Documentation ¶
Overview ¶
Package crypto implements LoRaWAN crypto.
Package crypto implements LoRaWAN crypto.
Index ¶
- func ComputeDownlinkMIC(key types.AES128Key, addr types.DevAddr, confFCnt uint32, fCnt uint32, ...) ([4]byte, error)
- func ComputeJoinAcceptMIC(jsIntKey types.AES128Key, joinReqType byte, joinEUI types.EUI64, ...) ([4]byte, error)
- func ComputeJoinRequestMIC(key types.AES128Key, payload []byte) ([4]byte, error)
- func ComputeLegacyDownlinkMIC(key types.AES128Key, addr types.DevAddr, fCnt uint32, payload []byte) ([4]byte, error)
- func ComputeLegacyJoinAcceptMIC(key types.AES128Key, payload []byte) ([4]byte, error)
- func ComputeLegacyUplinkMIC(key types.AES128Key, addr types.DevAddr, fCnt uint32, payload []byte) ([4]byte, error)
- func ComputePingOffset(beaconTime uint32, devAddr types.DevAddr, pingPeriod uint16) (uint16, error)
- func ComputeRejoinRequestMIC(key types.AES128Key, payload []byte) ([4]byte, error)
- func ComputeUplinkMIC(sNwkSIntKey, fNwkSIntKey types.AES128Key, confFCnt uint32, txDRIdx uint8, ...) ([4]byte, error)
- func ComputeUplinkMICFromLegacy(cmacF [4]byte, sNwkSIntKey types.AES128Key, confFCnt uint32, txDRIdx uint8, ...) ([4]byte, error)
- func Decrypt(key types.AES128Key, encrypted []byte) ([]byte, error)
- func DecryptDownlink(key types.AES128Key, addr types.DevAddr, fCnt uint32, payload []byte, ...) ([]byte, error)
- func DecryptJoinAccept(key types.AES128Key, encrypted []byte) ([]byte, error)
- func DecryptUplink(key types.AES128Key, addr types.DevAddr, fCnt uint32, payload []byte, ...) ([]byte, error)
- func DeriveAppSKey(key types.AES128Key, jn types.JoinNonce, joinEUI types.EUI64, ...) types.AES128Key
- func DeriveFNwkSIntKey(nwkKey types.AES128Key, jn types.JoinNonce, joinEUI types.EUI64, ...) types.AES128Key
- func DeriveJSEncKey(key types.AES128Key, devEUI types.EUI64) types.AES128Key
- func DeriveJSIntKey(key types.AES128Key, devEUI types.EUI64) types.AES128Key
- func DeriveLegacyAppSKey(key types.AES128Key, jn types.JoinNonce, nid types.NetID, dn types.DevNonce) types.AES128Key
- func DeriveLegacyNwkSKey(appKey types.AES128Key, jn types.JoinNonce, nid types.NetID, dn types.DevNonce) types.AES128Key
- func DeriveNwkSEncKey(nwkKey types.AES128Key, jn types.JoinNonce, joinEUI types.EUI64, ...) types.AES128Key
- func DeriveRootWorSKey(nwkSEncKey types.AES128Key) types.AES128Key
- func DeriveSNwkSIntKey(nwkKey types.AES128Key, jn types.JoinNonce, joinEUI types.EUI64, ...) types.AES128Key
- func Encrypt(key types.AES128Key, plaintext []byte) ([]byte, error)
- func EncryptDownlink(key types.AES128Key, addr types.DevAddr, fCnt uint32, payload []byte, ...) ([]byte, error)
- func EncryptJoinAccept(key types.AES128Key, payload []byte) ([]byte, error)
- func EncryptUplink(key types.AES128Key, addr types.DevAddr, fCnt uint32, payload []byte, ...) ([]byte, error)
- func HMACHash(key types.AES128Key, payload []byte) ([]byte, error)
- func RegisterCacheHit(ctx context.Context, cache CacheKey)
- func RegisterCacheMiss(ctx context.Context, cache CacheKey)
- func UnwrapKey(ciphertext, kek []byte) ([]byte, error)
- func WrapKey(plaintext, kek []byte) ([]byte, error)
- type CacheKey
- type ComponentKEKLabeler
- type EncryptionOption
- type KeyService
- type KeyVault
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ComputeDownlinkMIC ¶
