From 1af457ea4bceaf9462f440292441dc3406f15485 Mon Sep 17 00:00:00 2001 From: Jim Schaad Date: Tue, 28 Apr 2020 10:45:15 -0700 Subject: [PATCH] Add no algorithm support for countersign tests Countersign tests no longer fail if an algorithm is not supported Correct how cmake determines if countersignatures are supported. --- CMakeLists.txt | 3 ++ include/cose/cose_configure.h | 2 +- src/CounterSign.c | 53 ++++++++++++++++++++++---- test/encrypt.c | 62 +++++++++++++++++++++++------- test/mac_test.c | 71 ++++++++++++++++++++++++++++------- test/sign.c | 48 ++++++++++++++++++++--- test/test.c | 11 ++---- 7 files changed, 200 insertions(+), 50 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index b04f860a..26234867 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -79,6 +79,9 @@ endif() if(NOT COSE_C_INCLUDE_SIGN1) add_definitions(-DINCLUDE_SIGN1=0) endif() +if (NOT COSE_C_INCLUDE_COUNTERSIGN) + add_definitions(-DINCLUDE_COUNTERSIGN=0) +endif() if(COSE_C_USE_CONTEXT) add_definitions(-DUSE_CBOR_CONTEXT) endif() diff --git a/include/cose/cose_configure.h b/include/cose/cose_configure.h index 873bdd81..753b8d4b 100644 --- a/include/cose/cose_configure.h +++ b/include/cose/cose_configure.h @@ -170,7 +170,7 @@ #define INCLUDE_SIGN1 1 #endif #ifndef INCLUDE_COUNTERSIGNATURE -#define INCLUDE_COUNTERSIGNATURE 0 +#define INCLUDE_COUNTERSIGNATURE 1 #endif #ifndef INCLUDE_COUNTERSIGNATURE1 #define INCLUDE_COUNTERSIGNATURE1 0 diff --git a/src/CounterSign.c b/src/CounterSign.c index ad9b8d7e..af3d3e8a 100644 --- a/src/CounterSign.c +++ b/src/CounterSign.c @@ -41,8 +41,9 @@ COSE_CounterSign* _COSE_CounterSign_Init_From_Object(cn_cbor* cbor, COSE_CounterSign* pobj = pIn; cose_errback error = {0}; - if (perr == NULL) + if (perr == NULL) { perr = &error; + } if (pobj == NULL) { pobj = (COSE_CounterSign*)COSE_CALLOC( @@ -174,8 +175,9 @@ bool _COSE_CounterSign_create(COSE* pMessage, cn_cbor* pcn = NULL; cn_cbor* pcn2 = NULL; - if (pMessage->m_counterSigners == NULL) + if (pMessage->m_counterSigners == NULL) { return true; + } // One or more than one? if (pMessage->m_counterSigners->m_signer.m_signerNext != NULL) { @@ -199,8 +201,9 @@ bool _COSE_CounterSign_create(COSE* pMessage, CHECK_CONDITION_CBOR(pcnBody != NULL, cbor_err); if (!_COSE_Signer_sign( - &pSigner->m_signer, pcnBody, pcn2, "CounterSignature", perr)) + &pSigner->m_signer, pcnBody, pcn2, "CounterSignature", perr)) { goto errorReturn; + } pcn = NULL; pcn2 = NULL; @@ -215,18 +218,22 @@ bool _COSE_CounterSign_create(COSE* pMessage, } if (!_COSE_map_put(pMessage, COSE_Header_CounterSign, pArray, - COSE_UNPROTECT_ONLY, perr)) + COSE_UNPROTECT_ONLY, perr)) { goto errorReturn; + } return true; errorReturn: - if (pArray != NULL) + if (pArray != NULL) { CN_CBOR_FREE(pArray, context); - if ((pcn != NULL) && (pcn->parent != NULL)) + } + if ((pcn != NULL) && (pcn->parent != NULL)) { CN_CBOR_FREE(pcn, context); - if ((pcn2 != NULL) && (pcn2->parent != NULL)) + } + if ((pcn2 != NULL) && (pcn2->parent != NULL)) { CN_CBOR_FREE(pcn2, context); + } return false; } @@ -306,8 +313,9 @@ bool COSE_CounterSign_SetExternal(HCOSE_COUNTERSIGN hcose, cose_errback* perr) { if (!IsValidCounterSignHandle(hcose)) { - if (perr != NULL) + if (perr != NULL) { perr->err = COSE_ERR_INVALID_HANDLE; + } return false; } @@ -365,6 +373,35 @@ bool _COSE_CounterSign_Sign(COSE* baseMessage, return fRet; } +/*! brief Retrieve header parameter from an enveloped message structure + * + * Retrieve a header parameter from the message. + * Retrieved object is the same as the one in the message - do not delete it + * + * @param[in] h Handle of recipient object + * @param[in] key Key to look for + * @param[in] flags What buckets should we look for the message + * @param[out] perror Location to return error codes + * @return Object which is found or NULL + */ + +cn_cbor* COSE_CounterSign_map_get_int(HCOSE_COUNTERSIGN h, + int key, + int flags, + cose_errback* perror) +{ + if (!IsValidCounterSignHandle(h)) { + if (perror != NULL) { + perror->err = COSE_ERR_INVALID_HANDLE; + } + return NULL; + } + + return _COSE_map_get_int( + &((COSE_CounterSign*)h)->m_signer.m_message, key, flags, perror); +} + + #if INCLUDE_SIGN /*************************************************************************************************** * diff --git a/test/encrypt.c b/test/encrypt.c index 5ac5aac8..12d845c6 100644 --- a/test/encrypt.c +++ b/test/encrypt.c @@ -36,9 +36,9 @@ bool DecryptMessage(const byte *pbEncoded, HCOSE_RECIPIENT hRecip1 = NULL; HCOSE_RECIPIENT hRecip2 = NULL; bool fRet = false; - int type; + int type = 0; cose_errback cose_err; - cn_cbor *pkey; + cn_cbor *pkey = NULL; bool fNoSupport = false; hEnc = (HCOSE_ENVELOPED)COSE_Decode(pbEncoded, cbEncoded, &type, @@ -181,11 +181,13 @@ bool DecryptMessage(const byte *pbEncoded, } for (int counterNo = 0; counterNo < count; counterNo++) { + bool noSupportSign = false; + HCOSE_COUNTERSIGN h = COSE_Recipient_get_countersignature(hRecip1, counterNo, 0); if (h == NULL) { fRet = false; - goto errorReturn; + continue; } cn_cbor *counterSigner = cn_cbor_index( @@ -195,13 +197,23 @@ bool DecryptMessage(const byte *pbEncoded, BuildKey(cn_cbor_mapget_string(counterSigner, "key"), false); if (pkeyCountersign == NULL) { fRet = false; - goto errorReturn; + COSE_CounterSign_Free(h); + continue; } if (!COSE_CounterSign_SetKey(h, pkeyCountersign, 0)) { fRet = false; - goto errorReturn; + COSE_CounterSign_Free(h); + CN_CBOR_FREE(pkeyCountersign, context); + continue; + } + + alg = COSE_CounterSign_map_get_int(h, COSE_Header_Algorithm, COSE_BOTH, NULL); + if (!IsAlgorithmSupported(alg)) { + noSupportSign = true; + fNoSupport = true; } + if (COSE_Recipient_CounterSign_validate(hRecip1, h, 0)) { // I don't think we have any forced errors yet. @@ -212,7 +224,7 @@ bool DecryptMessage(const byte *pbEncoded, counterNo -= 1; } else { - fRet = false; + fRet = !noSupportSign; } } @@ -244,11 +256,12 @@ bool DecryptMessage(const byte *pbEncoded, } for (int counterNo = 0; counterNo < count; counterNo++) { + bool noSupportSign = false; HCOSE_COUNTERSIGN h = COSE_Enveloped_get_countersignature(hEnc, counterNo, 0); if (h == NULL) { fRet = false; - goto errorReturn; + continue; } cn_cbor *counterSigner = cn_cbor_index( @@ -258,14 +271,24 @@ bool DecryptMessage(const byte *pbEncoded, BuildKey(cn_cbor_mapget_string(counterSigner, "key"), false); if (pkeyCountersign == NULL) { fRet = false; - goto errorReturn; + COSE_CounterSign_Free(h); + continue; } if (!COSE_CounterSign_SetKey(h, pkeyCountersign, 0)) { fRet = false; - goto errorReturn; + COSE_CounterSign_Free(h); + CN_CBOR_FREE(pkeyCountersign, context); + continue; } + alg = COSE_CounterSign_map_get_int( + h, COSE_Header_Algorithm, COSE_BOTH, NULL); + if (!IsAlgorithmSupported(alg)) { + noSupportSign = true; + fNoSupport = true; + } + if (COSE_Enveloped_CounterSign_validate(hEnc, h, 0)) { // I don't think we have any forced errors yet. } @@ -275,7 +298,7 @@ bool DecryptMessage(const byte *pbEncoded, counterNo -= 1; } else { - fRet = false; + fRet = !noSupportSign; } } @@ -845,11 +868,14 @@ int _ValidateEncrypt(const cn_cbor *pControl, } for (int counterNo = 0; counterNo < count; counterNo++) { + bool noSupportSign = false; + bool failThis = false; + HCOSE_COUNTERSIGN h = COSE_Encrypt0_get_countersignature(hEnc, counterNo, 0); if (h == NULL) { fFail = true; - goto exitHere; + continue; } cn_cbor *counterSigner = cn_cbor_index( @@ -859,14 +885,24 @@ int _ValidateEncrypt(const cn_cbor *pControl, BuildKey(cn_cbor_mapget_string(counterSigner, "key"), false); if (pkeyCountersign == NULL) { fFail = true; - goto exitHere; + COSE_CounterSign_Free(h); + continue; } if (!COSE_CounterSign_SetKey(h, pkeyCountersign, 0)) { fFail = true; - goto exitHere; + COSE_CounterSign_Free(h); + CN_CBOR_FREE(pkeyCountersign, context); + continue; } + alg = COSE_CounterSign_map_get_int( + h, COSE_Header_Algorithm, COSE_BOTH, NULL); + if (!IsAlgorithmSupported(alg)) { + noSupportSign = true; + fAlgSupport = false; + } + if (COSE_Encrypt0_CounterSign_validate(hEnc, h, 0)) { // I don't think we have any forced errors yet. } diff --git a/test/mac_test.c b/test/mac_test.c index ad455e74..11139960 100644 --- a/test/mac_test.c +++ b/test/mac_test.c @@ -155,10 +155,19 @@ int _ValidateMAC(const cn_cbor *pControl, } for (int counterNo = 0; counterNo < count; counterNo++) { + bool noSignSupport = false; HCOSE_COUNTERSIGN h = COSE_Recipient_get_countersignature(hRecip, counterNo, 0); if (h == NULL) { - goto failTest; + continue; + } + + alg = COSE_CounterSign_map_get_int( + h, COSE_Header_Algorithm, COSE_BOTH, NULL); + if (!IsAlgorithmSupported(alg)) { + fAlgNoSupport = true; + noSignSupport = true; + returnCode = 0; } cn_cbor *counterSigner = cn_cbor_index(countersigners, @@ -167,11 +176,16 @@ int _ValidateMAC(const cn_cbor *pControl, cn_cbor *pkeyCountersign = BuildKey( cn_cbor_mapget_string(counterSigner, "key"), false); if (pkeyCountersign == NULL) { - goto failTest; + fFail = true; + COSE_CounterSign_Free(h); + continue; } if (!COSE_CounterSign_SetKey(h, pkeyCountersign, 0)) { - goto failTest; + fFail = true; + CN_CBOR_FREE(pkeyCountersign, context); + COSE_CounterSign_Free(h); + continue; } if (COSE_Recipient_CounterSign_validate(hRecip, h, 0)) { @@ -183,7 +197,7 @@ int _ValidateMAC(const cn_cbor *pControl, counterNo -= 1; } else { - goto failTest; + fFail |= !noSignSupport; } } @@ -216,10 +230,13 @@ int _ValidateMAC(const cn_cbor *pControl, } for (int counterNo = 0; counterNo < count; counterNo++) { + bool noSignSupport = false; + HCOSE_COUNTERSIGN h = COSE_Mac_get_countersignature(hMAC, counterNo, 0); if (h == NULL) { - goto failTest; + fFail = true; + continue; } cn_cbor *counterSigner = cn_cbor_index( @@ -228,11 +245,24 @@ int _ValidateMAC(const cn_cbor *pControl, cn_cbor *pkeyCountersign = BuildKey(cn_cbor_mapget_string(counterSigner, "key"), false); if (pkeyCountersign == NULL) { - goto