npm - edhoc - Versions diffs - 1.0.5 → 1.1.0 - Mend

edhoc 1.0.5 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (313) hide show

package/src/Suites.cpp CHANGED Viewed

@@ -5,13 +5,11 @@ static const struct edhoc_cipher_suite edhoc_cipher_suite_0 = {
     .value = 0,             // Suite identifier 0
     .aead_key_length = 16,  // Key length for AES-CCM-16-64-128 (16 bytes)
     .aead_tag_length = 8,   // Authentication tag length for AES-CCM (8 bytes)
-    .aead_iv_length =
-        13,             // Initialization vector length for AES-CCM (13 bytes)
-    .hash_length = 32,  // Output length for SHA-256 (32 bytes)
-    .mac_length = 8,    // MAC length (8 bytes)
-    .ecc_key_length = 32,  // Elliptic curve key length for X25519 (32 bytes)
-    .ecc_sign_length =
-        64,  // Signature length for EdDSA using X25519 (64 bytes)
+    .aead_iv_length = 13,   // Initialization vector length for AES-CCM (13 bytes)
+    .hash_length = 32,      // Output length for SHA-256 (32 bytes)
+    .mac_length = 8,        // MAC length (8 bytes)
+    .ecc_key_length = 32,   // Elliptic curve key length for X25519 (32 bytes)
+    .ecc_sign_length = 64,  // Signature length for EdDSA using X25519 (64 bytes)
 };
 // Cipher Suite 1
@@ -19,13 +17,11 @@ static const struct edhoc_cipher_suite edhoc_cipher_suite_1 = {
     .value = 1,             // Suite identifier 1
     .aead_key_length = 16,  // Key length for AES-CCM-16-128-128 (16 bytes)
     .aead_tag_length = 16,  // Authentication tag length for AES-CCM (16 bytes)
-    .aead_iv_length =
-        13,             // Initialization vector length for AES-CCM (13 bytes)
-    .hash_length = 32,  // Output length for SHA-256 (32 bytes)
-    .mac_length = 16,   // MAC length (16 bytes)
-    .ecc_key_length = 32,  // Elliptic curve key length for X25519 (32 bytes)
-    .ecc_sign_length =
-        64,  // Signature length for EdDSA using X25519 (64 bytes)
+    .aead_iv_length = 13,   // Initialization vector length for AES-CCM (13 bytes)
+    .hash_length = 32,      // Output length for SHA-256 (32 bytes)
+    .mac_length = 16,       // MAC length (16 bytes)
+    .ecc_key_length = 32,   // Elliptic curve key length for X25519 (32 bytes)
+    .ecc_sign_length = 64,  // Signature length for EdDSA using X25519 (64 bytes)
 };
 // Cipher Suite 2
@@ -33,10 +29,9 @@ static const struct edhoc_cipher_suite edhoc_cipher_suite_2 = {
     .value = 2,             // Suite identifier 2
     .aead_key_length = 16,  // Key length for AES-CCM-16-64-128 (16 bytes)
     .aead_tag_length = 8,   // Authentication tag length for AES-CCM (8 bytes)
-    .aead_iv_length =
-        13,             // Initialization vector length for AES-CCM (13 bytes)
-    .hash_length = 32,  // Output length for SHA-256 (32 bytes)
-    .mac_length = 8,    // MAC length (8 bytes)
+    .aead_iv_length = 13,   // Initialization vector length for AES-CCM (13 bytes)
+    .hash_length = 32,      // Output length for SHA-256 (32 bytes)
+    .mac_length = 8,        // MAC length (8 bytes)
     .ecc_key_length = 32,   // Elliptic curve key length for P-256 (32 bytes)
     .ecc_sign_length = 64,  // Signature length for ES256 using P-256 (64 bytes)
 };
@@ -46,10 +41,9 @@ static const struct edhoc_cipher_suite edhoc_cipher_suite_3 = {
     .value = 3,             // Suite identifier 3
     .aead_key_length = 16,  // Key length for AES-CCM-16-128-128 (16 bytes)
     .aead_tag_length = 16,  // Authentication tag length for AES-CCM (16 bytes)
-    .aead_iv_length =
-        13,             // Initialization vector length for AES-CCM (13 bytes)
-    .hash_length = 32,  // Output length for SHA-256 (32 bytes)
-    .mac_length = 16,   // MAC length (16 bytes)
+    .aead_iv_length = 13,   // Initialization vector length for AES-CCM (13 bytes)
+    .hash_length = 32,      // Output length for SHA-256 (32 bytes)
+    .mac_length = 16,       // MAC length (16 bytes)
     .ecc_key_length = 32,   // Elliptic curve key length for P-256 (32 bytes)
     .ecc_sign_length = 64,  // Signature length for ES256 using P-256 (64 bytes)
 };
@@ -63,8 +57,7 @@ static const struct edhoc_cipher_suite edhoc_cipher_suite_4 = {
     .hash_length = 32,      // Output length for SHA-256 (32 bytes)
     .mac_length = 16,       // MAC length (16 bytes)
