From 764ba88aa7ce7dd83353d70c1aabcc154eedecf8 Mon Sep 17 00:00:00 2001 From: chrysn Date: Fri, 29 Sep 2023 17:20:37 +0200 Subject: [PATCH 1/5] fix(api)!: Use &[u8] instead of hex &str in constructors This only changes the `i` part of the EdhocInitiator; follow-ups will extend this once the style is final. BREAKING CHANGE: This alters EdhocInitiator's argument style. --- examples/coap/Cargo.toml | 1 + examples/coap/src/bin/coapclient.rs | 3 ++- examples/edhoc-rs-no_std/src/main.rs | 2 +- lib/src/c_wrapper.rs | 4 ++-- lib/src/lib.rs | 12 +++++++----- 5 files changed, 13 insertions(+), 9 deletions(-) diff --git a/examples/coap/Cargo.toml b/examples/coap/Cargo.toml index 0fe1785e..6269e354 100644 --- a/examples/coap/Cargo.toml +++ b/examples/coap/Cargo.toml @@ -5,5 +5,6 @@ edition = "2021" [dependencies] edhoc-rs = { path = "../../lib", features = [ "crypto-psa" ] } +hexlit = "0.5.3" coap = { version = "0.13" } coap-lite = { version = "0.11.3" } diff --git a/examples/coap/src/bin/coapclient.rs b/examples/coap/src/bin/coapclient.rs index 353a01e4..3f963cd2 100644 --- a/examples/coap/src/bin/coapclient.rs +++ b/examples/coap/src/bin/coapclient.rs @@ -1,12 +1,13 @@ use coap::CoAPClient; use coap_lite::ResponseType; use edhoc_rs::*; +use hexlit::hex; use std::time::Duration; const ID_CRED_I: &str = "a104412b"; const ID_CRED_R: &str = "a104410a"; const CRED_I: &str = "A2027734322D35302D33312D46462D45462D33372D33322D333908A101A5010202412B2001215820AC75E9ECE3E50BFC8ED60399889522405C47BF16DF96660A41298CB4307F7EB62258206E5DE611388A4B8A8211334AC7D37ECB52A387D257E6DB3C2A93DF21FF3AFFC8"; -const I: &str = "fb13adeb6518cee5f88417660841142e830a81fe334380a953406a1305e8706b"; +const I: &[u8] = &hex!("fb13adeb6518cee5f88417660841142e830a81fe334380a953406a1305e8706b"); const _G_I_X_COORD: &str = "ac75e9ece3e50bfc8ed60399889522405c47bf16df96660a41298cb4307f7eb6"; // not used const _G_I_Y_COORD: &str = "6e5de611388a4b8a8211334ac7d37ecb52a387d257e6db3c2a93df21ff3affc8"; // not used const CRED_R: &str = "A2026008A101A5010202410A2001215820BBC34960526EA4D32E940CAD2A234148DDC21791A12AFBCBAC93622046DD44F02258204519E257236B2A0CE2023F0931F1F386CA7AFDA64FCDE0108C224C51EABF6072"; diff --git a/examples/edhoc-rs-no_std/src/main.rs b/examples/edhoc-rs-no_std/src/main.rs index c86b6d33..2a3bb2e2 100644 --- a/examples/edhoc-rs-no_std/src/main.rs +++ b/examples/edhoc-rs-no_std/src/main.rs @@ -62,7 +62,7 @@ fn main() -> ! { const ID_CRED_I: &str = "a104412b"; const ID_CRED_R: &str = "a104410a"; const CRED_I: &str = "A2027734322D35302D33312D46462D45462D33372D33322D333908A101A5010202412B2001215820AC75E9ECE3E50BFC8ED60399889522405C47BF16DF96660A41298CB4307F7EB62258206E5DE611388A4B8A8211334AC7D37ECB52A387D257E6DB3C2A93DF21FF3AFFC8"; - const I: &str = "fb13adeb6518cee5f88417660841142e830a81fe334380a953406a1305e8706b"; + const I: &[u8] = &hex!("fb13adeb6518cee5f88417660841142e830a81fe334380a953406a1305e8706b"); const R: &str = "72cc4761dbd4c78f758931aa589d348d1ef874a7e303ede2f140dcf3e6aa4aac"; const G_I: &str = "ac75e9ece3e50bfc8ed60399889522405c47bf16df96660a41298cb4307f7eb6"; // used const _G_I_Y_COORD: &str = "6e5de611388a4b8a8211334ac7d37ecb52a387d257e6db3c2a93df21ff3affc8"; // not used diff --git a/lib/src/c_wrapper.rs b/lib/src/c_wrapper.rs index 1018f607..a86ff4e2 100644 --- a/lib/src/c_wrapper.rs +++ b/lib/src/c_wrapper.rs @@ -40,7 +40,7 @@ impl EdhocInitiatorC { pub fn to_rust(&self) -> EdhocInitiator { EdhocInitiator::new( self.state, - unsafe { str::from_utf8_unchecked(slice::from_raw_parts(self.i, self.i_len)) }, + unsafe { slice::from_raw_parts(self.i, self.i_len) }, unsafe { str::from_utf8_unchecked(slice::from_raw_parts(self.g_r, self.g_r_len)) }, unsafe { str::from_utf8_unchecked(slice::from_raw_parts(self.id_cred_i, self.id_cred_i_len)) @@ -141,7 +141,7 @@ pub unsafe extern "C" fn initiator_new( ) -> EdhocInitiatorC { EdhocInitiator::new( State::default(), - str::from_utf8_unchecked(slice::from_raw_parts(i, i_len)), + slice::from_raw_parts(i, i_len), str::from_utf8_unchecked(slice::from_raw_parts(g_r, g_r_len)), str::from_utf8_unchecked(slice::from_raw_parts(id_cred_i, id_cred_i_len)), str::from_utf8_unchecked(slice::from_raw_parts(cred_i, cred_i_len)), diff --git a/lib/src/lib.rs b/lib/src/lib.rs index 2d98c958..60d0b384 100644 --- a/lib/src/lib.rs +++ b/lib/src/lib.rs @@ -20,7 +20,7 @@ use hex::FromHex; #[derive(Default, Copy, Clone, Debug)] pub struct EdhocInitiatorState<'a> { state: State, // opaque state - i: &'a str, // private authentication key of I + i: &'a [u8], // private authentication key of I g_r: &'a str, // public authentication key of R id_cred_i: &'a str, // identifier of I's credential cred_i: &'a str, // I's full credential @@ -200,14 +200,14 @@ impl<'a> EdhocInitiatorState<'a> { pub fn new( state: State, - i: &'a str, + i: &'a [u8], g_r: &'a str, id_cred_i: &'a str, cred_i: &'a str, id_cred_r: &'a str, cred_r: &'a str, ) -> EdhocInitiatorState<'a> { - assert!(i.len() == P256_ELEM_LEN * 2); + assert!(i.len() == P256_ELEM_LEN); assert!(g_r.len() == P256_ELEM_LEN * 2); assert!(id_cred_i.len() == ID_CRED_LEN * 2); assert!(id_cred_r.len() == ID_CRED_LEN * 2); @@ -253,7 +253,9 @@ impl<'a> EdhocInitiatorState<'a> { &cred_r, self.cred_r.len() / 2, &::from_hex(self.g_r).expect("Decoding failed"), - &::from_hex(self.i).expect("Decoding failed"), + self.i + .try_into() + .expect("Provided initiator key (self.i) has the wrong length"), ) { Ok((state, c_r, _kid)) => { self.state = state; @@ -349,7 +351,7 @@ mod test { const ID_CRED_I: &str = "a104412b"; const ID_CRED_R: &str = "a104410a"; const CRED_I: &str = "A2027734322D35302D33312D46462D45462D33372D33322D333908A101A5010202412B2001215820AC75E9ECE3E50BFC8ED60399889522405C47BF16DF96660A41298CB4307F7EB62258206E5DE611388A4B8A8211334AC7D37ECB52A387D257E6DB3C2A93DF21FF3AFFC8"; - const I: &str = "fb13adeb6518cee5f88417660841142e830a81fe334380a953406a1305e8706b"; + const I: &[u8] = &hex!