23#if COAP_OSCORE_SUPPORT
26#define AAD_BUF_LEN 200
31#if COAP_CLIENT_SUPPORT
39 coap_log_warn(
"OSCORE: Recipient ID must be defined for a client\n");
46 if (id_context == NULL)
55 osc_ctx = coap_oscore_init(session->
context, oscore_conf);
56 if (osc_ctx == NULL) {
60 session->oscore_encryption = 1;
174#if COAP_SERVER_SUPPORT
193 osc_ctx = coap_oscore_init(context, oscore_conf);
207 uint8_t option_value_buffer[15];
208 uint8_t *keep_proxy_uri = NULL;
215 memset(&uri, 0,
sizeof(uri));
217 if (keep_proxy_uri == NULL)
241 sizeof(option_value_buffer),
243 option_value_buffer))
304#if COAP_MAX_LOGGING_LEVEL < _COAP_LOG_OSCORE
359 uint8_t pdu_code = pdu->
code;
362 uint8_t *ciphertext_buffer = NULL;
363 size_t ciphertext_len = 0;
364 uint8_t aad_buffer[AAD_BUF_LEN];
365 uint8_t nonce_buffer[13];
371 uint8_t group_flag = 0;
373 int doing_observe = 0;
374 uint32_t observe_value = 0;
377 uint8_t external_aad_buffer[200];
379 uint8_t oscore_option[48];
380 size_t oscore_option_len;
407 rcp_ctx = session->recipient_ctx;
419 if (association == NULL)
431 if (coap_request || doing_observe ||
433 uint8_t partial_iv_buffer[8];
434 size_t partial_iv_len;
437 sizeof(partial_iv_buffer),
439 if (snd_ctx->
seq == 0) {
441 partial_iv_buffer[0] =
'\000';
444 partial_iv.
s = partial_iv_buffer;
445 partial_iv.
length = partial_iv_len;
456 if (coap_request || doing_observe ||
467 nonce.
s = nonce_buffer;
546 external_aad.
s = external_aad_buffer;
553 sizeof(external_aad_buffer));
562 assert(aad.
length < AAD_BUF_LEN);
576 if (plain_pdu == NULL)
587 switch (opt_iter.
number) {
666 dump_cose(cose,
"Pre encrypt");
669 if (ciphertext_buffer == NULL)
674 if ((
int)ciphertext_len <= 0) {
675 coap_log_warn(
"OSCORE: Encryption Failure, result code: %d \n",
676 (
int)ciphertext_len);
679 assert(ciphertext_len < OSCORE_CRYPTO_BUFFER_SIZE);
689 if (!
coap_add_data(osc_pdu, ciphertext_len, ciphertext_buffer))
693 ciphertext_buffer = NULL;
698 if (association && association->
is_observe == 0)
732 if (doing_observe && observe_value == 1) {
739 if (association->
nonce == NULL)
743 if (association->
aad == NULL)
776 session->done_b_1_2 = 1;
781 if (ciphertext_buffer)
792 const char *diagnostic,
795 int encrypt_oscore) {
798 int oscore_encryption = session->oscore_encryption;
799 unsigned char buf[4];
806 token.length + 2 + 8 +
807 (diagnostic ? strlen(diagnostic) : 0));
813 }
else if (kid_context == NULL) {
820 coap_add_data(err_pdu, strlen(diagnostic), (
const uint8_t *)diagnostic);
821 session->oscore_encryption = encrypt_oscore;
823 if ((echo_data || kid_context) && encrypt_oscore) {
831 session->oscore_encryption = 0;
840 session->oscore_encryption = oscore_encryption;
855 const uint8_t *osc_value;
861 uint8_t aad_buffer[AAD_BUF_LEN];
862 uint8_t nonce_buffer[13];
873 uint8_t external_aad_buffer[100];
876#if COAP_CLIENT_SUPPORT
885 if (session->
context->p_osc_ctx == NULL) {
894 if (pdu->
data == NULL) {
911 if (decrypt_pdu == NULL) {
929 switch (opt_iter.
number) {
968 uint64_t incoming_seq;
976 build_and_send_error_pdu(session,
979 "Failed to decode COSE",
998 session->oscore_r2 != 0 ? (uint8_t *)&session->oscore_r2 : NULL,
1009 kid_context.
s = ptr;
1012 if (session->oscore_r2 != 0) {
1031 if (osc_ctx == NULL)
1051 build_and_send_error_pdu(session,
1054 "Security context not found",
1061 session->recipient_ctx = rcp_ctx;
1074 build_and_send_error_pdu(session,
1094 coap_log_warn(
"OSCORE: OSCORE Option cannot be decoded.\n");
1105#if COAP_CLIENT_SUPPORT
1116 kid_context.
s = ptr;
1147 coap_log_crit(
"OSCORE: Security Context association not found\n");
1184 external_aad.
s = external_aad_buffer;
1190 external_aad_buffer,
1191 sizeof(external_aad_buffer));
1199 sizeof(aad_buffer));
1200 assert(aad.
