OSCORE: Encryption Failure, result code: %d \n",
644 (int)ciphertext_len);
645 goto error;
646 }
647 assert(ciphertext_len < OSCORE_CRYPTO_BUFFER_SIZE);
648
649 /* Add in OSCORE option (previously computed) */
650 if (!coap_insert_option(osc_pdu,
651 COAP_OPTION_OSCORE,
652 oscore_option_len,
653 oscore_option))
654 goto error;
655
656 /* Add now encrypted payload */
657 if (!coap_add_data(osc_pdu, ciphertext_len, ciphertext_buffer))
658 goto error;
659
660 coap_free_type(COAP_OSCORE_BUF, ciphertext_buffer);
661 ciphertext_buffer = NULL;
662
663 coap_delete_pdu_lkd(plain_pdu);
664 plain_pdu = NULL;
665
666 if (association && association->is_observe == 0)
667 oscore_delete_association(session, association);
668 association = NULL;
669
670 /*
671 * If this is a response ACK with data, make it a separate response
672 * by sending an Empty ACK and changing osc_pdu's MID and type. This
673 * then allows lost response ACK (now CON) with data to be recovered.
674 */
675 if (coap_request == 0 && osc_pdu->type == COAP_MESSAGE_ACK &&
676 COAP_RESPONSE_CLASS(pdu->code) == 2 &&
677 COAP_PROTO_NOT_RELIABLE(session->proto)) {
678 coap_pdu_t *empty = coap_pdu_init(COAP_MESSAGE_ACK,
679 0,
680 osc_pdu->mid,
681 0);
682 if (empty) {
683 if (coap_send_internal(session, empty) != COAP_INVALID_MID) {
684 osc_pdu->mid = coap_new_message_id_lkd(session);
685 osc_pdu->type = COAP_MESSAGE_CON;
686 }
687 }
688 }
689
690 if (!coap_pdu_encode_header(osc_pdu, session->proto)) {
691 goto error;
692 }
693
694 /*
695 * Set up an association for handling a response if this is a request
696 */
697 if (coap_request) {
698 association = oscore_find_association(session, &pdu_token);
699 if (association) {
700 /* Refresh the association */
701 coap_delete_bin_const(association->nonce);
702 association->nonce =
703 coap_new_bin_const(cose->nonce.s, cose->nonce.length);
704 if (association->nonce == NULL)
705 goto error;
706 coap_delete_bin_const(association->aad);
707 association->aad = coap_new_bin_const(cose->aad.s, cose->aad.length);
708 if (association->aad == NULL)
709 goto error;
710 if (doing_observe && observe_value == 1) {
711 coap_delete_bin_const(association->obs_partial_iv);
712 association->obs_partial_iv = association->partial_iv;
713 } else {
714 coap_delete_bin_const(association->partial_iv);
715 }
716 association->partial_iv =
717 coap_new_bin_const(cose->partial_iv.s, cose->partial_iv.length);
718 if (association->partial_iv == NULL)
719 goto error;
720 association->recipient_ctx = rcp_ctx;
721 coap_delete_pdu_lkd(association->sent_pdu);
722 if (session->b_2_step != COAP_OSCORE_B_2_NONE && !session->done_b_1_2) {
723 size_t size;
724
725 association->sent_pdu = coap_pdu_duplicate_lkd(pdu, session,
726 pdu_token.length,
727 pdu_token.s, NULL);
728 if (association->sent_pdu == NULL)
729 goto error;
730 if (coap_get_data(pdu, &size, &data)) {
731 coap_add_data(association->sent_pdu, size, data);
732 }
733 } else {
734 association->sent_pdu = NULL;
735 }
736 } else if (!oscore_new_association(session,
737 pdu,
738 &pdu_token,
739 rcp_ctx,
740 &cose->aad,
741 &cose->nonce,
742 &cose->partial_iv,
743 doing_observe)) {
744 goto error;
745 }
746 session->done_b_1_2 = 1;
747 }
748 return osc_pdu;
749
750error:
751 if (ciphertext_buffer)
752 coap_free_type(COAP_OSCORE_BUF, ciphertext_buffer);
753 coap_delete_pdu_lkd(osc_pdu);
754 coap_delete_pdu_lkd(plain_pdu);
755 return NULL;
756}
757
758static void
759build_and_send_error_pdu(coap_session_t *session,
760 coap_pdu_t *rcvd,
761 coap_pdu_code_t code,
762 const char *diagnostic,
763 uint8_t *echo_data,
764 coap_bin_const_t *kid_context,
765 int encrypt_oscore) {
766 coap_pdu_t *err_pdu = NULL;
767 coap_bin_const_t token;
768 int oscore_encryption = session->oscore_encryption;
769 unsigned char buf[4];
770
771 token = coap_pdu_get_token(rcvd);
772 err_pdu = coap_pdu_init(rcvd->type == COAP_MESSAGE_NON ? COAP_MESSAGE_NON :
773 COAP_MESSAGE_ACK,
774 code,
775 rcvd->mid,
776 token.length + 2 + 8 +
777 (diagnostic ? strlen(diagnostic) : 0));
778 if (!err_pdu)
779 return;
780 coap_add_token(err_pdu, token.length, token.s);
781 if (echo_data) {
782 coap_add_option_internal(err_pdu, COAP_OPTION_ECHO, 8, echo_data);
783 } else if (kid_context == NULL) {
784 coap_add_option_internal(err_pdu,
785 COAP_OPTION_MAXAGE,
786 coap_encode_var_safe(buf, sizeof(buf), 0),
787 buf);
788 }
789 if (diagnostic)
790 coap_add_data(err_pdu, strlen(diagnostic), (const uint8_t *)diagnostic);
791 session->oscore_encryption = encrypt_oscore;
792
793 if ((echo_data || kid_context) && encrypt_oscore) {
794 coap_pdu_t *osc_pdu;
795
796 osc_pdu =
797 coap_oscore_new_pdu_encrypted_lkd(session, err_pdu, kid_context,
798 echo_data ? 1 : 0);
799 if (!osc_pdu)
800 goto fail_resp;
801 session->oscore_encryption = 0;
802 coap_send_internal(session, osc_pdu);
803 coap_delete_pdu_lkd(err_pdu);
804 err_pdu = NULL;
805 } else {
806 coap_send_internal(session, err_pdu);
807 err_pdu = NULL;
808 }
809fail_resp:
810 session->oscore_encryption = oscore_encryption;
811 coap_delete_pdu_lkd(err_pdu);
812 return;
813}
814
815/* pdu contains incoming message with encrypted COSE ciphertext payload
816 * function returns decrypted message
817 * and verifies signature, if present
818 * returns NULL when decryption,verification fails
819 */
820coap_pdu_t *
821coap_oscore_decrypt_pdu(coap_session_t *session,
822 coap_pdu_t *pdu) {
823 coap_pdu_t *decrypt_pdu = NULL;
824 coap_pdu_t *plain_pdu = NULL;
825 const uint8_t *osc_value; /* value of OSCORE option */
826 uint8_t osc_size; /* size of OSCORE OPTION */
827 coap_opt_iterator_t opt_iter;
828 coap_opt_t *opt = NULL;
829 cose_encrypt0_t cose[1];
830 oscore_ctx_t *osc_ctx = NULL;
831 uint8_t aad_buffer[AAD_BUF_LEN];
832 uint8_t nonce_buffer[13];
833 coap_bin_const_t aad;
834 coap_bin_const_t nonce;
835 int pltxt_size = 0;
836 int got_resp_piv = 0;
837 int doing_resp_observe = 0;
838 uint8_t coap_request = COAP_PDU_IS_REQUEST(pdu);
839 coap_bin_const_t pdu_token;
840 uint8_t *st_encrypt;
841 size_t encrypt_len;
842 size_t tag_len;
843 oscore_recipient_ctx_t *rcp_ctx = NULL;
844 oscore_association_t *association = NULL;
845 uint8_t external_aad_buffer[100];
846 coap_bin_const_t external_aad;
847 oscore_sender_ctx_t *snd_ctx = NULL;
848#if COAP_CLIENT_SUPPORT
849 coap_pdu_t *sent_pdu = NULL;
850#endif /* COAP_CLIENT_SUPPORT */
851
852 opt = coap_check_option(pdu, COAP_OPTION_OSCORE, &opt_iter);
853 assert(opt);
854 if (opt == NULL)
855 return NULL;
856
857 if (session->context->p_osc_ctx == NULL) {
858 coap_log_warn("OSCORE: Not enabled\n");
859 if (!coap_request)
860 coap_handle_event_lkd(session->context,
861 COAP_EVENT_OSCORE_NOT_ENABLED,
862 session);
863 return NULL;
864 }
865
866 if (pdu->data == NULL) {
867 coap_log_warn("OSCORE: No protected payload\n");
868 if (!coap_request)
869 coap_handle_event_lkd(session->context,
870 COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD,
871 session);
872 return NULL;
873 }
874
875 osc_size = coap_opt_length(opt);
876 osc_value = coap_opt_value(opt);
877
878 cose_encrypt0_init(cose); /* clear cose memory */
879
880 /* PDU code will be filled in after decryption */
881 decrypt_pdu =
882 coap_pdu_init(pdu->type, 0, pdu->mid, pdu->used_size);
883 if (decrypt_pdu == NULL) {
884 if (!coap_request)
885 coap_handle_event_lkd(session->context,
886 COAP_EVENT_OSCORE_INTERNAL_ERROR,
887 session);
888 goto error;
889 }
890
891 /* Copy across the Token */
892 pdu_token = coap_pdu_get_token(pdu);
893 coap_add_token(decrypt_pdu, pdu_token.length, pdu_token.s);
894
895 /*
896 * 8.2/8.4 Step 1.
897 * Copy outer options across, except E and OSCORE options
898 */
899 coap_option_iterator_init(pdu, &opt_iter, COAP_OPT_ALL);
900 while ((opt = coap_option_next(&opt_iter))) {
901 switch (opt_iter.number) {
902 /* 'E' options skipped */
903 case COAP_OPTION_IF_MATCH:
904 case COAP_OPTION_ETAG:
905 case COAP_OPTION_IF_NONE_MATCH:
906 case COAP_OPTION_OBSERVE:
907 case COAP_OPTION_LOCATION_PATH:
908 case COAP_OPTION_URI_PATH:
909 case COAP_OPTION_CONTENT_FORMAT:
910 case COAP_OPTION_MAXAGE:
911 case COAP_OPTION_URI_QUERY:
912 case COAP_OPTION_ACCEPT:
913 case COAP_OPTION_LOCATION_QUERY:
914 case COAP_OPTION_BLOCK2:
915 case COAP_OPTION_BLOCK1:
916 case COAP_OPTION_SIZE2:
917 case COAP_OPTION_SIZE1:
918 case COAP_OPTION_NORESPONSE:
919 case COAP_OPTION_ECHO:
920 case COAP_OPTION_RTAG:
921 /* OSCORE does not get copied across */
922 case COAP_OPTION_OSCORE:
923 break;
924 default:
925 if (!coap_add_option_internal(decrypt_pdu,
926 opt_iter.number,
927 coap_opt_length(opt),
928 coap_opt_value(opt))) {
929 if (!coap_request)
930 coap_handle_event_lkd(session->context,
931 COAP_EVENT_OSCORE_INTERNAL_ERROR,
932 session);
933 goto error;
934 }
935 break;
936 }
937 }
938
939 if (coap_request) {
940 uint64_t incoming_seq;
941 /*
942 * 8.2 Step 2
943 * Decompress COSE object
944 * Get Recipient Context based on kid and optional kid_context
945 */
946 if (oscore_decode_option_value(osc_value, osc_size, cose) == 0) {
947 coap_log_warn("OSCORE: OSCORE Option cannot be decoded.\n");
948 build_and_send_error_pdu(session,
949 pdu,
950 COAP_RESPONSE_CODE(402),
951 "Failed to decode COSE",
952 NULL,
953 NULL,
954 0);
955 goto error_no_ack;
956 }
957 osc_ctx = oscore_find_context(session->context,
958 cose->key_id,
959 &cose->kid_context,
960 NULL,
961 &rcp_ctx);
962 if (!osc_ctx) {
963 if (cose->kid_context.length > 0) {
964 const uint8_t *ptr;
965 size_t length;
966 /* Appendix B.2 protocol check - Is the recipient key_id known */
967 osc_ctx = oscore_find_context(session->context,
968 cose->key_id,
969 NULL,
970 session->oscore_r2 != 0 ? (uint8_t *)&session->oscore_r2 : NULL,
971 &rcp_ctx);
972 ptr = cose->kid_context.s;
973 length = cose->kid_context.length;
974 if (ptr && osc_ctx && osc_ctx->rfc8613_b_2 &&
975 osc_ctx->mode == OSCORE_MODE_SINGLE) {
976 /* Processing Appendix B.2 protocol */
977 /* Need to CBOR unwrap kid_context */
978 coap_bin_const_t kid_context;
979
980 kid_context.length = oscore_cbor_get_element_size(&ptr, &length);
981 if (kid_context.length > length)
982 goto error;
983 /* This has to fit into an OSCORE option max 255.
