E2EESetupRequest1
data class E2EESetupRequest1(val eDeviceKey: CoseKey, val deviceNonce: ByteArray, val signature: EcSignature, val deviceAssertion: DeviceAssertion, val serverState: ByteArray) : CloudSecureAreaProtocol.Command
This is sent by the device in response to the E2EESetupResponse0:
E2EESetupRequest1 = {
"E2EESetupRequest1",
"eDeviceKey" : COSE_Key,
"deviceNonce" : bstr
"signature" : EcSignature
"serverState" : bstr
}Content copied to clipboard
where eDeviceKey, deviceNonce, signature, and serverState are all described in the E2EESetupResponse0 message.
Upon receiving this message the server builds up DataSignedByDevice and checks the signature was made by DeviceBindingKey (as received during registration phase). If this fails, the server shall return HTTP status code 403 (Forbidden).
If the check is successful, the server creates ECloudKey which shall be a EC key using curve P-256. The server then uses CloudBindingKey (created at registration time) to create an ECDSA signature over the bytes of the CBOR
DataSignedByServer = [
COSE_Key, ; ECloudKey.pub
bstr, ; cloudNonce
bstr ; deviceNonce
]Content copied to clipboard
The server proceeds to prepare a E2EESetupResponse1 message.
Constructors
Link copied to clipboard
constructor(eDeviceKey: CoseKey, deviceNonce: ByteArray, signature: EcSignature, deviceAssertion: DeviceAssertion, serverState: ByteArray)