("fb13adeb6518cee5f88417660841142e830a81fe334380a953406a1305e8706b"); const R: &str = "72cc4761dbd4c78f758931aa589d348d1ef874a7e303ede2f140dcf3e6aa4aac"; const G_I: &str = "ac75e9ece3e50bfc8ed60399889522405c47bf16df96660a41298cb4307f7eb6"; // used const _G_I_Y_COORD: &str = "6e5de611388a4b8a8211334ac7d37ecb52a387d257e6db3c2a93df21ff3affc8"; // not used From 2edb55df96596a3d89ce8ab3b3d123636a1b059b Mon Sep 17 00:00:00 2001 From: chrysn Date: Tue, 3 Oct 2023 22:03:57 +0200 Subject: [PATCH 2/5] fix(api)!: Use &[u8] instead of hex &str in constructors throughout This applies the changes previously made only to `i` on all hex style types. BREAKING CHANGE: This alters EdhocInitiator's argument style. --- examples/coap/src/bin/coapclient.rs | 16 ++-- examples/coap/src/bin/coapserver.rs | 16 ++-- examples/edhoc-rs-no_std/src/main.rs | 17 ++-- lib/src/c_wrapper.rs | 74 ++++++--------- lib/src/lib.rs | 135 +++++++++++++++------------ 5 files changed, 132 insertions(+), 126 deletions(-) diff --git a/examples/coap/src/bin/coapclient.rs b/examples/coap/src/bin/coapclient.rs index 3f963cd2..5037ba5c 100644 --- a/examples/coap/src/bin/coapclient.rs +++ b/examples/coap/src/bin/coapclient.rs @@ -4,14 +4,16 @@ use edhoc_rs::*; use hexlit::hex; use std::time::Duration; -const ID_CRED_I: &str = "a104412b"; -const ID_CRED_R: &str = "a104410a"; -const CRED_I: &str = "A2027734322D35302D33312D46462D45462D33372D33322D333908A101A5010202412B2001215820AC75E9ECE3E50BFC8ED60399889522405C47BF16DF96660A41298CB4307F7EB62258206E5DE611388A4B8A8211334AC7D37ECB52A387D257E6DB3C2A93DF21FF3AFFC8"; +const ID_CRED_I: &[u8] = &hex!("a104412b"); +const ID_CRED_R: &[u8] = &hex!("a104410a"); +const CRED_I: &[u8] = &hex!("A2027734322D35302D33312D46462D45462D33372D33322D333908A101A5010202412B2001215820AC75E9ECE3E50BFC8ED60399889522405C47BF16DF96660A41298CB4307F7EB62258206E5DE611388A4B8A8211334AC7D37ECB52A387D257E6DB3C2A93DF21FF3AFFC8"); const I: &[u8] = &hex!("fb13adeb6518cee5f88417660841142e830a81fe334380a953406a1305e8706b"); -const _G_I_X_COORD: &str = "ac75e9ece3e50bfc8ed60399889522405c47bf16df96660a41298cb4307f7eb6"; // not used -const _G_I_Y_COORD: &str = "6e5de611388a4b8a8211334ac7d37ecb52a387d257e6db3c2a93df21ff3affc8"; // not used -const CRED_R: &str = "A2026008A101A5010202410A2001215820BBC34960526EA4D32E940CAD2A234148DDC21791A12AFBCBAC93622046DD44F02258204519E257236B2A0CE2023F0931F1F386CA7AFDA64FCDE0108C224C51EABF6072"; -const G_R: &str = "bbc34960526ea4d32e940cad2a234148ddc21791a12afbcbac93622046dd44f0"; +const _G_I_X_COORD: &[u8] = + &hex!("ac75e9ece3e50bfc8ed60399889522405c47bf16df96660a41298cb4307f7eb6"); // not used +const _G_I_Y_COORD: &[u8] = + &hex!("6e5de611388a4b8a8211334ac7d37ecb52a387d257e6db3c2a93df21ff3affc8"); // not used +const CRED_R: &[u8] = &hex!("A2026008A101A5010202410A2001215820BBC34960526EA4D32E940CAD2A234148DDC21791A12AFBCBAC93622046DD44F02258204519E257236B2A0CE2023F0931F1F386CA7AFDA64FCDE0108C224C51EABF6072"); +const G_R: &[u8] = &hex!("bbc34960526ea4d32e940cad2a234148ddc21791a12afbcbac93622046dd44f0"); fn main() { let url = "coap://127.0.0.1:5683/.well-known/edhoc"; diff --git a/examples/coap/src/bin/coapserver.rs b/examples/coap/src/bin/coapserver.rs index 28337b18..596f67f1 100644 --- a/examples/coap/src/bin/coapserver.rs +++ b/examples/coap/src/bin/coapserver.rs @@ -1,14 +1,16 @@ use coap_lite::{CoapRequest, Packet, ResponseType}; use edhoc_rs::*; +use hexlit::hex; use std::net::UdpSocket; -const ID_CRED_I: &str = "a104412b"; -const ID_CRED_R: &str = "a104410a"; -const CRED_I: &str = "A2027734322D35302D33312D46462D45462D33372D33322D333908A101A5010202412B2001215820AC75E9ECE3E50BFC8ED60399889522405C47BF16DF96660A41298CB4307F7EB62258206E5DE611388A4B8A8211334AC7D37ECB52A387D257E6DB3C2A93DF21FF3AFFC8"; -const G_I: &str = "ac75e9ece3e50bfc8ed60399889522405c47bf16df96660a41298cb4307f7eb6"; // not used -const _G_I_Y_COORD: &str = "6e5de611388a4b8a8211334ac7d37ecb52a387d257e6db3c2a93df21ff3affc8"; // not used -const CRED_R: &str = "A2026008A101A5010202410A2001215820BBC34960526EA4D32E940CAD2A234148DDC21791A12AFBCBAC93622046DD44F02258204519E257236B2A0CE2023F0931F1F386CA7AFDA64FCDE0108C224C51EABF6072"; -const R: &str = "72cc4761dbd4c78f758931aa589d348d1ef874a7e303ede2f140dcf3e6aa4aac"; +const ID_CRED_I: &[u8] = &hex!("a104412b"); +const ID_CRED_R: &[u8] = &hex!("a104410a"); +const CRED_I: &[u8] = &hex!("A2027734322D35302D33312D46462D45462D33372D33322D333908A101A5010202412B2001215820AC75E9ECE3E50BFC8ED60399889522405C47BF16DF96660A41298CB4307F7EB62258206E5DE611388A4B8A8211334AC7D37ECB52A387D257E6DB3C2A93DF21FF3AFFC8"); +const G_I: &[u8] = &hex!("ac75e9ece3e50bfc8ed60399889522405c47bf16df96660a41298cb4307f7eb6"); // not used +const _G_I_Y_COORD: &[u8] = + &hex!("6e5de611388a4b8a8211334ac7d37ecb52a387d257e6db3c2a93df21ff3affc8"); // not used +const CRED_R: &[u8] = &hex!("A2026008A101A5010202410A2001215820BBC34960526EA4D32E940CAD2A234148DDC21791A12AFBCBAC93622046DD44F02258204519E257236B2A0CE2023F0931F1F386CA7AFDA64FCDE0108C224C51EABF6072"); +const R: &[u8] = &hex!("72cc4761dbd4c78f758931aa589d348d1ef874a7e303ede2f140dcf3e6aa4aac"); fn main() { let mut buf = [0; 100]; diff --git a/examples/edhoc-rs-no_std/src/main.rs b/examples/edhoc-rs-no_std/src/main.rs index 2a3bb2e2..6d543789 100644 --- a/examples/edhoc-rs-no_std/src/main.rs +++ b/examples/edhoc-rs-no_std/src/main.rs @@ -59,15 +59,16 @@ fn main() -> ! { // edhoc-rs test code use hexlit::hex; - const ID_CRED_I: &str = "a104412b"; - const ID_CRED_R: &str = "a104410a"; - const CRED_I: &str = "A2027734322D35302D33312D46462D45462D33372D33322D333908A101A5010202412B2001215820AC75E9ECE3E50BFC8ED60399889522405C47BF16DF96660A41298CB4307F7EB62258206E5DE611388A4B8A8211334AC7D37ECB52A387D257E6DB3C2A93DF21FF3AFFC8"; + const ID_CRED_I: &[u8] = &hex!