1
2 #include <stdio.h>
3
4 #include <zephyr/zephyr.h>
5 #include <zephyr/ztest.h>
6 #include "oscore.h"
7
8 #include "oscore_test_vectors.h"
9
10 #include "oscore/oscore_coap.h"
11 #include "oscore/option.h"
12
13 #include "common/print_util.h"
14
15 enum reverse_t {
16 NORMAL,
17 REVERSED
18 };
19
20 enum freshness_t {
21 FRESH,
22 RESTORED
23 };
24
get_default_params(enum reverse_t is_reversed,enum freshness_t is_fresh)25 static struct oscore_init_params get_default_params(enum reverse_t is_reversed, enum freshness_t is_fresh)
26 {
27 struct byte_array sender = { .ptr = (uint8_t *)T1__SENDER_ID, .len = T1__SENDER_ID_LEN };
28 struct byte_array recipient = { .ptr = (uint8_t *)T1__RECIPIENT_ID, .len = T1__RECIPIENT_ID_LEN };
29
30 struct oscore_init_params params = {
31 .master_secret.ptr = (uint8_t *)T1__MASTER_SECRET,
32 .master_secret.len = T1__MASTER_SECRET_LEN,
33 .sender_id = (is_reversed == NORMAL) ? sender : recipient,
34 .recipient_id = (is_reversed == NORMAL) ? recipient : sender,
35 .master_salt.ptr = (uint8_t *)T1__MASTER_SALT,
36 .master_salt.len = T1__MASTER_SALT_LEN,
37 .id_context.ptr = (uint8_t *)T1__ID_CONTEXT,
38 .id_context.len = T1__ID_CONTEXT_LEN,
39 .aead_alg = OSCORE_AES_CCM_16_64_128,
40 .hkdf = OSCORE_SHA_256,
41 .fresh_master_secret_salt = (is_fresh == FRESH),
42 };
43 return params;
44 }
45
46 /**
47 * Test 1:
48 * - Client Key derivation with master salt see RFC8613 Appendix C.1.1
49 * - Generating OSCORE request with key form C.1.1 see RFC8613 Appendix C.4
50 */
t1_oscore_client_request_response(void)51 void t1_oscore_client_request_response(void)
52 {
53 enum err r;
54 struct context c_client;
55 struct oscore_init_params params = get_default_params(NORMAL, RESTORED);
56
57 r = oscore_context_init(¶ms, &c_client);
58
59 zassert_equal(r, ok, "Error in oscore_context_init");
60
61 /*
62 required only for the test vector.
63 during normal operation the sender sequence number is
64 increased automatically after every sending
65 */
66 //c_client.sc.ssn = 20;
67
68 uint8_t buf_oscore[256];
69 uint32_t buf_oscore_len = sizeof(buf_oscore);
70 uint8_t buf_coap[256];
71 uint32_t buf_coap_len = sizeof(buf_coap);
72
73 /*test converting the request*/
74 r = coap2oscore((uint8_t *)T1__COAP_REQ, T1__COAP_REQ_LEN,
75 (uint8_t *)&buf_oscore, &buf_oscore_len, &c_client);
76 zassert_equal(r, ok, "Error in coap2oscore!");
77
78 zassert_mem_equal__(c_client.sc.sender_key.ptr, T1__SENDER_KEY,
79 c_client.sc.sender_key.len,
80 "T1 sender key derivation failed");
81
82 zassert_mem_equal__(c_client.rc.recipient_key.ptr, T1__RECIPIENT_KEY,
83 c_client.rc.recipient_key.len,
84 "T1 recipient key derivation failed");
85
86 zassert_mem_equal__(c_client.cc.common_iv.ptr, T1__COMMON_IV,
87 c_client.cc.common_iv.len,
88 "T1 common IV derivation failed");
89
90 zassert_mem_equal__(&buf_oscore, T1__OSCORE_REQ, T1__OSCORE_REQ_LEN,
91 "coap2oscore failed");
92
93 /*test converting the response*/
94 r = oscore2coap((uint8_t *)T1__OSCORE_RESP, T1__OSCORE_RESP_LEN,
95 (uint8_t *)&buf_coap, &buf_coap_len, &c_client);
96 zassert_equal(r, ok, "Error in coap2oscore!");
97 zassert_mem_equal__(&buf_coap, T1__COAP_RESPONSE, T1__COAP_RESPONSE_LEN,
98 "coap2oscore failed");
99 }
100
101 /**
102 * Test 3:
103 * - Client Key derivation without master salt see RFC8613 Appendix C.2.1
104 * - Generating OSCORE request with key form C.2.1 see RFC8613 Appendix C.5
105 */
t3_oscore_client_request(void)106 void t3_oscore_client_request(void)
107 {
108 enum err r;
109 struct context c_client;
110 struct oscore_init_params params = {
111 .master_secret.ptr = (uint8_t *)T3__MASTER_SECRET,
112 .master_secret.len = T3__MASTER_SECRET_LEN,
113 .sender_id.ptr = (uint8_t *)T3__SENDER_ID,
114 .sender_id.len = T3__SENDER_ID_LEN,
115 .recipient_id.ptr = (uint8_t *)T3__RECIPIENT_ID,
116 .recipient_id.len = T3__RECIPIENT_ID_LEN,
117 .master_salt.ptr = (uint8_t *)T3__MASTER_SALT,
118 .master_salt.len = T3__MASTER_SALT_LEN,
119 .id_context.ptr = (uint8_t *)T3__ID_CONTEXT,
120 .id_context.len = T3__ID_CONTEXT_LEN,
121 .aead_alg = OSCORE_AES_CCM_16_64_128,
122 .hkdf = OSCORE_SHA_256,
123 .fresh_master_secret_salt = true,
124 };
125
126 r = oscore_context_init(¶ms, &c_client);
127
128 zassert_equal(r, ok, "Error in oscore_context_init");
129
130 /*
131 required only for the test vector.