984 * Initial byte, kid_context size, partial IV size and kid size have to be there
985 */
986 if (kid_context.length >= 255 - 1 - 1 - cose->partial_iv.length - cose->key_id.length)
987 goto error;
988 kid_context.s = ptr;
989 cose_encrypt0_set_kid_context(cose, (coap_bin_const_t *)&kid_context);
990
991 if (session->oscore_r2 != 0) {
992 /* B.2 step 4 */
993 coap_bin_const_t *kc = coap_new_bin_const(cose->kid_context.s,
994 cose->kid_context.length);
995
996 if (kc == NULL)
997 goto error;
998
999 session->b_2_step = COAP_OSCORE_B_2_STEP_4;
1000 coap_log_oscore("Appendix B.2 server step 4 (R2 || R3)\n");
1001 oscore_update_ctx(osc_ctx, kc);
1002 } else {
1003 session->b_2_step = COAP_OSCORE_B_2_STEP_2;
1004 coap_log_oscore("Appendix B.2 server step 2 (ID1)\n");
1005 osc_ctx = oscore_duplicate_ctx(session->context,
1006 osc_ctx,
1007 osc_ctx->sender_context->sender_id,
1008 &cose->key_id,
1009 &cose->kid_context);
1010 if (osc_ctx == NULL)
1011 goto error;
1012 /*
1013 * Complete the Verify (B.2 step 2)
1014 * before sending back the response
1015 */
1016 rcp_ctx = osc_ctx->recipient_chain;
1017 }
1018 } else {
1019 osc_ctx = NULL;
1020 }
1021 }
1022 } else if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1023 session->b_2_step = COAP_OSCORE_B_2_NONE;
1024 coap_log_oscore("Appendix B.2 server finished\n");
1025 }
1026 if (!osc_ctx) {
1027 coap_log_crit("OSCORE: Security Context not found\n");
1028 oscore_log_hex_value(COAP_LOG_OSCORE, "key_id", &cose->key_id);
1029 oscore_log_hex_value(COAP_LOG_OSCORE, "kid_context", &cose->kid_context);
1030 build_and_send_error_pdu(session,
1031 pdu,
1032 COAP_RESPONSE_CODE(401),
1033 "Security context not found",
1034 NULL,
1035 NULL,
1036 0);
1037 goto error_no_ack;
1038 }
1039 /* to be used for encryption of returned response later */
1040 session->recipient_ctx = rcp_ctx;
1041 snd_ctx = osc_ctx->sender_context;
1042
1043 /*
1044 * 8.2 Step 3.
1045 * Verify Partial IV is not duplicated.
1046 *
1047 * Requires in COSE object as appropriate
1048 * partial_iv (as received)
1049 */
1050 if (rcp_ctx->initial_state == 0 &&
1051 !oscore_validate_sender_seq(rcp_ctx, cose)) {
1052 coap_log_warn("OSCORE: Replayed or old message\n");
1053 build_and_send_error_pdu(session,
1054 pdu,
1055 COAP_RESPONSE_CODE(401),
1056 "Replay detected",
1057 NULL,
1058 NULL,
1059 0);
1060 goto error_no_ack;
1061 }
1062 if (rcp_ctx->initial_state == 1) {
1063 incoming_seq =
1064 coap_decode_var_bytes8(cose->partial_iv.s, cose->partial_iv.length);
1065 rcp_ctx->last_seq = incoming_seq;
1066 }
1067 } else { /* !coap_request */
1068 /*
1069 * 8.4 Step 2
1070 * Decompress COSE object
1071 * Get Recipient Context based on token
1072 */
1073 if (oscore_decode_option_value(osc_value, osc_size, cose) == 0) {
1074 coap_log_warn("OSCORE: OSCORE Option cannot be decoded.\n");
1075 coap_handle_event_lkd(session->context,
1076 COAP_EVENT_OSCORE_DECODE_ERROR,
1077 session);
1078 goto error;
1079 }
1080 got_resp_piv = cose->partial_iv.length ? 1 : 0;
1081
1082 association = oscore_find_association(session, &pdu_token);
1083 if (association) {
1084 rcp_ctx = association->recipient_ctx;
1085 osc_ctx = rcp_ctx->osc_ctx;
1086 snd_ctx = osc_ctx->sender_context;
1087#if COAP_CLIENT_SUPPORT
1088 sent_pdu = association->sent_pdu;
1089 if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1090 const uint8_t *ptr = cose->kid_context.s;
1091 size_t length = cose->kid_context.length;
1092
1093 if (ptr) {
1094 /* Need to CBOR unwrap kid_context */
1095 coap_bin_const_t kid_context;
1096
1097 kid_context.length = oscore_cbor_get_element_size(&ptr, &length);
1098 if (kid_context.length > length)
1099 goto error;
1100 /* This has to fit into an OSCORE option max 255.
1101 * Initial byte, kid_context size, partial IV size and kid size have to be there
1102 */
1103 if (kid_context.length >= 255 - 1 - 1 - cose->partial_iv.length - cose->key_id.length)
1104 goto error;
1105 kid_context.s = ptr;
1106 cose_encrypt0_set_kid_context(cose, &kid_context);
1107 }
1108 if (ptr && !coap_binary_equal(osc_ctx->id_context, &cose->kid_context)) {
1109 /* If Appendix B.2 step 3 is in operation */
1110 /* Need to update Security Context with new (R2 || ID1) ID Context */
1111 coap_binary_t *kc = coap_new_binary(cose->kid_context.length +
1112 osc_ctx->id_context->length);
1113
1114 if (kc == NULL) {
1115 coap_handle_event_lkd(session->context,
1116 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1117 session);
1118 goto error;
1119 }
1120
1121 memcpy(kc->s, cose->kid_context.s, cose->kid_context.length);
1122 memcpy(&kc->s[cose->kid_context.length],
1123 osc_ctx->id_context->s,
1124 osc_ctx->id_context->length);
1125
1126 session->b_2_step = COAP_OSCORE_B_2_STEP_3;
1127 coap_log_oscore("Appendix B.2 client step 3 (R2 || ID1)\n");
1128 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1129 } else {
1130 session->b_2_step = COAP_OSCORE_B_2_STEP_5;
1131 coap_log_oscore("Appendix B.2 client step 5 (R2 || R3)\n");
1132 }
1133 }
1134#endif /* COAP_CLIENT_SUPPORT */
1135 } else {
1136 coap_log_crit("OSCORE: Security Context association not found\n");
1137 coap_handle_event_lkd(session->context,
1138 COAP_EVENT_OSCORE_NO_SECURITY,
1139 session);
1140 goto error;
1141 }
1142 }
1143
1144 cose_encrypt0_set_alg(cose, osc_ctx->aead_alg);
1145
1146 if (coap_request) {
1147 /*
1148 * RFC8613 8.2 Step 4.
1149 * Compose the External AAD and then AAD
1150 *
1151 * Non Group (based on osc_tx->mode) requires the following
1152 * aead_alg (osc_ctx)
1153 * request_kid (request key_id using cose)
1154 * request_piv (request partial_iv using cose)
1155 * options (none at present)
1156 * Group (based on osc_tx->mode) requires the following
1157 * aead_alg (osc_ctx) (pairwise mode)
1158 * sign_enc_alg (osc_ctx) (group mode)
1159 * sign_alg (osc_ctx) (group mode)
1160 * alg_pairwise_key_agreement (osc_ctx) (pairwise mode)
1161 * request_kid (request key_id using cose)
1162 * request_piv (request partial_iv using cose)
1163 * options (none at present)
1164 * request_kid_context (osc_ctx id_context)
1165 * OSCORE_option (as received in request)
1166 * test_gs_public_key (recipient public key)
1167 * gm_public_key (osc_ctx gm_public_key)
1168 *
1169 * Note: No I options at present
1170 */
1171
1172 /* External AAD */
1173 external_aad.s = external_aad_buffer;
1174 external_aad.length = oscore_prepare_e_aad(osc_ctx,
1175 cose,
1176 osc_value,
1177 osc_size,
1178 NULL,
1179 external_aad_buffer,
1180 sizeof(external_aad_buffer));
1181 cose_encrypt0_set_external_aad(cose, &external_aad);
1182
1183 /* AAD */
1184 aad.s = aad_buffer;
1185 aad.length = oscore_prepare_aad(external_aad_buffer,
1186 external_aad.length,
1187 aad_buffer,
1188 sizeof(aad_buffer));
1189 assert(aad.length < AAD_BUF_LEN);
1190 cose_encrypt0_set_aad(cose, &aad);
1191
1192 /*
1193 * RFC8613 8.2 Step 5.
1194 * Compute the AEAD nonce.
1195 *
1196 * Requires in COSE object as appropriate
1197 * key_id (kid) (Recipient ID)
1198 * partial_iv (as received in request)
1199 * common_iv (already in osc_ctx)
1200 */
1201 nonce.s = nonce_buffer;
1202 nonce.length = 13;
1203 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
1204 cose_encrypt0_set_nonce(cose, &nonce);
1205 /*
1206 * Set up an association for use in the response
1207 */
1208 association = oscore_find_association(session, &pdu_token);
1209 if (association) {
1210 /* Refresh the association */
1211 coap_delete_bin_const(association->nonce);
1212 association->nonce =
1213 coap_new_bin_const(cose->nonce.s, cose->nonce.length);
1214 if (association->nonce == NULL)
1215 goto error;
1216 coap_delete_bin_const(association->partial_iv);
1217 association->partial_iv =
1218 coap_new_bin_const(cose->partial_iv.s, cose->partial_iv.length);
1219 if (association->partial_iv == NULL)
1220 goto error;
1221 coap_delete_bin_const(association->aad);
1222 association->aad = coap_new_bin_const(cose->aad.s, cose->aad.length);
1223 if (association->aad == NULL)
1224 goto error;
1225 association->recipient_ctx = rcp_ctx;
1226 } else if (!oscore_new_association(session,
1227 NULL,
1228 &pdu_token,
1229 rcp_ctx,
1230 &cose->aad,
1231 &cose->nonce,
1232 &cose->partial_iv,
1233 0)) {
1234 goto error;
1235 }
1236 /* So association is not released when handling decrypt */
1237 association = NULL;
1238 } else { /* ! coap_request */
1239 /* Need to do nonce before AAD because of different partial_iv */
1240 /*
1241 * 8.4 Step 4.
1242 * Compose the AEAD nonce.
1243 */
1244 cose_encrypt0_set_key_id(cose, rcp_ctx->recipient_id);
1245 if (cose->partial_iv.length == 0) {
1246 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
1247 cose_encrypt0_set_nonce(cose, association->nonce);
1248 } else {
1249 uint64_t last_seq;
1250
1251 if (rcp_ctx->initial_state == 0 &&
1252 !oscore_validate_sender_seq(rcp_ctx, cose)) {
1253 coap_log_warn("OSCORE: Replayed or old message\n");
1254 goto error;
1255 }
1256 last_seq =
1257 coap_decode_var_bytes8(cose->partial_iv.s, cose->partial_iv.length);
1258 if (rcp_ctx->last_seq>= OSCORE_SEQ_MAX) {
1259 coap_log_warn("OSCORE Replay protection, SEQ larger than SEQ_MAX.\n");
1260 goto error;
1261 }
1262 if (last_seq > rcp_ctx->last_seq)
1263 rcp_ctx->last_seq = last_seq;
1264 /*
1265 * Requires in COSE object as appropriate
1266 * kid (set above)
1267 * partial_iv (as received)
1268 * common_iv (already in osc_ctx)
1269 */
1270 oscore_generate_nonce(cose, osc_ctx, nonce_buffer, 13);
1271 nonce.s = nonce_buffer;
1272 nonce.length = 13;
1273 cose_encrypt0_set_nonce(cose, &nonce);
1274 }
1275#ifdef OSCORE_EXTRA_DEBUG
1276 dump_cose(cose, "!req post set nonce");
1277#endif /* OSCORE_EXTRA_DEBUG */
1278 /*
1279 * 8.4 Step 3.
1280 * Compose the External AAD and then AAD (same as request non-group (5.4)
1281 *
1282 * Non Group (based on osc_tx->mode) requires the following
1283 * aead_alg (osc_ctx)
1284 * request_kid (request key_id using cose)
1285 * request_piv (request partial_iv using cose)
1286 * options (none at present)
1287 * Group (based on osc_tx->mode) requires the following
1288 * aead_alg (osc_ctx) (pairwise mode)
1289 * sign_enc_alg (osc_ctx) (group mode)
1290 * sign_alg (osc_ctx) (group mode)
1291 * alg_pairwise_key_agreement (osc_ctx) (pairwise mode)
1292 * request_kid (request key_id using cose)
1293 * request_piv (request partial_iv using cose)
1294 * options (none at present)
1295 * request_kid_context (osc_ctx id_context)
1296 * OSCORE_option (as received in request)
1297 * test_gs_public_key (recipient public key)
1298 * gm_public_key (osc_ctx gm_public_key)
1299 *
1300 * Note: No I options at present
1301 */
1302
1303 /* External AAD */
1304 cose_encrypt0_set_key_id(cose, snd_ctx->sender_id);
1305 if (association->is_observe && association->obs_partial_iv && got_resp_piv) {
1306 cose_encrypt0_set_partial_iv(cose, association->obs_partial_iv);
1307 } else {
1308 cose_encrypt0_set_partial_iv(cose, association->partial_iv);
1309 }
1310#ifdef OSCORE_EXTRA_DEBUG
1311 dump_cose(cose, "!req pre aad");
1312#endif /* OSCORE_EXTRA_DEBUG */
1313 external_aad.s = external_aad_buffer;
1314 external_aad.length = oscore_prepare_e_aad(osc_ctx,
1315 cose,
1316 NULL,
1317 0,
1318 NULL,
1319 external_aad_buffer,
1320 sizeof(external_aad_buffer));
1321 cose_encrypt0_set_external_aad(cose, &external_aad);
1322
1323 /* AAD */
1324 aad.s = aad_buffer;
1325 aad.length = oscore_prepare_aad(external_aad_buffer,
1326 external_aad.length,
1327 aad_buffer,
1328 sizeof(aad_buffer));
1329 assert(aad.length < AAD_BUF_LEN);
1330 cose_encrypt0_set_aad(cose, &aad);
1331#ifdef OSCORE_EXTRA_DEBUG
1332 dump_cose(cose, "!req post set aad");
1333#endif /* OSCORE_EXTRA_DEBUG */
1334 }
1335
1336 /*
1337 * 8.2 Step 6 / 8.4 Step 5.
