aiocoap.edhoc module¶
Internal module containing types used inside EDHOC security contexts
- aiocoap.edhoc.load_cbor_or_edn(filename: Path)¶
Common heuristic for whether something is CBOR or EDN
- class aiocoap.edhoc.CoseKeyForEdhoc¶
Bases:
object- kty: int¶
- crv: int¶
- d: bytes¶
- classmethod from_file(filename: Path) CoseKeyForEdhoc¶
Load a key from a file (in CBOR or EDN), asserting that the file is not group/world readable
- classmethod from_map(key: dict) CoseKeyForEdhoc¶
- secret_to_map() dict¶
- classmethod generate(filename: Path | None = None) CoseKeyForEdhoc¶
Generate a key inside a file
This returns the generated private key.
- as_ccs(kid: bytes | None, subject: str | None) Dict[Literal[14], dict]¶
Given a key, generate a corresponding KCCS
- class aiocoap.edhoc.EdhocCredentials(suite: int, method: int, own_cred_style: str | None = None, peer_cred: dict | None = None, own_cred: dict | None = None, private_key_file: str | None = None, private_key: dict | None = None, use_combined_edhoc: bool | None = None)¶
Bases:
_Objectish- suite: int¶
- method: int¶
- peer_cred: dict | None¶
- use_combined_edhoc: bool | None¶
Whether the combined flow should be used when using this credential set.
If unset or None, this the decision is left to the library (which at the time of writing always picks True).
- own_key: CoseKeyForEdhoc | None¶
- own_cred: dict | None¶
- find_edhoc_by_id_cred_peer(id_cred_peer)¶
- peer_cred_is_unauthenticated()¶
- async establish_context(wire, underlying_address, underlying_proxy_scheme, underlying_uri_host, logger)¶
- class aiocoap.edhoc.EdhocInitiatorContext(initiator, c_ours, c_theirs, cred_i_mode, logger)¶
Bases:
_EdhocContextBaseAn OSCORE context that is derived from an EDHOC exchange.
It does not require that the EDHOC exchange has completed – it can be set up by an initiator already when message 2 has been received, prepares a message 3 at setup time, and sends it with the first request that is sent through it.
- complete_without_message_4() None¶
- complete_with_message_4(message_4: bytes) None¶
- message_3_to_include() bytes | None¶
An encoded message_3 to include in outgoing messages
This may modify self to only return something once.
- class aiocoap.edhoc.EdhocResponderContext(responder, c_i, c_r, server_credentials, logger)¶
Bases:
_EdhocContextBase- message_3_to_include() bytes | None¶
An encoded message_3 to include in outgoing messages
This may modify self to only return something once.
- get_oscore_context_for(unprotected)¶
Return a sutiable context (most easily self) for an incoming request if its unprotected data (COSE_KID, COSE_KID_CONTEXT) fit its description. If it doesn’t match, it returns None.
The default implementation just strictly checks for whether kid and any kid context match (not matching if a local KID context is set but none is given in the request); modes like Group OSCORE can spin up aspect objects here.
- find_all_used_contextless_oscore_kid() set[bytes]¶
- protect(*args, **kwargs)¶
Given a plain CoAP message, create a protected message that contains message’s options in the inner or outer CoAP message as described in OSCOAP.
If the message is a response to a previous message, the additional data from unprotecting the request are passed in as request_id. When request data is present, its partial IV is reused if possible. The security context’s ID context is encoded in the resulting message unless kid_context is explicitly set to a False; other values for the kid_context can be passed in as byte string in the same parameter.
- unprotect(protected_message, request_id=None)¶
- class aiocoap.edhoc.OwnCredStyle(*values)¶
Bases:
EnumGuidance for how the own credential should be sent in an EDHOC exchange
- ByKeyId = 'by-key-id'¶
- ByValue = 'by-value'¶
- as_lakers()¶
Convert the enum into Lakers’ reepresentation of the same concept.
The types may eventually be unified, but so far, Lakers doesn’t make the distinctions we expect to make yet.