     .ecc_key_length = 32,   // Elliptic curve key length for X25519 (32 bytes)
-    .ecc_sign_length =
-        64,  // Signature length for EdDSA using X25519 (64 bytes)
+    .ecc_sign_length = 64,  // Signature length for EdDSA using X25519 (64 bytes)
 };
 // Cipher Suite 5
@@ -84,13 +77,11 @@ static const struct edhoc_cipher_suite edhoc_cipher_suite_6 = {
     .value = 6,             // Suite identifier 6
     .aead_key_length = 16,  // Key length for A128GCM (16 bytes)
     .aead_tag_length = 16,  // Authentication tag length for A128GCM (16 bytes)
-    .aead_iv_length =
-        12,             // Initialization vector length for A128GCM (12 bytes)
-    .hash_length = 32,  // Output length for SHA-256 (32 bytes)
-    .mac_length = 16,   // MAC length (16 bytes)
-    .ecc_key_length = 32,  // Elliptic curve key length for X25519 (32 bytes)
-    .ecc_sign_length =
-        64,  // Signature length for ES256 using X25519 (64 bytes)
+    .aead_iv_length = 12,   // Initialization vector length for A128GCM (12 bytes)
+    .hash_length = 32,      // Output length for SHA-256 (32 bytes)
+    .mac_length = 16,       // MAC length (16 bytes)
+    .ecc_key_length = 32,   // Elliptic curve key length for X25519 (32 bytes)
+    .ecc_sign_length = 64,  // Signature length for ES256 using X25519 (64 bytes)
 };
 // Cipher Suite 24
@@ -98,56 +89,32 @@ static const struct edhoc_cipher_suite edhoc_cipher_suite_24 = {
     .value = 24,            // Suite identifier 24
     .aead_key_length = 32,  // Key length for A256GCM (32 bytes)
     .aead_tag_length = 16,  // Authentication tag length for A256GCM (16 bytes)
-    .aead_iv_length =
-        12,             // Initialization vector length for A256GCM (12 bytes)
-    .hash_length = 48,  // Output length for SHA-384 (48 bytes)
-    .mac_length = 16,   // MAC length (16 bytes)
+    .aead_iv_length = 12,   // Initialization vector length for A256GCM (12 bytes)
+    .hash_length = 48,      // Output length for SHA-384 (48 bytes)
+    .mac_length = 16,       // MAC length (16 bytes)
     .ecc_key_length = 48,   // Elliptic curve key length for P-384 (48 bytes)
     .ecc_sign_length = 96,  // Signature length for ES384 using P-384 (96 bytes)
 };
 // Cipher Suite 25
 static const struct edhoc_cipher_suite edhoc_cipher_suite_25 = {
-    .value = 25,            // Suite identifier 25
-    .aead_key_length = 32,  // Key length for ChaCha20 (32 bytes)
-    .aead_tag_length = 16,  // Authentication tag length for Poly1305 (16 bytes)
-    .aead_iv_length = 12,   // Nonce length for ChaCha20 (12 bytes)
-    .hash_length = 64,      // Output length for SHAKE256 (64 bytes)
-    .mac_length = 16,       // MAC length (16 bytes)
-    .ecc_key_length = 56,   // Elliptic curve key length for X448 (56 bytes)
-    .ecc_sign_length =
-        114,  // Signature length for EdDSA using X448 (114 bytes)
+    .value = 25,             // Suite identifier 25
+    .aead_key_length = 32,   // Key length for ChaCha20 (32 bytes)
+    .aead_tag_length = 16,   // Authentication tag length for Poly1305 (16 bytes)
+    .aead_iv_length = 12,    // Nonce length for ChaCha20 (12 bytes)
+    .hash_length = 64,       // Output length for SHAKE256 (64 bytes)
+    .mac_length = 16,        // MAC length (16 bytes)
+    .ecc_key_length = 56,    // Elliptic curve key length for X448 (56 bytes)
+    .ecc_sign_length = 114,  // Signature length for EdDSA using X448 (114 bytes)
 };
 const struct edhoc_cipher_suite* suite_pointers[] = {
-    &edhoc_cipher_suite_0,
-    &edhoc_cipher_suite_1,
-    &edhoc_cipher_suite_2,
-    &edhoc_cipher_suite_3,
-    &edhoc_cipher_suite_4,
-    &edhoc_cipher_suite_5,
-    &edhoc_cipher_suite_6,
+    &edhoc_cipher_suite_0, &edhoc_cipher_suite_1, &edhoc_cipher_suite_2, &edhoc_cipher_suite_3, &edhoc_cipher_suite_4,
+    &edhoc_cipher_suite_5, &edhoc_cipher_suite_6,
     // 7,  8,  9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
+    nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr,
+    nullptr, nullptr, nullptr, nullptr,
     // 24, 25
-    &edhoc_cipher_suite_24,
-    &edhoc_cipher_suite_25};
+    &edhoc_cipher_suite_24, &edhoc_cipher_suite_25};
-const size_t suite_pointers_count =
-    sizeof(suite_pointers) / sizeof(suite_pointers[0]);
+const size_t suite_pointers_count = sizeof(suite_pointers) / sizeof(suite_pointers[0]);

