1 /* 2 Copyright (c) 2021 Fraunhofer AISEC. See the COPYRIGHT 3 file at the top-level directory of this distribution. 4 5 Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or 6 http://www.apache.org/licenses/LICENSE-2.0> or the MIT license 7 <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your 8 option. This file may not be copied, modified, or distributed 9 except according to those terms. 10 */ 11 12 #ifndef OSCORE_H 13 #define OSCORE_H 14 15 #include <stdbool.h> 16 #include <stdint.h> 17 18 #include "oscore/security_context.h" 19 #include "oscore/supported_algorithm.h" 20 21 #include "common/byte_array.h" 22 #include "common/oscore_edhoc_error.h" 23 #include "common/print_util.h" 24 25 #ifndef OSCORE_MAX_PLAINTEXT_LEN 26 #define OSCORE_MAX_PLAINTEXT_LEN 128 27 #endif 28 29 #define MAX_PLAINTEXT_LEN OSCORE_MAX_PLAINTEXT_LEN 30 #define MAX_CIPHERTEXT_LEN MAX_PLAINTEXT_LEN + AUTH_TAG_LEN 31 #define MAX_COAP_OPTIONS_LEN 128 32 #define MAX_E_OPTIONS 30 33 #define MAX_I_OPTIONS 30 34 35 /** 36 * Each endpoint derives the parameters in the security context from a 37 * small set of input parameters. 38 */ 39 struct oscore_init_params { 40 enum dev_type dev_type; 41 /*master_secret must be provided. Currently 16 byte secrets are supported*/ 42 const struct byte_array master_secret; 43 /*sender_id must be provided*/ 44 const struct byte_array sender_id; 45 /*recipient_id must be provided*/ 46 const struct byte_array recipient_id; 47 48 /*The specification doesn't describe how the ID Context is created */ 49 /*When the user wants to use ID Context it has to provide it in the initialization of the client. The servers ID Context is transported in the oscore option*/ 50 struct byte_array id_context; 51 /*master_salt is optional (default empty byte string)*/ 52 const struct byte_array master_salt; 53 /*aead_alg is optional (default AES-CCM-16-64-128)*/ 54 const enum AEAD_algorithm aead_alg; 55 /*kdf is optional (default HKDF-SHA-256)*/ 56 const enum hkdf hkdf; 57 }; 58 59 /** 60 * @brief Initialize security context of OSCORE, including common context, 61 * recipient context and sender context. 62 * 63 * @param params a struct containing the initialization parameters 64 * @param context a struct containing the contexts 65 * @return err 66 */ 67 enum err oscore_context_init(struct oscore_init_params *params, 68 struct context *c); 69 70 /** 71 * @brief Checks if the packet in buf_in is a OSCORE packet. 72 * If so it converts it to a CoAP packet and sets the oscore_pkg to 73 * true in order to indicate the caller function that a 74 * OSCORE packet was received. 75 * 76 * @param buf_in a buffer containing an incoming packet which can be 77 * OSCORE or CoAP packet. 78 * @param buf_in_len length of the data in the buf_in 79 * @param buf_out when a OSCORE packet is found and decrypted the 80 * resulting CoAP is saved in buf_out 81 * @param buf_out_len length of the CoAP packet 82 * @param oscore_pkg_flag true if the received packet was OSOCRE, if the 83 * packet was CoAP false 84 * @param c pointer to a security context 85 * @param oscore_pkg indicates if an incoming packet is OSCORE 86 * @return err 87 */ 88 enum err oscore2coap(uint8_t *buf_in, uint32_t buf_in_len, uint8_t *buf_out, 89 uint32_t *buf_out_len, bool *oscore_pkg_flag, 90 struct context *c); 91 92 /** 93 *@brief Converts a CoAP packet to OSCORE packet 94 * 95 *@param buf_o_coap a buffer containing a CoAP packet 96 *@param buf_o_coap_len length of the CoAP buffer 97 *@param buf_oscore a buffer where the OSCORE packet will be written 98 *@param buf_oscore_len length of the OSCORE packet 99 *@param c a struct containing the OSCORE context 100 *@return err 101 */ 102 enum err coap2oscore(uint8_t *buf_o_coap, uint32_t buf_o_coap_len, 103 uint8_t *buf_oscore, uint32_t *buf_oscore_len, 104 struct context *c); 105 106 #endif 107
