oscore branch cleaning
#1226
oscore branch cleaning
#1226
Conversation
|
@rikard-sics, I will try to push small commit regulary on this PR. This way you can follow/review my work day to day. |
Okay, sounds great. Then I will keep track of commits being added here. Let us discuss if there is anything unclear, or about additional things to add in Californium if any more come up. |
sbernard31
force-pushed
the
oscore_cleaning
branch
from
96c5c40 to
22429ee
Compare
leshan-server-core/src/main/java/org/eclipse/leshan/server/security/oscore/OscoreSetting.java
Outdated
Show resolved
Hide resolved
leshan-core/src/main/java/org/eclipse/leshan/core/oscore/AeadAlgorithm.java
Show resolved
Hide resolved
leshan-core/src/main/java/org/eclipse/leshan/core/oscore/OscoreSetting.java
Outdated
Show resolved
Hide resolved
|
Which aead and hkdf algorithm are supported by current implementation ? |
Currently the following AEAD algorithms are supported:
And for HKDF:
I think for a minimal viable feature only supporting the defaults are sufficient. Otherwise going with supporting all that OSCORE supports is also an option, except for consistency checking all the HKDF/AEAD logic should be happening in the OSCORE code. |
I added some temporary check about this. |
|
I did most of what I wanted about cleaning. The last thing I plan to add is to deactivate OSCORE by default and add an option to activate it (as this is still an experimental feature) Then, I will do the list of possible modification of californium API. |
|
I fall on this OSCORE code : @rikard-sics, I feel this should not be in Leshan code. Could you help me to better understand this ? |
I need to dig a bit deeper into this to recall the exact problem. From my memory right now the issue was that the coapRequest object here sometimes lacked the Token (even though it was sent over the wire with a Token), this in turn caused issues with later OSCORE processing. It is not clear to me why this was happening. One simple thing to test would be to simply remove these lines and see if observations with OSCORE still works. I will try to have a look at this today or tomorrow to understand how things can be fixed (if still an issue) in the OSCORE code in Californium. |
Sounds great. Yeah, having it enabled with a flag for now can make sense. |
| // TODO OSCORE kind of hack because californium doesn't support an empty byte[] array for salt ? | ||
| byte[] masterSalt = serverInfo.oscoreSetting.getMasterSalt().length == 0 ? null | ||
| : serverInfo.oscoreSetting.getMasterSalt(); |
There was a problem hiding this comment.
I currently testing to update my previous OSCORE demo PRs with our last modification.
And I just saw that current californium API does not like if masterSalt is an empty byte array.
I guess this comes from that codes from : org.eclipse.californium.oscore.OSCoreCtx.OSCoreCtx` line 261
if (master_salt == null) {
// Default value. Automatically initialized with 0-es.
this.common_master_salt = new byte[this.kdf.getKeySize() / Byte.SIZE];
} else {
this.common_master_salt = master_salt.clone();
}But reading the OSCORE RFC8613 :
Master Salt
* Default is the empty byte string
Is it a kind of bug or is it the expected behavoir ?
There was a problem hiding this comment.
Looking into things a bit this is my understanding. The default Master Salt in OSCORE should indeed be the empty byte string. However, later when that is fed into the HKDF, if the salt is zero length, it should be padded:
https://datatracker.ietf.org/doc/html/rfc5869#section-2.2
Inputs:
salt optional salt value (a non-secret random value);
if not provided, it is set to a string of HashLen zeros.
So that is why if the master salt is null that padding occurs. But yeah what seems to be missing is considering if the developer sets the empty byte string as salt in the context constructor. So it would be better if it was:
if (master_salt == null || master_salt.length == 0) {
// Default value. Automatically initialized with 0-es.
this.common_master_salt = new byte[this.kdf.getKeySize() / Byte.SIZE];
} else {
this.common_master_salt = master_salt.clone();
}
(Or waiting to do the padding in the deriveKey method may be even clearer). I will add this to the list of updates to do.
|
About #1226 (comment),
I tested it on my side and it seems observe works with or without this code. |
Very good. That code may very well have been a workaround for something which is fixed now in later releases. I will make a note to look into the passive observation cancellations. |
|
I think we can integrate this in |
Yes I believe this can be integrated now. |
To be reused by client.
sbernard31
force-pushed
the
oscore_cleaning
branch
from
6217d9a to
bfcc4d2
Compare
|
I rebased |
This PR aims to do a check about all TODO OSCORE + re-review the code to polish the current
oscorebranch.(This is part of the plan : #920 (comment))
This is work in progress.