1338 * Decrypt the COSE object.
1339 *
1340 * Requires in COSE object as appropriate
1341 * alg (already set)
1342 * key
1343 * nonce (already set)
1344 * aad (already set)
1345 * ciphertext
1346 */
1347 st_encrypt = pdu->data;
1348 encrypt_len = pdu->used_size - (pdu->data - pdu->token);
1349 if (encrypt_len <= 0) {
1350 coap_log_warn("OSCORE: No protected payload\n");
1351 if (!coap_request)
1352 coap_handle_event_lkd(session->context,
1353 COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD,
1354 session);
1355 goto error;
1356 }
1357 cose_encrypt0_set_key(cose, rcp_ctx->recipient_key);
1358 cose_encrypt0_set_ciphertext(cose, st_encrypt, encrypt_len);
1359
1360 tag_len = cose_tag_len(cose->alg);
1361 /* Decrypt into plain_pdu, so code (token), options and data are in place */
1362 plain_pdu = coap_pdu_init(0, 0, 0, encrypt_len /* - tag_len */);
1363 if (plain_pdu == NULL) {
1364 if (!coap_request)
1365 coap_handle_event_lkd(session->context,
1366 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1367 session);
1368 goto error;
1369 }
1370
1371 /* need the tag_len on the end for TinyDTLS to do its work - yuk */
1372 if (!coap_pdu_resize(plain_pdu, encrypt_len /* - tag_len */)) {
1373 if (!coap_request)
1374 coap_handle_event_lkd(session->context,
1375 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1376 session);
1377 goto error;
1378 }
1379
1380 /* Account for 1 byte 'code' used as token */
1381 plain_pdu->e_token_length = 1;
1382 plain_pdu->actual_token.length = 1;
1383 /* Account for the decrypted data */
1384 plain_pdu->used_size = encrypt_len - tag_len;
1385
1386 dump_cose(cose, "Pre decrypt");
1387 pltxt_size =
1388 cose_encrypt0_decrypt(cose, plain_pdu->token, encrypt_len - tag_len);
1389 if (pltxt_size <= 0) {
1390 coap_log_warn("OSCORE: Decryption Failure, result code: %d \n",
1391 (int)pltxt_size);
1392 if (coap_request) {
1393 build_and_send_error_pdu(session,
1394 pdu,
1395 COAP_RESPONSE_CODE(400),
1396 "Decryption failed",
1397 NULL,
1398 NULL,
1399 0);
1400 oscore_roll_back_seq(rcp_ctx);
1401 goto error_no_ack;
1402 } else {
1403 coap_handle_event_lkd(session->context,
1404 COAP_EVENT_OSCORE_DECRYPTION_FAILURE,
1405 session);
1406 }
1407 goto error;
1408 }
1409
1410 assert((size_t)pltxt_size < pdu->alloc_size + pdu->max_hdr_size);
1411
1412 /* Appendix B.2 Trap */
1413 if (session->b_2_step == COAP_OSCORE_B_2_STEP_2) {
1414 /* Need to update Security Context with new (R2 || ID1) ID Context */
1415 coap_binary_t *kc =
1416 coap_new_binary(sizeof(session->oscore_r2) + cose->kid_context.length);
1417 coap_bin_const_t oscore_r2;
1418
1419 if (kc == NULL) {
1420 if (!coap_request)
1421 coap_handle_event_lkd(session->context,
1422 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1423 session);
1424 goto error;
1425 }
1426
1427 coap_prng_lkd(&session->oscore_r2, sizeof(session->oscore_r2));
1428 memcpy(kc->s, &session->oscore_r2, sizeof(session->oscore_r2));
1429 memcpy(&kc->s[sizeof(session->oscore_r2)],
1430 cose->kid_context.s,
1431 cose->kid_context.length);
1432
1433 coap_log_oscore("Appendix B.2 server step 2 (R2 || ID1)\n");
1434 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1435
1436 oscore_r2.length = sizeof(session->oscore_r2);
1437 oscore_r2.s = (const uint8_t *)&session->oscore_r2;
1438 coap_log_oscore("Appendix B.2 server step 2 plain response\n");
1439 build_and_send_error_pdu(session,
1440 pdu,
1441 COAP_RESPONSE_CODE(401),
1442 NULL,
1443 NULL,
1444 &oscore_r2,
1445 1);
1446 goto error_no_ack;
1447 }
1448#if COAP_CLIENT_SUPPORT
1449 if (session->b_2_step == COAP_OSCORE_B_2_STEP_3) {
1450 coap_log_oscore("Appendix B.2 client step 3 (R2 || R3)\n");
1451 coap_pdu_encode_header(plain_pdu, session->proto);
1452 plain_pdu->actual_token.s = plain_pdu->token;
1453 plain_pdu->code = plain_pdu->token[0];
1454 if (plain_pdu->code != COAP_RESPONSE_CODE(401)) {
1455 coap_log_warn("OSCORE Appendix B.2: Expected 4.01 response\n");
1456 }
1457 /* Skip the options */
1458 coap_option_iterator_init(plain_pdu, &opt_iter, COAP_OPT_ALL);
1459 while (coap_option_next(&opt_iter)) {
1460 }
1461 if (opt_iter.length > 0 && opt_iter.next_option &&
1462 opt_iter.next_option[0] == COAP_PAYLOAD_START) {
1463 plain_pdu->data = &opt_iter.next_option[1];
1464 }
1465 coap_log_oscore("Inner Response PDU (plaintext)\n");
1466 coap_show_pdu(COAP_LOG_OSCORE, plain_pdu);
1467 /*
1468 * Need to update Security Context with new (R2 || R3) ID Context
1469 * and retransmit the request
1470 */
1471 coap_binary_t *kc = coap_new_binary(cose->kid_context.length + 8);
1472
1473 if (kc == NULL) {
1474 if (!coap_request)
1475 coap_handle_event_lkd(session->context,
1476 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1477 session);
1478 goto error;
1479 }
1480 memcpy(kc->s, cose->kid_context.s, cose->kid_context.length);
1481 coap_prng_lkd(&kc->s[cose->kid_context.length], 8);
1482
1483 oscore_update_ctx(osc_ctx, (coap_bin_const_t *)kc);
1484
1485 coap_cancel_all_messages(session->context,
1486 session,
1487 &pdu->actual_token);
1488 if (session->con_active)
1489 session->con_active--;
1490 coap_send_ack_lkd(session, pdu);
1491 if (sent_pdu) {
1492 coap_log_oscore("Appendix B.2 retransmit pdu\n");
1493 if (coap_retransmit_oscore_pdu(session, sent_pdu, NULL) ==
1494 COAP_INVALID_MID)
1495 goto error_no_ack;
1496 }
1497 goto error_no_ack;
1498 }
1499#endif /* COAP_CLIENT_SUPPORT */
1500
1501#if COAP_SERVER_SUPPORT
1502 /* Appendix B.1.2 request Trap */
1503 if (coap_request && osc_ctx->rfc8613_b_1_2) {
1504 if (rcp_ctx->initial_state == 1) {
1505 opt = coap_check_option(plain_pdu, COAP_OPTION_ECHO, &opt_iter);
1506 if (opt) {
1507 /* Verify Client is genuine */
1508 if (coap_opt_length(opt) == 8 &&
1509 memcmp(coap_opt_value(opt), rcp_ctx->echo_value, 8) == 0) {
1510 if (!oscore_validate_sender_seq(rcp_ctx, cose)) {
1511 coap_log_warn("OSCORE: Replayed or old message\n");
1512 build_and_send_error_pdu(session,
1513 pdu,
1514 COAP_RESPONSE_CODE(401),
1515 "Replay detected",
1516 NULL,
1517 NULL,
1518 0);
1519 goto error_no_ack;
1520 }
1521 } else
1522 goto error;
1523 } else {
1524 /* RFC 8163 Appendix B.1.2 */
1525 if (session->b_2_step == COAP_OSCORE_B_2_STEP_4) {
1526 session->b_2_step = COAP_OSCORE_B_2_NONE;
1527 coap_log_oscore("Appendix B.2 server finished\n");
1528 }
1529 coap_prng_lkd(rcp_ctx->echo_value, sizeof(rcp_ctx->echo_value));
1530 coap_log_oscore("Appendix B.1.2 server plain response\n");
1531 build_and_send_error_pdu(session,
1532 pdu,
1533 COAP_RESPONSE_CODE(401),
1534 NULL,
1535 rcp_ctx->echo_value,
1536 NULL,
1537 1);
1538 goto error_no_ack;
1539 }
1540 }
1541 }
1542#endif /* COAP_SERVER_SUPPORT */
1543
1544 /*
1545 * 8.2 Step 7 / 8.4 Step 6.
1546 * Add decrypted Code, options and payload
1547 * [OSCORE option not copied across previously]
1548 */
1549
1550 /* PDU code is pseudo plain_pdu token */
1551 decrypt_pdu->code = plain_pdu->token[0];
1552
1553 /* Copy inner decrypted options across */
1554 coap_option_iterator_init(plain_pdu, &opt_iter, COAP_OPT_ALL);
1555 while ((opt = coap_option_next(&opt_iter))) {
1556 size_t len;
1557 size_t bias;
1558
1559 switch (opt_iter.number) {
1560 case COAP_OPTION_OSCORE:
1561 break;
1562 case COAP_OPTION_OBSERVE:
1563 if (!coap_request) {
1564 bias = cose->partial_iv.length > 3 ? cose->partial_iv.length - 3 : 0;
1565 len = cose->partial_iv.length > 3 ? 3 : cose->partial_iv.length;
1566 /* Make Observe option reflect last 3 bytes of partial_iv */
1567 if (!coap_add_option_internal(
1568 decrypt_pdu,
1569 opt_iter.number,
1570 len,
1571 cose->partial_iv.s ? &cose->partial_iv.s[bias] : NULL)) {
1572 coap_handle_event_lkd(session->context,
1573 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1574 session);
1575 goto error;
1576 }
1577 doing_resp_observe = 1;
1578 break;
1579 }
1580 association = oscore_find_association(session, &pdu_token);
1581 if (association) {
1582 association->is_observe = 1;
1583 association = NULL;
1584 }
1585 /* Fall Through */
1586 default:
1587 if (!coap_insert_option(decrypt_pdu,
1588 opt_iter.number,
1589 coap_opt_length(opt),
1590 coap_opt_value(opt))) {
1591 if (!coap_request)
1592 coap_handle_event_lkd(session->context,
1593 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1594 session);
1595 goto error;
1596 }
1597 break;
1598 }
1599 }
1600 if (!coap_request && !doing_resp_observe) {
1601 if (association) {
1602 association->is_observe = 0;
1603 }
1604 }
1605 /* Need to copy across any data */
1606 if (opt_iter.length > 0 && opt_iter.next_option &&
1607 opt_iter.next_option[0] == COAP_PAYLOAD_START) {
1608 plain_pdu->data = &opt_iter.next_option[1];
1609 if (!coap_add_data(decrypt_pdu,
1610 plain_pdu->used_size -
1611 (plain_pdu->data - plain_pdu->token),
1612 plain_pdu->data)) {
1613 if (!coap_request)
1614 coap_handle_event_lkd(session->context,
1615 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1616 session);
1617 goto error;
1618 }
1619 }
1620 coap_delete_pdu_lkd(plain_pdu);
1621 plain_pdu = NULL;
1622
1623 /* Make sure headers are correctly set up */
1624 if (!coap_pdu_encode_header(decrypt_pdu, session->proto)) {
1625 if (!coap_request)
1626 coap_handle_event_lkd(session->context,
1627 COAP_EVENT_OSCORE_INTERNAL_ERROR,
1628 session);
1629 goto error;
1630 }
1631
1632 if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
1633 session->b_2_step = COAP_OSCORE_B_2_NONE;
1634 coap_log_oscore("Appendix B.2 client finished\n");
1635 }
1636#if COAP_CLIENT_SUPPORT
1637 if (decrypt_pdu->code == COAP_RESPONSE_CODE(401) &&
1638 (opt = coap_check_option(decrypt_pdu, COAP_OPTION_ECHO, &opt_iter))) {
1639 /* Server is requesting Echo refresh check */
1640 coap_cancel_all_messages(session->context,
1641 session,
1642 &pdu->actual_token);
1643 if (session->con_active)
1644 session->con_active--;
1645 if (sent_pdu) {
1646 coap_send_ack_lkd(session, pdu);
1647 coap_log_debug("PDU requesting re-transmit\n");
1648 coap_show_pdu(COAP_LOG_DEBUG, decrypt_pdu);
1649 coap_log_oscore("RFC9175 retransmit pdu\n");
1650 /* Do not care if this fails */
1651 coap_retransmit_oscore_pdu(session, sent_pdu, opt);
1652 goto error_no_ack;
1653 }
1654 }
1655#endif /* COAP_CLIENT_SUPPORT */
1656 if (association && association->is_observe == 0)
1657 oscore_delete_association(session, association);
1658 return decrypt_pdu;
1659
1660error:
1661 coap_send_ack_lkd(session, pdu);
1662error_no_ack:
1663 if (association && association->is_observe == 0)
1664 oscore_delete_association(session, association);
1665 coap_delete_pdu_lkd(decrypt_pdu);
1666 coap_delete_pdu_lkd(plain_pdu);
1667 return NULL;
1668}
1669
1670typedef enum {
