pycose_edhoc package

class pycose_edhoc.Method(*values)

Bases: IntEnum

Methods defined in Section 3.2 of RFC 9528

SIGN_SIGN = 0

SIGN_DH = 1

DH_SIGN = 2

DH_DH = 3

RESERVED_23 = 23

pycose_edhoc.pycose_iv_length(alg)

class pycose_edhoc.CipherSuite(value, edhoc_aead, edhoc_hash, edhoc_mac_length, edhoc_ke, edhoc_sign, app_aead, app_hash)

Bases: object

Parameters for a single cipher suite

value: int: The ciphersuite code point value

edhoc_aead: CoseAlgorithm: AEAD algorithm

edhoc_hash: CoseAlgorithm: Hash algorithm

edhoc_mac_length: int: Specific MAC length in bytes

edhoc_ke: CoseCurve: Key Exchange algorithm

edhoc_sign: CoseAlgorithm: Signature algorithm

app_aead: CoseAlgorithm: AEAD algorithm for using applications

app_hash: CoseAlgorithm: Hash algorithm for using applications

property edhoc_ecdh_key_length: int

property edhoc_key_length: int

property edhoc_iv_length: int

property edhoc_hash_length: int

property app_key_length: int

property app_iv_length: int

property app_hash_length: int

pycose_edhoc.SUITES = [CipherSuite(value=0, edhoc_aead=<class 'pycose.algorithms.AESCCM1664128'>, edhoc_hash=<class 'pycose.algorithms.Sha256'>, edhoc_mac_length=8, edhoc_ke=<class 'pycose.keys.curves.X25519'>, edhoc_sign=<class 'pycose.algorithms.EdDSA'>, app_aead=<class 'pycose.algorithms.AESCCM1664128'>, app_hash=<class 'pycose.algorithms.Sha256'>), CipherSuite(value=1, edhoc_aead=<class 'pycose.algorithms.AESCCM16128128'>, edhoc_hash=<class 'pycose.algorithms.Sha256'>, edhoc_mac_length=16, edhoc_ke=<class 'pycose.keys.curves.X25519'>, edhoc_sign=<class 'pycose.algorithms.EdDSA'>, app_aead=<class 'pycose.algorithms.AESCCM1664128'>, app_hash=<class 'pycose.algorithms.Sha256'>), CipherSuite(value=2, edhoc_aead=<class 'pycose.algorithms.AESCCM1664128'>, edhoc_hash=<class 'pycose.algorithms.Sha256'>, edhoc_mac_length=8, edhoc_ke=<class 'pycose.keys.curves.P256'>, edhoc_sign=<class 'pycose.algorithms.Es256'>, app_aead=<class 'pycose.algorithms.AESCCM1664128'>, app_hash=<class 'pycose.algorithms.Sha256'>), CipherSuite(value=3, edhoc_aead=<class 'pycose.algorithms.AESCCM16128128'>, edhoc_hash=<class 'pycose.algorithms.Sha256'>, edhoc_mac_length=16, edhoc_ke=<class 'pycose.keys.curves.P256'>, edhoc_sign=<class 'pycose.algorithms.Es256'>, app_aead=<class 'pycose.algorithms.AESCCM1664128'>, app_hash=<class 'pycose.algorithms.Sha256'>), CipherSuite(value=6, edhoc_aead=<class 'pycose.algorithms.A128GCM'>, edhoc_hash=<class 'pycose.algorithms.Sha256'>, edhoc_mac_length=16, edhoc_ke=<class 'pycose.keys.curves.X25519'>, edhoc_sign=<class 'pycose.algorithms.Es256'>, app_aead=<class 'pycose.algorithms.A128GCM'>, app_hash=<class 'pycose.algorithms.Sha256'>), CipherSuite(value=24, edhoc_aead=<class 'pycose.algorithms.A256GCM'>, edhoc_hash=<class 'pycose.algorithms.Sha384'>, edhoc_mac_length=16, edhoc_ke=<class 'pycose.keys.curves.P384'>, edhoc_sign=<class 'pycose.algorithms.Es384'>, app_aead=<class 'pycose.algorithms.A256GCM'>, app_hash=<class 'pycose.algorithms.Sha384'>)]: Known cipher suites registered with IANA

