Add no algorithm support for countersign tests

Countersign tests no longer fail if an algorithm is not supported Correct how cmake determines if countersignatures are supported.
cose-wg · Apr 28, 2020 · 1af457e · 1af457e
1 parent f91b7a6
commit 1af457e
Show file tree

Hide file tree

Showing 7 changed files with 200 additions and 50 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -79,6 +79,9 @@ endif()
 if(NOT COSE_C_INCLUDE_SIGN1)
   add_definitions(-DINCLUDE_SIGN1=0)
 endif()
+if (NOT COSE_C_INCLUDE_COUNTERSIGN)
+  add_definitions(-DINCLUDE_COUNTERSIGN=0)
+endif()
 if(COSE_C_USE_CONTEXT)
   add_definitions(-DUSE_CBOR_CONTEXT)
 endif()

diff --git a/include/cose/cose_configure.h b/include/cose/cose_configure.h
@@ -170,7 +170,7 @@
 #define INCLUDE_SIGN1 1
 #endif
 #ifndef INCLUDE_COUNTERSIGNATURE
-#define INCLUDE_COUNTERSIGNATURE 0
+#define INCLUDE_COUNTERSIGNATURE 1
 #endif
 #ifndef INCLUDE_COUNTERSIGNATURE1
 #define INCLUDE_COUNTERSIGNATURE1 0

diff --git a/src/CounterSign.c b/src/CounterSign.c
@@ -41,8 +41,9 @@ COSE_CounterSign* _COSE_CounterSign_Init_From_Object(cn_cbor* cbor,
 	COSE_CounterSign* pobj = pIn;
 
 	cose_errback error = {0};
-	if (perr == NULL)
+	if (perr == NULL) {
 		perr = &error;
+	}
 
 	if (pobj == NULL) {
 		pobj = (COSE_CounterSign*)COSE_CALLOC(
@@ -174,8 +175,9 @@ bool _COSE_CounterSign_create(COSE* pMessage,
 	cn_cbor* pcn = NULL;
 	cn_cbor* pcn2 = NULL;
 
-	if (pMessage->m_counterSigners == NULL)
+	if (pMessage->m_counterSigners == NULL) {
 		return true;
+	}
 
 	//  One or more than one?
 	if (pMessage->m_counterSigners->m_signer.m_signerNext != NULL) {
@@ -199,8 +201,9 @@ bool _COSE_CounterSign_create(COSE* pMessage,
 		CHECK_CONDITION_CBOR(pcnBody != NULL, cbor_err);
 
 		if (!_COSE_Signer_sign(
-				&pSigner->m_signer, pcnBody, pcn2, "CounterSignature", perr))
+				&pSigner->m_signer, pcnBody, pcn2, "CounterSignature", perr)) {
 			goto errorReturn;
+		}
 		pcn = NULL;
 		pcn2 = NULL;
 
@@ -215,18 +218,22 @@ bool _COSE_CounterSign_create(COSE* pMessage,
 	}
 
 	if (!_COSE_map_put(pMessage, COSE_Header_CounterSign, pArray,
-			COSE_UNPROTECT_ONLY, perr))
+			COSE_UNPROTECT_ONLY, perr)) {
 		goto errorReturn;
+	}
 
 	return true;
 
 errorReturn:
-	if (pArray != NULL)
+	if (pArray != NULL) {
 		CN_CBOR_FREE(pArray, context);
-	if ((pcn != NULL) && (pcn->parent != NULL))
+	}
+	if ((pcn != NULL) && (pcn->parent != NULL)) {
 		CN_CBOR_FREE(pcn, context);
-	if ((pcn2 != NULL) && (pcn2->parent != NULL))
+	}
+	if ((pcn2 != NULL) && (pcn2->parent != NULL)) {
 		CN_CBOR_FREE(pcn2, context);
+	}
 	return false;
 }
 
@@ -306,8 +313,9 @@ bool COSE_CounterSign_SetExternal(HCOSE_COUNTERSIGN hcose,
 	cose_errback* perr)
 {
 	if (!IsValidCounterSignHandle(hcose)) {
-		if (perr != NULL)
+		if (perr != NULL) {
 			perr->err = COSE_ERR_INVALID_HANDLE;
+		}
 		return false;
 	}
 
@@ -365,6 +373,35 @@ bool _COSE_CounterSign_Sign(COSE* baseMessage,
 	return fRet;
 }
 
+/*! brief Retrieve header parameter from an enveloped message structure
+ *
+ * Retrieve a header parameter from the message.
+ * Retrieved object is the same as the one in the message - do not delete it
+ *
+ * @param[in]	h	Handle of recipient object
+ * @param[in]    key	Key to look for
+ * @param[in]	flags	What buckets should we look for the message
+ * @param[out]	perror	Location to return error codes
+ * @return	Object which is found or NULL
+ */
+
+cn_cbor* COSE_CounterSign_map_get_int(HCOSE_COUNTERSIGN h,
+	int key,
+	int flags,
+	cose_errback* perror)
+{
+	if (!IsValidCounterSignHandle(h)) {
+		if (perror != NULL) {
+			perror->err = COSE_ERR_INVALID_HANDLE;
+		}
+		return NULL;
+	}
+
+	return _COSE_map_get_int(
+		&((COSE_CounterSign*)h)->m_signer.m_message, key, flags, perror);
+}
+
+
 #if INCLUDE_SIGN
 /***************************************************************************************************
  *