package/src/Utils.cpp CHANGED Viewed

@@ -1,33 +1,22 @@
+#include "Utils.h"
 #include <condition_variable>
 #include <cstring>
 #include <mutex>
 #include <thread>
-#include "Utils.h"
 static constexpr const char* kStringThen = "then";
 static constexpr const char* kStringCatch = "catch";
-static constexpr const char* kErrorInputValueMustBeANumberOrABuffer =
-    "Input value must be a number or a buffer";
-void Utils::ResetAndRelease(Napi::FunctionReference& funcRef,
-                            Napi::ThreadSafeFunction& tsfn) {
-  if (!funcRef.IsEmpty()) {
-    funcRef.Reset();
-  }
-  if (tsfn != nullptr) {
-    tsfn.Release();
-    tsfn = nullptr;
-  }
-}
+static constexpr const char* kErrorInputValueMustBeANumberOrABuffer = "Input value must be a number or a buffer";
-void Utils::InvokeJSFunctionWithPromiseHandling(
-    Napi::Env env,
-    Napi::Object jsObject,
-    Napi::Function jsCallback,
-    const std::vector<napi_value>& args,
-    std::function<void(Napi::Env, Napi::Value)> callbackLambda) {
+void Utils::InvokeJSFunctionWithPromiseHandling(Napi::Env env,
+                                                Napi::Object jsObject,
+                                                Napi::Function jsCallback,
+                                                const std::vector<napi_value>& args,
+                                                SuccessHandler successLambda,
+                                                ErrorHandler errorLambda) {
   auto deferred = Napi::Promise::Deferred::New(env);
   try {
     Napi::Value result = jsCallback.Call(jsObject, args);
     deferred.Resolve(result);
@@ -35,36 +24,28 @@ void Utils::InvokeJSFunctionWithPromiseHandling(
     deferred.Reject(e.Value());
   }
-  Napi::Promise promise = deferred.Promise();
-  auto thenCallback = Napi::Function::New(
-      env, [callbackLambda](const Napi::CallbackInfo& info) {
-        Napi::Env env = info.Env();
-        Napi::HandleScope scope(env);
-        Napi::Value result = info[0];
-        Napi::Promise::Deferred deferred = Napi::Promise::Deferred::New(env);
-        try {
-          callbackLambda(env, result);
-          deferred.Resolve(result);
-        } catch (const Napi::Error& e) {
-          deferred.Reject(e.Value());
-        }
-        return deferred.Promise();
-      });
+  auto thenCallback = Napi::Function::New(env, [successLambda, errorLambda](const Napi::CallbackInfo& info) {
+    Napi::Env env = info.Env();
+    Napi::HandleScope scope(env);
+    try {
+      successLambda(env, info[0].As<Napi::Value>());
+    } catch (const std::exception& e) {
+      errorLambda(env, Napi::Error::New(env, e.what()));
+    }
+  });
-  auto catchCallback =
-      Napi::Function::New(env, [](const Napi::CallbackInfo& info) {
-        Napi::Error error = info[0].As<Napi::Error>();
-        throw error;
-      });
+  auto catchCallback = Napi::Function::New(env, [errorLambda](const Napi::CallbackInfo& info) {
+    Napi::Env env = info.Env();
+    Napi::HandleScope scope(env);
+    errorLambda(env, info[0].As<Napi::Error>());
+  });
-  promise.Get(kStringThen).As<Napi::Function>().Call(promise, {thenCallback});
+  Napi::Promise promise = deferred.Promise();
   promise.Get(kStringCatch).As<Napi::Function>().Call(promise, {catchCallback});
+  promise.Get(kStringThen).As<Napi::Function>().Call(promise, {thenCallback});
 }
-void Utils::EncodeInt64ToBuffer(int64_t value,
-                                uint8_t* buffer,
-                                size_t* length) {
+void Utils::EncodeInt64ToBuffer(int64_t value, uint8_t* buffer, size_t* length) {
   size_t idx = 0;
   if (value == 0) {
     buffer[idx++] = 0;
@@ -81,10 +62,8 @@ struct edhoc_connection_id Utils::ConvertJsValueToEdhocCid(Napi::Value value) {
   struct edhoc_connection_id cid = {};
   if (value.IsNumber()) {
     int64_t numeric = value.As<Napi::Number>().Int64Value();
-    if (numeric >= ONE_BYTE_CBOR_INT_MIN_VALUE &&
-        numeric <= ONE_BYTE_CBOR_INT_MAX_VALUE) {
-      cid = {.encode_type = EDHOC_CID_TYPE_ONE_BYTE_INTEGER,
-             .int_value = (int8_t)numeric};
+    if (numeric >= ONE_BYTE_CBOR_INT_MIN_VALUE && numeric <= ONE_BYTE_CBOR_INT_MAX_VALUE) {
+      cid = {.encode_type = EDHOC_CID_TYPE_ONE_BYTE_INTEGER, .int_value = (int8_t)numeric};
     } else {
       size_t length = 0;
       Utils::EncodeInt64ToBuffer(numeric, cid.bstr_value, &length);
@@ -97,19 +76,16 @@ struct edhoc_connection_id Utils::ConvertJsValueToEdhocCid(Napi::Value value) {
     cid.bstr_length = buffer.Length();
     memcpy(cid.bstr_value, buffer.Data(), cid.bstr_length);
   } else {
-    throw Napi::TypeError::New(value.Env(),
-                               kErrorInputValueMustBeANumberOrABuffer);
+    throw Napi::TypeError::New(value.Env(), kErrorInputValueMustBeANumberOrABuffer);
   }
   return cid;
 }
-Napi::Value Utils::CreateJsValueFromEdhocCid(Napi::Env env,
-                                             struct edhoc_connection_id value) {
+Napi::Value Utils::CreateJsValueFromEdhocCid(Napi::Env env, struct edhoc_connection_id value) {
   if (value.encode_type == EDHOC_CID_TYPE_ONE_BYTE_INTEGER) {
     return Napi::Number::New(env, value.int_value);
   } else if (value.encode_type == EDHOC_CID_TYPE_BYTE_STRING) {
-    return Napi::Buffer<char>::Copy(
-        env, (const char*)value.bstr_value, value.bstr_length);
+    return Napi::Buffer<char>::Copy(env, (const char*)value.bstr_value, value.bstr_length);
   }
   return env.Null();
 }