1671 COAP_ENC_ASCII = 0x01,
1672 COAP_ENC_HEX = 0x02,
1673 COAP_ENC_INTEGER = 0x08,
1674 COAP_ENC_TEXT = 0x10,
1675 COAP_ENC_BOOL = 0x20,
1676 COAP_ENC_LAST
1677} coap_oscore_coding_t;
1678
1679#undef TEXT_MAPPING
1680#define TEXT_MAPPING(t, v) \
1681 { { sizeof(#t)-1, (const uint8_t *)#t }, v }
1682
1683static struct coap_oscore_encoding_t {
1684 coap_str_const_t name;
1685 coap_oscore_coding_t encoding;
1686} oscore_encoding[] = {
1687 TEXT_MAPPING(ascii, COAP_ENC_ASCII),
1688 TEXT_MAPPING(hex, COAP_ENC_HEX),
1689 TEXT_MAPPING(integer, COAP_ENC_INTEGER),
1690 TEXT_MAPPING(text, COAP_ENC_TEXT),
1691 TEXT_MAPPING(bool, COAP_ENC_BOOL),
1692 {{0, NULL}, COAP_ENC_LAST}
1693};
1694
1695typedef struct {
1696 coap_oscore_coding_t encoding;
1697 const char *encoding_name;
1698 union {
1699 int value_int;
1700 coap_bin_const_t *value_bin;
1701 coap_str_const_t value_str;
1702 } u;
1703} oscore_value_t;
1704
1705static uint8_t
1706hex2char(char c) {
1707 assert(isxdigit(c));
1708 if ('a' <= c && c <= 'f')
1709 return c - 'a' + 10;
1710 else if ('A' <= c && c <= 'F')
1711 return c - 'A' + 10;
1712 else
1713 return c - '0';
1714}
1715
1716/* Parse the hex into binary */
1717static coap_bin_const_t *
1718parse_hex_bin(const char *begin, const char *end) {
1719 coap_binary_t *binary = NULL;
1720 size_t i;
1721
1722 if ((end - begin) % 2 != 0)
1723 goto bad_entry;
1724 binary = coap_new_binary((end - begin) / 2);
1725 if (binary == NULL)
1726 goto bad_entry;
1727 for (i = 0; (i < (size_t)(end - begin)) && isxdigit((u_char)begin[i]) &&
1728 isxdigit((u_char)begin[i + 1]);
1729 i += 2) {
1730 binary->s[i / 2] = (hex2char(begin[i]) << 4) + hex2char(begin[i + 1]);
1731 }
1732 if (i != (size_t)(end - begin))
1733 goto bad_entry;
1734 return (coap_bin_const_t *)binary;
1735
1736bad_entry:
1737 coap_delete_binary(binary);
1738 return NULL;
1739}
1740
1741/*
1742 * Break up each OSCORE Configuration line entry into the 3 parts which
1743 * are comma separated
1744 *
1745 * keyword,encoding,value
1746 */
1747static int
1748get_split_entry(const char **start,
1749 size_t size,
1750 coap_str_const_t *keyword,
1751 oscore_value_t *value) {
1752 const char *begin = *start;
1753 const char *end;
1754 const char *kend;
1755 const char *split;
1756 size_t i;
1757 size_t len;
1758
1759retry:
1760 kend = end = memchr(begin, '\n', size);
1761 if (end == NULL)
1762 return 0;
1763
1764 /* Track beginning of next line */
1765 *start = end + 1;
1766 if (end > begin && end[-1] == '\r')
1767 end--;
1768
1769 if (begin[0] == '#' || (end - begin) == 0) {
1770 /* Skip comment / blank line */
1771 size -= kend - begin + 1;
1772 begin = *start;
1773 goto retry;
1774 }
1775
1776 /* Get in the keyword */
1777 split = memchr(begin, ',', end - begin);
1778 if (split == NULL)
1779 goto bad_entry;
1780
1781 keyword->s = (const uint8_t *)begin;
1782 keyword->length = split - begin;
1783
1784 begin = split + 1;
1785 if ((end - begin) == 0)
1786 goto bad_entry;
1787 /* Get in the encoding */
1788 split = memchr(begin, ',', end - begin);
1789 if (split == NULL)
1790 goto bad_entry;
1791
1792 for (i = 0; oscore_encoding[i].name.s; i++) {
1793 coap_str_const_t temp = { split - begin, (const uint8_t *)begin };
1794
1795 if (coap_string_equal(&temp, &oscore_encoding[i].name)) {
1796 value->encoding = oscore_encoding[i].encoding;
1797 value->encoding_name = (const char *)oscore_encoding[i].name.s;
1798 break;
1799 }
1800 }
1801 if (oscore_encoding[i].name.s == NULL)
1802 goto bad_entry;
1803
1804 begin = split + 1;
1805 if ((end - begin) == 0)
1806 goto bad_entry;
1807 /* Get in the keyword's value */
1808 if (begin[0] == '"') {
1809 split = memchr(&begin[1], '"', end - split - 1);
1810 if (split == NULL)
1811 goto bad_entry;
1812 end = split;
1813 begin++;
1814 }
1815 switch (value->encoding) {
1816 case COAP_ENC_ASCII:
1817 value->u.value_bin =
1818 coap_new_bin_const((const uint8_t *)begin, end - begin);
1819 break;
1820 case COAP_ENC_HEX:
1821 /* Parse the hex into binary */
1822 value->u.value_bin = parse_hex_bin(begin, end);
1823 if (value->u.value_bin == NULL)
1824 goto bad_entry;
1825 break;
1826 case COAP_ENC_INTEGER:
1827 value->u.value_int = atoi(begin);
1828 break;
1829 case COAP_ENC_TEXT:
1830 value->u.value_str.s = (const uint8_t *)begin;
1831 value->u.value_str.length = end - begin;
1832 break;
1833 case COAP_ENC_BOOL:
1834 len = (size_t)(end - begin);
1835 if (len == 4 && memcmp("true", begin, len) == 0)
1836 value->u.value_int = 1;
1837 else if (len == 5 && memcmp("false", begin, len) == 0)
1838 value->u.value_int = 0;
1839 else
1840 goto bad_entry;
1841 break;
1842 case COAP_ENC_LAST:
1843 default:
1844 goto bad_entry;
1845 }
1846 return 1;
1847
1848bad_entry:
1849 coap_log_warn("oscore_conf: Unrecognized configuration entry '%.*s'\n",
1850 (int)(end - begin),
1851 begin);
1852 return -1;
1853}
1854
1855#undef CONFIG_ENTRY
1856#define CONFIG_ENTRY(n, e, t) \
1857 { { sizeof(#n)-1, (const uint8_t *)#n }, e, \
1858 offsetof(coap_oscore_conf_t, n), t }
1859
1860typedef struct oscore_text_mapping_t {
1861 coap_str_const_t text;
1862 int value;
1863} oscore_text_mapping_t;
1864
1865/* Naming as per https://www.iana.org/assignments/cose/cose.xhtml#algorithms */
1866static oscore_text_mapping_t text_aead_alg[] = {
1867 TEXT_MAPPING(AES-CCM-16-64-128, COSE_ALGORITHM_AES_CCM_16_64_128),
1868 TEXT_MAPPING(AES-CCM-16-64-256, COSE_ALGORITHM_AES_CCM_16_64_256),
1869 {{0, NULL}, 0}
1870};
1871
1872static oscore_text_mapping_t text_hkdf_alg[] = {
1873 TEXT_MAPPING(direct+HKDF-SHA-256, COSE_HKDF_ALG_HKDF_SHA_256),
1874 {{0, NULL}, 0}
1875};
1876
1877static struct oscore_config_t {
1878 coap_str_const_t str_keyword;
1879 coap_oscore_coding_t encoding;
1880 size_t offset;
1881 oscore_text_mapping_t *text_mapping;
1882} oscore_config[] = {
1883 CONFIG_ENTRY(master_secret, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1884 CONFIG_ENTRY(master_salt, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1885 CONFIG_ENTRY(sender_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1886 CONFIG_ENTRY(id_context, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1887 CONFIG_ENTRY(recipient_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1888 CONFIG_ENTRY(replay_window, COAP_ENC_INTEGER, NULL),
1889 CONFIG_ENTRY(ssn_freq, COAP_ENC_INTEGER, NULL),
1890 CONFIG_ENTRY(aead_alg, COAP_ENC_INTEGER | COAP_ENC_TEXT, text_aead_alg),
1891 CONFIG_ENTRY(hkdf_alg, COAP_ENC_INTEGER | COAP_ENC_TEXT, text_hkdf_alg),
1892 CONFIG_ENTRY(rfc8613_b_1_2, COAP_ENC_BOOL, NULL),
1893 CONFIG_ENTRY(rfc8613_b_2, COAP_ENC_BOOL, NULL),
1894 CONFIG_ENTRY(break_sender_key, COAP_ENC_BOOL, NULL),
1895 CONFIG_ENTRY(break_recipient_key, COAP_ENC_BOOL, NULL),
1896};
1897
1898int
1899coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf) {
1900 uint32_t i;
1901
1902 if (oscore_conf == NULL)
1903 return 0;
1904
1905 coap_delete_bin_const(oscore_conf->master_secret);
1906 coap_delete_bin_const(oscore_conf->master_salt);
1907 coap_delete_bin_const(oscore_conf->id_context);
1908 coap_delete_bin_const(oscore_conf->sender_id);
1909 for (i = 0; i < oscore_conf->recipient_id_count; i++) {
1910 coap_delete_bin_const(oscore_conf->recipient_id[i]);
1911 }
1912 coap_free_type(COAP_STRING, oscore_conf->recipient_id);
1913 coap_free_type(COAP_STRING, oscore_conf);
1914 return 1;
1915}
1916
1917static coap_oscore_conf_t *
1918coap_parse_oscore_conf_mem(coap_str_const_t conf_mem) {
1919 const char *start = (const char *)conf_mem.s;
1920 const char *end = start + conf_mem.length;
1921 coap_str_const_t keyword;
1922 oscore_value_t value;
1923 coap_oscore_conf_t *oscore_conf;
1924 int split_ok = -1;
1925
1926 oscore_conf = coap_malloc_type(COAP_STRING, sizeof(coap_oscore_conf_t));
1927 if (oscore_conf == NULL)
1928 return NULL;
1929 memset(oscore_conf, 0, sizeof(coap_oscore_conf_t));
1930
1931 memset(&value, 0, sizeof(value));
1932 /* Preset with defaults */
1933 oscore_conf->replay_window = COAP_OSCORE_DEFAULT_REPLAY_WINDOW;
1934 oscore_conf->ssn_freq = 1;
1935 oscore_conf->aead_alg = COSE_ALGORITHM_AES_CCM_16_64_128;
1936 oscore_conf->hkdf_alg = COSE_HKDF_ALG_HKDF_SHA_256;
1937 oscore_conf->rfc8613_b_1_2 = 1;
1938 oscore_conf->rfc8613_b_2 = 0;
1939 oscore_conf->break_sender_key = 0;
1940 oscore_conf->break_recipient_key = 0;
1941
1942 while (end > start &&
1943 (split_ok = get_split_entry(&start, end - start, &keyword, &value)) > 0) {
1944 size_t i;
1945 size_t j;
1946
1947 for (i = 0; i < sizeof(oscore_config) / sizeof(oscore_config[0]); i++) {
1948 if (coap_string_equal(&oscore_config[i].str_keyword, &keyword) != 0 &&
1949 value.encoding & oscore_config[i].encoding) {
1950 if (coap_string_equal(coap_make_str_const("recipient_id"), &keyword)) {
1951 if (value.u.value_bin->length > 7) {
1952 coap_log_warn("oscore_conf: Maximum size of recipient_id is 7 bytes\n");
1953 goto error_free_value_bin;
1954 }
1955 /* Special case as there are potentially multiple entries */
1956 oscore_conf->recipient_id =
1957 coap_realloc_type(COAP_STRING,
1958 oscore_conf->recipient_id,
1959 sizeof(oscore_conf->recipient_id[0]) *
1960 (oscore_conf->recipient_id_count + 1));
1961 if (oscore_conf->recipient_id == NULL) {
1962 goto error_free_value_bin;
1963 }
1964 oscore_conf->recipient_id[oscore_conf->recipient_id_count++] =
1965 value.u.value_bin;
1966 } else {
1967 coap_bin_const_t *unused_check;
1968
1969 switch (value.encoding) {
1970 case COAP_ENC_HEX:
1971 case COAP_ENC_ASCII:
1972 memcpy(&unused_check,
1973 &(((char *)oscore_conf)[oscore_config[i].offset]),
1974 sizeof(unused_check));
1975 if (unused_check != NULL) {
1976 coap_log_warn("oscore_conf: Keyword '%.*s' duplicated\n",
1977 (int)keyword.length,
1978 (const char *)keyword.s);
1979 goto error_free_value_bin;
1980 }
1981 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
1982 &value.u.value_bin,
1983 sizeof(value.u.value_bin));
1984 break;
1985 case COAP_ENC_INTEGER:
1986 case COAP_ENC_BOOL:
1987 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
1988 &value.u.value_int,
1989 sizeof(value.u.value_int));
1990 break;
1991 case COAP_ENC_TEXT:
1992 for (j = 0; oscore_config[i].text_mapping[j].text.s != NULL; j++) {
1993 if (coap_string_equal(&value.u.value_str,
1994 &oscore_config[i].text_mapping[j].text)) {
1995 memcpy(&(((char *)oscore_conf)[oscore_config[i].offset]),
1996 &oscore_config[i].text_mapping[j].value,
1997 sizeof(oscore_config[i].text_mapping[j].value));
1998 break;
1999 }
2000 }
2001 if (oscore_config[i].text_mapping[j].text.s == NULL) {
2002 coap_log_warn("oscore_conf: Keyword '%.*s': value '%.*s' unknown\n",
2003 (int)keyword.length,
