From 115185a7c5fe0b397801f3f492c539cc33bc6b87 Mon Sep 17 00:00:00 2001 From: Geovane Fedrecheski Date: Fri, 5 Apr 2024 11:16:43 +0200 Subject: [PATCH] ead-authz: export label to python --- ead/lakers-ead-authz/src/authenticator.rs | 11 ++++++----- ead/lakers-ead-authz/src/device.rs | 11 ++++++----- ead/lakers-ead-authz/src/lib.rs | 7 +++++++ ead/lakers-ead-authz/src/server.rs | 2 +- ead/lakers-ead-authz/src/shared.rs | 10 +++++----- lakers-python/src/lib.rs | 5 +++++ lakers-python/test/test_ead_authz.py | 3 +-- shared/src/lib.rs | 4 ---- 8 files changed, 31 insertions(+), 22 deletions(-) diff --git a/ead/lakers-ead-authz/src/authenticator.rs b/ead/lakers-ead-authz/src/authenticator.rs index 30762e7c..e460314d 100644 --- a/ead/lakers-ead-authz/src/authenticator.rs +++ b/ead/lakers-ead-authz/src/authenticator.rs @@ -1,4 +1,5 @@ -use super::shared::*; +use crate::consts::*; +use crate::shared::*; use lakers_shared::*; #[derive(Debug, Default)] @@ -21,7 +22,7 @@ impl ZeroTouchAuthenticator { > { let opaque_state: Option = None; // TODO: receive as parameter - if ead_1.label != EAD_ZEROCONF_LABEL || ead_1.value.is_none() { + if ead_1.label != EAD_AUTHZ_LABEL || ead_1.value.is_none() { return Err(EDHOCError::EADUnprocessable); } @@ -44,7 +45,7 @@ impl ZeroTouchAuthenticatorWaitVoucherResp { let (_message_1, voucher, _opaque_state) = parse_voucher_response(&voucher_response)?; Ok(EADItem { - label: EAD_ZEROCONF_LABEL, + label: EAD_AUTHZ_LABEL, is_critical: true, value: Some(voucher[..].try_into().unwrap()), }) @@ -138,7 +139,7 @@ mod test_authenticator { #[test] fn test_process_ead_1() { let ead_1 = EADItem { - label: EAD_ZEROCONF_LABEL, + label: EAD_AUTHZ_LABEL, is_critical: true, value: Some(EAD1_VALUE_TV.try_into().unwrap()), }; @@ -173,7 +174,7 @@ mod test_authenticator { let ead_2 = ead_authenticator .prepare_ead_2(&voucher_response_tv) .unwrap(); - assert_eq!(ead_2.label, EAD_ZEROCONF_LABEL); + assert_eq!(ead_2.label, EAD_AUTHZ_LABEL); assert_eq!(ead_2.is_critical, true); assert_eq!(ead_2.value.unwrap().content, ead_2_value_tv.content); } diff --git a/ead/lakers-ead-authz/src/device.rs b/ead/lakers-ead-authz/src/device.rs index 0f7c1826..f878ef3b 100644 --- a/ead/lakers-ead-authz/src/device.rs +++ b/ead/lakers-ead-authz/src/device.rs @@ -1,4 +1,5 @@ -use super::shared::*; +use crate::consts::*; +use crate::shared::*; use crate::ZeroTouchError; use lakers_shared::{Crypto as CryptoTrait, *}; @@ -43,7 +44,7 @@ impl ZeroTouchDevice { let value = Some(encode_ead_1_value(&self.loc_w, &enc_id)); let ead_1 = EADItem { - label: EAD_ZEROCONF_LABEL, + label: EAD_AUTHZ_LABEL, is_critical: true, value, }; @@ -69,7 +70,7 @@ impl ZeroTouchDeviceWaitEAD2 { ead_2: EADItem, cred_v: &[u8], ) -> Result { - if ead_2.label != EAD_ZEROCONF_LABEL { + if ead_2.label != EAD_AUTHZ_LABEL { return Err(ZeroTouchError::InvalidEADLabel); } let Some(ead_2_value_buffer) = ead_2.value else { @@ -180,7 +181,7 @@ mod test_device { let (_ead_device, ead_1) = ead_device.prepare_ead_1(&mut default_crypto(), G_XW_TV.try_into().unwrap(), SS_TV); - assert_eq!