Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FW-767. Implementation of RS role of OSCORE profile of ACE framework. #434

Open
wants to merge 16 commits into
base: develop
Choose a base branch
from
Open

FW-767. Implementation of RS role of OSCORE profile of ACE framework. #434

wants to merge 16 commits into from

Conversation

malishav
Copy link
Contributor

@malishav malishav commented Jul 31, 2018
edited
Loading

This PR adds support for a 3-party authorization by implementing OSCORE profile of ACE framework.

The role of RS is co-located with a 6TiSCH node, implemented as part of this PR.
The role of AS is co-located with JRC, implemented as part of openwsn-sw repository.
The role of Client is implemented as part of coap repository.

malishav added 16 commits July 27, 2018 10:39
@malishav
FW-767. Add authz-info resource placeholders
6585545
@malishav
FW-767. Make sure to return CoAP token as part of error responses
ffad5e4
@malishav
FW-767. Return success without doing anything for now
8a9df65
@malishav
FW-767. Add placeholder for a protected resource
337b3fd 
The implementation of the RS role of the ACE framework.
RS exposes "/resource1" that should only be accessed over an OSCORE
channel. The security context to establish this channel is communicated
to the RS by the Client by a POST to /token resource, with payload
containing the access token. The access token, encrypted and
authenticated with a key shared between the RS and the AS, contains
OSCORE parameters.
@malishav
FW-767. Add content to /resource1 representation
726a5e9
@malishav
FW-767. ACE error handling: returning AS info
463ebf0 
When a protected resource is accessed over unprotected transport (i.e.
without OSCORE), RS returns 4.01 Unauthorized error with payload
containing the AS Info CBOR object. This object encodes the URI of the
AS, where access token can be requested.
@malishav
FW-767. Extend opencoap API to allow dynamic setting of security cont…
d4223c4 
…exts
@malishav
FW-767. Add placeholder for decoding the access token and installing …
2918111 
…the context
@malishav
FW-767. Rename cborencoder.[ch] to cbor.[ch]
bc1f45a 
The file will contain both encoding and decoding functions.
@malishav
FW-767. Move cbor_decode_uint and defines to a generic cbor lib
0109f28
@malishav
FW-767. Make hkdf derivation function public
c98e151 
Add special type, not defined in OSCORE, to derive ACE keys. This is a
custom way of defining keys shared between the AS and RS, as part of the
ACE authorization framework.
@malishav
FW-767. Add first implementation of decryption of the CWT
2570710 
CWT is a COSE Encrypt0 object. The implementation of the decoding
routing is quite conservative in what it accepts.
@malishav
FW-767. Intoduce a routine to decode CWT
9368ff7
@malishav
FW-767. Bug fix when looping through resources.
a20b22f 
Tail of the linked list was skipped.
@malishav
FW-767. Signal to the APP if a message was received over OSCORE
b3c1d17
@malishav
FW-767. Add a routine to decode CWT with OSCORE params
0c2d681
@changtengfei
Copy link
Member

Can one of the admins verify this patch?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@malishav @changtengfei