2004 (const char *)keyword.s,
2005 (int)value.u.value_str.length,
2006 (const char *)value.u.value_str.s);
2007 goto error;
2008 }
2009 break;
2010 case COAP_ENC_LAST:
2011 default:
2012 assert(0);
2013 break;
2014 }
2015 }
2016 break;
2017 }
2018 }
2019 if (i == sizeof(oscore_config) / sizeof(oscore_config[0])) {
2020 coap_log_warn("oscore_conf: Keyword '%.*s', type '%s' unknown\n",
2021 (int)keyword.length,
2022 (const char *)keyword.s,
2023 value.encoding_name);
2024 if (value.encoding == COAP_ENC_HEX || value.encoding == COAP_ENC_ASCII)
2025 coap_delete_bin_const(value.u.value_bin);
2026 goto error;
2027 }
2028 }
2029 if (split_ok == -1)
2030 goto error;
2031 if (!oscore_conf->master_secret) {
2032 coap_log_warn("oscore_conf: master_secret not defined\n");
2033 goto error;
2034 }
2035 if (!oscore_conf->sender_id) {
2036 coap_log_warn("oscore_conf: sender_id not defined\n");
2037 goto error;
2038 }
2039 if (oscore_conf->sender_id->length > 7) {
2040 coap_log_warn("oscore_conf: Maximum size of sender_id is 7 bytes\n");
2041 goto error;
2042 }
2043 if (oscore_conf->recipient_id && oscore_conf->recipient_id[0]->length > 7) {
2044 coap_log_warn("oscore_conf: Maximum size of recipient_id is 7 bytes\n");
2045 goto error;
2046 }
2047 return oscore_conf;
2048
2049error_free_value_bin:
2050 coap_delete_bin_const(value.u.value_bin);
2051error:
2052 coap_delete_oscore_conf(oscore_conf);
2053 return NULL;
2054}
2055
2056static oscore_ctx_t *
2057coap_oscore_init(coap_context_t *c_context, coap_oscore_conf_t *oscore_conf) {
2058 oscore_ctx_t *osc_ctx = NULL;
2059
2060 if (!coap_crypto_check_cipher_alg(oscore_conf->aead_alg)) {
2061 coap_log_warn("COSE: Cipher Algorithm %d not supported\n",
2062 oscore_conf->aead_alg);
2063 goto error;
2064 }
2065 if (!coap_crypto_check_hkdf_alg(oscore_conf->hkdf_alg)) {
2066 coap_log_warn("COSE: HKDF Algorithm %d not supported\n",
2067 oscore_conf->hkdf_alg);
2068 goto error;
2069 }
2070
2071 osc_ctx = oscore_derive_ctx(c_context, oscore_conf);
2072 if (!osc_ctx) {
2073 coap_log_crit("OSCORE: Could not create Security Context!\n");
2074 goto error;
2075 }
2076
2077 /* Free off the recipient_id array */
2078 coap_free_type(COAP_STRING, oscore_conf->recipient_id);
2079 oscore_conf->recipient_id = NULL;
2080
2081 /* As all is stored in osc_ctx, oscore_conf is no longer needed */
2082 coap_free_type(COAP_STRING, oscore_conf);
2083
2084 /* return default first context */
2085 return osc_ctx;
2086
2087error:
2088 /* Remove from linked chain */
2089 oscore_remove_context(c_context, osc_ctx);
2090
2091 coap_delete_oscore_conf(oscore_conf);
2092 return NULL;
2093}
2094
2095void
2096coap_delete_all_oscore(coap_context_t *c_context) {
2097 oscore_free_contexts(c_context);
2098}
2099
2100void
2101coap_delete_oscore_associations(coap_session_t *session) {
2102 oscore_delete_server_associations(session);
2103}
2104
2105coap_oscore_conf_t *
2106coap_new_oscore_conf(coap_str_const_t conf_mem,
2107 coap_oscore_save_seq_num_t save_seq_num_func,
2108 void *save_seq_num_func_param,
2109 uint64_t start_seq_num) {
2110 coap_oscore_conf_t *oscore_conf = coap_parse_oscore_conf_mem(conf_mem);
2111
2112 if (oscore_conf == NULL)
2113 return NULL;
2114
2115 oscore_conf->save_seq_num_func = save_seq_num_func;
2116 oscore_conf->save_seq_num_func_param = save_seq_num_func_param;
2117 oscore_conf->start_seq_num = start_seq_num;
2118 coap_log_oscore("Start Seq no %" PRIu64 "\n", start_seq_num);
2119 return oscore_conf;
2120}
2121
2122/*
2123 * Compute the size of the potential OSCORE overhead
2124 */
2125size_t
2126coap_oscore_overhead(coap_session_t *session, coap_pdu_t *pdu) {
2127 size_t overhead = 0;
2128 oscore_recipient_ctx_t *rcp_ctx = session->recipient_ctx;
2129 oscore_ctx_t *osc_ctx = rcp_ctx ? rcp_ctx->osc_ctx : NULL;
2130 coap_opt_iterator_t opt_iter;
2131 coap_opt_t *option;
2132
2133 if (osc_ctx == NULL)
2134 return 0;
2135
2136 /* Protected code held in inner PDU as token */
2137 overhead += 1;
2138
2139 /* Observe option (creates inner and outer */
2140 option = coap_check_option(pdu, COAP_OPTION_OBSERVE, &opt_iter);
2141 if (option) {
2142 /* Assume delta is small */
2143 overhead += 2 + coap_opt_length(option);
2144 }
2145
2146 /* Proxy URI option Split - covered by coap_rebuild_pdu_for_proxy () */
2147
2148 /* OSCORE option */
2149 /* Option header */
2150 overhead += 1 +
2151 /* Partial IV (64 bits max)*/
2152 8 +
2153 /* kid context */
2154 (osc_ctx->id_context ? osc_ctx->id_context->length : 0) +
2155 /* kid */
2156 osc_ctx->sender_context->sender_id->length;
2157
2158 /* AAD overhead */
2159 overhead += AES_CCM_TAG;
2160
2161 /* End of options marker */
2162 overhead += 1;
2163
2164 return overhead;
2165}
2166
2167COAP_API int
2168coap_new_oscore_recipient(coap_context_t *context,
2169 coap_bin_const_t *recipient_id) {
2170 int ret;
2171
2172 coap_lock_lock(context, return 0);
2173 ret = coap_new_oscore_recipient_lkd(context, recipient_id);
2174 coap_lock_unlock(context);
2175 return ret;
2176}
2177
2178int
2179coap_new_oscore_recipient_lkd(coap_context_t *context,
2180 coap_bin_const_t *recipient_id) {
2181 coap_lock_check_locked(context);
2182 if (context->p_osc_ctx == NULL)
2183 return 0;
2184 if (oscore_add_recipient(context->p_osc_ctx, recipient_id, 0) == NULL)
2185 return 0;
2186 return 1;
2187}
2188
2189COAP_API int
2190coap_delete_oscore_recipient(coap_context_t *context,
2191 coap_bin_const_t *recipient_id) {
2192 int ret;
2193
2194 if (!context || !recipient_id)
2195 return 0;
2196 coap_lock_lock(context, return 0);
2197 ret = coap_delete_oscore_recipient_lkd(context, recipient_id);
2198 coap_lock_unlock(context);
2199 return ret;
2200}
2201
2202int
2203coap_delete_oscore_recipient_lkd(coap_context_t *context,
2204 coap_bin_const_t *recipient_id) {
2205 coap_lock_check_locked(context);
2206 if (context->p_osc_ctx == NULL)
2207 return 0;
2208 return oscore_delete_recipient(context->p_osc_ctx, recipient_id);
2209}
2210
2212
2213#else /* !COAP_OSCORE_SUPPORT */
2214int
2215coap_oscore_is_supported(void) {
2216 return 0;
2217}
2218
2219coap_session_t *
2220coap_new_client_session_oscore(coap_context_t *ctx,
2221 const coap_address_t *local_if,
2222 const coap_address_t *server,
2223 coap_proto_t proto,
2224 coap_oscore_conf_t *oscore_conf) {
2225 (void)ctx;
2226 (void)local_if;
2227 (void)server;
2228 (void)proto;
2229 (void)oscore_conf;
2230 return NULL;
2231}
2232
2233coap_session_t *
2234coap_new_client_session_oscore_psk(coap_context_t *ctx,
2235 const coap_address_t *local_if,
2236 const coap_address_t *server,
2237 coap_proto_t proto,
2238 coap_dtls_cpsk_t *psk_data,
2239 coap_oscore_conf_t *oscore_conf) {
2240 (void)ctx;
2241 (void)local_if;
2242 (void)server;
2243 (void)proto;
2244 (void)psk_data;
2245 (void)oscore_conf;
2246 return NULL;
2247}
2248
2249coap_session_t *
2250coap_new_client_session_oscore_pki(coap_context_t *ctx,
2251 const coap_address_t *local_if,
2252 const coap_address_t *server,
2253 coap_proto_t proto,
2254 coap_dtls_pki_t *pki_data,
2255 coap_oscore_conf_t *oscore_conf) {
2256 (void)ctx;
2257 (void)local_if;
2258 (void)server;
2259 (void)proto;
2260 (void)pki_data;
2261 (void)oscore_conf;
2262 return NULL;
2263}
2264
2265int
2266coap_context_oscore_server(coap_context_t *context,
2267 coap_oscore_conf_t *oscore_conf) {
2268 (void)context;
2269 (void)oscore_conf;
2270 return 0;
2271}
2272
2273coap_oscore_conf_t *
2274coap_new_oscore_conf(coap_str_const_t conf_mem,
2275 coap_oscore_save_seq_num_t save_seq_num_func,
2276 void *save_seq_num_func_param,
2277 uint64_t start_seq_num) {
2278 (void)conf_mem;
2279 (void)save_seq_num_func;
2280 (void)save_seq_num_func_param;
2281 (void)start_seq_num;
2282 return NULL;
2283}
2284
2285int
2286coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf) {
2287 (void)oscore_conf;
2288 return 0;
2289}
2290
2291int
2292coap_new_oscore_recipient(coap_context_t *context,
2293 coap_bin_const_t *recipient_id) {
2294 (void)context;
2295 (void)recipient_id;
2296 return 0;
2297}
2298
2299int
2300coap_delete_oscore_recipient(coap_context_t *context,
2301 coap_bin_const_t *recipient_id) {
2302 (void)context;
2303 (void)recipient_id;
2304 return 0;
2305}
2306
2307#endif /* !COAP_OSCORE_SUPPORT */
PRIu64
#define PRIu64
Definition coap_internal.h:51
coap_libcoap_build.h
Library specific build wrapper for coap_internal.h.
COAP_API
#define COAP_API
Definition coap_libcoap_build.h:41
COAP_OSCORE_BUF
@ COAP_OSCORE_BUF
Definition coap_mem.h:66
COAP_STRING
@ COAP_STRING
Definition coap_mem.h:39
coap_realloc_type
void * coap_realloc_type(coap_memory_tag_t type, void *p, size_t size)
Reallocates a chunk p of bytes created by coap_malloc_type() or coap_realloc_type() and returns a poi...
coap_malloc_type
void * coap_malloc_type(coap_memory_tag_t type, size_t size)
Allocates a chunk of size bytes and returns a pointer to the newly allocated memory.
coap_free_type
void coap_free_type(coap_memory_tag_t type, void *p)
Releases the memory that was allocated by coap_malloc_type().
coap_opt_t
uint8_t coap_opt_t
Use byte-oriented access methods here because sliding a complex struct coap_opt_t over the data buffe...
Definition coap_option.h:26
coap_uri_scheme_is_secure
static int coap_uri_scheme_is_secure(const coap_uri_t *uri)
Definition coap_uri.h:81
COAP_URI_SCHEME_LAST
@ COAP_URI_SCHEME_LAST
Definition coap_uri.h:37
coap_send_ack_lkd
coap_mid_t coap_send_ack_lkd(coap_session_t *session, const coap_pdu_t *request)
Sends an ACK message with code 0 for the specified request to dst.
Definition coap_net.c:984
coap_retransmit_oscore_pdu
coap_mid_t coap_retransmit_oscore_pdu(coap_session_t *session, coap_pdu_t *pdu, coap_opt_t *echo)
coap_prng_lkd
int coap_prng_lkd(void *buf, size_t len)
Fills buf with len random bytes using the default pseudo random number generator.
Definition coap_prng.c:178
coap_handle_event_lkd
int coap_handle_event_lkd(coap_context_t *context, coap_event_t event, coap_session_t *session)
Invokes the event handler of context for the given event and data.
Definition coap_net.c:4378
coap_new_message_id_lkd
uint16_t coap_new_message_id_lkd(coap_session_t *session)
Returns a new message id and updates session->tx_mid accordingly.
Definition coap_session.c:1914
coap_send_internal
coap_mid_t coap_send_internal(coap_session_t *session, coap_pdu_t *pdu)
Sends a CoAP message to given peer.
Definition coap_net.c:1677
coap_cancel_all_messages
void coap_cancel_all_messages(coap_context_t *context, coap_session_t *session, coap_bin_const_t *token)
Cancels all outstanding messages for session session that have the specified token.
