edhoc 1.0.5 → 1.1.0

package/external/libedhoc/include/edhoc_common.h

@@ -0,0 +1,289 @@
+/**
+ * \file    edhoc_common.h
+ * \author  Kamil Kielbasa
+ * \brief   EDHOC common implementations:
+ *          - CBOR utilities.
+ *          - MAC context.
+ *          - MAC & Signature_or_MAC.
+ * \version 0.6
+ * \date    2024-08-05
+ * 
+ * \copyright Copyright (c) 2024
+ * 
+ */
+
+/* Header guard ------------------------------------------------------------ */
+#ifndef EDHOC_COMMON_H
+#define EDHOC_COMMON_H
+
+/* Include files ----------------------------------------------------------- */
+
+/* EDHOC header: */
+#include "edhoc_context.h"
+#include "edhoc_ead.h"
+#include "edhoc_credentials.h"
+
+/* Standard library headers: */
+#include <stdint.h>
+#include <stddef.h>
+#include <stdbool.h>
+
+/* Defines ----------------------------------------------------------------- */
+/* Types and type definitions ---------------------------------------------- */
+
+/** \defgroup edhoc-common-structures EDHOC common structures
+ * @{
+ */
+
+/**
+ * \brief RFC 9528:
+ *        - 5.3.2. Responder Composition of Message 2.
+ *          - context_2.
+ *        - 5.4.2. Initiator Composition of Message 3.
+ *          - context_3.
+ */
+struct mac_context {
+	/** Buffer containing cborised connection identifier. */
+	uint8_t *conn_id;
+	/** Size of the \p conn_id buffer in bytes. */
+	size_t conn_id_len;
+
+	/** Buffer containing cborised credentials identifier. */
+	uint8_t *id_cred;
+	/** Size of the \p id_cred buffer in bytes. */
+	size_t id_cred_len;
+
+	/** Is compact encoding possible? */
+	bool id_cred_is_comp_enc;
+	/** Credentials identifer encoding type. */
+	enum edhoc_encode_type id_cred_enc_type;
+	/** Buffer containing credentials identifer integer representation. */
+	int32_t id_cred_int;
+	/** Buffer containing credentials identifer byte string representation. */
+	uint8_t id_cred_bstr[CONFIG_LIBEDHOC_MAX_LEN_OF_CRED_KEY_ID + 1];
+	/** Size of the \p id_cred_bstr buffer in bytes. */
+	size_t id_cred_bstr_len;
+
+	/** Buffer containing cborised transcript hash. */
+	uint8_t *th;
+	/** Size of the \p th buffer in bytes. */
+	size_t th_len;
+
+	/** Buffer containing cborised credentials. */
+	uint8_t *cred;
+	/** Size of the \p cred buffer in bytes. */
+	size_t cred_len;
+
+	/** Is EAD attached? */
+	bool is_ead;
+	/** Buffer containing cborised EAD. */
+	uint8_t *ead;
+	/** Size of the \p ead buffer in bytes. */
+	size_t ead_len;
+
+	/** Size of the \p buf buffer in bytes. */
+	size_t buf_len;
+	/** Flexible array member buffer. */
+	uint8_t buf[];
+};
+
+/**
+ * \brief RFC 9528:
+ *        - 5.3.2. Responder Composition of Message 2.
+ *          - PLAINTEXT_2.
+ *        - 5.4.2. Initiator Composition of Message 3.
+ *          - PLAINTEXT_3.
+ */
+struct plaintext {
+	/** Authentication credentials. */
+	struct edhoc_auth_creds auth_cred;
+
+	/** Buffer containing cborised Signature_or_MAC (2/3). */
+	const uint8_t *sign_or_mac;
+	/** Size of the \p sign_or_mac buffer in bytes. */
+	size_t sign_or_mac_len;
+
+	/** Buffer containing cborised EAD (2/3). */
+	const uint8_t *ead;
+	/** Size of the \p ead buffer in bytes. */
+	size_t ead_len;
+};
+
+/**@}*/
+
+/* Module interface variables and constants -------------------------------- */
+/* Extern variables and constant declarations ------------------------------ */
+/* Module interface function declarations ---------------------------------- */
+
+/** \defgroup edhoc-common-cbor EDHOC common CBOR
+ * @{
+ */
+
+/** 
+ * \brief CBOR integer memory requirements.
+ *
+ * \param value                         Raw integer value.
+ *
+ * \return Number of bytes.
+ */
+size_t edhoc_cbor_int_mem_req(int32_t value);
+
+/** 
+ * \brief CBOR text stream overhead.
+ *
+ * \param length                        Length of buffer to CBOR as tstr.
+ *
+ * \return Number of overhead bytes.
+ */
+size_t edhoc_cbor_tstr_oh(size_t length);
+
+/** 
+ * \brief CBOR byte stream overhead.
+ *
+ * \param length                        Length of buffer to CBOR as bstr.
+ *
+ * \return Number of overhead bytes.
+ */
+size_t edhoc_cbor_bstr_oh(size_t length);
+
+/** 
+ * \brief CBOR map overhead.
+ *
+ * \param items                         Number of items for map.
+ *
+ * \return Number of overhead bytes.
+ */
+size_t edhoc_cbor_map_oh(size_t items);
+
+/** 
+ * \brief CBOR array overhead.
+ *
+ * \param items                         Number of items for array.
+ *
+ * \return Number of overhead bytes.
+ */
+size_t edhoc_cbor_array_oh(size_t items);
+
+/**@}*/
+
+/** \defgroup edhoc-common-mac-context EDHOC common MAC context
+ * @{
+ */
+
+/**
+ * \brief Compute required buffer length for MAC 2/3 context.
