coap: Add libOSCORE

examples/coap/Cargo.toml

@@ -34,6 +34,8 @@ hexlit = "0.5.5"
 coap-numbers = "0.2.3"
 minicbor = "0.23.0"
 
+liboscore = { git = "https://gitlab.com/oscore/liboscore/", branch = "rust-backends" }
+
 [features]
 default = [ "proto-ipv4" ] # shame
 # actually embedded-nal features, we have to match them here while developing udp_nal in here

examples/coap/src/seccontext.rs

@@ -122,8 +122,7 @@ enum SecContextState {
         c_r: COwn,
     },
 
-    // TBD ... and it may need a flag to say whether or not it was confirmed?
-    Oscore(()),
+    Oscore(liboscore::PrimitiveContext),
 }
 
 impl SecContextState {
@@ -132,7 +131,7 @@ impl SecContextState {
             SecContextState::Empty => None,
             SecContextState::EdhocResponderProcessedM1(_) => None, // yet
             SecContextState::EdhocResponderSentM2 { c_r, .. } => Some(*c_r),
-            SecContextState::Oscore(_) => todo!(),
+            SecContextState::Oscore(ctx) => COwn::from_kid(ctx.recipient_id()),
         }
     }
 
@@ -361,23 +360,23 @@ impl<'a, H: coap_handler::Handler> coap_handler::Handler for OscoreEdhocHandler<
                 use crate::println;
                 let payload = request.payload();
 
+                // This whole loop-and-tree could become a single take_responder_wait3 method?
+                let cown = COwn::from_kid(&[kid]);
+                let mut pool_lock = self.pool.0.borrow_mut();
+                let matched = pool_lock
+                    .iter_mut()
+                    .filter(|c| c.corresponding_cown() == cown)
+                    .next();
+                println!("Corresponding secctx is {:?}", matched);
+                let matched = matched
+                    // following RFC8613 Section 8.2 item 2.2
+                    // FIXME unauthorized (unreleased in coap-message-utils)
+                    .ok_or_else(CoAPError::bad_request)?;
+
                 let front_trim_payload = if matches!(state, Edhoc { .. }) {
                     // We're not supporting block-wise here -- but could later, to the extent we support
                     // outer block-wise.
 
-                    // This whole loop-and-tree could become a single take_responder_wait3 method?
-                    let cown = COwn::from_kid(&[kid]);
-                    let mut pool_lock = self.pool.0.borrow_mut();
-                    let matched = pool_lock
-                        .iter_mut()
-                        .filter(|c| c.corresponding_cown() == cown)
-                        .next();
-                    println!("Corresponding secctx is {:?}", matched);
-                    let matched = matched
-                        // following RFC8613 Section 8.2 item 2.2
-                        // FIXME unauthorized (unreleased in coap-message-utils)
-                        .ok_or_else(CoAPError::bad_request)?;
-
                     // Workaround for https://github.com/openwsn-berkeley/lakers/issues/255
                     let mut decoder = minicbor::decode::Decoder::new(payload);
                     let _ = decoder
@@ -391,7 +390,7 @@ impl<'a, H: coap_handler::Handler> coap_handler::Handler for OscoreEdhocHandler<
                     // isn't processable, it's unlikely that another one would come up and be.
                     let mut taken = core::mem::replace(matched, Default::default());
 
-                    if let super::seccontext::SecContextState::EdhocResponderSentM2 {
+                    if let SecContextState::EdhocResponderSentM2 {
                         responder,
                         c_r,
                     } = taken
@@ -426,7 +425,31 @@ impl<'a, H: coap_handler::Handler> coap_handler::Handler for OscoreEdhocHandler<
                         println!("OSCORE secret: {:?}", &oscore_secret[..5]);
                         println!("OSCORE salt: {:?}", &oscore_salt[..5]);
 
-                        // *matched = something something OSCORE-but-not-confirmed
+                        let sender_id = 0x08; // FIXME: lakers can't export that?
+                        let recipient_id = kid;
+
+                        // FIXME probe cipher suite
+                        let hkdf = liboscore::HkdfAlg::from_number(5).unwrap();
+                        let aead = liboscore::AeadAlg::from_number(10).unwrap();
+
+                        let immutables = liboscore::PrimitiveImmutables::derive(
+                            hkdf,
+                            &oscore_secret,
+                            &oscore_salt,
+                            None,
+                            aead,
+                            // FIXME need KID form (but for all that's supported that works still)
+                            &[sender_id],
+                            &[recipient_id],
+                            )
+                            // FIXME convert error
+                            .unwrap();
+
+                        let context = liboscore::PrimitiveContext::new_from_fresh_material(
+                            immutables,
+                        );
+
+                        *matched = SecContextState::Oscore(context);
                     } else {
                         println!("Odd state: {:?}", taken);
                         // Return the state. Best bet is that it was already advanced to an OSCORE
@@ -441,12 +464,27 @@ impl<'a, H: coap_handler::Handler> coap_handler::Handler for OscoreEdhocHandler<
                     0
                 };
 
+                let SecContextState::Oscore(oscore_context) = matched else {
+                    // FIXME: How'd we even get there?
+                    return Err(Own(CoAPError::bad_request()));
+                };
+
                 // FIXME: Pass on a message to OSCORE, which will really not even need this mapped
                 // but needs the offset as an input to its constructed message
                 let oscore_message = &payload[front_trim_payload..];
 
+                println!("Process with ctx {:?}", oscore_context);
                 println!("Message on to OSCORE from {}: {:?}", front_trim_payload, oscore_message);
 
+                // FIXME CONTINUE HERE: To call 
+                // let (mut correlation, extracted)) = liboscore::unprotect_request(
+                //     &mut request,
+                //     oscore_option,
+                //     context,
+                //     |request| handler.extract_request_data(request),
+                // )?
+                // we need to wrap the message in a strip-edhoc data type
+
                 // Result may need somethig inside Own that again is H::RequestData
                 // todo!()
                 Err(Own(CoAPError::internal_server_error()))