openwsn-berkeley · geonnave · Nov 25, 2024 · Oct 24, 2024 · Oct 24, 2024 · Nov 2, 2024
diff --git a/.gitignore b/.gitignore
@@ -21,3 +21,5 @@ cscope*
 .vscode
 
 *.log
+
+results/
diff --git a/examples/coap/src/bin/coapclient.rs b/examples/coap/src/bin/coapclient.rs
@@ -65,8 +65,14 @@ fn client_handshake() -> Result<(), EDHOCError> {
     msg_3.extend_from_slice(message_3.as_slice());
     println!("message_3 len = {}", msg_3.len());
 
-    let _response = CoAPClient::post_with_timeout(url, msg_3, timeout).unwrap();
-    // we don't care about the response to message_3 for now
+    let response = CoAPClient::post_with_timeout(url, msg_3, timeout).unwrap();
+    if response.get_status() != &ResponseType::Changed {
+        panic!("Message 3 response error: {:?}", response.get_status());
+    }
+    println!("response_vec = {:02x?}", response.message.payload);
+    println!("message_3 len = {}", response.message.payload.len());
+    let message_4 = EdhocMessageBuffer::new_from_slice(&response.message.payload[..]).unwrap();
+    let (mut initiator, ead_4) = initiator.process_message_4(&message_4).unwrap();
 
     println!("EDHOC exchange successfully completed");
     println!("PRK_out: {:02x?}", prk_out);

diff --git a/examples/coap/src/bin/coapserver-coaphandler.rs b/examples/coap/src/bin/coapserver-coaphandler.rs
@@ -182,12 +182,12 @@ impl coap_handler::Handler for EdhocHandler {
                     .expect("Static credential is not processable");
             let valid_cred_i =
                 credential_check_or_fetch(Some(cred_i), id_cred_i).map_err(render_error)?;
-            let (mut responder, prk_out) =
-                responder.verify_message_3(valid_cred_i).map_err(|e| {
-                    println!("EDHOC processing error: {:?}", e);
-                    render_error(e)
-                })?;
+            let (responder, prk_out) = responder.verify_message_3(valid_cred_i).map_err(|e| {
+                println!("EDHOC processing error: {:?}", e);
+                render_error(e)
+            })?;
 
+            let (mut responder, message_4) = responder.prepare_message_4(&None).unwrap();
             println!("EDHOC exchange successfully completed");
             println!("PRK_out: {:02x?}", prk_out);
 

diff --git a/examples/coap/src/bin/coapserver.rs b/examples/coap/src/bin/coapserver.rs
@@ -112,7 +112,7 @@ fn main() {
                     println!("EDHOC error at verify_message_3: {:?}", valid_cred_i);
                     continue;
                 };
-
+                let (mut responder, message_4) = responder.prepare_message_4(&None).unwrap();
                 // send empty ack back
                 response.message.payload = b"".to_vec();
 

diff --git a/examples/lakers-no_std/src/main.rs b/examples/lakers-no_std/src/main.rs
@@ -132,13 +132,16 @@ fn main() -> ! {
             .unwrap(); // exposing own identity only after validating cred_r
         let initiator = initiator.verify_message_2(valid_cred_r).unwrap();
 
-        let (mut initiator, message_3, i_prk_out) = initiator
+        let (initiator, message_3, i_prk_out) = initiator
             .prepare_message_3(CredentialTransfer::ByReference, &None)
             .unwrap();
 
         let (responder, id_cred_i, _ead_3) = responder.parse_message_3(&message_3).unwrap();
         let valid_cred_i = credential_check_or_fetch(Some(cred_i), id_cred_i).unwrap();
-        let (mut responder, r_prk_out) = responder.verify_message_3(valid_cred_i).unwrap();
+        let (responder, r_prk_out) = responder.verify_message_3(valid_cred_i).unwrap();
+
+        let mut initiator = initiator.completed_without_message_4().unwrap();
+        let mut responder = responder.completed_without_message_4().unwrap();
 
