Changing key-management strategies and removing the CBOR encoding

[Reneta2003]

I am doing research that involves configuring different key management strategies, such as Pre-shared Keys (PSK), Raw Public Keys (RPK), and dynamically generated keys. I also want to remove the CBOR encoding of the certificates and use an X.509 certificate instead of a C.509 certificate. Is there any built-in support for doing these tasks? If possible, could you please provide me with some guidance on how this can be done? Thank you in advance!

[StefanHri]

Pre-shared symmetric keys are not supported by the EDHOC specification. X.509 certificates are supported and tested, see the tests. Currently not much of the different combinations of credentials are tested due to a the lack of test vectors. Can you provide a concrete list of the credential types that you want to test. Note that initiator and responded may have different credential type.

Generally exchanging the credentials is simple. You need to populate the corresponding struct other_party_cred , struct edhoc_responder_context and struct edhoc_initiator_context variables.

[Reneta2003]

Thank you for the reply! I used your directions and found the file edhoc_tests_rfc9529.c which uses the x509 certificate. Sadly, when I populated the fields the same way as the function test_edhoc_initiator_x509_x5t_rfc9529 from edhoc_tests_rfc9529.c in the linux_edhoc_oscore sample, I encountered an error:

./build/initiator_client
IPv6 client to connect to server with address ..... started!
C_I (size 1):
2D
message_1 (CBOR Sequence) (size 37):
00 00 58 20 31 F8 2C 7B 5B 9C BB F0 F1 94 D9 13
CC 12 EF 15 32 D3 28 EF 32 63 2A 48 81 A1 C0 70
1E 23 7F 04 2D
hash (size 32):
C1 65 D6 A9 9D 1B CA FA AC 8D BF 2B 35 2A 6F 7D
71 A3 0B 43 9C 9D 64 D3 49 A2 38 48 03 8E D1 6B
waiting to receive message 2...
recv errordata_len: 398
payload_len: 0
Runtime error: code 1 at src/edhoc/initiator.c:139

Runtime error: code 1 at src/edhoc/initiator.c:251

Runtime error: code 1 at src/edhoc/initiator.c:299

Runtime error: code 1 at src/main.cpp:217

Is it possible I am not using the test code correctly with the linux_edhoc_oscore sample? And is there a way to get more explicit debug messages?

[StefanHri]

Can you describe what you are trying to do? If you want to get a working example running on a linux host probably the the simplest is to build the samples https://github.com/eriptic/uoscore-uedhoc/tree/main/samples/linux_edhoc. For that run make clean; make in the initiator and responder folders. Then execute the first the responder executable created in responder/build and subsequently the initiator executable created in initiator/build

[Reneta2003]

I am trying to use X509 certificates without the CBOR encoding. All the examples worked for me but as far as I can see, I can't avoid encoding the certificates.

[StefanHri]

Thanks for your feedback. Are you referring to ID_CRED_x? Note that those are COSE header_map by definition. What I can offer is to implement an additional API function that can take a raw ID_CRED_x and a corresponding type and encodes it. This will take some time however.