132 during normal operation the sender sequence number is
133 increased automatically after every sending
134 */
135 c_client.sc.ssn = 20;
136
137 uint8_t buf_oscore[256];
138 uint32_t buf_oscore_len = sizeof(buf_oscore);
139
140 r = coap2oscore((uint8_t *)T3__COAP_REQ, T3__COAP_REQ_LEN,
141 (uint8_t *)&buf_oscore, &buf_oscore_len, &c_client);
142
143 zassert_equal(r, ok, "Error in coap2oscore!");
144
145 zassert_mem_equal__(&buf_oscore, T3__OSCORE_REQ, T3__OSCORE_REQ_LEN,
146 "coap2oscore failed");
147 }
148
149 /**
150 * Test 5 :
151 * - Client Key derivation with ID Context see Appendix 3.1
152 * - OSCORE request generation see Appendix C6
153 */
t5_oscore_client_request(void)154 void t5_oscore_client_request(void)
155 {
156 enum err r;
157 struct context c_client;
158 struct oscore_init_params params = {
159 .master_secret.ptr = (uint8_t *)T5__MASTER_SECRET,
160 .master_secret.len = T5__MASTER_SECRET_LEN,
161 .sender_id.ptr = (uint8_t *)T5__SENDER_ID,
162 .sender_id.len = T5__SENDER_ID_LEN,
163 .recipient_id.ptr = (uint8_t *)T5__RECIPIENT_ID,
164 .recipient_id.len = T5__RECIPIENT_ID_LEN,
165 .master_salt.ptr = (uint8_t *)T5__MASTER_SALT,
166 .master_salt.len = T5__MASTER_SALT_LEN,
167 .id_context.ptr = (uint8_t *)T5__ID_CONTEXT,
168 .id_context.len = T5__ID_CONTEXT_LEN,
169 .aead_alg = OSCORE_AES_CCM_16_64_128,
170 .hkdf = OSCORE_SHA_256,
171 .fresh_master_secret_salt = true,
172 };
173
174 r = oscore_context_init(¶ms, &c_client);
175
176 zassert_equal(r, ok, "Error in oscore_context_init");
177
178 /*
179 required only for the test vector.
180 during normal operation the sender sequence number is
181 increased automatically after every sending
182 */
183 c_client.sc.ssn = 20;
184
185 uint8_t buf_oscore[256];
186 uint32_t buf_oscore_len = sizeof(buf_oscore);
187
188 r = coap2oscore((uint8_t *)T5__COAP_REQ, T5__COAP_REQ_LEN,
189 (uint8_t *)&buf_oscore, &buf_oscore_len, &c_client);
190
191 zassert_equal(r, ok, "Error in coap2oscore!");
192
193 zassert_mem_equal__(&buf_oscore, T5__OSCORE_REQ, buf_oscore_len,
194 "coap2oscore failed");
195 }
196
197 /**
198 * Test 2:
199 * - Server Key derivation with master salt see RFC8613 Appendix C.1.2
200 * - Generating OSCORE response with key form C.1.2 see RFC8613 Appendix C.7
201 */
t2_oscore_server_request_response(void)202 void t2_oscore_server_request_response(void)
203 {
204 enum err r;
205 struct context c_server;
206 struct oscore_init_params params_server = {
207 .master_secret.ptr = (uint8_t *)T2__MASTER_SECRET,
208 .master_secret.len = T2__MASTER_SECRET_LEN,
209 .sender_id.ptr = (uint8_t *)T2__SENDER_ID,
210 .sender_id.len = T2__SENDER_ID_LEN,
211 .recipient_id.ptr = (uint8_t *)T2__RECIPIENT_ID,
212 .recipient_id.len = T2__RECIPIENT_ID_LEN,
213 .master_salt.ptr = (uint8_t *)T2__MASTER_SALT,
214 .master_salt.len = T2__MASTER_SALT_LEN,
215 .id_context.ptr = (uint8_t *)T2__ID_CONTEXT,
216 .id_context.len = T2__ID_CONTEXT_LEN,
217 .aead_alg = OSCORE_AES_CCM_16_64_128,
218 .hkdf = OSCORE_SHA_256,
219 .fresh_master_secret_salt = true,
220 };
221
222 r = oscore_context_init(¶ms_server, &c_server);
223
224 zassert_equal(r, ok, "Error in oscore_context_init");
225
226 /*Test decrypting of an incoming request*/
227 uint8_t buf_coap[256];
228 uint32_t buf_coap_len = sizeof(buf_coap);
229
230 r = oscore2coap((uint8_t *)T2__OSCORE_REQ, T2__OSCORE_REQ_LEN, buf_coap,
231 &buf_coap_len, &c_server);
232
233 zassert_equal(r, ok, "Error in oscore2coap! Error code: %d", r);
234 zassert_mem_equal__(&buf_coap, T2__COAP_REQ, buf_coap_len,
235 "oscore2coap failed");
236
237 /*test response not matching the recipient ID*/
238 uint8_t wrong_recipient_id[] = { 0x02 };
239 c_server.rc.recipient_id.ptr = wrong_recipient_id;
240 c_server.rc.recipient_id.len = sizeof(wrong_recipient_id);
241
242 r = oscore2coap((uint8_t *)T2__OSCORE_REQ, T2__OSCORE_REQ_LEN,
243 (uint8_t *)&buf_coap, &buf_coap_len, &c_server);
244 zassert_equal(r, oscore_kid_recipient_id_mismatch,
245 "Error in coap2oscore!");
246
247 /*Test generating an encrypted response, see Appendix C7*/
248 uint8_t buf_oscore[256];
249 uint32_t buf_oscore_len = sizeof(buf_oscore);
250
251 r = coap2oscore((uint8_t *)T2__COAP_RESPONSE, T2__COAP_RESPONSE_LEN,
252 (uint8_t *)&buf_oscore, &buf_oscore_len, &c_server);
253
254 zassert_equal(r, ok, "Error in coap2oscore");
255
256 zassert_mem_equal__(&buf_oscore, T2__OSCORE_RESP, buf_oscore_len,
257 "coap2oscore failed");
258 }
259
t4_oscore_server_key_derivation(void)260 void t4_oscore_server_key_derivation(void)
261 {
262 enum err r;
263 struct context c_server;
264 struct oscore_init_params params_server = {
265 .master_secret.ptr = (uint8_t *)T4__MASTER_SECRET,
266 .master_secret.len = T4__MASTER_SECRET_LEN,
267 .sender_id.ptr = (uint8_t *)T4__SENDER_ID,
268 .sender_id.len = T4__SENDER_ID_LEN,
269 .recipient_id.ptr = (uint8_t *)T4__RECIPIENT_ID,
270 .recipient_id.len = T4__RECIPIENT_ID_LEN,
271 .master_salt.ptr = (uint8_t *)T4__MASTER_SALT,
272 .master_salt.len = T4__MASTER_SALT_LEN,
273 .id_context.ptr = (uint8_t *)T4__ID_CONTEXT,
274 .id_context.len = T4__ID_CONTEXT_LEN,
275 .aead_alg = OSCORE_AES_CCM_16_64_128,
276 .hkdf = OSCORE_SHA_256,
277 .fresh_master_secret_salt = true,
278 };
279
280 r = oscore_context_init(¶ms_server, &c_server);
281
282 zassert_equal(r, ok, "Error in oscore_context_init");
