OSCORE (https://tools.ietf.org/html/draft-ietf-core-object-security-07) is a mechanism to encrypt Constrained Application Protocol (CoAP - RFC7252). OSCORE is in working group last call in IETF CORE. OSCORE message can also be carried within HTTP, signaled with a special header. This is to support HTTP-to-CoAP translation proxies.
To dissect OSCORE, I am thinking of implementing it as a separate dissector, triggered when CoAP message contains an Object-Security option, or an HTTP message with Object-Security header.
Once OSCORE message is decrypted, the payload is dissected using functions that are internal (static) to the CoAP dissector (CoAP option parsing, resolution of decrypted CoAP code, dissection of application data). To do this, I plan on exporting different CoAP functions and calling them from the OSCORE dissector.
Is this the way to go?
