py-edhoc:snake: -- Ephemeral Diffie-Hellman Over COSE
This project provides a Python implementation of the EDHOC key exchange protocol for constrained devices. Currently the protocol is still in draft status at the IETF.
The repository provides an implementation of:
https://datatracker.ietf.org/doc/html/draft-ietf-lake-edhoc-01- https://datatracker.ietf.org/doc/html/draft-ietf-lake-edhoc-05
Installation
$ pip install edhocRunning the test suite
The py-edhoc test suite is based on the official test vectors provided by the LAKE working group.
To run the test suite you'll need pytest:
$ pip install pytestWhen you move to the root of the py-edhoc project you can run the test by simply typing:
$ pytestSupported Cipher Suites
| Cipher Suites | COSE algorithms | Support |
|---|---|---|
| SUITE 0 | (AES-CCM-16-64-128, SHA-256, X25519, EdDSA, Ed25519, AES-CCM-16-64-128, SHA-256) | :heavy_check_mark: |
| SUITE 1 | (AES-CCM-16-128-128, SHA-256, X25519, EdDSA, Ed25519, AES-CCM-16-64-128, SHA-256) | :heavy_check_mark: |
| SUITE 2 | (AES-CCM-16-64-128, SHA-256, P-256, ES256, P-256, AES-CCM-16-64-128, SHA-256) | :x: |
| SUITE 3 | (AES-CCM-16-128-128, SHA-256, P-256, ES256, P-256, AES-CCM-16-64-128, SHA-256) | :x: |
Authentication Methods
| Method | Support |
|---|---|
| SIGN-SIGN | :heavy_check_mark: |
| STATIC-SIGN | :heavy_check_mark: |
| SIGN-STATIC | :heavy_check_mark: |
| STATIC-STATIC | :heavy_check_mark: |
Cryptography
The project depends on the python cose package. cose uses pyca/cryptography for all cryptographic operations, except the deterministic ECDSA algorithm. For deterministic ECDSA cose uses python-ecdsa.