Merge pull request #12 from jimsch/master

Add more HMAC examples to the test cycle
cose-wg · Jan 2, 2016 · 1058ade · 1058ade
2 parents 5014f07 + b503c3c
commit 1058ade
Show file tree

Hide file tree

Showing 9 changed files with 472 additions and 28 deletions.
diff --git a/dumper/dumper.c b/dumper/dumper.c
@@ -343,7 +343,7 @@ void DumpTree(const cn_cbor * cbor, FILE * out, const FOO *pFOO, int depth, int
 		group = 0;
 		for (i = 0; i < cbor->length; i+=2, cbor2 = cbor2->next->next) {
 			if ((cbor2->type == CN_CBOR_UINT) && (cbor2->v.uint == 1)) {
-				group = cbor2->next->v.uint;
+				group = (int) cbor2->next->v.uint;
 				break;
 			}
 		}

diff --git a/src/MacMessage.c b/src/MacMessage.c
@@ -284,10 +284,26 @@ bool COSE_Mac_encrypt(HCOSE_MAC h, cose_errback * perr)
 	//  Get the key size
 
 	switch (alg) {
+	case COSE_Algorithm_CBC_MAC_128_64:
+	case COSE_Algorithm_CBC_MAC_128_128:
+		cbitKey = 128;
+		break;
+
+	case COSE_Algorithm_CBC_MAC_256_64:
+	case COSE_Algorithm_CBC_MAC_256_128:
+	case COSE_Algorithm_HMAC_256_64:
 	case COSE_Algorithm_HMAC_256_256:
 		cbitKey = 256;
 		break;
 
+	case COSE_Algorithm_HMAC_384_384:
+		cbitKey = 384;
+		break;
+
+	case COSE_Algorithm_HMAC_512_512:
+		cbitKey = 512;
+		break;
+
 	default:
 		FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
 	}
@@ -369,12 +385,40 @@ bool COSE_Mac_encrypt(HCOSE_MAC h, cose_errback * perr)
 	CHECK_CONDITION(cn_cbor_encoder_write(pbAuthData, 0, cbAuthData, pAuthData) == cbAuthData, COSE_ERR_CBOR);
 
 	switch (alg) {
+	case COSE_Algorithm_CBC_MAC_128_64:
+		if (!AES_CBC_MAC_Create(pcose, 128, 64, pbAuthData, cbAuthData, perr)) goto errorReturn;
+		break;
+
+	case COSE_Algorithm_CBC_MAC_128_128:
+		if (!AES_CBC_MAC_Create(pcose, 128, 128, pbAuthData, cbAuthData, perr)) goto errorReturn;
+		break;
+
+	case COSE_Algorithm_CBC_MAC_256_64:
+		if (!AES_CBC_MAC_Create(pcose, 256, 64, pbAuthData, cbAuthData, perr)) goto errorReturn;
+		break;
+
+	case COSE_Algorithm_CBC_MAC_256_128:
+		if (!AES_CBC_MAC_Create(pcose, 256, 128, pbAuthData, cbAuthData, perr)) goto errorReturn;
+		break;
+
+	case COSE_Algorithm_HMAC_256_64:
+		if (!HMAC_Create(pcose, 256, 64, pbAuthData, cbAuthData, perr)) goto errorReturn;
+		break;
+
 	case COSE_Algorithm_HMAC_256_256:
 		if (!HMAC_Create(pcose, 256, 256, pbAuthData, cbAuthData, perr)) goto errorReturn;
 		break;
 
+	case COSE_Algorithm_HMAC_384_384:
+		if (!HMAC_Create(pcose, 384, 384, pbAuthData, cbAuthData, perr)) goto errorReturn;
+		break;
+
+	case COSE_Algorithm_HMAC_512_512:
+		if (!HMAC_Create(pcose, 512, 512, pbAuthData, cbAuthData, perr)) goto errorReturn;
+		break;
+
 	default:
-		return false;
+		FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
 	}
 
 	for (pri = pcose->m_recipientFirst; pri != NULL; pri = pri->m_recipientNext) {
@@ -429,30 +473,34 @@ bool COSE_Mac_validate(HCOSE_MAC h, HCOSE_RECIPIENT hRecip, cose_errback * perr)
 	if (cn == NULL) goto errorReturn;
 
 	if (cn->type == CN_CBOR_TEXT) {
-		if (cn->length == 14) {
-			if (strncmp(cn->v.str, "AES-MAC-256/64", 14) == 0) {
-				cbitKey = 256;
-				alg = COSE_Int_Alg_AES_CBC_MAC_256_64;
-			}
-			else {
-				FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
-			}
-		}
-		else {
 			FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
-		}
 	}
 	else {
 		CHECK_CONDITION((cn->type == CN_CBOR_UINT || cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
 
 		alg = (int)cn->v.uint;
 
 		switch (alg) {
+		case COSE_Algorithm_CBC_MAC_128_64:
+		case COSE_Algorithm_CBC_MAC_128_128:
+			cbitKey = 128;
+			break;
+
+		case COSE_Algorithm_CBC_MAC_256_64:
+		case COSE_Algorithm_CBC_MAC_256_128:
+		case COSE_Algorithm_HMAC_256_64:
 		case COSE_Algorithm_HMAC_256_256:
 			cbitKey = 256;
 			break;
 
