pkg/edhoc-c: initial commit

Co-authored-by: Timothy Claeys <timothy.claeys@inria.fr>

pkg/edhoc-c/Makefile

@@ -0,0 +1,19 @@
+PKG_NAME = EDHOC-C
+PKG_URL = https://github.com/future-proof-iot/EDHOC-C.git
+PKG_VERSION = 1847c2c558d3ea97a070f6a9546a5913432ecf96
+PKG_LICENSE = BSD-3-Clause
+
+include $(RIOTBASE)/pkg/pkg.mk
+
+.PHONY: edhoc-c_%
+
+EDHOC_C_MODULES := $(filter edhoc-c_%,$(USEMODULE))
+
+all: $(EDHOC_C_MODULES)
+	"$(MAKE)" -C $(PKG_SOURCE_DIR)/src -f $(RIOTBASE)/Makefile.base MODULE=edhoc-c
+
+edhoc-c_crypto_%:
+	"$(MAKE)" -C $(PKG_SOURCE_DIR)/src/crypto -f $(RIOTBASE)/Makefile.base MODULE=$@ SRC=$*.c
+
+edhoc-c_cbor_%:
+	"$(MAKE)" -C $(PKG_SOURCE_DIR)/src/cbor -f $(RIOTBASE)/Makefile.base MODULE=$@ SRC=$*.c

pkg/edhoc-c/Makefile.dep

@@ -0,0 +1,22 @@
+ifneq (,$(filter edhoc-c_crypto_wolfssl,$(USEMODULE)))
+  USEPKG += wolfssl
+  USEMODULE += wolfcrypt
+  USEMODULE += wolfcrypt_aes
+  USEMODULE += wolfcrypt_ed25519
+  USEMODULE += wolfcrypt_curve25519
+  USEMODULE += wolfcrypt_hmac
+  USEMODULE += wolfcrypt_random
+  USEMODULE += wolfcrypt_sha256
+endif
+
+ifneq (,$(filter edhoc-c_crypto_tinycrypt,$(USEMODULE)))
+  USEPKG += tinycrypt
+  # Blacklist platforms using nimble, mynewt-nimble has an in-tree copy
+  # of tinycrypt that conflicts with the remote one
+  FEATURES_BLACKLIST += ble_nimble
+  USEPKG += c25519
+endif
+
+ifneq (,$(filter edhoc-c_cbor_nanocbor,$(USEMODULE)))
+  USEPKG += nanocbor
+endif

pkg/edhoc-c/Makefile.include

@@ -0,0 +1,23 @@
+INCLUDES += -I$(PKGDIRBASE)/EDHOC-C/include \
+            -I$(PKGDIRBASE)/EDHOC-C/src \
+            -I$(RIOTBASE)/pkg/edhoc-c/include \
+            #
+
+ifneq (,$(filter edhoc-c_crypto_wolfssl,$(USEMODULE)))
+  CFLAGS += -DHAVE_AESCCM
+  CFLAGS += -DHAVE_HKDF
+  CFLAGS += -DWOLFSSL
+endif
+
+ifneq (,$(filter edhoc-c_crypto_tinycrypt,$(USEMODULE)))
+  CFLAGS += -DTINYCRYPT
+endif
+
+ifneq (,$(filter edhoc-c_cbor_nanocbor,$(USEMODULE)))
+  CFLAGS += -DNANOCBOR
+endif
+
+# EDHOC-C configuration file for RIOT
+CFLAGS += -DEDHOC_CONFIG_FILE=\"edhoc_config.h\"
+# X509 backend in EDHOC-C is mbedtls currently not supported in RIOT
+CFLAGS += -DEMPTY_X509

