1 /* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 3 /* 4 * Copyright (c) 2018, SICS, RISE AB 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the Institute nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 */ 32 33 /** 34 * @file oscore_cose.h 35 * @brief An implementation of the CBOR Object Signing and Encryption (RFC). 36 * 37 * \author 38 * Martin Gunnarsson <martin.gunnarsson@ri.se> 39 * adapted with sign1 function for libcoap 40 * Peter van der Stok <consultancy@vanderstok.org> 41 * on request of Fairhair alliance 42 * adapted for libcoap integration 43 * Jon Shallow <supjps-libcoap@jpshallow.com> 44 */ 45 46 #ifndef _OSCORE_COSE_H 47 #define _OSCORE_COSE_H 48 49 #include <stdint.h> 50 51 /** 52 * @ingroup internal_api 53 * @defgroup oscore_cose_internal OSCORE COSE Support 54 * Internal API for interfacing with OSCORE COSE 55 * @{ 56 */ 57 58 /* cose curves */ 59 60 typedef enum { 61 COSE_CURVE_P_256 = 1, /* NIST P-256 known as secp256r1 */ 62 COSE_CURVE_X25519 = 4, /* used with ECDH only */ 63 COSE_CURVE_X448 = 5, /* used with ECDH only */ 64 COSE_CURVE_ED25519 = 6, /* used with EdDSA only */ 65 COSE_CURVE_ED448 = 7, /* used with EdDSA only */ 66 COSE_CURVE_SECP256K1 = 8, /* SECG secp256k1 curve */ 67 } cose_curve_t; 68 69 typedef enum { 70 COSE_KTY_UNKNOWN, 71 COSE_KTY_OKP = 1, 72 COSE_KTY_EC2 = 2, 73 COSE_KTY_RSA = 3, 74 COSE_KTY_SYMMETRIC = 4, 75 } cose_key_type_t; 76 77 #define COSE_ALGORITHM_ED25519_SIG_LEN 64 78 #define COSE_ALGORITHM_ED25519_PRIV_KEY_LEN 32 79 #define COSE_ALGORITHM_ED25519_PUB_KEY_LEN 32 80 81 #define COSE_ALGORITHM_AES_CCM_64_64_128_KEY_LEN 16 82 #define COSE_ALGORITHM_AES_CCM_64_64_128_NONCE_LEN 7 83 #define COSE_ALGORITHM_AES_CCM_64_64_128_TAG_LEN 8 84 85 #define COSE_ALGORITHM_AES_CCM_16_64_128_KEY_LEN 16 86 #define COSE_ALGORITHM_AES_CCM_16_64_128_NONCE_LEN 13 87 #define COSE_ALGORITHM_AES_CCM_16_64_128_TAG_LEN 8 88 89 #define COSE_ALGORITHM_AES_CCM_64_128_128_KEY_LEN 16 90 #define COSE_ALGORITHM_AES_CCM_64_128_128_NONCE_LEN 7 91 #define COSE_ALGORITHM_AES_CCM_64_128_128_TAG_LEN 16 92 93 #define COSE_ALGORITHM_AES_CCM_16_128_128_KEY_LEN 16 94 #define COSE_ALGORITHM_AES_CCM_16_128_128_NONCE_LEN 13 95 #define COSE_ALGORITHM_AES_CCM_16_128_128_TAG_LEN 16 96 97 #define COSE_ALGORITHM_ES256_PRIV_KEY_LEN 24 98 #define COSE_ALGORITHM_ES256_PUB_KEY_LEN 32 99 #define COSE_ALGORITHM_ES256_SIGNATURE_LEN 64 100 #define COSE_ALGORITHM_ES256_HASH_LEN 32 101 102 #define COSE_ALGORITHM_ES384_PRIV_KEY_LEN 24 103 #define COSE_ALGORITHM_ES384_PUB_KEY_LEN 32 104 #define COSE_ALGORITHM_ES384_SIGNATURE_LEN 64 105 #define COSE_ALGORITHM_ES384_HASH_LEN 48 106 107 #define COSE_ALGORITHM_ES512_PRIV_KEY_LEN 24 108 #define COSE_ALGORITHM_ES512_PUB_KEY_LEN 32 109 #define COSE_ALGORITHM_ES512_SIGNATURE_LEN 64 110 #define