esp8266ndn
NDN Arduino library for ESP8266 and more
All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
common.hpp
Go to the documentation of this file.
1#ifndef NDNPH_APP_NDNCERT_COMMON_HPP
2#define NDNPH_APP_NDNCERT_COMMON_HPP
3#ifdef NDNPH_HAVE_MBED
4
5#include "../../core/log.hpp"
6#include "../../keychain/ec.hpp"
7#include "../../packet/encrypted-message.hpp"
8#include "../../port/clock/port.hpp"
9#include "../../port/mbed-common.hpp"
10#include <mbedtls/hkdf.h>
11
12#ifdef NDNPH_NDNCERT_DEBUG
13#define NDNPH_NDNCERT_LOG(...) NDNPH_LOG_LINE("ndncert", ##__VA_ARGS__)
14#else
15#define NDNPH_NDNCERT_LOG(...) \
16 do { \
17 } while (false)
18#endif
19
20namespace ndnph {
21namespace ndncert {
22namespace detail {
23using namespace ndnph::detail;
24
25using MaxChallenges = std::integral_constant<int, 4>;
26using MaxChallengeParams = std::integral_constant<int, 2>;
27
28using SaltLen = std::integral_constant<size_t, 32>;
29using RequestIdLen = std::integral_constant<size_t, 8>;
30using AuthenticationTagLen = std::integral_constant<size_t, 16>;
31
33class SessionKey {
34public:
36 bool makeKey(const mbedtls::Mpi& ecdhPvt, const mbedtls::P256::Point& ecdhPub,
37 const uint8_t* salt, const uint8_t* requestId) {
38 mbedtls::P256::SharedSecret ikm;
39 AesGcm::Key okm;
40 return mbedtls::P256::ecdh(ecdhPvt, ecdhPub, ikm) &&
41 mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), salt, SaltLen::value,
42 ikm.data(), ikm.size(), requestId, RequestIdLen::value, okm.data(),
43 okm.size()) == 0 &&
44 m_aes.import(okm);
45 }
46
48 tlv::Value encrypt(Region& region, tlv::Value plaintext, const uint8_t* requestId) {
49 return m_aes.encrypt<Encrypted>(region, plaintext, requestId, RequestIdLen::value);
50 }
51
53 tlv::Value decrypt(Region& region, tlv::Value message, const uint8_t* requestId) {
54 Encrypted encrypted;
55 bool ok = EvDecoder::decodeValue(message.makeDecoder(),
56 EvDecoder::def<TT::InitializationVector>(&encrypted),
57 EvDecoder::def<TT::AuthenticationTag>(&encrypted),
58 EvDecoder::def<TT::EncryptedPayload>(&encrypted));
59 if (!ok) {
60 return tlv::Value();
61 }
62 return m_aes.decrypt(region, encrypted, requestId, RequestIdLen::value);
63 }
64
65private:
66 using AesGcm = mbedtls::AesGcm<128>;
67 using Encrypted =
68 EncryptedMessage<TT::InitializationVector, AesGcm::IvLen::value, TT::AuthenticationTag,
69 AesGcm::TagLen::value, TT::EncryptedPayload>;
70 AesGcm m_aes;
71};
72
73using ISigPolicy = isig::Policy<isig::Nonce<>, isig::Time<>>;
74
75inline ISigPolicy
79
80} // namespace detail
81namespace packet_struct {
82
83class ParameterKV {
84public:
85 class Parser {
86 public:
87 explicit Parser(ParameterKV& target)
88 : m_target(target) {
89 m_target.clear();
90 }
91
92 bool parseKey(const Decoder::Tlv& d) {
93 if (m_pos >= detail::MaxChallengeParams::value) {
94 return false;
95 }
96 m_target.m_kv[m_pos] = std::make_pair(tlv::Value(d.value, d.length), tlv::Value());
97 return true;
98 }
99
100 bool parseValue(const Decoder::Tlv& d) {
101 if (m_pos >= detail::MaxChallengeParams::value) {
102 return false;
103 }
104 auto key = m_target.m_kv[m_pos].first;
105 m_target.m_kv[m_pos] = std::make_pair(key, tlv::Value(d.value, d.length));
106 ++m_pos;
107 return true;
108 }
109
110 private:
111 ParameterKV& m_target;
112 size_t m_pos = 0;
113 };
114
116 tlv::Value get(tlv::Value key) const {
117 for (const auto& p : m_kv) {