pkg/edhoc-c/doc.txt

@@ -0,0 +1,48 @@
+/**
+ * @defgroup pkg_edhoc_c EDHOC-C
+ * @ingroup  pkg
+ * @brief    Support for Ephemeral Diffie-Hellman Over COSE (EDHOC)
+ * @see      https://github.com/openwsn-berkeley/EDHOC-C
+ *
+ * # EDHOC-C RIOT package
+ *
+ * ## Usage
+ *
+ * Just add it as a package in your application:
+ *
+ * ```makefile
+ * USEPKG += edhoc-c
+ * ```
+ *
+ * ### Backends
+ *
+ * EDHOC-C does not implement crypographic algorithms, instead it uses external
+ * libraries as a backend. Libraries that provide all requirements are
+ * currently @ref pkg_tinycrypt and @ref pkg_wolfssl. Pick one through the
+ * following module:
+ *
+ * ```makefile
+ * USEMODULE += edhoc-c_crypto_wolfssl
+ * USEMODULE += edhoc-c_crypto_tinycrypt
+ * ```
+ *
+ * EDHOC-C does not implement a CBOR library either, currently the only possible
+ * backend is @ref pkg_nanocbor. Select it through the following module:
+ *
+ * ```makefile
+ * USEMODULE += edhoc-c_cbor_nanocbor
+ * ```
+ *
+ * Don't forget to include the header for the EDHOC-C public API:
+ *
+ * ```c
+ * #include <edhoc/edhoc.h>
+ * ```
+ *
+ * ### Current Support
+ *
+ * - EDHOC-C supports @ref pkg_hacl as a crypto backend but it's using a different
+ *   version than the one supported currently in RIOT
+ * - x509 certificates require MBED-TLS, which is currently not supported in
+ *   RIOT so only RPK and CBOR certificates are supported.
+ */

pkg/edhoc-c/include/edhoc_config.h

@@ -0,0 +1,121 @@
+/*
+ * Copyright (C) 2021 Inria
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     pkg_edhoc_c
+ * @{
+ *
+ * @file
+ * @brief       EDHOC-C configuration file
+ *
+ * @author      Timothy Claeys <timothy.claeys@inria.fr>
+ *
+ * @}
+ */
+
+#ifndef EDHOC_CONFIG_H
+#define EDHOC_CONFIG_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief EDHOC_CIPHER_SUITE_X_ENABLED
+ *
+ * Enables support for a specific EDHOC cipher suite
+ *
+ */
+#define EDHOC_CIPHER_SUITE_0_ENABLED
+
+/**
+ * @brief EDHOC_AUTH_METHOD_X_ENABLED
+ * @{
+ *
+ * Enables support for a specific EDHOC authentication method
+ *
+ */
+#define EDHOC_AUTH_METHOD_0_ENABLED
+#define EDHOC_AUTH_METHOD_1_ENABLED
+#define EDHOC_AUTH_METHOD_2_ENABLED
+#define EDHOC_AUTH_METHOD_3_ENABLED
+/** @} */
+
+/**
+ * @brief EDHOC_ASYNC_API_ENABLED
+ *
+ * Exposes the individual EDHOC message functions for asynchronous usage.
+ *
+ */
+#define EDHOC_ASYNC_API_ENABLED
+
+/**
+ * @brief EDHOC_DEBUG_ENABLE
+ *
+ * Enables some extra methods that allow for easier testing and debugging
+ *
+ */
+#define EDHOC_DEBUG_ENABLED
+
+/**
+ * @brief EDHOC_AUTH_CERT_ENABLED
+ * @{
+ *
+ * Enables CBOR certificates as the EDHOC local credential
+ *
+ */
+#define EDHOC_AUTH_CERT_ENABLED
+#if defined(EDHOC_AUTH_CERT_ENABLED)
+#define EDHOC_AUTH_CBOR_CERT
+#endif
+/** @} */
+
+/**
+ * @brief EDHOC_AUTH_RPK_ENABLED
+ *
+ * Enables COSE raw public keys as the EDHOC local credential
+ *
+ */
+#define EDHOC_AUTH_RPK_ENABLED
+
+/**
+ * @brief EDHOC_COSE_HEADER_SIZE
+ *
+ * Sets the maximum number of COSE header elements
+ */
+#define EDHOC_COSE_HEADER_SIZE              (5)
+
+/**
+ * @brief EDHOC_CREDENTIAL_MAX_SIZE
+ *
+ * Sets the maximum buffer size for credentials (raw keys or certificates)
+ *
+ */
+#define EDHOC_CRED_SIZE                     (256)
+
+/**
+ * @brief EDHOC_CREDENTIAL_ID_MAX_SIZE
+ *
+ * Sets the maximum buffer size for credential identifiers
+ *
+ */
+#define EDHOC_CRED_ID_SIZE                  (256)
+
+/**
+ * @brief EDHOC_ADD_DATA_MAX_SIZE
+ *
+ * Maximum number of additional data bytes to piggy-back on the EDHOC exchange
+ *
+ */
+#define EDHOC_ADDITIONAL_DATA_SIZE          (64)
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* EDHOC_CONFIG_H */