Update for primary commit obgm#6 (to be squashed later)

Fix for later versions of MBed TLS

Fix a couple of ifdef which should be if

Author: mrdeep1

src/coap_mbedtls.c

@@ -2755,7 +2755,9 @@ coap_crypto_aead_encrypt(const coap_crypto_param_t *params,
                          size_t *max_result_len) {
   mbedtls_cipher_context_t ctx;
   const coap_crypto_aes_ccm_t *ccm;
+#if (MBEDTLS_VERSION_NUMBER < 0x02150000)
   unsigned char tag[16];
+#endif /* MBEDTLS_VERSION_NUMBER < 0x02150000 */
   int ret = 0;
   size_t result_len = *max_result_len;
   coap_bin_const_t laad;
@@ -2785,6 +2787,7 @@ coap_crypto_aead_encrypt(const coap_crypto_param_t *params,
     laad.length = 0;
   }
 
+#if (MBEDTLS_VERSION_NUMBER < 0x02150000)
   C(mbedtls_cipher_auth_encrypt(&ctx,
                                 ccm->nonce,
                                 15 - ccm->l, /* iv */
@@ -2797,7 +2800,6 @@ coap_crypto_aead_encrypt(const coap_crypto_param_t *params,
                                 tag,
                                 ccm->tag_len /* tag */
                                 ));
-
   /* check if buffer is sufficient to hold tag */
   if ((result_len + ccm->tag_len) > *max_result_len) {
     coap_log(LOG_ERR, "coap_encrypt: buffer too small\n");
@@ -2807,6 +2809,23 @@ coap_crypto_aead_encrypt(const coap_crypto_param_t *params,
   memcpy(result + result_len, tag, ccm->tag_len);
   *max_result_len = result_len + ccm->tag_len;
   ret = 1;
+#else /* MBEDTLS_VERSION_NUMBER >= 0x02150000 */
+  C(mbedtls_cipher_auth_encrypt_ext(&ctx,
+                                    ccm->nonce,
+                                    15 - ccm->l, /* iv */
+                                    laad.s,
+                                    laad.length, /* ad */
+                                    data->s,
+                                    data->length, /* input */
+                                    result,
+                                    result_len,
+                                    &result_len, /* output */
+                                    ccm->tag_len /* tag */
+                                    ));
+  *max_result_len = result_len;
+  ret = 1;
+#endif /* MBEDTLS_VERSION_NUMBER >= 0x02150000 */
+
 error:
   mbedtls_cipher_free(&ctx);
   return ret;
@@ -2820,7 +2839,9 @@ coap_crypto_aead_decrypt(const coap_crypto_param_t *params,
                          size_t *max_result_len) {
   mbedtls_cipher_context_t ctx;
   const coap_crypto_aes_ccm_t *ccm;
+#if (MBEDTLS_VERSION_NUMBER < 0x02150000)
   const unsigned char *tag;
+#endif /* MBEDTLS_VERSION_NUMBER < 0x02150000 */
   int ret = 0;
   size_t result_len = *max_result_len;
   coap_bin_const_t laad;
@@ -2856,6 +2877,7 @@ coap_crypto_aead_decrypt(const coap_crypto_param_t *params,
     laad.length = 0;
   }
 
+#if (MBEDTLS_VERSION_NUMBER < 0x02150000)
   tag = data->s + data->length - ccm->tag_len;
   C(mbedtls_cipher_auth_decrypt(&ctx,
                                 ccm->nonce,
@@ -2869,6 +2891,21 @@ coap_crypto_aead_decrypt(const coap_crypto_param_t *params,
                                 tag,
                                 ccm->tag_len /* tag */
                                 ));
+#else /* MBEDTLS_VERSION_NUMBER >= 0x02150000 */
+  C(mbedtls_cipher_auth_decrypt_ext(&ctx,
+                                    ccm->nonce,
+                                    15 - ccm->l, /* iv */
+                                    laad.s,
+                                    laad.length, /* ad */
+                                    data->s,
+                               //     data->length - ccm->tag_len, /* input */
+                                    data->length, /* input */
+                                    result,
+                                    result_len,
+                                    &result_len, /* output */
+                                    ccm->tag_len /* tag */
+                                    ));
+#endif /* MBEDTLS_VERSION_NUMBER >= 0x02150000 */
 
   *max_result_len = result_len;
   ret = 1;

src/coap_oscore.c

@@ -28,7 +28,7 @@
 static oscore_ctx_t *coap_oscore_init(coap_context_t *c_context,
                                       coap_oscore_conf_t *oscore_conf);
 
-#ifdef COAP_CLIENT_SUPPORT
+#if COAP_CLIENT_SUPPORT
 
 int
 coap_oscore_initiate(coap_session_t *session, coap_oscore_conf_t *oscore_conf) {
@@ -122,7 +122,7 @@ coap_new_client_session_oscore_pki(coap_context_t *ctx,
   return session;
 }
 #endif /* COAP_CLIENT_SUPPORT */
-#ifdef COAP_SERVER_SUPPORT
+#if COAP_SERVER_SUPPORT
 
 int
 coap_context_oscore_server(coap_context_t *context,
@@ -787,7 +787,9 @@ coap_oscore_decrypt_pdu(coap_session_t *session,
   uint8_t external_aad_buffer[100];
   coap_bin_const_t external_aad;
   oscore_sender_ctx_t *snd_ctx = NULL;
+#if COAP_CLIENT_SUPPORT
   coap_pdu_t *sent_pdu = NULL;
+#endif /* COAP_CLIENT_SUPPORT */
 
   opt = coap_check_option(pdu, COAP_OPTION_OSCORE, &opt_iter);
   assert(opt);
@@ -1013,8 +1015,8 @@ coap_oscore_decrypt_pdu(coap_session_t *session,
       rcp_ctx = association->recipient_ctx;
       osc_ctx = rcp_ctx->osc_ctx;
       snd_ctx = osc_ctx->sender_context;
+#if COAP_CLIENT_SUPPORT
       sent_pdu = association->sent_pdu;
-#ifdef COAP_CLIENT_SUPPORT
       if (session->b_2_step != COAP_OSCORE_B_2_NONE) {
         const uint8_t *ptr = cose->kid_context.s;
 
@@ -1366,7 +1368,7 @@ coap_oscore_decrypt_pdu(coap_session_t *session,
                              1);
     goto error_no_ack;
   }
-#ifdef COAP_CLIENT_SUPPORT
+#if COAP_CLIENT_SUPPORT
   if (session->b_2_step == COAP_OSCORE_B_2_STEP_3) {
     /*
      * Need to update Security Context with new (R2 || R3) ID Context
@@ -1404,7 +1406,7 @@ coap_oscore_decrypt_pdu(coap_session_t *session,
   }
 #endif /* COAP_CLIENT_SUPPORT */
 
-#ifdef COAP_SERVER_SUPPORT
+#if COAP_SERVER_SUPPORT
   /* Appendix B.1.2 request Trap */
   if (coap_request && osc_ctx->rfc8613_b_1_2) {
     if (rcp_ctx->initial_state == 1) {

src/coap_session.c

@@ -1751,7 +1751,7 @@ const char *coap_endpoint_str(const coap_endpoint_t *endpoint) {
   return szEndpoint;
 }
 #endif /* COAP_SERVER_SUPPORT */
-#ifdef COAP_CLIENT_SUPPORT
+#if COAP_CLIENT_SUPPORT
 void
 coap_session_set_no_observe_cancel(coap_session_t *session) {
   session->no_observe_cancel = 1;