Skip to content

Commit

Permalink
coap_oscore.c: Process queued OSCORE Observe responses after de-regis…
Browse files Browse the repository at this point in the history
…tration

If an Observe is de-registered, but an unsolicited Observe response is received
before the de-register response is received, then the unsolicited response
failed to get decrypted.
  • Loading branch information
mrdeep1 committed Oct 28, 2024
1 parent 92b3db2 commit 466f1e0
Show file tree
Hide file tree
Showing 7 changed files with 27 additions and 5 deletions.
1 change: 1 addition & 0 deletions examples/coap-client.c
Original file line number Diff line number Diff line change
Expand Up @@ -798,6 +798,7 @@ get_oscore_conf(void) {
if (oscore_seq_num_fp == NULL) {
fprintf(stderr, "OSCORE save restart info file error: %s\n",
oscore_seq_save_file);
coap_free(buf);
return NULL;
}
}
Expand Down
1 change: 1 addition & 0 deletions examples/coap-server.c
Original file line number Diff line number Diff line change
Expand Up @@ -1938,6 +1938,7 @@ get_oscore_conf(coap_context_t *context) {
if (oscore_seq_num_fp == NULL) {
fprintf(stderr, "OSCORE save restart info file error: %s\n",
oscore_seq_save_file);
coap_free(buf);
return NULL;
}
}
Expand Down
1 change: 1 addition & 0 deletions examples/oscore-interop-server.c
Original file line number Diff line number Diff line change
Expand Up @@ -526,6 +526,7 @@ get_oscore_conf(coap_context_t *context) {
if (oscore_seq_num_fp == NULL) {
fprintf(stderr, "OSCORE save restart info file error: %s\n",
oscore_seq_save_file);
coap_free(buf);
return NULL;
}
}
Expand Down
1 change: 1 addition & 0 deletions include/oscore/oscore_context.h
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,7 @@ struct oscore_association_t {
coap_bin_const_t *aad;
coap_bin_const_t *nonce;
coap_bin_const_t *partial_iv;
coap_bin_const_t *obs_partial_iv;
coap_tick_t last_seen;
uint8_t is_observe;
};
Expand Down
1 change: 1 addition & 0 deletions src/coap_net.c
Original file line number Diff line number Diff line change
Expand Up @@ -1843,6 +1843,7 @@ coap_send_internal(coap_session_t *session, coap_pdu_t *pdu) {

#if COAP_OSCORE_SUPPORT
if (session->oscore_encryption &&
pdu->type != COAP_MESSAGE_RST &&
!(pdu->type == COAP_MESSAGE_ACK && pdu->code == COAP_EMPTY_CODE)) {
/* Refactor PDU as appropriate RFC8613 */
coap_pdu_t *osc_pdu = coap_oscore_new_pdu_encrypted_lkd(session, pdu, NULL,
Expand Down
26 changes: 21 additions & 5 deletions src/coap_oscore.c
Original file line number Diff line number Diff line change
Expand Up @@ -697,9 +697,6 @@ coap_oscore_new_pdu_encrypted_lkd(coap_session_t *session,
if (coap_request) {
association = oscore_find_association(session, &pdu_token);
if (association) {
if (doing_observe && observe_value == 1) {
association->is_observe = 0;
}
/* Refresh the association */
coap_delete_bin_const(association->nonce);
association->nonce =
Expand All @@ -710,7 +707,12 @@ coap_oscore_new_pdu_encrypted_lkd(coap_session_t *session,
association->aad = coap_new_bin_const(cose->aad.s, cose->aad.length);
if (association->aad == NULL)
goto error;
coap_delete_bin_const(association->partial_iv);
if (doing_observe && observe_value == 1) {
coap_delete_bin_const(association->obs_partial_iv);
association->obs_partial_iv = association->partial_iv;
} else {
coap_delete_bin_const(association->partial_iv);
}
association->partial_iv =
coap_new_bin_const(cose->partial_iv.s, cose->partial_iv.length);
if (association->partial_iv == NULL)
Expand Down Expand Up @@ -831,6 +833,8 @@ coap_oscore_decrypt_pdu(coap_session_t *session,
coap_bin_const_t aad;
coap_bin_const_t nonce;
int pltxt_size = 0;
int got_resp_piv = 0;
int doing_resp_observe = 0;
uint8_t coap_request = COAP_PDU_IS_REQUEST(pdu);
coap_bin_const_t pdu_token;
uint8_t *st_encrypt;
Expand Down Expand Up @@ -1065,6 +1069,8 @@ coap_oscore_decrypt_pdu(coap_session_t *session,
session);
goto error;
}
got_resp_piv = cose->partial_iv.length ? 1 : 0;

association = oscore_find_association(session, &pdu_token);
if (association) {
rcp_ctx = association->recipient_ctx;
Expand Down Expand Up @@ -1281,7 +1287,11 @@ coap_oscore_decrypt_pdu(coap_session_t *session,

/* External AAD */
cose_encrypt0_set_key_id(cose, snd_ctx->sender_id);
cose_encrypt0_set_partial_iv(cose, association->partial_iv);
if (association->is_observe && association->obs_partial_iv && got_resp_piv) {
cose_encrypt0_set_partial_iv(cose, association->obs_partial_iv);
} else {
cose_encrypt0_set_partial_iv(cose, association->partial_iv);
}
#ifdef OSCORE_EXTRA_DEBUG
dump_cose(cose, "!req pre aad");
#endif /* OSCORE_EXTRA_DEBUG */
Expand Down Expand Up @@ -1549,6 +1559,7 @@ coap_oscore_decrypt_pdu(coap_session_t *session,
session);
goto error;
}
doing_resp_observe = 1;
break;
}
association = oscore_find_association(session, &pdu_token);
Expand All @@ -1571,6 +1582,11 @@ coap_oscore_decrypt_pdu(coap_session_t *session,
break;
}
}
if (!coap_request && !doing_resp_observe) {
if (association) {
association->is_observe = 0;
}
}
/* Need to copy across any data */
if (opt_iter.length > 0 && opt_iter.next_option &&
opt_iter.next_option[0] == COAP_PAYLOAD_START) {
Expand Down
1 change: 1 addition & 0 deletions src/oscore/oscore_context.c
Original file line number Diff line number Diff line change
Expand Up @@ -678,6 +678,7 @@ oscore_free_association(oscore_association_t *association) {
coap_delete_bin_const(association->aad);
coap_delete_bin_const(association->nonce);
coap_delete_bin_const(association->partial_iv);
coap_delete_bin_const(association->obs_partial_iv);
coap_free_type(COAP_STRING, association);
}
}
Expand Down

0 comments on commit 466f1e0

Please sign in to comment.