Skip to content

Commit

Permalink
Update for primary commit obgm#6 (to be squashed later)
Browse files Browse the repository at this point in the history 
Fix for later versions of MBed TLS

Fix a couple of ifdef which should be if
  • Loading branch information
@mrdeep1
mrdeep1 committed Nov 28, 2022
1 parent 43982b2 commit f770d63
Show file tree
Hide file tree
Showing 3 changed files with 46 additions and 7 deletions.
39 changes: 38 additions & 1 deletion src/coap_mbedtls.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2748,7 +2748,9 @@ coap_crypto_aead_encrypt(const coap_crypto_param_t *params,
size_t *max_result_len) {
mbedtls_cipher_context_t ctx;
const coap_crypto_aes_ccm_t *ccm;
#if (MBEDTLS_VERSION_NUMBER < 0x02150000)
unsigned char tag[16];
#endif /* MBEDTLS_VERSION_NUMBER < 0x02150000 */
int ret = 0;
size_t result_len = *max_result_len;
coap_bin_const_t laad;
Expand Down Expand Up @@ -2778,6 +2780,7 @@ coap_crypto_aead_encrypt(const coap_crypto_param_t *params,
laad.length = 0;
}

#if (MBEDTLS_VERSION_NUMBER < 0x02150000)
C(mbedtls_cipher_auth_encrypt(&ctx,
ccm->nonce,
15 - ccm->l, /* iv */
Expand All @@ -2790,7 +2793,6 @@ coap_crypto_aead_encrypt(const coap_crypto_param_t *params,
tag,
ccm->tag_len /* tag */
));

/* check if buffer is sufficient to hold tag */
if ((result_len + ccm->tag_len) > *max_result_len) {
coap_log(LOG_ERR, "coap_encrypt: buffer too small\n");
Expand All @@ -2800,6 +2802,23 @@ coap_crypto_aead_encrypt(const coap_crypto_param_t *params,
memcpy(result + result_len, tag, ccm->tag_len);
*max_result_len = result_len + ccm->tag_len;
ret = 1;
#else /* MBEDTLS_VERSION_NUMBER >= 0x02150000 */
C(mbedtls_cipher_auth_encrypt_ext(&ctx,
ccm->nonce,
15 - ccm->l, /* iv */
laad.s,
laad.length, /* ad */
data->s,
data->length, /* input */
result,
result_len,
&result_len, /* output */
ccm->tag_len /* tag */
));
*max_result_len = result_len;
ret = 1;
#endif /* MBEDTLS_VERSION_NUMBER >= 0x02150000 */

error:
mbedtls_cipher_free(&ctx);
return ret;
Expand All @@ -2813,7 +2832,9 @@ coap_crypto_aead_decrypt(const coap_crypto_param_t *params,
size_t *max_result_len) {
mbedtls_cipher_context_t ctx;
const coap_crypto_aes_ccm_t *ccm;
#if (MBEDTLS_VERSION_NUMBER < 0x02150000)
const unsigned char *tag;
#endif /* MBEDTLS_VERSION_NUMBER < 0x02150000 */
int ret = 0;
size_t result_len = *max_result_len;
coap_bin_const_t laad;
Expand Down Expand Up @@ -2849,6 +2870,7 @@ coap_crypto_aead_decrypt(const coap_crypto_param_t *params,
laad.length = 0;
}

#if (MBEDTLS_VERSION_NUMBER < 0x02150000)
tag = data->s + data->length - ccm->tag_len;
C(mbedtls_cipher_auth_decrypt(&ctx,
ccm->nonce,
Expand All @@ -2862,6 +2884,21 @@ coap_crypto_aead_decrypt(const coap_crypto_param_t *params,
tag,
ccm->tag_len /* tag */
));
#else /* MBEDTLS_VERSION_NUMBER >= 0x02150000 */
C(mbedtls_cipher_auth_decrypt_ext(&ctx,
ccm->nonce,
15 - ccm->l, /* iv */
laad.s,
laad.length, /* ad */
data->s,
// data->length - ccm->tag_len, /* input */
data->length, /* input */
result,
result_len,
&result_len, /* output */
ccm->tag_len /* tag */
));
#endif /* MBEDTLS_VERSION_NUMBER >= 0x02150000 */

*max_result_len = result_len;
ret = 1;
Expand Down
12 changes: 7 additions & 5 deletions src/coap_oscore.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
static oscore_ctx_t *coap_oscore_init(coap_context_t *c_context,
coap_oscore_conf_t *oscore_conf);

#ifdef COAP_CLIENT_SUPPORT
#if COAP_CLIENT_SUPPORT

int
coap_oscore_initiate(coap_session_t *session, coap_oscore_conf_t *oscore_conf) {
Expand Down Expand Up @@ -122,7 +122,7 @@ coap_new_client_session_oscore_pki(coap_context_t *ctx,
return session;
}
#endif /* COAP_CLIENT_SUPPORT */
#ifdef COAP_SERVER_SUPPORT
#if COAP_SERVER_SUPPORT

int
coap_context_oscore_server(coap_context_t *context,
Expand Down Expand Up @@ -787,7 +787,9 @@ coap_oscore_decrypt_pdu(coap_session_t *session,
uint8_t external_aad_buffer[100];
coap_bin_const_t external_aad;
oscore_sender_ctx_t *snd_ctx = NULL;
#if COAP_CLIENT_SUPPORT
coap_pdu_t *sent_pdu = NULL;
#endif /* COAP_CLIENT_SUPPORT */

opt = coap_check_option(pdu, COAP_OPTION_OSCORE, &opt_iter);
assert(opt);
Expand Down Expand Up @@ -1013,8 +1015,8 @@ coap_oscore_decrypt_pdu(coap_session_t *session,
rcp_ctx = association->recipient_ctx;
osc_ctx = rcp_ctx->osc_ctx;
snd_ctx = osc_ctx->sender_context;
#if COAP_CLIENT_SUPPORT
sent_pdu = association->sent_pdu;
#ifdef COAP_CLIENT_SUPPORT
if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
const uint8_t *ptr = cose->kid_context.s;

Expand Down Expand Up @@ -1366,7 +1368,7 @@ coap_oscore_decrypt_pdu(coap_session_t *session,
1);
goto error_no_ack;
}
#ifdef COAP_CLIENT_SUPPORT
#if COAP_CLIENT_SUPPORT
if (session->b_2_step == COAP_OSCORE_B_2_STEP_3) {
/*
* Need to update Security Context with new (R2 || R3) ID Context
Expand Down Expand Up @@ -1404,7 +1406,7 @@ coap_oscore_decrypt_pdu(coap_session_t *session,
}
#endif /* COAP_CLIENT_SUPPORT */

#ifdef COAP_SERVER_SUPPORT
#if COAP_SERVER_SUPPORT
/* Appendix B.1.2 request Trap */
if (coap_request && osc_ctx->rfc8613_b_1_2) {
if (rcp_ctx->initial_state == 1) {
Expand Down
2 changes: 1 addition & 1 deletion src/coap_session.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1732,7 +1732,7 @@ const char *coap_endpoint_str(const coap_endpoint_t *endpoint) {
return szEndpoint;
}
#endif /* COAP_SERVER_SUPPORT */
#ifdef COAP_CLIENT_SUPPORT
#if COAP_CLIENT_SUPPORT
void
coap_session_set_no_observe_cancel(coap_session_t *session) {
session->no_observe_cancel = 1;
Expand Down

0 comments on commit f770d63

Please sign in to comment.