esp8266ndn
NDN Arduino library for ESP8266 and more
All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
common.hpp
Go to the documentation of this file.
1 #ifndef NDNPH_APP_NDNCERT_COMMON_HPP
2 #define NDNPH_APP_NDNCERT_COMMON_HPP
3 #ifdef NDNPH_HAVE_MBED
4 
5 #include "../../core/log.hpp"
6 #include "../../keychain/ec.hpp"
7 #include "../../packet/encrypted-message.hpp"
8 #include "../../port/clock/port.hpp"
9 #include "../../port/mbed-common.hpp"
10 #include <mbedtls/hkdf.h>
11 
12 #ifdef NDNPH_NDNCERT_DEBUG
13 #define NDNPH_NDNCERT_LOG(...) NDNPH_LOG_LINE("ndncert", ##__VA_ARGS__)
14 #else
15 #define NDNPH_NDNCERT_LOG(...) \
16  do { \
17  } while (false)
18 #endif
19 
20 namespace ndnph {
21 namespace ndncert {
22 namespace detail {
23 using namespace ndnph::detail;
24 
25 using MaxChallenges = std::integral_constant<int, 4>;
26 using MaxChallengeParams = std::integral_constant<int, 2>;
27 
28 using SaltLen = std::integral_constant<size_t, 32>;
29 using RequestIdLen = std::integral_constant<size_t, 8>;
30 using AuthenticationTagLen = std::integral_constant<size_t, 16>;
31 
33 class SessionKey {
34 public:
36  bool makeKey(const mbedtls::Mpi& ecdhPvt, const mbedtls::P256::Point& ecdhPub,
37  const uint8_t* salt, const uint8_t* requestId) {
38  mbedtls::P256::SharedSecret ikm;
39  AesGcm::Key okm;
40  return mbedtls::P256::ecdh(ecdhPvt, ecdhPub, ikm) &&
41  mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), salt, SaltLen::value,
42  ikm.data(), ikm.size(), requestId, RequestIdLen::value, okm.data(),
43  okm.size()) == 0 &&
44  m_aes.import(okm);
45  }
46 
48  tlv::Value encrypt(Region& region, tlv::Value plaintext, const uint8_t* requestId) {
49  return m_aes.encrypt<Encrypted>(region, plaintext, requestId, RequestIdLen::value);
50  }
51 
53  tlv::Value decrypt(Region& region, tlv::Value message, const uint8_t* requestId) {
54  Encrypted encrypted;
55  bool ok = EvDecoder::decodeValue(message.makeDecoder(),
56  EvDecoder::def<TT::InitializationVector>(&encrypted),
57  EvDecoder::def<TT::AuthenticationTag>(&encrypted),
58  EvDecoder::def<TT::EncryptedPayload>(&encrypted));
59  if (!ok) {
60  return tlv::Value();
61  }
62  return m_aes.decrypt(region, encrypted, requestId, RequestIdLen::value);
63  }
64 
65 private:
66  using AesGcm = mbedtls::AesGcm<128>;
67  using Encrypted =
68  EncryptedMessage<TT::InitializationVector, AesGcm::IvLen::value, TT::AuthenticationTag,
69  AesGcm::TagLen::value, TT::EncryptedPayload>;
70  AesGcm m_aes;
71 };
72 
73 using ISigPolicy = isig::Policy<isig::Nonce<>, isig::Time<>>;
74 
75 inline ISigPolicy
76 makeISigPolicy() {
77  return isig::makePolicy(isig::Nonce<>(), isig::Time<>());
78 }
79 
80 } // namespace detail
81 namespace packet_struct {
82 
83 class ParameterKV {
84 public:
85  class Parser {
86  public:
87  explicit Parser(ParameterKV& target)
88  : m_target(target) {
89  m_target.clear();
90  }
91 
92  bool parseKey(const Decoder::Tlv& d) {
93  if (m_pos >= detail::MaxChallengeParams::value) {