-		case COSE_Int_Alg_AES_CBC_MAC_256_64:
+		case COSE_Algorithm_HMAC_384_384:
+			cbitKey = 384;
+			break;
+
+		case COSE_Algorithm_HMAC_512_512:
+			cbitKey = 512;
+			break;
+
 		default:
 			FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
 			break;
@@ -514,10 +562,34 @@ bool COSE_Mac_validate(HCOSE_MAC h, HCOSE_RECIPIENT hRecip, cose_errback * perr)
 		if (!HMAC_Validate(pcose, 256, 256, pbAuthData, cbAuthData, perr)) goto errorReturn;
 		break;
 
-	case COSE_Int_Alg_AES_CBC_MAC_256_64:
+	case COSE_Algorithm_HMAC_256_64:
+		if (!HMAC_Validate(pcose, 256, 64, pbAuthData, cbAuthData, perr)) goto errorReturn;
+		break;
+
+	case COSE_Algorithm_HMAC_384_384:
+		if (!HMAC_Validate(pcose, 384, 384, pbAuthData, cbAuthData, perr)) goto errorReturn;
+		break;
+
+	case COSE_Algorithm_HMAC_512_512:
+		if (!HMAC_Validate(pcose, 512, 512, pbAuthData, cbAuthData, perr)) goto errorReturn;
+		break;
+
+	case COSE_Algorithm_CBC_MAC_128_64:
+		if (!AES_CBC_MAC_Validate(pcose, 128, 64, pbAuthData, cbAuthData, perr)) goto errorReturn;
+		break;
+
+	case COSE_Algorithm_CBC_MAC_128_128:
+		if (!AES_CBC_MAC_Validate(pcose, 128, 128, pbAuthData, cbAuthData, perr)) goto errorReturn;
+		break;
+
+	case COSE_Algorithm_CBC_MAC_256_64:
 		if (!AES_CBC_MAC_Validate(pcose, 256, 64, pbAuthData, cbAuthData, perr)) goto errorReturn;
 		break;
 
+	case COSE_Algorithm_CBC_MAC_256_128:
+		if (!AES_CBC_MAC_Validate(pcose, 256, 128, pbAuthData, cbAuthData, perr)) goto errorReturn;
+		break;
+
 	default:
 		FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
 		break;
@@ -543,6 +615,24 @@ bool COSE_Mac_validate(HCOSE_MAC h, HCOSE_RECIPIENT hRecip, cose_errback * perr)
 	return false;
 }
 
+bool COSE_Mac_AddRecipient(HCOSE_MAC hMac, HCOSE_RECIPIENT hRecip, cose_errback * perr)
+{
+	COSE_RecipientInfo * pRecip;
+	COSE_MacMessage * pMac;
+
+	CHECK_CONDITION(IsValidMacHandle(hMac), COSE_ERR_INVALID_PARAMETER);
+	CHECK_CONDITION(IsValidRecipientHandle(hRecip), COSE_ERR_INVALID_PARAMETER);
+
+	pMac = (COSE_MacMessage *)hMac;
+	pRecip = (COSE_RecipientInfo *)hRecip;
+
+	pRecip->m_recipientNext = pMac->m_recipientFirst;
+	pMac->m_recipientFirst = pRecip;
+	return true;
+
+errorReturn:
+	return false;
+}
 
 
 HCOSE_RECIPIENT COSE_Mac_GetRecipient(HCOSE_MAC cose, int iRecipient, cose_errback * perr)

diff --git a/src/Recipient.c b/src/Recipient.c
@@ -12,6 +12,34 @@ bool IsValidRecipientHandle(HCOSE_RECIPIENT h)
 	return true;
 }
 
