feat: enable oscore credentials lookup and storage#1911
feat: enable oscore credentials lookup and storage#1911BitFis wants to merge 3 commits intoobgm:developfrom
Conversation
BitFis
changed the title
|
It is worth installing and running pre-commit to tidy up the source formatting. |
BitFis
force-pushed
the
feat/enable-external-oscore-credentials
branch
5 times, most recently
from
fdc8821 to
42c2033
Compare
|
I suggest that you go through all the failed tasks and fix the associated issue before doing the next push. There is some overlap, but a lot of discrete issues that need to get fixed. |
BitFis
force-pushed
the
feat/enable-external-oscore-credentials
branch
3 times, most recently
from
3b6f3cd to
bd0d278
Compare
Apologies for the spam, I am used to that all runs are canceled automatically if a new push has triggered it. |
BitFis
force-pushed
the
feat/enable-external-oscore-credentials
branch
from
bd0d278 to
23a3852
Compare
BitFis
force-pushed
the
feat/enable-external-oscore-credentials
branch
4 times, most recently
from
57a1bb3 to
d2cd11c
Compare
|
@mrdeep1 please have another look. I will finalize it next week, but please check if this follows the appropriate format. For now maybe focus on the API expansions in coap_oscore and the general flow. I will cleanup some internals next week, so it should then be ready for final scrutiny should this approach be fine. |
BitFis
force-pushed
the
feat/enable-external-oscore-credentials
branch
11 times, most recently
from
c70a91d to
e094227
Compare
BitFis
force-pushed
the
feat/enable-external-oscore-credentials
branch
8 times, most recently
from
239d6e7 to
77f794b
Compare
|
Thanks for the short review.
Double checked the issue. The compile error I am not able to reproduce using gcc-11 and gcc-15 (latest). The context not found issue is related to the extension with the Also in general I added a lot more tests, to ensure the quality stays. It comes sadly with a bit of complexity, but general following 3 features are provided:
I also verified the that the code is following as close to the already used standard, including updating the function handler definitions. So hope this is now following the libcoap coding styling closely. |
BitFis
force-pushed
the
feat/enable-external-oscore-credentials
branch
2 times, most recently
from
44ed81f to
636686f
Compare
|
Thanks. I will re-run compatibility tests which takes a bit of time and see what gets reported.
I'm using gcc-13 on ubuntu24 and -fsanitize=address,undefined. The update code builds fine this time. It looked like the check was doing a sizeof(p) to see whether it was safe to overwrite - a 64bit hex value was too much for the pointer size which was 8 bytes. The recipient context will need to be extended to support group mode or pairwise mode and public key at a minimum, along with silent server. |
Brilliant, thanks for verifying
With the provided implementation, the extension should be relative easy, so I don't see an issue for those extensions I would say 👍 |
|
The compatibility tests ran fine overnight. I will start on reviewing the code later today / tomorrow. |
mrdeep1
left a comment
mrdeep1
left a comment
There was a problem hiding this comment.
In general looking OK.
2 commits need to be merged into 1.
| * _<contextid_hex>_<kid_hex>.txt_ for the OSCORE credential text in the | ||
| same format as for the *-E* option. | ||
| * _<contextid_hex>_<kid_hex>_seq.txt_ for persisted recipient sequence state | ||
| (sequence counter and replay window), stored as two uint64_t values. |
There was a problem hiding this comment.
Represented as hex values? How are the 2 values separated?
There was a problem hiding this comment.
The _, i was hoping it formats as markdown, I replaced the wrapping _ now with `
There was a problem hiding this comment.
The back-ticks are dropped when building the man pages as in
The dynamic credential files use the following naming format:
• <contextid_hex>_<kid_hex>.txt for the OSCORE credential text in the same format as for the
-E option.
so, no need for them.
src/coap_oscore.c
Outdated
| coap_oscore_rcp_conf_t * | ||
| coap_oscore_conf_add_rcp(coap_oscore_conf_t *conf, | ||
| const coap_bin_const_t *recipient_id) { | ||
| return coap_oscore_conf_add_rcp_internal(conf, recipient_id); |
There was a problem hiding this comment.
coap_oscore_conf_add_rcp_internal() is not global_lock protected, and needs to be as it is scanning chains.
There was a problem hiding this comment.
Function return should be prefixed with COAP_API.
There was a problem hiding this comment.
I'm beginning to think that coap_oscore_conf_add_rcp_internal() should really now be renamed coap_oscore_conf_add_rcp_lck().
There was a problem hiding this comment.