Definition coap_net.c:2620
COAP_OSCORE_DEFAULT_REPLAY_WINDOW
#define COAP_OSCORE_DEFAULT_REPLAY_WINDOW
Definition coap_crypto_internal.h:38
coap_crypto_check_hkdf_alg
int coap_crypto_check_hkdf_alg(cose_hkdf_alg_t hkdf_alg)
Check whether the defined hkdf algorithm is supported by the underlying crypto library.
coap_crypto_check_cipher_alg
int coap_crypto_check_cipher_alg(cose_alg_t alg)
Check whether the defined cipher algorithm is supported by the underlying crypto library.
coap_encode_var_safe
unsigned int coap_encode_var_safe(uint8_t *buf, size_t length, unsigned int val)
Encodes multiple-length byte sequences.
Definition coap_encode.c:47
coap_decode_var_bytes
unsigned int coap_decode_var_bytes(const uint8_t *buf, size_t len)
Decodes multiple-length byte sequences.
Definition coap_encode.c:38
coap_decode_var_bytes8
uint64_t coap_decode_var_bytes8(const uint8_t *buf, size_t len)
Decodes multiple-length byte sequences.
Definition coap_encode.c:67
coap_encode_var_safe8
unsigned int coap_encode_var_safe8(uint8_t *buf, size_t length, uint64_t val)
Encodes multiple-length byte sequences.
Definition coap_encode.c:77
COAP_EVENT_OSCORE_DECODE_ERROR
@ COAP_EVENT_OSCORE_DECODE_ERROR
Triggered when there is an OSCORE decode of OSCORE option failure.
Definition coap_event.h:118
COAP_EVENT_OSCORE_INTERNAL_ERROR
@ COAP_EVENT_OSCORE_INTERNAL_ERROR
Triggered when there is an OSCORE internal error i.e malloc failed.
Definition coap_event.h:116
COAP_EVENT_OSCORE_NOT_ENABLED
@ COAP_EVENT_OSCORE_NOT_ENABLED
Triggered when trying to use OSCORE to decrypt, but it is not enabled.
Definition coap_event.h:110
COAP_EVENT_OSCORE_NO_SECURITY
@ COAP_EVENT_OSCORE_NO_SECURITY
Triggered when there is no OSCORE security definition found.
Definition coap_event.h:114
COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD
@ COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD
Triggered when there is no OSCORE encrypted payload provided.
Definition coap_event.h:112
COAP_EVENT_OSCORE_DECRYPTION_FAILURE
@ COAP_EVENT_OSCORE_DECRYPTION_FAILURE
Triggered when there is an OSCORE decryption failure.
Definition coap_event.h:108
coap_lock_unlock
#define coap_lock_unlock(c)
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:623
coap_lock_lock
#define coap_lock_lock(c, failed)
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:591
coap_lock_check_locked
#define coap_lock_check_locked(c)
Dummy for no thread-safe code.
Definition coap_threadsafe_internal.h:649
coap_log_debug
#define coap_log_debug(...)
Definition coap_debug.h:120
coap_get_log_level
coap_log_t coap_get_log_level(void)
Get the current logging level.
Definition coap_debug.c:95
coap_show_pdu
void coap_show_pdu(coap_log_t level, const coap_pdu_t *pdu)
Display the contents of the specified pdu.
Definition coap_debug.c:778
coap_log_oscore
#define coap_log_oscore(...)
Definition coap_debug.h:126
coap_log_warn
#define coap_log_warn(...)
Definition coap_debug.h:102
coap_log_crit
#define coap_log_crit(...)
Definition coap_debug.h:90
COAP_LOG_OSCORE
@ COAP_LOG_OSCORE
Definition coap_debug.h:59
COAP_LOG_DEBUG
@ COAP_LOG_DEBUG
Definition coap_debug.h:58
coap_option_next
coap_opt_t * coap_option_next(coap_opt_iterator_t *oi)
Updates the iterator oi to point to the next option.
Definition coap_option.c:153
coap_opt_length
uint32_t coap_opt_length(const coap_opt_t *opt)
Returns the length of the given option.
Definition coap_option.c:212
coap_option_iterator_init
coap_opt_iterator_t * coap_option_iterator_init(const coap_pdu_t *pdu, coap_opt_iterator_t *oi, const coap_opt_filter_t *filter)
Initializes the given option iterator oi to point to the beginning of the pdu's option list.
Definition coap_option.c:117
coap_delete_optlist
void coap_delete_optlist(coap_optlist_t *queue)
Removes all entries from the optlist_chain, freeing off their memory usage.
Definition coap_option.c:592
COAP_OPT_ALL
#define COAP_OPT_ALL
Pre-defined filter that includes all options.
Definition coap_option.h:108
coap_add_optlist_pdu
int coap_add_optlist_pdu(coap_pdu_t *pdu, coap_optlist_t **options)
The current optlist of optlist_chain is first sorted (as per RFC7272 ordering requirements) and then ...
Definition coap_option.c:551
coap_check_option
coap_opt_t * coap_check_option(const coap_pdu_t *pdu, coap_option_num_t number, coap_opt_iterator_t *oi)
Retrieves the first option of number number from pdu.
Definition coap_option.c:199
coap_opt_value
const uint8_t * coap_opt_value(const coap_opt_t *opt)
Returns a pointer to the value of the given option.
Definition coap_option.c:249
oscore_cbor_get_element_size
size_t oscore_cbor_get_element_size(const uint8_t **buffer, size_t *buf_len)
Definition oscore_cbor.c:257
cose_encrypt0_set_plaintext
void cose_encrypt0_set_plaintext(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size)
Definition oscore_cose.c:315
cose_encrypt0_set_key
int cose_encrypt0_set_key(cose_encrypt0_t *ptr, coap_bin_const_t *key)
Definition oscore_cose.c:401
cose_encrypt0_set_kid_context
void cose_encrypt0_set_kid_context(cose_encrypt0_t *ptr, coap_bin_const_t *kid_context)
Definition oscore_cose.c:368
cose_get_alg_name
const char * cose_get_alg_name(cose_alg_t id, char *buffer, size_t buflen)
Definition oscore_cose.c:120
cose_encrypt0_set_ciphertext
void cose_encrypt0_set_ciphertext(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size)
Definition oscore_cose.c:307
cose_encrypt0_decrypt
int cose_encrypt0_decrypt(cose_encrypt0_t *ptr, uint8_t *plaintext_buffer, size_t plaintext_len)
Definition oscore_cose.c:460
cose_tag_len
size_t cose_tag_len(cose_alg_t cose_alg)
Definition oscore_cose.c:196
cose_encrypt0_set_aad
void cose_encrypt0_set_aad(cose_encrypt0_t *ptr, coap_bin_const_t *aad)
Definition oscore_cose.c:390
cose_encrypt0_encrypt
int cose_encrypt0_encrypt(cose_encrypt0_t *ptr, uint8_t *ciphertext_buffer, size_t ciphertext_len)
Definition oscore_cose.c:421
cose_encrypt0_set_partial_iv
void cose_encrypt0_set_partial_iv(cose_encrypt0_t *ptr, coap_bin_const_t *partial_iv)
Definition oscore_cose.c:325
cose_encrypt0_set_external_aad
void cose_encrypt0_set_external_aad(cose_encrypt0_t *ptr, coap_bin_const_t *external_aad)
Definition oscore_cose.c:379
cose_encrypt0_init
void cose_encrypt0_init(cose_encrypt0_t *ptr)
Definition oscore_cose.c:297
cose_encrypt0_set_alg
void cose_encrypt0_set_alg(cose_encrypt0_t *ptr, uint8_t alg)
Definition oscore_cose.c:302
cose_encrypt0_set_key_id
void cose_encrypt0_set_key_id(cose_encrypt0_t *ptr, coap_bin_const_t *key_id)
Definition oscore_cose.c:346
cose_encrypt0_set_nonce
void cose_encrypt0_set_nonce(cose_encrypt0_t *ptr, coap_bin_const_t *nonce)
Definition oscore_cose.c:411
COSE_HKDF_ALG_HKDF_SHA_256
@ COSE_HKDF_ALG_HKDF_SHA_256
Definition oscore_cose.h:167
COSE_ALGORITHM_AES_CCM_16_64_128
@ COSE_ALGORITHM_AES_CCM_16_64_128
Definition oscore_cose.h:145
COSE_ALGORITHM_AES_CCM_16_64_256
@ COSE_ALGORITHM_AES_CCM_16_64_256
Definition oscore_cose.h:146
coap_new_client_session_oscore_psk_lkd
coap_session_t * coap_new_client_session_oscore_psk_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PSK credentials as well as protecting the ...
oscore_prepare_aad
size_t oscore_prepare_aad(const uint8_t *external_aad_buffer, size_t external_aad_len, uint8_t *aad_buffer, size_t aad_size)
Definition oscore.c:312
oscore_encode_option_value
size_t oscore_encode_option_value(uint8_t *option_buffer, size_t option_buf_len, cose_encrypt0_t *cose, uint8_t group_flag, uint8_t appendix_b_2)
Definition oscore.c:170
coap_delete_oscore_recipient_lkd
int coap_delete_oscore_recipient_lkd(coap_context_t *context, coap_bin_const_t *recipient_id)
Release all the information associated for the specific Recipient ID (and hence and stop any further ...
oscore_delete_association
int oscore_delete_association(coap_session_t *session, oscore_association_t *association)
Definition oscore_context.c:757
oscore_validate_sender_seq
uint8_t oscore_validate_sender_seq(oscore_recipient_ctx_t *ctx, cose_encrypt0_t *cose)
Definition oscore.c:389
oscore_add_recipient
oscore_recipient_ctx_t * oscore_add_recipient(oscore_ctx_t *osc_ctx, coap_bin_const_t *rid, uint32_t break_key)
oscore_add_recipient - add in recipient information
Definition oscore_context.c:600
OSCORE_SEQ_MAX
#define OSCORE_SEQ_MAX
Definition oscore_context.h:72
AES_CCM_TAG
#define AES_CCM_TAG
Definition oscore_crypto.h:61
oscore_decode_option_value
int oscore_decode_option_value(const uint8_t *opt_value, size_t option_len, cose_encrypt0_t *cose)
Definition oscore.c:246
coap_oscore_new_pdu_encrypted_lkd
coap_pdu_t * coap_oscore_new_pdu_encrypted_lkd(coap_session_t *session, coap_pdu_t *pdu, coap_bin_const_t *kid_context, oscore_partial_iv_t send_partial_iv)
Encrypts the specified pdu when OSCORE encryption is required on session.
coap_new_client_session_oscore_lkd
coap_session_t * coap_new_client_session_oscore_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server, protecting the data using OSCORE.
oscore_delete_recipient
int oscore_delete_recipient(oscore_ctx_t *osc_ctx, coap_bin_const_t *rid)
Definition oscore_context.c:654
oscore_increment_sender_seq
uint8_t oscore_increment_sender_seq(oscore_ctx_t *ctx)
Definition oscore.c:457
oscore_update_ctx
void oscore_update_ctx(oscore_ctx_t *osc_ctx, coap_bin_const_t *id_context)
oscore_update_ctx - update a osc_ctx with a new id_context
Definition oscore_context.c:387
oscore_derive_ctx
oscore_ctx_t * oscore_derive_ctx(coap_context_t *c_context, coap_oscore_conf_t *oscore_conf)
oscore_derive_ctx - derive a osc_ctx from oscore_conf information
Definition oscore_context.c:513
coap_oscore_new_pdu_encrypted
COAP_API coap_pdu_t * coap_oscore_new_pdu_encrypted(coap_session_t *session, coap_pdu_t *pdu, coap_bin_const_t *kid_context, oscore_partial_iv_t send_partial_iv)
Encrypts the specified pdu when OSCORE encryption is required on session.
oscore_roll_back_seq
void oscore_roll_back_seq(oscore_recipient_ctx_t *ctx)
Definition oscore.c:474
oscore_new_association
int oscore_new_association(coap_session_t *session, coap_pdu_t *sent_pdu, coap_bin_const_t *token, oscore_recipient_ctx_t *recipient_ctx, coap_bin_const_t *aad, coap_bin_const_t *nonce, coap_bin_const_t *partial_iv, int is_observe)
Definition oscore_context.c:687
oscore_prepare_e_aad
size_t oscore_prepare_e_aad(oscore_ctx_t *ctx, cose_encrypt0_t *cose, const uint8_t *oscore_option, size_t oscore_option_len, coap_bin_const_t *sender_public_key, uint8_t *external_aad_ptr, size_t external_aad_size)
Definition oscore.c:119
oscore_delete_server_associations
void oscore_delete_server_associations(coap_session_t *session)
Definition oscore_context.c:768
oscore_log_char_value
void oscore_log_char_value(coap_log_t level, const char *name, const char *value)
Definition oscore_context.c:268
coap_oscore_decrypt_pdu
struct coap_pdu_t * coap_oscore_decrypt_pdu(coap_session_t *session, coap_pdu_t *pdu)
Decrypts the OSCORE-encrypted parts of pdu when OSCORE is used.
coap_rebuild_pdu_for_proxy
int coap_rebuild_pdu_for_proxy(coap_pdu_t *pdu)
Convert PDU to use Proxy-Scheme option if Proxy-Uri option is present.
oscore_free_contexts
void oscore_free_contexts(coap_context_t *c_context)
Definition oscore_context.c:149
oscore_log_hex_value
void oscore_log_hex_value(coap_log_t level, const char *name, coap_bin_const_t *value)
Definition oscore_context.c:235
coap_delete_oscore_associations
void coap_delete_oscore_associations(coap_session_t *session)
Cleanup all allocated OSCORE association information.
