diff --git a/examples/lakers-c-native/main.c b/examples/lakers-c-native/main.c index 136154f1..fa765f1c 100644 --- a/examples/lakers-c-native/main.c +++ b/examples/lakers-c-native/main.c @@ -132,7 +132,7 @@ int main(void) #endif puts("Begin test: edhoc initiator."); - EdhocMessageBuffer message_1; + EdhocMessageBuffer message_1 = {0}; #ifdef LAKERS_EAD_AUTHZ int res = initiator_prepare_message_1(&initiator, NULL, &ead_1, &message_1); memcpy(device.wait_ead2.h_message_1, initiator.wait_m2.h_message_1, SHA256_DIGEST_LEN); @@ -153,19 +153,27 @@ int main(void) memcpy(message_2.content, coap_response_payload, coap_response_payload_len); EADItemC ead_2 = {0}; uint8_t c_r; - CredentialRPK fetched_cred_r = {0}; + CredentialRPK id_cred_r = {0}; #ifdef LAKERS_EAD_AUTHZ - res = initiator_parse_message_2(&initiator, &message_2, &cred_r, &c_r, &fetched_cred_r, &ead_2); + // res = initiator_parse_message_2(&initiator, &message_2, &cred_r, &c_r, &id_cred_r, &ead_2); + res = initiator_parse_message_2(&initiator, &message_2, &c_r, &id_cred_r, &ead_2); #else - res = initiator_parse_message_2(&initiator, &message_2, &cred_r, &c_r, &fetched_cred_r, &ead_2); + // res = initiator_parse_message_2(&initiator, &message_2, &cred_r, &c_r, &id_cred_r, &ead_2); + res = initiator_parse_message_2(&initiator, &message_2, &c_r, &id_cred_r, &ead_2); #endif if (res != 0) { printf("Error parse msg2: %d\n", res); return 1; } + // FIXME: failing on native when cred_expected is NULL (memory allocation of 48 bytes failed) + res = credential_check_or_fetch(&cred_r, &id_cred_r); + if (res != 0) { + printf("Error handling credential: %d\n", res); + return 1; + } #ifdef LAKERS_EAD_AUTHZ puts("processing ead2"); - res = authz_device_process_ead_2(&device, &ead_2, &fetched_cred_r); + res = authz_device_process_ead_2(&device, &ead_2, &id_cred_r); if (res != 0) { printf("Error process ead2 (authz): %d\n", res); return 1; @@ -173,7 +181,7 @@ int main(void) puts("ead-authz voucher received and validated"); } #endif - res = initiator_verify_message_2(&initiator, &I, &cred_i, &fetched_cred_r); + res = initiator_verify_message_2(&initiator, &I, &cred_i, &id_cred_r); if (res != 0) { printf("Error verify msg2: %d\n", res); return 1; diff --git a/lakers-c/src/initiator.rs b/lakers-c/src/initiator.rs index 2dc5e6bd..4d9a1a27 100644 --- a/lakers-c/src/initiator.rs +++ b/lakers-c/src/initiator.rs @@ -85,17 +85,16 @@ pub unsafe extern "C" fn initiator_parse_message_2( // input params initiator_c: *mut EdhocInitiator, message_2: *const EdhocMessageBuffer, - expected_cred_r: *const CredentialRPK, // output params c_r_out: *mut u8, - valid_cred_r_out: *mut CredentialRPK, + id_cred_r_out: *mut CredentialRPK, ead_2_c_out: *mut EADItemC, ) -> i8 { // this is a parsing function, so all output parameters are mandatory if initiator_c.is_null() || message_2.is_null() || c_r_out.is_null() - || valid_cred_r_out.is_null() + || id_cred_r_out.is_null() || ead_2_c_out.is_null() { return -1; @@ -110,14 +109,7 @@ pub unsafe extern "C" fn initiator_parse_message_2( Ok((state, c_r, id_cred_r, ead_2)) => { ProcessingM2C::copy_into_c(state, &mut (*initiator_c).processing_m2); *c_r_out = c_r; - - // NOTE: checking here to avoid having IdCredOwnedC being passed across the ffi boundary - let Ok(valid_cred_r) = credential_check_or_fetch(Some(*expected_cred_r), id_cred_r) - else { - return -1; - }; - *valid_cred_r_out = valid_cred_r; - + *id_cred_r_out = id_cred_r; if let Some(ead_2) = ead_2 { EADItemC::copy_into_c(ead_2, ead_2_c_out); (*initiator_c).processing_m2.ead_2 = ead_2_c_out; @@ -136,7 +128,6 @@ pub unsafe extern "C" fn initiator_verify_message_2( // input params initiator_c: *mut EdhocInitiator, i: *const BytesP256ElemLen, - // i_len: usize, mut cred_i: *mut CredentialRPK, valid_cred_r: *mut CredentialRPK, ) -> i8 { diff --git a/lakers-c/src/lib.rs b/lakers-c/src/lib.rs index f3675bf3..af7c67e8 100644 --- a/lakers-c/src/lib.rs +++ b/lakers-c/src/lib.rs @@ -6,7 +6,7 @@ /// /// Example command to compile this module for the nRF52840: /// cargo build --target='thumbv7em-none-eabihf' --no-default-features --features="crypto-cryptocell310" -use lakers::*; +use lakers::{credential_check_or_fetch as credential_check_or_fetch_rust, *}; use lakers_crypto::{default_crypto, CryptoTrait}; #[cfg(feature = "ead-authz")] @@ -127,6 +127,27 @@ pub unsafe extern "C" fn credential_rpk_new( } } +#[no_mangle] +pub unsafe extern "C" fn credential_check_or_fetch( + cred_expected: *mut CredentialRPK, + id_cred_received: *mut CredentialRPK, +) -> i8 { + let cred_expected = if cred_expected.is_null() { + None + } else { + Some(*cred_expected) + }; + + let id_cred_received_value = *id_cred_received; + match credential_check_or_fetch_rust(cred_expected, id_cred_received_value) { + Ok(valid_cred) => { + *id_cred_received = valid_cred; + 0 + } + Err(err) => err as i8, + } +} + // This function is useful to test the FFI #[no_mangle] pub extern "C" fn p256_generate_key_pair_from_c(out_private_key: *mut u8, out_public_key: *mut u8) { diff --git a/lib/src/lib.rs b/lib/src/lib.rs index 83645a7e..ef40150b 100644 --- a/lib/src/lib.rs +++ b/lib/src/lib.rs @@ -421,7 +421,7 @@ pub fn generate_connection_identifier(crypto: &mut Crypto) } // Implements auth credential checking according to draft-tiloca-lake-implem-cons -pub fn credential_check_or_fetch<'a>( +pub fn credential_check_or_fetch( cred_expected: Option, id_cred_received: CredentialRPK, ) -> Result {