process_message_1: Expose C_I

This is an API change, and allows responders to build full OSCORE
contexts through knowledge of the initiator's chosen C_I.

Closes: #259

examples/coap/src/bin/coapserver-coaphandler.rs

@@ -113,7 +113,7 @@ impl coap_handler::Handler for EdhocHandler {
             let message_1 =
                 &EdhocMessageBuffer::new_from_slice(&request.payload()[1..]).map_err(too_small)?;
 
-            let (responder, ead_1) =
+            let (responder, _c_i, ead_1) =
                 EdhocResponder::new(lakers_crypto::default_crypto(), &R, cred_r)
                     .process_message_1(message_1)
                     .map_err(render_error)?;

examples/coap/src/bin/coapserver.rs

@@ -48,7 +48,7 @@ fn main() {
                     .expect("wrong length");
                 let result = responder.process_message_1(&message_1);
 
-                if let Ok((responder, ead_1)) = result {
+                if let Ok((responder, _c_i, ead_1)) = result {
                     let c_r =
                         generate_connection_identifier_cbor(&mut lakers_crypto::default_crypto());
                     let ead_2 = if let Some(ead_1) = ead_1 {

examples/lakers-no_std/src/main.rs

@@ -101,7 +101,7 @@ fn main() -> ! {
 
         let (initiator, message_1) = initiator.prepare_message_1(None, &None).unwrap();
 
-        let (responder, _ead_1) = responder.process_message_1(&message_1).unwrap();
+        let (responder, _c_i, _ead_1) = responder.process_message_1(&message_1).unwrap();
         let (responder, message_2) = responder
             .prepare_message_2(CredentialTransfer::ByReference, None, &None)
             .unwrap();

lakers-python/src/responder.rs

@@ -33,12 +33,18 @@ impl PyEdhocResponder {
         }
     }
 
-    fn process_message_1(&mut self, message_1: Vec<u8>) -> PyResult<Option<EADItem>> {
+    fn process_message_1<'a>(
+        &mut self,
+        py: Python<'a>,
+        message_1: Vec<u8>,
+    ) -> PyResult<(&'a PyBytes, Option<EADItem>)> {
         let message_1 = EdhocMessageBuffer::new_from_slice(message_1.as_slice())?;
-        let (state, ead_1) = r_process_message_1(&self.start, &mut default_crypto(), &message_1)?;
+        let (state, c_i, ead_1) =
+            r_process_message_1(&self.start, &mut default_crypto(), &message_1)?;
         self.processing_m1 = state;
+        let c_i = PyBytes::new(py, c_i.as_slice());
 
-        Ok(ead_1)
+        Ok((c_i, ead_1))
     }
 
     fn prepare_message_2<'a>(

lakers-python/test/test_ead_authz.py

@@ -68,7 +68,7 @@ def test_handshake_with_authz():
     device.set_h_message_1(initiator.get_h_message_1())
 
     # responder
-    ead_1 = responder.process_message_1(message_1)
+    _c_i, ead_1 = responder.process_message_1(message_1)
     loc_w, voucher_request = authenticator.process_ead_1(ead_1, message_1)
     voucher_response = enrollment_server.handle_voucher_request(voucher_request)
     ead_2 = authenticator.prepare_ead_2(voucher_response)

lakers-python/test/test_lakers.py

@@ -29,7 +29,7 @@ def test_handshake():
     message_1 = initiator.prepare_message_1(c_i=None, ead_1=None)
 
     # responder
-    ead_1 = responder.process_message_1(message_1)
+    _c_i, ead_1 = responder.process_message_1(message_1)
     assert ead_1 == None
     message_2 = responder.prepare_message_2(lakers.CredentialTransfer.ByReference, None, ead_1)
     assert type(message_2) == bytes

lib/src/edhoc.rs

@@ -57,7 +57,7 @@ pub fn r_process_message_1(
     state: &ResponderStart,
     crypto: &mut impl CryptoTrait,
     message_1: &BufferMessage1,
-) -> Result<(ProcessingM1, Option<EADItem>), EDHOCError> {
+) -> Result<(ProcessingM1, ConnId, Option<EADItem>), EDHOCError> {
     // Step 1: decode message_1
     // g_x will be saved to the state
     if let Ok((method, suites_i, suites_i_len, g_x, c_i, ead_1)) = parse_message_1(message_1) {
@@ -78,6 +78,7 @@ pub fn r_process_message_1(
                         g_x,
                         h_message_1,
                     },
+                    c_i,
                     ead_1,
                 ))
             } else {

lib/src/lib.rs

@@ -107,8 +107,15 @@ impl<'a, Crypto: CryptoTrait> EdhocResponder<'a, Crypto> {
     pub fn process_message_1(
         mut self,
         message_1: &BufferMessage1,
-    ) -> Result<(EdhocResponderProcessedM1<'a, Crypto>, Option<EADItem>), EDHOCError> {
-        let (state, ead_1) = r_process_message_1(&self.state, &mut self.crypto, message_1)?;
+    ) -> Result<
+        (
+            EdhocResponderProcessedM1<'a, Crypto>,
+            ConnId,
+            Option<EADItem>,
+        ),
+        EDHOCError,
+    > {
+        let (state, c_i, ead_1) = r_process_message_1(&self.state, &mut self.crypto, message_1)?;
 
         Ok((
             EdhocResponderProcessedM1 {
@@ -117,6 +124,7 @@ impl<'a, Crypto: CryptoTrait> EdhocResponder<'a, Crypto> {
                 cred_r: self.cred_r,
                 crypto: self.crypto,
             },
+            c_i,
             ead_1,
         ))
     }
@@ -567,7 +575,7 @@ mod test {
         // ---- end initiator handling
 
         // ---- begin responder handling
-        let (responder, _ead_1) = responder.process_message_1(&message_1).unwrap();
+        let (responder, _c_i, _ead_1) = responder.process_message_1(&message_1).unwrap();
         // if ead_1: process ead_1
         // if needed: prepare ead_2
         let (responder, message_2) = responder
@@ -681,7 +689,7 @@ mod test_authz {
         let (initiator, message_1) = initiator.prepare_message_1(None, &Some(ead_1)).unwrap();
         device.set_h_message_1(initiator.state.h_message_1.clone());
 
-        let (responder, ead_1) = responder.process_message_1(&message_1).unwrap();
+        let (responder, _c_i, ead_1) = responder.process_message_1(&message_1).unwrap();
         let ead_2 = if let Some(ead_1) = ead_1 {
             let (authenticator, _loc_w, voucher_request) =
                 authenticator.process_ead_1(&ead_1, &message_1).unwrap();