libcoap 4.3.5-develop-72190a8
Loading...
Searching...
No Matches
oscore_cose.c
Go to the documentation of this file.
1/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
3/*
4 * Copyright (c) 2018, SICS, RISE AB
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the Institute nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 */
32
47#include "stdio.h"
48
50 const char *name;
52};
53
54static struct cose_curve_desc curve_mapping[] = {
55 { "P-256", COSE_CURVE_P_256 },
56 { "X25519", COSE_CURVE_X25519 },
57 { "X448", COSE_CURVE_X448 },
58 { "Ed25519", COSE_CURVE_ED25519 },
59 { "Ed448", COSE_CURVE_ED448 },
60 { "secp256k1", COSE_CURVE_SECP256K1 },
61};
62
63const char *
64cose_get_curve_name(cose_curve_t id, char *buffer, size_t buflen) {
65 for (size_t i = 0; i < sizeof(curve_mapping)/sizeof(curve_mapping[0]); i++) {
66 if (id == curve_mapping[i].id) {
67 snprintf(buffer, buflen, "%s (%d)", curve_mapping[i].name, id);
68 return buffer;
69 }
70 }
71 snprintf(buffer, buflen, "curve Fix me (%d)", id);
72 return buffer;
73}
74
76cose_get_curve_id(const char *name) {
77 for (size_t i = 0; i < sizeof(curve_mapping)/sizeof(curve_mapping[0]); i++) {
78 if (strcmp(name, curve_mapping[i].name) == 0)
79 return curve_mapping[i].id;
80 }
81 return 0;
82}
83
85 const char *name;
87};
88
89static struct cose_alg_desc alg_mapping[] = {
90 { "ES256K", COSE_ALGORITHM_ES256K },
91 { "SHA-512", COSE_ALGORITHM_SHA_512 },
92 { "SHA-384", COSE_ALGORITHM_SHA_384 },
93 { "ES512", COSE_ALGORITHM_ES512 },
94 { "ES384", COSE_ALGORITHM_ES384 },
95 { "ECDH-SS + HKDF-256", COSE_ALGORITHM_ECDH_SS_HKDF_256 },
96 { "SHA-512/256", COSE_ALGORITHM_SHA_512_256 },
97 { "SHA-256", COSE_ALGORITHM_SHA_256_256 },
98 { "SHA-256/64", COSE_ALGORITHM_SHA_256_64 },
99 { "SHA-1", COSE_ALGORITHM_SHA_1 },
100 { "direct+HKDF-SHA-512", COSE_ALGORITHM_HKDF_SHA_512 },
101 { "direct+HKDF-SHA-256", COSE_ALGORITHM_HKDF_SHA_256 },
102 { "EdDSA", COSE_ALGORITHM_EDDSA },
103 { "ES256", COSE_ALGORITHM_ES256 },
104 { "HMAC 256/64", COSE_ALGORITHM_HMAC256_64 },
105 { "HMAC 256/256", COSE_ALGORITHM_HMAC256_256 },
106 { "HMAC 384/384", COSE_ALGORITHM_HMAC384_384 },
107 { "HMAC 512/512", COSE_ALGORITHM_HMAC512_512 },
108 { "AES-CCM-16-64-128", COSE_ALGORITHM_AES_CCM_16_64_128 },
109 { "AES-CCM-16-64-256", COSE_ALGORITHM_AES_CCM_16_64_256 },
110 { "AES-CCM-64-64-128", COSE_ALGORITHM_AES_CCM_64_64_128 },
111 { "AES-CCM-64-64-256", COSE_ALGORITHM_AES_CCM_64_64_256 },
112 { "ChaCha20/Poly1305", COSE_ALGORITHM_CHACHA20_P1035 },
113 { "AES-CCM-16-128-128", COSE_ALGORITHM_AES_CCM_16_128_128 },
114 { "AES-CCM-16-128-256", COSE_ALGORITHM_AES_CCM_16_128_256 },
115 { "AES-CCM-64-128-128", COSE_ALGORITHM_AES_CCM_64_128_128 },
116 { "AES-CCM-64-128-256", COSE_ALGORITHM_AES_CCM_64_128_256 },
