diff --git a/Cargo.lock b/Cargo.lock index b417087f3..4ed7a2916 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2757,19 +2757,19 @@ dependencies = [ [[package]] name = "lakers" -version = "0.6.2" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64eb682691d02609ff036a7416373edbc7cc769b0908bf2489af79461453669e" +checksum = "dc16a0cee3c98f2045e9b5eaa8f577dd4d8d668d70dec7312c9e617af222f3c5" dependencies = [ + "defmt-or-log", "lakers-shared", - "log 0.4.22", ] [[package]] name = "lakers-crypto-rustcrypto" -version = "0.6.2" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "964a5ea4c01f13129088c784b41928b93f6fd67b9a956314a899c677182c301c" +checksum = "0123f6d52cfd81204f57c7cc4e4705e043e6e5fb179f4e02d611da55f3fa21f1" dependencies = [ "aead", "aes", @@ -2783,11 +2783,11 @@ dependencies = [ [[package]] name = "lakers-shared" -version = "0.6.2" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dcdc5a0e1a5ea0387ab3e334f2061c633001db79e04d40af65bc68b41b13ef3a" +checksum = "6de83433c94e906f9dab29a69ac0d1176c7b33dbf84e4b98cd4874012e3e770d" dependencies = [ - "log 0.4.22", + "defmt-or-log", ] [[package]] diff --git a/src/ariel-os-coap/Cargo.toml b/src/ariel-os-coap/Cargo.toml index da0fc6492..798a8e19c 100644 --- a/src/ariel-os-coap/Cargo.toml +++ b/src/ariel-os-coap/Cargo.toml @@ -25,8 +25,8 @@ embassy-net = { workspace = true, features = [ embassy-sync.workspace = true embedded-nal-async = "0.8" embedded-nal-coap = { workspace = true } -lakers-crypto-rustcrypto = "0.6.0" -lakers = { version = "0.6.0", default-features = false } +lakers-crypto-rustcrypto = "0.7.2" +lakers = { version = "0.7.2", default-features = false } ariel-os-debug.workspace = true ariel-os-embassy = { workspace = true, features = ["net"] } ariel-os-random = { workspace = true, features = ["csprng"] } diff --git a/src/ariel-os-coap/src/lib.rs b/src/ariel-os-coap/src/lib.rs index f19d9c844..0d4b1fc4a 100644 --- a/src/ariel-os-coap/src/lib.rs +++ b/src/ariel-os-coap/src/lib.rs @@ -35,7 +35,7 @@ static CLIENT: OnceLock< /// This can only be run once, as it sets up a system wide CoAP handler. pub async fn coap_run(handler: impl coap_handler::Handler + coap_handler::Reporting) -> ! { use hexlit::hex; - const R: &[u8] = &hex!("72cc4761dbd4c78f758931aa589d348d1ef874a7e303ede2f140dcf3e6aa4aac"); + const R: [u8; 32] = hex!("72cc4761dbd4c78f758931aa589d348d1ef874a7e303ede2f140dcf3e6aa4aac"); static COAP: StaticCell> = StaticCell::new(); @@ -65,8 +65,8 @@ pub async fn coap_run(handler: impl coap_handler::Handler + coap_handler::Report .unwrap(); let own_identity = ( - &lakers::CredentialRPK::new(lakers::EdhocMessageBuffer::new_from_slice(&hex!("A2026008A101A5010202410A2001215820BBC34960526EA4D32E940CAD2A234148DDC21791A12AFBCBAC93622046DD44F02258204519E257236B2A0CE2023F0931F1F386CA7AFDA64FCDE0108C224C51EABF6072")).expect("Credential should be small enough")).expect("Credential should be processable"), - R, + &lakers::Credential::parse_ccs(&hex!("A2026008A101A5010202410A2001215820BBC34960526EA4D32E940CAD2A234148DDC21791A12AFBCBAC93622046DD44F02258204519E257236B2A0CE2023F0931F1F386CA7AFDA64FCDE0108C224C51EABF6072")).expect("Credential should be processable"), + &R, ); // FIXME: Should we allow users to override that? After all, this is just convenience and may diff --git a/src/lib/coapcore/Cargo.toml b/src/lib/coapcore/Cargo.toml index fe6703a23..b6d4024c2 100644 --- a/src/lib/coapcore/Cargo.toml +++ b/src/lib/coapcore/Cargo.toml @@ -17,7 +17,7 @@ workspace = true # public coap-handler = "0.2.0" coap-message = "0.3.2" -lakers = { version = "0.6.0", default-features = false } +lakers = { version = "0.7.2", default-features = false } # private arrayvec = { version = "0.7.4", default-features = false } @@ -25,7 +25,7 @@ coap-message-implementations = { version = "0.1.2", features = ["downcast"] } coap-message-utils = "0.3.3" coap-numbers = "0.2.3" hexlit = "0.5.5" -lakers-crypto-rustcrypto = "0.6.0" +lakers-crypto-rustcrypto = "0.7.2" liboscore = "0.2.1" liboscore-msgbackend = "0.2.1" diff --git a/src/lib/coapcore/src/seccontext.rs b/src/lib/coapcore/src/seccontext.rs index f26bc814f..93b76d538 100644 --- a/src/lib/coapcore/src/seccontext.rs +++ b/src/lib/coapcore/src/seccontext.rs @@ -145,15 +145,8 @@ enum SecContextStage { // :-) // actionable in response building - // - // FIXME: The 'static here means that our identity key needs to be 'static -- if identity - // roll-over is a topic, that'd be a no-go. An alternative is to both store the message and the - // ResponderWaitM3 state -- but that'll make our SecContextPool slots larger; best evaluate - // that once the states are ready and we see which ones are the big ones. Possible outcomes are - // to just do it, to store the message in the handler's `RequestData`, or to have one or a few - // slots in parallel to this in the [`SecContextPool`]. EdhocResponderProcessedM1 { - responder: lakers::EdhocResponderProcessedM1<'static, Crypto>, + responder: lakers::EdhocResponderProcessedM1, // May be removed if lakers keeps access to those around if they are set at this point at // all c_r: COwn, @@ -266,9 +259,7 @@ pub struct OscoreEdhocHandler<'a, H: coap_handler::Handler, Crypto: lakers::Cryp // locks for such sharing could still be acquired in a factory (at which point it may make // sense to make this a &mut). pool: SecContextPool, - // FIXME: That 'static is going to bite us -- but EdhocResponderProcessedM1 holds a reference - // to it -- see SecContextStage::EdhocResponderProcessedM1 - own_identity: (&'a lakers::CredentialRPK, &'static [u8]), + own_identity: (&'a lakers::Credential, &'a lakers::BytesP256ElemLen), // FIXME: This currently bakes in the assumption that there is a single tree both for // unencrypted and encrypted resources. We may later generalize this by making this a factory, @@ -288,7 +279,7 @@ impl<'a, H: coap_handler::Handler, Crypto: lakers::Crypto> OscoreEdhocHandler<'a // FIXME: Apart from an own identity, this will also need a function to convert ID_CRED_I into // a (CRED_I, AifStaticRest) pair. pub fn new( - own_identity: (&'a lakers::CredentialRPK, &'static [u8]), + own_identity: (&'a lakers::Credential, &'a lakers::BytesP256ElemLen), inner: H, crypto_factory: fn() -> Crypto, ) -> Self { @@ -496,7 +487,8 @@ impl<'a, H: coap_handler::Handler, Crypto: lakers::Crypto> coap_handler::Handler let (responder, c_i, ead_1) = lakers::EdhocResponder::new( (self.crypto_factory)(), - self.own_identity.1, + lakers::EDHOCMethod::StatStat, + *self.own_identity.1, *self.own_identity.0, ) .process_message_1(message_1) @@ -600,14 +592,14 @@ impl<'a, H: coap_handler::Handler, Crypto: lakers::Crypto> coap_handler::Handler let authorization; if id_cred_i.reference_only() { - match id_cred_i.kid { - 43 => { + match id_cred_i.as_encoded_value() { + &[43] => { info!("Peer indicates use of the one preconfigured key"); use hexlit::hex; const CRED_I: &[u8] = &hex!("A2027734322D35302D33312D46462D45462D33372D33322D333908A101A5010202412B2001215820AC75E9ECE3E50BFC8ED60399889522405C47BF16DF96660A41298CB4307F7EB62258206E5DE611388A4B8A8211334AC7D37ECB52A387D257E6DB3C2A93DF21FF3AFFC8"); - cred_i = lakers::CredentialRPK::new( + cred_i = lakers::Credential::parse_ccs( CRED_I.try_into().expect("Static credential is too large"), ) .expect("Static credential is not processable"); @@ -623,12 +615,15 @@ impl<'a, H: coap_handler::Handler, Crypto: lakers::Crypto> coap_handler::Handler } } } else { + let ccs = id_cred_i + .get_ccs() + .expect("Lakers only knows IdCred as reference or as credential"); info!( - "Got credential by value: {:?}..", - &id_cred_i.value.get_slice(0, 5) + "Got credential CCS by value: {:?}..", + &ccs.bytes.get_slice(0, 5) ); - cred_i = lakers::CredentialRPK::new(id_cred_i.value) + cred_i = lakers::Credential::parse_ccs(ccs.bytes.as_slice()) // FIXME What kind of error do we send here? .map_err(|_| Own(CoAPError::bad_request()))?;