+HCOSE_RECIPIENT COSE_Recipient_Init(CBOR_CONTEXT_COMMA cose_errback * perror)
+{
+	COSE_RecipientInfo * pobj = (COSE_RecipientInfo *)COSE_CALLOC(1, sizeof(COSE_RecipientInfo), context);
+	if (pobj == NULL) {
+		if (perror != NULL) perror->err = COSE_ERR_OUT_OF_MEMORY;
+		return NULL;
+	}
+
+	if (!_COSE_Init(&pobj->m_encrypt.m_message, COSE_recipient_object, CBOR_CONTEXT_PARAM_COMMA perror)) {
+		COSE_Recipient_Free((HCOSE_RECIPIENT)pobj);
+		return NULL;
+	}
+
+	return (HCOSE_RECIPIENT)pobj;
+}
+
+bool COSE_Recipient_Free(HCOSE_RECIPIENT hRecipient)
+{
+	if (IsValidRecipientHandle(hRecipient)) {
+
+		_COSE_Recipient_Free((COSE_RecipientInfo *)hRecipient);
+		return true;
+	}
+
+	return false;
+}
+
+
 HCOSE_RECIPIENT COSE_Encrypt_GetRecipient(HCOSE_ENCRYPT cose, int iRecipient, cose_errback * perr)
 {
 	int i;
@@ -161,17 +189,28 @@ byte * _COSE_RecipientInfo_generateKey(COSE_RecipientInfo * pRecipient, size_t c
 	int alg;
 	const cn_cbor * cn_Alg = _COSE_map_get_int(&pRecipient->m_encrypt.m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
 
-	if (cn_Alg == NULL) return false;
-	if ((cn_Alg->type != CN_CBOR_UINT) && (cn_Alg->type != CN_CBOR_INT)) return false;
+	CHECK_CONDITION(cn_Alg != NULL, COSE_ERR_INVALID_PARAMETER);
+	CHECK_CONDITION((cn_Alg->type == CN_CBOR_UINT) || (cn_Alg->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
 	alg = (int)cn_Alg->v.uint;
 
 	switch (alg) {
 	case COSE_Algorithm_Direct:
 	{
-		if (pRecipient->m_encrypt.cbKey != cbitKeySize / 8) return NULL;
-		byte * pb = (byte *)malloc(cbitKeySize / 8);
-		if (pb == NULL) return NULL;
-		memcpy(pb, pRecipient->m_encrypt.pbKey, cbitKeySize / 8);
+		byte * pb;
+		if (pRecipient->m_pkey != NULL) {
+			const cn_cbor * pK = cn_cbor_mapget_int(pRecipient->m_pkey, -1);
+			CHECK_CONDITION((pK != NULL) && (pK->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
+			CHECK_CONDITION(pK->length == cbitKeySize / 8, COSE_ERR_INVALID_PARAMETER);
+			pb = COSE_CALLOC(cbitKeySize / 8, 1, &pRecipient->m_encrypt.m_message.m_allocContext);
+			CHECK_CONDITION(pb != NULL, COSE_ERR_OUT_OF_MEMORY);
+			memcpy(pb, pK->v.bytes, cbitKeySize / 8);
+		}
+		else {
+			if (pRecipient->m_encrypt.cbKey != cbitKeySize / 8) return NULL;
+			pb = (byte *)malloc(cbitKeySize / 8);
+			if (pb == NULL) return NULL;
+			memcpy(pb, pRecipient->m_encrypt.pbKey, cbitKeySize / 8);
+		}
 		return pb;
 	}
 	break;
@@ -185,6 +224,9 @@ byte * _COSE_RecipientInfo_generateKey(COSE_RecipientInfo * pRecipient, size_t c
 	default:
 		return NULL;
 	}
+
+errorReturn:
+	return NULL;
 }
 
 bool COSE_Recipient_SetKey_secret(HCOSE_RECIPIENT h, const byte * pbKey, int cbKey, cose_errback * perror)
@@ -219,8 +261,42 @@ bool COSE_Recipient_SetKey(HCOSE_RECIPIENT h, const cn_cbor * pKey, cose_errback
 		return false;
 	}
 
+
+
 	p = (COSE_RecipientInfo *)h;
 	p->m_pkey = pKey;
 
 	return true;
 }
+
+bool COSE_Recipient_map_put(HCOSE_RECIPIENT h, int key, cn_cbor * value, int flags, cose_errback * perror)
+{
+	if (!IsValidRecipientHandle(h) || (value == NULL)) {
+		if (perror != NULL) perror->err = COSE_ERR_INVALID_PARAMETER;
+		return false;
+	}
+
+	if (!_COSE_map_put(&((COSE_RecipientInfo *)h)->m_encrypt.m_message, key, value, flags, perror)) return false;
+
+	if (key == COSE_Header_Algorithm) {
+		if (value->type == CN_CBOR_INT) {
+			switch (value->v.uint) {
+			case COSE_Algorithm_Direct:
+			case COSE_Algorithm_ECDH_ES_HKDF_256:
+			case COSE_Algorithm_ECDH_ES_HKDF_512:
+				((COSE_RecipientInfo *)h)->m_encrypt.m_message.m_flags |= 1;
+				break;
+
+			default:
+				((COSE_RecipientInfo *)h)->m_encrypt.m_message.m_flags &= ~1;
+				break;
+			}
+		}
+		else {
+			((COSE_RecipientInfo *)h)->m_encrypt.m_message.m_flags &= ~1;
+		}
+	}
+
+	return true;
+}
+
diff --git a/src/cose.h b/src/cose.h
@@ -46,7 +46,8 @@ typedef enum {
 	COSE_enveloped_object = 992,
 	COSE_encrypted_object = 993,
 	COSE_mac_object = 994,
-	COSE_mac0_object = 996
+	COSE_mac0_object = 996,
+	COSE_recipient_object = -1
 } COSE_object_type;
 