117};
118
119const char *
120cose_get_alg_name(cose_alg_t id, char *buffer, size_t buflen) {
121 for (size_t i = 0; i < sizeof(alg_mapping)/sizeof(alg_mapping[0]); i++) {
122 if (id == alg_mapping[i].id) {
123 snprintf(buffer, buflen, "%s (%d)", alg_mapping[i].name, id);
124 return buffer;
125 }
126 }
127 snprintf(buffer, buflen, "alg Fix me (%d)", id);
128 return buffer;
129}
130
132cose_get_alg_id(const char *name) {
133 for (size_t i = 0; i < sizeof(alg_mapping)/sizeof(alg_mapping[0]); i++) {
134 if (strcmp(name, alg_mapping[i].name) == 0)
135 return alg_mapping[i].id;
136 }
137 return 0;
138}
139
144
146 { "direct+HKDF-SHA-512", COSE_HKDF_ALG_HKDF_SHA_512 },
147 { "direct+HKDF-SHA-256", COSE_HKDF_ALG_HKDF_SHA_256 },
148};
149
150const char *
151cose_get_hkdf_alg_name(cose_hkdf_alg_t id, char *buffer, size_t buflen) {
152 for (size_t i = 0; i < sizeof(hkdf_alg_mapping)/sizeof(hkdf_alg_mapping[0]); i++) {
153 if (id == hkdf_alg_mapping[i].id) {
154 snprintf(buffer, buflen, "%s (%d)", hkdf_alg_mapping[i].name, id);
155 return buffer;
156 }
157 }
158 snprintf(buffer, buflen, "hkdf_alg Fix me (%d)", id);
159 return buffer;
160}
161
162/*
163 * The struct hmac_algs and the function cose_get_hmac_alg_for_hkdf() are
164 * used to determine which hmac type to use for the appropriate hkdf
165 */
173
174/*
175 * return 0 fail
176 * 1 OK
177 */
178int
180 size_t idx;
181
182 for (idx = 0; idx < sizeof(hkdf_hmacs) / sizeof(struct hkdf_hmac_algs);
183 idx++) {
184 if (hkdf_hmacs[idx].hkdf_alg == hkdf_alg) {
185 *hmac_alg = hkdf_hmacs[idx].hmac_alg;
186 return 1;
187 }
188 }
189 coap_log_debug("cose_get_hmac_alg_for_hkdf: COSE HKDF %d not supported\n",
190 hkdf_alg);
191 return 0;
192}
193
194/* return tag length belonging to cose algorithm */
195size_t
210
211/* return hash length belonging to cose algorithm */
212size_t
241
242/* return nonce length belonging to cose algorithm */
243size_t
258
259/* return key length belonging to cose algorithm */
260size_t
275
276/* Return length */
277size_t
278cose_encrypt0_encode(cose_encrypt0_t *ptr, uint8_t *buffer, size_t buf_len) {
279 size_t ret = 0;
280 size_t rem_size = buf_len;
281
282 ret += oscore_cbor_put_array(&buffer, &rem_size, 3);
283 ret += oscore_cbor_put_bytes(&buffer, &rem_size, NULL, 0);
284 /* ret += cose encode attributyes */
285 ret += oscore_cbor_put_bytes(&buffer,
286 &rem_size,
287 ptr->ciphertext.s,
288 ptr->ciphertext.length);
289 return ret;
290}
291
292/*Return status */
293int cose_encrypt0_decode(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size);
294
295/* Initiate a new COSE Encrypt0 object. */
296void
298 memset(ptr, 0, sizeof(cose_encrypt0_t));
299}
300
301void
303 ptr->alg = alg;
304}
305
306void
308 uint8_t *buffer,
