From bcb0b2d6ad6d6a91c7678ab52361405795d99661 Mon Sep 17 00:00:00 2001 From: Jon Shallow Date: Mon, 28 Nov 2022 20:25:33 +0000 Subject: [PATCH] Update for primary commit #6 (to be squashed later) Fix for later versions of MBed TLS Fix a couple of ifdef which should be if --- src/coap_mbedtls.c | 39 ++++++++++++++++++++++++++++++++++++++- src/coap_oscore.c | 12 +++++++----- src/coap_session.c | 2 +- 3 files changed, 46 insertions(+), 7 deletions(-) diff --git a/src/coap_mbedtls.c b/src/coap_mbedtls.c index fa4ea8ab00..3cacc85f0d 100644 --- a/src/coap_mbedtls.c +++ b/src/coap_mbedtls.c @@ -2755,7 +2755,9 @@ coap_crypto_aead_encrypt(const coap_crypto_param_t *params, size_t *max_result_len) { mbedtls_cipher_context_t ctx; const coap_crypto_aes_ccm_t *ccm; +#if (MBEDTLS_VERSION_NUMBER < 0x02150000) unsigned char tag[16]; +#endif /* MBEDTLS_VERSION_NUMBER < 0x02150000 */ int ret = 0; size_t result_len = *max_result_len; coap_bin_const_t laad; @@ -2785,6 +2787,7 @@ coap_crypto_aead_encrypt(const coap_crypto_param_t *params, laad.length = 0; } +#if (MBEDTLS_VERSION_NUMBER < 0x02150000) C(mbedtls_cipher_auth_encrypt(&ctx, ccm->nonce, 15 - ccm->l, /* iv */ @@ -2797,7 +2800,6 @@ coap_crypto_aead_encrypt(const coap_crypto_param_t *params, tag, ccm->tag_len /* tag */ )); - /* check if buffer is sufficient to hold tag */ if ((result_len + ccm->tag_len) > *max_result_len) { coap_log(LOG_ERR, "coap_encrypt: buffer too small\n"); @@ -2807,6 +2809,23 @@ coap_crypto_aead_encrypt(const coap_crypto_param_t *params, memcpy(result + result_len, tag, ccm->tag_len); *max_result_len = result_len + ccm->tag_len; ret = 1; +#else /* MBEDTLS_VERSION_NUMBER >= 0x02150000 */ + C(mbedtls_cipher_auth_encrypt_ext(&ctx, + ccm->nonce, + 15 - ccm->l, /* iv */ + laad.s, + laad.length, /* ad */ + data->s, + data->length, /* input */ + result, + result_len, + &result_len, /* output */ + ccm->tag_len /* tag */ + )); + *max_result_len = result_len; + ret = 1; +#endif /* MBEDTLS_VERSION_NUMBER >= 0x02150000 */ + error: mbedtls_cipher_free(&ctx); return ret; @@ -2820,7 +2839,9 @@ coap_crypto_aead_decrypt(const coap_crypto_param_t *params, size_t *max_result_len) { mbedtls_cipher_context_t ctx; const coap_crypto_aes_ccm_t *ccm; +#if (MBEDTLS_VERSION_NUMBER < 0x02150000) const unsigned char *tag; +#endif /* MBEDTLS_VERSION_NUMBER < 0x02150000 */ int ret = 0; size_t result_len = *max_result_len; coap_bin_const_t laad; @@ -2856,6 +2877,7 @@ coap_crypto_aead_decrypt(const coap_crypto_param_t *params, laad.length = 0; } +#if (MBEDTLS_VERSION_NUMBER < 0x02150000) tag = data->s + data->length - ccm->tag_len; C(mbedtls_cipher_auth_decrypt(&ctx, ccm->nonce, @@ -2869,6 +2891,21 @@ coap_crypto_aead_decrypt(const coap_crypto_param_t *params, tag, ccm->tag_len /* tag */ )); +#else /* MBEDTLS_VERSION_NUMBER >= 0x02150000 */ + C(mbedtls_cipher_auth_decrypt_ext(&ctx, + ccm->nonce, + 15 - ccm->l, /* iv */ + laad.s, + laad.length, /* ad */ + data->s, + // data->length - ccm->tag_len, /* input */ + data->length, /* input */ + result, + result_len, + &result_len, /* output */ + ccm->tag_len /* tag */ + )); +#endif /* MBEDTLS_VERSION_NUMBER >= 0x02150000 */ *max_result_len = result_len; ret = 1; diff --git a/src/coap_oscore.c b/src/coap_oscore.c index cfe0c8e558..754ef02af3 100644 --- a/src/coap_oscore.c +++ b/src/coap_oscore.c @@ -28,7 +28,7 @@ static oscore_ctx_t *coap_oscore_init(coap_context_t *c_context, coap_oscore_conf_t *oscore_conf); -#ifdef COAP_CLIENT_SUPPORT +#if COAP_CLIENT_SUPPORT int coap_oscore_initiate(coap_session_t *session, coap_oscore_conf_t *oscore_conf) { @@ -122,7 +122,7 @@ coap_new_client_session_oscore_pki(coap_context_t *ctx, return session; } #endif /* COAP_CLIENT_SUPPORT */ -#ifdef COAP_SERVER_SUPPORT +#if COAP_SERVER_SUPPORT int coap_context_oscore_server(coap_context_t *context, @@ -787,7 +787,9 @@ coap_oscore_decrypt_pdu(coap_session_t *session, uint8_t external_aad_buffer[100]; coap_bin_const_t external_aad; oscore_sender_ctx_t *snd_ctx = NULL; +#if COAP_CLIENT_SUPPORT coap_pdu_t *sent_pdu = NULL; +#endif /* COAP_CLIENT_SUPPORT */ opt = coap_check_option(pdu, COAP_OPTION_OSCORE, &opt_iter); assert(opt); @@ -1013,8 +1015,8 @@ coap_oscore_decrypt_pdu(coap_session_t *session, rcp_ctx = association->recipient_ctx; osc_ctx = rcp_ctx->osc_ctx; snd_ctx = osc_ctx->sender_context; +#if COAP_CLIENT_SUPPORT sent_pdu = association->sent_pdu; -#ifdef COAP_CLIENT_SUPPORT if (session->b_2_step != COAP_OSCORE_B_2_NONE) { const uint8_t *ptr = cose->kid_context.s; @@ -1366,7 +1368,7 @@ coap_oscore_decrypt_pdu(coap_session_t *session, 1); goto error_no_ack; } -#ifdef COAP_CLIENT_SUPPORT +#if COAP_CLIENT_SUPPORT if (session->b_2_step == COAP_OSCORE_B_2_STEP_3) { /* * Need to update Security Context with new (R2 || R3) ID Context @@ -1404,7 +1406,7 @@ coap_oscore_decrypt_pdu(coap_session_t *session, } #endif /* COAP_CLIENT_SUPPORT */ -#ifdef COAP_SERVER_SUPPORT +#if COAP_SERVER_SUPPORT /* Appendix B.1.2 request Trap */ if (coap_request && osc_ctx->rfc8613_b_1_2) { if (rcp_ctx->initial_state == 1) { diff --git a/src/coap_session.c b/src/coap_session.c index 78a313539d..e6a0d308f8 100644 --- a/src/coap_session.c +++ b/src/coap_session.c @@ -1751,7 +1751,7 @@ const char *coap_endpoint_str(const coap_endpoint_t *endpoint) { return szEndpoint; } #endif /* COAP_SERVER_SUPPORT */ -#ifdef COAP_CLIENT_SUPPORT +#if COAP_CLIENT_SUPPORT void coap_session_set_no_observe_cancel(coap_session_t *session) { session->no_observe_cancel = 1;