+ * 
+ * \param[in] edhoc_context             EDHOC context.
+ * \param[in] credentials               Authentication credentials.
+ * \param[out] mac_context_length       On success, number of bytes that make up MAC context.
+ *
+ * \return EDHOC_SUCCESS on success, otherwise failure.
+ */
+int edhoc_comp_mac_context_length(const struct edhoc_context *edhoc_context,
+				  const struct edhoc_auth_creds *credentials,
+				  size_t *mac_context_length);
+
+/**
+ * \brief Cborise items required by MAC 2/3 context.
+ * 
+ * \param[in] edhoc_context             EDHOC context.
+ * \param[in] credentials               Authentication credentials.
+ * \param[out] mac_context              On success, generated MAC context.
+ *
+ * \return EDHOC_SUCCESS on success, otherwise failure.
+ */
+int edhoc_comp_mac_context(const struct edhoc_context *edhoc_context,
+			   const struct edhoc_auth_creds *credentials,
+			   struct mac_context *mac_context);
+
+/**@}*/
+
+/** \defgroup edhoc-common-sign-or-mac EDHOC common Signature_or_MAC
+ * @{
+ */
+
+/**
+ * \brief Compute required buffer length for MAC 2/3.
+ * 
+ * \param[in] edhoc_context             EDHOC context.
+ * \param[out] mac_length               On success, number of bytes that make up
+ *                                      MAC 2/3 length requirements.
+ *
+ * \return EDHOC_SUCCESS on success, otherwise failure.
+ */
+int edhoc_comp_mac_length(const struct edhoc_context *edhoc_context,
+			  size_t *mac_length);
+
+/**
+ * \brief Compute MAC 2/3 buffer.
+ * 
+ * \param[in] edhoc_context             EDHOC context.                 
+ * \param[in] mac_context               MAC context.
+ * \param[out] mac                      Buffer where the generated MAC 2/3 is to be written.
+ * \param mac_length                    Size of the \p mac buffer in bytes.
+ *
+ * \return EDHOC_SUCCESS on success, otherwise failure.
+ */
+int edhoc_comp_mac(const struct edhoc_context *edhoc_context,
+		   const struct mac_context *mac_context, uint8_t *mac,
+		   size_t mac_length);
+
+/**
+ * \brief Compute required buffer length for Signature_or_MAC 2/3.
+ * 
+ * \param[in] edhoc_context             EDHOC context.
+ * \param[out] sign_or_mac_length       On success, number of bytes that make up
+ *                                      Signature_or_MAC 2/3 length requirements.
+ *
+ * \return EDHOC_SUCCESS on success, otherwise failure.
+ */
+int edhoc_comp_sign_or_mac_length(const struct edhoc_context *edhoc_context,
+				  size_t *sign_or_mac_length);
+
+/**
+ * \brief Compute Signature_or_MAC 2/3 buffer.
+ * 
+ * \param[in] edhoc_context             EDHOC context.
+ * \param[in] cred                      Authentication credentials.
+ * \param[in] mac_context               MAC context.
+ * \param[in] mac                       Buffer containing the MAC 2/3.
+ * \param[in] mac_len                   Size of the \p mac buffer in bytes.
+ * \param[out] signature                Buffer where the generated 
+ *                                      Signature_or_MAC 2/3 is to be written.
+ * \param signature_size                Size of the \p signature buffer in bytes.
+ * \param[out] signature_length         On success, the number of bytes that make
+ *                                      up the Signature_or_MAC 2/3.
+ *
+ * \return EDHOC_SUCCESS on success, otherwise failure.
+ */
+int edhoc_comp_sign_or_mac(const struct edhoc_context *edhoc_context,
+			   const struct edhoc_auth_creds *cred,
+			   const struct mac_context *mac_context,
+			   const uint8_t *mac, size_t mac_len,
+			   uint8_t *signature, size_t signature_size,
+			   size_t *signature_length);
+
+/**
+ * \brief Verify Signature_or_MAC 2/3 buffer.
+ * 
+ * \param[in] edhoc_context             EDHOC context.
+ * \param[in] mac_context               MAC context.
+ * \param[in] public_key                Buffer containing authentication public key.
+ * \param public_key_length             Size of the \p public_key buffer in bytes.
+ * \param[in] signature                 Buffer containing Signature_or_MAC 2/3.
+ * \param signature_length              Size of the \p signature buffer in bytes.
+ * \param[in] mac                       Buffer containing MAC 2/3.
+ * \param mac_length                    Size of the \p mac buffer in bytes.
+ *
+ * \return EDHOC_SUCCESS on success, otherwise failure.
+ */
+int edhoc_verify_sign_or_mac(const struct edhoc_context *edhoc_context,
+			     const struct mac_context *mac_context,
+			     const uint8_t *public_key,
+			     size_t public_key_length, const uint8_t *signature,
+			     size_t signature_length, const uint8_t *mac,
+			     size_t mac_length);
+
+/**@}*/
+
+#endif /* EDHOC_COMMON_H */

