MBEDTLS minimun configuration for uOSCORE

Hi, I'm new to this blog and I hope someone can help me. I need to add OSCORE encryption on the COAP protocol on my project. I haven't found any exaustive application examples around. Initially I've activated these configurations in the project.

CONFIG_UOSCORE=y
CONFIG_ZCBOR=y
CONFIG_ZCBOR_CANONICAL=y
CONFIG_MBEDTLS=y

I read that they are all the necessary to make uoscore work. But they are not enough. I've got these errors:

C:/ncs/v2.5.0/modules/lib/uoscore-uedhoc/src/common/crypto_wrapper.c: In function 'shared_secret_derive':
C:/ncs/v2.5.0/modules/lib/uoscore-uedhoc/src/common/crypto_wrapper.c:738:45: warning: implicit declaration of function 'mbedtls_pk_ec'; did you mean 'mbedtls_pk_free'? [-Wimplicit-function-declaration]
738 | mbedtls_ecp_group_load(&mbedtls_pk_ec(ctx_verify)->grp,

| mbedtls_pk_free
C:/ncs/v2.5.0/modules/lib/uoscore-uedhoc/src/common/crypto_wrapper.c:738:70: error: invalid type argument of '->' (have 'int')
738 | mbedtls_ecp_group_load(&mbedtls_pk_ec(ctx_verify)->grp,
| ^~
C:/ncs/v2.5.0/modules/lib/uoscore-uedhoc/src/common/crypto_wrapper.c:744:70: error: invalid type argument of '->' (have 'int')
744 | mbedtls_ecp_decompress(&mbedtls_pk_ec(ctx_verify)->grp, pk,

That sound strange to me. Why OSCORE reference the pk functions?

Anyway, my need is to understand which is the minimum mbedtls configuration to let uOSCORE compile and work with default encryption methods (AES and SHA256)?

Help me please. Thank you.

Top Replies

Parents

0 Einar Thorsrud over 1 year ago
Hi,

I must admitt we don't have any experience with using uOSCORE, but that said, it looks like you need these configs:

CONFIG_MBEDTLS_PK_C=y CONFIG_MBEDTLS_ECP_C=y
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel

0 luca-aa over 1 year ago in reply to Einar Thorsrud

Hi Einar,

Thank you for answer.

Well i did test to add these two config to the project. This made the project compile but still doesn't work.

This is what I did. Starting from the UDP sample project (udp/sample/cellular/udp). I have added config for COAP, OSCORE and changed network mode to NBIOT. This is the modified part of prj.conf file:

#Also need to increase stack size for thread working with oscore library
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=8192
...

# LTE parameters
## Network Mode / LTE category
CONFIG_LTE_NETWORK_MODE_LTE_M=n
CONFIG_LTE_NETWORK_MODE_NBIOT=y

# CoAP
CONFIG_COAP=y

# Needed for uoscore
CONFIG_UOSCORE=y
CONFIG_ZCBOR=y
CONFIG_ZCBOR_CANONICAL=y
CONFIG_MBEDTLS=y

CONFIG_MBEDTLS_PK_C=y
CONFIG_MBEDTLS_ECP_C=y

Then I've modified the "socket_transmission_work_fn" function in main.c file:

//Oscore init params definition (taken from library test vectors)
const uint8_t *T1__ID_CONTEXT;
uint8_t T1__ID_CONTEXT_LEN;

const uint8_t T1__MASTER_SECRET[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
					0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
					0x0d, 0x0e, 0x0f };
uint8_t T1__MASTER_SECRET_LEN = sizeof(T1__MASTER_SECRET);

const uint8_t *T1__SENDER_ID = NULL;
uint8_t T1__SENDER_ID_LEN = 0;

const uint8_t T1__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22,
				     0x23, 0x78, 0x63, 0x40 };
uint8_t T1__MASTER_SALT_LEN = sizeof(T1__MASTER_SALT);

const uint8_t T1__RECIPIENT_ID[1] = { 0x01 };
uint8_t T1__RECIPIENT_ID_LEN = sizeof(T1__RECIPIENT_ID);

....


static void socket_transmission_work_fn(struct k_work *work)
{
    ....

	enum err r;
	struct context c_client;
	
	struct oscore_init_params params = {
		.master_secret.ptr = (uint8_t *)T1__MASTER_SECRET,
		.master_secret.len = T1__MASTER_SECRET_LEN,
		.sender_id.ptr = (uint8_t *)T1__SENDER_ID,
		.sender_id.len = T1__SENDER_ID_LEN,
		.recipient_id.ptr = (uint8_t *)T1__RECIPIENT_ID,
		.recipient_id.len = T1__RECIPIENT_ID_LEN,
		.master_salt.ptr = (uint8_t *)T1__MASTER_SALT,
		.master_salt.len = T1__MASTER_SALT_LEN,
		.id_context.ptr = (uint8_t *)T1__ID_CONTEXT,
		.id_context.len = T1__ID_CONTEXT_LEN,
		.aead_alg = OSCORE_AES_CCM_16_64_128,
		.hkdf = OSCORE_SHA_256,
		.fresh_master_secret_salt = true,
	};

	r = oscore_context_init(&params, &c_client);	//FAILS RETURNING "unexpected_result_from_ext_lib"

	if(r!=ok) {
		printk("Error in oscore_context_init");
	}

	int coap_len=build_coap_packet();	
	if(coap_len<0) {
		printk("Failed to create coap packet");
	}
		
	r = coap2oscore((uint8_t *)coap_buf, coap_len, (uint8_t *)&oscore_buf, &oscore_buf_len, &c_client);
	if(r!=ok) {
		printk("Error in coap2oscore!");
	}

	err = send(client_fd, oscore_buf, oscore_buf_len, 0);
	if (err < 0) {
		printk("Failed to transmit UDP packet, error: %d\n", errno);
	}

    ...

	k_work_schedule(&socket_transmission_work,
			K_SECONDS(CONFIG_UDP_DATA_UPLOAD_FREQUENCY_SECONDS));
}

It result in failing the oscore initialization function "oscore_context_init" returning "unexpected_result_from_ext_lib"

I supposed there are still some problems coming from mbedtls configuration, or maybe some kind of uncompatibility.

Anyone did use uoscore library and encountered this kind of problems?

What's wrong?

Reply