1 /* 2 Copyright (c) 2021 Fraunhofer AISEC. See the COPYRIGHT 3 file at the top-level directory of this distribution. 4 5 Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or 6 http://www.apache.org/licenses/LICENSE-2.0> or the MIT license 7 <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your 8 option. This file may not be copied, modified, or distributed 9 except according to those terms. 10 */ 11 #ifndef CRYPTO_WRAPPER_H 12 #define CRYPTO_WRAPPER_H 13 14 #include "byte_array.h" 15 #include "oscore_edhoc_error.h" 16 17 #include "edhoc/suites.h" 18 19 /*Indicates what kind of operation a symmetric cipher will execute*/ 20 enum aes_operation { 21 ENCRYPT, 22 DECRYPT, 23 }; 24 25 /** 26 * @brief Calculates AEAD encryption decryption 27 * @param op opeartion to be executed (ENCRYPT or DECRYPT) 28 * @param in input message 29 * @param in_len length of in 30 * @param key the symmetric key to be used 31 * @param key_len length of key 32 * @param nonce the nonce 33 * @param nonce_len length of nonce 34 * @param aad additional authenticated data 35 * @param aad_len length of add 36 * @param out the cipher text 37 * @param out_len the length of out 38 * @param tag the authentication tag 39 * @param tag_len the length of tag 40 * @retval an err code 41 */ 42 enum err aead(enum aes_operation op, const uint8_t *in, const uint32_t in_len, 43 const uint8_t *key, const uint32_t key_len, uint8_t *nonce, 44 const uint32_t nonce_len, const uint8_t *aad, 45 const uint32_t aad_len, uint8_t *out, const uint32_t out_len, 46 uint8_t *tag, const uint32_t tag_len); 47 48 /** 49 * @brief Derives ECDH shared secret 50 * @param alg the ECDH algorithm 51 * @param sk private key 52 * @param sk_len length of sk 53 * @param pk public key 54 * @param pk_len length of pk 55 * @param shared_secret the result 56 * @retval an err code 57 */ 58 enum err shared_secret_derive(enum ecdh_alg alg, const uint8_t *sk, 59 const uint32_t sk_len, const uint8_t *pk, 60 const uint32_t pk_len, uint8_t *shared_secret); 61 62 /** 63 * @brief HKDF extract function, see rfc5869 64 * @param alg hash algorithm to be used 65 * @param salt salt value 66 * @param salt_len length of salt 67 * @param ikm input keying material 68 * @param ikm_len length of ikm 69 * @param out result 70 * @retval an err code 71 */ 72 enum err hkdf_extract(enum hash_alg alg, const uint8_t *salt, uint32_t salt_len, 73 uint8_t *ikm, uint32_t ikm_len, uint8_t *out); 74 75 /** 76 * @brief HKDF expand function, see rfc5869 77 * @param alg hash algorithm to be used 78 * @param prk input pseudo random key 79 * @param prk_len length of prk 80 * @param info info input parameter 81 * @param info_len length of info 82 * @param out the result 83 * @param out_len length of out 84 * @retval an err code 85 */ 86 enum err hkdf_expand(enum hash_alg alg, const uint8_t *prk, 87 const uint32_t prk_len, const uint8_t *info, 88 const uint32_t info_len, uint8_t *out, uint32_t out_len); 89 90 /** 91 * @brief calculates a hash 92 * @param alg the hash algorithm 93 * @param in input message 94 * @param in_len length of in 95 * @param out the hash 96 * @retval an err code 97 */ 98 enum err hash(enum hash_alg alg, const uint8_t *in, const uint32_t in_len, 99 uint8_t *out); 100 101 /** 102 * @brief Verifies an asymmetric signature 103 * @param alg signature algorithm to be used 104 * @param sk secret key 105 * @param sk_len length of sk 106 * @param pk public key 107 * @param msg the message to be signed 108 * @param msg_len length of msg 109 * @param out signature 110 * @retval an err code 111 */ 112 enum err sign(enum sign_alg alg, const uint8_t *sk, const uint32_t sk_len, 113 const uint8_t *pk, const uint8_t *msg, const uint32_t msg_len, 114 uint8_t *out); 115 116 /** 117 * @brief Verifies an asymmetric signature 118 * @param alg signature algorithm to be used 119 * @param pk public key 120 * @param pk_len length of pk 121 * @param msg the signed message 122 * @param msg_len length of msg 123 * @param sgn signature 124 * @param sgn_len length of sgn 125 * @param result true if the signature verification is successfully 126 * @retval an err code 127 */ 128 enum err verify(enum sign_alg alg, const uint8_t *pk, const uint32_t pk_len, 129 const uint8_t *msg, const uint32_t msg_len, const uint8_t *sgn, 130 const uint32_t sgn_len, bool *result); 131 132 /** 133 * @brief HKDF funcion used for the derivation of the Common IV, 134 * Recipient/Sender keys. 135 * @param master_secret the master secret 136 * @param master_salt the master salt 137 * @param info a CBOR structure containing id, id_context, alg_aead, type, L 138 * @param out the derived Common IV, Recipient/Sender keys 139 */ 140 enum err hkdf_sha_256(struct byte_array *master_secret, 141 struct byte_array *master_salt, struct byte_array *info, 142 struct byte_array *out); 143 144 #ifdef EDHOC_MOCK_CRYPTO_WRAPPER 145 /* 146 * Eliptic curve based signature algorithms generate signatures that are not deterministic. In order to test edhoc 147 * module against test vectors provided by the RFC authors, a mocking functionality has been added. 148 * 149 * When EDHOC_MOCK_CRYPTO_WRAPPER macro is defined, structure edhoc_crypto_mock_cb can be used to define values 150 * returned/generated by the sign() and aead() functions. Predefined value will be used only if the function 151 * has been called with arguments values matching those provided in 152 * edhoc_crypto_mock_cb.aead_in_out / edhoc_crypto_mock_cb.sign_in_out structure. 153 * 154 * When there is no matching arguments, the function aead()/sign() will continue normally. 155 */ 156 struct edhoc_mock_aead_in_out{ 157 struct byte_array out; 158 struct byte_array in; 159 struct byte_array key; 160 struct byte_array nonce; 161 struct byte_array aad; 162 struct byte_array tag; 163 }; 164 165 struct edhoc_mock_sign_in_out { 166 enum sign_alg curve; 167 struct byte_array sk; 168 struct byte_array pk; 169 struct byte_array msg; 170 struct byte_array out; 171 }; 172 173 struct edhoc_mock_cb { 174 int aead_in_out_count; 175 struct edhoc_mock_aead_in_out *aead_in_out; 176 int sign_in_out_count; 177 struct edhoc_mock_sign_in_out *sign_in_out; 178 }; 179 180 extern struct edhoc_mock_cb edhoc_crypto_mock_cb; 181 #endif // EDHOC_MOCK_CRYPTO_WRAPPER 182 183 #endif 184