Merge daba796 into 9223f01

CMakeLists.txt

@@ -174,8 +174,7 @@ else()
 endif()
 
 if(COSE_C_USE_MBEDTLS)
-  add_definitions(-DUSE_MBED_TLS)
-
+  set(COSE_C_USE_OPENSSL OFF)
   if(COSE_C_USE_FIND_PACKAGE)
     find_package(MbedTLS)
   else()
@@ -207,6 +206,7 @@ if(COSE_C_USE_MBEDTLS)
   endif()
 else()
   find_package(OpenSSL REQUIRED)
+  set(COSE_C_USE_OPENSSL ON)
 endif()
 
 ###############################################################################

include/cose/cose.h

@@ -1,9 +1,14 @@
 #pragma once
 
-#include <stdbool.h>
 #include <cn-cbor/cn-cbor.h>
 #include "cose/cose_configure.h"
 
+#if defined(COSE_C_USE_MBEDTLS)
+#include "mbedtls/ecp.h"
+#endif	// COSE_C_USE_MBEDTLS
+
+#include <stdbool.h>
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -205,6 +210,15 @@ typedef enum {
 	COSE_Curve_Ed448 = 7,
 } COSE_Curves;
 
+#if defined(COSE_C_USE_MBEDTLS)
+typedef struct mbedtls_ecp_keypair eckey_t;
+#else
+typedef struct eckey_t {
+	struct ec_key_st* key;
+	int group;
+} eckey_t;
+#endif	// COSE_C_USE_MBEDTLS
+
 /*
  *  messages dealing with the Enveloped message type
  */
@@ -524,6 +538,12 @@ bool COSE_Sign1_Sign(HCOSE_SIGN1 h, const cn_cbor* pkey, cose_errback* perr);
 bool COSE_Sign1_validate(HCOSE_SIGN1 hSign,
 	const cn_cbor* pkey,
 	cose_errback* perr);
+bool COSE_Sign1_Sign_eckey(HCOSE_SIGN1 h,
+	const eckey_t* pbKey,
+	cose_errback* perr);
+bool COSE_Sign1_validate_eckey(HCOSE_SIGN1 hSign,
+	const eckey_t* pbKey,
+	cose_errback* perr);
 cn_cbor* COSE_Sign1_map_get_int(HCOSE_SIGN1 h,
 	int key,
 	int flags,

include/cose/cose_configure.h → include/cose/cose_configure.h.in

@@ -1,20 +1,39 @@
 //
-//  Determine which cryptographic library we are going to be using
+// cose_configure.h. Generated from cose_configure.h.in by CMake
+// Determine which cryptographic library we are going to be using
 //
 
 #pragma once
 
-#if defined(USE_MBED_TLS)
-#if defined(USE_OPEN_SSL) || defined(USE_BCRYPT)
+#cmakedefine COSE_C_USE_MBEDTLS
+#cmakedefine COSE_C_USE_OPENSSL
+#cmakedefine COSE_C_USE_BCRYPT
+
+// make sure we only use one crypto lib
+#if defined(COSE_C_USE_MBEDTLS)
+#if defined(COSE_C_USE_OPENSSL) || defined(COSE_C_USE_BCRYPT)
 #error Only Define One Crypto Package
 #endif
-#elif defined(USE_BCRYPT)
-#if defined(USE_OPENSSL)
+#endif
+
+#if defined(COSE_C_USE_BCRYPT)
+#if defined(COSE_C_USE_OPENSSL)
 #error Only Define One Crypto Package
 #endif
-#elif !defined(USE_OPEN_SSL)
+#endif
+
+#if defined(COSE_C_USE_OPENSSL)
 #include <openssl/opensslv.h>
-#define USE_OPEN_SSL
+//  MBEDTLS currently supports ECDH for X25519 but not EdDSA
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+// Requires OPEN SSL 1.1.1 to build
+#define USE_EDDSA
+#else
+#define STRINGIFY(x) #x
+#define TOSTRING(x) STRINGIFY(x)
+#pragma message("OPENSSL VERSION IS " OPENSSL_VERSION_TEXT)
+#pragma message("Version number: " TOSTRING(OPENSSL_VERSION_NUMBER))
+#endif
 #endif
 
 //
@@ -62,20 +81,20 @@
 //  Define which AES CBC-MAC algorithms are to be used
 //
 
-#if !defined(USE_MBED_TLS)
+#if !defined(COSE_C_USE_MBEDTLS)
 
 #define USE_AES_CBC_MAC_128_64
 #define USE_AES_CBC_MAC_128_128
 #define USE_AES_CBC_MAC_256_64
 #define USE_AES_CBC_MAC_256_128
 
-#endif	// !defined(USE_MBED_TLS)
+#endif	// !defined(COSE_C_USE_MBEDTLS)
 