309 size_t size) {
310 ptr->ciphertext.s = buffer;
311 ptr->ciphertext.length = size;
312}
313
314void
316 uint8_t *buffer,
317 size_t size) {
318 ptr->plaintext.s = buffer;
319 ptr->plaintext.length = size;
320}
321/* Return length */
323
324void
326 coap_bin_const_t *partial_iv) {
327 if (partial_iv == NULL || partial_iv->length == 0) {
328 ptr->partial_iv.s = NULL;
329 ptr->partial_iv.length = 0;
330 } else {
331 if (partial_iv->length > (int)sizeof(ptr->partial_iv_data))
332 partial_iv->length = sizeof(ptr->partial_iv_data);
333 memcpy(ptr->partial_iv_data, partial_iv->s, partial_iv->length);
334 ptr->partial_iv.s = ptr->partial_iv_data;
335 ptr->partial_iv.length = partial_iv->length;
336 }
337}
338
339/* Return length */
344
345void
347 if (key_id) {
348 ptr->key_id = *key_id;
349 } else {
350 ptr->key_id.length = 0;
351 ptr->key_id.s = NULL;
352 }
353}
354/* Return length */
355size_t
356cose_encrypt0_get_key_id(cose_encrypt0_t *ptr, const uint8_t **buffer) {
357 *buffer = ptr->key_id.s;
358 return ptr->key_id.length;
359}
360
361size_t
362cose_encrypt0_get_kid_context(cose_encrypt0_t *ptr, const uint8_t **buffer) {
363 *buffer = ptr->kid_context.s;
364 return ptr->kid_context.length;
365}
366
367void
369 coap_bin_const_t *kid_context) {
370 if (kid_context) {
371 ptr->kid_context = *kid_context;
372 } else {
373 ptr->kid_context.length = 0;
374 ptr->kid_context.s = NULL;
375 }
376}
377
378void
380 coap_bin_const_t *external_aad) {
381 if (external_aad) {
382 ptr->external_aad = *external_aad;
383 } else {
384 ptr->external_aad.length = 0;
385 ptr->external_aad.s = NULL;
386 }
387}
388
389void
391 if (aad) {
392 ptr->aad = *aad;
393 } else {
394 ptr->aad.length = 0;
395 ptr->aad.s = NULL;
396 }
397}
398
399/* Returns 1 if successfull, 0 if key is of incorrect length. */
400int
402 if (key == NULL || key->length != 16) {
403 return 0;
404 }
405
406 ptr->key = *key;
407 return 1;
408}
409
410void
412 if (nonce) {
413 ptr->nonce = *nonce;
414 } else {
415 ptr->nonce.length = 0;
416 ptr->nonce.s = NULL;
417 }
418}
419
420int
422 uint8_t *ciphertext_buffer,
423 size_t ciphertext_len) {
424 coap_crypto_param_t params;
425 size_t tag_len = cose_tag_len(ptr->alg);
426 size_t max_result_len = ptr->plaintext.length + tag_len;
427
428 if (ptr->key.s == NULL || ptr->key.length != (size_t)cose_key_len(ptr->alg)) {
429 return -1;
430 }
431 if (ptr->nonce.s == NULL ||
432 ptr->nonce.length != (size_t)cose_nonce_len(ptr->alg)) {
433 return -2;
434 }
435 if (ptr->aad.s == NULL || ptr->aad.length == 0) {
436 return -3;
437 }
438 if (ptr->plaintext.s == NULL ||
439 (ptr->plaintext.length + tag_len) > ciphertext_len) {
440 return -4;
441 }
442
443 memset(&params, 0, sizeof(params));
444 params.alg = ptr->alg;
