Commit 35d29e80 authored by Marek Szkowron's avatar Marek Szkowron

Merge remote-tracking branch 'origin/oscore' into oscore_ipanema_fix_version

parents 95769f61 f61bcb4d
Pipeline #1096 passed with stage
in 3 minutes and 47 seconds
......@@ -26,6 +26,9 @@
#ifdef OC_SECURITY
#include "security/oc_tls.h"
#ifdef OC_OSCORE
#include "security/oc_oscore.h"
#endif /* OC_OSCORE */
#endif /* OC_SECURITY */
#include "oc_buffer.h"
......@@ -190,9 +193,14 @@ OC_PROCESS_THREAD(message_buffer_handler, ev, data)
#endif /* OC_CLIENT */
#ifdef OC_SECURITY
if (message->endpoint.flags & SECURED) {
OC_DBG("Outbound network event: forwarding to TLS");
#ifdef OC_OSCORE
OC_DBG("Outbound network event: forwarding to OSCORE");
oc_process_post(&oc_oscore_handler, oc_events[OUTBOUND_OSCORE_EVENT],
data);
} else
#else /* OC_OSCORE */
#ifdef OC_CLIENT
OC_DBG("Outbound network event: forwarding to TLS");
if (!oc_tls_connected(&message->endpoint)) {
OC_DBG("Posting INIT_TLS_CONN_EVENT");
oc_process_post(&oc_tls_handler, oc_events[INIT_TLS_CONN_EVENT],
......@@ -204,6 +212,7 @@ OC_PROCESS_THREAD(message_buffer_handler, ev, data)
oc_process_post(&oc_tls_handler, oc_events[RI_TO_TLS_EVENT], data);
}
} else
#endif /* !OC_OSCORE */
#endif /* OC_SECURITY */
{
OC_DBG("Outbound network event: unicast message");
......
......@@ -128,7 +128,8 @@ prepare_coap_request(oc_client_cb_t *cb)
type = COAP_TYPE_CON;
}
transaction = coap_new_transaction(cb->mid, &cb->endpoint);
transaction =
coap_new_transaction(cb->mid, cb->token, cb->token_len, &cb->endpoint);
if (!transaction) {
return false;
......
......@@ -919,6 +919,8 @@ oc_handle_collection_request(oc_method_t method, oc_request_t *request,
else
method_not_found = true;
break;
default:
break;
}
}
}
......@@ -990,6 +992,8 @@ oc_handle_collection_request(oc_method_t method, oc_request_t *request,
case OC_DELETE:
code = oc_status_code(OC_STATUS_DELETED);
break;
default:
break;
}
}
request->response->response_buffer->content_format = APPLICATION_VND_OCF_CBOR;
......
......@@ -21,8 +21,7 @@
#include "util/oc_process.h"
#ifdef __cplusplus
extern "C"
{
extern "C" {
#endif
typedef enum {
......@@ -37,6 +36,10 @@ typedef enum {
INTERFACE_DOWN,
INTERFACE_UP,
TLS_CLOSE_ALL_SESSIONS,
#ifdef OC_OSCORE
INBOUND_OSCORE_EVENT,
OUTBOUND_OSCORE_EVENT,
#endif /* OC_OSCORE */
#ifdef OC_SOFTWARE_UPDATE
SW_UPDATE_NSA,
SW_UPDATE_DOWNLOADED,
......