         // check that prk_out is equal at initiator and responder side
         assert_eq!(i_prk_out, r_prk_out);

diff --git a/examples/lakers-nrf52840/src/bin/initiator.rs b/examples/lakers-nrf52840/src/bin/initiator.rs
@@ -81,29 +81,43 @@ async fn main(spawner: Spawner) {
     let (initiator, message_1) = initiator.prepare_message_1(Some(c_i), &None).unwrap();
     let pckt_1 = common::Packet::new_from_slice(message_1.as_slice(), Some(0xf5))
         .expect("Buffer not long enough");
-
     let rcvd = common::transmit_and_wait_response(&mut radio, pckt_1, Some(0xf5)).await;
 
     match rcvd {
         Ok(pckt_2) => {
+            info!("Received message_2");
             let message_2: EdhocMessageBuffer =
+                // starts in 1 to consider only the content and not the metadata
                 pckt_2.pdu[1..pckt_2.len].try_into().expect("wrong length");
+            info!("message_2 :{:?}", message_2.content);
             let (initiator, c_r, id_cred_r, ead_2) = initiator.parse_message_2(&message_2).unwrap();
             let valid_cred_r = credential_check_or_fetch(Some(cred_r), id_cred_r).unwrap();
             let initiator = initiator.verify_message_2(valid_cred_r).unwrap();
 
             let (mut initiator, message_3, i_prk_out) = initiator
                 .prepare_message_3(CredentialTransfer::ByReference, &None)
                 .unwrap();
-
-            common::transmit_without_response(
-                &mut radio,
+            let pckt_3 =
                 common::Packet::new_from_slice(message_3.as_slice(), Some(c_r.as_slice()[0]))
-                    .unwrap(),
-            )
-            .await;
-
-            info!("Handshake completed. prk_out = {:X}", i_prk_out);
+                    .expect("Buffer not long enough");
+            info!("Send message_3 and wait message_4");
+            let rcvd =
+                common::transmit_and_wait_response(&mut radio, pckt_3, Some(c_r.as_slice()[0]))
+                    .await;
+
+            info!("Sent message_3");
+            match rcvd {
+                Ok(pckt_4) => {
+                    info!("Received message_4");
+                    let message_4: EdhocMessageBuffer =
+                        pckt_4.pdu[1..pckt_4.len].try_into().expect("wrong length");
+
+                    let (initiator, ead_4) = initiator.process_message_4(&message_4).unwrap();
+
+                    info!("Handshake completed. prk_out = {:X}", i_prk_out);
+                }
+                Err(_) => panic!("parsing error"),
+            }
         }
         Err(_) => panic!("parsing error"),
     }

diff --git a/examples/lakers-nrf52840/src/bin/responder.rs b/examples/lakers-nrf52840/src/bin/responder.rs
@@ -119,24 +119,34 @@ async fn main(spawner: Spawner) {
                             // anyway legally
                             continue;
                         };
-
-                        let cred_i =
+                        let cred_i: Credential =
                             Credential::parse_ccs(common::CRED_I.try_into().unwrap()).unwrap();
                         let valid_cred_i =
                             credential_check_or_fetch(Some(cred_i), id_cred_i).unwrap();
-
-                        let Ok((responder, prk_out)) = responder.verify_message_3(valid_cred_i)
+                        let Ok((responder, r_prk_out)) = responder.verify_message_3(valid_cred_i)
                         else {
-                            info!("EDHOC error at verify_message_3");
+                            info!("EDHOC error at parse_message_3");
                             continue;
                         };
 