package/test/basic.test.ts ADDED Viewed

@@ -0,0 +1,64 @@
+import { EDHOC, X509CertificateCredentialManager, DefaultEdhocCryptoManager, EdhocMethod, EdhocSuite } from '../dist/index'
+describe('EDHOC Handshake', () => {
+    // Test setup variables
+    const trustedCA = Buffer.from('308201323081DAA003020102021478408C6EC18A1D452DAE70C726CB0192A6116DBB300A06082A8648CE3D040302301A3118301606035504030C0F5468697320697320434120526F6F74301E170D3234313031393138333635335A170D3235313031393138333635335A301A3118301606035504030C0F5468697320697320434120526F6F743059301306072A8648CE3D020106082A8648CE3D03010703420004B9348A8A267EF52CFDC30109A29008A2D99F6B8F78BA9EAF5D51578C06134E78CB90A073EDC2488A14174B4E2997C840C5DE7F8E35EB54A0DB6977E894D1B2CB300A06082A8648CE3D040302034700304402203B92BFEC770B0FA4E17F8F02A13CD945D914ED8123AC85C37C8C7BAA2BE3E0F102202CB2DC2EC295B5F4B7BB631ED751179C145D6B6E081559AEA38CE215369E9C31', 'hex');
+    let initiator: EDHOC;
+    let responder: EDHOC;
+    beforeEach(() => {
+        // Initialize credentials and crypto managers for both parties
+        const initiatorKeyID = Buffer.from('00000001', 'hex');
+        const initiatorCredentialManager = new X509CertificateCredentialManager(
+            [Buffer.from('3082012E3081D4A003020102021453423D5145C767CDC29895C3DB590192A611EA50300A06082A8648CE3D040302301A3118301606035504030C0F5468697320697320434120526F6F74301E170D3234313031393138333732345A170D3235313031393138333732345A30143112301006035504030C09696E69746961746F723059301306072A8648CE3D020106082A8648CE3D03010703420004EB0EF585F3992A1653CF310BF0F0F8035267CDAB6989C8B02E7228FBD759EF6B56263259AADF087F9849E7B7651F74C3B4F144CCCF86BB6FE2FF0EF3AA5FB5DC300A06082A8648CE3D0403020349003046022100D8C3AA7C98A730B3D4862EDAB4C1474FCD9A17A9CA3FB078914A10978FE95CC40221009F5877DD4E2C635A04ED1F6F1854C87B58521BDDFF533B1076F53D456739764C', 'hex')],
+            initiatorKeyID
+        );
+        initiatorCredentialManager.addTrustedCA(trustedCA);
+        const initiatorCryptoManager = new DefaultEdhocCryptoManager();
+        initiatorCryptoManager.addKey(initiatorKeyID, Buffer.from('DC1FBB05B6B08360CE5B9EEA08EBFBFC6766A21340641863D4C8A3F68F096337', 'hex'));
+        const responderKeyID = Buffer.from('00000002', 'hex');
+        const responderCredentialManager = new X509CertificateCredentialManager(
+            [Buffer.from('3082012E3081D4A00302010202146648869E2608FC2E16D945C10E1F0192A6125CC0300A06082A8648CE3D040302301A3118301606035504030C0F5468697320697320434120526F6F74301E170D3234313031393138333735345A170D3235313031393138333735345A30143112301006035504030C09726573706F6E6465723059301306072A8648CE3D020106082A8648CE3D03010703420004161F76A7A106C9B79B7F651156B5B095E63A6101A39020F4E86DDACE61FB395E8AEF6CD9C444EE9A43DBD62DAD44FF50FE4146247D3AFD28F60DBC01FBFC573C300A06082A8648CE3D0403020349003046022100E8AD0926518CDB61E84D171700C7158FD0E72D03A117D40133ECD10F8B9F42CE022100E7E69B4C79100B3F0792F010AE11EE5DD2859C29EFC4DBCEFD41FA5CD4D3C3C9', 'hex')],
+            responderKeyID
+        );
+        responderCredentialManager.addTrustedCA(trustedCA);
+        const responderCryptoManager = new DefaultEdhocCryptoManager();
+        responderCryptoManager.addKey(responderKeyID, Buffer.from('EE6287116FE27CDC539629DC87E12BF8EAA2229E7773AA67BC4C0FBA96E7FBB2', 'hex'));
+        // Initialize EDHOC instances
+        initiator = new EDHOC(10, [EdhocMethod.Method1], [EdhocSuite.Suite2], initiatorCredentialManager, initiatorCryptoManager);
+        responder = new EDHOC(20, [EdhocMethod.Method2, EdhocMethod.Method0, EdhocMethod.Method1], [EdhocSuite.Suite2], responderCredentialManager, responderCryptoManager);
+    });
+    test('should complete successful EDHOC handshake', async () => {
+        // Perform the three-message handshake
+        const message1 = await initiator.composeMessage1([{ label: 1, value: Buffer.from('Hello') }]);
+        const ead1 = await responder.processMessage1(message1);
+        expect(ead1[0].value.toString()).toBe('Hello');
+        const message2 = await responder.composeMessage2();
+        const ead2 = await initiator.processMessage2(message2);
+        expect(ead2).toEqual([]);
+        const message3 = await initiator.composeMessage3();
+        const ead3 = await responder.processMessage3(message3);
+        expect(ead3).toEqual([]);
+        // Verify that both parties derived the same OSCORE security context
+        const initiatorOSCORE = await initiator.exportOSCORE();
+        const responderOSCORE = await responder.exportOSCORE();
+        expect(initiatorOSCORE.masterSalt).toEqual(responderOSCORE.masterSalt);
+        expect(initiatorOSCORE.masterSecret).toEqual(responderOSCORE.masterSecret);
+        expect(initiatorOSCORE.senderId).toEqual(responderOSCORE.recipientId);
+        expect(initiatorOSCORE.recipientId).toEqual(responderOSCORE.senderId);
+        // Verify that both parties can derive the same application keys
+        const initiatorKey = await initiator.exportKey(40001, 32);
+        const responderKey = await responder.exportKey(40001, 32);
+        expect(initiatorKey).toEqual(responderKey);
+    });
+});