......@@ -255,3 +255,61 @@ oc_join_string_array(oc_string_array_t *ocstringarray, oc_string_t *ocstring)
}
strcpy((char *)oc_string(*ocstring) + len, "");
}
int
oc_conv_byte_array_to_hex_string(const uint8_t *array, size_t array_len,
char *hex_str, size_t *hex_str_len)
{
if (*hex_str_len < array_len * 2 + 1) {
return -1;
}
*hex_str_len = 0;
size_t i;
for (i = 0; i < array_len; i++) {
snprintf(hex_str + *hex_str_len, 3, "%02x", array[i]);
*hex_str_len += 2;
}
hex_str[*hex_str_len++] = '\0';
return 0;
}
int
oc_conv_hex_string_to_byte_array(const char *hex_str, size_t hex_str_len,
uint8_t *array, size_t *array_len)
{
if (hex_str_len < 1) {
return -1;
}
size_t a = hex_str_len / 2.0 + 0.5;
if (*array_len < a) {
return -1;
}
*array_len = a;
a = 0;
uint32_t tmp;
size_t i, start;
if (hex_str_len % 2 == 0) {
start = 0;
} else {
start = 1;
sscanf(&hex_str[0], "%1x", &tmp);
array[a++] = (uint8_t)tmp;
}
for (i = start; i <= hex_str_len - 2; i += 2) {
sscanf(&hex_str[i], "%2x", &tmp);
array[a++] = (uint8_t)tmp;
}
return 0;
}
......@@ -83,7 +83,11 @@ oc_get_factory_presets_cb(void)
#ifdef OC_DYNAMIC_ALLOCATION
#include "oc_buffer_settings.h"
static size_t _OC_MTU_SIZE = 2048 + COAP_MAX_HEADER_SIZE;
#ifdef OC_OSCORE
static size_t _OC_MTU_SIZE = 1024 + 2 * COAP_MAX_HEADER_SIZE;
#else /* OC_OSCORE */
static size_t _OC_MTU_SIZE = 1024 + COAP_MAX_HEADER_SIZE;
#endif /* !OC_OSCORE */
static size_t _OC_MAX_APP_DATA_SIZE = 8192;
static size_t _OC_BLOCK_SIZE = 1024;
......@@ -94,7 +98,11 @@ oc_set_mtu_size(size_t mtu_size)
#ifdef OC_BLOCK_WISE
if (mtu_size < (COAP_MAX_HEADER_SIZE + 16))
return -1;
#ifdef OC_OSCORE
_OC_MTU_SIZE = mtu_size + COAP_MAX_HEADER_SIZE;
#else /* OC_OSCORE */
_OC_MTU_SIZE = mtu_size;
#endif /* !OC_OSCORE */
mtu_size -= COAP_MAX_HEADER_SIZE;
size_t i;
for (i = 10; i >= 4 && (mtu_size >> i) == 0; i--)
......
......@@ -58,6 +58,9 @@
#include "security/oc_roles.h"
#include "security/oc_tls.h"
#include "security/oc_audit.h"
#ifdef OC_OSCORE
#include "security/oc_oscore.h"
#endif /* OC_OSCORE */
#endif /* OC_SECURITY */
#ifdef OC_SERVER
......@@ -245,6 +248,9 @@ start_processes(void)
#ifdef OC_SECURITY
oc_process_start(&oc_tls_handler, NULL);
#ifdef OC_OSCORE
oc_process_start(&oc_oscore_handler, NULL);
#endif /* OC_OSCORE */
#endif /* OC_SECURITY */
oc_process_start(&oc_network_events, NULL);
......@@ -265,6 +271,9 @@ stop_processes(void)
oc_process_exit(&coap_engine);
#ifdef OC_SECURITY
#ifdef OC_OSCORE
oc_process_exit(&oc_oscore_handler);
#endif /* OC_OSCORE */
oc_process_exit(&oc_tls_handler);
#endif /* OC_SECURITY */
......@@ -1365,6 +1374,17 @@ oc_ri_invoke_client_cb(void *response, oc_client_cb_t *cb,
coap_get_header_observe(pkt, (uint32_t *)&client_response.observe_option);
#endif /* !OC_BLOCK_WISE */
#if defined(OC_OSCORE) && defined(OC_SECURITY)
if (client_response.observe_option > 1) {
uint64_t notification_num = 0;
oscore_read_piv(endpoint->piv, endpoint->piv_len, &notification_num);
if (notification_num < cb->notification_num) {
return true;
}
cb->notification_num = notification_num;
}
#endif /* OC_OSCORE && OC_SECURITY */
bool separate = false;
#ifdef OC_BLOCK_WISE
......
