aiocoap.edhoc module¶
Internal module containing types used inside EDHOC security contexts
- aiocoap.edhoc.load_cbor_or_edn(filename: Path)¶
Common heuristic for whether something is CBOR or EDN
- class aiocoap.edhoc.CoseKeyForEdhoc¶
Bases:
object- kty: int¶
- crv: int¶
- d: bytes¶
- classmethod from_file(filename: Path) CoseKeyForEdhoc¶
Load a key from a file (in CBOR or EDN), asserting that the file is not group/world readable
- classmethod from_map(key: dict) CoseKeyForEdhoc¶
- secret_to_map() dict¶
- classmethod generate(filename: Path | None = None) CoseKeyForEdhoc¶
Generate a key inside a file
This returns the generated private key.
- as_ccs(kid: bytes | None, subject: str | None) Dict[Literal[14], dict]¶
Given a key, generate a corresponding KCCS
- class aiocoap.edhoc.EdhocCredentials(suite: int, method: int, own_cred_style: str | None = None, peer_cred: dict | None = None, own_cred: dict | None = None, private_key_file: str | None = None, private_key: dict | None = None)¶
Bases:
_Objectish- suite: int¶
- method: int¶
- own_cred: dict | None¶
- peer_cred: dict | None¶
- own_key: CoseKeyForEdhoc | None¶
- find_edhoc_by_id_cred_peer(id_cred_peer)¶
- peer_cred_is_unauthenticated()¶
- async establish_context(wire, underlying_address, underlying_proxy_scheme, underlying_uri_host, logger)¶
- class aiocoap.edhoc.EdhocInitiatorContext(initiator, c_ours, c_theirs, cred_i_mode, logger)¶
Bases:
_EdhocContextBaseAn OSCORE context that is derived from an EDHOC exchange.
It does not require that the EDHOC exchange has completed – it can be set up by an initiator already when message 2 has been received, prepares a message 3 at setup time, and sends it with the first request that is sent through it.
- message_3_to_include() bytes | None¶
An encoded message_3 to include in outgoing messages
This may modify self to only return something once.
- class aiocoap.edhoc.EdhocResponderContext(responder, c_i, c_r, server_credentials, logger)¶
Bases:
_EdhocContextBase- message_3_to_include() bytes | None¶
An encoded message_3 to include in outgoing messages
This may modify self to only return something once.
- get_oscore_context_for(unprotected)¶
Return a sutiable context (most easily self) for an incoming request if its unprotected data (COSE_KID, COSE_KID_CONTEXT) fit its description. If it doesn’t match, it returns None.
The default implementation just strictly checks for whether kid and any kid context match (not matching if a local KID context is set but none is given in the request); modes like Group OSCORE can spin up aspect objects here.
- find_all_used_contextless_oscore_kid() set[bytes]¶
- protect(*args, **kwargs)¶
Given a plain CoAP message, create a protected message that contains message’s options in the inner or outer CoAP message as described in OSCOAP.
If the message is a response to a previous message, the additional data from unprotecting the request are passed in as request_id. When request data is present, its partial IV is reused if possible. The security context’s ID context is encoded in the resulting message unless kid_context is explicitly set to a False; other values for the kid_context can be passed in as byte string in the same parameter.
- unprotect(protected_message, request_id=None)¶
- class aiocoap.edhoc.OwnCredStyle(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)¶
Bases:
EnumGuidance for how the own credential should be sent in an EDHOC exchange
- ByKeyId = 'by-key-id'¶
- ByValue = 'by-value'¶
- as_lakers()¶
Convert the enum into Lakers’ reepresentation of the same concept.
The types may eventually be unified, but so far, Lakers doesn’t make the distinctions we expect to make yet.
