Example 1 with Encrypt0Message
use of org.eclipse.californium.cose.Encrypt0Message in project californium by eclipse.
the class RequestDecryptor method decrypt.
/**
* @param db the context database used
* @param request the request to decrypt
* @param ctx the OSCore context
*
* @return the decrypted request
*
* @throws CoapOSException if decryption fails
*/
public static Request decrypt(OSCoreCtxDB db, Request request, OSCoreCtx ctx) throws CoapOSException {
discardEOptions(request);
byte[] protectedData = request.getPayload();
Encrypt0Message enc;
OptionSet uOptions = request.getOptions();
try {
enc = decompression(protectedData, request);
} catch (OSException e) {
LOGGER.error(ErrorDescriptions.FAILED_TO_DECODE_COSE);
throw new CoapOSException(ErrorDescriptions.FAILED_TO_DECODE_COSE, ResponseCode.BAD_OPTION);
}
CBORObject kid = enc.findAttribute(HeaderKeys.KID);
if (kid == null || !kid.getType().equals(CBORType.ByteString)) {
LOGGER.error(ErrorDescriptions.MISSING_KID);
throw new CoapOSException(ErrorDescriptions.FAILED_TO_DECODE_COSE, ResponseCode.BAD_OPTION);
}
byte[] rid = kid.GetByteString();
// Retrieve Context ID (kid context)
CBORObject kidContext = enc.findAttribute(CBORObject.FromObject(10));
byte[] contextID = null;
if (kidContext != null) {
contextID = kidContext.GetByteString();
}
// Perform context re-derivation procedure if triggered or ongoing
try {
ctx = ContextRederivation.incomingRequest(db, ctx, contextID, rid);
} catch (OSException e) {
LOGGER.error(ErrorDescriptions.CONTEXT_REGENERATION_FAILED);
throw new CoapOSException(ErrorDescriptions.CONTEXT_REGENERATION_FAILED, ResponseCode.BAD_REQUEST);
}
if (ctx == null) {
LOGGER.error(ErrorDescriptions.CONTEXT_NOT_FOUND);
throw new CoapOSException(ErrorDescriptions.CONTEXT_NOT_FOUND, ResponseCode.UNAUTHORIZED);
}
byte[] plaintext;
try {
plaintext = decryptAndDecode(enc, request, ctx, null);
} catch (OSException e) {
// First check for replay exceptions
if (e.getMessage().equals(ErrorDescriptions.REPLAY_DETECT)) {
LOGGER.error(ErrorDescriptions.REPLAY_DETECT);
throw new CoapOSException(ErrorDescriptions.REPLAY_DETECT, ResponseCode.UNAUTHORIZED);
}
// Otherwise return generic error message
LOGGER.error(ErrorDescriptions.DECRYPTION_FAILED);
throw new CoapOSException(ErrorDescriptions.DECRYPTION_FAILED, ResponseCode.BAD_REQUEST);
}
// Check if parsing of request plaintext succeeds
try {
DatagramReader reader = new DatagramReader(new ByteArrayInputStream(plaintext));
ctx.setCoAPCode(Code.valueOf(reader.read(CoAP.MessageFormat.CODE_BITS)));
// resets option so eOptions gets priority during parse
request.setOptions(EMPTY);
new UdpDataParser().parseOptionsAndPayload(reader, request);
} catch (Exception e) {
LOGGER.error(ErrorDescriptions.DECRYPTION_FAILED);
throw new CoapOSException(ErrorDescriptions.DECRYPTION_FAILED, ResponseCode.BAD_REQUEST);
}
OptionSet eOptions = request.getOptions();
eOptions = OptionJuggle.merge(eOptions, uOptions);
request.setOptions(eOptions);
// We need the kid value on layer level
request.getOptions().setOscore(rid);
// Associate the Token with the context used
db.addContext(request.getToken(), ctx);
// Set information about the OSCORE context used in the endpoint context of this request
OSCoreEndpointContextInfo.receivingRequest(ctx, request);
return OptionJuggle.setRealCodeRequest(request, ctx.getCoAPCode());
}
Also used :
Encrypt0Message(org.eclipse.californium.cose.Encrypt0Message)
UdpDataParser(org.eclipse.californium.core.network.serialization.UdpDataParser)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DatagramReader(org.eclipse.californium.elements.util.DatagramReader)
OptionSet(org.eclipse.californium.core.coap.OptionSet)
CBORObject(com.upokecenter.cbor.CBORObject)
Example 2 with Encrypt0Message
use of org.eclipse.californium.cose.Encrypt0Message in project californium by eclipse.
the class RequestEncryptor method encrypt.