283
284 zassert_mem_equal__(c_server.sc.sender_key.ptr, T4__SENDER_KEY,
285 c_server.sc.sender_key.len,
286 "T4 sender key derivation failed");
287
288 zassert_mem_equal__(c_server.rc.recipient_key.ptr, T4__RECIPIENT_KEY,
289 c_server.rc.recipient_key.len,
290 "T4 recipient key derivation failed");
291
292 zassert_mem_equal__(c_server.cc.common_iv.ptr, T4__COMMON_IV,
293 c_server.cc.common_iv.len,
294 "T4 common IV derivation failed");
295 }
296
297 /**
298 * Test 6:
299 * - Server Key derivation with ID context see RFC8613 Appendix C.3.2
300 */
t6_oscore_server_key_derivation(void)301 void t6_oscore_server_key_derivation(void)
302 {
303 enum err r;
304 struct context c_server;
305 struct oscore_init_params params_server = {
306 .master_secret.ptr = (uint8_t *)T6__MASTER_SECRET,
307 .master_secret.len = T6__MASTER_SECRET_LEN,
308 .sender_id.ptr = (uint8_t *)T6__SENDER_ID,
309 .sender_id.len = T6__SENDER_ID_LEN,
310 .recipient_id.ptr = (uint8_t *)T6__RECIPIENT_ID,
311 .recipient_id.len = T6__RECIPIENT_ID_LEN,
312 .master_salt.ptr = (uint8_t *)T6__MASTER_SALT,
313 .master_salt.len = T6__MASTER_SALT_LEN,
314 .id_context.ptr = (uint8_t *)T6__ID_CONTEXT,
315 .id_context.len = T6__ID_CONTEXT_LEN,
316 .aead_alg = OSCORE_AES_CCM_16_64_128,
317 .hkdf = OSCORE_SHA_256,
318 .fresh_master_secret_salt = true,
319 };
320
321 r = oscore_context_init(¶ms_server, &c_server);
322
323 zassert_equal(r, ok, "Error in oscore_context_init");
324
325 zassert_mem_equal__(c_server.sc.sender_key.ptr, T6__SENDER_KEY,
326 c_server.sc.sender_key.len,
327 "T6 sender key derivation failed");
328
329 zassert_mem_equal__(c_server.rc.recipient_key.ptr, T6__RECIPIENT_KEY,
330 c_server.rc.recipient_key.len,
331 "T6 recipient key derivation failed");
332
333 zassert_mem_equal__(c_server.cc.common_iv.ptr, T6__COMMON_IV,
334 c_server.cc.common_iv.len,
335 "T6 common IV derivation failed");
336 }
337
338 /**
339 * Test 8:
340 * - Simple ACK packet should not be encrypted and result should be the same as input buffer (see RFC8613 Section 4.2)
341 */
t8_oscore_server_response_simple_ack(void)342 void t8_oscore_server_response_simple_ack(void)
343 {
344 enum err r;
345 struct context context;
346 struct oscore_init_params params = {
347 .master_secret.ptr = (uint8_t *)T7__MASTER_SECRET,
348 .master_secret.len = T7__MASTER_SECRET_LEN,
349 .sender_id.ptr = (uint8_t *)T7__SENDER_ID,
350 .sender_id.len = T7__SENDER_ID_LEN,
351 .recipient_id.ptr = (uint8_t *)T7__RECIPIENT_ID,
352 .recipient_id.len = T7__RECIPIENT_ID_LEN,
353 .master_salt.ptr = (uint8_t *)T7__MASTER_SALT,
354 .master_salt.len = T7__MASTER_SALT_LEN,
355 .id_context.ptr = (uint8_t *)T7__ID_CONTEXT,
356 .id_context.len = T7__ID_CONTEXT_LEN,
357 .aead_alg = OSCORE_AES_CCM_16_64_128,
358 .hkdf = OSCORE_SHA_256,
359 .fresh_master_secret_salt = true,
360 };
361
362 r = oscore_context_init(¶ms, &context);
363
364 zassert_equal(r, ok, "Error in oscore_context_init");
365
366 /*Test if encrypting simple ACK message results in valid unencrypted message, see Section 4.2*/
367 uint8_t buf_oscore[256];
368 uint32_t buf_oscore_len = sizeof(buf_oscore);
369
370 r = coap2oscore((uint8_t *)T8__COAP_ACK, T8__COAP_ACK_LEN,
371 (uint8_t *)&buf_oscore, &buf_oscore_len, &context);
372
373 zassert_equal(r, ok, "Error in coap2oscore");
374
375 zassert_mem_equal__(&buf_oscore, T8__COAP_ACK, T8__COAP_ACK_LEN,
376 "coap2oscore failed");
377
378 zassert_equal(buf_oscore_len, T8__COAP_ACK_LEN, "coap2oscore failed");
379 }
380
381 /**
382 * @brief This function test the behavior of a server and a client in a typical
383 * observe exchange as depicted:
384 *
385 * client server
386 * --------- ---------
387 * | |
388 * |------registration------------>|
389 * | |
390 * |<-----notification1------------|
391 * rejected msg | x---replayed notification1----|
392 * | |
393 *
394 * See as well Appendix A.1. in RFC7641
395 */
t9_oscore_client_server_observe(void)396 void t9_oscore_client_server_observe(void)
397 {
398 /*
399 *
400 * Initialize contexts for the client and server
401 *
402 */
403 enum err r;
404 struct context c_client;
405 struct oscore_init_params params_client = get_default_params(NORMAL, FRESH);
406 r = oscore_context_init(¶ms_client, &c_client);
407 zassert_equal(r, ok, "Error in oscore_context_init for client");
408
409 struct context c_server;
410 struct oscore_init_params params_server = get_default_params(REVERSED, FRESH);
411 r = oscore_context_init(¶ms_server, &c_server);
412 zassert_equal(r, ok, "Error in oscore_context_init for server");
413
414 /*
415 *
416 *test the registration (first request)
417 *
418 */
419 PRINT_MSG("\n\n |------registration---->| \n\n");
420 uint8_t observe_val[] = { 0x00 }; /*0x00 indicates registration*/
421 uint8_t uri_path_val[] = { 't', 'e', 'm', 'p', 'e', 'r',
422 'a', 't', 'u', 'r', 'e' };
423 uint8_t token[] = { 0x4a };
424 uint8_t ser_coap_pkt_registration[40];
425 uint32_t ser_coap_pkt_registration_len =
426 sizeof(ser_coap_pkt_registration);
427 uint8_t ser_oscore_pkt[40];
428 uint32_t ser_oscore_pkt_len = sizeof(ser_oscore_pkt);
429 memset(ser_coap_pkt_registration, 0, ser_coap_pkt_registration_len);
430 memset(ser_oscore_pkt, 0, ser_oscore_pkt_len);
431
432 struct o_coap_packet coap_pkt_registration = {
433 .header = {
434 .ver = 1,
435 .type = TYPE_CON,
436 .TKL = 1,