package/test/vectors.test.ts ADDED Viewed

@@ -0,0 +1,111 @@
+import { EDHOC, X509CertificateCredentialManager, DefaultEdhocCryptoManager, EdhocMethod, EdhocSuite, EdhocCredentialsFormat, EdhocKeyType } from '../dist/index'
+class VectorsEdhocCryptoManager extends DefaultEdhocCryptoManager {
+    async importKey(edhoc: EDHOC, keyType: EdhocKeyType, key: Buffer) {
+        // Method 0, Suite 0, Connection ID -14 - Initiator
+        if (keyType === EdhocKeyType.MakeKeyPair && key && edhoc.connectionID === -14) {
+            key = Buffer.from('892EC28E5CB6669108470539500B705E60D008D347C5817EE9F3327C8A87BB03', 'hex');
+        }
+        // Method 0, Suite 0, Connection ID 0x18 - Responder
+        if (keyType === EdhocKeyType.MakeKeyPair && key && Buffer.isBuffer(edhoc.connectionID) && Buffer.compare(edhoc.connectionID, Buffer.from([0x18])) === 0) {
+            key = Buffer.from('E69C23FBF81BC435942446837FE827BF206C8FA10A39DB47449E5A813421E1E8', 'hex');
+        }
+        return super.importKey(edhoc, keyType, key);
+    }
+}
+describe('EDHOC RFC9529 Test Vectors', () => {
+    // Test setup variables
+    const trustedCA = Buffer.from('3082010E3081C1A003020102020462319E74300506032B6570301D311B301906035504030C124544484F4320526F6F742045643235353139301E170D3232303331363038323331365A170D3239313233313233303030305A301D311B301906035504030C124544484F4320526F6F742045643235353139302A300506032B65700321002B7B3E8057C8642944D06AFE7A71D1C9BF961B6292BAC4B04F91669BBB713BE4A3233021300E0603551D0F0101FF040403020204300F0603551D130101FF040530030101FF300506032B65700341004BB52BBF1539B71A4AAF429778F29EDA7E814680698F16C48F2A6FA4DBE82541C58207BA1BC9CDB0C2FA947FFBF0F0EC0EE91A7FF37A94D9251FA5CDF1E67A0F', 'hex');
+    const keyUpdate = Buffer.from('d6be169602b8bceaa01158fdb820890c', 'hex');
+    const masterSecret = Buffer.from('1e1c6beac3a8a1cac435de7e2f9ae7ff', 'hex');
+    const masterSalt = Buffer.from('ce7ab844c0106d73', 'hex');
+    const masterSecret_Update = Buffer.from('ee0ff542c47eb0e09c69307649bdbbe5', 'hex');
+    const masterSalt_Update = Buffer.from('80cede2a1e5aab48', 'hex');
+    // Initiator Identity
+    const initiatorCert = Buffer.from('3081EE3081A1A003020102020462319EA0300506032B6570301D311B301906035504030C124544484F4320526F6F742045643235353139301E170D3232303331363038323430305A170D3239313233313233303030305A30223120301E06035504030C174544484F4320496E69746961746F722045643235353139302A300506032B6570032100ED06A8AE61A829BA5FA54525C9D07F48DD44A302F43E0F23D8CC20B73085141E300506032B6570034100521241D8B3A770996BCFC9B9EAD4E7E0A1C0DB353A3BDF2910B39275AE48B756015981850D27DB6734E37F67212267DD05EEFF27B9E7A813FA574B72A00B430B', 'hex');
+    const initiatorKey = Buffer.from('4C5B25878F507C6B9DAE68FBD4FD3FF997533DB0AF00B25D324EA28E6C213BC8', 'hex');
+    const initiatorKeyID = Buffer.from('00000001', 'hex');
+    // Responder Identity
+    const responderCert = Buffer.from('3081EE3081A1A003020102020462319EC4300506032B6570301D311B301906035504030C124544484F4320526F6F742045643235353139301E170D3232303331363038323433365A170D3239313233313233303030305A30223120301E06035504030C174544484F4320526573706F6E6465722045643235353139302A300506032B6570032100A1DB47B95184854AD12A0C1A354E418AACE33AA0F2C662C00B3AC55DE92F9359300506032B6570034100B723BC01EAB0928E8B2B6C98DE19CC3823D46E7D6987B032478FECFAF14537A1AF14CC8BE829C6B73044101837EB4ABC949565D86DCE51CFAE52AB82C152CB02', 'hex');
+    const responderKey = Buffer.from('EF140FF900B0AB03F0C08D879CBBD4B31EA71E6E7EE7FFCB7E7955777A332799', 'hex');
+    const responderKeyID = Buffer.from('00000002', 'hex');
+    let initiator: EDHOC;