length < AAD_BUF_LEN);
1212 nonce.
s = nonce_buffer;
1223 association->
nonce =
1225 if (association->
nonce == NULL)
1234 if (association->
aad == NULL)
1270 coap_log_warn(
"OSCORE Replay protection, SEQ larger than SEQ_MAX.\n");
1282 nonce.
s = nonce_buffer;
1286#ifdef OSCORE_EXTRA_DEBUG
1287 dump_cose(cose,
"!req post set nonce");
1317#ifdef OSCORE_EXTRA_DEBUG
1318 dump_cose(cose,
"!req pre aad");
1320 external_aad.
s = external_aad_buffer;
1326 external_aad_buffer,
1327 sizeof(external_aad_buffer));
1335 sizeof(aad_buffer));
1336 assert(aad.
length < AAD_BUF_LEN);
1338#ifdef OSCORE_EXTRA_DEBUG
1339 dump_cose(cose,
"!req post set aad");
1354 st_encrypt = pdu->
data;
1356 if (encrypt_len <= 0) {
1370 if (plain_pdu == NULL) {
1391 plain_pdu->
used_size = encrypt_len - tag_len;
1393 dump_cose(cose,
"Pre decrypt");
1396 if (pltxt_size <= 0) {
1397 coap_log_warn(
"OSCORE: Decryption Failure, result code: %d \n",
1400 build_and_send_error_pdu(session,
1403 "Decryption failed",
1417 assert((
size_t)pltxt_size < pdu->alloc_size + pdu->
max_hdr_size);
1434 coap_prng(&session->oscore_r2,
sizeof(session->oscore_r2));
1435 memcpy(kc->
s, &session->oscore_r2,
sizeof(session->oscore_r2));
1436 memcpy(&kc->
s[
sizeof(session->oscore_r2)],
1443 oscore_r2.
length =
sizeof(session->oscore_r2);
1444 oscore_r2.
s = (
const uint8_t *)&session->oscore_r2;
1446 build_and_send_error_pdu(session,
1455#if COAP_CLIENT_SUPPORT
1462 coap_log_warn(
"OSCORE Appendix B.2: Expected 4.01 response\n");
1508#if COAP_SERVER_SUPPORT
1519 build_and_send_error_pdu(session,
1538 build_and_send_error_pdu(session,
1558 decrypt_pdu->
code = plain_pdu->
token[0];
1566 switch (opt_iter.
number) {
1570 if (!coap_request) {
1637#if COAP_CLIENT_SUPPORT
1657 if (association && association->
is_observe == 0)
1664 if (association && association->
is_observe == 0)
1672 COAP_ENC_ASCII = 0x01,
1673 COAP_ENC_HEX = 0x02,
1674 COAP_ENC_INTEGER = 0x08,
1675 COAP_ENC_TEXT = 0x10,
1676 COAP_ENC_BOOL = 0x20,
1678} coap_oscore_coding_t;
1681#define TEXT_MAPPING(t, v) \
1682 { { sizeof(#t)-1, (const uint8_t *)#t }, v }
1684static struct coap_oscore_encoding_t {
1686 coap_oscore_coding_t encoding;
1687} oscore_encoding[] = {
1688 TEXT_MAPPING(ascii, COAP_ENC_ASCII),
1689 TEXT_MAPPING(hex, COAP_ENC_HEX),
1690 TEXT_MAPPING(integer, COAP_ENC_INTEGER),
1691 TEXT_MAPPING(text, COAP_ENC_TEXT),
1692 TEXT_MAPPING(
bool, COAP_ENC_BOOL),
1693 {{0, NULL}, COAP_ENC_LAST}
1697 coap_oscore_coding_t encoding;
1698 const char *encoding_name;
1708 assert(isxdigit(c));
1709 if (
'a' <= c && c <=
'f')
1710 return c -
'a' + 10;
1711 else if (
'A' <= c && c <=
'F')
1712 return c -
'A' + 10;
1719parse_hex_bin(
const char *begin,
const char *end) {
1723 if ((end - begin) % 2 != 0)
1728 for (i = 0; (i < (size_t)(end - begin)) && isxdigit((u_char)begin[i]) &&
1729 isxdigit((u_char)begin[i + 1]);
1731 binary->
s[i / 2] = (hex2char(begin[i]) << 4) + hex2char(begin[i + 1]);
1733 if (i != (
size_t)(end - begin))
1749get_split_entry(
const char **start,
1752 oscore_value_t *value) {
1753 const char *begin = *start;
1760 kend = end = memchr(begin,
'\n', size);
1766 if (end > begin && end[-1] ==
'\r')
1769 if (begin[0] ==
'#' || (end - begin) == 0) {
1771 size -= kend - begin + 1;
1777 split = memchr(begin,
',', end - begin);
1781 keyword->
s = (
const uint8_t *)begin;
1782 keyword->
length = split - begin;
1785 if ((end - begin) == 0)
1788 split = memchr(begin,
',', end - begin);
1792 for (i = 0; oscore_encoding[i].name.s; i++) {
1796 value->encoding = oscore_encoding[i].encoding;
1797 value->encoding_name = (
const char *)oscore_encoding[i].name.