437 .code = CODE_REQ_GET,
438 .MID = 0x0
439 },
440 .token = token,
441 .options_cnt = 2,
442 .options = {
443 { .delta = 6,
444 .len = sizeof(observe_val),
445 .value = observe_val,
446 .option_number = OBSERVE },
447 { .delta = 5,
448 .len = sizeof(uri_path_val),
449 .value = uri_path_val,
450 .option_number = URI_PATH},/*E, opt num 11*/
451 },
452 .payload.len = 0,
453 .payload.ptr = NULL,
454 };
455
456 r = coap_serialize(&coap_pkt_registration, ser_coap_pkt_registration,
457 &ser_coap_pkt_registration_len);
458 zassert_equal(
459 r, ok,
460 "Error in coap_serialize during registration packet serialization!");
461
462 PRINT_ARRAY("CoAP observe registration", ser_coap_pkt_registration,
463 ser_coap_pkt_registration_len);
464
465 r = coap2oscore(ser_coap_pkt_registration,
466 ser_coap_pkt_registration_len, ser_oscore_pkt,
467 &ser_oscore_pkt_len, &c_client);
468 zassert_equal(r, ok, "Error in coap2oscore!");
469 uint8_t EXPECTED_OSCORE_REGISTRATION[] = {
470 0x41, 0x05, 0x00, 0x00, 0x4A, 0x61, 0x00, 0x32, 0x09,
471 0x00, 0xFF, 0xAE, 0x58, 0x5E, 0x2E, 0x65, 0x89, 0x40,
472 0xE6, 0xDB, 0xF4, 0xB7, 0x08, 0xB7, 0x93, 0x37, 0x03,
473 0x41, 0x1E, 0x50, 0x8E, 0xEA, 0x79, 0x70
474 };
475 zassert_mem_equal__(&ser_oscore_pkt, EXPECTED_OSCORE_REGISTRATION,
476 sizeof(EXPECTED_OSCORE_REGISTRATION),
477 "coap2oscore failed");
478
479 PRINT_ARRAY("OSCORE observe registration", ser_oscore_pkt,
480 ser_oscore_pkt_len);
481
482 uint8_t ser_conv_coap_pkt[40];
483 uint32_t ser_conv_coap_pkt_len = sizeof(ser_conv_coap_pkt);
484
485 r = oscore2coap(ser_oscore_pkt, ser_oscore_pkt_len, ser_conv_coap_pkt,
486 &ser_conv_coap_pkt_len, &c_server);
487 zassert_equal(r, ok, "Error in oscore2coap!");
488 /*check if we recovered the coap packet that the client sent*/
489 zassert_mem_equal__(ser_coap_pkt_registration, ser_conv_coap_pkt,
490 ser_conv_coap_pkt_len, "oscore2coap failed");
491
492 PRINT_ARRAY("Converted CoAP observe registration", ser_conv_coap_pkt,
493 ser_conv_coap_pkt_len);
494
495 /*
496 *
497 *test the first notification (first response)
498 *
499 */
500
501 PRINT_MSG("\n\n |<-----notification1----| \n\n");
502
503 uint8_t ser_coap_pkt_notification1[40];
504 uint32_t ser_coap_pkt_notification1_len =
505 sizeof(ser_coap_pkt_notification1);
506 uint8_t ser_oscore_pkt_notification1[40];
507 uint32_t ser_oscore_pkt_notification1_len =
508 sizeof(ser_oscore_pkt_notification1);
509 memset(ser_coap_pkt_notification1, 0, ser_coap_pkt_notification1_len);
510 memset(ser_oscore_pkt_notification1, 0,
511 ser_oscore_pkt_notification1_len);
512
513 /*RFC7641: To provide an order among notifications for the client, the server
514 sets the value of the Observe Option in each notification to the 24
515 least significant bits of a strictly increasing sequence number.*/
516 uint32_t observe_sequence_number = 0;
517 uint32_t val = 0;
518 struct o_coap_packet coap_pkt_notification1 = {
519 .header = { .ver = 1,
520 .type = TYPE_ACK,
521 .TKL = 1,
522 .code = CODE_RESP_CONTENT,
523 .MID = 0x0 },
524 .token = token,
525 .options_cnt = 1,
526 .options = { { .delta = 6,
527 .len = 3, //take only the lower 24 bit
528 .value =
529 (uint8_t *)&val, //convert to network byte order
530 .option_number = OBSERVE } },
531 .payload.len = 0,
532 .payload.ptr = NULL,
533 };
534
535 r = coap_serialize(&coap_pkt_notification1, ser_coap_pkt_notification1,
536 &ser_coap_pkt_notification1_len);
537 zassert_equal(
538 r, ok,
539 "Error in coap_serialize during notification1 packet serialization!");
540
541 PRINT_ARRAY("CoAP observe notification1", ser_coap_pkt_notification1,
542 ser_coap_pkt_notification1_len);
543
544 r = coap2oscore(ser_coap_pkt_notification1,
545 ser_coap_pkt_notification1_len, ser_oscore_pkt,
546 &ser_oscore_pkt_len, &c_server);
547 zassert_equal(r, ok, "Error in coap2oscore!");
548 uint8_t EXPECTED_OSCORE_NOTIFICATION1[] = {
549 0x61, 0x45, 0x00, 0x00, 0x4A, 0x63, 0x00, 0x00,
550 0x00, 0x33, 0x09, 0x00, 0x01, 0xFF, 0x4D, 0xD3,
551 0x4F, 0x59, 0x4E, 0x54, 0x7B, 0x25, 0x0E, 0x1B
552 };
553 zassert_mem_equal__(&ser_oscore_pkt, EXPECTED_OSCORE_NOTIFICATION1,
554 sizeof(EXPECTED_OSCORE_NOTIFICATION1),
555 "coap2oscore failed");
556
557 PRINT_ARRAY("OSCORE observe notification1", ser_oscore_pkt,
558 ser_oscore_pkt_len);
559
560 ser_conv_coap_pkt_len = sizeof(ser_conv_coap_pkt);
561 r = oscore2coap(ser_oscore_pkt, ser_oscore_pkt_len, ser_conv_coap_pkt,
562 &ser_conv_coap_pkt_len, &c_client);
563
564 zassert_equal(r, ok, "Error in oscore2coap!");
565 uint8_t EXPECTED_CONVERTED_COAP[] = {
566 0x61, 0x45, 0x00, 0x00, 0x4A, 0x60
567 };
568 zassert_mem_equal__(&ser_conv_coap_pkt, EXPECTED_CONVERTED_COAP,
569 sizeof(EXPECTED_CONVERTED_COAP),
570 "oscore2coap failed");
571
572 PRINT_ARRAY("Converted CoAP observe notification", ser_conv_coap_pkt,
573 ser_conv_coap_pkt_len);
574
575 /*try replay notification 1*/
576 PRINT_MSG("Try to replay previous notification\n");
577 r = oscore2coap(ser_oscore_pkt, ser_oscore_pkt_len, ser_conv_coap_pkt,
578 &ser_conv_coap_pkt_len, &c_client);
579 zassert_equal(r, oscore_replay_notification_protection_error,
580 "Error in oscore2coap!");
581 }
582
583 /**
584 * @brief This function test the behavior of a server and a client for contexts
585 * stored in FLASH, after reboot of the server and the rejection of a replayed request.