......@@ -475,8 +475,8 @@ oc_send_separate_response(oc_separate_response_t *handle,
while (cur != NULL) {
next = cur->next;
if (cur->observe < 3) {
coap_transaction_t *t =
coap_new_transaction(coap_get_mid(), &cur->endpoint);
coap_transaction_t *t = coap_new_transaction(
coap_get_mid(), cur->token, cur->token_len, &cur->endpoint);
if (t) {
coap_separate_resume(response, cur,
(uint8_t)oc_status_code(response_code), t->mid);
......
/*
// Copyright (c) 2016 Intel Corporation
// Copyright (c) 2016, 2020 Intel Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
......@@ -20,6 +20,9 @@
#define OC_CLIENT_STATE_H
#include "messaging/coap/constants.h"
#ifdef OC_OSCORE
#include "messaging/coap/oscore_constants.h"
#endif /* OC_OSCORE */
#include "oc_endpoint.h"
#include "oc_ri.h"
#include <stdbool.h>
......@@ -88,6 +91,11 @@ typedef struct oc_client_cb_t
bool stop_multicast_receive;
uint8_t ref_count;
uint8_t separate;
#ifdef OC_OSCORE
uint8_t piv[OSCORE_PIV_LEN];
uint8_t piv_len;
uint64_t notification_num;
#endif /* OC_OSCORE */
} oc_client_cb_t;
#ifdef OC_BLOCK_WISE
......
/*
// Copyright (c) 2016-2019 Intel Corporation
// Copyright (c) 2016-2020 Intel Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
......@@ -24,14 +24,14 @@
#include "util/oc_list.h"
#ifdef __cplusplus
extern "C"
{
extern "C" {
#endif
typedef enum oc_sec_credtype_t {
OC_CREDTYPE_NULL = 0,
OC_CREDTYPE_PSK = 1,
OC_CREDTYPE_CERT = 8
OC_CREDTYPE_CERT = 8,
OC_CREDTYPE_OSCORE = 64
} oc_sec_credtype_t;
typedef enum oc_sec_credusage_t {
......@@ -73,6 +73,9 @@ typedef struct oc_sec_cred_t
struct oc_sec_cred_t *child;
void *ctx;
#endif /* OC_PKI */
#ifdef OC_OSCORE
void *oscore_ctx;
#endif /* OC_OSCORE */
int credid;
oc_sec_credtype_t credtype;
oc_uuid_t subjectuuid;
......
/*
// Copyright (c) 2017 Intel Corporation
// Copyright (c) 2017, 2020 Intel Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
......@@ -21,6 +21,9 @@
#include "oc_helpers.h"
#include "oc_uuid.h"
#ifdef OC_OSCORE
#include "messaging/coap/oscore_constants.h"
#endif /* OC_OSCORE */
#ifdef __cplusplus
extern "C" {
......@@ -71,6 +74,10 @@ typedef struct oc_endpoint_t
int interface_index;
uint8_t priority;
ocf_version_t version;
#ifdef OC_OSCORE
uint8_t piv[OSCORE_PIV_LEN];
uint8_t piv_len;
#endif /* OC_OSCORE */
} oc_endpoint_t;
#define oc_make_ipv4_endpoint(__name__, __flags__, __port__, ...) \
......
......@@ -27,8 +27,7 @@
#include <string.h>
#ifdef __cplusplus
extern "C"
{
extern "C" {
#endif
typedef struct oc_mmem oc_handle_t, oc_string_t, oc_array_t, oc_string_array_t,
......@@ -188,6 +187,14 @@ void _oc_alloc_string_array(
#endif
oc_string_array_t *ocstringarray, size_t size);
/* Conversions between hex encoded strings and byte arrays */
int oc_conv_byte_array_to_hex_string(const uint8_t *array, size_t array_len,
char *hex_str, size_t *hex_str_len);
int oc_conv_hex_string_to_byte_array(const char *hex_str, size_t hex_str_len,
uint8_t *array, size_t *array_len);
#ifdef __cplusplus
}
#endif
......