coap_oscore_initiate
int coap_oscore_initiate(coap_session_t *session, coap_oscore_conf_t *oscore_conf)
Initiate an OSCORE session.
coap_new_oscore_recipient_lkd
int coap_new_oscore_recipient_lkd(coap_context_t *context, coap_bin_const_t *recipient_id)
Add in the specific Recipient ID into the OSCORE context (server only).
oscore_duplicate_ctx
oscore_ctx_t * oscore_duplicate_ctx(coap_context_t *c_context, oscore_ctx_t *o_osc_ctx, coap_bin_const_t *sender_id, coap_bin_const_t *recipient_id, coap_bin_const_t *id_context)
oscore_duplicate_ctx - duplicate a osc_ctx
Definition oscore_context.c:429
oscore_partial_iv_t
oscore_partial_iv_t
Definition coap_oscore_internal.h:63
coap_delete_all_oscore
void coap_delete_all_oscore(coap_context_t *context)
Cleanup all allocated OSCORE information.
oscore_generate_nonce
void oscore_generate_nonce(cose_encrypt0_t *ptr, oscore_ctx_t *ctx, uint8_t *buffer, uint8_t size)
Definition oscore.c:344
oscore_remove_context
int oscore_remove_context(coap_context_t *c_context, oscore_ctx_t *osc_ctx)
Definition oscore_context.c:160
oscore_find_association
oscore_association_t * oscore_find_association(coap_session_t *session, coap_bin_const_t *token)
Definition oscore_context.c:749
coap_context_oscore_server_lkd
int coap_context_oscore_server_lkd(coap_context_t *context, coap_oscore_conf_t *oscore_conf)
Set the context's default OSCORE configuration for a server.
oscore_find_context
oscore_ctx_t * oscore_find_context(const coap_context_t *c_context, const coap_bin_const_t rcpkey_id, const coap_bin_const_t *ctxkey_id, uint8_t *oscore_r2, oscore_recipient_ctx_t **recipient_ctx)
oscore_find_context - Locate recipient context (and hence OSCORE context)
Definition oscore_context.c:185
coap_new_client_session_oscore_pki_lkd
coap_session_t * coap_new_client_session_oscore_pki_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PKI credentials as well as protecting the ...
coap_oscore_overhead
size_t coap_oscore_overhead(coap_session_t *session, coap_pdu_t *pdu)
Determine the additional data size requirements for adding in OSCORE.
OSCORE_MODE_SINGLE
@ OSCORE_MODE_SINGLE
Vanilla RFC8613 support.
Definition oscore_context.h:75
OSCORE_SEND_PARTIAL_IV
@ OSCORE_SEND_PARTIAL_IV
Send partial IV with encrypted PDU.
Definition coap_oscore_internal.h:65
OSCORE_SEND_NO_IV
@ OSCORE_SEND_NO_IV
Do not send partial IV unless added by a response.
Definition coap_oscore_internal.h:64
coap_new_oscore_conf
coap_oscore_conf_t * coap_new_oscore_conf(coap_str_const_t conf_mem, coap_oscore_save_seq_num_t save_seq_num_func, void *save_seq_num_func_param, uint64_t start_seq_num)
Parse an OSCORE configuration (held in memory) and populate a OSCORE configuration structure.
Definition coap_oscore.c:2274
coap_new_client_session_oscore_psk
coap_session_t * coap_new_client_session_oscore_psk(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PSK credentials as well as protecting the ...
Definition coap_oscore.c:2234
coap_delete_oscore_conf
int coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf)
Release all the information associated with the OSCORE configuration.
Definition coap_oscore.c:2286
coap_new_client_session_oscore
coap_session_t * coap_new_client_session_oscore(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server, protecting the data using OSCORE.
Definition coap_oscore.c:2220
coap_context_oscore_server
int coap_context_oscore_server(coap_context_t *context, coap_oscore_conf_t *oscore_conf)
Set the context's default OSCORE configuration for a server.
Definition coap_oscore.c:2266
coap_new_client_session_oscore_pki
coap_session_t * coap_new_client_session_oscore_pki(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PKI credentials as well as protecting the ...
Definition coap_oscore.c:2250
coap_new_oscore_recipient
int coap_new_oscore_recipient(coap_context_t *context, coap_bin_const_t *recipient_id)
Add in the specific Recipient ID into the OSCORE context (server only).
Definition coap_oscore.c:2292
coap_oscore_save_seq_num_t
int(* coap_oscore_save_seq_num_t)(uint64_t sender_seq_num, void *param)
Definition of the function used to save the current Sender Sequence Number.
Definition coap_oscore.h:130
coap_delete_oscore_recipient
int coap_delete_oscore_recipient(coap_context_t *context, coap_bin_const_t *recipient_id)
Release all the information associated for the specific Recipient ID (and hence and stop any further ...
Definition coap_oscore.c:2300
coap_delete_pdu_lkd
void coap_delete_pdu_lkd(coap_pdu_t *pdu)
Dispose of an CoAP PDU and free off associated storage.
Definition coap_pdu.c:188
coap_insert_option
size_t coap_insert_option(coap_pdu_t *pdu, coap_option_num_t number, size_t len, const uint8_t *data)
Inserts option of given number in the pdu with the appropriate data.
Definition coap_pdu.c:626
coap_remove_option
int coap_remove_option(coap_pdu_t *pdu, coap_option_num_t number)
Removes (first) option of given number from the pdu.
Definition coap_pdu.c:489
COAP_PDU_IS_PING
#define COAP_PDU_IS_PING(pdu)
Definition coap_pdu_internal.h:106
coap_pdu_encode_header
size_t coap_pdu_encode_header(coap_pdu_t *pdu, coap_proto_t proto)
Compose the protocol specific header for the specified PDU.
Definition coap_pdu.c:1490
coap_pdu_duplicate_lkd
coap_pdu_t * coap_pdu_duplicate_lkd(const coap_pdu_t *old_pdu, coap_session_t *session, size_t token_length, const uint8_t *token, coap_opt_filter_t *drop_options)
Duplicate an existing PDU.
Definition coap_pdu.c:228
COAP_PAYLOAD_START
#define COAP_PAYLOAD_START
Definition coap_pdu_internal.h:99
coap_pdu_resize
int coap_pdu_resize(coap_pdu_t *pdu, size_t new_size)
Dynamically grows the size of pdu to new_size.
Definition coap_pdu.c:295
COAP_PDU_IS_REQUEST
#define COAP_PDU_IS_REQUEST(pdu)
Definition coap_pdu_internal.h:102
coap_add_option_internal
size_t coap_add_option_internal(coap_pdu_t *pdu, coap_option_num_t number, size_t len, const uint8_t *data)
Adds option of given number to pdu that is passed as first parameter.
Definition coap_pdu.c:781
COAP_OPTION_HOP_LIMIT
#define COAP_OPTION_HOP_LIMIT
Definition coap_pdu.h:133
COAP_OPTION_NORESPONSE
#define COAP_OPTION_NORESPONSE
Definition coap_pdu.h:145
COAP_OPTION_URI_HOST
#define COAP_OPTION_URI_HOST
Definition coap_pdu.h:120
COAP_OPTION_IF_MATCH
#define COAP_OPTION_IF_MATCH
Definition coap_pdu.h:119
COAP_OPTION_BLOCK2
#define COAP_OPTION_BLOCK2
Definition coap_pdu.h:137
COAP_OPTION_CONTENT_FORMAT
#define COAP_OPTION_CONTENT_FORMAT
Definition coap_pdu.h:128
COAP_OPTION_SIZE2
#define COAP_OPTION_SIZE2
Definition coap_pdu.h:139
COAP_OPTION_BLOCK1
#define COAP_OPTION_BLOCK1
Definition coap_pdu.h:138
COAP_OPTION_PROXY_SCHEME
#define COAP_OPTION_PROXY_SCHEME
Definition coap_pdu.h:142
COAP_DEFAULT_PORT
#define COAP_DEFAULT_PORT
Definition coap_pdu.h:37
COAP_OPTION_URI_QUERY
#define COAP_OPTION_URI_QUERY
Definition coap_pdu.h:132
COAP_OPTION_IF_NONE_MATCH
#define COAP_OPTION_IF_NONE_MATCH
Definition coap_pdu.h:122
COAP_OPTION_LOCATION_PATH
#define COAP_OPTION_LOCATION_PATH
Definition coap_pdu.h:125
COAP_OPTION_URI_PATH
#define COAP_OPTION_URI_PATH
Definition coap_pdu.h:127
COAP_RESPONSE_CODE
#define COAP_RESPONSE_CODE(N)
Definition coap_pdu.h:160
COAP_RESPONSE_CLASS
#define COAP_RESPONSE_CLASS(C)
Definition coap_pdu.h:163
coap_proto_t
coap_proto_t
CoAP protocol types Note: coap_layers_coap[] needs updating if extended.
Definition coap_pdu.h:313
coap_pdu_code_t
coap_pdu_code_t
Set of codes available for a PDU.
Definition coap_pdu.h:327
COAP_OPTION_OSCORE
#define COAP_OPTION_OSCORE
Definition coap_pdu.h:126
COAP_OPTION_SIZE1
#define COAP_OPTION_SIZE1
Definition coap_pdu.h:143
coap_add_token
int coap_add_token(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Adds token of length len to pdu.
Definition coap_pdu.c:356
COAP_OPTION_LOCATION_QUERY
#define COAP_OPTION_LOCATION_QUERY
Definition coap_pdu.h:136
COAPS_DEFAULT_PORT
#define COAPS_DEFAULT_PORT
Definition coap_pdu.h:38
coap_get_data
int coap_get_data(const coap_pdu_t *pdu, size_t *len, const uint8_t **data)
Retrieves the length and data pointer of specified PDU.
Definition coap_pdu.c:877
COAP_OPTION_RTAG
#define COAP_OPTION_RTAG
Definition coap_pdu.h:146
COAP_OPTION_URI_PORT
#define COAP_OPTION_URI_PORT
Definition coap_pdu.h:124
coap_pdu_init
coap_pdu_t * coap_pdu_init(coap_pdu_type_t type, coap_pdu_code_t code, coap_mid_t mid, size_t size)
Creates a new CoAP PDU with at least enough storage space for the given size maximum message size.
Definition coap_pdu.c:99
COAP_OPTION_ACCEPT
#define COAP_OPTION_ACCEPT
Definition coap_pdu.h:134
COAP_INVALID_MID
#define COAP_INVALID_MID
Indicates an invalid message id.
Definition coap_pdu.h:266
COAP_OPTION_MAXAGE
#define COAP_OPTION_MAXAGE
Definition coap_pdu.h:131
COAP_OPTION_ETAG
#define COAP_OPTION_ETAG
Definition coap_pdu.h:121
COAP_OPTION_PROXY_URI
#define COAP_OPTION_PROXY_URI
Definition coap_pdu.h:141
COAP_OPTION_OBSERVE
#define COAP_OPTION_OBSERVE
Definition coap_pdu.h:123
COAP_OPTION_ECHO
#define COAP_OPTION_ECHO
Definition coap_pdu.h:144
coap_add_data
int coap_add_data(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Adds given data to the pdu that is passed as first parameter.
Definition coap_pdu.c:846
coap_pdu_get_token
coap_bin_const_t coap_pdu_get_token(const coap_pdu_t *pdu)
Gets the token associated with pdu.
Definition coap_pdu.c:1610
COAP_REQUEST_CODE_POST
@ COAP_REQUEST_CODE_POST
Definition coap_pdu.h:331
COAP_REQUEST_CODE_FETCH
@ COAP_REQUEST_CODE_FETCH
Definition coap_pdu.h:334
COAP_MESSAGE_NON
@ COAP_MESSAGE_NON
Definition coap_pdu.h:70
COAP_MESSAGE_ACK
@ COAP_MESSAGE_ACK
Definition coap_pdu.h:71
COAP_MESSAGE_CON
@ COAP_MESSAGE_CON
Definition coap_pdu.h:69
coap_new_client_session_psk2_lkd
coap_session_t * coap_new_client_session_psk2_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *setup_data)
Creates a new client session to the designated server with PSK credentials.
coap_new_client_session_pki_lkd
coap_session_t * coap_new_client_session_pki_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *setup_data)
Creates a new client session to the designated server with PKI credentials.
coap_new_client_session_lkd
coap_session_t * coap_new_client_session_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto)
Creates a new client session to the designated server.
coap_session_release_lkd
void coap_session_release_lkd(coap_session_t *session)
Decrement reference counter on a session.
Definition coap_session.c:376
COAP_OSCORE_B_2_NONE
@ COAP_OSCORE_B_2_NONE
Definition coap_session_internal.h:47
COAP_OSCORE_B_2_STEP_3
@ COAP_OSCORE_B_2_STEP_3
Definition coap_session_internal.h:50
COAP_OSCORE_B_2_STEP_1
@ COAP_OSCORE_B_2_STEP_1
Definition coap_session_internal.h:48
COAP_OSCORE_B_2_STEP_4
@ COAP_OSCORE_B_2_STEP_4
Definition coap_session_internal.h:51
COAP_OSCORE_B_2_STEP_5
@ COAP_OSCORE_B_2_STEP_5
Definition coap_session_internal.h:52
COAP_OSCORE_B_2_STEP_2
@ COAP_OSCORE_B_2_STEP_2
Definition coap_session_internal.h:49
COAP_PROTO_NOT_RELIABLE
#define COAP_PROTO_NOT_RELIABLE(p)
Definition coap_session.h:37
coap_delete_bin_const
void coap_delete_bin_const(coap_bin_const_t *s)
Deletes the given const binary data and releases any memory allocated.
