| /* |
| * |
| * Copyright (c) 2020 Project CHIP Authors |
| * All rights reserved. |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| /** |
| * @file |
| * This file defines the CHIP Secure Session object that provides |
| * APIs for encrypting/decryting data using cryptographic keys. |
| * |
| */ |
| |
| #pragma once |
| |
| #include <crypto/CHIPCryptoPAL.h> |
| #include <lib/core/CHIPCore.h> |
| #include <lib/support/Span.h> |
| #include <transport/raw/MessageHeader.h> |
| |
| namespace chip { |
| |
| class DLL_EXPORT CryptoContext |
| { |
| public: |
| static constexpr size_t kAESCCMNonceLen = 13; |
| using NonceStorage = std::array<uint8_t, kAESCCMNonceLen>; |
| using NonceView = FixedSpan<uint8_t, kAESCCMNonceLen>; |
| using ConstNonceView = FixedSpan<const uint8_t, kAESCCMNonceLen>; |
| |
| CryptoContext(); |
| ~CryptoContext(); |
| CryptoContext(CryptoContext &&) = default; |
| CryptoContext(const CryptoContext &) = default; |
| CryptoContext(Crypto::SymmetricKeyContext * context) : mKeyContext(context){}; |
| CryptoContext & operator=(const CryptoContext &) = default; |
| CryptoContext & operator=(CryptoContext &&) = default; |
| |
| /** |
| * Whether the current node initiated the session, or it is responded to a session request. |
| */ |
| enum class SessionRole |
| { |
| kInitiator, /**< We initiated the session. */ |
| kResponder, /**< We responded to the session request. */ |
| }; |
| |
| enum class SessionInfoType |
| { |
| kSessionEstablishment, /**< A new secure session is established. */ |
| kSessionResumption, /**< An old session is being resumed. */ |
| }; |
| |
| /** |
| * @brief |
| * Derive a shared key. The derived key will be used for encrypting/decrypting |
| * data exchanged on the secure channel. |
| * |
| * @param local_keypair A reference to local ECP keypair |
| * @param remote_public_key A reference to peer's public key |
| * @param salt A reference to the initial salt used for deriving the keys |
| * @param infoType The info buffer to use for deriving session keys |
| * @param role Role of the new session (initiator or responder) |
| * @return CHIP_ERROR The result of key derivation |
| */ |
| CHIP_ERROR InitFromKeyPair(const Crypto::P256Keypair & local_keypair, const Crypto::P256PublicKey & remote_public_key, |
| const ByteSpan & salt, SessionInfoType infoType, SessionRole role); |
| |
| /** |
| * @brief |
| * Derive a shared key. The derived key will be used for encrypting/decrypting |
| * data exchanged on the secure channel. |
| * |
| * @param secret A reference to the shared secret |
| * @param salt A reference to the initial salt used for deriving the keys |
| * @param infoType The info buffer to use for deriving session keys |
| * @param role Role of the new session (initiator or responder) |
| * @return CHIP_ERROR The result of key derivation |
| */ |
| CHIP_ERROR InitFromSecret(const ByteSpan & secret, const ByteSpan & salt, SessionInfoType infoType, SessionRole role); |
| |
| /** @brief Build a Nonce buffer using given parameters for encrypt or decrypt. */ |
| static CHIP_ERROR BuildNonce(NonceView nonce, uint8_t securityFlags, uint32_t messageCounter, NodeId nodeId); |
| |
| /** |
| * @brief |
| * Encrypt the input data using keys established in the secure channel |
| * |
| * @param input Unencrypted input data |
| * @param input_length Length of the input data |
| * @param output Output buffer for encrypted data |
| * @param nonce Nonce buffer for encrypt |
| * @param header message header structure. Encryption type will be set on the header. |
| * @param mac - output the resulting mac |
| * |
| * @return CHIP_ERROR The result of encryption |
| */ |
| CHIP_ERROR Encrypt(const uint8_t * input, size_t input_length, uint8_t * output, ConstNonceView nonce, PacketHeader & header, |
| MessageAuthenticationCode & mac) const; |
| |
| /** |
| * @brief |
| * Decrypt the input data using keys established in the secure channel |
| * |
| * @param input Encrypted input data |
| * @param input_length Length of the input data |
| * @param output Output buffer for decrypted data |
| * @param nonce Nonce buffer for decrypt |
| * @param header message header structure |
| * @return CHIP_ERROR The result of decryption |
| * @param mac Input mac |
| */ |
| CHIP_ERROR Decrypt(const uint8_t * input, size_t input_length, uint8_t * output, ConstNonceView nonce, |
| const PacketHeader & header, const MessageAuthenticationCode & mac) const; |
| |
| ByteSpan GetAttestationChallenge() const { return ByteSpan(mKeys[kAttestationChallengeKey], Crypto::kAES_CCM128_Key_Length); } |
| |
| /** |
| * @brief |
| * Memory overhead of encrypting data. The overhead is independent of size of |
| * the data being encrypted. The extra space is used for storing the common header. |
| * |
| * @return number of bytes. |
| */ |
| size_t EncryptionOverhead(); |
| |
| private: |
| typedef uint8_t CryptoKey[Crypto::kAES_CCM128_Key_Length]; |
| |
| enum KeyUsage |
| { |
| kI2RKey = 0, |
| kR2IKey = 1, |
| kAttestationChallengeKey = 2, |
| kNumCryptoKeys = 3 |
| }; |
| |
| SessionRole mSessionRole; |
| |
| bool mKeyAvailable; |
| CryptoKey mKeys[KeyUsage::kNumCryptoKeys]; |
| Crypto::SymmetricKeyContext * mKeyContext = nullptr; |
| |
| // Use unencrypted header as additional authenticated data (AAD) during encryption and decryption. |
| // The encryption operations includes AAD when message authentication tag is generated. This tag |
| // is used at the time of decryption to integrity check the received data. |
| static CHIP_ERROR GetAdditionalAuthData(const PacketHeader & header, uint8_t * aad, uint16_t & len); |
| }; |
| |
| } // namespace chip |