diff --git a/test/encrypt.c b/test/encrypt.c
@@ -36,9 +36,9 @@ bool DecryptMessage(const byte *pbEncoded,
 	HCOSE_RECIPIENT hRecip1 = NULL;
 	HCOSE_RECIPIENT hRecip2 = NULL;
 	bool fRet = false;
-	int type;
+	int type = 0;
 	cose_errback cose_err;
-	cn_cbor *pkey;
+	cn_cbor *pkey = NULL;
 	bool fNoSupport = false;
 
 	hEnc = (HCOSE_ENVELOPED)COSE_Decode(pbEncoded, cbEncoded, &type,
@@ -181,11 +181,13 @@ bool DecryptMessage(const byte *pbEncoded,
 		}
 
 		for (int counterNo = 0; counterNo < count; counterNo++) {
+			bool noSupportSign = false;
+
 			HCOSE_COUNTERSIGN h =
 				COSE_Recipient_get_countersignature(hRecip1, counterNo, 0);
 			if (h == NULL) {
 				fRet = false;
-				goto errorReturn;
+				continue;
 			}
 
 			cn_cbor *counterSigner = cn_cbor_index(
@@ -195,13 +197,23 @@ bool DecryptMessage(const byte *pbEncoded,
 				BuildKey(cn_cbor_mapget_string(counterSigner, "key"), false);
 			if (pkeyCountersign == NULL) {
 				fRet = false;
-				goto errorReturn;
+				COSE_CounterSign_Free(h);
+				continue;
 			}
 
 			if (!COSE_CounterSign_SetKey(h, pkeyCountersign, 0)) {
 				fRet = false;
-				goto errorReturn;
+				COSE_CounterSign_Free(h);
+				CN_CBOR_FREE(pkeyCountersign, context);
+				continue;
+			}
+
+			alg = COSE_CounterSign_map_get_int(h, COSE_Header_Algorithm, COSE_BOTH, NULL);
+			if (!IsAlgorithmSupported(alg)) {
+				noSupportSign = true;
+				fNoSupport = true;
 			}
+
 
 			if (COSE_Recipient_CounterSign_validate(hRecip1, h, 0)) {
 				//  I don't think we have any forced errors yet.
@@ -212,7 +224,7 @@ bool DecryptMessage(const byte *pbEncoded,
 					counterNo -= 1;
 				}
 				else {
-					fRet = false;
+					fRet = !noSupportSign;
 				}
 			}
 
@@ -244,11 +256,12 @@ bool DecryptMessage(const byte *pbEncoded,
 		}
 
 		for (int counterNo = 0; counterNo < count; counterNo++) {
+			bool noSupportSign = false;
 			HCOSE_COUNTERSIGN h =
 				COSE_Enveloped_get_countersignature(hEnc, counterNo, 0);
 			if (h == NULL) {
 				fRet = false;
-				goto errorReturn;
+				continue;
 			}
 
 			cn_cbor *counterSigner = cn_cbor_index(
@@ -258,14 +271,24 @@ bool DecryptMessage(const byte *pbEncoded,
 				BuildKey(cn_cbor_mapget_string(counterSigner, "key"), false);
 			if (pkeyCountersign == NULL) {
 				fRet = false;
-				goto errorReturn;
+				COSE_CounterSign_Free(h);
+				continue;
 			}
 
 			if (!COSE_CounterSign_SetKey(h, pkeyCountersign, 0)) {
 				fRet = false;
-				goto errorReturn;
+				COSE_CounterSign_Free(h);
+				CN_CBOR_FREE(pkeyCountersign, context);
+				continue;
 			}
 
+			alg = COSE_CounterSign_map_get_int(
+				h, COSE_Header_Algorithm, COSE_BOTH, NULL);
+			if (!IsAlgorithmSupported(alg)) {
+				noSupportSign = true;
+				fNoSupport = true;
+			}
+
 			if (COSE_Enveloped_CounterSign_validate(hEnc, h, 0)) {
 				//  I don't think we have any forced errors yet.
 			}
@@ -275,7 +298,7 @@ bool DecryptMessage(const byte *pbEncoded,
 					counterNo -= 1;
 				}
 				else {
-					fRet = false;
+					fRet = !noSupportSign;
 				}
 			}
 
@@ -845,11 +868,14 @@ int _ValidateEncrypt(const cn_cbor *pControl,
 		}
 
 		for (int counterNo = 0; counterNo < count; counterNo++) {
+			bool noSupportSign = false;
+			bool failThis = false;
+
 			HCOSE_COUNTERSIGN h =
 				COSE_Encrypt0_get_countersignature(hEnc, counterNo, 0);
 			if (h == NULL) {
 				fFail = true;
-				goto exitHere;
+				continue;
 			}
 
 			cn_cbor *counterSigner = cn_cbor_index(
@@ -859,14 +885,24 @@ int _ValidateEncrypt(const cn_cbor *pControl,
 				BuildKey(cn_cbor_mapget_string(counterSigner, "key"), false);
 			if (pkeyCountersign == NULL) {
 				fFail = true;
-				goto exitHere;
+				COSE_CounterSign_Free(h);
+				continue;
 			}
 
 			if (!COSE_CounterSign_SetKey(h, pkeyCountersign, 0)) {
 				fFail = true;
-				goto exitHere;
+				COSE_CounterSign_Free(h);
+				CN_CBOR_FREE(pkeyCountersign, context);
+				continue;
 			}
 
+			alg = COSE_CounterSign_map_get_int(
+				h, COSE_Header_Algorithm, COSE_BOTH, NULL);
+			if (!IsAlgorithmSupported(alg)) {
+				noSupportSign = true;
+				fAlgSupport = false;
+			}
+
 			if (COSE_Encrypt0_CounterSign_validate(hEnc, h, 0)) {
 				//  I don't think we have any forced errors yet.
 			}