Merge pull request #245 from geonnave/lakers-c-cred-fetching-outside

lakers-c: check/fetch credential outside parse msg 2
openwsn-berkeley · Mar 14, 2024 · c2b3592 · c2b3592
2 parents f2263e6 + d8496a0
commit c2b3592
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 20 deletions.
diff --git a/examples/lakers-c-native/main.c b/examples/lakers-c-native/main.c
@@ -132,7 +132,7 @@ int main(void)
 #endif
 
     puts("Begin test: edhoc initiator.");
-    EdhocMessageBuffer message_1;
+    EdhocMessageBuffer message_1 = {0};
 #ifdef LAKERS_EAD_AUTHZ
     int res = initiator_prepare_message_1(&initiator, NULL, &ead_1, &message_1);
     memcpy(device.wait_ead2.h_message_1, initiator.wait_m2.h_message_1, SHA256_DIGEST_LEN);
@@ -153,27 +153,35 @@ int main(void)
     memcpy(message_2.content, coap_response_payload, coap_response_payload_len);
     EADItemC ead_2 = {0};
     uint8_t c_r;
-    CredentialRPK fetched_cred_r = {0};
+    CredentialRPK id_cred_r = {0};
 #ifdef LAKERS_EAD_AUTHZ
-    res = initiator_parse_message_2(&initiator, &message_2, &cred_r, &c_r, &fetched_cred_r, &ead_2);
+    // res = initiator_parse_message_2(&initiator, &message_2, &cred_r, &c_r, &id_cred_r, &ead_2);
+    res = initiator_parse_message_2(&initiator, &message_2, &c_r, &id_cred_r, &ead_2);
 #else
-    res = initiator_parse_message_2(&initiator, &message_2, &cred_r, &c_r, &fetched_cred_r, &ead_2);
+    // res = initiator_parse_message_2(&initiator, &message_2, &cred_r, &c_r, &id_cred_r, &ead_2);
+    res = initiator_parse_message_2(&initiator, &message_2, &c_r, &id_cred_r, &ead_2);
 #endif
     if (res != 0) {
         printf("Error parse msg2: %d\n", res);
         return 1;
     }
+    // FIXME: failing on native when cred_expected is NULL (memory allocation of 48 bytes failed)
+    res = credential_check_or_fetch(&cred_r, &id_cred_r);
+    if (res != 0) {
+        printf("Error handling credential: %d\n", res);
+        return 1;
+    }
 #ifdef LAKERS_EAD_AUTHZ
     puts("processing ead2");
-    res = authz_device_process_ead_2(&device, &ead_2, &fetched_cred_r);
+    res = authz_device_process_ead_2(&device, &ead_2, &id_cred_r);
     if (res != 0) {
         printf("Error process ead2 (authz): %d\n", res);
         return 1;
     } else {
         puts("ead-authz voucher received and validated");
     }
 #endif
-    res = initiator_verify_message_2(&initiator, &I, &cred_i, &fetched_cred_r);
+    res = initiator_verify_message_2(&initiator, &I, &cred_i, &id_cred_r);
     if (res != 0) {
         printf("Error verify msg2: %d\n", res);
         return 1;

diff --git a/lakers-c/src/initiator.rs b/lakers-c/src/initiator.rs
@@ -85,17 +85,16 @@ pub unsafe extern "C" fn initiator_parse_message_2(
     // input params
     initiator_c: *mut EdhocInitiator,
     message_2: *const EdhocMessageBuffer,
-    expected_cred_r: *const CredentialRPK,
     // output params
     c_r_out: *mut u8,
-    valid_cred_r_out: *mut CredentialRPK,
+    id_cred_r_out: *mut CredentialRPK,
     ead_2_c_out: *mut EADItemC,
 ) -> i8 {
     // this is a parsing function, so all output parameters are mandatory
     if initiator_c.is_null()
         || message_2.is_null()
         || c_r_out.is_null()
-        || valid_cred_r_out.is_null()
+        || id_cred_r_out.is_null()
         || ead_2_c_out.is_null()
     {
         return -1;
@@ -110,14 +109,7 @@ pub unsafe extern "C" fn initiator_parse_message_2(
         Ok((state, c_r, id_cred_r, ead_2)) => {
             ProcessingM2C::copy_into_c(state, &mut (*initiator_c).processing_m2);
             *c_r_out = c_r;
-
-            // NOTE: checking here to avoid having IdCredOwnedC being passed across the ffi boundary
-            let Ok(valid_cred_r) = credential_check_or_fetch(Some(*expected_cred_r), id_cred_r)
-            else {
-                return -1;
-            };
-            *valid_cred_r_out = valid_cred_r;
-
+            *id_cred_r_out = id_cred_r;
             if let Some(ead_2) = ead_2 {
                 EADItemC::copy_into_c(ead_2, ead_2_c_out);
                 (*initiator_c).processing_m2.ead_2 = ead_2_c_out;
@@ -136,7 +128,6 @@ pub unsafe extern "C" fn initiator_verify_message_2(
     // input params
     initiator_c: *mut EdhocInitiator,
     i: *const BytesP256ElemLen,
-    // i_len: usize,
     mut cred_i: *mut CredentialRPK,
     valid_cred_r: *mut CredentialRPK,
 ) -> i8 {

diff --git a/lakers-c/src/lib.rs b/lakers-c/src/lib.rs
@@ -6,7 +6,7 @@
 ///
 /// Example command to compile this module for the nRF52840:
 /// cargo build --target='thumbv7em-none-eabihf' --no-default-features --features="crypto-cryptocell310"
-use lakers::*;
+use lakers::{credential_check_or_fetch as credential_check_or_fetch_rust, *};
 use lakers_crypto::{default_crypto, CryptoTrait};
 
 #[cfg(feature = "ead-authz")]
@@ -127,6 +127,27 @@ pub unsafe extern "C" fn credential_rpk_new(
     }
 }
 
+#[no_mangle]
+pub unsafe extern "C" fn credential_check_or_fetch(
+    cred_expected: *mut CredentialRPK,
+    id_cred_received: *mut CredentialRPK,
+) -> i8 {
+    let cred_expected = if cred_expected.is_null() {
+        None
+    } else {
+        Some(*cred_expected)
+    };
+
+    let id_cred_received_value = *id_cred_received;
+    match credential_check_or_fetch_rust(cred_expected, id_cred_received_value) {
+        Ok(valid_cred) => {
+            *id_cred_received = valid_cred;
+            0
+        }
+        Err(err) => err as i8,
+    }
+}
+
 // This function is useful to test the FFI
 #[no_mangle]
 pub extern "C" fn p256_generate_key_pair_from_c(out_private_key: *mut u8, out_public_key: *mut u8) {

diff --git a/lib/src/lib.rs b/lib/src/lib.rs
@@ -421,7 +421,7 @@ pub fn generate_connection_identifier<Crypto: CryptoTrait>(crypto: &mut Crypto)
 }
 
 // Implements auth credential checking according to draft-tiloca-lake-implem-cons
-pub fn credential_check_or_fetch<'a>(
+pub fn credential_check_or_fetch(
     cred_expected: Option<CredentialRPK>,
     id_cred_received: CredentialRPK,
 ) -> Result<CredentialRPK, EDHOCError> {