-                        info!("Handshake completed. prk_out: {:X}", prk_out);
-
-                        unwrap!(spawner.spawn(example_application_task(prk_out)));
+                        info!("Prepare message_4");
+                        let ead_4 = None;
+                        let (responder, message_4) = responder.prepare_message_4(&ead_4).unwrap();
+
+                        info!("Send message_4");
+                        common::transmit_without_response(
+                            &mut radio,
+                            common::Packet::new_from_slice(
+                                message_4.as_slice(),
+                                Some(c_r.unwrap().as_slice()[0]),
+                            )
+                            .unwrap(),
+                        )
+                        .await;
+
+                        info!("Handshake completed. prk_out = {:X}", r_prk_out);
                     } else {
                         info!("Another packet interrupted the handshake.");
-                        continue;
                     }
                 }
                 Err(PacketError::TimeoutError) => info!("Timeout while waiting for message_3!"),

diff --git a/lakers-c/src/initiator.rs b/lakers-c/src/initiator.rs
@@ -15,6 +15,7 @@ pub struct EdhocInitiator {
     pub wait_m2: WaitM2,
     pub processing_m2: ProcessingM2C,
     pub processed_m2: ProcessedM2,
+    pub wait_m4: WaitM4,
     pub cred_i: *mut CredentialC,
     pub completed: Completed,
 }
@@ -181,7 +182,7 @@ pub unsafe extern "C" fn initiator_prepare_message_3(
         &ead_3,
     ) {
         Ok((state, msg_3, prk_out)) => {
-            (*initiator_c).completed = state;
+            (*initiator_c).wait_m4 = state;
             *message_3 = msg_3;
             *prk_out_c = prk_out;
             0
@@ -190,6 +191,56 @@ pub unsafe extern "C" fn initiator_prepare_message_3(
     }
 }
 
+#[no_mangle]
+pub unsafe extern "C" fn initiator_process_message_4(
+    // input params
+    initiator_c: *mut EdhocInitiator,
+    message_4: *const EdhocMessageBuffer,
+    // output params
+    ead_4_c_out: *mut EADItemC,
+) -> i8 {
+    // this is a parsing function, so all output parameters are mandatory
+    if initiator_c.is_null() || message_4.is_null() || ead_4_c_out.is_null() {
+        return -1;
+    }
+    let crypto = &mut default_crypto();
+
+    let mut state = core::ptr::read(&(*initiator_c).wait_m4);
+
+    let result = match i_process_message_4(&mut state, crypto, &(*message_4)) {
+        Ok((state, ead_4)) => {
+            (*initiator_c).completed = state;
+            if let Some(ead_4) = ead_4 {
+                EADItemC::copy_into_c(ead_4, ead_4_c_out);
+            }
+
+            0
+        }
+        Err(err) => err as i8,
+    };
+
+    result
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn completed_without_message_4(
+    // input params
+    initiator_c: *mut EdhocInitiator,
+) -> i8 {
+    if initiator_c.is_null() {
+        return -1;
+    }
+    let state = core::ptr::read(&(*initiator_c).wait_m4);
+
+    match i_complete_without_message_4(&state) {
+        Ok(state) => {
+            (*initiator_c).completed = state;
+            0
+        }
+        Err(err) => err as i8,
+    }
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn initiator_compute_ephemeral_secret(
     initiator_c: *const EdhocInitiator,