 //  Generic functions for the COSE library
@@ -76,6 +77,14 @@ typedef enum {
 
 typedef enum {
 	COSE_Algorithm_HMAC_256_256 = 4,
+	COSE_Algorithm_HMAC_384_384 = 5,
+	COSE_Algorithm_HMAC_512_512 = 6,
+	COSE_Algorithm_HMAC_256_64 = 7,
+
+	COSE_Algorithm_CBC_MAC_128_64 = 14,
+	COSE_Algorithm_CBC_MAC_256_64 = 15,
+	COSE_Algorithm_CBC_MAC_128_128 = 25,
+	COSE_Algorithm_CBC_MAC_256_128 = 26,
 
 	COSE_Algorithm_AES_CCM_16_64_128 = 10,
 	COSE_Algorithm_AES_CCM_16_64_256 = 11,
@@ -132,9 +141,17 @@ bool COSE_Encrypt_decrypt(HCOSE_ENCRYPT, HCOSE_RECIPIENT, cose_errback * perr);
 HCOSE_RECIPIENT COSE_Encrypt_add_shared_secret(HCOSE_ENCRYPT cose, COSE_Algorithms algId, byte * rgbKey, int cbKey, byte * rgbKid, int cbKid, cose_errback * perr);
 
 HCOSE_RECIPIENT COSE_Encrypt_GetRecipient(HCOSE_ENCRYPT cose, int iRecipient, cose_errback * perr);
+
+HCOSE_RECIPIENT COSE_Recipient_Init(CBOR_CONTEXT_COMMA cose_errback * perror);
+bool COSE_Recipient_Free(HCOSE_RECIPIENT cose);
 bool COSE_Recipient_SetKey_secret(HCOSE_RECIPIENT h, const byte * rgb, int cb, cose_errback * perr);
 bool COSE_Recipient_SetKey(HCOSE_RECIPIENT h, const cn_cbor * pKey, cose_errback * perror);
 
+bool COSE_Recipient_map_put(HCOSE_RECIPIENT h, int key, cn_cbor * value, int flags, cose_errback * perror);
+cn_cbor * COSE_Recipient_map_get_string(HCOSE_RECIPIENT cose, const char * key, int flags, cose_errback * errp);
+cn_cbor * COSE_Recipient_map_get_int(HCOSE_RECIPIENT cose, int key, int flags, cose_errback * errp);
+
+
 //
 //
 
@@ -150,6 +167,7 @@ bool COSE_Encrypt_SetContent(HCOSE_ENCRYPT cose, const byte * rgbContent, size_t
 
 HCOSE_RECIPIENT COSE_Mac_add_shared_secret(HCOSE_MAC cose, COSE_Algorithms algId, byte * rgbKey, int cbKey, byte * rgbKid, int cbKid, cose_errback * perr);
 
+extern bool COSE_Mac_AddRecipient(HCOSE_MAC hMac, HCOSE_RECIPIENT hRecip, cose_errback * perr);
 HCOSE_RECIPIENT COSE_Mac_GetRecipient(HCOSE_MAC cose, int iRecipient, cose_errback * perr);
 
 //

diff --git a/src/crypto.h b/src/crypto.h
@@ -23,6 +23,8 @@ bool AES_CCM_Decrypt(COSE_Encrypt * pcose, int TSize, int LSize, const byte * pb
 bool AES_CCM_Encrypt(COSE_Encrypt * pcose, int TSize, int LSize, const byte * pbAuthData, int cbAuthData, cose_errback * perr);
 
 extern bool AES_CMAC_Validate(COSE_MacMessage * pcose, int KeySize, int TagSize, const byte * pbAuthData, int cbAuthData, cose_errback * perr);
+
+extern bool AES_CBC_MAC_Create(COSE_MacMessage * pcose, int KeySize, int TagSize, const byte * pbAuthData, int cbAuthData, cose_errback * perr);
 extern bool AES_CBC_MAC_Validate(COSE_MacMessage * pcose, int KeySize, int TagSize, const byte * pbAuthData, int cbAuthData, cose_errback * perr);
 
 /**