pycose_edhoc.SUITES_BY_VALUE = {0: CipherSuite(value=0, edhoc_aead=<class 'pycose.algorithms.AESCCM1664128'>, edhoc_hash=<class 'pycose.algorithms.Sha256'>, edhoc_mac_length=8, edhoc_ke=<class 'pycose.keys.curves.X25519'>, edhoc_sign=<class 'pycose.algorithms.EdDSA'>, app_aead=<class 'pycose.algorithms.AESCCM1664128'>, app_hash=<class 'pycose.algorithms.Sha256'>), 1: CipherSuite(value=1, edhoc_aead=<class 'pycose.algorithms.AESCCM16128128'>, edhoc_hash=<class 'pycose.algorithms.Sha256'>, edhoc_mac_length=16, edhoc_ke=<class 'pycose.keys.curves.X25519'>, edhoc_sign=<class 'pycose.algorithms.EdDSA'>, app_aead=<class 'pycose.algorithms.AESCCM1664128'>, app_hash=<class 'pycose.algorithms.Sha256'>), 2: CipherSuite(value=2, edhoc_aead=<class 'pycose.algorithms.AESCCM1664128'>, edhoc_hash=<class 'pycose.algorithms.Sha256'>, edhoc_mac_length=8, edhoc_ke=<class 'pycose.keys.curves.P256'>, edhoc_sign=<class 'pycose.algorithms.Es256'>, app_aead=<class 'pycose.algorithms.AESCCM1664128'>, app_hash=<class 'pycose.algorithms.Sha256'>), 3: CipherSuite(value=3, edhoc_aead=<class 'pycose.algorithms.AESCCM16128128'>, edhoc_hash=<class 'pycose.algorithms.Sha256'>, edhoc_mac_length=16, edhoc_ke=<class 'pycose.keys.curves.P256'>, edhoc_sign=<class 'pycose.algorithms.Es256'>, app_aead=<class 'pycose.algorithms.AESCCM1664128'>, app_hash=<class 'pycose.algorithms.Sha256'>), 6: CipherSuite(value=6, edhoc_aead=<class 'pycose.algorithms.A128GCM'>, edhoc_hash=<class 'pycose.algorithms.Sha256'>, edhoc_mac_length=16, edhoc_ke=<class 'pycose.keys.curves.X25519'>, edhoc_sign=<class 'pycose.algorithms.Es256'>, app_aead=<class 'pycose.algorithms.A128GCM'>, app_hash=<class 'pycose.algorithms.Sha256'>), 24: CipherSuite(value=24, edhoc_aead=<class 'pycose.algorithms.A256GCM'>, edhoc_hash=<class 'pycose.algorithms.Sha384'>, edhoc_mac_length=16, edhoc_ke=<class 'pycose.keys.curves.P384'>, edhoc_sign=<class 'pycose.algorithms.Es384'>, app_aead=<class 'pycose.algorithms.A256GCM'>, app_hash=<class 'pycose.algorithms.Sha384'>)}: Indexed by value for lookup

class pycose_edhoc.KeyHandler(key_cls, crv)

Bases: object

Key exchange key handling logic

key_cls: Type[CoseKey]

crv: Type[CoseCurve]

generate_key()

Return type:: CoseKey

validate(key)

to_pub_data(key)

Return type:: bytes

from_pub_data(data)

Return type:: CoseKey

pycose_edhoc.cose_key(key)

Convert from native cryptography key to a CoseKey

Return type:: CoseKey

class pycose_edhoc.EadItem(label, value=None)

Bases: object

A single EAD item per Section 3.8 of RFC 9528

label: int

value: Optional[bytes] = None

class pycose_edhoc.EadList(items=<factory>)

Bases: object

A set of EAD per Section 3.8 of RFC 9528

items: List[EadItem]

encode(enc): Encode to a CBOR item sequence

decode(dec)

class pycose_edhoc.ConnectionId(value=b'')

