From 4cef1007811bfffc5a633effede4b16549d309de Mon Sep 17 00:00:00 2001 From: Francisco Molina Date: Thu, 4 Mar 2021 17:45:02 +0100 Subject: [PATCH] pkg/edhoc-c: initial commit Co-authored-by: Timothy Claeys --- pkg/edhoc-c/Makefile | 19 +++++ pkg/edhoc-c/Makefile.dep | 22 ++++++ pkg/edhoc-c/Makefile.include | 23 ++++++ pkg/edhoc-c/doc.txt | 48 ++++++++++++ pkg/edhoc-c/include/edhoc_config.h | 121 +++++++++++++++++++++++++++++ 5 files changed, 233 insertions(+) create mode 100644 pkg/edhoc-c/Makefile create mode 100644 pkg/edhoc-c/Makefile.dep create mode 100644 pkg/edhoc-c/Makefile.include create mode 100644 pkg/edhoc-c/doc.txt create mode 100644 pkg/edhoc-c/include/edhoc_config.h diff --git a/pkg/edhoc-c/Makefile b/pkg/edhoc-c/Makefile new file mode 100644 index 0000000000..3a7f4d7985 --- /dev/null +++ b/pkg/edhoc-c/Makefile @@ -0,0 +1,19 @@ +PKG_NAME = EDHOC-C +PKG_URL = https://github.com/future-proof-iot/EDHOC-C.git +PKG_VERSION = 1847c2c558d3ea97a070f6a9546a5913432ecf96 +PKG_LICENSE = BSD-3-Clause + +include $(RIOTBASE)/pkg/pkg.mk + +.PHONY: edhoc-c_% + +EDHOC_C_MODULES := $(filter edhoc-c_%,$(USEMODULE)) + +all: $(EDHOC_C_MODULES) + "$(MAKE)" -C $(PKG_SOURCE_DIR)/src -f $(RIOTBASE)/Makefile.base MODULE=edhoc-c + +edhoc-c_crypto_%: + "$(MAKE)" -C $(PKG_SOURCE_DIR)/src/crypto -f $(RIOTBASE)/Makefile.base MODULE=$@ SRC=$*.c + +edhoc-c_cbor_%: + "$(MAKE)" -C $(PKG_SOURCE_DIR)/src/cbor -f $(RIOTBASE)/Makefile.base MODULE=$@ SRC=$*.c diff --git a/pkg/edhoc-c/Makefile.dep b/pkg/edhoc-c/Makefile.dep new file mode 100644 index 0000000000..ac7f4d4614 --- /dev/null +++ b/pkg/edhoc-c/Makefile.dep @@ -0,0 +1,22 @@ +ifneq (,$(filter edhoc-c_crypto_wolfssl,$(USEMODULE))) + USEPKG += wolfssl + USEMODULE += wolfcrypt + USEMODULE += wolfcrypt_aes + USEMODULE += wolfcrypt_ed25519 + USEMODULE += wolfcrypt_curve25519 + USEMODULE += wolfcrypt_hmac + USEMODULE += wolfcrypt_random + USEMODULE += wolfcrypt_sha256 +endif + +ifneq (,$(filter edhoc-c_crypto_tinycrypt,$(USEMODULE))) + USEPKG += tinycrypt + # Blacklist platforms using nimble, mynewt-nimble has an in-tree copy + # of tinycrypt that conflicts with the remote one + FEATURES_BLACKLIST += ble_nimble + USEPKG += c25519 +endif + +ifneq (,$(filter edhoc-c_cbor_nanocbor,$(USEMODULE))) + USEPKG += nanocbor +endif diff --git a/pkg/edhoc-c/Makefile.include b/pkg/edhoc-c/Makefile.include new file mode 100644 index 0000000000..ebd90a09f1 --- /dev/null +++ b/pkg/edhoc-c/Makefile.include @@ -0,0 +1,23 @@ +INCLUDES += -I$(PKGDIRBASE)/EDHOC-C/include \ + -I$(PKGDIRBASE)/EDHOC-C/src \ + -I$(RIOTBASE)/pkg/edhoc-c/include \ + # + +ifneq (,$(filter edhoc-c_crypto_wolfssl,$(USEMODULE))) + CFLAGS += -DHAVE_AESCCM + CFLAGS += -DHAVE_HKDF + CFLAGS += -DWOLFSSL +endif + +ifneq (,$(filter edhoc-c_crypto_tinycrypt,$(USEMODULE))) + CFLAGS += -DTINYCRYPT +endif + +ifneq (,$(filter edhoc-c_cbor_nanocbor,$(USEMODULE))) + CFLAGS += -DNANOCBOR +endif + +# EDHOC-C configuration file for RIOT +CFLAGS += -DEDHOC_CONFIG_FILE=\"edhoc_config.h\" +# X509 backend in EDHOC-C is mbedtls currently not supported in RIOT +CFLAGS += -DEMPTY_X509 diff --git a/pkg/edhoc-c/doc.txt b/pkg/edhoc-c/doc.txt new file mode 100644 index 0000000000..e7fc1dc6e0 --- /dev/null +++ b/pkg/edhoc-c/doc.txt @@ -0,0 +1,48 @@ +/** + * @defgroup pkg_edhoc_c EDHOC-C + * @ingroup pkg + * @brief Support for Ephemeral Diffie-Hellman Over COSE (EDHOC) + * @see https://github.com/openwsn-berkeley/EDHOC-C + * + * # EDHOC-C RIOT package + * + * ## Usage + * + * Just add it as a package in your application: + * + * ```makefile + * USEPKG += edhoc-c + * ``` + * + * ### Backends + * + * EDHOC-C does not implement crypographic algorithms, instead it uses external + * libraries as a backend. Libraries that provide all requirements are + * currently @ref pkg_tinycrypt and @ref pkg_wolfssl. Pick one through the + * following module: + * + * ```makefile + * USEMODULE += edhoc-c_crypto_wolfssl + * USEMODULE += edhoc-c_crypto_tinycrypt + * ``` + * + * EDHOC-C does not implement a CBOR library either, currently the only possible + * backend is @ref pkg_nanocbor. Select it through the following module: + * + * ```makefile + * USEMODULE += edhoc-c_cbor_nanocbor + * ``` + * + * Don't forget to include the header for the EDHOC-C public API: + * + * ```c + * #include + * ``` + * + * ### Current Support + * + * - EDHOC-C supports @ref pkg_hacl as a crypto backend but it's using a different + * version than the one supported currently in RIOT + * - x509 certificates require MBED-TLS, which is currently not supported in + * RIOT so only RPK and CBOR certificates are supported. + */ diff --git a/pkg/edhoc-c/include/edhoc_config.h b/pkg/edhoc-c/include/edhoc_config.h new file mode 100644 index 0000000000..7d37be2e9e --- /dev/null +++ b/pkg/edhoc-c/include/edhoc_config.h @@ -0,0 +1,121 @@ +/* + * Copyright (C) 2021 Inria + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_edhoc_c + * @{ + * + * @file + * @brief EDHOC-C configuration file + * + * @author Timothy Claeys + * + * @} + */ + +#ifndef EDHOC_CONFIG_H +#define EDHOC_CONFIG_H + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief EDHOC_CIPHER_SUITE_X_ENABLED + * + * Enables support for a specific EDHOC cipher suite + * + */ +#define EDHOC_CIPHER_SUITE_0_ENABLED + +/** + * @brief EDHOC_AUTH_METHOD_X_ENABLED + * @{ + * + * Enables support for a specific EDHOC authentication method + * + */ +#define EDHOC_AUTH_METHOD_0_ENABLED +#define EDHOC_AUTH_METHOD_1_ENABLED +#define EDHOC_AUTH_METHOD_2_ENABLED +#define EDHOC_AUTH_METHOD_3_ENABLED +/** @} */ + +/** + * @brief EDHOC_ASYNC_API_ENABLED + * + * Exposes the individual EDHOC message functions for asynchronous usage. + * + */ +#define EDHOC_ASYNC_API_ENABLED + +/** + * @brief EDHOC_DEBUG_ENABLE + * + * Enables some extra methods that allow for easier testing and debugging + * + */ +#define EDHOC_DEBUG_ENABLED + +/** + * @brief EDHOC_AUTH_CERT_ENABLED + * @{ + * + * Enables CBOR certificates as the EDHOC local credential + * + */ +#define EDHOC_AUTH_CERT_ENABLED +#if defined(EDHOC_AUTH_CERT_ENABLED) +#define EDHOC_AUTH_CBOR_CERT +#endif +/** @} */ + +/** + * @brief EDHOC_AUTH_RPK_ENABLED + * + * Enables COSE raw public keys as the EDHOC local credential + * + */ +#define EDHOC_AUTH_RPK_ENABLED + +/** + * @brief EDHOC_COSE_HEADER_SIZE + * + * Sets the maximum number of COSE header elements + */ +#define EDHOC_COSE_HEADER_SIZE (5) + +/** + * @brief EDHOC_CREDENTIAL_MAX_SIZE + * + * Sets the maximum buffer size for credentials (raw keys or certificates) + * + */ +#define EDHOC_CRED_SIZE (256) + +/** + * @brief EDHOC_CREDENTIAL_ID_MAX_SIZE + * + * Sets the maximum buffer size for credential identifiers + * + */ +#define EDHOC_CRED_ID_SIZE (256) + +/** + * @brief EDHOC_ADD_DATA_MAX_SIZE + * + * Maximum number of additional data bytes to piggy-back on the EDHOC exchange + * + */ +#define EDHOC_ADDITIONAL_DATA_SIZE (64) + +#ifdef __cplusplus +} +#endif + +#endif /* EDHOC_CONFIG_H */