+    let responder: EDHOC;
+    beforeEach(() => {
+        // Initiator Setup
+        const initiatorCredentialManager = new X509CertificateCredentialManager([initiatorCert], initiatorKeyID);
+        initiatorCredentialManager.addTrustedCA(trustedCA);
+        initiatorCredentialManager.addPeerCertificate(responderCert);
+        initiatorCredentialManager.fetchFormat = EdhocCredentialsFormat.x5t;
+        // Initiator Crypto Manager
+        const initiatorCryptoManager = new VectorsEdhocCryptoManager();
+        initiatorCryptoManager.addKey(initiatorKeyID, initiatorKey);
+        // Responder Setup
+        const responderCredentialManager = new X509CertificateCredentialManager([responderCert], responderKeyID);
+        responderCredentialManager.addTrustedCA(trustedCA);
+        responderCredentialManager.addPeerCertificate(initiatorCert);
+        responderCredentialManager.fetchFormat = EdhocCredentialsFormat.x5t;
+        // Responder Crypto Manager
+        const responderCryptoManager = new VectorsEdhocCryptoManager();
+        responderCryptoManager.addKey(responderKeyID, responderKey);
+        // Initialize EDHOC instances
+        initiator = new EDHOC(-14, [EdhocMethod.Method0], [EdhocSuite.Suite0], initiatorCredentialManager, initiatorCryptoManager);
+        responder = new EDHOC(Buffer.from([0x18]), [EdhocMethod.Method0], [EdhocSuite.Suite0], responderCredentialManager, responderCryptoManager);
+    });
+    test('should complete successful EDHOC handshake', async () => {
+        // Perform the three-message handshake
+        const message1 = await initiator.composeMessage1();
+        const ead1 = await responder.processMessage1(message1);
+        expect(ead1).toEqual([]);
+        const message2 = await responder.composeMessage2();
+        const ead2 = await initiator.processMessage2(message2);
+        expect(ead2).toEqual([]);
+        const message3 = await initiator.composeMessage3();
+        const ead3 = await responder.processMessage3(message3);
+        expect(ead3).toEqual([]);
+        const message4 = await initiator.composeMessage4();
+        const ead4 = await responder.processMessage4(message4);
+        expect(ead4).toEqual([]);
+        const initiatorOSCORE = await initiator.exportOSCORE();
+        const responderOSCORE = await responder.exportOSCORE();
+        expect(initiatorOSCORE.masterSalt).toEqual(responderOSCORE.masterSalt);
+        expect(initiatorOSCORE.masterSecret).toEqual(responderOSCORE.masterSecret);
+        expect(initiatorOSCORE.senderId).toEqual(responderOSCORE.recipientId);
+        expect(initiatorOSCORE.recipientId).toEqual(responderOSCORE.senderId);
+        expect(initiatorOSCORE.masterSalt).toEqual(masterSalt);
+        expect(initiatorOSCORE.masterSecret).toEqual(masterSecret);
+        await initiator.keyUpdate(keyUpdate);
+        await responder.keyUpdate(keyUpdate);
+        const initiatorOSCORE_Update = await initiator.exportOSCORE();
+        const responderOSCORE_Update = await responder.exportOSCORE();
+        expect(initiatorOSCORE_Update.masterSalt).toEqual(responderOSCORE_Update.masterSalt);
+        expect(initiatorOSCORE_Update.masterSecret).toEqual(responderOSCORE_Update.masterSecret);
+        expect(initiatorOSCORE_Update.senderId).toEqual(responderOSCORE_Update.recipientId);
+        expect(initiatorOSCORE_Update.recipientId).toEqual(responderOSCORE_Update.senderId);
+        expect(initiatorOSCORE_Update.masterSecret).toEqual(masterSecret_Update);
+        expect(initiatorOSCORE_Update.masterSalt).toEqual(masterSalt_Update);
+    });
+});