("a104412b"); + const ID_CRED_R: &[u8] = &hex!("a104410a"); + const CRED_I: &[u8] = &hex!("A2027734322D35302D33312D46462D45462D33372D33322D333908A101A5010202412B2001215820AC75E9ECE3E50BFC8ED60399889522405C47BF16DF96660A41298CB4307F7EB62258206E5DE611388A4B8A8211334AC7D37ECB52A387D257E6DB3C2A93DF21FF3AFFC8"); const I: &[u8] = &hex!("fb13adeb6518cee5f88417660841142e830a81fe334380a953406a1305e8706b"); - const R: &str = "72cc4761dbd4c78f758931aa589d348d1ef874a7e303ede2f140dcf3e6aa4aac"; - const G_I: &str = "ac75e9ece3e50bfc8ed60399889522405c47bf16df96660a41298cb4307f7eb6"; // used - const _G_I_Y_COORD: &str = "6e5de611388a4b8a8211334ac7d37ecb52a387d257e6db3c2a93df21ff3affc8"; // not used - const CRED_R: &str = "A2026008A101A5010202410A2001215820BBC34960526EA4D32E940CAD2A234148DDC21791A12AFBCBAC93622046DD44F02258204519E257236B2A0CE2023F0931F1F386CA7AFDA64FCDE0108C224C51EABF6072"; - const G_R: &str = "bbc34960526ea4d32e940cad2a234148ddc21791a12afbcbac93622046dd44f0"; + const R: &[u8] = &hex!("72cc4761dbd4c78f758931aa589d348d1ef874a7e303ede2f140dcf3e6aa4aac"); + const G_I: &[u8] = &hex!("ac75e9ece3e50bfc8ed60399889522405c47bf16df96660a41298cb4307f7eb6"); // used + const _G_I_Y_COORD: &[u8] = + &hex!("6e5de611388a4b8a8211334ac7d37ecb52a387d257e6db3c2a93df21ff3affc8"); // not used + const CRED_R: &[u8] = &hex!("A2026008A101A5010202410A2001215820BBC34960526EA4D32E940CAD2A234148DDC21791A12AFBCBAC93622046DD44F02258204519E257236B2A0CE2023F0931F1F386CA7AFDA64FCDE0108C224C51EABF6072"); + const G_R: &[u8] = &hex!("bbc34960526ea4d32e940cad2a234148ddc21791a12afbcbac93622046dd44f0"); const C_R_TV: [u8; 1] = hex!("27"); fn test_new_initiator() { diff --git a/lib/src/c_wrapper.rs b/lib/src/c_wrapper.rs index a86ff4e2..b22f672f 100644 --- a/lib/src/c_wrapper.rs +++ b/lib/src/c_wrapper.rs @@ -1,6 +1,7 @@ use crate::*; use core::{slice, str}; use edhoc_consts::*; +use hexlit::hex; // Panic handler for cortex-m targets #[cfg(any(feature = "crypto-cryptocell310", feature = "crypto-psa-baremetal"))] @@ -41,19 +42,11 @@ impl EdhocInitiatorC { EdhocInitiator::new( self.state, unsafe { slice::from_raw_parts(self.i, self.i_len) }, - unsafe { str::from_utf8_unchecked(slice::from_raw_parts(self.g_r, self.g_r_len)) }, - unsafe { - str::from_utf8_unchecked(slice::from_raw_parts(self.id_cred_i, self.id_cred_i_len)) - }, - unsafe { - str::from_utf8_unchecked(slice::from_raw_parts(self.cred_i, self.cred_i_len)) - }, - unsafe { - str::from_utf8_unchecked(slice::from_raw_parts(self.id_cred_r, self.id_cred_r_len)) - }, - unsafe { - str::from_utf8_unchecked(slice::from_raw_parts(self.cred_r, self.cred_r_len)) - }, + unsafe { slice::from_raw_parts(self.g_r, self.g_r_len) }, + unsafe { slice::from_raw_parts(self.id_cred_i, self.id_cred_i_len) }, + unsafe { slice::from_raw_parts(self.cred_i, self.cred_i_len) }, + unsafe { slice::from_raw_parts(self.id_cred_r, self.id_cred_r_len) }, + unsafe { slice::from_raw_parts(self.cred_r, self.cred_r_len) }, ) } } @@ -79,20 +72,12 @@ impl EdhocResponderC { pub fn to_rust(&self) -> EdhocResponder { EdhocResponder::new( self.state, - unsafe { str::from_utf8_unchecked(slice::from_raw_parts(self.r, self.r_len)) }, - unsafe { str::from_utf8_unchecked(slice::from_raw_parts(self.g_i, self.g_i_len)) }, - unsafe { - str::from_utf8_unchecked(slice::from_raw_parts(self.id_cred_i, self.id_cred_i_len)) - }, - unsafe { - str::from_utf8_unchecked(slice::from_raw_parts(self.cred_i, self.cred_i_len)) - }, - unsafe { - str::from_utf8_unchecked(slice::from_raw_parts(self.id_cred_r, self.id_cred_r_len)) - }, - unsafe { - str::from_utf8_unchecked(slice::from_raw_parts(self.cred_r, self.cred_r_len)) - }, + unsafe { slice::from_raw_parts(self.r, self.r_len) }, + unsafe { slice::from_raw_parts(self.g_i, self.g_i_len) }, + unsafe { slice::from_raw_parts(self.id_cred_i, self.id_cred_i_len) }, + unsafe { slice::from_raw_parts(self.cred_i, self.cred_i_len) }, + unsafe { slice::from_raw_parts(self.id_cred_r, self.id_cred_r_len) }, + unsafe { slice::from_raw_parts(self.cred_r, self.cred_r_len) }, ) } } @@ -114,12 +99,12 @@ pub unsafe extern "C" fn responder_new( ) -> EdhocResponderC { EdhocResponder::new( State::default(), - str::from_utf8_unchecked(slice::from_raw_parts(r, r_len)), - str::from_utf8_unchecked(slice::from_raw_parts(g_i, g_i_len)), - str::from_utf8_unchecked(slice::from_raw_parts(id_cred_i, id_cred_i_len)), - str::from_utf8_unchecked(slice::from_raw_parts(cred_i, cred_i_len)), - str::from_utf8_unchecked(slice::from_raw_parts(id_cred_r, id_cred_r_len)), - str::from_utf8_unchecked(slice::from_raw_parts(cred_r, cred_r_len)), + slice::from_raw_parts(r, r_len), + slice::from_raw_parts(g_i, g_i_len), + slice::from_raw_parts(id_cred_i, id_cred_i_len), + slice::from_raw_parts(cred_i, cred_i_len), + slice::from_raw_parts(id_cred_r, id_cred_r_len), + slice::from_raw_parts(cred_r, cred_r_len), ) .to_c() } @@ -142,11 +127,11 @@ pub unsafe extern "C" fn initiator_new( EdhocInitiator::new( State::default(), slice::from_raw_parts(i, i_len), - str::from_utf8_unchecked(slice::from_raw_parts(g_r, g_r_len)), - str::from_utf8_unchecked(slice::from_raw_parts(id_cred_i, id_cred_i_len)), - str::from_utf8_unchecked(slice::from_raw_parts(cred_i, cred_i_len)), - str::from_utf8_unchecked(slice::from_raw_parts(id_cred_r, id_cred_r_len)), - str::from_utf8_unchecked(slice::from_raw_parts(cred_r, cred_r_len)), + slice::from_raw_parts(g_r, g_r_len), + slice::from_raw_parts(id_cred_i, id_cred_i_len), + slice::from_raw_parts(cred_i, cred_i_len), + slice::from_raw_parts(id_cred_r, id_cred_r_len), + slice::from_raw_parts(cred_r, cred_r_len), ) .to_c() } @@ -282,14 +267,13 @@ mod test_c { #[test] fn test_new_responder() { - const ID_CRED_I: &[u8] = "a104412b".as_bytes(); - const ID_CRED_R: &[u8] = "a104410a".as_bytes(); - const CRED_I: &[u8] = "A2027734322D35302D33312D46462D45462D33372D33322D333908A101A5010202412B2001215820AC75E9ECE3E50BFC8ED60399889522405C47BF16DF96660A41298CB4307F7EB62258206E5DE611388A4B8A8211334AC7D37ECB52A387D257E6DB3C2A93DF21FF3AFFC8".as_bytes(); + const ID_CRED_I: &[u8] = &hex!