(ead_1.label, EAD_ZEROCONF_LABEL); + assert_eq!(ead_1.label, EAD_AUTHZ_LABEL); assert_eq!(ead_1.is_critical, true); assert_eq!(ead_1.value.unwrap().content, ead_1_value_tv.content); } @@ -216,7 +217,7 @@ mod test_device { #[test] fn test_process_ead_2() { let ead_2_tv = EADItem { - label: EAD_ZEROCONF_LABEL, + label: EAD_AUTHZ_LABEL, is_critical: true, value: Some(EAD2_VALUE_TV.try_into().unwrap()), }; diff --git a/ead/lakers-ead-authz/src/lib.rs b/ead/lakers-ead-authz/src/lib.rs index e43f9fcb..99e8fe47 100644 --- a/ead/lakers-ead-authz/src/lib.rs +++ b/ead/lakers-ead-authz/src/lib.rs @@ -11,6 +11,13 @@ pub use authenticator::{ZeroTouchAuthenticator, ZeroTouchAuthenticatorWaitVouche pub use device::{ZeroTouchDevice, ZeroTouchDeviceDone, ZeroTouchDeviceWaitEAD2}; pub use server::{ZeroTouchServer, ZeroTouchServerUserAcl}; +pub mod consts { + pub const EAD_AUTHZ_LABEL: u8 = 0x1; // NOTE: in lake-authz-draft-01 it is still TBD1 + pub const EAD_AUTHZ_INFO_K_1_LABEL: u8 = 0x0; + pub const EAD_AUTHZ_INFO_IV_1_LABEL: u8 = 0x1; + pub const EAD_AUTHZ_ENC_STRUCTURE_LEN: usize = 2 + 8 + 3; +} + #[derive(PartialEq, Debug)] #[repr(C)] pub enum ZeroTouchError { diff --git a/ead/lakers-ead-authz/src/server.rs b/ead/lakers-ead-authz/src/server.rs index c581283b..9471af75 100644 --- a/ead/lakers-ead-authz/src/server.rs +++ b/ead/lakers-ead-authz/src/server.rs @@ -1,4 +1,4 @@ -use super::shared::*; +use crate::shared::*; use lakers_shared::{Crypto as CryptoTrait, *}; /// This server also stores an ACL diff --git a/ead/lakers-ead-authz/src/shared.rs b/ead/lakers-ead-authz/src/shared.rs index edc3bcf6..102fa789 100644 --- a/ead/lakers-ead-authz/src/shared.rs +++ b/ead/lakers-ead-authz/src/shared.rs @@ -1,3 +1,4 @@ +use crate::consts::*; use lakers_shared::{Crypto as CryptoTrait, *}; pub(crate) fn compute_prk( @@ -42,7 +43,7 @@ pub(crate) fn compute_k_1_iv_1( let k_1_buf = edhoc_kdf_expand( crypto, prk, - EAD_ZEROCONF_INFO_K_1_LABEL, + EAD_AUTHZ_INFO_K_1_LABEL, &[0x00; MAX_KDF_CONTEXT_LEN], 0, AES_CCM_KEY_LEN, @@ -54,7 +55,7 @@ pub(crate) fn compute_k_1_iv_1( let iv_1_buf = edhoc_kdf_expand( crypto, prk, - EAD_ZEROCONF_INFO_IV_1_LABEL, + EAD_AUTHZ_INFO_IV_1_LABEL, &[0x00; MAX_KDF_CONTEXT_LEN], 0, AES_CCM_IV_LEN, @@ -76,7 +77,7 @@ pub(crate) fn parse_ead_1_value( )) } -pub(crate) fn encode_enc_structure(ss: u8) -> [u8; EAD_ZEROCONF_ENC_STRUCTURE_LEN] { +pub(crate) fn encode_enc_structure(ss: u8) -> [u8; EAD_AUTHZ_ENC_STRUCTURE_LEN] { let mut encrypt0: Bytes8 = [0x00; 8]; encrypt0[0] = 0x45u8; // 'E' encrypt0[1] = 0x6eu8; // 'n' @@ -87,8 +88,7 @@ pub(crate) fn encode_enc_structure(ss: u8) -> [u8; EAD_ZEROCONF_ENC_STRUCTURE_LE encrypt0[6] = 0x74u8; // 't' encrypt0[7] = 0x30u8; // '0' - let mut enc_structure: [u8; EAD_ZEROCONF_ENC_STRUCTURE_LEN] = - [0x00; EAD_ZEROCONF_ENC_STRUCTURE_LEN]; + let mut enc_structure: [u8; EAD_AUTHZ_ENC_STRUCTURE_LEN] = [0x00; EAD_AUTHZ_ENC_STRUCTURE_LEN]; // encode Enc_structure from rfc9052 Section 5.3 enc_structure[0] = CBOR_MAJOR_ARRAY | 3 as u8; // 3 is the fixed number of elements in the array diff --git a/lakers-python/src/lib.rs b/lakers-python/src/lib.rs index d8828f9e..ee7e0b9b 100644 --- a/lakers-python/src/lib.rs +++ b/lakers-python/src/lib.rs @@ -1,6 +1,7 @@ /// This file implements the python bindings for the lakers library. /// Note that this module is not restricted by no_std. use lakers::*; +// use lakers_ead::consts::*; use lakers_crypto::{default_crypto, CryptoTrait}; use pyo3::wrap_pyfunction; use pyo3::{prelude::*, types::PyBytes}; @@ -74,5 +75,9 @@ fn lakers_python(_py: Python, m: &PyModule) -> PyResult<()> { m.add_class::()?; m.add_class::()?; m.add_class::()?; + + let submodule = PyModule::new(_py, "consts")?; + submodule.add("EAD_AUTHZ_LABEL", lakers_ead::consts::EAD_AUTHZ_LABEL)?; + m.add_submodule(submodule)?; Ok(()) } diff --git a/lakers-python/test/test_ead_authz.py b/lakers-python/test/test_ead_authz.py index 49f546ed..4b17c0e3 100644 --- a/lakers-python/test/test_ead_authz.py +++ b/lakers-python/test/test_ead_authz.py @@ -1,5 +1,4 @@ import lakers -import pytest # values from traces-zeroconf.ipynb ID_U = bytes.fromhex("a104412b") @@ -31,7 +30,7 @@ def test_authenticator_and_server(): assert type(voucher_response) == bytes ead_2 = authenticator.prepare_ead_2(voucher_response) - assert ead_2.label() == 1 + assert ead_2.label() == lakers.consts.EAD_AUTHZ_LABEL assert ead_2.is_critical() == True assert ead_2.value() == EAD_2_VALUE diff --git a/shared/src/lib.rs b/shared/src/lib.rs index 5aab4b6b..0e4e63b2 100644 --- a/shared/src/lib.rs +++ b/shared/src/lib.rs @@ -70,10 +70,6 @@ pub const MAX_INFO_LEN: usize = 2 + SHA256_DIGEST_LEN + // 32-byte digest as bst pub const ENC_STRUCTURE_LEN: usize = 8 + 5 + SHA256_DIGEST_LEN; // 8 for ENCRYPT0 pub const MAX_EAD_SIZE_LEN: usize = 64; -pub const EAD_ZEROCONF_LABEL: u8 = 0x1; // NOTE: in lake-authz-draft-02 it is still TBD1 -pub const EAD_ZEROCONF_INFO_K_1_LABEL: u8 = 0x0; -pub const EAD_ZEROCONF_INFO_IV_1_LABEL: u8 = 0x1; -pub const EAD_ZEROCONF_ENC_STRUCTURE_LEN: usize = 2 + 8 + 3; pub type BytesSuites = [u8; SUITES_LEN]; pub type BytesSupportedSuites = [u8; SUPPORTED_SUITES_LEN];