2 unstable releases
new 0.1.0 | Mar 25, 2025 |
---|---|
0.0.0 | Dec 1, 2024 |
#617 in No standard library
74 downloads per month
145KB
2K
SLoC
A CoAP security tool for embedded devices, supporting OSCORE/EDHOC and managing credentials.
This crate is under active development; breaking changes will be made as necessary. It currently only handles the server side of CoAP exchanges. At runtime, there is more copying of messages than is generally preferred; those result from limitations of underlying tools and are being addressed there.
This crate builds on several components technically and logically:
- libOSCORE provides the OSCORE implementation.
- Lakers provides the EDHOC implementation.
- The combined handling of OSCORE and EDHOC was originally explored in EDF's CoAP/ACE-OAuth proof-of-concept firmware. Since this crate matured, that firmware now uses coapcore.
- The crate is maintained as part of Ariel OS, whose CoAP stack integrates it and manages server access policies. Nothing in this crate depends on Ariel OS, but some examples may refer to it.
Usage
This crate is mainly used with a CoAP stack (something that takes a coap_handler::Handler
)
and a CoAP server application (an implementation of a coap_handler::Handler
). Rather than
passing the handler directly to the stack (which then only applies security mechanisms built
into that concrete stack, if any), a OscoreEdhocHandler
is
created from the application, and passed into the stack.
The arguments passed to the OscoreEdhocHandler
at construction guide its behavior.
Logging
Extensive logging is available in this crate through defmt_or_log
, depending on features
enabled.
Errors from CoAP are currently logged through its Debug2Format
facility, representing a compromise between development and runtime complexity. Should
benchmarks show this to be a significant factor in code size in applications that need error
handling, more fine grained control can be implemented (eg. offering an option to make
Debug2Format merely print the type name or even make it empty).
This crate mainly logs on the trace, debug and error level; the latter provides details when an error is sent over the network and the details are not visible to the peer.
See the book for how defmt is configured in
Ariel OS; outside of
that, regular defmt_or_log
practica applies.
Warning: At the Debug level, this module may show cryptographic key material. This will be revised once all components have been interop-tested.
Caveats
Currently, this has hidden dependencies on a particular implementation of the coap-message
provided (it needs to be a coap_message_implementations::inmemory_write::Message
) by the
stack. There are plans for removing this limitation by integrating deeper with libOSCORE.
Dependencies
~6–10MB
~193K SLoC