("a104412b"); + const ID_CRED_R: &[u8] = &hex!("a104410a"); + const CRED_I: &[u8] = &hex!("A2027734322D35302D33312D46462D45462D33372D33322D333908A101A5010202412B2001215820AC75E9ECE3E50BFC8ED60399889522405C47BF16DF96660A41298CB4307F7EB62258206E5DE611388A4B8A8211334AC7D37ECB52A387D257E6DB3C2A93DF21FF3AFFC8"); const G_I: &[u8] = - "ac75e9ece3e50bfc8ed60399889522405c47bf16df96660a41298cb4307f7eb6".as_bytes(); - const CRED_R: &[u8] = "A2026008A101A5010202410A2001215820BBC34960526EA4D32E940CAD2A234148DDC21791A12AFBCBAC93622046DD44F02258204519E257236B2A0CE2023F0931F1F386CA7AFDA64FCDE0108C224C51EABF6072".as_bytes(); - const R: &[u8] = - "72cc4761dbd4c78f758931aa589d348d1ef874a7e303ede2f140dcf3e6aa4aac".as_bytes(); + &hex!("ac75e9ece3e50bfc8ed60399889522405c47bf16df96660a41298cb4307f7eb6"); + const CRED_R: &[u8] = &hex!("A2026008A101A5010202410A2001215820BBC34960526EA4D32E940CAD2A234148DDC21791A12AFBCBAC93622046DD44F02258204519E257236B2A0CE2023F0931F1F386CA7AFDA64FCDE0108C224C51EABF6072"); + const R: &[u8] = &hex!("72cc4761dbd4c78f758931aa589d348d1ef874a7e303ede2f140dcf3e6aa4aac"); let resp = unsafe { responder_new( diff --git a/lib/src/lib.rs b/lib/src/lib.rs index 60d0b384..3c9b79ab 100644 --- a/lib/src/lib.rs +++ b/lib/src/lib.rs @@ -19,24 +19,24 @@ use hex::FromHex; #[derive(Default, Copy, Clone, Debug)] pub struct EdhocInitiatorState<'a> { - state: State, // opaque state - i: &'a [u8], // private authentication key of I - g_r: &'a str, // public authentication key of R - id_cred_i: &'a str, // identifier of I's credential - cred_i: &'a str, // I's full credential - id_cred_r: &'a str, // identifier of R's credential - cred_r: &'a str, // R's full credential + state: State, // opaque state + i: &'a [u8], // private authentication key of I + g_r: &'a [u8], // public authentication key of R + id_cred_i: &'a [u8], // identifier of I's credential + cred_i: &'a [u8], // I's full credential + id_cred_r: &'a [u8], // identifier of R's credential + cred_r: &'a [u8], // R's full credential } #[derive(Default, Copy, Clone, Debug)] pub struct EdhocResponderState<'a> { - state: State, // opaque state - r: &'a str, // private authentication key of R - g_i: &'a str, // public authentication key of I - id_cred_i: &'a str, // identifier of I's credential - cred_i: &'a str, // I's full credential - id_cred_r: &'a str, // identifier of R's credential - cred_r: &'a str, // R's full credential + state: State, // opaque state + r: &'a [u8], // private authentication key of R + g_i: &'a [u8], // public authentication key of I + id_cred_i: &'a [u8], // identifier of I's credential + cred_i: &'a [u8], // I's full credential + id_cred_r: &'a [u8], // identifier of R's credential + cred_r: &'a [u8], // R's full credential } impl<'a> EdhocResponderState<'a> { @@ -60,17 +60,17 @@ impl<'a> EdhocResponderState<'a> { pub fn new( state: State, - r: &'a str, - g_i: &'a str, - id_cred_i: &'a str, - cred_i: &'a str, - id_cred_r: &'a str, - cred_r: &'a str, + r: &'a [u8], + g_i: &'a [u8], + id_cred_i: &'a [u8], + cred_i: &'a [u8], + id_cred_r: &'a [u8], + cred_r: &'a [u8], ) -> EdhocResponderState<'a> { - assert!(r.len() == P256_ELEM_LEN * 2); - assert!(g_i.len() == P256_ELEM_LEN * 2); - assert!(id_cred_i.len() == ID_CRED_LEN * 2); - assert!(id_cred_r.len() == ID_CRED_LEN * 2); + assert!(r.len() == P256_ELEM_LEN); + assert!(g_i.len() == P256_ELEM_LEN); + assert!(id_cred_i.len() == ID_CRED_LEN); + assert!(id_cred_r.len() == ID_CRED_LEN); EdhocResponderState { state: state, @@ -97,17 +97,21 @@ impl<'a> EdhocResponderState<'a> { self: &mut EdhocResponderState<'a>, c_r: u8, ) -> Result { + // FIXME Is there any reason left to use a BytesMaxBuffer here instead of just passing the + // slice into r_prepare_message_2? let mut cred_r: BytesMaxBuffer = [0x00; MAX_BUFFER_LEN]; - hex::decode_to_slice(self.cred_r, &mut cred_r[..self.cred_r.len() / 2]) - .expect("Decoding failed"); + cred_r[..self.cred_r.len()].copy_from_slice(self.cred_r); let (y, g_y) = edhoc_crypto::p256_generate_key_pair(); match r_prepare_message_2( self.state, - &::from_hex(self.id_cred_r).expect("Decoding failed"), + &self + .id_cred_r + .try_into() + .expect("Wrong length of id_cred_r"), &cred_r, - self.cred_r.len() / 2, - &::from_hex(self.r).expect("Decoding failed"), + self.cred_r.len(), + self.r.try_into().expect("Wrong length of private key"), y, g_y, c_r, @@ -124,17 +128,21 @@ impl<'a> EdhocResponderState<'a> { self: &mut EdhocResponderState<'a>, message_3: &BufferMessage3, ) -> Result<[u8; SHA256_DIGEST_LEN], EDHOCError> { + // FIXME Is there any reason left to use a BytesMaxBuffer here instead of just passing the + // slice into r_process_message_3? let mut cred_i: BytesMaxBuffer = [0x00; MAX_BUFFER_LEN]; - hex::decode_to_slice(self.cred_i, &mut cred_i[..self.cred_i.len() / 2]) - .expect("Decoding failed"); + cred_i[..self.cred_i.len()].copy_from_slice(self.cred_i); match r_process_message_3( self.state, message_3, - &::from_hex(self.id_cred_i).expect("Decoding failed"), + &self + .id_cred_i + .try_into() + .expect("Wrong length of id_cred_i"), &cred_i, - self.cred_i.len() / 2, - &::from_hex(self.g_i).expect("Decoding failed"), + self.cred_i.len(), + &self.g_i.try_into().expect("Wrong length of public key"), ) { Ok((state, prk_out)) => { self.state = state; @@ -201,16 +209,16 @@ impl<'a> EdhocInitiatorState<'a> { pub fn new( state: State, i: &'a [u8], - g_r: &'a str, - id_cred_i: &'a str, - cred_i: &'a str, - id_cred_r: &'a str, - cred_r: &'a str, + g_r: &'a [u8], + id_cred_i: &'a [u8], + cred_i: &'a [u8], + id_cred_r: &'a [u8], + cred_r: &'a [u8], ) -> EdhocInitiatorState<'a> { assert!