1 /*
2    Copyright (c) 2021 Fraunhofer AISEC. See the COPYRIGHT
3    file at the top-level directory of this distribution.
4 
5    Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
6    http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
7    <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
8    option. This file may not be copied, modified, or distributed
9    except according to those terms.
10 */
11 #ifndef CRYPTO_WRAPPER_H
12 #define CRYPTO_WRAPPER_H
13 
14 #include "byte_array.h"
15 #include "oscore_edhoc_error.h"
16 
17 #include "edhoc/suites.h"
18 
19 /*Indicates what kind of operation a symmetric cipher will execute*/
20 enum aes_operation {
21 	ENCRYPT,
22 	DECRYPT,
23 };
24 
25 /**
26  * @brief   Calculates AEAD encryption decryption
27  * @param   op opeartion to be executed (ENCRYPT or DECRYPT)
28  * @param   in  input message
29  * @param   in_len length of in
30  * @param   key the symmetric key to be used
31  * @param   key_len length of key
32  * @param   nonce the nonce
33  * @param   nonce_len length of nonce
34  * @param   aad additional authenticated data
35  * @param   aad_len length of add
36  * @param   out the cipher text
37  * @param   out_len the length of out
38  * @param   tag the authentication tag
39  * @param   tag_len the length of tag
40  * @retval  an err code
41  */
42 enum err aead(enum aes_operation op, const uint8_t *in, const uint32_t in_len,
43 	      const uint8_t *key, const uint32_t key_len, uint8_t *nonce,
44 	      const uint32_t nonce_len, const uint8_t *aad,
45 	      const uint32_t aad_len, uint8_t *out, const uint32_t out_len,
46 	      uint8_t *tag, const uint32_t tag_len);
47 
48 /**
49  * @brief   Derives ECDH shared secret
50  * @param   alg the ECDH algorithm
51  * @param   sk private key
52  * @param   sk_len length of sk
53  * @param   pk public key
54  * @param   pk_len length of pk
55  * @param   shared_secret the result
56  * @retval  an err code
57  */
58 enum err shared_secret_derive(enum ecdh_alg alg, const uint8_t *sk,
59 			      const uint32_t sk_len, const uint8_t *pk,
60 			      const uint32_t pk_len, uint8_t *shared_secret);
61 
62 /**
63  * @brief   HKDF extract function, see rfc5869
64  * @param   alg hash algorithm to be used
65  * @param   salt salt value
66  * @param   salt_len length of salt
67  * @param   ikm input keying material
68  * @param   ikm_len length of ikm
69  * @param   out result
70  * @retval  an err code
71  */
72 enum err hkdf_extract(enum hash_alg alg, const uint8_t *salt, uint32_t salt_len,
73 		      uint8_t *ikm, uint32_t ikm_len, uint8_t *out);
74 
75 /**
76  * @brief   HKDF expand function, see rfc5869
77  * @param   alg hash algorithm to be used
78  * @param   prk input pseudo random key
79  * @param   prk_len length of prk
80  * @param   info info input parameter
81  * @param   info_len length of info
82  * @param   out the result
83  * @param   out_len length of out
84  * @retval  an err code
85  */
86 enum err hkdf_expand(enum hash_alg alg, const uint8_t *prk,
87 		     const uint32_t prk_len, const uint8_t *info,
88 		     const uint32_t info_len, uint8_t *out, uint32_t out_len);
89 
90 /**
91  * @brief   calculates a hash
92  * @param   alg the hash algorithm
93  * @param   in input message
94  * @param   in_len length of in
95  * @param   out the hash
96  * @retval  an err code
97  */
98 enum err hash(enum hash_alg alg, const uint8_t *in, const uint32_t in_len,
99 	      uint8_t *out);
100 
101 /**
102  * @brief   Verifies an asymmetric signature
103  * @param   alg signature algorithm to be used
104  * @param   sk secret key
105  * @param   sk_len length of sk
106  * @param   pk public key
107  * @param   msg the message to be signed
108  * @param   msg_len length of msg
109  * @param   out signature
110  * @retval  an err code
111  */
112 enum err sign(enum sign_alg alg, const uint8_t *sk, const uint32_t sk_len,
113 	      const uint8_t *pk, const uint8_t *msg, const uint32_t msg_len,
114 	      uint8_t *out);
115 
116 /**
117  * @brief   Verifies an asymmetric signature
118  * @param   alg signature algorithm to be used
119  * @param   pk public key
120  * @param   pk_len length of pk
121  * @param   msg the signed message
122  * @param   msg_len length of msg
123  * @param   sgn signature
124  * @param   sgn_len length of sgn
125  * @param   result true if the signature verification is successfully
126  * @retval  an err code
127  */
128 enum err verify(enum sign_alg alg, const uint8_t *pk, const uint32_t pk_len,
129 		const uint8_t *msg, const uint32_t msg_len, const uint8_t *sgn,
130 		const uint32_t sgn_len, bool *result);
131 
132 /**
133  * @brief   HKDF funcion used for the derivation of the Common IV,
134  *          Recipient/Sender keys.
135  * @param   master_secret the master secret
136  * @param   master_salt the master salt
137  * @param   info a CBOR structure containing id, id_context, alg_aead, type, L
138  * @param   out the derived Common IV, Recipient/Sender keys
139  */
140 enum err hkdf_sha_256(struct byte_array *master_secret,
141 		      struct byte_array *master_salt, struct byte_array *info,
142 		      struct byte_array *out);
143 
144 #ifdef EDHOC_MOCK_CRYPTO_WRAPPER
145 /*
146  * Eliptic curve based signature algorithms generate signatures that are not deterministic. In order to test edhoc
147  * module against test vectors provided by the RFC authors, a mocking functionality has been added.
148  *
149  * When EDHOC_MOCK_CRYPTO_WRAPPER macro is defined, structure edhoc_crypto_mock_cb can be used to define values
150  * returned/generated by the sign() and aead() functions. Predefined value will be used only if the function
151  * has been called with arguments values matching those provided in
152  * edhoc_crypto_mock_cb.aead_in_out / edhoc_crypto_mock_cb.sign_in_out structure.
153  *
154  * When there is no matching arguments, the function aead()/sign() will continue normally.
155  */
156 struct edhoc_mock_aead_in_out{
157 	struct byte_array out;
158 	struct byte_array in;
159 	struct byte_array key;
160 	struct byte_array nonce;
161 	struct byte_array aad;
162 	struct byte_array tag;
163 };
164 
165 struct edhoc_mock_sign_in_out {
166 	enum sign_alg curve;
167 	struct byte_array sk;
168 	struct byte_array pk;
169 	struct byte_array msg;
170 	struct byte_array out;
171 };
172 
173 struct edhoc_mock_cb {
174 	int aead_in_out_count;
175 	struct edhoc_mock_aead_in_out *aead_in_out;
176 	int sign_in_out_count;
177 	struct edhoc_mock_sign_in_out *sign_in_out;
178 };
179 
180 extern struct edhoc_mock_cb edhoc_crypto_mock_cb;
181 #endif // EDHOC_MOCK_CRYPTO_WRAPPER
182 
183 #endif
184