s;
1801 if (oscore_encoding[i].name.s == NULL)
1805 if ((end - begin) == 0)
1808 if (begin[0] ==
'"') {
1809 split = memchr(&begin[1],
'"', end - split - 1);
1815 switch (value->encoding) {
1816 case COAP_ENC_ASCII:
1817 value->u.value_bin =
1822 value->u.value_bin = parse_hex_bin(begin, end);
1823 if (value->u.value_bin == NULL)
1826 case COAP_ENC_INTEGER:
1827 value->u.value_int = atoi(begin);
1830 value->u.value_str.s = (
const uint8_t *)begin;
1831 value->u.value_str.length = end - begin;
1834 if (memcmp(
"true", begin, end - begin) == 0)
1835 value->u.value_int = 1;
1836 else if (memcmp(
"false", begin, end - begin) == 0)
1837 value->u.value_int = 0;
1848 coap_log_warn(
"oscore_conf: Unrecognized configuration entry '%.*s'\n",
1855#define CONFIG_ENTRY(n, e, t) \
1856 { { sizeof(#n)-1, (const uint8_t *)#n }, e, \
1857 offsetof(coap_oscore_conf_t, n), t }
1859typedef struct oscore_text_mapping_t {
1862} oscore_text_mapping_t;
1865static oscore_text_mapping_t text_aead_alg[] = {
1871static oscore_text_mapping_t text_hkdf_alg[] = {
1876static struct oscore_config_t {
1878 coap_oscore_coding_t encoding;
1880 oscore_text_mapping_t *text_mapping;
1881} oscore_config[] = {
1882 CONFIG_ENTRY(master_secret, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1883 CONFIG_ENTRY(master_salt, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1884 CONFIG_ENTRY(sender_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1885 CONFIG_ENTRY(id_context, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1886 CONFIG_ENTRY(recipient_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
1887 CONFIG_ENTRY(replay_window, COAP_ENC_INTEGER, NULL),
1888 CONFIG_ENTRY(ssn_freq, COAP_ENC_INTEGER, NULL),
1889 CONFIG_ENTRY(aead_alg, COAP_ENC_INTEGER | COAP_ENC_TEXT, text_aead_alg),
1890 CONFIG_ENTRY(hkdf_alg, COAP_ENC_INTEGER | COAP_ENC_TEXT, text_hkdf_alg),
1891 CONFIG_ENTRY(rfc8613_b_1_2, COAP_ENC_BOOL, NULL),
1892 CONFIG_ENTRY(rfc8613_b_2, COAP_ENC_BOOL, NULL),
1893 CONFIG_ENTRY(break_sender_key, COAP_ENC_BOOL, NULL),
1894 CONFIG_ENTRY(break_recipient_key, COAP_ENC_BOOL, NULL),
1901 if (oscore_conf == NULL)
1918 const char *start = (
const char *)conf_mem.
s;
1919 const char *end = start + conf_mem.length;
1921 oscore_value_t value;
1925 if (oscore_conf == NULL)
1929 memset(&value, 0,
sizeof(value));
1940 while (end > start &&
1941 get_split_entry(&start, end - start, &keyword, &value)) {
1945 for (i = 0; i <
sizeof(oscore_config) /
sizeof(oscore_config[0]); i++) {
1947 value.encoding & oscore_config[i].encoding) {
1949 if (value.u.value_bin->length > 7) {
1950 coap_log_warn(
"oscore_conf: Maximum size of recipient_id is 7 bytes\n");
1951 goto error_free_value_bin;
1960 goto error_free_value_bin;
1967 switch (value.encoding) {
1969 case COAP_ENC_ASCII:
1970 memcpy(&unused_check,
1971 &(((
char *)oscore_conf)[oscore_config[i].offset]),
1972 sizeof(unused_check));
1973 if (unused_check != NULL) {
1976 (
const char *)keyword.
s);
1979 memcpy(&(((
char *)oscore_conf)[oscore_config[i].offset]),
1981 sizeof(value.u.value_bin));
1983 case COAP_ENC_INTEGER:
1985 memcpy(&(((
char *)oscore_conf)[oscore_config[i].offset]),
1987 sizeof(value.u.value_int));
1990 for (j = 0; oscore_config[i].text_mapping[j].text.s != NULL; j++) {
1992 &oscore_config[i].text_mapping[j].text)) {
1993 memcpy(&(((
char *)oscore_conf)[oscore_config[i].offset]),
1994 &oscore_config[i].text_mapping[j].value,
1995 sizeof(oscore_config[i].text_mapping[j].value));
1999 if (oscore_config[i].text_mapping[j].text.s == NULL) {
2000 coap_log_warn(
"oscore_conf: Keyword '%.*s': value '%.*s' unknown\n",
2002 (
const char *)keyword.