package/external/libedhoc/include/edhoc_context.h

@@ -2,8 +2,8 @@
  * \file    edhoc_context.h
  * \author  Kamil Kielbasa
  * \brief   EDHOC context.
- * \version 0.4
- * \date    2024-01-01
+ * \version 0.6
+ * \date    2024-08-05
  * 
  * \copyright Copyright (c) 2024
  * 
@@ -29,39 +29,36 @@
 
 /* Defines ----------------------------------------------------------------- */
 
-/* Maximum length in bytes of key identifier used for cryptographics keys. */
-#ifndef EDHOC_KID_LEN
-#error "Lack of defined key ID length"
+#ifndef CONFIG_LIBEDHOC_ENABLE
+#error "Library has not been enabled."
 #endif
 
-/* Maximum number of cipher suites available to store in context. */
-#ifndef EDHOC_MAX_CSUITES_LEN
-#error "Lack of defined cipher suites length"
+#ifndef CONFIG_LIBEDHOC_KEY_ID_LEN
+#error "Lack of defined key identifier length in bytes."
 #endif
 
-/* Maximum length in bytes of connection identifier encoded as byte string. */
-#ifndef EDHOC_MAX_CID_LEN
-#error "Lack of defined connection ID length"
+#ifndef CONFIG_LIBEDHOC_MAX_NR_OF_CIPHER_SUITES
+#error "Lack of defined maximum number of cipher suites in chain for negotiation."
 #endif
 
-/* Maximum length in bytes of ECC point. */
-#ifndef EDHOC_MAX_ECC_KEY_LEN
-#error "Lack of defined length for ellipic curve point X coordinate"
+#ifndef CONFIG_LIBEDHOC_MAX_LEN_OF_CONN_ID
+#error "Lack of defined maximum length of connection identifier in bytes."
 #endif
 