failTest; + fFail = true; + COSE_CounterSign_Free(h); + continue; } if (!COSE_CounterSign_SetKey(h, pkeyCountersign, 0)) { - goto failTest; + fFail = true; + COSE_CounterSign_Free(h); + CN_CBOR_FREE(pkeyCountersign, context); + continue; + } + + cn_cbor *alg = COSE_CounterSign_map_get_int( + h, COSE_Header_Algorithm, COSE_BOTH, NULL); + if (!IsAlgorithmSupported(alg)) { + fAlgNoSupport = true; + noSignSupport = true; + returnCode = 0; } if (COSE_Mac_CounterSign_validate(hMAC, h, 0)) { @@ -244,7 +274,7 @@ int _ValidateMAC(const cn_cbor *pControl, counterNo -= 1; } else { - fFail = true; + fFail |= !noSignSupport; } } @@ -265,7 +295,7 @@ int _ValidateMAC(const cn_cbor *pControl, } } - if (fFail) { + if (fFail && !fAlgNoSupport) { CFails += 1; } return returnCode; @@ -678,11 +708,13 @@ int _ValidateMac0(const cn_cbor *pControl, } for (int counterNo = 0; counterNo < count; counterNo++) { + bool noSignAlg = false; + HCOSE_COUNTERSIGN h = COSE_Mac0_get_countersignature(hMAC, counterNo, 0); if (h == NULL) { fFail = true; - goto exitHere; + continue; } cn_cbor *counterSigner = cn_cbor_index( @@ -692,13 +724,24 @@ int _ValidateMac0(const cn_cbor *pControl, BuildKey(cn_cbor_mapget_string(counterSigner, "key"), false); if (pkeyCountersign == NULL) { fFail = true; - goto exitHere; + COSE_CounterSign_Free(h); + continue; } if (!COSE_CounterSign_SetKey(h, pkeyCountersign, 0)) { fFail = true; - goto exitHere; + COSE_CounterSign_Free(h); + CN_CBOR_FREE(pkeyCountersign, context); + continue; + } + + alg = COSE_CounterSign_map_get_int( + h, COSE_Header_Algorithm, COSE_BOTH, NULL); + if (!IsAlgorithmSupported(alg)) { + fUnsuportedAlg = true; + noSignAlg = true; } + if (COSE_Mac0_CounterSign_validate(hMAC, h, 0)) { // I don't think we have any forced errors yet. @@ -709,7 +752,7 @@ int _ValidateMac0(const cn_cbor *pControl, counterNo -= 1; } else { - fFail = true; + fFail |= !noSignAlg; } } @@ -733,7 +776,7 @@ int _ValidateMac0(const cn_cbor *pControl, if (fFail) { CFails += 1; } - return 0; + return fUnsuportedAlg ? 0 : 1; errorReturn: CFails += 1; diff --git a/test/sign.c b/test/sign.c index c342df2c..bef7b44a 100644 --- a/test/sign.c +++ b/test/sign.c @@ -140,6 +140,8 @@ int _ValidateSigned(const cn_cbor *pControl, } for (int counterNo = 0; counterNo < count; counterNo++) { + bool noSignAlg = false; + HCOSE_COUNTERSIGN h = COSE_Signer_get_countersignature(hSigner, counterNo, 0); if (h == NULL) { @@ -154,14 +156,24 @@ int _ValidateSigned(const cn_cbor *pControl, cn_cbor_mapget_string(counterSigner, "key"), false); if (pkeyCountersign == NULL) { fFail = true; + COSE_CounterSign_Free(h); continue; } if (!COSE_CounterSign_SetKey(h, pkeyCountersign, 0)) { fFail = true; + COSE_CounterSign_Free(h); + CN_CBOR_FREE(pkeyCountersign, context); continue; } + alg = COSE_CounterSign_map_get_int( + h, COSE_Header_Algorithm, COSE_BOTH, 0); + if (!IsAlgorithmSupported(alg)) { + fNoSupportAlg = true; + noSignAlg = true; + } + if (COSE_Signer_CounterSign_validate(hSigner, h, 0)) { // I don't think we have any forced errors yet. } @@ -171,7 +183,7 @@ int _ValidateSigned(const cn_cbor *pControl, counterNo -= 1; } else { - fFail = true; + fFail |= !noSignAlg; } } @@ -203,6 +215,8 @@ int _ValidateSigned(const cn_cbor *pControl, } for (int counterNo = 0; counterNo < count; counterNo++) { + bool