586 *
587 * client server
588 * --------- ---------
589 * | |
590 * 1) |------request----------------------------->|
591 * |<-----response with ECHO option (ECHO1)----|
592 * | |
593 * 2) |------new request without ECHO opt-------->|
594 * |<-----response with new ECHO option (ECHO2)|
595 * | |
596 * 3) |------request with old ECHO option-(ECHO1)>|
597 * |<-----response with new ECHO option (ECHO3)|
598 * | |
599 * 4) |------request with ECHO option-(ECHO3)---->|
600 * |<-----response-----------------------------|
601 * | |
602 * 5) |------request----------------------------->|
603 * |------replayed request----------X | rejected message
604 *
605 * See as RFC8613 Appendix B1.2 and RFC9175
606 *
607 * - 1) and 4) are represent the normal flow.
608 * - 2), 3) and 5) represent special cases.
609 *
610 *
611 *
612 * 1) The client send a first request. The server responds with ECHO option.
613 * This flow is mandatory for contexts restored from FLASH and should be executed after
614 * every reboot of the server. Then the client should send the ECHO option that it
615 * received in the next request.
616 *
617 * 2) The client sends a new request without an ECHO option. This may happen
618 * if for some reason the client did not received the first ECHO option.
619 *
620 * 3) The client responds with wrong option -- not ECHO2 but ECHO1. The
621 * client receives a new option ECHO3 from the server.
622 *
623 * 4) The client sends the expected ECHO option ECHO3
624 * 5) The client replays an request which gets detected.
625 */
t10_oscore_client_server_after_reboot(void)626 void t10_oscore_client_server_after_reboot(void)
627 {
628 /*
629 *
630 * Initialize contexts for the client and server
631 *
632 */
633 enum err r;
634 struct context cc; //context of the client
635 struct oscore_init_params params_client = get_default_params(NORMAL, RESTORED);
636 r = oscore_context_init(¶ms_client, &cc);
637 zassert_equal(r, ok, "Error in oscore_context_init for client");
638
639 struct context cs; //context of the server
640 struct oscore_init_params params_server = get_default_params(REVERSED, RESTORED);
641 r = oscore_context_init(¶ms_server, &cs);
642 zassert_equal(r, ok, "Error in oscore_context_init for server");
643
644 /*coap and oscore buffers*/
645 uint8_t coap_pkt[40];
646 uint8_t oscore_pkt[60];
647 uint8_t conv_coap_pkt[40];
648 uint32_t coap_pkt_len;
649 uint32_t oscore_pkt_len;
650 uint32_t conv_coap_pkt_len;
651
652 /*Expected OSCORE values*/
653 const uint8_t OSCORE_REQ1[] = { 0x41, 0x02, 0x00, 0x00, 0x4A, 0x92, 0x09, 0x14, 0xFF, 0x61, 0x27, 0x10, 0x81, 0xAD, 0xF0, 0x0E, 0xEA, 0x55, 0xF1, 0x52, 0x39, 0x6C, 0xA3, 0x72, 0x46, 0x96, 0x73, 0xB2, 0x09, 0xF7 };
654
655 const uint8_t OSCORE_RESP1[] = { 0x61, 0x44, 0x00, 0x00, 0x4A, 0x93, 0x09, 0x14, 0x01, 0xFF, 0xBC, 0xB9, 0x3C, 0xA6, 0x0E, 0xF7, 0x11, 0x52, 0x39, 0x45, 0x1B, 0xEA, 0x4C, 0x81, 0x90, 0xCA, 0x60, 0x38, 0x76, 0xD6, 0x09, 0xDE, 0x46 };
656
657 const uint8_t OSCORE_RESP2[] = { 0x61, 0x44, 0x00, 0x00, 0x4A, 0x93, 0x09, 0x15, 0x01, 0xFF, 0x97, 0xA4, 0x25, 0x7B, 0x17, 0x39, 0xC0, 0x1D, 0x5E, 0x9D, 0xDA, 0x02, 0x74, 0xDB, 0xD4, 0xBF, 0xE6, 0x82, 0x18, 0x9B, 0x3B, 0xBF, 0x0E };
658
659 const uint8_t OSCORE_REQ3[] = { 0x41, 0x02, 0x00, 0x00, 0x4B, 0x92, 0x09, 0x16, 0xFF, 0x8C, 0x2F, 0xED, 0xB3, 0xBB, 0xCD, 0xEE, 0x17, 0xB0, 0x12, 0x03, 0x95, 0x74, 0xD8, 0x08, 0x55, 0x40, 0x53, 0x82, 0x2B, 0x3C, 0x79, 0xA5, 0x1B, 0xCA, 0xFC, 0xC9, 0xD0, 0xC6, 0x35, 0x50, 0xDC, 0x5D, 0x1D, 0x13 };
660
661 const uint8_t OSCORE_RESP3[] = { 0x61, 0x44, 0x00, 0x00, 0x4B, 0x93, 0x09, 0x16, 0x01, 0xFF, 0x9B, 0xE4, 0x04, 0x05, 0x9F, 0x1C, 0xCE, 0x6A, 0x43, 0x85, 0xD2, 0xD7, 0x12, 0x52, 0x49, 0xB2, 0x8A, 0xD7, 0xD5, 0x0A, 0x67, 0x09, 0x82 };
662
663 const uint8_t OSCORE_REQ4[] = { 0x41, 0x02, 0x00, 0x00, 0x4B, 0x92, 0x09, 0x17, 0xFF, 0xCD, 0x4A, 0x87, 0x1E, 0xCD, 0xE0, 0x07, 0xD2, 0xCB, 0xF5, 0xC4, 0x76, 0x84, 0x1E, 0x4C, 0x94, 0x39, 0xCE, 0x82, 0x6F, 0x1A, 0xF6, 0xB4, 0xC1, 0x68, 0xE6, 0xB3, 0xBB, 0xDB, 0x8B, 0x84, 0x4F, 0xDE, 0x95, 0x94 };
664
665 const uint8_t OSCORE_RESP4[] = { 0x61, 0x44, 0x00, 0x00, 0x4B, 0x90, 0xFF, 0x5E, 0x04, 0x3E, 0xD6, 0x11, 0x1F, 0xE7, 0xF7, 0x9D, 0x1E, 0x5F, 0x30, 0x27, 0x30 };
666
667 /**************************************************************************/
668 /* 1) |------request----------------------------->| */
669 /* |<-----response with ECHO option (ECHO1)----| */
670 /**************************************************************************/
671 /*
672 *
673 * First request
674 *
675 */
676 PRINT_MSG("\n\n |------request----------------------------->| \n\n");
677 uint8_t uri_path_val[] = { 't', 'e', 'm', 'p', 'e', 'r',
678 'a', 't', 'u', 'r', 'e' };
679 uint8_t token[] = { 0x4a };
680
681 struct o_coap_packet coap_pkt_req1 = {
682 .header = {
683 .ver = 1,
684 .type = TYPE_CON,
685 .TKL = 1,
686 .code = CODE_REQ_GET,
687 .MID = 0x0
688 },