94  return false;
95  }
96  m_target.m_kv[m_pos] = std::make_pair(tlv::Value(d.value, d.length), tlv::Value());
97  return true;
98  }
99 
100  bool parseValue(const Decoder::Tlv& d) {
101  if (m_pos >= detail::MaxChallengeParams::value) {
102  return false;
103  }
104  auto key = m_target.m_kv[m_pos].first;
105  m_target.m_kv[m_pos] = std::make_pair(key, tlv::Value(d.value, d.length));
106  ++m_pos;
107  return true;
108  }
109 
110  private:
111  ParameterKV& m_target;
112  size_t m_pos = 0;
113  };
114 
116  tlv::Value get(tlv::Value key) const {
117  for (const auto& p : m_kv) {
118  if (p.first == key) {
119  return p.second;
120  }
121  }
122  return tlv::Value();
123  }
124 
126  bool set(tlv::Value key, tlv::Value value) {
127  NDNPH_ASSERT(!!key);
128  for (auto& p : m_kv) {
129  if (!p.first) {
130  p = std::make_pair(key, value);
131  return true;
132  }
133  }
134  return false;
135  }
136 
138  void clear() {
139  m_kv.fill(std::make_pair(tlv::Value(), tlv::Value()));
140  }
141 
143  void encodeTo(Encoder& encoder) const {
144  for (auto it = m_kv.rbegin(); it != m_kv.rend(); ++it) {
145  if (!it->first) {
146  continue;
147  }
148  encoder.prependTlv(TT::ParameterValue, it->second);
149  encoder.prependTlv(TT::ParameterKey, it->first);
150  }
151  }
152 
153 private:
154  std::array<std::pair<tlv::Value, tlv::Value>, detail::MaxChallengeParams::value> m_kv;
155 };
156 
157 struct CaProfile {
159  Name prefix;
160 
162  uint32_t maxValidityPeriod = 0;
163 
165  Data cert;
166 };
167 
168 struct NewRequest {
170  mbedtls::P256::Point ecdhPub;
171 
173  Data certRequest;
174 };
175 
176 struct NewResponse {
178  mbedtls::P256::Point ecdhPub;
179 
181  uint8_t salt[detail::SaltLen::value];
182 
184  uint8_t requestId[detail::RequestIdLen::value];
185 };
186 
187 template<typename ChallengeT>
188 struct ChallengeRequest {
190  ChallengeT* challenge = nullptr;
191 
193  ParameterKV params;
194 };
195 
196 struct ChallengeResponse {
198  uint8_t status = Status::BEFORE_CHALLENGE;
199 
201  tlv::Value challengeStatus;
202 
204  uint16_t remainingTries = 0;
205 
207  port::Clock::Time expireTime = {};
208 
210  ParameterKV params;
211 
213  Name issuedCertName;
214 
216  Name fwHint;
217 };
218 
219 } // namespace packet_struct
220 } // namespace ndncert
221 } // namespace ndnph
222 
223 #endif // NDNPH_HAVE_MBED
224 #endif // NDNPH_APP_NDNCERT_COMMON_HPP
ndnph::Data
Data packet.
Definition: data.hpp:136
ndnph::Decoder::Tlv
Decoded TLV.
Definition: decoder.hpp:13
ndnph::Decoder::Tlv::length
size_t length
Definition: decoder.hpp:39
ndnph::Decoder::Tlv::value
const uint8_t * value
Definition: decoder.hpp:40
ndnph::Encoder
TLV encoder that accepts items in reverse order.
Definition: encoder.hpp:10
ndnph::Encoder::prependTlv
bool prependTlv(uint32_t type, OmitEmptyTag omitEmpty, const Arg &... arg)
Prepend TLV, measuring TLV-LENGTH automatically.
Definition: encoder.hpp:143
ndnph::EncryptedMessage
Encrypted message structure.