......@@ -616,6 +616,11 @@ int oc_obt_device_hard_reset(oc_uuid_t *uuid, oc_obt_device_status_cb_t cb,
*/
int oc_obt_provision_pairwise_credentials(oc_uuid_t *uuid1, oc_uuid_t *uuid2,
oc_obt_status_cb_t cb, void *data);
int oc_obt_provision_pairwise_oscore_contexts(oc_uuid_t *uuid1,
oc_uuid_t *uuid2,
oc_obt_status_cb_t cb,
void *data);
/**
* Provision identity certificates
*
......
......@@ -30,7 +30,7 @@
extern "C" {
#endif
typedef enum { OC_GET = 1, OC_POST, OC_PUT, OC_DELETE } oc_method_t;
typedef enum { OC_GET = 1, OC_POST, OC_PUT, OC_DELETE, OC_FETCH } oc_method_t;
typedef enum {
OC_DISCOVERABLE = (1 << 0),
......
This diff is collapsed.
/*
// Copyright (c) 2016 Intel Corporation
// Copyright (c) 2016, 2020 Intel Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
......@@ -52,7 +52,9 @@
#include "constants.h"
#include <stddef.h> /* for size_t */
#include <stdint.h>
#ifdef OC_OSCORE
#include "oscore.h"
#endif /* OC_OSCORE */
#include "oc_buffer.h"
#include "oc_config.h"
#include "port/oc_connectivity.h"
......@@ -60,8 +62,7 @@
#include "port/oc_random.h"
#ifdef __cplusplus
extern "C"
{
extern "C" {
#endif
#ifndef MAX
......@@ -77,10 +78,7 @@ extern "C"
#endif
/* bitmap for set options */
enum
{
OPTION_MAP_SIZE = sizeof(uint8_t) * 8
};
enum { OPTION_MAP_SIZE = sizeof(uint8_t) * 8 };
#define SET_OPTION(packet, opt) \
((packet)->options[opt / OPTION_MAP_SIZE] |= 1 << (opt % OPTION_MAP_SIZE))
......@@ -88,10 +86,7 @@ enum
((packet)->options[opt / OPTION_MAP_SIZE] & (1 << (opt % OPTION_MAP_SIZE)))
/* enum value for coap transport type */
typedef enum {
COAP_TRANSPORT_UDP,
COAP_TRANSPORT_TCP
} coap_transport_type_t;
typedef enum { COAP_TRANSPORT_UDP, COAP_TRANSPORT_TCP } coap_transport_type_t;
/* parsed message struct */
typedef struct
......@@ -147,7 +142,7 @@ typedef struct
uint8_t if_none_match;
#ifdef OC_TCP
// Signal option values
/* CoAP over TCP Signal option values */
uint32_t max_msg_size;
uint8_t blockwise_transfer;
uint8_t custody;
......@@ -157,6 +152,17 @@ typedef struct
uint16_t bad_csm_opt;
#endif /* OC_TCP */
#ifdef OC_OSCORE
/* OSCORE Option value */
uint8_t oscore_flags;
uint8_t piv[OSCORE_PIV_LEN];
uint8_t piv_len;
uint8_t kid_ctx[OSCORE_IDCTX_LEN];
uint8_t kid_ctx_len;
uint8_t kid[OSCORE_CTXID_LEN];
uint8_t kid_len;
#endif /* OC_OSCORE */
uint32_t payload_len;
uint8_t *payload;
} coap_packet_t;
......@@ -224,11 +230,17 @@ void coap_init_connection(void);
uint16_t coap_get_mid(void);
void coap_udp_init_message(void *packet, coap_message_type_t type, uint8_t code,
uint16_t mid);
uint16_t mid);
size_t coap_serialize_message(void *packet, uint8_t *buffer);
size_t coap_oscore_serialize_message(void *packet, uint8_t *buffer, bool inner,
bool outer, bool oscore);
void coap_send_message(oc_message_t *message);
coap_status_t coap_oscore_parse_options(void *packet, uint8_t *data,
uint32_t data_len,
uint8_t *current_option, bool inner,
bool outer, bool oscore);
coap_status_t coap_udp_parse_message(void *request, uint8_t *data,
uint16_t data_len);
uint16_t data_len);
int coap_get_query_variable(void *packet, const char *name,
const char **output);
......@@ -277,7 +289,8 @@ int coap_set_header_uri_host(void *packet, const char *host);