445 params.params.aes.key = ptr->key;
446 params.params.aes.nonce = ptr->nonce.s;
447 params.params.aes.tag_len = tag_len;
448 params.params.aes.l = 15 - ptr->nonce.length;
449 if (!coap_crypto_aead_encrypt(&params,
450 &ptr->plaintext,
451 &ptr->aad,
452 ciphertext_buffer,
453 &max_result_len)) {
454 return -5;
455 }
456 return (int)max_result_len;
457}
458
459int
461 uint8_t *plaintext_buffer,
462 size_t plaintext_len) {
463 int ret_len = 0;
464 coap_crypto_param_t params;
465 size_t tag_len = cose_tag_len(ptr->alg);
466 size_t max_result_len = ptr->ciphertext.length - tag_len;
467
468 if (ptr->key.s == NULL || ptr->key.length != (size_t)cose_key_len(ptr->alg)) {
469 return -1;
470 }
471 if (ptr->nonce.s == NULL ||
472 ptr->nonce.length != (size_t)cose_nonce_len(ptr->alg)) {
473 return -2;
474 }
475 if (ptr->aad.s == NULL || ptr->aad.length == 0) {
476 return -3;
477 }
478 if (ptr->ciphertext.s == NULL ||
479 ptr->ciphertext.length > (plaintext_len + tag_len)) {
480 return -4;
481 }
482
483 memset(&params, 0, sizeof(params));
484 params.alg = ptr->alg;
485 params.params.aes.key = ptr->key;
486 params.params.aes.nonce = ptr->nonce.s;
487 params.params.aes.tag_len = tag_len;
488 params.params.aes.l = 15 - ptr->nonce.length;
489 if (!coap_crypto_aead_decrypt(&params,
490 &ptr->ciphertext,
491 &ptr->aad,
492 plaintext_buffer,
493 &max_result_len)) {
494 return -5;
495 }
496 ret_len = (int)max_result_len;
497 return ret_len;
498}
Library specific build wrapper for coap_internal.h.
int coap_crypto_aead_decrypt(const coap_crypto_param_t *params, coap_bin_const_t *data, coap_bin_const_t *aad, uint8_t *result, size_t *max_result_len)
Decrypt the provided encrypted data into plaintext.
int coap_crypto_aead_encrypt(const coap_crypto_param_t *params, coap_bin_const_t *data, coap_bin_const_t *aad, uint8_t *result, size_t *max_result_len)
Encrypt the provided plaintext data.
#define coap_log_debug(...)
Definition coap_debug.h:120
size_t oscore_cbor_put_bytes(uint8_t **buffer, size_t *buf_size, const uint8_t *bytes, size_t bytes_len)
size_t oscore_cbor_put_array(uint8_t **buffer, size_t *buf_size, size_t elements)
Definition oscore_cbor.c:92
#define COSE_ALGORITHM_ES512_HASH_LEN
void cose_encrypt0_set_plaintext(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size)
#define COSE_ALGORITHM_HMAC384_384_HASH_LEN
const char * cose_get_hkdf_alg_name(cose_hkdf_alg_t id, char *buffer, size_t buflen)
#define COSE_ALGORITHM_AES_CCM_16_128_128_NONCE_LEN
Definition oscore_cose.h:94
int cose_encrypt0_set_key(cose_encrypt0_t *ptr, coap_bin_const_t *key)
#define COSE_ALGORITHM_SHA_256_64_LEN
size_t cose_nonce_len(cose_alg_t cose_alg)
#define COSE_ALGORITHM_AES_CCM_16_128_128_TAG_LEN
Definition oscore_cose.h:95
cose_alg_t cose_get_alg_id(const char *name)
