coapcore
An OSCORE/EDHOC middleware for CoAP
At FrOSCon 19, 2024-08-17, RIOT devroom
CoAP
Think HTTP, but for embedded (~100KiB ROM)
| HTTP | CoAP |
| TCP | UDP |
| IPv6 | IPv6 |
| Ethernet | 6LoWPAN |
| WiFi | 802.15.4 |
CoAP in Rust
- Message abstraction: Read and write code, options and payload.
- Handler abstraction: Extract from message, write response (single buffer)
- Handler implementations: CBOR, text, hardware
- Handler users: TCP, UDP, GATT
Disclaimer: 1-person project (but integrated in coap-rs etc.)
Adding OSCORE and EDHOC
| Request-Response | Asymmetric Key |
| OSCORE | EDHOC |
| Request-Response | |
| CoAP-over-UDP | CoAP-over-others |
| Datagram | |
| UDP | |
Avoiding new interfaces
"Is this client authorized to access this resource?"
fn extract_request_data<M: ReadableMessage>( &mut self, request: &M ) -> Result<Self::RequestData, Self::ExtractRequestError> { // Careful here, user may not be authorized yet! request.how_do_i_query_the_credentials()?; }
Not at all: Managed security.
Setup trade
I get:
- "Keep up to 4 contexts"
- "Accept signed tokens for CWT as part of this group"
- "Accept just this RPK for those rights"
You get:
- Request accepted, or 4.01
Outlook
At one point, we'll need more.
Dynamic REST AIF
Non-AIF access control
Use in RIOT-rs
- riot-rs-coap: Selects and combines backends
- coapcore: To be configured by the OS configuration setup