libcoap 4.3.5-develop-19cef11
oscore_crypto.c
Go to the documentation of this file.
1/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
3/*
4 * Copyright (c) 2018, SICS, RISE AB
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the Institute nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 */
32
47#include "coap3/coap_libcoap_build.h"
48#include <string.h>
49
50#include <stdio.h>
51
52/*
53 * return 0 fail
54 * 1 OK
55 */
56int
57oscore_hmac_hash(cose_hmac_alg_t hmac_alg,
58 coap_bin_const_t *key,
59 coap_bin_const_t *data,
60 coap_bin_const_t **hmac) {
61 if (!coap_crypto_hmac(hmac_alg, key, data, hmac)) {
62 coap_log_warn("oscore_hmac_hash: Failed hmac\n");
63 return 0;
64 }
65 return 1;
66}
67
68/*
69 * return 0 fail
70 * 1 OK
71 */
72int
73oscore_hkdf_extract(cose_hkdf_alg_t hkdf_alg,
74 coap_bin_const_t *salt,
75 coap_bin_const_t *ikm,
76 coap_bin_const_t **hkdf_extract) {
77 cose_hmac_alg_t hmac_alg;
78
79 assert(ikm);
80 if (!cose_get_hmac_alg_for_hkdf(hkdf_alg, &hmac_alg))
81 return 0;
82 if (salt == NULL || salt->s == NULL) {
83 uint8_t zeroes_data[32];
84 coap_bin_const_t zeroes;
85
86 memset(zeroes_data, 0, sizeof(zeroes_data));
87 zeroes.s = zeroes_data;
88 zeroes.length = sizeof(zeroes_data);
89
90 return oscore_hmac_hash(hmac_alg, &zeroes, ikm, hkdf_extract);
91 } else {
92 return oscore_hmac_hash(hmac_alg, salt, ikm, hkdf_extract);
93 }
94}
95
96/*
97 * return 0 fail
98 * 1 OK
99 */
100int
101oscore_hkdf_expand(cose_hkdf_alg_t hkdf_alg,
102 coap_bin_const_t *prk,
103 uint8_t *info,
104 size_t info_len,
105 uint8_t *okm,
106 size_t okm_len) {
107 size_t N = (okm_len + 32 - 1) / 32; /* ceil(okm_len/32) */
108 uint8_t *aggregate_buffer = coap_malloc_type(COAP_STRING, 32 + info_len + 1);
109 uint8_t *out_buffer =
110 coap_malloc_type(COAP_STRING, (N + 1) * 32); /* 32 extra bytes to fit the last block */
111 size_t i;
112 coap_bin_const_t data;
113 coap_bin_const_t *hkdf = NULL;
114 cose_hmac_alg_t hmac_alg;
115
116 if (!cose_get_hmac_alg_for_hkdf(hkdf_alg, &hmac_alg))
117 goto fail;
118 /* Compose T(1) */
119 memcpy(aggregate_buffer, info, info_len);
120 aggregate_buffer[info_len] = 0x01;
121
122 data.s = aggregate_buffer;
123 data.length = info_len + 1;
124 if (!oscore_hmac_hash(hmac_alg, prk, &data, &hkdf))
125 goto fail;
126 memcpy(&out_buffer[0], hkdf->s, hkdf->length);
127 coap_delete_bin_const(hkdf);
128
129 /* Compose T(2) -> T(N) */
130 memcpy(aggregate_buffer, &(out_buffer[0]), 32);
131 for (i = 1; i < N; i++) {
132 memcpy(&(aggregate_buffer[32]), info, info_len);
133 aggregate_buffer[32 + info_len] = (uint8_t)(i + 1);
134 data.s = aggregate_buffer;
135 data.length = 32 + info_len + 1;
136 if (!oscore_hmac_hash(hmac_alg, prk, &data, &hkdf))
137 goto fail;
138 memcpy(&out_buffer[i * 32], hkdf->s, hkdf->length);
139 coap_delete_bin_const(hkdf);
140 memcpy(aggregate_buffer, &(out_buffer[i * 32]), 32);
141 }
142 memcpy(okm, out_buffer, okm_len);
143 coap_free_type(COAP_STRING, out_buffer);
144 coap_free_type(COAP_STRING, aggregate_buffer);
145 return 1;
146
147fail:
148 coap_free_type(COAP_STRING, out_buffer);
149 coap_free_type(COAP_STRING, aggregate_buffer);
150 return 0;
151}
152
153/*
154 * return 0 fail
155 * 1 OK
156 */
157int
158oscore_hkdf(cose_hkdf_alg_t hkdf_alg,
159 coap_bin_const_t *salt,
160 coap_bin_const_t *ikm,
161 uint8_t *info,
162 size_t info_len,
163 uint8_t *okm,
164 size_t okm_len) {
165 int ret;
166 coap_bin_const_t *hkdf_extract = NULL;
167 if (!oscore_hkdf_extract(hkdf_alg, salt, ikm, &hkdf_extract))
168 return 0;
169 ret =
170 oscore_hkdf_expand(hkdf_alg, hkdf_extract, info, info_len, okm, okm_len);
171 coap_delete_bin_const(hkdf_extract);
172 return ret;
173}
coap_libcoap_build.h
Library specific build wrapper for coap_internal.h.