size_t coap_get_header_uri_path(
void *packet,
const char **path); /* in-place string might not be 0-terminated. */
size_t coap_set_header_uri_path(void *packet, const char *path, size_t path_len);
size_t coap_set_header_uri_path(void *packet, const char *path,
size_t path_len);
size_t coap_get_header_uri_query(
void *packet,
......@@ -320,6 +333,9 @@ int coap_set_header_size1(void *packet, uint32_t size);
int coap_get_payload(void *packet, const uint8_t **payload);
int coap_set_payload(void *packet, const void *payload, size_t length);
size_t coap_set_option_header(unsigned int delta, size_t length,
uint8_t *buffer);
#ifdef OC_TCP
void coap_tcp_init_message(void *packet, uint8_t code);
......@@ -327,6 +343,9 @@ size_t coap_tcp_get_packet_size(const uint8_t *data);
coap_status_t coap_tcp_parse_message(void *packet, uint8_t *data,
uint32_t data_len);
void coap_tcp_parse_message_length(const uint8_t *data, size_t *message_length,
uint8_t *num_extended_length_bytes);
#endif /* OC_TCP */
#ifdef __cplusplus
......
......@@ -105,7 +105,7 @@ coap_send_ping_message(oc_endpoint_t *endpoint, uint8_t custody_option,
}
}
coap_transaction_t *t = coap_new_transaction(0, endpoint);
coap_transaction_t *t = coap_new_transaction(0, token, token_len, endpoint);
if (!t) {
return 0;
}
......
......@@ -164,6 +164,7 @@ typedef enum {
COAP_OPTION_OBSERVE = 6, /* 0-3 B */
COAP_OPTION_URI_PORT = 7, /* 0-2 B */
COAP_OPTION_LOCATION_PATH = 8, /* 0-255 B */
COAP_OPTION_OSCORE = 9, /* 0-255 B */
COAP_OPTION_URI_PATH = 11, /* 0-255 B */
COAP_OPTION_CONTENT_FORMAT = 12, /* 0-2 B */
COAP_OPTION_MAX_AGE = 14, /* 0-4 B */
......
......@@ -89,8 +89,8 @@ static uint16_t history[OC_REQUEST_HISTORY_SIZE];
static uint8_t history_dev[OC_REQUEST_HISTORY_SIZE];
static uint8_t idx;
static bool
check_if_duplicate(uint16_t mid, uint8_t device)
bool
oc_coap_check_if_duplicate(uint16_t mid, uint8_t device)
{
size_t i;
for (i = 0; i < OC_REQUEST_HISTORY_SIZE; i++) {
......@@ -154,6 +154,16 @@ coap_audit_log(oc_message_t *msg)
}
#endif /* OC_SECURITY */
#ifdef OC_SECURITY
static oc_event_callback_retval_t
close_all_tls_sessions(void *data)
{
size_t device = (size_t)data;
oc_close_all_tls_sessions_for_device(device);
return OC_EVENT_DONE;
}
#endif /* OC_SECURITY */
/*---------------------------------------------------------------------------*/
/*- Internal API ------------------------------------------------------------*/
/*---------------------------------------------------------------------------*/
......@@ -287,7 +297,8 @@ coap_receive(oc_message_t *msg)
coap_udp_init_message(response, COAP_TYPE_ACK, CONTENT_2_05,
message->mid);
} else {
if (check_if_duplicate(message->mid, (uint8_t)msg->endpoint.device)) {
if (oc_coap_check_if_duplicate(message->mid,
(uint8_t)msg->endpoint.device)) {
return 0;
}
history[idx] = message->mid;
......@@ -304,7 +315,8 @@ coap_receive(oc_message_t *msg)
}
/* create transaction for response */
transaction = coap_new_transaction(response->mid, &msg->endpoint);
transaction =
coap_new_transaction(response->mid, NULL, 0, &msg->endpoint);
if (transaction) {
#ifdef OC_BLOCK_WISE