118 if (p.first == key) {
119 return p.second;
120 }
121 }
122 return tlv::Value();
123 }
124
126 bool set(tlv::Value key, tlv::Value value) {
127 NDNPH_ASSERT(!!key);
128 for (auto& p : m_kv) {
129 if (!p.first) {
130 p = std::make_pair(key, value);
131 return true;
132 }
133 }
134 return false;
135 }
136
138 void clear() {
139 m_kv.fill(std::make_pair(tlv::Value(), tlv::Value()));
140 }
141
143 void encodeTo(Encoder& encoder) const {
144 for (auto it = m_kv.rbegin(); it != m_kv.rend(); ++it) {
145 if (!it->first) {
146 continue;
147 }
148 encoder.prependTlv(TT::ParameterValue, it->second);
149 encoder.prependTlv(TT::ParameterKey, it->first);
150 }
151 }
152
153private:
154 std::array<std::pair<tlv::Value, tlv::Value>, detail::MaxChallengeParams::value> m_kv;
155};
156
157struct CaProfile {
159 Name prefix;
160
162 uint32_t maxValidityPeriod = 0;
163
165 Data cert;
166};
167
168struct NewRequest {
170 mbedtls::P256::Point ecdhPub;
171
173 Data certRequest;
174};
175
176struct NewResponse {
178 mbedtls::P256::Point ecdhPub;
179
181 uint8_t salt[detail::SaltLen::value];
182
184 uint8_t requestId[detail::RequestIdLen::value];
185};
186
187template<typename ChallengeT>
188struct ChallengeRequest {
190 ChallengeT* challenge = nullptr;
191
193 ParameterKV params;
194};
195
196struct ChallengeResponse {
198 uint8_t status = Status::BEFORE_CHALLENGE;
199
201 tlv::Value challengeStatus;
202
204 uint16_t remainingTries = 0;
205
207 port::Clock::Time expireTime = {};
208
210 ParameterKV params;
211
213 Name issuedCertName;
214
216 Name fwHint;
217};
218
219} // namespace packet_struct
220} // namespace ndncert
221} // namespace ndnph
222
223#endif // NDNPH_HAVE_MBED
224#endif // NDNPH_APP_NDNCERT_COMMON_HPP
ndnph::Data
Data packet.
Definition data.hpp:136
ndnph::Decoder::Tlv
Decoded TLV.
Definition decoder.hpp:13
ndnph::Decoder::Tlv::length
size_t length
Definition decoder.hpp:39
ndnph::Decoder::Tlv::value
const uint8_t * value
Definition decoder.hpp:40
ndnph::Encoder
TLV encoder that accepts items in reverse order.
Definition encoder.hpp:10
ndnph::Encoder::prependTlv
bool prependTlv(uint32_t type, OmitEmptyTag omitEmpty, const Arg &... arg)
Prepend TLV, measuring TLV-LENGTH automatically.
Definition encoder.hpp:143
ndnph::EncryptedMessage
Encrypted message structure.
Definition encrypted-message.hpp:24
ndnph::EvDecoder::decodeValue
static bool decodeValue(const Decoder &input, const E &... defs)
Decode input TLV-VALUE with a sequence of element definitions.
Definition ev-decoder.hpp:126
ndnph::Name
Name.
Definition name.hpp:14
ndnph::Region
Region-based memory allocator thats owns memory of NDNph objects.
Definition region.hpp:9
ndnph::isig::Nonce
Require SigNonce field in Interest SigInfo.
Definition sig-info.hpp:114
ndnph::isig::Time
Require SigTime field in Interest SigInfo.
Definition sig-info.hpp:192
ndnph::mbedtls::AesGcm
AES-GCM secret key.
Definition mbed-common.hpp:270
ndnph::mbedtls::AesGcm::encrypt
tlv::Value encrypt(Region &region, tlv::Value plaintext, const uint8_t *aad=nullptr, size_t aadLen=0)
Encrypt to encrypted-message.
Definition mbed-common.hpp:309
ndnph::mbedtls::AesGcm::decrypt
tlv::Value decrypt(Region &region, const Encrypted &encrypted, const uint8_t *aad=nullptr, size_t aadLen=0)
Decrypt from encrypted-message.
Definition mbed-common.hpp:344
ndnph::mbedtls::AesGcm::import
bool import(const Key &key)
Import raw AES key.