package/dist/credentials.d.ts DELETED Viewed

@@ -1,16 +0,0 @@
-import { DefaultEdhocCryptoManager } from './crypto';
-import { EDHOC, EdhocCredentialManager, EdhocCredentials } from './edhoc';
-export declare class X509Credentials {
-    certificate: Buffer;
-    privateKey: Buffer;
-    constructor(certificate: Buffer, privateKey: Buffer);
-}
-export declare class DefaultEdhocCredentialManager implements EdhocCredentialManager {
-    private credentials;
-    private trustRoots;
-    setCredentials(cryptoManager: DefaultEdhocCryptoManager, credentials: X509Credentials, keyID?: Buffer): void;
-    addTrustRoot(certificate: Buffer): void;
-    fetch(edhoc: EDHOC): Promise<EdhocCredentials>;
-    verify(edhoc: EDHOC, credentials: EdhocCredentials): Promise<EdhocCredentials>;
-}
-//# sourceMappingURL=credentials.d.ts.map

package/dist/credentials.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../lib/credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,MAAM,UAAU,CAAC;AACrD,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,gBAAgB,EAA4D,MAAM,SAAS,CAAC;AAGpI,qBAAa,eAAe;IAEjB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;gBAEd,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM;CAItD;AAED,qBAAa,6BAA8B,YAAW,sBAAsB;IAExE,OAAO,CAAC,WAAW,CAAsE;IACzF,OAAO,CAAC,UAAU,CAAyB;IAE3C,cAAc,CAAC,aAAa,EAAE,yBAAyB,EAAE,WAAW,EAAE,eAAe,EAAE,KAAK,GAAE,MAAuC;IAYrI,YAAY,CAAC,WAAW,EAAE,MAAM;IAI1B,KAAK,CAAC,KAAK,EAAE,KAAK,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAK9C,MAAM,CAAC,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,gBAAgB;CAuD3D"}