/**
* @param request the request
* @param db the context database used
*
* @return the request with the OSCore option
* @throws OSException if encryption fails
*/
public static Request encrypt(OSCoreCtxDB db, Request request) throws OSException {
final String uri;
if (request.getOptions().hasProxyUri()) {
uri = request.getOptions().getProxyUri();
} else {
uri = request.getURI();
}
OSCoreCtx ctx = db.getContext(uri);
if (ctx == null) {
LOGGER.error(ErrorDescriptions.CTX_NULL);
throw new OSException(ErrorDescriptions.CTX_NULL);
}
// Perform context re-derivation procedure if ongoing
try {
ctx = ContextRederivation.outgoingRequest(db, ctx);
} catch (OSException e) {
LOGGER.error(ErrorDescriptions.CONTEXT_REGENERATION_FAILED);
throw new OSException(ErrorDescriptions.CONTEXT_REGENERATION_FAILED);
}
int realCode = request.getCode().value;
request = OptionJuggle.setFakeCodeRequest(request);
OptionSet options = request.getOptions();
byte[] confidential = OSSerializer.serializeConfidentialData(options, request.getPayload(), realCode);
Encrypt0Message enc = prepareCOSEStructure(confidential);
byte[] cipherText = encryptAndEncode(enc, ctx, request, false, null);
compression(ctx, cipherText, request, false);
request.setOptions(OptionJuggle.prepareUoptions(request.getOptions()));
ctx.increaseSenderSeq();
return request;
}
Also used :
Encrypt0Message(org.eclipse.californium.cose.Encrypt0Message)
OptionSet(org.eclipse.californium.core.coap.OptionSet)
Example 3 with Encrypt0Message
use of org.eclipse.californium.cose.Encrypt0Message in project californium by eclipse.
the class ResponseEncryptor method encrypt.
/**
* @param db the context DB
* @param response the response
* @param ctx the OSCore context
* @param newPartialIV boolean to indicate whether to use a new partial IV
* or not
* @param outerBlockwise boolean to indicate whether the block-wise options
* should be encrypted or not
* @param requestSequenceNr sequence number (Partial IV) from the request
* (if encrypting a response)
*
* @return the response with the encrypted OSCore option
*
* @throws OSException when encryption fails
*/
public static Response encrypt(OSCoreCtxDB db, Response response, OSCoreCtx ctx, final boolean newPartialIV, boolean outerBlockwise, int requestSequenceNr) throws OSException {
if (ctx == null) {
LOGGER.error(ErrorDescriptions.CTX_NULL);
throw new OSException(ErrorDescriptions.CTX_NULL);
}
// Perform context re-derivation procedure if ongoing
try {
ctx = ContextRederivation.outgoingResponse(db, ctx);
} catch (OSException e) {
LOGGER.error(ErrorDescriptions.CONTEXT_REGENERATION_FAILED);
throw new OSException(ErrorDescriptions.CONTEXT_REGENERATION_FAILED);
}
int realCode = response.getCode().value;
response = OptionJuggle.setFakeCodeResponse(response);
OptionSet options = response.getOptions();
// Save block1 option in the case of outer block-wise to re-add later
BlockOption block1Option = null;
if (outerBlockwise) {
block1Option = options.getBlock1();
options.removeBlock1();
}
byte[] confidential = OSSerializer.serializeConfidentialData(options, response.getPayload(), realCode);
Encrypt0Message enc = prepareCOSEStructure(confidential);
byte[] cipherText = encryptAndEncode(enc, ctx, response, newPartialIV, requestSequenceNr);
compression(ctx, cipherText, response, newPartialIV);
options = response.getOptions();
response.setOptions(OptionJuggle.prepareUoptions(options));
if (outerBlockwise) {
response.setOptions(response.getOptions().setBlock1(block1Option));
}
// If new partial IV was generated for response increment sender seq nr.
if (newPartialIV) {
ctx.increaseSenderSeq();
}
return response;
}
Also used :
Encrypt0Message(org.eclipse.californium.cose.Encrypt0Message)
OptionSet(org.eclipse.californium.core.coap.OptionSet)
BlockOption(org.eclipse.californium.core.coap.BlockOption)
Example 4 with Encrypt0Message
use of org.eclipse.californium.cose.Encrypt0Message in project californium by eclipse.
the class Encryptor method prepareCOSEStructure.