689 .token = token,
690 .options_cnt = 1,
691 .options = {
692 { .delta = 11,
693 .len = sizeof(uri_path_val),
694 .value = uri_path_val,
695 .option_number = URI_PATH},/*E, opt num 11*/
696 },
697 .payload.len = 0,
698 .payload.ptr = NULL,
699 };
700
701 coap_pkt_len = sizeof(coap_pkt);
702 r = coap_serialize(&coap_pkt_req1, coap_pkt, &coap_pkt_len);
703 zassert_equal(r, ok, "req1 serialization failed!");
704
705 PRINT_ARRAY("CoAP req1", coap_pkt, coap_pkt_len);
706
707 oscore_pkt_len = sizeof(oscore_pkt);
708 r = coap2oscore(coap_pkt, coap_pkt_len, oscore_pkt, &oscore_pkt_len,
709 &cc);
710 zassert_equal(r, ok, "Error in coap2oscore!");
711 PRINT_ARRAY("OSCORE req1", oscore_pkt, oscore_pkt_len);
712 zassert_mem_equal__(oscore_pkt, OSCORE_REQ1, sizeof(OSCORE_REQ1),
713 "coap2oscore failed");
714
715 conv_coap_pkt_len = sizeof(conv_coap_pkt);
716 r = oscore2coap(oscore_pkt, oscore_pkt_len, conv_coap_pkt,
717 &conv_coap_pkt_len, &cs);
718
719 zassert_equal(r, first_request_after_reboot, "Error in oscore2coap!");
720
721 /*
722 *
723 * Response with ECHO option
724 *
725 *
726 */
727 PRINT_MSG("\n\n |<-----response with ECHO option (ECHO1)----| \n\n");
728
729 /*Test first the rejection of CoAP packets without an echo option*/
730 PRINT_MSG(
731 "Try first supplying a CoAP message without an ECHO option\n");
732 uint8_t COAP_RESP_WITHOUT_ECHO[] = { 0x61, 0x81, 0x00, 0x00, 0x4A };
733 oscore_pkt_len = sizeof(oscore_pkt);
734 r = coap2oscore(COAP_RESP_WITHOUT_ECHO, sizeof(COAP_RESP_WITHOUT_ECHO),
735 oscore_pkt, &oscore_pkt_len, &cs);
736 zassert_equal(r, no_echo_option, "Error in coap2oscore!");
737
738 /* do it now the correct way -- with ECHO option*/
739 uint8_t echo_opt_val1[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
740 0x06, 0x07, 0x08, 0x09, 0x10, 0x11 };
741
742 struct o_coap_packet coap_pkt_resp1 = {
743 .header = { .ver = 1,
744 .type = TYPE_ACK,
745 .TKL = 1,
746 .code = CODE_RESP_UNAUTHORIZED,
747 .MID = 0x0 },
748 .token = token,
749 .options_cnt = 1,
750 .options = { { .delta = 252,
751 .len = sizeof(echo_opt_val1),
752 .value = echo_opt_val1,
753 .option_number = ECHO } },
754 .payload.len = 0,
755 .payload.ptr = NULL,
756 };
757
758 coap_pkt_len = sizeof(coap_pkt);
759 r = coap_serialize(&coap_pkt_resp1, coap_pkt, &coap_pkt_len);
760 zassert_equal(r, ok, "Error in coap_serialize");
761
762 oscore_pkt_len = sizeof(oscore_pkt);
763 r = coap2oscore(coap_pkt, coap_pkt_len, oscore_pkt, &oscore_pkt_len,
764 &cs);
765 zassert_equal(r, ok, "Error in coap2oscore!");
766
767 PRINT_ARRAY("OSCORE resp1", oscore_pkt, oscore_pkt_len);
768 zassert_mem_equal__(oscore_pkt, OSCORE_RESP1, sizeof(OSCORE_RESP1),
769 "coap2oscore failed");
770
771 conv_coap_pkt_len = sizeof(conv_coap_pkt);
772 r = oscore2coap(oscore_pkt, oscore_pkt_len, conv_coap_pkt,
773 &conv_coap_pkt_len, &cc);
774
775 zassert_equal(r, ok, "Error in oscore2coap!");
776 zassert_mem_equal__(conv_coap_pkt, coap_pkt, conv_coap_pkt_len,
777 "oscore2coap failed");
778
779 /**************************************************************************/
780 /* 2) |------new request without ECHO opt-------->| */
781 /* |<-----response with new ECHO option (ECHO2)| */
782 /**************************************************************************/
783 /*
784 *
785 * Request
786 *
787 */
788 PRINT_MSG("\n\n|------new request without ECHO opt-------->| \n\n");
789 uint8_t COAP_REQ_WITHOUT_ECHO[] = { 0x41, 0x01, 0x00, 0x00, 0x4A };
790
791 oscore_pkt_len = sizeof(oscore_pkt);
792 r = coap2oscore(COAP_REQ_WITHOUT_ECHO, sizeof(COAP_REQ_WITHOUT_ECHO),
793 oscore_pkt, &oscore_pkt_len, &cc);
794 zassert_equal(r, ok, "Error in coap2oscore!");
795
796 PRINT_ARRAY("OSCORE req2", oscore_pkt, oscore_pkt_len);
797
798 conv_coap_pkt_len = sizeof(conv_coap_pkt);
799 r = oscore2coap(oscore_pkt, oscore_pkt_len, conv_coap_pkt,
800 &conv_coap_pkt_len, &cs);
801
802 zassert_equal(r, echo_validation_failed, "Error in oscore2coap!");
803
804 /*
805 *
806 * Response
807 *
808 */
809 PRINT_MSG("\n\n|<-----response with new ECHO option (ECHO2)|\n\n");
810 uint8_t echo_opt_val2[] = {
811 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
812 0x06, 0x07, 0x08, 0x09, 0x10, 0x22
813 }; /*last byte is different*/
814 struct o_coap_packet coap_pkt_resp2 = {
815 .header = { .ver = 1,
816 .type = TYPE_ACK,
817 .TKL = 1,
818 .code = CODE_RESP_UNAUTHORIZED,
819 .MID = 0x0 },
820 .token = token,
821 .options_cnt = 1,
822 .options = { { .delta = 252,
823 .len = sizeof(echo_opt_val2),
824 .value = echo_opt_val2,
825 .option_number = ECHO } },
826 .payload.len = 0,
827 .payload.ptr = NULL,
828 };
829
830 coap_pkt_len = sizeof(coap_pkt);
831 r = coap_serialize(&coap_pkt_resp2, coap_pkt, &coap_pkt_len);
832 zassert_equal(r, ok, "Error in coap_serialize!");
833
834 oscore_pkt_len = sizeof(oscore_pkt);
835 r = coap2oscore(coap_pkt, coap_pkt_len, oscore_pkt, &oscore_pkt_len,
836 &cs);
