def cipher_suite(self) -> CipherSuite:
if self.msg_1 is None:
raise EdhocException("Message 1 not received. Cannot derive selected cipher suite.")
else:
if not self._verify_cipher_selection(self.msg_1.selected_cipher, self.msg_1.cipher_suites):
raise EdhocException("Invalid cipher suite setup")
return CipherSuite(self.msg_1.selected_cipher)
def method(self):
""" Get the EDHOC method value for the method_corr parameter in EDHOC message 1. """
if self.msg_1 is None:
raise EdhocException("Message 1 not received. Cannot derive selected cipher suite.")
return (self.msg_1.method_corr - self.corr) // 4
async def render_post(self, request):
if self.resp.edhoc_state == EdhocState.EDHOC_WAIT:
logging.info("POST (%s) %s", self.resp.edhoc_state, request.payload)
msg_2 = self.resp.create_message_two(request.payload)
# assert msg_2 == unhexlify(_msg_2)
logging.info("CHANGED (%s) %s", self.resp.edhoc_state, msg_2)
return aiocoap.Message(code=aiocoap.Code.CHANGED, payload=msg_2)
elif self.resp.edhoc_state == EdhocState.MSG_2_SENT:
logging.info("POST (%s) %s", self.resp.edhoc_state, request.payload)
conn_idi, conn_idr, aead, hashf = self.resp.finalize(request.payload)
logging.info('EDHOC key exchange successfully completed:')
logging.info(f" - connection IDr: {conn_idr}")
logging.info(f" - connection IDi: {conn_idi}")
logging.info(f" - aead algorithm: {aead}")
logging.info(f" - hash algorithm: {hashf}")
logging.info(f" - OSCORE secret : {self.resp.exporter('OSCORE Master Secret', 16)}")
logging.info(f" - OSCORE salt : {self.resp.exporter('OSCORE Master Salt', 8)}")
# initialize new Responder object
self.resp = self.create_responder()
return aiocoap.Message(code=aiocoap.Code.CHANGED)
else:
raise EdhocException(f"Illegal state: {self.resp.edhoc_state}")
def from_id(cls, identifier: Any) -> Any:
if isinstance(identifier, int) and identifier in cls.get_registered_ciphersuites():
return cls.get_registered_ciphersuites()[identifier]
elif isinstance(identifier, str) and identifier in cls.get_registered_ciphersuites():
return cls.get_registered_ciphersuites()[identifier.upper()]
elif hasattr(identifier, 'identifier') and identifier.identifier in cls.get_registered_ciphersuites():
return cls.get_registered_ciphersuites()[identifier.identifier]
else:
raise EdhocException(f"Unknown EDHOC cipher suite: {identifier}")
def _parse_credentials(
cred: Union[RPK,
'Certificate']) -> Tuple[Union[Certificate, RPK], RPK]:
"""
Internal helper function that parser credentials and extracts the public key.
"""
if isinstance(cred, EC2Key) or isinstance(cred, OKPKey):
cred, auth_key = cred, cred
elif isinstance(cred, Certificate):
cred, auth_key = cred, cred.public_key().public_bytes(
serialization.Encoding.Raw, serialization.PublicFormat.Raw)
elif isinstance(cred, tuple):
cred, auth_key = cred
else:
raise EdhocException("Invalid credentials")
return cred, auth_key
def decode(cls, received: bytes) -> 'MessageOne':
"""
Tries to decode the bytes as an EDHOC MessageOne.
:param received: Bytes to decode.
:raises EdhocInvalidMessage: Decoding routine for MessageOne failed.
:returns: An EDHOC MessageOne object.
"""
decoded = super().decode(received)
method_corr = decoded[cls.METHOD_CORR]
if isinstance(decoded[cls.CIPHERS], int):
selected_cipher = decoded[cls.CIPHERS]
supported_ciphers = [decoded[cls.CIPHERS]]
elif isinstance(decoded[cls.CIPHERS], list):
selected_cipher = decoded[cls.CIPHERS][0]
supported_ciphers = decoded[cls.CIPHERS][1:]
else:
raise EdhocException("Failed to decode bytes as MessageOne")
g_x = decoded[cls.G_X]
if decoded[cls.CONN_ID] != b'':
if isinstance(decoded[cls.CONN_ID], int):
conn_idi = EdhocMessage.decode_bstr_id(decoded[cls.CONN_ID])
else:
conn_idi = decoded[cls.CONN_ID]
else:
conn_idi = b''
msg = cls(method_corr=method_corr,
selected_cipher=selected_cipher,
cipher_suites=supported_ciphers,
g_x=g_x,
conn_idi=conn_idi)
try:
msg.aad1 = decoded[cls.AAD1]
except IndexError:
pass
return msg