(i.len() == P256_ELEM_LEN); - assert!(g_r.len() == P256_ELEM_LEN * 2); - assert!(id_cred_i.len() == ID_CRED_LEN * 2); - assert!(id_cred_r.len() == ID_CRED_LEN * 2); + assert!(g_r.len() == P256_ELEM_LEN); + assert!(id_cred_i.len() == ID_CRED_LEN); + assert!(id_cred_r.len() == ID_CRED_LEN); EdhocInitiatorState { state: state, @@ -242,17 +250,21 @@ impl<'a> EdhocInitiatorState<'a> { self: &mut EdhocInitiatorState<'a>, message_2: &BufferMessage2, ) -> Result { + // FIXME Is there any reason left to use a BytesMaxBuffer here instead of just passing the + // slice into i_process_message_2? let mut cred_r: BytesMaxBuffer = [0x00u8; MAX_BUFFER_LEN]; - hex::decode_to_slice(self.cred_r, &mut cred_r[..self.cred_r.len() / 2]) - .expect("Decoding failed"); + cred_r[..self.cred_r.len()].copy_from_slice(self.cred_r); match i_process_message_2( self.state, message_2, - &::from_hex(self.id_cred_r).expect("Decoding failed"), + &self + .id_cred_r + .try_into() + .expect("Wrong length of id_cred_r"), &cred_r, - self.cred_r.len() / 2, - &::from_hex(self.g_r).expect("Decoding failed"), + self.cred_r.len(), + &self.g_r.try_into().expect("Wrong length of public key"), self.i .try_into() .expect("Provided initiator key (self.i) has the wrong length"), @@ -268,15 +280,19 @@ impl<'a> EdhocInitiatorState<'a> { pub fn prepare_message_3( self: &mut EdhocInitiatorState<'a>, ) -> Result<(BufferMessage3, [u8; SHA256_DIGEST_LEN]), EDHOCError> { + // FIXME Is there any reason left to use a BytesMaxBuffer here instead of just passing the + // slice into i_prepare_message_3? let mut cred_i: BytesMaxBuffer = [0x00u8; MAX_BUFFER_LEN]; - hex::decode_to_slice(self.cred_i, &mut cred_i[..self.cred_i.len() / 2]) - .expect("Decoding failed"); + cred_i[..self.cred_i.len()].copy_from_slice(self.cred_i); match i_prepare_message_3( self.state, - &::from_hex(self.id_cred_i).expect("Decoding failed"), + &self + .id_cred_i + .try_into() + .expect("Wrong length of id_cred_i"), &cred_i, - self.cred_i.len() / 2, + self.cred_i.len(), ) { Ok((state, message_3, prk_out)) => { self.state = state; @@ -348,15 +364,16 @@ mod test { use edhoc_consts::*; use hexlit::hex; - const ID_CRED_I: &str = "a104412b"; - const ID_CRED_R: &str = "a104410a"; - const CRED_I: &str = "A2027734322D35302D33312D46462D45462D33372D33322D333908A101A5010202412B2001215820AC75E9ECE3E50BFC8ED60399889522405C47BF16DF96660A41298CB4307F7EB62258206E5DE611388A4B8A8211334AC7D37ECB52A387D257E6DB3C2A93DF21FF3AFFC8"; + const ID_CRED_I: &[u8] = &hex!("a104412b"); + const ID_CRED_R: &[u8] = &hex!("a104410a"); + const CRED_I: &[u8] = &hex!("A2027734322D35302D33312D46462D45462D33372D33322D333908A101A5010202412B2001215820AC75E9ECE3E50BFC8ED60399889522405C47BF16DF96660A41298CB4307F7EB62258206E5DE611388A4B8A8211334AC7D37ECB52A387D257E6DB3C2A93DF21FF3AFFC8"); const I: &[u8] = &hex!("fb13adeb6518cee5f88417660841142e830a81fe334380a953406a1305e8706b"); - const R: &str = "72cc4761dbd4c78f758931aa589d348d1ef874a7e303ede2f140dcf3e6aa4aac"; - const G_I: &str = "ac75e9ece3e50bfc8ed60399889522405c47bf16df96660a41298cb4307f7eb6"; // used - const _G_I_Y_COORD: &str = "6e5de611388a4b8a8211334ac7d37ecb52a387d257e6db3c2a93df21ff3affc8"; // not used - const CRED_R: &str = "A2026008A101A5010202410A2001215820BBC34960526EA4D32E940CAD2A234148DDC21791A12AFBCBAC93622046DD44F02258204519E257236B2A0CE2023F0931F1F386CA7AFDA64FCDE0108C224C51EABF6072"; - const G_R: &str = "bbc34960526ea4d32e940cad2a234148ddc21791a12afbcbac93622046dd44f0"; + const R: &[u8] = &hex!("72cc4761dbd4c78f758931aa589d348d1ef874a7e303ede2f140dcf3e6aa4aac"); + const G_I: &[u8] = &hex!("ac75e9ece3e50bfc8ed60399889522405c47bf16df96660a41298cb4307f7eb6"); // used + const _G_I_Y_COORD: &[u8] = + &hex!("6e5de611388a4b8a8211334ac7d37ecb52a387d257e6db3c2a93df21ff3affc8"); // not used + const CRED_R: &[u8] = &hex!("A2026008A101A5010202410A2001215820BBC34960526EA4D32E940CAD2A234148DDC21791A12AFBCBAC93622046DD44F02258204519E257236B2A0CE2023F0931F1F386CA7AFDA64FCDE0108C224C51EABF6072"); + const G_R: &[u8] = &hex!("bbc34960526ea4d32e940cad2a234148ddc21791a12afbcbac93622046dd44f0"); const C_R_TV: [u8; 1] = hex!("27"); const MESSAGE_1_TV_FIRST_TIME: &str = From d2ca7a770e0d0fcb27334d71110208de65c23f0a Mon Sep 17 00:00:00 2001 From: chrysn Date: Tue, 3 Oct 2023 22:25:01 +0200 Subject: [PATCH 3/5] refactor: Ensure FromHex is only used in tests --- lib/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/src/lib.rs b/lib/src/lib.rs index 3c9b79ab..e258bb6a 100644 --- a/lib/src/lib.rs +++ b/lib/src/lib.rs @@ -15,7 +15,6 @@ mod c_wrapper; use c_wrapper::*; use edhoc_consts::*; -use hex::FromHex; #[derive(Default, Copy, Clone, Debug)] pub struct EdhocInitiatorState<'a> { @@ -362,6 +361,7 @@ pub fn generate_connection_identifier() -> i8 { mod test { use super::*; use edhoc_consts::*; + use hex::FromHex; use hexlit::hex; const ID_CRED_I: &[u8] = &hex!