GitLab

A DCAF_STRING of sufficient size is allocated for encoding or decoding the
psk_identity. When no processing is required or no string object was allocated
the psk_identity is parsed as raw data.

The function utf8_length() counts the total number of bytes required
to encode a given byte string.

DCAF_MAX_KEY_SIZE, DCAF_MAX_KID_SIZE and DCAF_MAX_STRING now can be
re-defined at compile time.

aud is now set to coaps://host where host is the address we use
to reach S.

MbedTLS requires AES keys to have the exact block length in function
mbedtls_cipher_setkey(). The key passed to the dcaf
encryption/decryption functions therefore are filled with zero bytes
when to short, or truncated when too long.

RFC 7925 recommends that DTLS implementations should treat the
contents of psk_identity as opaque data whereas TLS originally
defined this as UTF8 encoded data and check for correct encoding.
To support implementations that treat psk_identity as UTF8, this
change encodes access tickets in UTF8 for transfer and decodes
upon receipt. For encrypted data, the average growth for this
encoding would be 25 % as in average half of the input bytes would
be greater than 127 and thus required an additional byte for
UTF8-encoding.

* Use new libcoap interface with explicit session setup structure
* Optionally send ticket face base64-encoded and tagged in
  psk_identity to support non-RFC7925 DTLS implementations

The argument -v now takes up to three numeric values separated by
comma. The first number is the DCAF verbosity, the second number the
verbosity of the CoAP library, and the third number the verbosity of
the DTLS library. Numbers from the end may be left out to use the
default log level.

Make sure that pre-processor symbols from dcaf_int.h are defined.

If HAVE_GAI_STRERROR is not defined, various error messages are
manually crafted. This change checks if EAI_OVERFLOW and EAI_SYSTEM
are defined before usage.

If HAVE_GAI_STRERROR is not defined, a replacement function is built
to generate readable error output.

Starting with libcoap release 4.3.0, the pre-preprocessor symbol
LIBCOAP_VERSION indicates the current library version number as
9-digit number. This is used here to check if coap_run_once()
or coap_io_process() needs to called.

Use gai_strerror() for error output only if HAVE_GAI_STRERROR is
defined. Otherwise, the numeric error result from getaddrinfo() is
output.

Under ESP-IDF [1], coap.h resides in port/include/coap and therefore
is not found by the #include <coap2/coap.h>. This adds a pre-processor
conditional to #include <coap.h> if ESP_PLATFORM is defined.

[1] https://github.com/espressif/esp-idf

New:

dcaf_crypto_mbedtls.c

* requires MbedTLS compiled with MBEDTLS_CCM_C
* currently supported: AES-128 and AES-256, HMAC with SHA-256

Make log_level a union for proper conversion between coap_log_t
and dcaf_log_t.

DCAF log levels are prefixed with DCAF_ and must not be confused with
CoAP log levels.

As cast() does a reinterpret_cast on its argument, it must not be
declared as constexpr.

* -DCOAP_DTLS_TINYDTLS is added to libcoap_CFLAGS,
* -ltinydtls is added to libcoap_LIBS.

Note that -I and -L also might need to be added.

Using dtls_encrypt_params() and dtls_decrypt_params() enables more
flexibility for AEAD parameters such as M and L.

The decrypt function incorrectly signaled false when an empty
message has been decrypted.

dcaf_init() must be called once at startup to initialize the
DCAF engine.