-/* Maximum length in bytes of PRK and TH buffer. */
-#ifndef EDHOC_MAX_MAC_LEN
-#error "Lack of defined hash length"
+#ifndef CONFIG_LIBEDHOC_MAX_LEN_OF_ECC_KEY
+#error "Lack of defined maximum length of ECC (Elliptic Curve Cryptography) key in bytes."
 #endif
 
-/* Maximum number of EAD tokens available to store in context. */
-#ifndef EDHOC_MAX_NR_OF_EAD_TOKENS
-#error "Lack of defined external authorization data"
+#ifndef CONFIG_LIBEDHOC_MAX_LEN_OF_MAC
+#error "Lack of defined maximum length of hash in bytes."
 #endif
 
-/* Maximum number of certifices in COSE X.509 chain. */
-#ifndef EDHOC_MAX_NR_OF_CERTS_IN_X509_CHAIN
-#error "Lack of defined maximum number of certificates in COSE X.509 chain"
+#ifndef CONFIG_LIBEDHOC_MAX_NR_OF_EAD_TOKENS
+#error "Lack of defined maximum number of EAD (External Authorization Data) tokens."
+#endif
+
+#ifndef CONFIG_LIBEDHOC_MAX_NR_OF_CERTS_IN_X509_CHAIN
+#error "Lack of defined maximum number of certificates in X.509 chain."
 #endif
 
 /* Types and type definitions ---------------------------------------------- */
@@ -70,6 +67,16 @@
  * @{
  */
 
+/**
+ * \brief RFC 9528: 2. EDHOC Outline.
+ */
+enum edhoc_role {
+	/** EDHOC role - initiator. */
+	EDHOC_INITIATOR,
+	/** EDHOC role - responder. */
+	EDHOC_RESPONDER,
+};
+
 /**
  * \brief RFC 9528: Appendix I. Example Protocol State Machine.
  */
@@ -125,6 +132,8 @@ enum edhoc_method {
 	EDHOC_METHOD_2 = 2,
 	/** Initiator static DH Key to responder static DH Key. */
 	EDHOC_METHOD_3 = 3,
+	/** Sanity check maximum. */
+	EDHOC_METHOD_MAX,
 };
 
 /**
@@ -190,7 +199,7 @@ struct edhoc_connection_id {
 	int8_t int_value;
 
 	/** Connection identifier as cbor byte string buffer. */
-	uint8_t bstr_value[EDHOC_MAX_CID_LEN + 1];
+	uint8_t bstr_value[CONFIG_LIBEDHOC_MAX_LEN_OF_CONN_ID + 1];
 	/** Size of the \p bstr_value buffer in bytes. */
 	size_t bstr_length;
 };
@@ -230,15 +239,26 @@ struct edhoc_error_info {
  * \brief EDHOC context.
  */
 struct edhoc_context {
-	/** EDHOC method. */
-	enum edhoc_method EDHOC_PRIVATE(method);
+	/** EDHOC chosen method. */
+	enum edhoc_method EDHOC_PRIVATE(chosen_method);
+
+	/** EDHOC supported methods. */
+	enum edhoc_method EDHOC_PRIVATE(method[EDHOC_METHOD_MAX]);
+	/** Length of the \p method buffer. */
+	size_t EDHOC_PRIVATE(method_len);
 
 	/** EDHOC cipher suite chosen index. */
 	size_t EDHOC_PRIVATE(chosen_csuite_idx);
 	/** EDHOC cipher suite buffer. */
-	struct edhoc_cipher_suite EDHOC_PRIVATE(csuite)[EDHOC_MAX_CSUITES_LEN];
+	struct edhoc_cipher_suite
+		EDHOC_PRIVATE(csuite)[CONFIG_LIBEDHOC_MAX_NR_OF_CIPHER_SUITES];
 	/** Length of the \p csuite buffer. */
 	size_t EDHOC_PRIVATE(csuite_len);
+	/** EDHOC peer cipher suite buffer. */
+	struct edhoc_cipher_suite EDHOC_PRIVATE(
+		peer_csuite)[CONFIG_LIBEDHOC_MAX_NR_OF_CIPHER_SUITES];
+	/** Length of the \p peer_csuite buffer. */
+	size_t EDHOC_PRIVATE(peer_csuite_len);
 