Definition coap_str.c:121
coap_new_binary
coap_binary_t * coap_new_binary(size_t size)
Returns a new binary object with at least size bytes storage allocated.
Definition coap_str.c:77
coap_make_str_const
coap_str_const_t * coap_make_str_const(const char *string)
Take the specified byte array (text) and create a coap_str_const_t *.
Definition coap_str.c:66
coap_new_bin_const
coap_bin_const_t * coap_new_bin_const(const uint8_t *data, size_t size)
Take the specified byte array (text) and create a coap_bin_const_t * Returns a new const binary objec...
Definition coap_str.c:110
coap_str_const_t
struct coap_str_const_t coap_str_const_t
CoAP string data definition with const data.
coap_delete_binary
void coap_delete_binary(coap_binary_t *s)
Deletes the given coap_binary_t object and releases any memory allocated.
Definition coap_str.c:105
coap_binary_equal
#define coap_binary_equal(binary1, binary2)
Compares the two binary data for equality.
Definition coap_str.h:211
coap_string_equal
#define coap_string_equal(string1, string2)
Compares the two strings for equality.
Definition coap_str.h:197
coap_oscore_is_supported
int coap_oscore_is_supported(void)
Check whether OSCORE is available.
Definition coap_oscore.c:2215
coap_query_into_optlist
int coap_query_into_optlist(const uint8_t *s, size_t length, coap_option_num_t optnum, coap_optlist_t **optlist_chain)
Splits the given URI query into '&' separate segments, and then adds the Uri-Query / Location-Query o...
Definition coap_uri.c:845
coap_path_into_optlist
int coap_path_into_optlist(const uint8_t *s, size_t length, coap_option_num_t optnum, coap_optlist_t **optlist_chain)
Splits the given URI path into '/' separate segments, and then adds the Uri-Path / Location-Path opti...
Definition coap_uri.c:755
coap_split_proxy_uri
int coap_split_proxy_uri(const uint8_t *str_var, size_t len, coap_uri_t *uri)
Parses a given string into URI components.
Definition coap_uri.c:299
coap_uri_scheme
coap_uri_info_t coap_uri_scheme[COAP_URI_SCHEME_LAST]
Definition coap_uri.c:56
coap_address_t
Multi-purpose address abstraction.
Definition coap_address.h:148
coap_bin_const_t
CoAP binary data definition with const data.
Definition coap_str.h:64
coap_bin_const_t::length
size_t length
length of binary data
Definition coap_str.h:65
coap_bin_const_t::s
const uint8_t * s
read-only binary data
Definition coap_str.h:66
coap_binary_t
CoAP binary data definition.
Definition coap_str.h:56
coap_binary_t::length
size_t length
length of binary data
Definition coap_str.h:57
coap_binary_t::s
uint8_t * s
binary data
Definition coap_str.h:58
coap_context_t
The CoAP stack's global state is stored in a coap_context_t object.
Definition coap_net_internal.h:50
coap_dtls_cpsk_t
The structure used for defining the Client PSK setup data to be used.
Definition coap_dtls.h:410
coap_dtls_pki_t
The structure used for defining the PKI setup data to be used.
Definition coap_dtls.h:312
coap_opt_iterator_t
Iterator to run through PDU options.
Definition coap_option.h:168
coap_opt_iterator_t::next_option
coap_opt_t * next_option
pointer to the unparsed next option
Definition coap_option.h:173
coap_opt_iterator_t::length
size_t length
remaining length of PDU
Definition coap_option.h:169
coap_opt_iterator_t::number
coap_option_num_t number
decoded option number
Definition coap_option.h:170
coap_optlist_t
Representation of chained list of CoAP options to install.
Definition coap_option.h:325
coap_oscore_conf_t
The structure used to hold the OSCORE configuration information.
Definition coap_oscore_internal.h:36
coap_oscore_conf_t::save_seq_num_func_param
void * save_seq_num_func_param
Passed to save_seq_num_func().
Definition coap_oscore_internal.h:59
coap_oscore_conf_t::rfc8613_b_2
uint32_t rfc8613_b_2
1 if rfc8613 B.2 protocol else 0
Definition coap_oscore_internal.h:50
coap_oscore_conf_t::hkdf_alg
cose_hkdf_alg_t hkdf_alg
Set to one of COSE_HKDF_ALG_*.
Definition coap_oscore_internal.h:48
coap_oscore_conf_t::break_sender_key
uint32_t break_sender_key
1 if sender key to be broken, else 0
Definition coap_oscore_internal.h:53
coap_oscore_conf_t::ssn_freq
uint32_t ssn_freq
Sender Seq Num update frequency.
Definition coap_oscore_internal.h:46
coap_oscore_conf_t::save_seq_num_func
coap_oscore_save_seq_num_t save_seq_num_func
Called every seq num change.
Definition coap_oscore_internal.h:57
coap_oscore_conf_t::rfc8613_b_1_2
uint32_t rfc8613_b_1_2
1 if rfc8613 B.1.2 enabled else 0
Definition coap_oscore_internal.h:49
coap_oscore_conf_t::start_seq_num
uint64_t start_seq_num
Used for ssn_freq updating.
Definition coap_oscore_internal.h:60
coap_oscore_conf_t::sender_id
coap_bin_const_t * sender_id
Sender ID (i.e.
Definition coap_oscore_internal.h:39
coap_oscore_conf_t::recipient_id
coap_bin_const_t ** recipient_id
Recipient ID (i.e.
Definition coap_oscore_internal.h:41
coap_oscore_conf_t::break_recipient_key
uint32_t break_recipient_key
1 if recipient key to be broken, else 0
Definition coap_oscore_internal.h:54
coap_oscore_conf_t::master_secret
coap_bin_const_t * master_secret
Common Master Secret.
Definition coap_oscore_internal.h:37
coap_oscore_conf_t::aead_alg
cose_alg_t aead_alg
Set to one of COSE_ALGORITHM_AES*.
Definition coap_oscore_internal.h:47
coap_oscore_conf_t::master_salt
coap_bin_const_t * master_salt
Common Master Salt.
Definition coap_oscore_internal.h:38
coap_oscore_conf_t::replay_window
uint32_t replay_window
Replay window size Use COAP_OSCORE_DEFAULT_REPLAY_WINDOW.
Definition coap_oscore_internal.h:44
coap_oscore_conf_t::id_context
coap_bin_const_t * id_context
Common ID context.
Definition coap_oscore_internal.h:40
coap_oscore_conf_t::recipient_id_count
uint32_t recipient_id_count
Number of recipient_id entries.
Definition coap_oscore_internal.h:43
coap_pdu_t
structure for CoAP PDUs
Definition coap_pdu_internal.h:135
coap_pdu_t::max_hdr_size
uint8_t max_hdr_size
space reserved for protocol-specific header
Definition coap_pdu_internal.h:141
coap_pdu_t::token
uint8_t * token
first byte of token (or extended length bytes prefix), if any, or options
Definition coap_pdu_internal.h:156
coap_pdu_t::code
coap_pdu_code_t code
request method (value 1–31) or response code (value 64-255)
Definition coap_pdu_internal.h:137
coap_pdu_t::actual_token
coap_bin_const_t actual_token
Actual token in pdu.
Definition coap_pdu_internal.h:149
coap_pdu_t::data
uint8_t * data
first byte of payload, if any
Definition coap_pdu_internal.h:158
coap_pdu_t::mid
coap_mid_t mid
message id, if any, in regular host byte order
Definition coap_pdu_internal.h:139
coap_pdu_t::e_token_length
uint32_t e_token_length
length of Token space (includes leading extended bytes
Definition coap_pdu_internal.h:146
coap_pdu_t::used_size
size_t used_size
used bytes of storage for token, options and payload
Definition coap_pdu_internal.h:152
coap_pdu_t::type
coap_pdu_type_t type
message type
Definition coap_pdu_internal.h:136
coap_session_t
Abstraction of virtual session that can be attached to coap_context_t (client) or coap_endpoint_t (se...
Definition coap_session_internal.h:68
coap_session_t::proto
coap_proto_t proto
protocol used
Definition coap_session_internal.h:69
coap_session_t::con_active
uint8_t con_active
Active CON request sent.
Definition coap_session_internal.h:90
coap_session_t::context
coap_context_t * context
session's context
Definition coap_session_internal.h:86
coap_str_const_t
CoAP string data definition with const data.
Definition coap_str.h:46
coap_str_const_t::s
const uint8_t * s
read-only string data
Definition coap_str.h:48
coap_str_const_t::length
size_t length
length of string
Definition coap_str.h:47
coap_uri_t
Representation of parsed URI.
Definition coap_uri.h:65
coap_uri_t::scheme
enum coap_uri_scheme_t scheme
The parsed scheme specifier.
Definition coap_uri.h:77
coap_uri_t::path
coap_str_const_t path
The complete path if present or {0, NULL}.
Definition coap_uri.h:68
coap_uri_t::port
uint16_t port
The port in host byte order.
Definition coap_uri.h:67
coap_uri_t::query
coap_str_const_t query
The complete query if present or {0, NULL}.
Definition coap_uri.h:72
coap_uri_t::host
coap_str_const_t host
The host part of the URI.
Definition coap_uri.h:66
cose_encrypt0_t
Definition oscore_cose.h:197
cose_encrypt0_t::aad
coap_bin_const_t aad
Definition oscore_cose.h:208
cose_encrypt0_t::key
coap_bin_const_t key
Definition oscore_cose.h:199
cose_encrypt0_t::partial_iv
coap_bin_const_t partial_iv
Definition oscore_cose.h:202
cose_encrypt0_t::kid_context
coap_bin_const_t kid_context
Definition oscore_cose.h:204
cose_encrypt0_t::nonce
coap_bin_const_t nonce
Definition oscore_cose.h:206
cose_encrypt0_t::external_aad
coap_bin_const_t external_aad
Definition oscore_cose.h:207
cose_encrypt0_t::key_id
coap_bin_const_t key_id
Definition oscore_cose.h:203
cose_encrypt0_t::oscore_option
coap_bin_const_t oscore_option
Definition oscore_cose.h:205
cose_encrypt0_t::alg
cose_alg_t alg
Definition oscore_cose.h:198
oscore_association_t
Definition oscore_context.h:142
oscore_association_t::obs_partial_iv
coap_bin_const_t * obs_partial_iv
Definition oscore_context.h:150
oscore_association_t::partial_iv
coap_bin_const_t * partial_iv
Definition oscore_context.h:149
oscore_association_t::sent_pdu
coap_pdu_t * sent_pdu
Definition oscore_context.h:145
oscore_association_t::aad
coap_bin_const_t * aad
Definition oscore_context.h:147
oscore_association_t::nonce
coap_bin_const_t * nonce
Definition oscore_context.h:148
oscore_association_t::recipient_ctx
oscore_recipient_ctx_t * recipient_ctx
Definition oscore_context.h:144
oscore_association_t::is_observe
uint8_t is_observe
Definition oscore_context.h:152
oscore_ctx_t
Definition oscore_context.h:84
oscore_ctx_t::mode
oscore_mode_t mode
Definition oscore_context.h:95
oscore_ctx_t::rfc8613_b_1_2
uint8_t rfc8613_b_1_2
1 if rfc8613 B.1.2 enabled else 0
Definition oscore_context.h:96
oscore_ctx_t::save_seq_num_func_param
void * save_seq_num_func_param
Passed to save_seq_num_func().
Definition oscore_context.h:102
oscore_ctx_t::sender_context
oscore_sender_ctx_t * sender_context
Definition oscore_context.h:91
oscore_ctx_t::aead_alg
cose_alg_t aead_alg
Definition oscore_context.h:93
oscore_ctx_t::rfc8613_b_2
uint8_t rfc8613_b_2
1 if rfc8613 B.2 protocol else 0
Definition oscore_context.h:97
oscore_ctx_t::save_seq_num_func
coap_oscore_save_seq_num_t save_seq_num_func
Called every seq num change.
Definition oscore_context.h:100
oscore_ctx_t::recipient_chain
oscore_recipient_ctx_t * recipient_chain
Definition oscore_context.h:92
oscore_ctx_t::id_context
coap_bin_const_t * id_context
contains GID in case of group
Definition oscore_context.h:90
oscore_ctx_t::ssn_freq
uint32_t ssn_freq
Sender Seq Num update frequency.
Definition oscore_context.h:98
oscore_recipient_ctx_t
Definition oscore_context.h:112
oscore_recipient_ctx_t::echo_value
uint8_t echo_value[8]
Definition oscore_context.h:123
oscore_recipient_ctx_t::last_seq
uint64_t last_seq
Definition oscore_context.h:116
oscore_recipient_ctx_t::recipient_key
coap_bin_const_t * recipient_key
Definition oscore_context.h:121
oscore_recipient_ctx_t::recipient_id
coap_bin_const_t * recipient_id
Definition oscore_context.h:122
oscore_recipient_ctx_t::initial_state
uint8_t initial_state
Definition oscore_context.h:124
oscore_recipient_ctx_t::osc_ctx
oscore_ctx_t * osc_ctx
Definition oscore_context.h:115
oscore_sender_ctx_t
Definition oscore_context.h:105
oscore_sender_ctx_t::sender_id
coap_bin_const_t * sender_id
Definition oscore_context.h:109
oscore_sender_ctx_t::seq
uint64_t seq
Definition oscore_context.h:106
oscore_sender_ctx_t::sender_key
coap_bin_const_t * sender_key
Definition oscore_context.h:108
oscore_sender_ctx_t::next_seq
uint64_t next_seq
Used for ssn_freq updating.
Definition oscore_context.h:107