def finalize(
self, message_three: bytes
) -> Union[Tuple[bytes, bytes, int, int], bytes]:
"""
Decodes an incoming EDHOC message 3 and finalizes the key exchange.
:param message_three: An EDHOC message 3
:return: An EDHOC error message in case the verification of the EDHOC message 3 fails or a 4-tuple containing
the initiator and responder's connection identifiers and the application AEAD and hash algorithms.
"""
self.msg_3 = MessageThree.decode(message_three)
self._internal_state = EdhocState.MSG_3_RCVD
decoded = EdhocMessage.decode(self._decrypt(self.msg_3.ciphertext))
self.cred_idi = decoded[0]
if not self._verify_signature_or_mac3(signature_or_mac3=decoded[1]):
return MessageError(err_msg='').encode()
try:
ad_3 = decoded[2]
if self.aad3_cb is not None:
self.aad3_cb(ad_3)
except IndexError:
pass
app_aead = self.cipher_suite.app_aead
app_hash = self.cipher_suite.app_hash
self._internal_state = EdhocState.EDHOC_SUCC
return self.msg_1.conn_idi, self._conn_id, app_aead.identifier, app_hash.identifier
def create_message_three(self, message_two: bytes):
self.msg_2 = MessageTwo.decode(message_two)
self._internal_state = EdhocState.MSG_2_RCVD
decoded = EdhocMessage.decode(self._decrypt(self.msg_2.ciphertext))
self.cred_idr = decoded[0]
if not self._verify_signature_or_mac2(signature_or_mac2=decoded[1]):
self._internal_state = EdhocState.EDHOC_FAIL
return MessageError(
err_msg='Signature verification failed').encode()
try:
ad_2 = decoded[2]
if self.aad2_cb is not None:
self.aad2_cb(ad_2)
except IndexError:
pass
self.msg_3 = MessageThree(self.ciphertext_3, self.conn_idr)
self._internal_state = EdhocState.MSG_3_SENT
return self.msg_3.encode(self.corr)
def create_message_two(self, message_one: bytes) -> bytes:
"""
Decodes an incoming EDHOC message 1 and creates and EDHOC message 2 or error message based on the content
of message 1.
:param message_one: Bytes representing an EDHOC message 1.
:returns: Bytes of an EDHOC message 2 or an EDHOC error message.
"""
self.msg_1 = MessageOne.decode(message_one)
self._internal_state = EdhocState.MSG_1_RCVD
if not self._verify_cipher_selection(self.msg_1.selected_cipher,
self.msg_1.cipher_suites):
self._internal_state = EdhocState.EDHOC_FAIL
return MessageError(err_msg="").encode()
if self.aad1_cb is not None:
self.aad1_cb(self.msg_1.aad1)
self._generate_ephemeral_key()
self.msg_2 = MessageTwo(self.g_y, self.conn_idr, self.ciphertext_2,
self.conn_idi)
self._internal_state = EdhocState.MSG_2_SENT
return self.msg_2.encode(self.corr)