837 zassert_equal(r, ok, "Error in coap2oscore!");
838
839 PRINT_ARRAY("OSCORE resp2", oscore_pkt, oscore_pkt_len);
840 zassert_mem_equal__(oscore_pkt, OSCORE_RESP2, oscore_pkt_len,
841 "coap2oscore failed");
842
843 conv_coap_pkt_len = sizeof(conv_coap_pkt);
844 r = oscore2coap(oscore_pkt, oscore_pkt_len, conv_coap_pkt,
845 &conv_coap_pkt_len, &cc);
846
847 zassert_equal(r, ok, "Error in oscore2coap!");
848
849 zassert_mem_equal__(conv_coap_pkt, coap_pkt, coap_pkt_len,
850 "oscore2coap failed");
851
852 /**************************************************************************/
853 /* 3) |------request with old ECHO option-(ECHO1)>|*/
854 /* |<-----response with new ECHO option (ECHO3)|*/
855 /**************************************************************************/
856 /*
857 *
858 * Request with old ECHO option-(ECHO1)
859 *
860 */
861 PRINT_MSG("\n\n |-------request with old ECHO option-(ECHO1)>|| \n\n");
862 token[0] = 0x4b;
863
864 struct o_coap_packet coap_pkt_req2 = {
865 .header = {
866 .ver = 1,
867 .type = TYPE_CON,
868 .TKL = 1,
869 .code = CODE_REQ_GET,
870 .MID = 0x0
871 },
872 .token = token,
873 .options_cnt = 2,
874 .options = {
875 {
876 .delta = 11,
877 .len = sizeof(uri_path_val),
878 .value = uri_path_val,
879 .option_number = URI_PATH},/*E, opt num 11*/
880 {
881 .delta = 241,
882 .len = sizeof(echo_opt_val1),
883 .value = echo_opt_val1,
884 .option_number = ECHO},/*ECHO, opt num 252*/
885 },
886 .payload.len = 0,
887 .payload.ptr = NULL,
888 };
889
890 coap_pkt_len = sizeof(coap_pkt);
891 r = coap_serialize(&coap_pkt_req2, coap_pkt, &coap_pkt_len);
892 zassert_equal(r, ok, "Error in coap_serialize !");
893
894 oscore_pkt_len = sizeof(oscore_pkt);
895 r = coap2oscore(coap_pkt, coap_pkt_len, oscore_pkt, &oscore_pkt_len,
896 &cc);
897 zassert_equal(r, ok, "Error in coap2oscore!");
898
899 PRINT_ARRAY("OSCORE req3", oscore_pkt, oscore_pkt_len);
900 zassert_mem_equal__(oscore_pkt, OSCORE_REQ3, oscore_pkt_len,
901 "coap2oscore failed");
902
903 conv_coap_pkt_len = sizeof(conv_coap_pkt);
904 r = oscore2coap(oscore_pkt, oscore_pkt_len, conv_coap_pkt,
905 &conv_coap_pkt_len, &cs);
906
907 zassert_equal(r, echo_validation_failed, "Error in oscore2coap!");
908
909 /*
910 *
911 * Response option ECHO3
912 *
913 */
914 PRINT_MSG("\n\n|<-----response with new ECHO option (ECHO2)|\n\n");
915 uint8_t echo_opt_val3[] = {
916 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
917 0x06, 0x07, 0x08, 0x09, 0x10, 0x33
918 }; /*last byte is different*/
919 struct o_coap_packet coap_pkt_resp3 = {
920 .header = { .ver = 1,
921 .type = TYPE_ACK,
922 .TKL = 1,
923 .code = CODE_RESP_UNAUTHORIZED,
924 .MID = 0x0 },
925 .token = token,
926 .options_cnt = 1,
927 .options = { { .delta = 252,
928 .len = sizeof(echo_opt_val3),
929 .value = echo_opt_val3,
930 .option_number = ECHO } },
931 .payload.len = 0,
932 .payload.ptr = NULL,
933 };
934
935 coap_pkt_len = sizeof(coap_pkt);
936 r = coap_serialize(&coap_pkt_resp3, coap_pkt, &coap_pkt_len);
937 zassert_equal(r, ok, "Error in coap_serialize!");
938
939 oscore_pkt_len = sizeof(oscore_pkt);
940 r = coap2oscore(coap_pkt, coap_pkt_len, oscore_pkt, &oscore_pkt_len,
941 &cs);
942 zassert_equal(r, ok, "Error in coap2oscore!");
943
944 PRINT_ARRAY("OSCORE resp3", oscore_pkt, oscore_pkt_len);
945 zassert_mem_equal__(oscore_pkt, OSCORE_RESP3, oscore_pkt_len,
946 "coap2oscore failed");
947
948 conv_coap_pkt_len = sizeof(conv_coap_pkt);
949 r = oscore2coap(oscore_pkt, oscore_pkt_len, conv_coap_pkt,
950 &conv_coap_pkt_len, &cc);
951
952 zassert_equal(r, ok, "Error in oscore2coap!");
953
954 zassert_mem_equal__(conv_coap_pkt, coap_pkt, coap_pkt_len,
955 "oscore2coap failed");
956
957 /**************************************************************************/
958 /* 4) |------request with ECHO option-(ECHO3)---->|*/
959 /* |<-----response-----------------------------|*/
960 /**************************************************************************/
961
962 /*
963 *
964 * Request with ECHO option
965 *
966 */
967 PRINT_MSG("\n\n |------request with ECHO option-(ECHO3)---->| \n\n");
968 struct o_coap_packet coap_pkt_req4 = {
969 .header = {
970 .ver = 1,
971 .type = TYPE_CON,
972 .TKL = 1,
973 .code = CODE_REQ_GET,
974 .MID = 0x0
975 },
976 .token = token,
977 .options_cnt = 2,
978 .options = {
979 {
980 .delta = 11,
981 .len = sizeof(uri_path_val),
982 .value = uri_path_val,
983 .option_number = URI_PATH},/*E, opt num 11*/
984 {
985 .delta = 241,
986 .len = sizeof(echo_opt_val3),
987 .value = echo_opt_val3,
988 .option_number = ECHO},/*ECHO, opt num 252*/
989 },
990 .payload.len = 0,
991 .payload.ptr = NULL,
992 };
993
994 coap_pkt_len = sizeof(coap_pkt);
995 r = coap_serialize(&coap_pkt_req4, coap_pkt, &coap_pkt_len);
996 zassert_equal(r, ok, "Error in coap_serialize!");
997
998 oscore_pkt_len = sizeof(oscore_pkt);
999 r = coap2oscore(coap_pkt, coap_pkt_len, oscore_pkt, &oscore_pkt_len,