 	/** EDHOC connection identifier. */
 	struct edhoc_connection_id EDHOC_PRIVATE(cid);
@@ -246,20 +266,21 @@ struct edhoc_context {
 	struct edhoc_connection_id EDHOC_PRIVATE(peer_cid);
 
 	/** EDHOC ephemeral Diffie-Hellman public key. */
-	uint8_t EDHOC_PRIVATE(dh_pub_key)[EDHOC_MAX_ECC_KEY_LEN];
+	uint8_t EDHOC_PRIVATE(dh_pub_key)[CONFIG_LIBEDHOC_MAX_LEN_OF_ECC_KEY];
 	/** Size of the \p dh_pub_key buffer in bytes. */
 	size_t EDHOC_PRIVATE(dh_pub_key_len);
 	/** EDHOC ephemeral Diffie-Hellman private key. */
-	uint8_t EDHOC_PRIVATE(dh_priv_key)[EDHOC_MAX_ECC_KEY_LEN];
+	uint8_t EDHOC_PRIVATE(dh_priv_key)[CONFIG_LIBEDHOC_MAX_LEN_OF_ECC_KEY];
 	/** Size of the \p dh_priv_key buffer in bytes. */
 	size_t EDHOC_PRIVATE(dh_priv_key_len);
 
 	/** EDHOC ephemeral Diffie-Hellman peer public key. */
-	uint8_t EDHOC_PRIVATE(dh_peer_pub_key)[EDHOC_MAX_ECC_KEY_LEN];
+	uint8_t EDHOC_PRIVATE(
+		dh_peer_pub_key)[CONFIG_LIBEDHOC_MAX_LEN_OF_ECC_KEY];
 	/** Size of the \p dh_peer_pub_key buffer in bytes. */
 	size_t EDHOC_PRIVATE(dh_peer_pub_key_len);
 	/** EDHOC ephemeral Diffie-Hellman key agreement. */
-	uint8_t EDHOC_PRIVATE(dh_secret)[EDHOC_MAX_ECC_KEY_LEN];
+	uint8_t EDHOC_PRIVATE(dh_secret)[CONFIG_LIBEDHOC_MAX_LEN_OF_ECC_KEY];
 	/** Size of the \p dh_secret buffer in bytes. */
 	size_t EDHOC_PRIVATE(dh_secret_len);
 
@@ -269,18 +290,22 @@ struct edhoc_context {
 	bool EDHOC_PRIVATE(is_oscore_export_allowed);
 	/** EDHOC context state machine. */
 	enum edhoc_state_machine EDHOC_PRIVATE(status);
+	/** Current processing EDHOC message. */
+	enum edhoc_message EDHOC_PRIVATE(message);
+	/** EDHOC role. */
+	enum edhoc_role EDHOC_PRIVATE(role);
 
 	/** EDHOC context transcript hash state. */
 	enum edhoc_th_state EDHOC_PRIVATE(th_state);
 	/** EDHOC context transcript hash buffer. */
-	uint8_t EDHOC_PRIVATE(th)[EDHOC_MAX_MAC_LEN];
+	uint8_t EDHOC_PRIVATE(th)[CONFIG_LIBEDHOC_MAX_LEN_OF_MAC];
 	/** Size of the \p th buffer in bytes. */
 	size_t EDHOC_PRIVATE(th_len);
 
 	/** EDHOC context pseudorandom key state. */
 	enum edhoc_prk_state EDHOC_PRIVATE(prk_state);
 	/** EDHOC context pseudorandom key buffer. */
-	uint8_t EDHOC_PRIVATE(prk)[EDHOC_MAX_MAC_LEN];
+	uint8_t EDHOC_PRIVATE(prk)[CONFIG_LIBEDHOC_MAX_LEN_OF_MAC];
 	/** Size of the \p prk buffer in bytes. */
 	size_t EDHOC_PRIVATE(prk_len);
 