......@@ -646,7 +658,8 @@ coap_receive(oc_message_t *msg)
}
if (payload) {
OC_DBG("dispatching next block");
transaction = coap_new_transaction(response_mid, &msg->endpoint);
transaction =
coap_new_transaction(response_mid, NULL, 0, &msg->endpoint);
if (transaction) {
coap_udp_init_message(response, COAP_TYPE_CON, client_cb->method,
response_mid);
......@@ -723,7 +736,8 @@ coap_receive(oc_message_t *msg)
OC_DBG("processing incoming block");
if (block2 && block2_more) {
OC_DBG("issuing request for next block");
transaction = coap_new_transaction(response_mid, &msg->endpoint);
transaction =
coap_new_transaction(response_mid, NULL, 0, &msg->endpoint);
if (transaction) {
coap_udp_init_message(response, COAP_TYPE_CON, client_cb->method,
response_mid);
......@@ -846,6 +860,10 @@ send_message:
}
#endif /* OC_CLIENT && OC_BLOCK_WISE */
}
if (response->token_len > 0) {
memcpy(transaction->token, response->token, response->token_len);
transaction->token_len = response->token_len;
}
transaction->message->length =
coap_serialize_message(response, transaction->message->data);
if (transaction->message->length > 0) {
......@@ -857,7 +875,8 @@ send_message:
#ifdef OC_SECURITY
if (coap_status_code == CLOSE_ALL_TLS_SESSIONS) {
oc_close_all_tls_sessions_for_device(msg->endpoint.device);
oc_set_delayed_callback((void *)msg->endpoint.device,
&close_all_tls_sessions, 2);
}
#endif /* OC_SECURITY */
......
......@@ -63,6 +63,7 @@ OC_PROCESS_NAME(coap_engine);
void coap_init_engine(void);
/*---------------------------------------------------------------------------*/
int coap_receive(oc_message_t *message);
bool oc_coap_check_if_duplicate(uint16_t mid, uint8_t device);
#ifdef __cplusplus
}
......
......@@ -404,7 +404,8 @@ coap_notify_collection_observers(oc_resource_t *resource,
}
coap_set_header_content_format(notification, APPLICATION_VND_OCF_CBOR);
coap_set_token(notification, obs->token, obs->token_len);
transaction = coap_new_transaction(coap_get_mid(), &obs->endpoint);
transaction = coap_new_transaction(coap_get_mid(), obs->token,
obs->token_len, &obs->endpoint);
if (transaction) {
obs->last_mid = transaction->mid;
notification->mid = transaction->mid;
......@@ -603,8 +604,8 @@ coap_remove_observers_on_dos_change(size_t device, bool reset)
SERVICE_UNAVAILABLE_5_03, 0);
}
coap_set_token(notification, obs->token, obs->token_len);
coap_transaction_t *transaction =
coap_new_transaction(coap_get_mid(), &obs->endpoint);
coap_transaction_t *transaction = coap_new_transaction(
coap_get_mid(), obs->token, obs->token_len, &obs->endpoint);
if (transaction) {
notification->mid = transaction->mid;
transaction->message->length =
......@@ -827,7 +828,8 @@ coap_notify_observers(oc_resource_t *resource,
response_buf->content_format);
}
coap_set_token(notification, obs->token, obs->token_len);
transaction = coap_new_transaction(coap_get_mid(), &obs->endpoint);
transaction = coap_new_transaction(coap_get_mid(), obs->token,
obs->token_len, &obs->endpoint);
if (transaction) {
obs->last_mid = transaction->mid;
notification->mid = transaction->mid;
......
This diff is collapsed.
/*
// Copyright (c) 2020 Intel Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,