Definition: encrypted-message.hpp:24
ndnph::EvDecoder::decodeValue
static bool decodeValue(const Decoder &input, const E &... defs)
Decode input TLV-VALUE with a sequence of element definitions.
Definition: ev-decoder.hpp:126
ndnph::Name
Name.
Definition: name.hpp:14
ndnph::Region
Region-based memory allocator thats owns memory of NDNph objects.
Definition: region.hpp:9
ndnph::isig::Nonce
Require SigNonce field in Interest SigInfo.
Definition: sig-info.hpp:114
ndnph::isig::Time
Require SigTime field in Interest SigInfo.
Definition: sig-info.hpp:192
ndnph::mbedtls::AesGcm< 128 >::Key
std::array< uint8_t, keyBits/8 > Key
Definition: mbed-common.hpp:273
ndnph::mbedtls::EcCurvePoint
EC point associated with a curve.
Definition: mbed-common.hpp:213
ndnph::mbedtls::Mpi
Multi-Precision Integer.
Definition: mbed-common.hpp:102
ndnph::mbedtls::P256::SharedSecret
std::array< uint8_t, PvtLen::value > SharedSecret
ECDH shared secret buffer.
Definition: mbed-common.hpp:252
ndnph::mbedtls::P256::ecdh
static bool ecdh(const mbedtls_mpi *pvt, const mbedtls_ecp_point *pub, SharedSecret &shared)
Compute ECDH shared secret.
Definition: mbed-common.hpp:255
ndnph::ndncert::detail::SessionKey
Symmetric key used in CHALLENGE step.
Definition: common.hpp:33
ndnph::ndncert::detail::SessionKey::decrypt
tlv::Value decrypt(Region &region, tlv::Value message, const uint8_t *requestId)
Decrypt from encrypted-message.
Definition: common.hpp:53
ndnph::ndncert::detail::SessionKey::encrypt
tlv::Value encrypt(Region &region, tlv::Value plaintext, const uint8_t *requestId)
Encrypt to encrypted-message.
Definition: common.hpp:48
ndnph::ndncert::detail::SessionKey::makeKey
bool makeKey(const mbedtls::Mpi &ecdhPvt, const mbedtls::P256::Point &ecdhPub, const uint8_t *salt, const uint8_t *requestId)
Derive the key.
Definition: common.hpp:36
ndnph::ndncert::packet_struct::ParameterKV::Parser
Definition: common.hpp:85
ndnph::ndncert::packet_struct::ParameterKV::Parser::parseValue
bool parseValue(const Decoder::Tlv &d)
Definition: common.hpp:100
ndnph::ndncert::packet_struct::ParameterKV::Parser::parseKey
bool parseKey(const Decoder::Tlv &d)
Definition: common.hpp:92
ndnph::ndncert::packet_struct::ParameterKV::Parser::Parser
Parser(ParameterKV &target)
Definition: common.hpp:87
ndnph::ndncert::packet_struct::ParameterKV
Definition: common.hpp:83
ndnph::ndncert::packet_struct::ParameterKV::set
bool set(tlv::Value key, tlv::Value value)
Set a parameter.
Definition: common.hpp:126
ndnph::ndncert::packet_struct::ParameterKV::encodeTo
void encodeTo(Encoder &encoder) const
Prepend ParameterKey-ParameterValue pairs to Encoder.
Definition: common.hpp:143
ndnph::ndncert::packet_struct::ParameterKV::clear
void clear()
Clear parameters.
Definition: common.hpp:138
ndnph::ndncert::packet_struct::ParameterKV::get
tlv::Value get(tlv::Value key) const
Retrieve parameter value by parameter key.
Definition: common.hpp:116
ndnph::tlv::Value
A sequence of bytes, usually TLV-VALUE.
Definition: value.hpp:11
ndnph::tlv::Value::makeDecoder
Decoder makeDecoder() const
Create a Decoder over this value buffer.
