Merge pull request #254 from geonnave/export-ead-authz-label-python

Export EAD authz label to python
openwsn-berkeley · Apr 5, 2024 · 2c3dc64 · 2c3dc64
2 parents a5ff9be + 115185a
commit 2c3dc64
Show file tree

Hide file tree

Showing 8 changed files with 31 additions and 22 deletions.
diff --git a/ead/lakers-ead-authz/src/authenticator.rs b/ead/lakers-ead-authz/src/authenticator.rs
@@ -1,4 +1,5 @@
-use super::shared::*;
+use crate::consts::*;
+use crate::shared::*;
 use lakers_shared::*;
 
 #[derive(Debug, Default)]
@@ -21,7 +22,7 @@ impl ZeroTouchAuthenticator {
     > {
         let opaque_state: Option<EdhocMessageBuffer> = None; // TODO: receive as parameter
 
-        if ead_1.label != EAD_ZEROCONF_LABEL || ead_1.value.is_none() {
+        if ead_1.label != EAD_AUTHZ_LABEL || ead_1.value.is_none() {
             return Err(EDHOCError::EADUnprocessable);
         }
 
@@ -44,7 +45,7 @@ impl ZeroTouchAuthenticatorWaitVoucherResp {
         let (_message_1, voucher, _opaque_state) = parse_voucher_response(&voucher_response)?;
 
         Ok(EADItem {
-            label: EAD_ZEROCONF_LABEL,
+            label: EAD_AUTHZ_LABEL,
             is_critical: true,
             value: Some(voucher[..].try_into().unwrap()),
         })
@@ -138,7 +139,7 @@ mod test_authenticator {
     #[test]
     fn test_process_ead_1() {
         let ead_1 = EADItem {
-            label: EAD_ZEROCONF_LABEL,
+            label: EAD_AUTHZ_LABEL,
             is_critical: true,
             value: Some(EAD1_VALUE_TV.try_into().unwrap()),
         };
@@ -173,7 +174,7 @@ mod test_authenticator {
         let ead_2 = ead_authenticator
             .prepare_ead_2(&voucher_response_tv)
             .unwrap();
-        assert_eq!(ead_2.label, EAD_ZEROCONF_LABEL);
+        assert_eq!(ead_2.label, EAD_AUTHZ_LABEL);
         assert_eq!(ead_2.is_critical, true);
         assert_eq!(ead_2.value.unwrap().content, ead_2_value_tv.content);
     }

diff --git a/ead/lakers-ead-authz/src/device.rs b/ead/lakers-ead-authz/src/device.rs
@@ -1,4 +1,5 @@
-use super::shared::*;
+use crate::consts::*;
+use crate::shared::*;
 use crate::ZeroTouchError;
 use lakers_shared::{Crypto as CryptoTrait, *};
 
@@ -43,7 +44,7 @@ impl ZeroTouchDevice {
         let value = Some(encode_ead_1_value(&self.loc_w, &enc_id));
 
         let ead_1 = EADItem {
-            label: EAD_ZEROCONF_LABEL,
+            label: EAD_AUTHZ_LABEL,
             is_critical: true,
             value,
         };
@@ -69,7 +70,7 @@ impl ZeroTouchDeviceWaitEAD2 {
         ead_2: EADItem,
         cred_v: &[u8],
     ) -> Result<ZeroTouchDeviceDone, ZeroTouchError> {
-        if ead_2.label != EAD_ZEROCONF_LABEL {
+        if ead_2.label != EAD_AUTHZ_LABEL {
             return Err(ZeroTouchError::InvalidEADLabel);
         }
         let Some(ead_2_value_buffer) = ead_2.value else {
@@ -180,7 +181,7 @@ mod test_device {
 
         let (_ead_device, ead_1) =
             ead_device.prepare_ead_1(&mut default_crypto(), G_XW_TV.try_into().unwrap(), SS_TV);
-        assert_eq!(ead_1.label, EAD_ZEROCONF_LABEL);
+        assert_eq!(ead_1.label, EAD_AUTHZ_LABEL);
         assert_eq!(ead_1.is_critical, true);
         assert_eq!(ead_1.value.unwrap().content, ead_1_value_tv.content);
     }
@@ -216,7 +217,7 @@ mod test_device {
     #[test]
     fn test_process_ead_2() {
         let ead_2_tv = EADItem {
-            label: EAD_ZEROCONF_LABEL,
+            label: EAD_AUTHZ_LABEL,
             is_critical: true,
             value: Some(EAD2_VALUE_TV.try_into().unwrap()),
         };

diff --git a/ead/lakers-ead-authz/src/lib.rs b/ead/lakers-ead-authz/src/lib.rs
@@ -11,6 +11,13 @@ pub use authenticator::{ZeroTouchAuthenticator, ZeroTouchAuthenticatorWaitVouche
 pub use device::{ZeroTouchDevice, ZeroTouchDeviceDone, ZeroTouchDeviceWaitEAD2};
 pub use server::{ZeroTouchServer, ZeroTouchServerUserAcl};
 
+pub mod consts {
+    pub const EAD_AUTHZ_LABEL: u8 = 0x1; // NOTE: in lake-authz-draft-01 it is still TBD1
+    pub const EAD_AUTHZ_INFO_K_1_LABEL: u8 = 0x0;
+    pub const EAD_AUTHZ_INFO_IV_1_LABEL: u8 = 0x1;
+    pub const EAD_AUTHZ_ENC_STRUCTURE_LEN: usize = 2 + 8 + 3;
+}
+
 #[derive(PartialEq, Debug)]
 #[repr(C)]
 pub enum ZeroTouchError {

diff --git a/ead/lakers-ead-authz/src/server.rs b/ead/lakers-ead-authz/src/server.rs
@@ -1,4 +1,4 @@
-use super::shared::*;
+use crate::shared::*;
 use lakers_shared::{Crypto as CryptoTrait, *};
 
 /// This server also stores an ACL

diff --git a/ead/lakers-ead-authz/src/shared.rs b/ead/lakers-ead-authz/src/shared.rs
@@ -1,3 +1,4 @@
+use crate::consts::*;
 use lakers_shared::{Crypto as CryptoTrait, *};
 
 pub(crate) fn compute_prk<Crypto: CryptoTrait>(
@@ -42,7 +43,7 @@ pub(crate) fn compute_k_1_iv_1<Crypto: CryptoTrait>(
     let k_1_buf = edhoc_kdf_expand(
         crypto,
         prk,
-        EAD_ZEROCONF_INFO_K_1_LABEL,
+        EAD_AUTHZ_INFO_K_1_LABEL,
         &[0x00; MAX_KDF_CONTEXT_LEN],
         0,
         AES_CCM_KEY_LEN,
@@ -54,7 +55,7 @@ pub(crate) fn compute_k_1_iv_1<Crypto: CryptoTrait>(
     let iv_1_buf = edhoc_kdf_expand(
         crypto,
         prk,
-        EAD_ZEROCONF_INFO_IV_1_LABEL,
+        EAD_AUTHZ_INFO_IV_1_LABEL,
         &[0x00; MAX_KDF_CONTEXT_LEN],
         0,
         AES_CCM_IV_LEN,
@@ -76,7 +77,7 @@ pub(crate) fn parse_ead_1_value(
     ))
 }
 
-pub(crate) fn encode_enc_structure(ss: u8) -> [u8; EAD_ZEROCONF_ENC_STRUCTURE_LEN] {
+pub(crate) fn encode_enc_structure(ss: u8) -> [u8; EAD_AUTHZ_ENC_STRUCTURE_LEN] {
     let mut encrypt0: Bytes8 = [0x00; 8];
     encrypt0[0] = 0x45u8; // 'E'
     encrypt0[1] = 0x6eu8; // 'n'
@@ -87,8 +88,7 @@ pub(crate) fn encode_enc_structure(ss: u8) -> [u8; EAD_ZEROCONF_ENC_STRUCTURE_LE
     encrypt0[6] = 0x74u8; // 't'
     encrypt0[7] = 0x30u8; // '0'
 
-    let mut enc_structure: [u8; EAD_ZEROCONF_ENC_STRUCTURE_LEN] =
-        [0x00; EAD_ZEROCONF_ENC_STRUCTURE_LEN];
+    let mut enc_structure: [u8; EAD_AUTHZ_ENC_STRUCTURE_LEN] = [0x00; EAD_AUTHZ_ENC_STRUCTURE_LEN];
 
     // encode Enc_structure from rfc9052 Section 5.3
     enc_structure[0] = CBOR_MAJOR_ARRAY | 3 as u8; // 3 is the fixed number of elements in the array

diff --git a/lakers-python/src/lib.rs b/lakers-python/src/lib.rs
@@ -1,6 +1,7 @@
 /// This file implements the python bindings for the lakers library.
 /// Note that this module is not restricted by no_std.
 use lakers::*;
+// use lakers_ead::consts::*;
 use lakers_crypto::{default_crypto, CryptoTrait};
 use pyo3::wrap_pyfunction;
 use pyo3::{prelude::*, types::PyBytes};
@@ -74,5 +75,9 @@ fn lakers_python(_py: Python, m: &PyModule) -> PyResult<()> {
     m.add_class::<ead_authz::PyAuthzAutenticator>()?;
     m.add_class::<ead_authz::PyAuthzEnrollmentServer>()?;
     m.add_class::<ead_authz::PyAuthzServerUserAcl>()?;
+
+    let submodule = PyModule::new(_py, "consts")?;
+    submodule.add("EAD_AUTHZ_LABEL", lakers_ead::consts::EAD_AUTHZ_LABEL)?;
+    m.add_submodule(submodule)?;
     Ok(())
 }
diff --git a/lakers-python/test/test_ead_authz.py b/lakers-python/test/test_ead_authz.py
@@ -1,5 +1,4 @@
 import lakers
-import pytest
 
 # values from traces-zeroconf.ipynb
 ID_U = bytes.fromhex("a104412b")
@@ -31,7 +30,7 @@ def test_authenticator_and_server():
     assert type(voucher_response) == bytes
 
     ead_2 = authenticator.prepare_ead_2(voucher_response)
-    assert ead_2.label() == 1
+    assert ead_2.label() == lakers.consts.EAD_AUTHZ_LABEL
     assert ead_2.is_critical() == True
     assert ead_2.value() == EAD_2_VALUE
 

diff --git a/shared/src/lib.rs b/shared/src/lib.rs
@@ -70,10 +70,6 @@ pub const MAX_INFO_LEN: usize = 2 + SHA256_DIGEST_LEN + // 32-byte digest as bst
 pub const ENC_STRUCTURE_LEN: usize = 8 + 5 + SHA256_DIGEST_LEN; // 8 for ENCRYPT0
 
 pub const MAX_EAD_SIZE_LEN: usize = 64;
-pub const EAD_ZEROCONF_LABEL: u8 = 0x1; // NOTE: in lake-authz-draft-02 it is still TBD1
-pub const EAD_ZEROCONF_INFO_K_1_LABEL: u8 = 0x0;
-pub const EAD_ZEROCONF_INFO_IV_1_LABEL: u8 = 0x1;
-pub const EAD_ZEROCONF_ENC_STRUCTURE_LEN: usize = 2 + 8 + 3;
 
 pub type BytesSuites = [u8; SUITES_LEN];
 pub type BytesSupportedSuites = [u8; SUPPORTED_SUITES_LEN];