#define COSE_ALGORITHM_AES_CCM_64_128_128_TAG_LEN
Definition oscore_cose.h:91
#define COSE_ALGORITHM_AES_CCM_16_64_128_KEY_LEN
Definition oscore_cose.h:85
void cose_encrypt0_set_kid_context(cose_encrypt0_t *ptr, coap_bin_const_t *kid_context)
cose_curve_t cose_get_curve_id(const char *name)
Definition oscore_cose.c:76
#define COSE_ALGORITHM_HMAC256_64_HASH_LEN
#define COSE_ALGORITHM_AES_CCM_16_128_128_KEY_LEN
Definition oscore_cose.h:93
size_t cose_key_len(cose_alg_t cose_alg)
#define COSE_ALGORITHM_AES_CCM_16_64_128_NONCE_LEN
Definition oscore_cose.h:86
size_t cose_encrypt0_get_key_id(cose_encrypt0_t *ptr, const uint8_t **buffer)
const char * cose_get_alg_name(cose_alg_t id, char *buffer, size_t buflen)
#define COSE_ALGORITHM_HMAC512_512_HASH_LEN
int cose_get_hmac_alg_for_hkdf(cose_hkdf_alg_t hkdf_alg, cose_hmac_alg_t *hmac_alg)
coap_bin_const_t cose_encrypt0_get_partial_iv(cose_encrypt0_t *ptr)
cose_hkdf_alg_t
size_t cose_encrypt0_get_kid_context(cose_encrypt0_t *ptr, const uint8_t **buffer)
void cose_encrypt0_set_ciphertext(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size)
size_t cose_hash_len(cose_alg_t cose_alg)
int cose_encrypt0_decrypt(cose_encrypt0_t *ptr, uint8_t *plaintext_buffer, size_t plaintext_len)
#define COSE_ALGORITHM_AES_CCM_64_64_128_TAG_LEN
Definition oscore_cose.h:83
size_t cose_tag_len(cose_alg_t cose_alg)
#define COSE_ALGORITHM_HMAC256_256_HASH_LEN
#define COSE_ALGORITHM_SHA_256_256_LEN
#define COSE_ALGORITHM_AES_CCM_64_64_128_KEY_LEN
Definition oscore_cose.h:81
void cose_encrypt0_set_aad(cose_encrypt0_t *ptr, coap_bin_const_t *aad)
cose_hmac_alg_t
#define COSE_ALGORITHM_AES_CCM_64_64_128_NONCE_LEN
Definition oscore_cose.h:82
cose_curve_t
Definition oscore_cose.h:60
int cose_encrypt0_encrypt(cose_encrypt0_t *ptr, uint8_t *ciphertext_buffer, size_t ciphertext_len)
void cose_encrypt0_set_partial_iv(cose_encrypt0_t *ptr, coap_bin_const_t *partial_iv)
#define COSE_ALGORITHM_SHA_512_LEN
#define COSE_ALGORITHM_AES_CCM_16_64_128_TAG_LEN
Definition oscore_cose.h:87
cose_alg_t
#define COSE_ALGORITHM_AES_CCM_64_128_128_KEY_LEN
Definition oscore_cose.h:89
const char * cose_get_curve_name(cose_curve_t id, char *buffer, size_t buflen)
Definition oscore_cose.c:64
#define COSE_ALGORITHM_AES_CCM_64_128_128_NONCE_LEN
Definition oscore_cose.h:90
size_t cose_encrypt0_encode(cose_encrypt0_t *ptr, uint8_t *buffer, size_t buf_len)
void cose_encrypt0_set_external_aad(cose_encrypt0_t *ptr, coap_bin_const_t *external_aad)
#define COSE_ALGORITHM_SHA_512_256_LEN
void cose_encrypt0_init(cose_encrypt0_t *ptr)
void cose_encrypt0_set_alg(cose_encrypt0_t *ptr, uint8_t alg)
void cose_encrypt0_set_key_id(cose_encrypt0_t *ptr, coap_bin_const_t *key_id)
void cose_encrypt0_set_nonce(cose_encrypt0_t *ptr, coap_bin_const_t *nonce)