package/dist/credentials.js DELETED Viewed

@@ -1,84 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DefaultEdhocCredentialManager = exports.X509Credentials = void 0;
-const edhoc_1 = require("./edhoc");
-const crypto_1 = require("crypto");
-class X509Credentials {
-    certificate;
-    privateKey;
-    constructor(certificate, privateKey) {
-        this.certificate = certificate;
-        this.privateKey = privateKey;
-    }
-}
-exports.X509Credentials = X509Credentials;
-class DefaultEdhocCredentialManager {
-    credentials = new Map();
-    trustRoots = [];
-    setCredentials(cryptoManager, credentials, keyID = Buffer.from('00000001', 'hex')) {
-        cryptoManager.addKey(keyID, credentials.privateKey);
-        let chain = {
-            format: edhoc_1.EdhocCredentialsFormat.x5chain,
-            privateKeyID: keyID,
-            x5chain: {
-                certificates: [credentials.certificate]
-            }
-        };
-        this.credentials.set(keyID.toString('hex'), chain);
-    }
-    addTrustRoot(certificate) {
-        this.trustRoots.push(new crypto_1.X509Certificate(certificate));
-    }
-    async fetch(edhoc) {
-        const credential = this.credentials.values().next().value;
-        return credential;
-    }
-    async verify(edhoc, credentials) {
-        if (credentials.format === edhoc_1.EdhocCredentialsFormat.x5chain) {
-            const x5chain = credentials.x5chain;
-            const certificates = x5chain.certificates;
-            const numCerts = certificates.length;
-            if (numCerts < 1) {
-                throw new Error('Certificate chain must contain at least one certificate.');
-            }
-            let verified = false;
-            // Step 1: Verify each certificate against the next one in the chain, if there are multiple certificates
-            for (let i = 0; i < numCerts - 1; i++) {
-                const currentCert = new crypto_1.X509Certificate(certificates[i]);
-                const nextCert = new crypto_1.X509Certificate(certificates[i + 1]);
-                if (!currentCert.verify(nextCert.publicKey)) {
-                    throw new Error(`Verification failed: Certificate at index ${i} is not signed by the next certificate in the chain.`);
-                }
-            }
-            // Step 2: Verify the last certificate in the chain against the trust roots
-            const lastCert = new crypto_1.X509Certificate(certificates[numCerts - 1]);
-            for (let trustRoot of this.trustRoots) {
-                if (lastCert.verify(trustRoot.publicKey)) {
-                    verified = true;
-                    break; // Exit the loop once verified
-                }
-            }
-            if (!verified) {
-                throw new Error('Certificate chain not verified');
-            }
-            let token = new crypto_1.X509Certificate(certificates[0]).publicKey.export({ format: 'jwk' });
-            if (token.crv === 'P-256') {
-                credentials.publicKey = Buffer.concat([
-                    Buffer.from(token.x, 'base64'),
-                    Buffer.from(token.y, 'base64')
-                ]);
-                return credentials;
-            }
-            else if (token.crv === 'Ed25519') {
-                let publicKey = Buffer.from(token.x, 'base64');
-                credentials.publicKey = publicKey;
-                return credentials;
-            }
-            else {
-                throw new Error('Unsupported curve');
-            }
-        }
-        throw new Error('Credentials format not supported');
-    }
-}
-exports.DefaultEdhocCredentialManager = DefaultEdhocCredentialManager;

package/external/libedhoc/externals/zcbor/include/zcbor_debug.h DELETED Viewed

@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 2020 Nordic Semiconductor ASA
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-#ifndef ZCBOR_DEBUG_H__
-#define ZCBOR_DEBUG_H__
-#include <stdint.h>
-#include <stdbool.h>
-#include <stddef.h>
-#include "zcbor_common.h"
-#ifdef __cplusplus
-extern "C" {
-#endif
-__attribute__((used))
-static void zcbor_print_compare_lines(const uint8_t *str1, const uint8_t *str2, uint32_t size)
-{
-	for (uint32_t j = 0; j < size; j++) {
-		printk ("%x ", str1[j]);
-	}
-	printk("\r\n");
-	for (uint32_t j = 0; j < size; j++) {
-		printk ("%x ", str2[j]);
-	}
-	printk("\r\n");
-	for (uint32_t j = 0; j < size; j++) {
-		printk ("%x ", str1[j] != str2[j]);
-	}
-	printk("\r\n");
-	printk("\r\n");
-}
-__attribute__((used))
-static void zcbor_print_compare_strings(const uint8_t *str1, const uint8_t *str2, uint32_t size)
-{
-	for (uint32_t i = 0; i <= size / 16; i++) {
-		printk("line %d (char %d)\r\n", i, i*16);
-		zcbor_print_compare_lines(&str1[i*16], &str2[i*16],
-			MIN(16, (size - i*16)));
-	}
-	printk("\r\n");
-}
-__attribute__((used))
-static void zcbor_print_compare_strings_diff(const uint8_t *str1, const uint8_t *str2, uint32_t size)
-{
-	bool printed = false;
-	for (uint32_t i = 0; i <= size / 16; i++) {
-		if (memcmp(&str1[i*16], &str2[i*16], MIN(16, (size - i*16)) != 0)) {
-			printk("line %d (char %d)\r\n", i, i*16);
-			zcbor_print_compare_lines(&str1[i*16], &str2[i*16],
-				MIN(16, (size - i*16)));
-			printed = true;
-		}
-	}
-	if (printed) {
-		printk("\r\n");
-	}
-}
-#ifdef __cplusplus
-}
-#endif
-#endif /* ZCBOR_DEBUG_H__ */