Introduction

About libedhoc

libedhoc is a C implementation of the EDHOC protocol — a lightweight authenticated key exchange designed for IoT and constrained devices. It provides mutual authentication, forward secrecy and identity protection. EDHOC is standardised by the IETF as RFC 9528 and the implementation has been tested for conformance with RFC 9529. A main use case is to bootstrap an OSCORE security context.

For a quick read-through of the protocol concepts see Concepts at a Glance; to get something running, jump straight to Quick Start.

Features

• Context-based API: all operations use a context handle for safe access control.

• CoAP-friendly message composition and processing.

• Dedicated API for exporting cryptographic material to establish OSCORE sessions.

• Clear separation of concerns with distinct interfaces for:

  • cryptographic keys,

  • cryptographic operations,

  • authentication credentials,

  • external authorization data (EAD).

• Secure key handling: private authentication keys are accessible only by identifier; direct access to raw key material is prohibited.

• CBOR encoding/decoding is fully encapsulated and hidden from the user.

• Predictable memory usage: a build-time memory backend selects stack allocation via the VLA feature (default; no heap allocations), a heap backend (calloc / k_calloc), or a custom allocator.

• Code quality verified with static analysis (cppcheck, clang-tidy) and dynamic analysis (Valgrind, ASan, UBSan, LibFuzzer).

• Native Zephyr RTOS support with a west manifest for seamless integration.

EDHOC methods

Supported authentication methods.

Value	Initiator authentication key	Responder authentication key
0	Signature key	Signature key
1	Signature key	Static DH key
2	Static DH key	Signature key
3	Static DH key	Static DH key

EDHOC cipher suites

Supported cipher suites implemented in the library.

Value	Array	Description
0	10, -16, 8, 4, -8, 10, -16	AES-CCM-16-64-128, SHA-256, 8, X25519, EdDSA, AES-CCM-16-64-128, SHA-256
2	10, -16, 8, 1, -7, 10, -16	AES-CCM-16-64-128, SHA-256, 8, P-256, ES256, AES-CCM-16-64-128, SHA-256
24	3, -43, 16, 2, -35, 3, -43	A256GCM, SHA-384, 16, P-384, ES384, A256GCM, SHA-384

Authentication credentials

Supported credential identifications from the COSE IANA registry.

Label	Name	Description
4	kid	Key identifier
33	x5chain	An ordered chain of X.509 certificates
34	x5t	Hash of an X.509 certificate

The authentication credentials interface provides the following benefits:

1. Flexible credential verification: the application controls the verification logic and decides what to persist in its own context.

2. Support for Certificate Revocation Lists (CRL).

3. Extensibility for additional authorization-specific checks as needed.

Where next?

• Concepts at a Glance — the EDHOC mental model.

• Quick Start — a minimal handshake in code.

• Protocol Flow — full CoAP + EDHOC message exchange.

• API Reference — complete API reference.