/**
* Initiates the encrypt0message object and sets the confidential (plaintext
* to be encrypted).
*
* @param confidential the plaintext to be encrypted
* @return the initiated and prepared encrypt0message object
*/
protected static Encrypt0Message prepareCOSEStructure(byte[] confidential) {
Encrypt0Message enc = new Encrypt0Message(false, true);
enc.SetContent(confidential);
return enc;
}
Also used :
Encrypt0Message(org.eclipse.californium.cose.Encrypt0Message)
Example 5 with Encrypt0Message
use of org.eclipse.californium.cose.Encrypt0Message in project californium by eclipse.
the class ResponseDecryptor method decrypt.
/**
* Decrypt the response.
*
* @param db the context database used
* @param response the response
* @param requestSequenceNr sequence number (Partial IV) from the request
* (if encrypting a response)
*
* @return the decrypted response
*
* @throws OSException when decryption fails
*/
public static Response decrypt(OSCoreCtxDB db, Response response, int requestSequenceNr) throws OSException {
discardEOptions(response);
byte[] protectedData = response.getPayload();
Encrypt0Message enc = null;
Token token = response.getToken();
OSCoreCtx ctx = null;
OptionSet uOptions = response.getOptions();
if (token != null) {
ctx = db.getContextByToken(token);
if (ctx == null) {
LOGGER.error(ErrorDescriptions.TOKEN_INVALID);
throw new OSException(ErrorDescriptions.TOKEN_INVALID);
}
enc = decompression(protectedData, response);
} else {
LOGGER.error(ErrorDescriptions.TOKEN_NULL);
throw new OSException(ErrorDescriptions.TOKEN_NULL);
}
// Retrieve Context ID (kid context)
CBORObject kidContext = enc.findAttribute(CBORObject.FromObject(10));
byte[] contextID = null;
if (kidContext != null) {
contextID = kidContext.GetByteString();
}
// Perform context re-derivation procedure if ongoing
try {
ctx = ContextRederivation.incomingResponse(db, ctx, contextID);
} catch (OSException e) {
LOGGER.error(ErrorDescriptions.CONTEXT_REGENERATION_FAILED);
throw new OSException(ErrorDescriptions.CONTEXT_REGENERATION_FAILED);
}
// Check if parsing of response plaintext succeeds
try {
byte[] plaintext = decryptAndDecode(enc, response, ctx, requestSequenceNr);
DatagramReader reader = new DatagramReader(new ByteArrayInputStream(plaintext));
response = OptionJuggle.setRealCodeResponse(response, CoAP.ResponseCode.valueOf(reader.read(CoAP.MessageFormat.CODE_BITS)));
// resets option so eOptions gets priority during parse
response.setOptions(EMPTY);
new UdpDataParser().parseOptionsAndPayload(reader, response);
} catch (Exception e) {
LOGGER.error(ErrorDescriptions.DECRYPTION_FAILED);
throw new OSException(ErrorDescriptions.DECRYPTION_FAILED);
}
OptionSet eOptions = response.getOptions();
eOptions = OptionJuggle.merge(eOptions, uOptions);
response.setOptions(eOptions);
// If it has Observe it will be removed after cancellation elsewhere
if (response.getOptions().hasObserve() == false) {
db.removeToken(token);
}
// Set information about the OSCORE context used in the endpoint context of this response
OSCoreEndpointContextInfo.receivingResponse(ctx, response);
return response;
}
Also used :
Encrypt0Message(org.eclipse.californium.cose.Encrypt0Message)
UdpDataParser(org.eclipse.californium.core.network.serialization.UdpDataParser)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Token(org.eclipse.californium.core.coap.Token)
DatagramReader(org.eclipse.californium.elements.util.DatagramReader)
OptionSet(org.eclipse.californium.core.coap.OptionSet)
CBORObject(com.upokecenter.cbor.CBORObject)
Aggregations
Encrypt0Message (org.eclipse.californium.cose.Encrypt0Message)5
OptionSet (org.eclipse.californium.core.coap.OptionSet)4
CBORObject (com.upokecenter.cbor.CBORObject)2
ByteArrayInputStream (java.io.ByteArrayInputStream)2
UdpDataParser (org.eclipse.californium.core.network.serialization.UdpDataParser)2
DatagramReader (org.eclipse.californium.elements.util.DatagramReader)2
BlockOption (org.eclipse.californium.core.coap.BlockOption)1
Token (org.eclipse.californium.core.coap.Token)1