COSE_ALGORITHM_ES512_HASH_LEN 64 111 112 #define COSE_ALGORITHM_ECDH_PRIV_KEY_LEN 32 113 #define COSE_ALGORITHM_ECDH_PUB_KEY_LEN 32 114 115 #define COSE_ALGORITHM_SHA_512_LEN 64 116 #define COSE_ALGORITHM_SHA_512_256_LEN 32 117 #define COSE_ALGORITHM_SHA_256_256_LEN 32 118 #define COSE_ALGORITHM_SHA_256_64_LEN 8 119 120 #define COSE_ALGORITHM_HMAC256_64_HASH_LEN 16 121 #define COSE_ALGORITHM_HMAC256_256_HASH_LEN 32 122 #define COSE_ALGORITHM_HMAC384_384_HASH_LEN 48 123 #define COSE_ALGORITHM_HMAC512_512_HASH_LEN 64 124 125 /* cose algorithms */ 126 typedef enum { 127 COSE_ALGORITHM_ES256K = -47, /* with ECC known as secp256k1 */ 128 COSE_ALGORITHM_SHA_512 = -44, 129 COSE_ALGORITHM_SHA_384 = -43, 130 COSE_ALGORITHM_ES512 = -36, /* with ECDSA */ 131 COSE_ALGORITHM_ES384 = -35, /* with ECDSA */ 132 COSE_ALGORITHM_ECDH_SS_HKDF_256 = -27, 133 COSE_ALGORITHM_SHA_512_256 = -17, 134 COSE_ALGORITHM_SHA_256_256 = -16, 135 COSE_ALGORITHM_SHA_256_64 = -15, 136 COSE_ALGORITHM_SHA_1 = -14, 137 COSE_ALGORITHM_HKDF_SHA_512 = -11, 138 COSE_ALGORITHM_HKDF_SHA_256 = -10, 139 COSE_ALGORITHM_EDDSA = -8, 140 COSE_ALGORITHM_ES256 = -7, /* with ECC known as secp256r1 */ 141 COSE_ALGORITHM_HMAC256_64 = 4, /* truncated to 64 bits */ 142 COSE_ALGORITHM_HMAC256_256 = 5, 143 COSE_ALGORITHM_HMAC384_384 = 6, 144 COSE_ALGORITHM_HMAC512_512 = 7, 145 COSE_ALGORITHM_AES_CCM_16_64_128 = 10, 146 COSE_ALGORITHM_AES_CCM_16_64_256 = 11, 147 COSE_ALGORITHM_AES_CCM_64_64_128 = 12, 148 COSE_ALGORITHM_AES_CCM_64_64_256 = 13, 149 COSE_ALGORITHM_CHACHA20_P1035 = 24, 150 COSE_ALGORITHM_AES_CCM_16_128_128 = 30, 151 COSE_ALGORITHM_AES_CCM_16_128_256 = 31, 152 COSE_ALGORITHM_AES_CCM_64_128_128 = 32, 153 COSE_ALGORITHM_AES_CCM_64_128_256 = 33, 154 } cose_alg_t; 155 156 /* cose HMAC specific algorithms */ 157 typedef enum { 158 COSE_HMAC_ALG_HMAC256_64 = 4, /* truncated to 64 bits */ 159 COSE_HMAC_ALG_HMAC256_256 = 5, 160 COSE_HMAC_ALG_HMAC384_384 = 6, 161 COSE_HMAC_ALG_HMAC512_512 = 7, 162 } cose_hmac_alg_t; 163 164 /* cose HKDF specific algorithms */ 165 typedef enum { 166 COSE_HKDF_ALG_HKDF_SHA_512 = -11, 167 COSE_HKDF_ALG_HKDF_SHA_256 = -10, 168 } cose_hkdf_alg_t; 169 170 const char *cose_get_curve_name(cose_curve_t id, char *buffer, size_t buflen); 171 cose_curve_t cose_get_curve_id(const char *name); 172 173 const char *cose_get_alg_name(cose_alg_t id, char *buffer, size_t buflen); 174 cose_alg_t cose_get_alg_id(const char *name); 175 176 const char *cose_get_hkdf_alg_name(cose_hkdf_alg_t id, char *buffer, 177 size_t buflen); 178 179 int cose_get_hmac_alg_for_hkdf(cose_hkdf_alg_t hkdf_alg, 180 cose_hmac_alg_t *hmac_alg); 181 182 /* parameter value functions */ 183 184 /* return tag length belonging to cose algorithm */ 185 size_t cose_tag_len(cose_alg_t cose_alg); 186 187 /* return hash length belonging to cose