@@ -294,8 +319,8 @@ struct edhoc_context {
 	struct edhoc_credentials EDHOC_PRIVATE(cred);
 
 	/** EDHOC EAD tokens buffer. */
-	struct edhoc_ead_token
-		EDHOC_PRIVATE(ead_token)[EDHOC_MAX_NR_OF_EAD_TOKENS + 1];
+	struct edhoc_ead_token EDHOC_PRIVATE(
+		ead_token)[CONFIG_LIBEDHOC_MAX_NR_OF_EAD_TOKENS + 1];
 	/** Length of the \p ead_token buffer. */
 	size_t EDHOC_PRIVATE(nr_of_ead_tokens);
 

package/external/libedhoc/include/edhoc_credentials.h

@@ -2,8 +2,8 @@
  * \file    edhoc_credentials.h
  * \author  Kamil Kielbasa
  * \brief   EDHOC authentication credentials interface.
- * \version 0.4
- * \date    2024-01-01
+ * \version 0.6
+ * \date    2024-08-05
  * 
  * \copyright Copyright (c) 2024
  * 
@@ -19,6 +19,19 @@
 #include <stdbool.h>
 
 /* Defines ----------------------------------------------------------------- */
+
+#ifndef CONFIG_LIBEDHOC_ENABLE
+#error "Library has not been enabled."
+#endif
+
+#ifndef CONFIG_LIBEDHOC_MAX_LEN_OF_CRED_KEY_ID
+#error "Lack of defined maximum length of authentication credentials key identifier in bytes."
+#endif
+
+#ifndef CONFIG_LIBEDHOC_MAX_LEN_OF_HASH_ALG
+#error "Lack of defined maximum length of authentication credentials hash algorithm in bytes."
+#endif
+
 /* Types and type definitions ---------------------------------------------- */
 
 /** \defgroup edhoc-interface-credentials EDHOC interface credentials
@@ -41,6 +54,8 @@ enum edhoc_encode_type {
  * \ref https://www.iana.org/assignments/cose/cose.xhtml
  */
 enum edhoc_cose_header {
+	/** Any authentication credentials. */
+	EDHOC_COSE_ANY = -65537,
 	/** Authentication credentials identified by key identifier. */
 	EDHOC_COSE_HEADER_KID = 4,
 	/** Authentication credentials identified by an ordered chain of X.509 certificates. */
@@ -84,7 +99,7 @@ struct edhoc_auth_cred_key_id {
 	int32_t key_id_int;
 
 	/** Key identifier as cbor byte string buffer. */
-	uint8_t key_id_bstr[EDHOC_CRED_KEY_ID_LEN + 1];
+	uint8_t key_id_bstr[CONFIG_LIBEDHOC_MAX_LEN_OF_CRED_KEY_ID + 1];
 	/** Size of the \p key_id_bstr buffer in bytes. */
 	size_t key_id_bstr_length;
 };
@@ -106,9 +121,9 @@ struct edhoc_auth_cred_x509_chain {
 	/** Number of certificates in chain. */
 	size_t nr_of_certs;
 	/** Certificates references. */
-	const uint8_t *cert[EDHOC_MAX_NR_OF_CERTS_IN_X509_CHAIN];
+	const uint8_t *cert[CONFIG_LIBEDHOC_MAX_NR_OF_CERTS_IN_X509_CHAIN];
 	/** Sizes of the \p cert references in bytes. */
-	size_t cert_len[EDHOC_MAX_NR_OF_CERTS_IN_X509_CHAIN];
+	size_t cert_len[CONFIG_LIBEDHOC_MAX_NR_OF_CERTS_IN_X509_CHAIN];
 };
 
 /**
@@ -148,17 +163,48 @@ struct edhoc_auth_cred_x509_hash {
 	int32_t alg_int;
 
 	/** Fingerprint algorithm as cbor byte string buffer. */
-	uint8_t alg_bstr[EDHOC_CRED_X509_HASH_ALG_LEN + 1];
+	uint8_t alg_bstr[CONFIG_LIBEDHOC_MAX_LEN_OF_HASH_ALG + 1];
 	/** Size of the \p alg_bstr buffer in bytes. */
 	size_t alg_bstr_length;
 };
 
