1 /* 2 Copyright (c) 2021 Fraunhofer AISEC. See the COPYRIGHT 3 file at the top-level directory of this distribution. 4 5 Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or 6 http://www.apache.org/licenses/LICENSE-2.0> or the MIT license 7 <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your 8 option. This file may not be copied, modified, or distributed 9 except according to those terms. 10 */ 11 #ifndef CRYPTO_WRAPPER_H 12 #define CRYPTO_WRAPPER_H 13 14 #include "byte_array.h" 15 #include "oscore_edhoc_error.h" 16 17 #include "edhoc/suites.h" 18 19 /*Indicates what kind of operation a symmetric cipher will execute*/ 20 enum aes_operation { 21 ENCRYPT, 22 DECRYPT, 23 }; 24 25 /** 26 * @brief Calculates AEAD encryption decryption. 27 * 28 * @param op Operation to be executed (ENCRYPT or DECRYPT). 29 * @param[in] in Input message. 30 * @param[in] key The symmetric key to be used. 31 * @param[in] nonce The nonce. 32 * @param[in] aad Additional authenticated data. 33 * @param[out] out The cipher text. 34 * @param[in,out] tag The authentication tag. 35 * @return Ok or error code. 36 */ 37 enum err aead(enum aes_operation op, const struct byte_array *in, 38 const struct byte_array *key, struct byte_array *nonce, 39 const struct byte_array *aad, struct byte_array *out, 40 struct byte_array *tag); 41 42 /** 43 * @brief Derives ECDH shared secret. 44 * 45 * @param alg The ECDH algorithm to be used. 46 * @param[in] sk Private key. 47 * @param[in] pk Public key. 48 * @param[out] shared_secret The result. 49 * @return Ok or error code. 50 */ 51 enum err shared_secret_derive(enum ecdh_alg alg, const struct byte_array *sk, 52 const struct byte_array *pk, 53 uint8_t *shared_secret); 54 55 /** 56 * @brief HKDF extract function, see rfc5869. 57 * 58 * @param alg Hash algorithm to be used. 59 * @param[in] salt Salt value. 60 * @param[in] ikm Input keying material. 61 * @param[out] out The result. 62 * @return Ok or error code. 63 */ 64 enum err hkdf_extract(enum hash_alg alg, const struct byte_array *salt, 65 struct byte_array *ikm, uint8_t *out); 66 67 /** 68 * @brief HKDF expand function, see rfc5869. 69 * 70 * @param alg Hash algorithm to be used. 71 * @param[in] prk Input pseudo random key. 72 * @param[in] info Info input parameter. 73 * @param[out] out The result. 74 * @return Ok or error code. 75 */ 76 enum err hkdf_expand(enum hash_alg alg, const struct byte_array *prk, 77 const struct byte_array *info, struct byte_array *out); 78 79 /** 80 * @brief Computes a hash. 81 * 82 * @param alg The hash algorithm to be used. 83 * @param[in] in The input message. 84 * @param[out] out The hash. 85 * @return Ok or error code. 86 */ 87 enum err hash(enum hash_alg alg, const struct byte_array *in, 88 struct byte_array *out); 89 90 /** 91 * @brief Verifies an asymmetric signature. 92 * @param alg Signature algorithm to be used. 93 * @param[in] sk Secret key. 94 * @param[in] pk Public key. 95 * @param[in] msg The message to be signed. 96 * @param[out] out Signature. 97 * @return Ok or error code. 98 */ 99 enum err sign(enum sign_alg alg, const struct byte_array *sk, 100 const struct byte_array *pk, const struct byte_array *msg, 101 uint8_t *out); 102 103 /** 104 * @brief Verifies an asymmetric signature. 105 * 106 * @param alg Signature algorithm to be used. 107 * @param[in] pk Public key. 108 * @param[in] msg The signed message. 109 * @param[in] sgn Signature. 110 * @param[out] result True if the verification is successfully. 111 * @return Ok or error code. 112 */ 113 enum err verify(enum sign_alg alg, const struct byte_array *pk, 114 struct const_byte_array *msg, struct const_byte_array *sgn, 115 bool *result); 116 117 /** 118 * @brief HKDF function used for the derivation of the 119 * Common IV, Recipient/Sender keys. 120 * 121 * @param[in] master_secret The master secret. 122 * @param[in] master_salt The master salt. 123 * @param[in] info A CBOR structure containing id, id_context, 124 * alg_aead, type, L. 125 * @param[out] out The derived Common IV, Recipient/Sender keys 126 * @return Ok or error code. 127 */ 128 enum err hkdf_sha_256(struct byte_array *master_secret, 129 struct byte_array *master_salt, struct byte_array *info, 130 struct byte_array *out); 131 132 #ifdef EDHOC_MOCK_CRYPTO_WRAPPER 133 /* 134 * Elliptic curve based signature algorithms generate signatures that are not 135 * deterministic. In order to test edhoc module against test vectors provided 136 * by the RFC authors, a mocking functionality has been added. 137 * 138 * When EDHOC_MOCK_CRYPTO_WRAPPER macro is defined, structure 139 * edhoc_crypto_mock_cb can be used to define values returned/generated by 140 * the sign() and aead() functions. Predefined value will be used only if the 141 * function has been called with arguments values matching those provided in 142 * edhoc_crypto_mock_cb.aead_in_out / edhoc_crypto_mock_cb.sign_in_out structure. 143 * 144 * When there is no matching arguments, the function aead()/sign() will 145 * continue normally. 146 */ 147 struct edhoc_mock_aead_in_out { 148 struct byte_array out; 149 struct byte_array in; 150 struct byte_array key; 151 struct byte_array nonce; 152 struct byte_array aad; 153 struct byte_array tag; 154 }; 155 156 struct edhoc_mock_sign_in_out { 157 enum sign_alg curve; 158 struct byte_array sk; 159 struct byte_array pk; 160 struct byte_array msg; 161 struct byte_array out; 162 }; 163 164 struct edhoc_mock_cb { 165 int aead_in_out_count; 166 struct edhoc_mock_aead_in_out *aead_in_out; 167 int sign_in_out_count; 168 struct edhoc_mock_sign_in_out *sign_in_out; 169 }; 170 171 extern struct edhoc_mock_cb edhoc_crypto_mock_cb; 172 #endif // EDHOC_MOCK_CRYPTO_WRAPPER 173 174 #endif 175