s,
2003 (
int)value.u.value_str.length,
2004 (
const char *)value.u.value_str.s);
2017 if (i ==
sizeof(oscore_config) /
sizeof(oscore_config[0])) {
2018 coap_log_warn(
"oscore_conf: Keyword '%.*s', type '%s' unknown\n",
2020 (
const char *)keyword.
s,
2021 value.encoding_name);
2022 if (value.encoding == COAP_ENC_HEX || value.encoding == COAP_ENC_ASCII)
2027 if (!oscore_conf->master_secret) {
2031 if (!oscore_conf->sender_id) {
2035 if (oscore_conf->sender_id->length > 7) {
2036 coap_log_warn(
"oscore_conf: Maximum size of sender_id is 7 bytes\n");
2039 if (oscore_conf->recipient_id && oscore_conf->recipient_id[0]->length > 7) {
2040 coap_log_warn(
"oscore_conf: Maximum size of recipient_id is 7 bytes\n");
2045error_free_value_bin:
2069 coap_log_crit(
"OSCORE: Could not create Security Context!\n");
2104 void *save_seq_num_func_param,
2105 uint64_t start_seq_num) {
2108 if (oscore_conf == NULL)
2123 size_t overhead = 0;
2129 if (osc_ctx == NULL)
2178 if (context->p_osc_ctx == NULL)
2190 if (!context || !recipient_id)
2202 if (context->p_osc_ctx == NULL)
2272 void *save_seq_num_func_param,
2273 uint64_t start_seq_num) {
2275 (void)save_seq_num_func;
2276 (void)save_seq_num_func_param;
2277 (void)start_seq_num;
Library specific build wrapper for coap_internal.h.
void * coap_realloc_type(coap_memory_tag_t type, void *p, size_t size)
Reallocates a chunk p of bytes created by coap_malloc_type() or coap_realloc_type() and returns a poi...
void * coap_malloc_type(coap_memory_tag_t type, size_t size)
Allocates a chunk of size bytes and returns a pointer to the newly allocated memory.
void coap_free_type(coap_memory_tag_t type, void *p)
Releases the memory that was allocated by coap_malloc_type().
size_t coap_opt_size(const coap_opt_t *opt)
Returns the size of the given option, taking into account a possible option jump.
uint8_t coap_opt_t
Use byte-oriented access methods here because sliding a complex struct coap_opt_t over the data buffe...
#define coap_lock_unlock(c)
#define coap_lock_lock(c, failed)
#define coap_lock_check_locked(c)
static int coap_uri_scheme_is_secure(const coap_uri_t *uri)
coap_mid_t coap_send_ack_lkd(coap_session_t *session, const coap_pdu_t *request)
Sends an ACK message with code 0 for the specified request to dst.
coap_mid_t coap_retransmit_oscore_pdu(coap_session_t *session, coap_pdu_t *pdu, coap_opt_t *echo)
int coap_prng(void *buf, size_t len)
Fills buf with len random bytes using the default pseudo random number generator.
int coap_handle_event_lkd(coap_context_t *context, coap_event_t event, coap_session_t *session)
Invokes the event handler of context for the given event and data.
uint16_t coap_new_message_id_lkd(coap_session_t *session)
Returns a new message id and updates session->tx_mid accordingly.
coap_mid_t coap_send_internal(coap_session_t *session, coap_pdu_t *pdu)
Sends a CoAP message to given peer.
void coap_cancel_all_messages(coap_context_t *context, coap_session_t *session, coap_bin_const_t *token)
Cancels all outstanding messages for session session that have the specified token.
#define COAP_OSCORE_DEFAULT_REPLAY_WINDOW
int coap_crypto_check_hkdf_alg(cose_hkdf_alg_t hkdf_alg)
Check whether the defined hkdf algorithm is supported by the underlying crypto library.
int coap_crypto_check_cipher_alg(cose_alg_t alg)
Check whether the defined cipher algorithm is supported by the underlying crypto library.
unsigned int coap_encode_var_safe(uint8_t *buf, size_t length, unsigned int val)
Encodes multiple-length byte sequences.
unsigned int coap_decode_var_bytes(const uint8_t *buf, size_t len)
Decodes multiple-length byte sequences.
uint64_t coap_decode_var_bytes8(const uint8_t *buf, size_t len)
Decodes multiple-length byte sequences.
unsigned int coap_encode_var_safe8(uint8_t *buf, size_t length, uint64_t val)
Encodes multiple-length byte sequences.
@ COAP_EVENT_OSCORE_DECODE_ERROR
Triggered when there is an OSCORE decode of OSCORE option failure.
@ COAP_EVENT_OSCORE_INTERNAL_ERROR
Triggered when there is an OSCORE internal error i.e malloc failed.
@ COAP_EVENT_OSCORE_NOT_ENABLED
Triggered when trying to use OSCORE to decrypt, but it is not enabled.
@ COAP_EVENT_OSCORE_NO_SECURITY
Triggered when there is no OSCORE security definition found.
@ COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD
Triggered when there is no OSCORE encrypted payload provided.
@ COAP_EVENT_OSCORE_DECRYPTION_FAILURE
Triggered when there is an OSCORE decryption failure.
#define coap_log_debug(...)
coap_log_t coap_get_log_level(void)
Get the current logging level.
void coap_show_pdu(coap_log_t level, const coap_pdu_t *pdu)
Display the contents of the specified pdu.
#define coap_log_oscore(...)
#define coap_log_warn(...)
#define coap_log_crit(...)
coap_opt_t * coap_option_next(coap_opt_iterator_t *oi)
Updates the iterator oi to point to the next option.
uint32_t coap_opt_length(const coap_opt_t *opt)
Returns the length of the given option.
coap_opt_iterator_t * coap_option_iterator_init(const coap_pdu_t *pdu, coap_opt_iterator_t *oi, const coap_opt_filter_t *filter)
Initializes the given option iterator oi to point to the beginning of the pdu's option list.
#define COAP_OPT_ALL
Pre-defined filter that includes all options.
coap_opt_t * coap_check_option(const coap_pdu_t *pdu, coap_option_num_t number, coap_opt_iterator_t *oi)
Retrieves the first option of number number from pdu.
const uint8_t * coap_opt_value(const coap_opt_t *opt)
Returns a pointer to the value of the given option.
size_t oscore_cbor_get_element_size(const uint8_t **buffer, size_t *buf_len)
void cose_encrypt0_set_plaintext(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size)
int cose_encrypt0_set_key(cose_encrypt0_t *ptr, coap_bin_const_t *key)
void cose_encrypt0_set_kid_context(cose_encrypt0_t *ptr, coap_bin_const_t *kid_context)
const char * cose_get_alg_name(cose_alg_t id, char *buffer, size_t buflen)
void cose_encrypt0_set_ciphertext(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size)
int cose_encrypt0_decrypt(cose_encrypt0_t *ptr, uint8_t *plaintext_buffer, size_t plaintext_len)
size_t cose_tag_len(cose_alg_t cose_alg)
void cose_encrypt0_set_aad(cose_encrypt0_t *ptr, coap_bin_const_t *aad)
int cose_encrypt0_encrypt(cose_encrypt0_t *ptr, uint8_t *ciphertext_buffer, size_t ciphertext_len)
void cose_encrypt0_set_partial_iv(cose_encrypt0_t *ptr, coap_bin_const_t *partial_iv)
void cose_encrypt0_set_external_aad(cose_encrypt0_t *ptr, coap_bin_const_t *external_aad)
void cose_encrypt0_init(cose_encrypt0_t *ptr)
void cose_encrypt0_set_alg(cose_encrypt0_t *ptr, uint8_t alg)
void cose_encrypt0_set_key_id(cose_encrypt0_t *ptr, coap_bin_const_t *key_id)
void cose_encrypt0_set_nonce(cose_encrypt0_t *ptr, coap_bin_const_t *nonce)
@ COSE_HKDF_ALG_HKDF_SHA_256
@ COSE_ALGORITHM_AES_CCM_16_64_128
@ COSE_ALGORITHM_AES_CCM_16_64_256
coap_session_t * coap_new_client_session_oscore_psk_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PSK credentials as well as protecting the ...
size_t oscore_prepare_aad(const uint8_t *external_aad_buffer, size_t external_aad_len, uint8_t *aad_buffer, size_t aad_size)
size_t oscore_encode_option_value(uint8_t *option_buffer, size_t option_buf_len, cose_encrypt0_t *cose, uint8_t group_flag, uint8_t appendix_b_2)
int coap_delete_oscore_recipient_lkd(coap_context_t *context, coap_bin_const_t *recipient_id)
Release all the information associated for the specific Recipient ID (and hence and stop any further ...
int oscore_delete_association(coap_session_t *session, oscore_association_t *association)
uint8_t oscore_validate_sender_seq(oscore_recipient_ctx_t *ctx, cose_encrypt0_t *cose)
oscore_recipient_ctx_t * oscore_add_recipient(oscore_ctx_t *osc_ctx, coap_bin_const_t *rid, uint32_t break_key)
oscore_add_recipient - add in recipient information
int oscore_decode_option_value(const uint8_t *opt_value, size_t option_len, cose_encrypt0_t *cose)
coap_pdu_t * coap_oscore_new_pdu_encrypted_lkd(coap_session_t *session, coap_pdu_t *pdu, coap_bin_const_t *kid_context, oscore_partial_iv_t send_partial_iv)
Encrypts the specified pdu when OSCORE encryption is required on session.
coap_session_t * coap_new_client_session_oscore_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server, protecting the data using OSCORE.