func ComputeDownlinkMIC(key types.AES128Key, addr types.DevAddr, confFCnt uint32, fCnt uint32, payload []byte) ([4]byte, error)
ComputeDownlinkMIC computes the Downlink Message Integrity Code. - The payload contains MHDR | FHDR | FPort | FRMPayload - If this downlink has the ACK bit set, confFCnt must be set to the FCnt of the last uplink - The SNwkSIntKey is used
func ComputeJoinAcceptMIC ¶
func ComputeJoinAcceptMIC(jsIntKey types.AES128Key, joinReqType byte, joinEUI types.EUI64, dn types.DevNonce, payload []byte) ([4]byte, error)
ComputeJoinAcceptMIC computes the Message Integrity Code for a join-accept message - The payload contains MHDR | JoinNonce | NetID | DevAddr | DLSettings | RxDelay | (CFList | CFListType) - the joinReqType is 0xFF in reply to a join-request or the rejoin type in reply to a RejoinRequest
func ComputeJoinRequestMIC ¶
ComputeJoinRequestMIC computes the Message Integrity Code for a join-request message - The payload contains MHDR | JoinEUI/AppEUI | DevEUI | DevNonce - In LoRaWAN 1.0, the AppKey is used - In LoRaWAN 1.1, the NwkKey is used
func ComputeLegacyDownlinkMIC ¶
func ComputeLegacyDownlinkMIC(key types.AES128Key, addr types.DevAddr, fCnt uint32, payload []byte) ([4]byte, error)
ComputeLegacyDownlinkMIC computes the Downlink Message Integrity Code. - The payload contains MHDR | FHDR | FPort | FRMPayload - The NwkSKey is used
func ComputeLegacyJoinAcceptMIC ¶
ComputeLegacyJoinAcceptMIC computes the Message Integrity Code for a join-accept message - The payload contains MHDR | JoinNonce/AppNonce | NetID | DevAddr | DLSettings | RxDelay | (CFList | CFListType) - In LoRaWAN 1.0, the AppKey is used - In LoRaWAN 1.1 with OptNeg=0, the NwkKey is used
func ComputeLegacyUplinkMIC ¶
func ComputeLegacyUplinkMIC(key types.AES128Key, addr types.DevAddr, fCnt uint32, payload []byte) ([4]byte, error)
ComputeLegacyUplinkMIC computes the Uplink Message Integrity Code. - The payload contains MHDR | FHDR | FPort | FRMPayload - The NwkSKey is used
func ComputePingOffset ¶
func ComputeRejoinRequestMIC ¶
ComputeRejoinRequestMIC computes the Message Integrity Code for a RejoinRequest message - For a type 0 or 2 RejoinRequest, the payload contains MHDR | RejoinType | NetID | DevEUI | RJcount0 - For a type 0 or 2 RejoinRequest, the SNwkSIntKey is used - For a type 1 RejoinRequest, the payload contains MHDR | RejoinType | JoinEUI | DevEUI | RJcount1 - For a type 1 RejoinRequest, the JSIntKey is used
func ComputeUplinkMIC ¶
func ComputeUplinkMIC(sNwkSIntKey, fNwkSIntKey types.AES128Key, confFCnt uint32, txDRIdx uint8, txChIdx uint8, addr types.DevAddr, fCnt uint32, payload []byte) ([4]byte, error)
ComputeUplinkMIC computes the Uplink Message Integrity Code. - The payload contains MHDR | FHDR | FPort | FRMPayload - If this uplink has the ACK bit set, confFCnt must be set to the FCnt of the last downlink.
func ComputeUplinkMICFromLegacy ¶ added in v3.9.2
func ComputeUplinkMICFromLegacy(cmacF [4]byte, sNwkSIntKey types.AES128Key, confFCnt uint32, txDRIdx uint8, txChIdx uint8, addr types.DevAddr, fCnt uint32, payload []byte) ([4]byte, error)
ComputeUplinkMICFromLegacy computes the Uplink Message Integrity Code from legacy MIC. - The payload contains MHDR | FHDR | FPort | FRMPayload - If this uplink has the ACK bit set, confFCnt must be set to the FCnt of the last downlink.
func Decrypt ¶ added in v3.9.0
Decrypt decrypts an encrypted message. Uses AES128 keys in GCM (Galois/Counter Mode).