+/**
+ * \brief Any authentication credentials.
+ *   
+ * \note Application developer is responsible for correct
+ *       CBOR encoding (compact if required) and decoding.
+ */
+struct edhoc_auth_cred_any {
+	/** Buffer containing identification and optionally transport the credentials.
+	 *  RFC 9528: 2. EDHOC Outline: ID_CRED_I & ID_CRED_R. */
+	const uint8_t *id_cred;
+	/** Size of the \p id_cred buffer in bytes. */
+	size_t id_cred_len;
+
+	/** Is compact encoding of ID_CRED ?
+	 *  RFC 9528: 3.5.3.2. Compact Encoding of ID_CRED Fields for 'kid'. */
+	bool is_id_cred_comp_enc;
+	/** Encoding type of ID_CRED. */
+	enum edhoc_encode_type encode_type;
+
+	/** Buffer containing compact encoded identification. */
+	const uint8_t *id_cred_comp_enc;
+	/** Size of the \p id_cred_comp_enc buffer in bytes. */
+	size_t id_cred_comp_enc_length;
+
+	/** Buffer containing authentication credentials containing the public authentication keys.
+	 *  RFC 9528: 2. EDHOC Outline: CRED_I & CRED_R. */
+	const uint8_t *cred;
+	/** Size of the \p cred buffer in bytes. */
+	size_t cred_len;
+};
+
 /**
  * \brief Common structure for different authentication credentials methods.
  */
 struct edhoc_auth_creds {
 	/** Private signature or static DH key. */
-	uint8_t priv_key_id[EDHOC_KID_LEN];
+	uint8_t priv_key_id[CONFIG_LIBEDHOC_KEY_ID_LEN];
 
 	/** COSE IANA label. */
 	enum edhoc_cose_header label;
@@ -169,6 +215,8 @@ struct edhoc_auth_creds {
 		struct edhoc_auth_cred_x509_chain x509_chain;
 		/** X.509 hash authentication structure. */
 		struct edhoc_auth_cred_x509_hash x509_hash;
+		/** User defined authentication credentials structure. */
+		struct edhoc_auth_cred_any any;
 	};
 };
 

package/external/libedhoc/include/edhoc_crypto.h

@@ -2,8 +2,8 @@
  * \file    edhoc_crypto.h
  * \author  Kamil Kielbasa
  * \brief   EDHOC cryptographic interface.
- * \version 0.4
- * \date    2024-01-01
+ * \version 0.6
+ * \date    2024-08-05
  * 
  * \copyright Copyright (c) 2024
  * 
@@ -50,7 +50,7 @@ enum edhoc_key_type {
 };
 
 /**
- * \brief Cryptographic function for key identifier generation.
+ * \brief Cryptographic function for import of key identifier.
  *
  * \param[in] user_context		User context.
  * \param key_type                      Requested key type.
@@ -60,13 +60,13 @@ enum edhoc_key_type {
  *
  * \return EDHOC_SUCCESS on success, otherwise failure.
  */
-typedef int (*edhoc_generate_key_t)(void *user_context,
-				    enum edhoc_key_type key_type,
-				    const uint8_t *raw_key,
-				    size_t raw_key_length, void *key_id);
+typedef int (*edhoc_import_key_t)(void *user_context,
+				  enum edhoc_key_type key_type,
+				  const uint8_t *raw_key, size_t raw_key_length,
+				  void *key_id);
 
 /**
- * \brief Cryptographic function for key identifier destroying.
+ * \brief Cryptographic function for destroy of key identifier.
  *
  * \param[in] user_context		User context.
  * \param[in] key_id                    Key identifier.
@@ -79,8 +79,8 @@ typedef int (*edhoc_destroy_key_t)(void *user_context, void *key_id);
  * \brief Bind structure for cryptographic key identifiers.
  */
 struct edhoc_keys {
-	/** Generate cryptographic key callback. */
-	edhoc_generate_key_t generate_key;
+	/** Import cryptographic key callback. */
+	edhoc_import_key_t import_key;
 	/** Destroy cryptographic key callback. */
 	edhoc_destroy_key_t destroy_key;
 };