int oscore_delete_recipient(oscore_ctx_t *osc_ctx, coap_bin_const_t *rid)
uint8_t oscore_increment_sender_seq(oscore_ctx_t *ctx)
void oscore_update_ctx(oscore_ctx_t *osc_ctx, coap_bin_const_t *id_context)
oscore_update_ctx - update a osc_ctx with a new id_context
oscore_ctx_t * oscore_derive_ctx(coap_context_t *c_context, coap_oscore_conf_t *oscore_conf)
oscore_derive_ctx - derive a osc_ctx from oscore_conf information
COAP_API coap_pdu_t * coap_oscore_new_pdu_encrypted(coap_session_t *session, coap_pdu_t *pdu, coap_bin_const_t *kid_context, oscore_partial_iv_t send_partial_iv)
Encrypts the specified pdu when OSCORE encryption is required on session.
void oscore_roll_back_seq(oscore_recipient_ctx_t *ctx)
int oscore_new_association(coap_session_t *session, coap_pdu_t *sent_pdu, coap_bin_const_t *token, oscore_recipient_ctx_t *recipient_ctx, coap_bin_const_t *aad, coap_bin_const_t *nonce, coap_bin_const_t *partial_iv, int is_observe)
size_t oscore_prepare_e_aad(oscore_ctx_t *ctx, cose_encrypt0_t *cose, const uint8_t *oscore_option, size_t oscore_option_len, coap_bin_const_t *sender_public_key, uint8_t *external_aad_ptr, size_t external_aad_size)
void oscore_delete_server_associations(coap_session_t *session)
void oscore_log_char_value(coap_log_t level, const char *name, const char *value)
struct coap_pdu_t * coap_oscore_decrypt_pdu(coap_session_t *session, coap_pdu_t *pdu)
Decrypts the OSCORE-encrypted parts of pdu when OSCORE is used.
int coap_rebuild_pdu_for_proxy(coap_pdu_t *pdu)
Convert PDU to use Proxy-Scheme option if Proxy-Uri option is present.
void oscore_free_contexts(coap_context_t *c_context)
void oscore_log_hex_value(coap_log_t level, const char *name, coap_bin_const_t *value)
void coap_delete_oscore_associations(coap_session_t *session)
Cleanup all allocated OSCORE association information.
int coap_oscore_initiate(coap_session_t *session, coap_oscore_conf_t *oscore_conf)
Initiate an OSCORE session.
int coap_new_oscore_recipient_lkd(coap_context_t *context, coap_bin_const_t *recipient_id)
Add in the specific Recipient ID into the OSCORE context (server only).
oscore_ctx_t * oscore_duplicate_ctx(coap_context_t *c_context, oscore_ctx_t *o_osc_ctx, coap_bin_const_t *sender_id, coap_bin_const_t *recipient_id, coap_bin_const_t *id_context)
oscore_duplicate_ctx - duplicate a osc_ctx
void coap_delete_all_oscore(coap_context_t *context)
Cleanup all allocated OSCORE information.
void oscore_generate_nonce(cose_encrypt0_t *ptr, oscore_ctx_t *ctx, uint8_t *buffer, uint8_t size)
int oscore_remove_context(coap_context_t *c_context, oscore_ctx_t *osc_ctx)
oscore_association_t * oscore_find_association(coap_session_t *session, coap_bin_const_t *token)
int coap_context_oscore_server_lkd(coap_context_t *context, coap_oscore_conf_t *oscore_conf)
Set the context's default OSCORE configuration for a server.
oscore_ctx_t * oscore_find_context(const coap_context_t *c_context, const coap_bin_const_t rcpkey_id, const coap_bin_const_t *ctxkey_id, uint8_t *oscore_r2, oscore_recipient_ctx_t **recipient_ctx)
oscore_find_context - Locate recipient context (and hence OSCORE context)
coap_session_t * coap_new_client_session_oscore_pki_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PKI credentials as well as protecting the ...
size_t coap_oscore_overhead(coap_session_t *session, coap_pdu_t *pdu)
Determine the additional data size requirements for adding in OSCORE.
@ OSCORE_MODE_SINGLE
Vanilla RFC8613 support.
@ OSCORE_SEND_PARTIAL_IV
Send partial IV with encrypted PDU.
@ OSCORE_SEND_NO_IV
Do not send partial IV unless added by a response.
coap_oscore_conf_t * coap_new_oscore_conf(coap_str_const_t conf_mem, coap_oscore_save_seq_num_t save_seq_num_func, void *save_seq_num_func_param, uint64_t start_seq_num)
Parse an OSCORE configuration (held in memory) and populate a OSCORE configuration structure.
coap_session_t * coap_new_client_session_oscore_psk(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *psk_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PSK credentials as well as protecting the ...
int coap_delete_oscore_conf(coap_oscore_conf_t *oscore_conf)
Release all the information associated with the OSCORE configuration.
coap_session_t * coap_new_client_session_oscore(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server, protecting the data using OSCORE.
int coap_context_oscore_server(coap_context_t *context, coap_oscore_conf_t *oscore_conf)
Set the context's default OSCORE configuration for a server.
int coap_oscore_is_supported(void)
Check whether OSCORE is available.