algorithm */ 188 size_t cose_hash_len(cose_alg_t cose_alg); 189 190 /* return nonce length belonging to cose algorithm */ 191 size_t cose_nonce_len(cose_alg_t cose_alg); 192 193 /* return key length belonging to cose algorithm */ 194 size_t cose_key_len(cose_alg_t cose_alg); 195 196 /* COSE Encrypt0 Struct */ 197 typedef struct cose_encrypt0_t { 198 cose_alg_t alg; 199 coap_bin_const_t key; 200 uint8_t partial_iv_data[8]; 201 /* partial_iv.s will point back to partial_iv_data if set */ 202 coap_bin_const_t partial_iv; 203 coap_bin_const_t key_id; 204 coap_bin_const_t kid_context; 205 coap_bin_const_t oscore_option; 206 coap_bin_const_t nonce; 207 coap_bin_const_t external_aad; 208 coap_bin_const_t aad; 209 coap_bin_const_t plaintext; 210 coap_bin_const_t ciphertext; 211 } cose_encrypt0_t; 212 213 /* Return length */ 214 size_t cose_encrypt0_encode(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size); 215 216 /*Return status */ 217 int cose_encrypt0_decode(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size); 218 219 /* Initiate a new COSE Encrypt0 object. */ 220 void cose_encrypt0_init(cose_encrypt0_t *ptr); 221 222 void cose_encrypt0_set_alg(cose_encrypt0_t *ptr, uint8_t alg); 223 224 void cose_encrypt0_set_plaintext(cose_encrypt0_t *ptr, uint8_t *buffer, size_t size); 225 226 void cose_encrypt0_set_ciphertext(cose_encrypt0_t *ptr, 227 uint8_t *buffer, 228 size_t size); 229 230 /* Return length */ 231 int cose_encrypt0_get_plaintext(cose_encrypt0_t *ptr, uint8_t **buffer); 232 233 void cose_encrypt0_set_partial_iv(cose_encrypt0_t *ptr, 234 coap_bin_const_t *partial_iv); 235 236 coap_bin_const_t cose_encrypt0_get_partial_iv(cose_encrypt0_t *ptr); 237 238 void cose_encrypt0_set_key_id(cose_encrypt0_t *ptr, coap_bin_const_t *key_id); 239 240 /* Return length */ 241 size_t cose_encrypt0_get_key_id(cose_encrypt0_t *ptr, const uint8_t **buffer); 242 243 void cose_encrypt0_set_external_aad(cose_encrypt0_t *ptr, 244 coap_bin_const_t *external_aad); 245 246 void cose_encrypt0_set_aad(cose_encrypt0_t *ptr, coap_bin_const_t *aad); 247 248 /* Return length */ 249 size_t cose_encrypt0_get_kid_context(cose_encrypt0_t *ptr, 250 const uint8_t **buffer); 251 252 void cose_encrypt0_set_kid_context(cose_encrypt0_t *ptr, 253 coap_bin_const_t *kid_context); 254 255 /* Returns 1 if successfull, 0 if key is of incorrect length. */ 256 int cose_encrypt0_set_key(cose_encrypt0_t *ptr, coap_bin_const_t *key); 257 258 void cose_encrypt0_set_nonce(cose_encrypt0_t *ptr, coap_bin_const_t *nonce); 259 260 int cose_encrypt0_encrypt(cose_encrypt0_t *ptr, 261 uint8_t *ciphertext_buffer, 262 size_t ciphertext_len); 263 264 int cose_encrypt0_decrypt(cose_encrypt0_t *ptr, 265 uint8_t *plaintext_buffer, 266 size_t plaintext_len); 267 268 /** @} */ 269 270 #endif /* _OSCORE_COSE_H */ 271