UNPKG

edhoc

Version:

A Node.js implementation of EDHOC (Ephemeral Diffie-Hellman Over COSE) protocol for lightweight authenticated key exchange in IoT and other constrained environments.

github.com/stoprocent/node-edhoc

stoprocent/node-edhoc

206 lines (205 loc) 8.61 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.DefaultEdhocCryptoManager = void 0; const edhoc_1 = require("./edhoc"); const ed25519_1 = require("@noble/curves/ed25519"); const p256_1 = require("@noble/curves/p256"); const sha256_1 = require("@noble/hashes/sha256"); const hkdf_1 = require("@noble/hashes/hkdf"); const crypto_1 = require("crypto"); class DefaultEdhocCryptoManager { keys = {}; keyIdentifier = 1000; constructor() { this.keys = {}; } addKey(keyID, key) { const kid = keyID.toString('hex'); this.keys[kid] = key; } async importKey(edhoc, keyType, key) { const keyBuffer = Buffer.alloc(4); keyBuffer.writeInt32LE(this.keyIdentifier++); const keyID = keyBuffer.toString('hex'); const curveKE = this.getCurveForKeyAgreement(edhoc.selectedSuite); const curveSIG = this.getCurveForSignature(edhoc.selectedSuite); switch (keyType) { case edhoc_1.EdhocKeyType.KeyAgreement: case edhoc_1.EdhocKeyType.MakeKeyPair: this.keys[keyID] = key.byteLength > 0 ? Buffer.from(key) : Buffer.from(curveKE.utils.randomPrivateKey()); break; case edhoc_1.EdhocKeyType.Signature: this.keys[keyID] = key.byteLength > 0 ? Buffer.from(key) : Buffer.from(curveSIG.utils.randomPrivateKey()); break; default: this.keys[keyID] = Buffer.from(key); } return keyBuffer; } destroyKey(edhoc, keyID) { const kid = keyID.toString('hex'); if (kid in this.keys === false) { throw new Error(`Key '${kid}' not found`); } delete this.keys[kid]; return true; } makeKeyPair(edhoc, keyID, _privateKeySize, _publicKeySize) { const key = this.getKey(keyID); try { const curveKE = this.getCurveForKeyAgreement(edhoc.selectedSuite); return { privateKey: Buffer.from(key), publicKey: Buffer.from(curveKE.getPublicKey(key)).subarray(curveKE === p256_1.p256 ? 1 : 0) }; } catch (error) { throw new Error(`Wrong key type`); } } keyAgreement(edhoc, keyID, publicKey, _privateKeySize) { const key = this.getKey(keyID); const curveKE = this.getCurveForKeyAgreement(edhoc.selectedSuite); const publicKeyBuffer = this.formatPublicKey(curveKE, publicKey); const sharedSecrect = Buffer.from(curveKE.getSharedSecret(key, new Uint8Array(publicKeyBuffer))); return sharedSecrect.subarray(curveKE === p256_1.p256 ? 1 : 0); } sign(edhoc, keyID, input, _signatureSize) { const key = this.getKey(keyID); const curveSIG = this.getCurveForSignature(edhoc.selectedSuite); const payload = this.formatToBeSigned(curveSIG, input); const signature = curveSIG.sign(payload, new Uint8Array(key)); if (signature instanceof Uint8Array) { return Buffer.from(signature); } else if ('toCompactRawBytes' in signature) { return Buffer.from(signature.toCompactRawBytes()); } else { throw new Error('Unsupported signature type'); } } async verify(edhoc, keyID, input, signature) { const key = this.getKey(keyID); const curveSIG = this.getCurveForSignature(edhoc.selectedSuite); const publicKeyBuffer = this.formatPublicKey(curveSIG, key); const payload = this.formatToBeSigned(curveSIG, input); if (!curveSIG.verify(new Uint8Array(signature), payload, new Uint8Array(publicKeyBuffer))) { throw new Error('Signature not verified'); } return true; } extract(edhoc, keyID, salt, _keySize) { const key = this.getKey(keyID); return Buffer.from((0, hkdf_1.extract)(sha256_1.sha256, new Uint8Array(key), new Uint8Array(salt))); } expand(edhoc, keyID, info, keySize) { const key = this.getKey(keyID); const expanded = Buffer.from((0, hkdf_1.expand)(sha256_1.sha256, new Uint8Array(key), new Uint8Array(info), keySize)); return expanded; } encrypt(edhoc, keyID, nonce, aad, plaintext, _size) { const key = this.getKey(keyID); const algorithm = this.getAlgorithm(edhoc.selectedSuite); const options = { authTagLength: this.getTagLength(edhoc.selectedSuite) }; const cipher = (0, crypto_1.createCipheriv)(algorithm, key, nonce, options); cipher.setAAD(aad, { plaintextLength: Buffer.byteLength(plaintext) }); const update = Buffer.byteLength(plaintext) === 0 ? Buffer.alloc(0) : plaintext; const encrypted = Buffer.concat([ cipher.update(update), cipher.final(), cipher.getAuthTag() ]); return encrypted; } decrypt(edhoc, keyID, nonce, aad, ciphertext, _size) { const key = this.getKey(keyID); const tagLength = this.getTagLength(edhoc.selectedSuite); const algorithm = this.getAlgorithm(edhoc.selectedSuite); const options = { authTagLength: tagLength }; const decipher = (0, crypto_1.createDecipheriv)(algorithm, key, nonce, options); decipher.setAuthTag(ciphertext.subarray(ciphertext.length - tagLength)); decipher.setAAD(aad, { plaintextLength: ciphertext.length - tagLength }); const decrypted = decipher.update(ciphertext.subarray(0, ciphertext.length - tagLength)); decipher.final(); return decrypted; } async hash(_edhoc, data, _hashSize) { return Buffer.from((0, sha256_1.sha256)(data)); } getKey(keyID) { const kid = keyID.toString('hex'); if (kid in this.keys === false) { throw new Error(`Key '${kid}' not found`); } return this.keys[kid]; } formatToBeSigned(curve, payload) { if (curve === p256_1.p256) { return Buffer.from((0, sha256_1.sha256)(payload)); } else if (curve === ed25519_1.ed25519) { return payload; } else { throw new Error(`Unsupported curve ${curve}`); } } formatPublicKey(curve, key) { if (curve === p256_1.p256) { const prefix = key.byteLength === 64 ? 0x04 : (key[key.length - 1] & 1) ? 0x03 : 0x02; return Buffer.concat([Buffer.from([prefix]), key]); } else if (curve === ed25519_1.ed25519 || curve === ed25519_1.x25519) { return key; } else { throw new Error(`Unsupported curve ${curve}`); } } getCurveForSignature(suite) { if ([edhoc_1.EdhocSuite.Suite2, edhoc_1.EdhocSuite.Suite3, edhoc_1.EdhocSuite.Suite5, edhoc_1.EdhocSuite.Suite6].includes(suite)) { return p256_1.p256; } else if ([edhoc_1.EdhocSuite.Suite0, edhoc_1.EdhocSuite.Suite1, edhoc_1.EdhocSuite.Suite4].includes(suite)) { return ed25519_1.ed25519; } else { throw new Error(`Unsupported EDHOC suite ${suite} for signature.`); } } getCurveForKeyAgreement(suite) { if ([edhoc_1.EdhocSuite.Suite2, edhoc_1.EdhocSuite.Suite3, edhoc_1.EdhocSuite.Suite5].includes(suite)) { return p256_1.p256; } else if ([edhoc_1.EdhocSuite.Suite0, edhoc_1.EdhocSuite.Suite1, edhoc_1.EdhocSuite.Suite4, edhoc_1.EdhocSuite.Suite6].includes(suite)) { return ed25519_1.x25519; } else { throw new Error(`Unsupported EDHOC suite ${suite} for key agreement.`); } } getTagLength(suite) { return [edhoc_1.EdhocSuite.Suite0, edhoc_1.EdhocSuite.Suite2].includes(suite) ? 8 : 16; } getAlgorithm(suite) { if ([edhoc_1.EdhocSuite.Suite4, edhoc_1.EdhocSuite.Suite5, edhoc_1.EdhocSuite.Suite25].includes(suite)) { return 'chacha20-poly1305'; } else if ([edhoc_1.EdhocSuite.Suite6].includes(suite)) { return 'aes-128-gcm'; } else if ([edhoc_1.EdhocSuite.Suite24].includes(suite)) { return 'aes-256-gcm'; } else if ([edhoc_1.EdhocSuite.Suite0, edhoc_1.EdhocSuite.Suite1, edhoc_1.EdhocSuite.Suite2, edhoc_1.EdhocSuite.Suite3].includes(suite)) { return 'aes-128-ccm'; } else { throw new Error(`Unsupported EDHOC suite ${suite} for encryption.`); } } } exports.DefaultEdhocCryptoManager = DefaultEdhocCryptoManager;