coap_session_t * coap_new_client_session_oscore_pki(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *pki_data, coap_oscore_conf_t *oscore_conf)
Creates a new client session to the designated server with PKI credentials as well as protecting the ...
int coap_new_oscore_recipient(coap_context_t *context, coap_bin_const_t *recipient_id)
Add in the specific Recipient ID into the OSCORE context (server only).
int(* coap_oscore_save_seq_num_t)(uint64_t sender_seq_num, void *param)
Definition of the function used to save the current Sender Sequence Number.
int coap_delete_oscore_recipient(coap_context_t *context, coap_bin_const_t *recipient_id)
Release all the information associated for the specific Recipient ID (and hence and stop any further ...
size_t coap_insert_option(coap_pdu_t *pdu, coap_option_num_t number, size_t len, const uint8_t *data)
Inserts option of given number in the pdu with the appropriate data.
int coap_remove_option(coap_pdu_t *pdu, coap_option_num_t number)
Removes (first) option of given number from the pdu.
#define COAP_PDU_IS_PING(pdu)
size_t coap_pdu_encode_header(coap_pdu_t *pdu, coap_proto_t proto)
Compose the protocol specific header for the specified PDU.
coap_pdu_t * coap_pdu_duplicate_lkd(const coap_pdu_t *old_pdu, coap_session_t *session, size_t token_length, const uint8_t *token, coap_opt_filter_t *drop_options)
Duplicate an existing PDU.
#define COAP_PAYLOAD_START
int coap_pdu_resize(coap_pdu_t *pdu, size_t new_size)
Dynamically grows the size of pdu to new_size.
#define COAP_PDU_IS_REQUEST(pdu)
size_t coap_add_option_internal(coap_pdu_t *pdu, coap_option_num_t number, size_t len, const uint8_t *data)
Adds option of given number to pdu that is passed as first parameter.
#define COAP_OPTION_HOP_LIMIT
#define COAP_OPTION_NORESPONSE
#define COAP_OPTION_URI_HOST
#define COAP_OPTION_IF_MATCH
#define COAP_OPTION_BLOCK2
#define COAP_OPTION_CONTENT_FORMAT
#define COAP_OPTION_SIZE2
#define COAP_OPTION_BLOCK1
#define COAP_OPTION_PROXY_SCHEME
#define COAP_DEFAULT_PORT
#define COAP_OPTION_URI_QUERY
void coap_delete_pdu(coap_pdu_t *pdu)
Dispose of an CoAP PDU and frees associated storage.
#define COAP_OPTION_IF_NONE_MATCH
#define COAP_OPTION_LOCATION_PATH
#define COAP_OPTION_URI_PATH
#define COAP_RESPONSE_CODE(N)
#define COAP_RESPONSE_CLASS(C)
coap_proto_t
CoAP protocol types.
coap_pdu_code_t
Set of codes available for a PDU.
#define COAP_OPTION_OSCORE
#define COAP_OPTION_SIZE1
int coap_add_token(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Adds token of length len to pdu.
#define COAP_OPTION_LOCATION_QUERY
#define COAPS_DEFAULT_PORT
int coap_get_data(const coap_pdu_t *pdu, size_t *len, const uint8_t **data)
Retrieves the length and data pointer of specified PDU.
#define COAP_OPTION_URI_PORT
coap_pdu_t * coap_pdu_init(coap_pdu_type_t type, coap_pdu_code_t code, coap_mid_t mid, size_t size)
Creates a new CoAP PDU with at least enough storage space for the given size maximum message size.
#define COAP_OPTION_ACCEPT
#define COAP_INVALID_MID
Indicates an invalid message id.
#define COAP_OPTION_MAXAGE
#define COAP_OPTION_PROXY_URI
#define COAP_OPTION_OBSERVE
int coap_add_data(coap_pdu_t *pdu, size_t len, const uint8_t *data)
Adds given data to the pdu that is passed as first parameter.
coap_bin_const_t coap_pdu_get_token(const coap_pdu_t *pdu)
Gets the token associated with pdu.
@ COAP_REQUEST_CODE_FETCH
coap_session_t * coap_new_client_session_psk2_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_cpsk_t *setup_data)
Creates a new client session to the designated server with PSK credentials.
coap_session_t * coap_new_client_session_pki_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto, coap_dtls_pki_t *setup_data)
Creates a new client session to the designated server with PKI credentials.
coap_session_t * coap_new_client_session_lkd(coap_context_t *ctx, const coap_address_t *local_if, const coap_address_t *server, coap_proto_t proto)
Creates a new client session to the designated server.
void coap_session_release_lkd(coap_session_t *session)
Decrement reference counter on a session.
#define COAP_PROTO_NOT_RELIABLE(p)
void coap_delete_bin_const(coap_bin_const_t *s)
Deletes the given const binary data and releases any memory allocated.
coap_binary_t * coap_new_binary(size_t size)
Returns a new binary object with at least size bytes storage allocated.
coap_str_const_t * coap_make_str_const(const char *string)
Take the specified byte array (text) and create a coap_str_const_t *.
coap_bin_const_t * coap_new_bin_const(const uint8_t *data, size_t size)
Take the specified byte array (text) and create a coap_bin_const_t * Returns a new const binary objec...
void coap_delete_binary(coap_binary_t *s)
Deletes the given coap_binary_t object and releases any memory allocated.