Agree, given we will require the lock around those functions. Added comment to other conversation - #1911 (comment)
| if (conf->sender_id.sender_id) { | ||
| coap_delete_bin_const(conf->sender_id.sender_id); | ||
| } | ||
| conf->sender_id.sender_id = new_sender_id; |
There was a problem hiding this comment.
Unlikely that multiple threads are doing this concurrently, but this is not thread safe.
There was a problem hiding this comment.
There are now multiple returns from coap_oscore_conf_set_snd() which leave the global lock locked.
I suggest that you rename coap_oscore_conf_set_snd() to coap_oscore_conf_set_snd_lkd() and create a wrapper like coap_oscore_conf_add_rcp() and remove coap_lock* from within coap_oscore_conf_set_snd_lkd().
There was a problem hiding this comment.
I am not sure that this function can be used at all safely within the find function callback. Are you sure a lock is required. Since for me it seems the conf pointer is created and passed into libcoap. So never shared between libcoap and the application. Maybe adding a information that the function is not thread safe, but the conf should never really be accessed by multiple threads. Thougth not sure, if you have some plans into another direction.
There was a problem hiding this comment.
A part of me questions whether we need this function at all, unless we build the entire configuration without using a configuration file.
As we are just building a configuration file from a single thread, then we can get away with no locking. However, it should not be called twice and so replacing a now stale copy of sender_id is unexpected. But someone will try to do that.. If it is updated from find function, that could be executing in any thread.
I also think you have got away with sender_id still working with the configuration file with
CONFIG_ENTRY(sender_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),
and so sender_id.sender_id just happens to work when updating the top level sender_id.
There was a problem hiding this comment.
that is correct, generally I see a benefit of being able to build the configuration without the configuration file. I believe this is an important optimization in the future, to then also potentially enable passing the memory from application space to optimize on ram usage.
For the example case in the server, it shows well, to achieve the same functionality, the file memory would need to be manipulated before passing to the coap_new_oscore_conf. which I believe is not a great way to handle it. But it is an option and maybe a first step instead of adding those functions?
| coap_delete_bin_const(conf->id_context); | ||
| } | ||
|
|
||
| conf->id_context = id_context; |
There was a problem hiding this comment.
Unlikely that multiple threads are doing this concurrently, but this is not thread safe.
There was a problem hiding this comment.
coap_oscore_conf_set_context_id() has same return issue as coap_oscore_conf_set_snd(). Suggest things are fixed in the same way.
BitFis
force-pushed
the
feat/enable-external-oscore-credentials
branch
4 times, most recently
from
a4eb52a to
3fcadcf
Compare
Add reference counting to recipient contexts so they can be safely removed while still in use by active sessions. Expose callback hooks for credential lookup, echo, and sequence storage to allow custom backends. Expand example server to demonstrate the external storage via a simple file based database. Expand coap_oscore_conf_t with coap_oscore_rcp_conf_t and coap_oscore_snd_conf_t with approproate setters to enable manipulation after loading the oscore credentials. Enable temporary credentials returned by the find function and are destroyed after use.
BitFis
force-pushed
the
feat/enable-external-oscore-credentials
branch
from
3fcadcf to
8eaadb6
Compare
There was a problem hiding this comment.
Resovled most comments, a few open with comments. I think you should be able to easily check that I resolved them as expected, but if not, will happily reopen and you can close them from your side.
Commits merged into one with updated commit message, feel free to comment.
| for (i = 0; i < oscore_conf->recipient_id_count; i++) { | ||
| coap_delete_bin_const(oscore_conf->recipient_id[i]); | ||
| coap_delete_bin_const(oscore_conf->sender_id.sender_id); | ||
| coap_oscore_rcp_conf_t *current = oscore_conf->recipient_id; |
There was a problem hiding this comment.
Had the same thought, but it will brake the file format / unclear how to manage in the parsing case:
CONFIG_ENTRY(sender_id, COAP_ENC_HEX | COAP_ENC_ASCII, NULL),`
any ideas? Feels like breaking API change.
mrdeep1
left a comment
mrdeep1
left a comment
There was a problem hiding this comment.
Some resolved re-opened.
BitFis
force-pushed
the
feat/enable-external-oscore-credentials
branch
from
2a68323 to
09718a2
Compare
BitFis
force-pushed
the
feat/enable-external-oscore-credentials
branch
from
09718a2 to
9b9f445
Compare
|
Please see #1952 for a backport from the libcoap OSCORE Group work to support complex sender / recipient configuration definitions. I also note that several comments have not been resolved in the blocks of 'hidden conversations'. |
3 participants
Work related to #1892
Enabling:
TODO: