Crate lakers

Source
Expand description

Implementation of EDHOC (Ephemeral Diffie-Hellman Over COSE, RFC9528), a lightweight authenticated key exchange for the Internet of Things.

The crate provides a high-level interface through the EdhocInitiator and the EdhocResponder structs. Both these wrap the lower level [State] struct that is mainly used through internal functions in the edhoc module. This separation is relevant because the lower level tools are subject of ongoing formal verification, whereas the high-level interfaces aim for good usability.

Both EdhocInitiator and EdhocResponder are used in a type stated way. Following the EDHOC protocol, they generate (or process) messages, progressively provide more information about their peer, and on eventually devolve into an EdhocInitiatorDone and EdhocResponderDone, respectively, through which the EDHOC key material can be obtained.

Structs§

CBORDecoder
Completed
ConnId
Value of C_R or C_I, as chosen by ourself or the peer.
Credential
A credential for use in EDHOC
EADItem
EdhocBuffer
A fixed-size (but parameterized) buffer for EDHOC messages.
EdhocInitiator
Starting point for performing EDHOC in the role of the Initiator.
EdhocInitiatorDone
EdhocInitiatorProcessedM2
EdhocInitiatorProcessingM2
EdhocInitiatorWaitM2
EdhocInitiatorWaitM4
EdhocMessageBuffer
An owned u8 vector of a limited length
EdhocResponder
Starting point for performing EDHOC in the role of the Responder.
EdhocResponderDone
EdhocResponderProcessedM1
EdhocResponderProcessedM3
EdhocResponderProcessingM3
EdhocResponderWaitM3
ErrCode
Representation of an EDHOC ERR_CODE
IdCred
A value of ID_CRED_x: a credential identifier.
InitiatorStart
PreparingM3
ProcessedM2
ProcessedM3
ProcessingM1
ProcessingM2
ProcessingM3
ResponderStart
WaitM2
WaitM3
WaitM4

Enums§

CBORError
CredentialKey
CredentialTransfer
CredentialType
EDHOCError
EDHOCMethod
EDHOCSuite
EdhocBufferError
IdCredType
MessageBufferError

Constants§

AES_CCM_IV_LEN
AES_CCM_KEY_LEN
AES_CCM_TAG_LEN
CBOR_BYTE_STRING
CBOR_MAJOR_ARRAY
CBOR_MAJOR_ARRAY_MAX
CBOR_MAJOR_BYTE_STRING
CBOR_MAJOR_BYTE_STRING_MAX
CBOR_MAJOR_MAP
CBOR_MAJOR_TEXT_STRING
CBOR_NEG_INT_1BYTE_END
CBOR_NEG_INT_1BYTE_START
CBOR_TEXT_STRING
CBOR_UINT_1BYTE
CBOR_UINT_1BYTE_END
CBOR_UINT_1BYTE_START
EDHOC_METHOD
EDHOC_SUITES
EDHOC_SUPPORTED_SUITES
ENCODED_VOUCHER_LEN
ENC_STRUCTURE_LEN
ID_CRED_LEN
KCCS_LABEL
KCSS_LABELDeprecated
KID_LABEL
MAC_LENGTH
MAC_LENGTH_2
MAC_LENGTH_3
MAX_BUFFER_LEN
MAX_EAD_SIZE_LEN
MAX_INFO_LEN
MAX_KDF_CONTEXT_LEN
MAX_KDF_LABEL_LEN
MAX_MESSAGE_SIZE_LEN
MAX_SUITES_LEN
P256_ELEM_LEN
SHA256_DIGEST_LEN
SUITES_LEN
SUPPORTED_SUITES_LEN

Traits§

Crypto
Interface between the lakers crate and any implementations of the required crypto primitives.
CryptoTrait
Interface between the lakers crate and any implementations of the required crypto primitives.

Functions§

credential_check_or_fetch
decode_plaintext_2
decode_plaintext_3
decode_plaintext_4
edhoc_exporter
edhoc_key_update
encode_info
generate_connection_identifier
generates an identifier that can be serialized as a single CBOR integer, i.e. -24 <= x <= 23
generate_connection_identifier_cbor
i_complete_without_message_4
i_parse_message_2
i_prepare_message_1
i_prepare_message_3
i_process_message_4
i_verify_message_2
parse_ead
parse_message_1
parse_message_2
parse_suites_i
prepare_suites_i
Returns the SUITES_I array, or an error if selected_suite is not supported.
r_complete_without_message_4
r_parse_message_3
r_prepare_message_2
r_prepare_message_4
r_process_message_1
r_verify_message_3

Type Aliases§

BufferCiphertext2
BufferCiphertext3
BufferCiphertext4
BufferCred
BufferIdCred
BufferKid
BufferMessage1
BufferMessage2
BufferMessage3
BufferMessage4
BufferPlaintext2
BufferPlaintext3
BufferPlaintext4
Bytes8
BytesCcmIvLen
BytesCcmKeyLen
BytesEad2
BytesEncStructureLen
BytesEncodedVoucher
BytesHashLen
BytesIdCred
BytesKeyAES128
BytesKeyEC2
BytesMac
BytesMac2
BytesMac3
BytesMaxBuffer
BytesMaxContextBuffer
BytesMaxInfoBuffer
BytesMaxLabelBuffeer
BytesP256ElemLen
BytesSuites
BytesSupportedSuites
EADMessageBuffer