#define coap_binary_equal(binary1, binary2)
Compares the two binary data for equality.
#define coap_string_equal(string1, string2)
Compares the two strings for equality.
int coap_split_path(const uint8_t *s, size_t length, unsigned char *buf, size_t *buflen)
Splits the given URI path into segments.
int coap_split_query(const uint8_t *s, size_t length, unsigned char *buf, size_t *buflen)
Splits the given URI query into segments.
int coap_split_proxy_uri(const uint8_t *str_var, size_t len, coap_uri_t *uri)
Parses a given string into URI components.
coap_uri_info_t coap_uri_scheme[COAP_URI_SCHEME_LAST]
Multi-purpose address abstraction.
CoAP binary data definition with const data.
size_t length
length of binary data
const uint8_t * s
read-only binary data
CoAP binary data definition.
size_t length
length of binary data
The CoAP stack's global state is stored in a coap_context_t object.
The structure used for defining the Client PSK setup data to be used.
The structure used for defining the PKI setup data to be used.
Iterator to run through PDU options.
coap_opt_t * next_option
pointer to the unparsed next option
size_t length
remaining length of PDU
coap_option_num_t number
decoded option number
The structure used to hold the OSCORE configuration information.
void * save_seq_num_func_param
Passed to save_seq_num_func()
uint32_t rfc8613_b_2
1 if rfc8613 B.2 protocol else 0
cose_hkdf_alg_t hkdf_alg
Set to one of COSE_HKDF_ALG_*.
uint32_t break_sender_key
1 if sender key to be broken, else 0
uint32_t ssn_freq
Sender Seq Num update frequency.
coap_oscore_save_seq_num_t save_seq_num_func
Called every seq num change.
uint32_t rfc8613_b_1_2
1 if rfc8613 B.1.2 enabled else 0
uint64_t start_seq_num
Used for ssn_freq updating.
coap_bin_const_t * sender_id
Sender ID (i.e.
coap_bin_const_t ** recipient_id
Recipient ID (i.e.
uint32_t break_recipient_key
1 if recipient key to be broken, else 0
coap_bin_const_t * master_secret
Common Master Secret.
cose_alg_t aead_alg
Set to one of COSE_ALGORITHM_AES*.
coap_bin_const_t * master_salt
Common Master Salt.
uint32_t replay_window
Replay window size Use COAP_OSCORE_DEFAULT_REPLAY_WINDOW.
coap_bin_const_t * id_context
Common ID context.
uint32_t recipient_id_count
Number of recipient_id entries.
uint8_t max_hdr_size
space reserved for protocol-specific header
uint8_t * token
first byte of token (or extended length bytes prefix), if any, or options
coap_pdu_code_t code
request method (value 1–31) or response code (value 64-255)
coap_bin_const_t actual_token
Actual token in pdu.
uint8_t * data
first byte of payload, if any
coap_mid_t mid
message id, if any, in regular host byte order
uint32_t e_token_length
length of Token space (includes leading extended bytes
size_t used_size
used bytes of storage for token, options and payload
coap_pdu_type_t type
message type
Abstraction of virtual session that can be attached to coap_context_t (client) or coap_endpoint_t (se...
coap_proto_t proto
protocol used
uint8_t con_active
Active CON request sent.
coap_context_t * context
session's context
CoAP string data definition with const data.
const uint8_t * s
read-only string data
size_t length
length of string
const char * name
scheme name
Representation of parsed URI.
enum coap_uri_scheme_t scheme
The parsed scheme specifier.
coap_str_const_t path
The complete path if present or {0, NULL}.
uint16_t port
The port in host byte order.
coap_str_const_t query
The complete query if present or {0, NULL}.
coap_str_const_t host
The host part of the URI.
coap_bin_const_t partial_iv
coap_bin_const_t kid_context
coap_bin_const_t external_aad
coap_bin_const_t oscore_option
coap_bin_const_t * partial_iv
oscore_recipient_ctx_t * recipient_ctx
uint8_t rfc8613_b_1_2
1 if rfc8613 B.1.2 enabled else 0
void * save_seq_num_func_param
Passed to save_seq_num_func()
oscore_sender_ctx_t * sender_context
uint8_t rfc8613_b_2
1 if rfc8613 B.2 protocol else 0
coap_oscore_save_seq_num_t save_seq_num_func
Called every seq num change.
oscore_recipient_ctx_t * recipient_chain
coap_bin_const_t * id_context
contains GID in case of group
uint32_t ssn_freq
Sender Seq Num update frequency.
coap_bin_const_t * recipient_key
coap_bin_const_t * recipient_id
coap_bin_const_t * sender_id
coap_bin_const_t * sender_key
uint64_t next_seq
Used for ssn_freq updating.