Bases: object

value: bytes = b'': Native simple value

EncodedType

Encoded value type

alias of bytes | int

static from_item(item)

Return type:: ConnectionId

encode(enc): Encode the value

decode(dec): Decode the value

class pycose_edhoc.IdCred(value=<factory>)

Bases: object

value: dict: Native simple value

EncodedType

Encoded value type

alias of dict | bytes | int

encode(enc): Encode the value

decode(dec): Decode the value

class pycose_edhoc.CredItem(data, pubkey)

Bases: object

Data to represent credentials and their associated public keys

data: bytes: The pre-encoded CBOR item representing the credential

pubkey: CoseKey: The pre-extracted COSE key from the credential

class pycose_edhoc.CredStore

Bases: object

An indexed collection of CredItem objects

add(id_cred, item)

find(id_cred)

Return type:: Optional[CredItem]

pycose_edhoc.EcKeyType

Type for any elliptic curve COSE key object

alias of EC2Key | OKPKey

pycose_edhoc.perform_ecdh(priv_key, peer_key)

Derive a shared secret from a pair of ECDH private and public keys.

Return type:: bytes

pycose_edhoc.bytes_xor(ina, inb)

Perform a bitwise XOR of two byte strings

Return type:: bytes

class pycose_edhoc.AbstractKDF

Bases: object

Generic interface for performing EDHOC_KDF() function.

extract(salt, ikm)

The EDHOC_Extract() interface

Return type:: bytes

expand(prk, info, length)

The EDHOC_Expand() interface

Return type:: bytes

class pycose_edhoc.HKDF(cls)

Bases: AbstractKDF

Encapsulate the configuration of an HKDF

extract(salt, ikm)

The EDHOC_Extract() to use when edhoc_hash is one of SHA2

Return type:: bytes

expand(prk, info, length)

The EDHOC_Expand() to use when edhoc_hash is one of SHA2

Return type:: bytes

class pycose_edhoc.KMAC(hash_cls)

Bases: AbstractKDF

Encapsulate the configuration of a KMAC PRF

extract(salt, ikm)

The EDHOC_Extract() to use when edhoc_hash is one of SHAKE

Return type:: bytes

expand(prk, info, length)

The EDHOC_Expand() to use when edhoc_hash is one of SHAKE

Return type:: bytes

class pycose_edhoc.CommonState(authn_priv_key, cred_store, id_cred, as_initiator, ke_priv_key=None, method=None, conn_id=None)

Bases: object

Common processing for either EDHOC endpoint.

Parameters:

authn_priv_key (Union[EC2Key, OKPKey]) – The local entity private key.
cred_store (CredStore) – The credential store for all entities.
id_cred (dict) – The local entity ID_CRED value.
ke_priv_key (Union[EC2Key, OKPKey, None]) – A manual ECDH key used only for debugging.

as_initiator()

Return type:: bool

get_own_conn_id()

Return type:: ConnectionId

get_peer_conn_id()

Return type:: ConnectionId

get_cipher_suite()

Return type:: CipherSuite

get_key_handler()

Return type:: KeyHandler

get_prk_exporter()

Return type:: bytes

edhoc_exporter(info_label, context, length)

Provide an application interface to the final exporter behavior defined in Section 4.2 of RFC 9528.

Return type:: bytes

class pycose_edhoc.EdhocInitiator(method, suites, **kwargs)

Bases: CommonState

Logic for the initiator side of an EDHOC conversation.

get_message_1(ead=None)

From Section 5.2.1 of RFC 9528

Return type:: bytes

process_message_2(msg)

Return type:: EadList

get_message_3(ead=None)

Return type:: bytes

process_message_4(msg)

Return type:: EadList

class pycose_edhoc.EdhocResponder(valid_methods=typing.List[pycose_edhoc.Method], valid_suites=typing.List[typing.Union[pycose_edhoc.CipherSuite, int]], **kwargs)

Bases: CommonState

Logic for the responder side of an EDHOC conversation.

process_message_1(msg)

Return type:: EadList

get_message_2(ead=None)

Return type:: bytes

process_message_3(msg)

Return type:: EadList

get_message_4(ead=None)

Return type:: bytes