#define COSE_ALGORITHM_ES384_HASH_LEN
@ COSE_HKDF_ALG_HKDF_SHA_256
@ COSE_HKDF_ALG_HKDF_SHA_512
@ COSE_HMAC_ALG_HMAC256_256
@ COSE_HMAC_ALG_HMAC512_512
@ COSE_CURVE_X25519
Definition oscore_cose.h:62
@ COSE_CURVE_ED448
Definition oscore_cose.h:65
@ COSE_CURVE_P_256
Definition oscore_cose.h:61
@ COSE_CURVE_SECP256K1
Definition oscore_cose.h:66
@ COSE_CURVE_ED25519
Definition oscore_cose.h:64
@ COSE_CURVE_X448
Definition oscore_cose.h:63
@ COSE_ALGORITHM_HMAC256_256
@ COSE_ALGORITHM_AES_CCM_16_128_256
@ COSE_ALGORITHM_ECDH_SS_HKDF_256
@ COSE_ALGORITHM_HMAC512_512
@ COSE_ALGORITHM_SHA_256_64
@ COSE_ALGORITHM_SHA_512_256
@ COSE_ALGORITHM_ES384
@ COSE_ALGORITHM_AES_CCM_64_64_128
@ COSE_ALGORITHM_CHACHA20_P1035
@ COSE_ALGORITHM_HKDF_SHA_512
@ COSE_ALGORITHM_AES_CCM_16_128_128
@ COSE_ALGORITHM_AES_CCM_64_128_256
@ COSE_ALGORITHM_SHA_256_256
@ COSE_ALGORITHM_SHA_1
@ COSE_ALGORITHM_EDDSA
@ COSE_ALGORITHM_HMAC256_64
@ COSE_ALGORITHM_ES256
@ COSE_ALGORITHM_AES_CCM_64_64_256
@ COSE_ALGORITHM_HKDF_SHA_256
@ COSE_ALGORITHM_AES_CCM_16_64_128
@ COSE_ALGORITHM_ES512
@ COSE_ALGORITHM_HMAC384_384
@ COSE_ALGORITHM_SHA_512
@ COSE_ALGORITHM_AES_CCM_64_128_128
@ COSE_ALGORITHM_AES_CCM_16_64_256
@ COSE_ALGORITHM_ES256K
@ COSE_ALGORITHM_SHA_384
int cose_encrypt0_get_plaintext(cose_encrypt0_t *ptr, uint8_t **buffer)
static struct cose_alg_desc alg_mapping[]
Definition oscore_cose.c:89
static struct hkdf_hmac_algs hkdf_hmacs[]
static struct cose_hkdf_alg_desc hkdf_alg_mapping[]
static struct cose_curve_desc curve_mapping[]
Definition oscore_cose.c:54
int cose_encrypt0_decode(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size)
CoAP binary data definition with const data.
Definition coap_str.h:64
size_t length
length of binary data
Definition coap_str.h:65
const uint8_t * s
read-only binary data
Definition coap_str.h:66
size_t l
The number of bytes in the length field.
const uint8_t * nonce
must be exactly 15 - l bytes
coap_crypto_key_t key
The Key to use.
size_t tag_len
The size of the Tag.
The common structure that holds the Crypto information.
union coap_crypto_param_t::@2 params
coap_crypto_aes_ccm_t aes
Used if AES type encryption.
cose_alg_t alg
The COSE algorith to use.
cose_alg_t id
Definition oscore_cose.c:86
const char * name
Definition oscore_cose.c:85
const char * name
Definition oscore_cose.c:50
cose_curve_t id
Definition oscore_cose.c:51
coap_bin_const_t aad
coap_bin_const_t key
coap_bin_const_t ciphertext
coap_bin_const_t plaintext
coap_bin_const_t partial_iv
coap_bin_const_t kid_context
coap_bin_const_t nonce
coap_bin_const_t external_aad
coap_bin_const_t key_id
uint8_t partial_iv_data[8]
cose_alg_t alg
const char * name
cose_hkdf_alg_t id
cose_hmac_alg_t hmac_alg
cose_hkdf_alg_t hkdf_alg