func DecryptDownlink ¶
func DecryptDownlink(key types.AES128Key, addr types.DevAddr, fCnt uint32, payload []byte, opts ...EncryptionOption) ([]byte, error)
DecryptDownlink decrypts a downlink payload - The payload contains the FRMPayload bytes - For FPort>0, the AppSKey is used - For FPort=0, the NwkSEncKey/NwkSKey is used
func DecryptJoinAccept ¶
DecryptJoinAccept uses AES Encrypt to decrypt a join-accept message - The returned payload contains JoinNonce/AppNonce | NetID | DevAddr | DLSettings | RxDelay | (CFList | CFListType) | MIC - In LoRaWAN 1.0, the AppKey is used - In LoRaWAN 1.1, the NwkKey or JSEncKey is used
func DecryptUplink ¶
func DecryptUplink(key types.AES128Key, addr types.DevAddr, fCnt uint32, payload []byte, opts ...EncryptionOption) ([]byte, error)
DecryptUplink decrypts an uplink payload - The payload contains the FRMPayload bytes - For FPort>0, the AppSKey is used - For FPort=0, the NwkSEncKey/NwkSKey is used
func DeriveAppSKey ¶
func DeriveAppSKey(key types.AES128Key, jn types.JoinNonce, joinEUI types.EUI64, dn types.DevNonce) types.AES128Key
DeriveAppSKey derives the LoRaWAN Application Session Key - If a LoRaWAN 1.1 device joins a LoRaWAN 1.1 network, the AppKey is used as "key"
func DeriveFNwkSIntKey ¶
func DeriveFNwkSIntKey(nwkKey types.AES128Key, jn types.JoinNonce, joinEUI types.EUI64, dn types.DevNonce) types.AES128Key
DeriveFNwkSIntKey derives the LoRaWAN 1.1 Forwarding Network Session Integrity Key
func DeriveJSEncKey ¶
DeriveJSEncKey derives the Join Server Encryption Key
func DeriveJSIntKey ¶
DeriveJSIntKey derives the Join Server Integrity Key
func DeriveLegacyAppSKey ¶
func DeriveLegacyAppSKey(key types.AES128Key, jn types.JoinNonce, nid types.NetID, dn types.DevNonce) types.AES128Key
DeriveLegacyAppSKey derives the LoRaWAN Application Session Key - If a LoRaWAN 1.0 device joins a LoRaWAN 1.0/1.1 network, the AppKey is used as "key" - If a LoRaWAN 1.1 device joins a LoRaWAN 1.0 network, the NwkKey is used as "key"
func DeriveLegacyNwkSKey ¶
func DeriveLegacyNwkSKey(appKey types.AES128Key, jn types.JoinNonce, nid types.NetID, dn types.DevNonce) types.AES128Key
DeriveLegacyNwkSKey derives the LoRaWAN 1.0 Network Session Key. AppNonce is entered as JoinNonce. - If a LoRaWAN 1.0 device joins a LoRaWAN 1.0/1.1 network, the AppKey is used as "key" - If a LoRaWAN 1.1 device joins a LoRaWAN 1.0 network, the NwkKey is used as "key"
func DeriveNwkSEncKey ¶
func DeriveNwkSEncKey(nwkKey types.AES128Key, jn types.JoinNonce, joinEUI types.EUI64, dn types.DevNonce) types.AES128Key
DeriveNwkSEncKey derives the LoRaWAN 1.1 Network Session Encryption Key
func DeriveRootWorSKey ¶ added in v3.28.1
DeriveRootWorSKey derives the root relay session key.
func DeriveSNwkSIntKey ¶
func DeriveSNwkSIntKey(nwkKey types.AES128Key, jn types.JoinNonce, joinEUI types.EUI64, dn types.DevNonce) types.AES128Key
DeriveSNwkSIntKey derives the LoRaWAN 1.1 Serving Network Session Integrity Key
func Encrypt ¶ added in v3.9.0
Encrypt encrypts a plain text message. Uses AES128 keys in GCM (Galois/Counter Mode). Since GCM uses a nonce, the encrypted message will be different each time the operation is run for the same set of inputs. The returned cipher is in the format |nonce(12)|tag(16)|encrypted(plaintextLen)|.