noSignAlg = false; + HCOSE_COUNTERSIGN h = COSE_Sign_get_countersignature(hSig, counterNo, 0); if (h == NULL) { @@ -217,14 +231,24 @@ int _ValidateSigned(const cn_cbor *pControl, cn_cbor_mapget_string(counterSigner, "key"), false); if (pkeyCountersign == NULL) { fFail = true; + COSE_CounterSign_Free(h); continue; } if (!COSE_CounterSign_SetKey(h, pkeyCountersign, 0)) { fFail = true; + COSE_CounterSign_Free(h); + CN_CBOR_FREE(pkeyCountersign, context); continue; } + alg = COSE_CounterSign_map_get_int( + h, COSE_Header_Algorithm, COSE_BOTH, 0); + if (!IsAlgorithmSupported(alg)) { + fNoSupportAlg = true; + noSignAlg = true; + } + if (COSE_Sign_CounterSign_validate(hSig, h, 0)) { // I don't think we have any forced errors yet. } @@ -234,7 +258,7 @@ int _ValidateSigned(const cn_cbor *pControl, counterNo -= 1; } else { - fFail = true; + fFail |= !noSignAlg; } } @@ -632,11 +656,13 @@ int _ValidateSign1(const cn_cbor *pControl, } for (int counterNo = 0; counterNo < count; counterNo++) { + bool noSignAlg = false; + HCOSE_COUNTERSIGN h = COSE_Sign1_get_countersignature(hSig, counterNo, 0); if (h == NULL) { fFail = true; - goto exitHere; + continue; } cn_cbor *counterSigner = cn_cbor_index( @@ -646,12 +672,22 @@ int _ValidateSign1(const cn_cbor *pControl, BuildKey(cn_cbor_mapget_string(counterSigner, "key"), false); if (pkeyCountersign == NULL) { fFail = true; - goto exitHere; + COSE_CounterSign_Free(h); + continue; } if (!COSE_CounterSign_SetKey(h, pkeyCountersign, 0)) { fFail = true; - goto exitHere; + COSE_CounterSign_Free(h); + CN_CBOR_FREE(pkeyCountersign, context); + continue; + } + + alg = COSE_Sign1_map_get_int( + hSig, COSE_Header_Algorithm, COSE_BOTH, NULL); + if (!IsAlgorithmSupported(alg)) { + fNoAlgSupport = true; + noSignAlg = true; } if (COSE_Sign1_CounterSign_validate(hSig, h, 0)) { @@ -663,7 +699,7 @@ int _ValidateSign1(const cn_cbor *pControl, counterNo -= 1; } else { - fFail = true; + fFail |= !noSignAlg; } } diff --git a/test/test.c b/test/test.c index bdb407cd..921c6895 100644 --- a/test/test.c +++ b/test/test.c @@ -88,9 +88,7 @@ NameMap RgCurveNames[7] = {{"P-256", 1}, {"P-384", 2}, {"P-521", 3}, int MapName(const cn_cbor* p, NameMap* rgMap, unsigned int cMap) { - unsigned int i; - - for (i = 0; i < cMap; i++) { + for (unsigned int i = 0; i < cMap; i++) { if (strcmp(rgMap[i].sz, p->v.str) == 0) { return rgMap[i].i; } @@ -125,9 +123,8 @@ byte* FromHex(const char* rgch, int cch) { byte* pb = malloc(cch / 2); const char* pb2 = rgch; - int i; - for (i = 0; i < cch; i += 2) { + for (int i = 0; i < cch; i += 2) { pb[i / 2] = fromHex(pb2[i]) * 16 + fromHex(pb2[i + 1]); } @@ -270,13 +267,11 @@ int IsAlgorithmSupported(const cn_cbor* alg) case -999: // Unsupported algorithm for testing. return true; } - return true; } byte* GetCBOREncoding(const cn_cbor* pControl, int* pcbEncoded) { const cn_cbor* pOutputs = cn_cbor_mapget_string(pControl, "output"); - const cn_cbor* pCBOR; byte* pb = NULL; const byte* pb2; int i; @@ -286,7 +281,7 @@ byte* GetCBOREncoding(const cn_cbor* pControl, int* pcbEncoded) exit(1); } - pCBOR = cn_cbor_mapget_string(pOutputs, "cbor"); + const cn_cbor* pCBOR = cn_cbor_mapget_string(pOutputs, "cbor"); if ((pCBOR == NULL) || (pCBOR->type != CN_CBOR_TEXT)) { fprintf(stderr, "Invalid cbor object"); exit(1);