("a104412b"); From 2ab1f3b8c303ac1abdcbb61762c7a0ca48904fd3 Mon Sep 17 00:00:00 2001 From: chrysn Date: Wed, 4 Oct 2023 11:26:26 +0200 Subject: [PATCH 4/5] refactor: Pass CRED_x in to edhoc module as slice The need for this to be a buffer has gone away when changing the API to use &[u8] instead of hex strings. --- lib/src/edhoc.rs | 110 +++++++++++++++-------------------------------- lib/src/lib.rs | 31 ++----------- 2 files changed, 38 insertions(+), 103 deletions(-) diff --git a/lib/src/edhoc.rs b/lib/src/edhoc.rs index e8a1c5e8..9a4dc799 100644 --- a/lib/src/edhoc.rs +++ b/lib/src/edhoc.rs @@ -173,8 +173,7 @@ pub fn r_process_message_1( pub fn r_prepare_message_2( mut state: State, id_cred_r: &BytesIdCred, - cred_r: &BytesMaxBuffer, - cred_r_len: usize, + cred_r: &[u8], r: &BytesP256ElemLen, // R's static private DH key y: BytesP256ElemLen, g_y: BytesP256ElemLen, @@ -206,7 +205,7 @@ pub fn r_prepare_message_2( prk_3e2m = compute_prk_3e2m(&salt_3e2m, r, &g_x); // compute MAC_2 - let mac_2 = compute_mac_2(&prk_3e2m, id_cred_r, cred_r, cred_r_len, &th_2); + let mac_2 = compute_mac_2(&prk_3e2m, id_cred_r, cred_r, &th_2); let ead_2 = r_prepare_ead_2(); @@ -215,7 +214,7 @@ pub fn r_prepare_message_2( // step is actually from processing of message_3 // but we do it here to avoid storing plaintext_2 in State - th_3 = compute_th_3(&th_2, &plaintext_2, cred_r, cred_r_len); + th_3 = compute_th_3(&th_2, &plaintext_2, cred_r); let mut ct: BufferCiphertext2 = BufferCiphertext2::new(); ct.len = plaintext_2.len; @@ -257,8 +256,7 @@ pub fn r_process_message_3( mut state: State, message_3: &BufferMessage3, id_cred_i_expected: &BytesIdCred, - cred_i_expected: &BytesMaxBuffer, - cred_i_len: usize, + cred_i_expected: &[u8], g_i: &BytesP256ElemLen, // I's public DH key ) -> Result<(State, BytesHashLen), EDHOCError> { let State( @@ -301,19 +299,13 @@ pub fn r_process_message_3( prk_4e3m = compute_prk_4e3m(&salt_4e3m, &y, g_i); // compute mac_3 - let expected_mac_3 = compute_mac_3( - &prk_4e3m, - &th_3, - id_cred_i_expected, - cred_i_expected, - cred_i_len, - ); + let expected_mac_3 = + compute_mac_3(&prk_4e3m, &th_3, id_cred_i_expected, cred_i_expected); // verify mac_3 if mac_3 == expected_mac_3 { error = EDHOCError::Success; - let th_4 = - compute_th_4(&th_3, &plaintext_3, cred_i_expected, cred_i_len); + let th_4 = compute_th_4(&th_3, &plaintext_3, cred_i_expected); let mut th_4_buf: BytesMaxContextBuffer = [0x00; MAX_KDF_CONTEXT_LEN]; th_4_buf[..th_4.len()].copy_from_slice(&th_4[..]); @@ -452,8 +444,7 @@ pub fn i_process_message_2( mut state: State, message_2: &BufferMessage2, id_cred_r_expected: &BytesIdCred, - cred_r_expected: &BytesMaxBuffer, - cred_r_len: usize, + cred_r_expected: &[u8], g_r: &BytesP256ElemLen, // R's static public DH key i: &BytesP256ElemLen, // I's static private DH key ) -> Result<(State, u8, u8), EDHOCError> { @@ -507,13 +498,8 @@ pub fn i_process_message_2( prk_3e2m = compute_prk_3e2m(&salt_3e2m, &x, g_r); - let expected_mac_2 = compute_mac_2( - &prk_3e2m, - id_cred_r_expected, - cred_r_expected, - cred_r_len, - &th_2, - ); + let expected_mac_2 = + compute_mac_2(&prk_3e2m, id_cred_r_expected, cred_r_expected, &th_2); if mac_2 == expected_mac_2 { if kid == id_cred_r_expected[id_cred_r_expected.len() - 1] { @@ -523,7 +509,7 @@ pub fn i_process_message_2( pt2.content[..plaintext_2_len] .copy_from_slice(&plaintext_2[..plaintext_2_len]); pt2.len = plaintext_2_len; - th_3 = compute_th_3(&th_2, &pt2, cred_r_expected, cred_r_len); + th_3 = compute_th_3(&th_2, &pt2, cred_r_expected); // message 3 processing let salt_4e3m = compute_salt_4e3m(&prk_3e2m, &th_3); @@ -574,8 +560,7 @@ pub fn i_process_message_2( pub fn i_prepare_message_3( mut state: State, id_cred_i: &BytesIdCred, - cred_i: &BytesMaxBuffer, - cred_i_len: usize, + cred_i: &[u8], ) -> Result<(State, BufferMessage3, BytesHashLen), EDHOCError> { let State( mut current_state, @@ -594,14 +579,14 @@ pub fn i_prepare_message_3( let mut message_3: BufferMessage3 = BufferMessage3::new(); if current_state == EDHOCState::ProcessedMessage2 { - let mac_3 = compute_mac_3(&prk_4e3m, &th_3, id_cred_i, cred_i, cred_i_len); + let mac_3 = compute_mac_3(&prk_4e3m, &th_3, id_cred_i, cred_i); let ead_3 = i_prepare_ead_3(); let plaintext_3 = encode_plaintext_3(id_cred_i, &mac_3, &ead_3); message_3 = encrypt_message_3(&prk_3e2m, &th_3, &plaintext_3); - let th_4 = compute_th_4(&th_3, &plaintext_3, cred_i, cred_i_len); + let th_4 = compute_th_4(&th_3, &plaintext_3, cred_i); let mut th_4_buf: BytesMaxContextBuffer = [0x00; MAX_KDF_CONTEXT_LEN]; th_4_buf[..th_4.len()].copy_from_slice(&th_4[..]); @@ -1027,8 +1012,7 @@ fn compute_th_2(g_y: &BytesP256ElemLen, h_message_1: &BytesHashLen) -> BytesHash fn compute_th_3( th_2: &BytesHashLen, plaintext_2: &BufferPlaintext2, - cred_r: &BytesMaxBuffer, - cred_r_len: usize, + cred_r: &[u8], ) -> BytesHashLen { let mut message: BytesMaxBuffer = [0x00; MAX_BUFFER_LEN]; @@ -1037,10 +1021,10 @@ fn compute_th_3( message[2..2 + th_2.len()].copy_from_slice(&th_2[..]); message[2 + th_2.len()..2 + th_2.len() + plaintext_2.len] .copy_from_slice(&plaintext_2.content[..plaintext_2.len]); - message[2 + th_2.len() + plaintext_2.len..2 + th_2.len() + plaintext_2.len + cred_r_len] - .copy_from_slice(&cred_r[..cred_r_len]); + message[2 + th_2.len() + plaintext_2.len..2 + th_2.len() + plaintext_2.len + cred_r.len()] + .copy_from_slice(cred_r); - let output = sha256_digest(&message, th_2.len() + 2 + plaintext_2.len + cred_r_len); + let output = sha256_digest(&message, th_2.len() + 2 + plaintext_2.len + cred_r.len()); output } @@ -1048,8 +1032,7 @@ fn compute_th_3( fn compute_th_4( th_3: &BytesHashLen, plaintext_3: &BufferPlaintext3, - cred_i: &BytesMaxBuffer, - cred_i_len: usize, + cred_i: &[u8], ) -> BytesHashLen { let mut message: BytesMaxBuffer = [0x00; MAX_BUFFER_LEN]; @@ -1058,10 +1041,10 @@ fn compute_th_4( message[2..2 + th_3.len()].copy_from_slice(&th_3[..]); message[2 + th_3.len()..2 + th_3.len() + plaintext_3.len] .copy_from_slice(&plaintext_3.content[..plaintext_3.len]); - message[2 + th_3.len() + plaintext_3.len..2 + th_3.len() + plaintext_3.len + cred_i_len] - .copy_from_slice(&cred_i[..cred_i_len]); + message[2 + th_3.len() + plaintext_3.len..2 + th_3.len() + plaintext_3.len + cred_i.len()] + .copy_from_slice(cred_i); - let output = sha256_digest(&message, th_3.len() + 2 + plaintext_3.len + cred_i_len); + let output = sha256_digest(&message, th_3.len() + 2 + plaintext_3.len + cred_i.len()); output } @@ -1272,8 +1255,7 @@ fn decrypt_message_3( fn encode_kdf_context( id_cred: &BytesIdCred, th: &BytesHashLen, - cred: &BytesMaxBuffer, - cred_len: usize, + cred: &[u8], ) -> (BytesMaxContextBuffer, usize) { // encode context in line // assumes ID_CRED_R and CRED_R are already CBOR-encoded @@ -1282,10 +1264,10 @@ fn encode_kdf_context( output[id_cred.len()] = CBOR_BYTE_STRING; output[id_cred.len() + 1] = SHA256_DIGEST_LEN as u8; output[id_cred.len() + 2..id_cred.len() + 2 + th.len()].copy_from_slice(&th[..]); - output[id_cred.len() + 2 + th.len()..id_cred.len() + 2 + th.len() + cred_len] - .copy_from_slice(&cred[..cred_len]); + output[id_cred.len() + 2 + th.len()..id_cred.len() + 2 + th.len() + cred.len()] + .copy_from_slice(&cred); - let output_len = (id_cred.len() + 2 + SHA256_DIGEST_LEN + cred_len) as usize; + let output_len = (id_cred.len() + 2 + SHA256_DIGEST_LEN + cred.len()) as usize; (output, output_len) } @@ -1294,11 +1276,10 @@ fn compute_mac_3( prk_4e3m: &BytesHashLen, th_3: &BytesHashLen, id_cred_i: &BytesIdCred, - cred_i: &BytesMaxBuffer, - cred_i_len: usize, + cred_i: &[u8], ) -> BytesMac3 { // MAC_3 = EDHOC-KDF( PRK_4e3m, 6, context_3, mac_length_3 ) - let (context, context_len) = encode_kdf_context(id_cred_i, th_3, cred_i, cred_i_len); + let (context, context_len) = encode_kdf_context(id_cred_i, th_3, cred_i); // compute mac_3 let output_buf = edhoc_kdf( @@ -1317,12 +1298,11 @@ fn compute_mac_3( fn compute_mac_2( prk_3e2m: &BytesHashLen, id_cred_r: &BytesIdCred, - cred_r: &BytesMaxBuffer, - cred_r_len: usize, + cred_r: &[u8], th_2: &BytesHashLen, ) -> BytesMac2 { // compute MAC_2 - let (context, context_len) = encode_kdf_context(id_cred_r, th_2, cred_r, cred_r_len); + let (context, context_len) = encode_kdf_context(id_cred_r, th_2, cred_r); // MAC_2 = EDHOC-KDF( PRK_3e2m, 2, context_2, mac_length_2 ) let mut mac_2: BytesMac2 = [0x00; MAC_LENGTH_2]; @@ -1755,20 +1735,16 @@ mod tests { #[test] fn test_compute_th_3() { let plaintext_2_tv = BufferPlaintext2::from_hex(PLAINTEXT_2_TV); - let mut cred_r_tv: BytesMaxBuffer = [0x00u8; MAX_BUFFER_LEN]; - cred_r_tv[..CRED_R_TV.len()].copy_from_slice(&CRED_R_TV[..]); - let th_3 = compute_th_3(&TH_2_TV, &plaintext_2_tv, &cred_r_tv, CRED_R_TV.len()); + let th_3 = compute_th_3(&TH_2_TV, &plaintext_2_tv, &CRED_R_TV); assert_eq!(th_3, TH_3_TV); } #[test] fn test_compute_th_4() { let plaintext_3_tv = BufferPlaintext3::from_hex(PLAINTEXT_3_TV); - let mut cred_i_tv: BytesMaxBuffer = [0x00u8; MAX_BUFFER_LEN]; - cred_i_tv[..CRED_I_TV.len()].copy_from_slice(&CRED_I_TV[..]); - let th_4 = compute_th_4(&TH_3_TV, &plaintext_3_tv, &cred_i_tv, CRED_I_TV.len()); + let th_4 = compute_th_4(&TH_3_TV, &plaintext_3_tv, &CRED_I_TV); assert_eq!(th_4, TH_4_TV); } @@ -1821,31 +1797,13 @@ mod tests { #[test] fn test_compute_mac_3() { - let mut cred_i_tv: BytesMaxBuffer = [0x00u8; MAX_BUFFER_LEN]; - cred_i_tv[..CRED_I_TV.len()].copy_from_slice(&CRED_I_TV[..]); - - let mac_3 = compute_mac_3( - &PRK_4E3M_TV, - &TH_3_TV, - &ID_CRED_I_TV, - &cred_i_tv, - CRED_I_TV.len(), - ); + let mac_3 = compute_mac_3(&PRK_4E3M_TV, &TH_3_TV, &ID_CRED_I_TV, &CRED_I_TV); assert_eq!(mac_3, MAC_3_TV); } #[test] fn test_compute_and_verify_mac_2() { - let mut cred_r_tv: BytesMaxBuffer = [0x00u8; MAX_BUFFER_LEN]; - cred_r_tv[..CRED_R_TV.len()].copy_from_slice(&CRED_R_TV[..]); - - let rcvd_mac_2 = compute_mac_2( - &PRK_3E2M_TV, - &ID_CRED_R_TV, - &cred_r_tv, - CRED_R_TV.len(), - &TH_2_TV, - ); + let rcvd_mac_2 = compute_mac_2(&PRK_3E2M_TV, &ID_CRED_R_TV, &CRED_R_TV, &TH_2_TV); assert_eq!(rcvd_mac_2, MAC_2_TV); } diff --git a/lib/src/lib.rs b/lib/src/lib.rs index e258bb6a..19cc1ead 100644 --- a/lib/src/lib.rs +++ b/lib/src/lib.rs @@ -96,10 +96,6 @@ impl<'a> EdhocResponderState<'a> { self: &mut EdhocResponderState<'a>, c_r: u8, ) -> Result { - // FIXME Is there any reason left to use a BytesMaxBuffer here instead of just passing the - // slice into r_prepare_message_2? - let mut cred_r: BytesMaxBuffer = [0x00; MAX_BUFFER_LEN]; - cred_r[..self.cred_r.len()].copy_from_slice(self.cred_r); let (y, g_y) = edhoc_crypto::p256_generate_key_pair(); match r_prepare_message_2( @@ -108,8 +104,7 @@ impl<'a> EdhocResponderState<'a> { .id_cred_r .try_into() .expect("Wrong length of id_cred_r"), - &cred_r, - self.cred_r.len(), + self.cred_r, self.r.try_into().expect("Wrong length of private key"), y, g_y, @@ -127,11 +122,6 @@ impl<'a> EdhocResponderState<'a> { self: &mut EdhocResponderState<'a>, message_3: &BufferMessage3, ) -> Result<[u8; SHA256_DIGEST_LEN], EDHOCError> { - // FIXME Is there any reason left to use a BytesMaxBuffer here instead of just passing the - // slice into r_process_message_3? - let mut cred_i: BytesMaxBuffer = [0x00; MAX_BUFFER_LEN]; - cred_i[..self.cred_i.len()].copy_from_slice(self.cred_i); - match r_process_message_3( self.state, message_3, @@ -139,8 +129,7 @@ impl<'a> EdhocResponderState<'a> { .id_cred_i .try_into() .expect("Wrong length of id_cred_i"), - &cred_i, - self.cred_i.len(), + self.cred_i, &self.g_i.try_into().expect("Wrong length of public key"), ) { Ok((state, prk_out)) => { @@ -249,11 +238,6 @@ impl<'a> EdhocInitiatorState<'a> { self: &mut EdhocInitiatorState<'a>, message_2: &BufferMessage2, ) -> Result { - // FIXME Is there any reason left to use a BytesMaxBuffer here instead of just passing the - // slice into i_process_message_2? - let