Definition: value.hpp:64
NDNPH_ASSERT
#define NDNPH_ASSERT(x)
Definition: common.hpp:30
ndnph::detail
Definition: input-iterator-pointer-proxy.hpp:5
ndnph::isig::makePolicy
Policy< R... > makePolicy(R &&... rule)
Create Interest SigInfo validation policy.
Definition: sig-info.hpp:312
ndnph::ndncert::Status::BEFORE_CHALLENGE
@ BEFORE_CHALLENGE
Definition: an.hpp:86
ndnph::ndncert::TT::EncryptedPayload
@ EncryptedPayload
Definition: an.hpp:28
ndnph::ndncert::TT::ParameterValue
@ ParameterValue
Definition: an.hpp:16
ndnph::ndncert::TT::InitializationVector
@ InitializationVector
Definition: an.hpp:27
ndnph::ndncert::TT::AuthenticationTag
@ AuthenticationTag
Definition: an.hpp:36
ndnph::ndncert::TT::ParameterKey
@ ParameterKey
Definition: an.hpp:15
ndnph::ndncert::detail::MaxChallengeParams
std::integral_constant< int, 2 > MaxChallengeParams
Definition: common.hpp:26
ndnph::ndncert::detail::RequestIdLen
std::integral_constant< size_t, 8 > RequestIdLen
Definition: common.hpp:29
ndnph::ndncert::detail::AuthenticationTagLen
std::integral_constant< size_t, 16 > AuthenticationTagLen
Definition: common.hpp:30
ndnph::ndncert::detail::MaxChallenges
std::integral_constant< int, 4 > MaxChallenges
Definition: common.hpp:25
ndnph::ndncert::detail::makeISigPolicy
ISigPolicy makeISigPolicy()
Definition: common.hpp:76
ndnph::ndncert::detail::SaltLen
std::integral_constant< size_t, 32 > SaltLen
Definition: common.hpp:28
ndnph
Definition: fs.hpp:33
ndnph::ndncert::packet_struct::CaProfile
Definition: common.hpp:157
ndnph::ndncert::packet_struct::CaProfile::prefix
Name prefix
CA prefix.
Definition: common.hpp:159
ndnph::ndncert::packet_struct::CaProfile::cert
Data cert
CA certificate.
Definition: common.hpp:165
ndnph::ndncert::packet_struct::ChallengeRequest
Definition: common.hpp:188
ndnph::ndncert::packet_struct::ChallengeRequest::params
ParameterKV params
Parameter key-value pairs.
Definition: common.hpp:193
ndnph::ndncert::packet_struct::ChallengeResponse
Definition: common.hpp:196
ndnph::ndncert::packet_struct::ChallengeResponse::fwHint
Name fwHint
Forwarding hint to retrieve issued certificate.
Definition: common.hpp:216
ndnph::ndncert::packet_struct::ChallengeResponse::issuedCertName
Name issuedCertName
Issued certificate full name.
Definition: common.hpp:213
ndnph::ndncert::packet_struct::ChallengeResponse::params
ParameterKV params
Parameter key-value pairs.
Definition: common.hpp:210
ndnph::ndncert::packet_struct::ChallengeResponse::challengeStatus
tlv::Value challengeStatus
Challenge status string.
Definition: common.hpp:201
ndnph::ndncert::packet_struct::NewRequest
Definition: common.hpp:168
ndnph::ndncert::packet_struct::NewRequest::ecdhPub
mbedtls::P256::Point ecdhPub
Client ECDH public key.
Definition: common.hpp:170
ndnph::ndncert::packet_struct::NewRequest::certRequest
Data certRequest
Certificate request.
Definition: common.hpp:173
ndnph::ndncert::packet_struct::NewResponse
Definition: common.hpp:176
ndnph::ndncert::packet_struct::NewResponse::ecdhPub
mbedtls::P256::Point ecdhPub
Server ECDH public key.
Definition: common.hpp:178
ndnph::port_clock_ino::Clock::Time
Definition: ino.hpp:17
Generated by doxygen 1.9.1