diff --git a/lakers-python/README.md b/lakers-python/README.md
@@ -42,7 +42,7 @@ To deploy:
 ln -s ../examples ./examples
 MATURIN_PYPI_TOKEN=<your pypi token here> maturin publish
 ```
-
+.take().ok_or(StateMismatch)?,
 ## Requirements
 
 The maturin executable must be available. The recommended way is to install and use it in a virtual environment:

diff --git a/lakers-python/src/initiator.rs b/lakers-python/src/initiator.rs
@@ -15,6 +15,7 @@ pub struct PyEdhocInitiator {
     wait_m2: Option<WaitM2>,
     processing_m2: Option<ProcessingM2>,
     processed_m2: Option<ProcessedM2>,
+    wait_m4: Option<WaitM4>,
     completed: Option<Completed>,
 }
 
@@ -39,6 +40,7 @@ impl PyEdhocInitiator {
             wait_m2: None,
             processing_m2: None,
             processed_m2: None,
+            wait_m4: None,
             completed: None,
         }
     }
@@ -131,7 +133,7 @@ impl PyEdhocInitiator {
             &ead_3,
         ) {
             Ok((state, message_3, prk_out)) => {
-                self.completed = Some(state);
+                self.wait_m4 = Some(state);
                 Ok((
                     PyBytes::new_bound(py, message_3.as_slice()),
                     PyBytes::new_bound(py, prk_out.as_slice()),
@@ -141,6 +143,36 @@ impl PyEdhocInitiator {
         }
     }
 
+    pub fn completed_without_message_4<'a>(&mut self, py: Python<'a>) -> PyResult<()> {
+        match i_complete_without_message_4(&self.wait_m4.take().ok_or(StateMismatch)?) {
+            Ok(state) => {
+                self.completed = Some(state);
+                Ok(())
+            }
+            Err(error) => Err(error.into()),
+        }
+    }
+
+    pub fn propcess_message_4<'a>(
+        &mut self,
+        py: Python<'a>,
+        message_4: Vec<u8>,
+    ) -> PyResult<Option<EADItem>> {
+        let message_4 = EdhocMessageBuffer::new_from_slice(message_4.as_slice())?;
+
+        match i_process_message_4(
+            &mut self.wait_m4.take().ok_or(StateMismatch)?,
+            &mut default_crypto(),
+            &message_4,
+        ) {
+            Ok((state, ead_4)) => {
+                self.completed = Some(state);
+                Ok(ead_4)
+            }
+            Err(error) => Err(error.into()),
+        }
+    }
+
     pub fn edhoc_exporter<'a>(
         &mut self,
         py: Python<'a>,

diff --git a/lakers-python/src/responder.rs b/lakers-python/src/responder.rs
@@ -13,6 +13,7 @@ pub struct PyEdhocResponder {
     processing_m1: Option<ProcessingM1>,
     wait_m3: Option<WaitM3>,
     processing_m3: Option<ProcessingM3>,
+    processed_m3: Option<ProcessedM3>,
     completed: Option<Completed>,
 }
 
@@ -36,6 +37,7 @@ impl PyEdhocResponder {
             processing_m1: None,
             wait_m3: None,
             processing_m3: None,
+            processed_m3: None,
             completed: None,
         })
     }
@@ -125,13 +127,42 @@ impl PyEdhocResponder {
             valid_cred_i,
         ) {
             Ok((state, prk_out)) => {
-                self.completed = Some(state);
+                self.processed_m3 = Some(state);
                 Ok(PyBytes::new_bound(py, prk_out.as_slice()))
             }
             Err(error) => Err(error.into()),
         }
     }
 
+    #[pyo3(signature = (ead_4=None))]
+    fn prepare_message_4<'a>(
+        &mut self,
+        py: Python<'a>,
+        ead_4: Option<EADItem>,
+    ) -> PyResult<Bound<'a, PyBytes>> {
+        match r_prepare_message_4(
+            &self.processed_m3.take().ok_or(StateMismatch)?,
+            &mut default_crypto(),
+            &ead_4,
+        ) {
+            Ok((state, message_4)) => {
+                self.completed = Some(state);
+                Ok(PyBytes::new_bound(py, message_4.as_slice()))
+            }
+            Err(error) => Err(error.into()),
+        }
+    }
+
+    pub fn completed_without_message_4<'a>(&mut self, py: Python<'a>) -> PyResult<()> {
+        match r_complete_without_message_4(&self.processed_m3.take().ok_or(StateMismatch)?) {
+            Ok(state) => {
+                self.completed = Some(state);
+                Ok(())
+            }
+            Err(error) => Err(error.into()),
+        }
+    }
+
     pub fn edhoc_exporter<'a>(
         &mut self,
         py: Python<'a>,

diff --git a/lakers-python/test/test_lakers.py b/lakers-python/test/test_lakers.py
@@ -69,6 +69,10 @@ def _test_handshake(cred_r_transfer, cred_i_transfer):
 
     assert i_prk_out == r_prk_out
 
+    # advanced state
+    responder.completed_without_message_4()
+    initiator.completed_without_message_4()
+
     i_oscore_secret = initiator.edhoc_exporter(0, [], 16)
     i_oscore_salt = initiator.edhoc_exporter(1, [], 8)
     r_oscore_secret = responder.edhoc_exporter(0, [], 16)