func EncryptDownlink ¶
func EncryptDownlink(key types.AES128Key, addr types.DevAddr, fCnt uint32, payload []byte, opts ...EncryptionOption) ([]byte, error)
EncryptDownlink encrypts a downlink payload - The payload contains the FRMPayload bytes - For FPort>0, the AppSKey is used - For FPort=0, the NwkSEncKey/NwkSKey is used
func EncryptJoinAccept ¶
EncryptJoinAccept uses AES Decrypt to encrypt a join-accept message - The payload contains JoinNonce/AppNonce | NetID | DevAddr | DLSettings | RxDelay | (CFList | CFListType) | MIC - In LoRaWAN 1.0, the AppKey is used - In LoRaWAN 1.1, the NwkKey is used in reply to a JoinRequest - In LoRaWAN 1.1, the JSEncKey is used in reply to a RejoinRequest (type 0,1,2)
func EncryptUplink ¶
func EncryptUplink(key types.AES128Key, addr types.DevAddr, fCnt uint32, payload []byte, opts ...EncryptionOption) ([]byte, error)
EncryptUplink encrypts an uplink payload - The payload contains the FRMPayload bytes - For FPort>0, the AppSKey is used - For FPort=0, the NwkSEncKey/NwkSKey is used
func HMACHash ¶ added in v3.22.0
HMACHash calculates the Keyed-Hash Message Authentication Code (HMAC, RFC 2104) hash of the data.
func RegisterCacheHit ¶ added in v3.9.0
RegisterCacheHit registers a cache hit for the provided cache.
func RegisterCacheMiss ¶ added in v3.9.0
RegisterCacheMiss registers a cache miss for the provided cache.
Types ¶
type ComponentKEKLabeler ¶
type ComponentKEKLabeler interface { NsKEKLabel(ctx context.Context, netID *types.NetID, addr string) string AsKEKLabel(ctx context.Context, addr string) string }
ComponentKEKLabeler provides KEK labels for components.
type EncryptionOption ¶ added in v3.19.2
type EncryptionOption func(*encryptionOptions)
EncryptionOption encapsulates custom LoRaWAN encryption options.
func WithFrameTypeConstant ¶ added in v3.19.2
func WithFrameTypeConstant(identifier [4]byte) EncryptionOption
WithFrameTypeConstant specifies which bytes are to be used for positions [1:5] during encryption. These 4 bytes uniquely identify the frame type in order to avoid collisions between different frames which may have the same counter values. See the `FOpts Encryption, Usage of FCntDwn Errata on the LoRaWAN L2 1.1 Specification` erratum for more details on why these collisions may be an issue and which values are used by different frame types. In the absence of this option, the constant [0x00, 0x00, 0x00, 0x00] is used.
type KeyService ¶ added in v3.24.0
type KeyService interface { // Wrap implements the RFC 3394 AES Key Wrap algorithm. Only keys of 16, 24 or 32 bytes are accepted. // Keys are referenced using the KEK labels. Wrap(ctx context.Context, plaintext []byte, kekLabel string) ([]byte, error) // Unwrap implements the RFC 3394 AES Key Unwrap algorithm. Only keys of 16, 24 or 32 bytes are accepted. // Keys are referenced using the KEK labels. Unwrap(ctx context.Context, ciphertext []byte, kekLabel string) ([]byte, error) // Encrypt encrypts messages of variable length using AES 128 GCM. // The encryption key is referenced using the label. Encrypt(ctx context.Context, plaintext []byte, label string) ([]byte, error) // Decrypt decrypts messages of variable length using AES 128 GCM. // The encryption key is referenced using the label. Decrypt(ctx context.Context, ciphertext []byte, label string) ([]byte, error) // ServerCertificate returns the X.509 certificate and private key of the given label. ServerCertificate(ctx context.Context, label string) (tls.Certificate, error) // ClientCertificate returns the X.509 client certificate and private key. // If the label is empty, the default client certificate is returned. This can be an issued certificate or a // self-signed certificate, depending on the underlying key vault. // If the label is not empty, the certificate with the given label is returned. ClientCertificate(ctx context.Context, label string) (tls.Certificate, error) // HMACHash calculates the Keyed-Hash Message Authentication Code (HMAC, RFC 2104) hash of the data. // The AES key used for hashing is referenced using the label. HMACHash(ctx context.Context, payload []byte, label string) ([]byte, error) }
KeyService provides common cryptographic operations.
func NewKeyService ¶ added in v3.24.0
func NewKeyService(vault KeyVault) KeyService
NewKeyService returns a new KeyService.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package cryptoservices implements services for LoRaWAN cryptograhpy.
|
Package cryptoservices implements services for LoRaWAN cryptograhpy. |
Package cryptoutil implements cryptography utilities.
|
Package cryptoutil implements cryptography utilities. |