COAP_STRING
@ COAP_STRING
Definition: coap_mem.h:39
coap_malloc_type
void * coap_malloc_type(coap_memory_tag_t type, size_t size)
Allocates a chunk of size bytes and returns a pointer to the newly allocated memory.
coap_free_type
void coap_free_type(coap_memory_tag_t type, void *p)
Releases the memory that was allocated by coap_malloc_type().
coap_crypto_hmac
int coap_crypto_hmac(cose_hmac_alg_t hmac_alg, coap_bin_const_t *key, coap_bin_const_t *data, coap_bin_const_t **hmac)
Create a HMAC hash of the provided data.
coap_log_warn
#define coap_log_warn(...)
Definition: coap_debug.h:102
cose_get_hmac_alg_for_hkdf
int cose_get_hmac_alg_for_hkdf(cose_hkdf_alg_t hkdf_alg, cose_hmac_alg_t *hmac_alg)
Definition: oscore_cose.c:179
cose_hkdf_alg_t
cose_hkdf_alg_t
Definition: oscore_cose.h:165
cose_hmac_alg_t
cose_hmac_alg_t
Definition: oscore_cose.h:157
oscore_hkdf_expand
int oscore_hkdf_expand(cose_hkdf_alg_t hkdf_alg, coap_bin_const_t *prk, uint8_t *info, size_t info_len, uint8_t *okm, size_t okm_len)
Derive the key using HKDF-Expand() function.
Definition: oscore_crypto.c:101
oscore_hkdf
int oscore_hkdf(cose_hkdf_alg_t hkdf_alg, coap_bin_const_t *salt, coap_bin_const_t *ikm, uint8_t *info, size_t info_len, uint8_t *okm, size_t okm_len)
Derive the key using HKDF() function.
Definition: oscore_crypto.c:158
oscore_hmac_hash
int oscore_hmac_hash(cose_hmac_alg_t hmac_alg, coap_bin_const_t *key, coap_bin_const_t *data, coap_bin_const_t **hmac)
Derive the hmac hash using HMAC-HASH() function.
Definition: oscore_crypto.c:57
oscore_hkdf_extract
int oscore_hkdf_extract(cose_hkdf_alg_t hkdf_alg, coap_bin_const_t *salt, coap_bin_const_t *ikm, coap_bin_const_t **hkdf_extract)
Derive the pseudorandom key using HKDF-Extract() function.
Definition: oscore_crypto.c:73
coap_delete_bin_const
void coap_delete_bin_const(coap_bin_const_t *s)
Deletes the given const binary data and releases any memory allocated.
Definition: coap_str.c:120
coap_bin_const_t
CoAP binary data definition with const data.
Definition: coap_str.h:64
coap_bin_const_t::length
size_t length
length of binary data
Definition: coap_str.h:65
coap_bin_const_t::s
const uint8_t * s
read-only binary data
Definition: coap_str.h:66