1COAP-OSCORE-CONF(5)     Coap OSCORE configuration file     COAP-OSCORE-CONF(5)
2
3
4

NAME

6       coap-oscore-conf - CoAP OSCORE configuration file format
7

DESCRIPTION

9       The OSCORE configuration file is read in when using the *-E*
10       oscore_conf_file option for the coap-client(5) or coap-server(5)
11       executables. This then allows a client or server to use OSCORE to
12       protect the CoAP information between endpoints (RFC8613).
13
14       It is also read in and parsed by coap_new_oscore_conf(3).
15
16       This configuration file can be a configuration held in memory, the
17       formatting of the memory region is same as that for a file as if the
18       file was mapped into memory. The coap_new_oscore_conf(3) function uses
19       the memory version of the file.
20
21       The configuration file comprises of a set of keywords, the value of the
22       keyword encoding type and the keyword value, one per line, comma
23       separated.
24
25       keyword,encoding,value
26
27       The keywords are case sensitive. If a line starts with a #, then it is
28       treated as a comment line and so is ignored. Empty lines are also valid
29       and ignored.
30
31       The possible encodings are:
32
33       ascii
34           The value is encoded as a binary representation of the ascii
35           string. This string can optionally be enclosed in ".
36
37       bool
38           The textual string is either true or false and is subsequently
39           encoded as an integer number.
40
41       hex
42           The value is encoded as a binary representation of the hex string.
43           This string can optionally be enclosed in ".
44
45       integer
46           The value is encoded as an integer number.
47
48       text
49           The string value is mapped and then encoded as an integer number.
50           This string can optionally be enclosed in ". A subset of the Names
51           from https://www.iana.org/assignments/cose/cose.xhtml#algorithms or
52           https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves
53           are supported.
54
55       The valid keywords are:
56
57       master_secret
58           (hex or ascii) (Required) (No default)
59
60           "RFC8613 Section 3.1. Security Context Definition". Master Secret.
61           Variable length. Must be the same for both client and server.
62
63       master_salt
64           (hex or ascii) (Optional) (No default)
65
66           "RFC8613 Section 3.1. Security Context Definition". Master Salt.
67           Variable length. Must be the same for both client and server.
68
69       id_context
70           (hex or ascii) (Optional) (No default)
71
72           "RFC8613 Section 3.1. Security Context Definition". ID Context.
73           Variable length. Must be the same for both client and server.
74
75       sender_id
76           (hex or ascii) (Required) (No default)
77
78           "RFC8613 Section 3.1. Security Context Definition". Sender ID. This
79           is the local application ID. Maximum length is determined by the
80           AEAD Algorithm (typically 7 bytes).
81
82       recipient_id
83           (hex or ascii) (Required for client, else Optional) (No default)
84
85           "RFC8613 Section 3.1. Security Context Definition". Recipient ID.
86           This is the remote peer application ID. Maximum length is
87           determined by the AEAD Algorithm (typically 7 bytes). For servers,
88           there can be zero or more (unique) recipient_ids. Additional
89           recipient_ids can be added programmatically to the OSCORE
90           configuration - see coap_new_oscore_recipient(3). For clients,
91           there should only be one recipient_id (only the first is used).
92
93       replay_window
94           (integer) (Optional) (Default is 32)
95
96           "RFC8613 Section 3.1. Security Context Definition". Recipient
97           Replay Window (Server Only). Supported values are 1 - 63.
98
99       aead_alg
100           (integer or text) (Optional) (Default is 10 or "AES-CCM-16-64-128")
101
102           "RFC8613 Section 3.1. Security Context Definition". AEAD Algorithm.
103           Only the mandatory and a small subset of the algorithms are
104           supported depending on the TLS library.
105
106       hkdf_alg
107           (integer or text) (Optional) (Default is -10 or
108           "direct+HKDF-SHA-256")
109
110           "RFC8613 Section 3.1. Security Context Definition". HDKF Algorithm.
111           Only the mandatory and a small subset of the algorithms are
112           supported depending on the TLS library.
113
114       rfc8613_b_1_2
115           (bool) (Optional) (Default is true)
116
117           "RFC8613 Appendix B.1.2. Replay Window". Enable server rebooting
118           Replay Window.
119
120       rfc8613_b_2
121           (bool) (Optional) (Default is false)
122
123           "RFC8613 Appendix B.2. Security Context Derived Multiple Times".
124           Enable Security Context protocol.
125
126       ssn_freq
127           (integer) (Optional) (Default is 1)
128
129           "RFC8613 Appendix B.1.1. Sender Sequence Number". Sender Sequence
130           Number frequency non-volatile storage update rate. Has to be a
131           positive number.
132
133       Diagnostic testing options
134
135       break_sender_key
136           (bool) (Optional) (Default is false)
137
138           Enable random breaking of the derived sender key.
139
140       break_recipient_key
141           (bool) (Optional) (Default is false)
142
143           Enable random breaking of the derived recipient key.
144

EXAMPLE SERVER OSCORE CONFIGURATION FILE

146           # Master Secret (same for both client and server)
147           master_secret,hex,"0102030405060708090a0b0c0d0e0f10"
148
149           # Master Salt (same for both client and server)
150           master_salt,hex,"9e7ca92223786340"
151
152           # Sender ID
153           sender_id,ascii,"server"
154
155           # Recipient ID
156           recipient_id,ascii,"client"
157
158           # Replay Window (usually 32)
159           replay_window,integer,32
160
161           # AEAD COSE Cipher Algorithm (usually 10)
162           aead_alg,integer,10
163
164           # HKDF COSE Algorithm (usually -10)
165           hkdf_alg,integer,-10
166

EXAMPLE CLIENT OSCORE CONFIGURATION FILE

168           # Master Secret (same for both client and server)
169           master_secret,hex,"0102030405060708090a0b0c0d0e0f10"
170
171           # Master Salt (same for both client and server)
172           master_salt,hex,"9e7ca92223786340"
173
174           # Sender ID (This is the client who is the Sender)
175           sender_id,ascii,"client"
176
177           # Recipient ID (It is the server that is remote)
178           recipient_id,ascii,"server"
179
180           # Replay Window (usually 32)
181           replay_window,integer,32
182
183           # AEAD COSE Cipher Algorithm (usually 10)
184           aead_alg,integer,10
185
186           # HKDF COSE Algorithm (usually -10)
187           hkdf_alg,integer,-10
188

SEE ALSO

190       coap-client(5), coap-server(5) and coap_new_oscore_conf(3)
191

FURTHER INFORMATION

193       See
194
195       "RFC8613: Object Security for Constrained RESTful Environments
196       (OSCORE)"
197
198       for further information.
199

BUGS

201       Please report bugs on the mailing list for libcoap:
202       libcoap-developers@lists.sourceforge.net or raise an issue on GitHub at
203       https://github.com/obgm/libcoap/issues
204

AUTHORS

206       The libcoap project <libcoap-developers@lists.sourceforge.net>
207
208
209
210coap-oscore-conf 4.3.4            10/09/2023               COAP-OSCORE-CONF(5)
Impressum