Definition mbed-common.hpp:292
ndnph::mbedtls::AesGcm< 128 >::Key
std::array< uint8_t, keyBits/8 > Key
Definition mbed-common.hpp:273
ndnph::mbedtls::EcCurvePoint
EC point associated with a curve.
Definition mbed-common.hpp:213
ndnph::mbedtls::Mpi
Multi-Precision Integer.
Definition mbed-common.hpp:102
ndnph::mbedtls::P256::SharedSecret
std::array< uint8_t, PvtLen::value > SharedSecret
ECDH shared secret buffer.
Definition mbed-common.hpp:252
ndnph::mbedtls::P256::ecdh
static bool ecdh(const mbedtls_mpi *pvt, const mbedtls_ecp_point *pub, SharedSecret &shared)
Compute ECDH shared secret.
Definition mbed-common.hpp:255
ndnph::ndncert::detail::SessionKey
Symmetric key used in CHALLENGE step.
Definition common.hpp:33
ndnph::ndncert::detail::SessionKey::decrypt
tlv::Value decrypt(Region &region, tlv::Value message, const uint8_t *requestId)
Decrypt from encrypted-message.
Definition common.hpp:53
ndnph::ndncert::detail::SessionKey::encrypt
tlv::Value encrypt(Region &region, tlv::Value plaintext, const uint8_t *requestId)
Encrypt to encrypted-message.
Definition common.hpp:48
ndnph::ndncert::detail::SessionKey::makeKey
bool makeKey(const mbedtls::Mpi &ecdhPvt, const mbedtls::P256::Point &ecdhPub, const uint8_t *salt, const uint8_t *requestId)
Derive the key.
Definition common.hpp:36
ndnph::ndncert::packet_struct::ParameterKV::Parser
Definition common.hpp:85
ndnph::ndncert::packet_struct::ParameterKV::Parser::parseValue
bool parseValue(const Decoder::Tlv &d)
Definition common.hpp:100
ndnph::ndncert::packet_struct::ParameterKV::Parser::parseKey
bool parseKey(const Decoder::Tlv &d)
Definition common.hpp:92
ndnph::ndncert::packet_struct::ParameterKV::Parser::Parser
Parser(ParameterKV &target)
Definition common.hpp:87
ndnph::tlv::Value
A sequence of bytes, usually TLV-VALUE.
Definition value.hpp:11
ndnph::tlv::Value::makeDecoder
Decoder makeDecoder() const
Create a Decoder over this value buffer.
Definition value.hpp:64
NDNPH_ASSERT
#define NDNPH_ASSERT(x)
Definition common.hpp:30
ndnph::detail
Definition input-iterator-pointer-proxy.hpp:5
ndnph::isig::makePolicy
Policy< R... > makePolicy(R &&... rule)
Create Interest SigInfo validation policy.
Definition sig-info.hpp:312
ndnph::ndncert::Status::BEFORE_CHALLENGE
@ BEFORE_CHALLENGE
Definition an.hpp:86
ndnph::ndncert::TT::EncryptedPayload
@ EncryptedPayload
Definition an.hpp:28
ndnph::ndncert::TT::ParameterValue
@ ParameterValue
Definition an.hpp:16
ndnph::ndncert::TT::InitializationVector
@ InitializationVector
Definition an.hpp:27
ndnph::ndncert::TT::AuthenticationTag
@ AuthenticationTag
Definition an.hpp:36
ndnph::ndncert::TT::ParameterKey
@ ParameterKey
Definition an.hpp:15
ndnph::ndncert::detail::MaxChallengeParams
std::integral_constant< int, 2 > MaxChallengeParams
Definition common.hpp:26
ndnph::ndncert::detail::RequestIdLen
std::integral_constant< size_t, 8 > RequestIdLen
Definition common.hpp:29
ndnph::ndncert::detail::AuthenticationTagLen
std::integral_constant< size_t, 16 > AuthenticationTagLen
Definition common.hpp:30
ndnph::ndncert::detail::MaxChallenges
std::integral_constant< int, 4 > MaxChallenges
Definition common.hpp:25
ndnph::ndncert::detail::makeISigPolicy
ISigPolicy makeISigPolicy()
Definition common.hpp:76
ndnph::ndncert::detail::SaltLen
std::integral_constant< size_t, 32 > SaltLen
Definition common.hpp:28
ndnph
Definition fs.hpp:33
ndnph::port_clock_ino::Clock::Time
Definition ino.hpp:17
Generated by doxygen 1.9.8