1000 &cc);
1001 zassert_equal(r, ok, "Error in coap2oscore!");
1002
1003 PRINT_ARRAY("OSCORE req4", oscore_pkt, oscore_pkt_len);
1004 zassert_mem_equal__(oscore_pkt, OSCORE_REQ4, oscore_pkt_len,
1005 "coap2oscore failed");
1006
1007 conv_coap_pkt_len = sizeof(conv_coap_pkt);
1008 r = oscore2coap(oscore_pkt, oscore_pkt_len, conv_coap_pkt,
1009 &conv_coap_pkt_len, &cs);
1010
1011 zassert_equal(r, 0, "Error in oscore2coap!");
1012 zassert_mem_equal__(conv_coap_pkt, coap_pkt, coap_pkt_len,
1013 "oscore2coap failed");
1014
1015 /*
1016 *
1017 * Normal response
1018 *
1019 */
1020 PRINT_MSG("\n\n |<------response2 ----| \n\n");
1021 uint8_t payload[] = { 0xde, 0xad, 0xbe, 0xaf };
1022
1023 struct o_coap_packet coap_pkt_resp4 = {
1024 .header = { .ver = 1,
1025 .type = TYPE_ACK,
1026 .TKL = 1,
1027 .code = CODE_RESP_CONTENT,
1028 .MID = 0x0 },
1029 .token = token,
1030 .options_cnt = 0,
1031 .options = {},
1032 .payload.len = sizeof(payload),
1033 .payload.ptr = payload,
1034 };
1035
1036 coap_pkt_len = sizeof(coap_pkt);
1037 r = coap_serialize(&coap_pkt_resp4, coap_pkt, &coap_pkt_len);
1038 zassert_equal(r, ok, "Error in coap_serialize !");
1039
1040 oscore_pkt_len = sizeof(oscore_pkt);
1041 r = coap2oscore(coap_pkt, coap_pkt_len, oscore_pkt, &oscore_pkt_len,
1042 &cs);
1043 zassert_equal(r, ok, "Error in coap2oscore!");
1044
1045 PRINT_ARRAY("OSCORE resp4", oscore_pkt, oscore_pkt_len);
1046 zassert_mem_equal__(oscore_pkt, OSCORE_RESP4, oscore_pkt_len,
1047 "coap2oscore failed");
1048
1049 conv_coap_pkt_len = sizeof(conv_coap_pkt);
1050 r = oscore2coap(oscore_pkt, oscore_pkt_len, conv_coap_pkt,
1051 &conv_coap_pkt_len, &cc);
1052
1053 zassert_equal(r, ok, "Error in oscore2coap!");
1054 zassert_mem_equal__(conv_coap_pkt, coap_pkt, coap_pkt_len,
1055 "oscore2coap failed");
1056
1057 /**************************************************************************/
1058 /* 5) |------request----------------------------->| */
1059 /* | -- -- --replayed request-- -- -- -- --X | rejected message*/
1060 /**************************************************************************/
1061
1062 /*
1063 *
1064 * Test replay protection on the server side
1065 *
1066 *
1067 */
1068 PRINT_MSG(
1069 "\n\n |------ regular request (to be replayed later)---->| \n\n");
1070 token[0] = 0x4a;
1071
1072 struct o_coap_packet coap_pkt_req5 = {
1073 .header = {
1074 .ver = 1,
1075 .type = TYPE_CON,
1076 .TKL = 1,
1077 .code = CODE_REQ_GET,
1078 .MID = 0x0
1079 },
1080 .token = token,
1081 .options_cnt = 1,
1082 .options = {
1083 { .delta = 11,
1084 .len = sizeof(uri_path_val),
1085 .value = uri_path_val,
1086 .option_number = URI_PATH},/*E, opt num 11*/
1087 },
1088 .payload.len = 0,
1089 .payload.ptr = NULL,
1090 };
1091
1092 coap_pkt_len = sizeof(coap_pkt);
1093 r = coap_serialize(&coap_pkt_req5, coap_pkt, &coap_pkt_len);
1094 zassert_equal(r, ok, "Error in coap_serialize!");
1095
1096 oscore_pkt_len = sizeof(oscore_pkt);
1097 r = coap2oscore(coap_pkt, coap_pkt_len, oscore_pkt, &oscore_pkt_len,
1098 &cc);
1099 zassert_equal(r, ok, "Error in coap2oscore!");
1100
1101 conv_coap_pkt_len = sizeof(conv_coap_pkt);
1102 r = oscore2coap(oscore_pkt, oscore_pkt_len, conv_coap_pkt,
1103 &conv_coap_pkt_len, &cs);
1104 zassert_equal(r, ok, "Error in oscore2coap!");
1105
1106 /*try to replay the request*/
1107 r = oscore2coap(oscore_pkt, oscore_pkt_len, conv_coap_pkt,
1108 &conv_coap_pkt_len, &cs);
1109
1110 zassert_equal(r, oscore_replay_window_protection_error,
1111 "Error in oscore2coap!");
1112 }
1113
1114 /**
1115 * Test 11:
1116 * According to RFC8613 p. 7.2.1, endpoint must not process any more message after reaching its final SSN value.
1117 */
t11_oscore_ssn_overflow_protection(void)1118 void t11_oscore_ssn_overflow_protection(void)
1119 {
1120 enum err result;
1121 struct context security_context;
1122 struct oscore_init_params params = get_default_params(NORMAL, RESTORED);
1123
1124 uint8_t buf_oscore[256];
1125 uint32_t buf_oscore_len = sizeof(buf_oscore);
1126 uint8_t buf_coap[256];
1127 uint32_t buf_coap_len = sizeof(buf_coap);
1128
1129 result = oscore_context_init(¶ms, &security_context);
1130 zassert_equal(result, ok, "Error in oscore_context_init");
1131
1132 /* mimic reaching final value of SSN */
1133 security_context.sc.ssn = OSCORE_SSN_OVERFLOW_VALUE;
1134
1135 /* test SSN overflow protection in coap2oscore */
1136 result = coap2oscore((uint8_t *)T1__COAP_REQ, T1__COAP_REQ_LEN,
1137 (uint8_t *)&buf_oscore, &buf_oscore_len, &security_context);
1138 zassert_equal(result, oscore_ssn_overflow, "SSN overflow not detected in coap2oscore");
1139
1140 /* test SSN overflow protection in oscore2coap */
1141 result = oscore2coap((uint8_t *)T1__OSCORE_RESP, T1__OSCORE_RESP_LEN,
1142 (uint8_t *)&buf_coap, &buf_coap_len, &security_context);
1143 zassert_equal(result, oscore_ssn_overflow, "SSN overflow not detected in oscore2coap");
1144 }
1145