mut cred_r: BytesMaxBuffer = [0x00u8; MAX_BUFFER_LEN]; - cred_r[..self.cred_r.len()].copy_from_slice(self.cred_r); - match i_process_message_2( self.state, message_2, @@ -261,8 +245,7 @@ impl<'a> EdhocInitiatorState<'a> { .id_cred_r .try_into() .expect("Wrong length of id_cred_r"), - &cred_r, - self.cred_r.len(), + self.cred_r, &self.g_r.try_into().expect("Wrong length of public key"), self.i .try_into() @@ -279,19 +262,13 @@ impl<'a> EdhocInitiatorState<'a> { pub fn prepare_message_3( self: &mut EdhocInitiatorState<'a>, ) -> Result<(BufferMessage3, [u8; SHA256_DIGEST_LEN]), EDHOCError> { - // FIXME Is there any reason left to use a BytesMaxBuffer here instead of just passing the - // slice into i_prepare_message_3? - let mut cred_i: BytesMaxBuffer = [0x00u8; MAX_BUFFER_LEN]; - cred_i[..self.cred_i.len()].copy_from_slice(self.cred_i); - match i_prepare_message_3( self.state, &self .id_cred_i .try_into() .expect("Wrong length of id_cred_i"), - &cred_i, - self.cred_i.len(), + self.cred_i, ) { Ok((state, message_3, prk_out)) => { self.state = state; From 67057cde63e8c636cef3a0a57028fd7f6968a140 Mon Sep 17 00:00:00 2001 From: chrysn Date: Wed, 4 Oct 2023 21:42:26 +0200 Subject: [PATCH 5/5] fix: Update C example to use binary data The hex string lines were assigned to `s` in a Python interpreter, and replaced by the output of >>> def f(s): return '{' + ", ".join("0x" + "".join(x) for x in itertools.batched(s.groups(1)[0], 2)) + '}' >>> print(re.sub('"([a-fA-F0-9]+)"', f, s)) --- examples/c-wrapper-riot/main.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/examples/c-wrapper-riot/main.c b/examples/c-wrapper-riot/main.c index 2b479f6a..154d2e2f 100644 --- a/examples/c-wrapper-riot/main.c +++ b/examples/c-wrapper-riot/main.c @@ -7,14 +7,14 @@ extern void mbedtls_memory_buffer_alloc_init(uint8_t *buf, size_t len); #endif -static const uint8_t ID_CRED_I[] = "a104412b"; -static const uint8_t ID_CRED_R[] = "a104410a"; -static const uint8_t CRED_I[] = "A2027734322D35302D33312D46462D45462D33372D33322D333908A101A5010202412B2001215820AC75E9ECE3E50BFC8ED60399889522405C47BF16DF96660A41298CB4307F7EB62258206E5DE611388A4B8A8211334AC7D37ECB52A387D257E6DB3C2A93DF21FF3AFFC8"; -static const uint8_t G_I[] = "ac75e9ece3e50bfc8ed60399889522405c47bf16df96660a41298cb4307f7eb6"; -static const uint8_t CRED_R[] = "A2026008A101A5010202410A2001215820BBC34960526EA4D32E940CAD2A234148DDC21791A12AFBCBAC93622046DD44F02258204519E257236B2A0CE2023F0931F1F386CA7AFDA64FCDE0108C224C51EABF6072"; -static const uint8_t R[] = "72cc4761dbd4c78f758931aa589d348d1ef874a7e303ede2f140dcf3e6aa4aac"; -static const uint8_t I[] = "fb13adeb6518cee5f88417660841142e830a81fe334380a953406a1305e8706b"; -static const uint8_t G_R[] = "bbc34960526ea4d32e940cad2a234148ddc21791a12afbcbac93622046dd44f0"; +static const uint8_t ID_CRED_I[] = {0xa1, 0x04, 0x41, 0x2b}; +static const uint8_t ID_CRED_R[] = {0xa1, 0x04, 0x41, 0x0a}; +static const uint8_t CRED_I[] = {0xA2, 0x02, 0x77, 0x34, 0x32, 0x2D, 0x35, 0x30, 0x2D, 0x33, 0x31, 0x2D, 0x46, 0x46, 0x2D, 0x45, 0x46, 0x2D, 0x33, 0x37, 0x2D, 0x33, 0x32, 0x2D, 0x33, 0x39, 0x08, 0xA1, 0x01, 0xA5, 0x01, 0x02, 0x02, 0x41, 0x2B, 0x20, 0x01, 0x21, 0x58, 0x20, 0xAC, 0x75, 0xE9, 0xEC, 0xE3, 0xE5, 0x0B, 0xFC, 0x8E, 0xD6, 0x03, 0x99, 0x88, 0x95, 0x22, 0x40, 0x5C, 0x47, 0xBF, 0x16, 0xDF, 0x96, 0x66, 0x0A, 0x41, 0x29, 0x8C, 0xB4, 0x30, 0x7F, 0x7E, 0xB6, 0x22, 0x58, 0x20, 0x6E, 0x5D, 0xE6, 0x11, 0x38, 0x8A, 0x4B, 0x8A, 0x82, 0x11, 0x33, 0x4A, 0xC7, 0xD3, 0x7E, 0xCB, 0x52, 0xA3, 0x87, 0xD2, 0x57, 0xE6, 0xDB, 0x3C, 0x2A, 0x93, 0xDF, 0x21, 0xFF, 0x3A, 0xFF, 0xC8}; +static const uint8_t G_I[] = {0xac, 0x75, 0xe9, 0xec, 0xe3, 0xe5, 0x0b, 0xfc, 0x8e, 0xd6, 0x03, 0x99, 0x88, 0x95, 0x22, 0x40, 0x5c, 0x47, 0xbf, 0x16, 0xdf, 0x96, 0x66, 0x0a, 0x41, 0x29, 0x8c, 0xb4, 0x30, 0x7f, 0x7e, 0xb6}; +static const uint8_t CRED_R[] = {0xA2, 0x02, 0x60, 0x08, 0xA1, 0x01, 0xA5, 0x01, 0x02, 0x02, 0x41, 0x0A, 0x20, 0x01, 0x21, 0x58, 0x20, 0xBB, 0xC3, 0x49, 0x60, 0x52, 0x6E, 0xA4, 0xD3, 0x2E, 0x94, 0x0C, 0xAD, 0x2A, 0x23, 0x41, 0x48, 0xDD, 0xC2, 0x17, 0x91, 0xA1, 0x2A, 0xFB, 0xCB, 0xAC, 0x93, 0x62, 0x20, 0x46, 0xDD, 0x44, 0xF0, 0x22, 0x58, 0x20, 0x45, 0x19, 0xE2, 0x57, 0x23, 0x6B, 0x2A, 0x0C, 0xE2, 0x02, 0x3F, 0x09, 0x31, 0xF1, 0xF3, 0x86, 0xCA, 0x7A, 0xFD, 0xA6, 0x4F, 0xCD, 0xE0, 0x10, 0x8C, 0x22, 0x4C, 0x51, 0xEA, 0xBF, 0x60, 0x72}; +static const uint8_t R[] = {0x72, 0xcc, 0x47, 0x61, 0xdb, 0xd4, 0xc7, 0x8f, 0x75, 0x89, 0x31, 0xaa, 0x58, 0x9d, 0x34, 0x8d, 0x1e, 0xf8, 0x74, 0xa7, 0xe3, 0x03, 0xed, 0xe2, 0xf1, 0x40, 0xdc, 0xf3, 0xe6, 0xaa, 0x4a, 0xac}; +static const uint8_t I[] = {0xfb, 0x13, 0xad, 0xeb, 0x65, 0x18, 0xce, 0xe5, 0xf8, 0x84, 0x17, 0x66, 0x08, 0x41, 0x14, 0x2e, 0x83, 0x0a, 0x81, 0xfe, 0x33, 0x43, 0x80, 0xa9, 0x53, 0x40, 0x6a, 0x13, 0x05, 0xe8, 0x70, 0x6b}; +static const uint8_t G_R[] = {0xbb, 0xc3, 0x49, 0x60, 0x52, 0x6e, 0xa4, 0xd3, 0x2e, 0x94, 0x0c, 0xad, 0x2a, 0x23, 0x41, 0x48, 0xdd, 0xc2, 0x17, 0x91, 0xa1, 0x2a, 0xfb, 0xcb, 0xac, 0x93, 0x62, 0x20, 0x46, 0xdd, 0x44, 0xf0}; int main(void) { @@ -35,8 +35,8 @@ int main(void) od_hex_dump(out_public_key, 32, OD_WIDTH_DEFAULT); puts("Begin test: edhoc handshake."); - EdhocInitiatorC initiator = initiator_new(I, 32*2, G_R, 32*2, ID_CRED_I, 4*2, CRED_I, 107*2, ID_CRED_R, 4*2, CRED_R, 84*2); - EdhocResponderC responder = responder_new(R, 32*2, G_I, 32*2, ID_CRED_I, 4*2, CRED_I, 107*2, ID_CRED_R, 4*2, CRED_R, 84*2); + EdhocInitiatorC initiator = initiator_new(I, 32, G_R, 32, ID_CRED_I, 4, CRED_I, 107, ID_CRED_R, 4, CRED_R, 84); + EdhocResponderC responder = responder_new(R, 32, G_I, 32, ID_CRED_I, 4, CRED_I, 107, ID_CRED_R, 4, CRED_R, 84); EdhocMessageBuffer message_1; initiator_prepare_message_1(&initiator, &message_1);