 //
 //  Define which ECDH algorithms are to be used
 //
 
-#if !defined(USE_MBED_TLS)
+#if !defined(COSE_C_USE_MBEDTLS)
 #define USE_ECDH_ES_HKDF_256
 #define USE_ECDH_ES_HKDF_512
 #define USE_ECDH_SS_HKDF_256
@@ -85,9 +104,9 @@
 #define USE_ECDH 1
 #define USE_HKDF_SHA2 1
 #endif
-#endif	// !defined(USE_MBED_TLS)
+#endif	// !defined(COSE_C_USE_MBEDTLS)
 
-#if !defined(USE_MBED_TLS)
+#if !defined(COSE_C_USE_MBEDTLS)
 #define USE_ECDH_ES_A128KW
 #define USE_ECDH_ES_A192KW
 #define USE_ECDH_ES_A256KW
@@ -100,23 +119,23 @@
 #define USE_ECDH 1
 #define USE_HKDF_AES 1
 #endif
-#endif	// !defined(USE_MBED_TLS)
+#endif	// !defined(COSE_C_USE_MBEDTLS)
 
 //
 //  Define which Key Wrap functions are to be used
 //
 
-#if !defined(USE_MBED_TLS)
+#if !defined(COSE_C_USE_MBEDTLS)
 #define USE_AES_KW_128
 #define USE_AES_KW_192
 #define USE_AES_KW_256
-#endif	// !defined(USE_MBED_TLS)
+#endif	// !defined(COSE_C_USE_MBEDTLS)
 
 //
 //  Define which of the DIRECT + KDF algorithms are to be used
 //
 
-#if !defined(USE_MBED_TLS)
+#if !defined(COSE_C_USE_MBEDTLS)
 #define USE_Direct_HKDF_HMAC_SHA_256
 #define USE_Direct_HKDF_HMAC_SHA_512
 #define USE_Direct_HKDF_AES_128
@@ -128,7 +147,7 @@
 #if defined(USE_Direct_HKDF_AES_128) || defined(USE_Direct_KDF_AES_256)
 #define USE_HKDF_AES 1
 #endif
-#endif	// !defined(USE_MBED_TLS)
+#endif	// !defined(COSE_C_USE_MBEDTLS)
 
 //
 //  Define which of the signature algorithms are to be used
@@ -137,16 +156,6 @@
 #define USE_ECDSA_SHA_256
 #define USE_ECDSA_SHA_384
 #define USE_ECDSA_SHA_512
-#if !defined(USE_MBED_TLS)
-//  MBEDTLS currently supports ECDH for X25519 but not EdDSA
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
-// Requires OPEN SSL 1.1.1 to build
-#define USE_EDDSA
-#else
-#pragma message("OPENSSL VERSION IS ")
-#pragma message(OPENSSL_VERISON_NUMBER)
-#endif
-#endif	// !defined (USE_MBED_TLS)
 
 //#define USE_COUNTER_SIGNATURES
 

src/CMakeLists.txt

@@ -19,6 +19,11 @@ endif()
 
 add_library(${PROJECT_NAME})
 
+# some structs look differently depending on the crypto lib used
+# therefore we create the config header file at configure time.
+configure_file(${CMAKE_CURRENT_LIST_DIR}/../include/cose/cose_configure.h.in
+               ${CMAKE_BINARY_DIR}/include/cose/cose_configure.h)
+
 if(COSE_C_USE_MBEDTLS)
   set(cose_crypto mbedtls.c)
 else()
@@ -27,7 +32,7 @@ endif()
 
 set(cose_sources
     ${PROJECT_SOURCE_DIR}/include/cose/cose.h
-    ${PROJECT_SOURCE_DIR}/include/cose/cose_configure.h
+    ${CMAKE_BINARY_DIR}/include/cose/cose_configure.h
     crypto.h
     cose_int.h
     crypto.h
@@ -47,7 +52,8 @@ target_sources(${PROJECT_NAME} PRIVATE ${cose_sources})
 
 target_include_directories(
   ${PROJECT_NAME}
-  PUBLIC $<BUILD_INTERFACE:${PROJECT_SOURCE_DIR}/include> $<INSTALL_INTERFACE:include>
+  PUBLIC $<BUILD_INTERFACE:${PROJECT_SOURCE_DIR}/include> $<BUILD_INTERFACE:${CMAKE_BINARY_DIR}/include>
+         $<INSTALL_INTERFACE:include>
   PRIVATE ../src)
 target_link_libraries(${PROJECT_NAME} PRIVATE cn-cbor::cn-cbor)
 
@@ -120,3 +126,9 @@ install(
   COMPONENT dev
   FILES_MATCHING
   PATTERN "*.h")
+install(
+  DIRECTORY ${CMAKE_BINARY_DIR}/include/cose
+  DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
+  COMPONENT dev
+  FILES_MATCHING
+  PATTERN "*.h")

src/Sign1.c

@@ -1,4 +1,4 @@
-/** \file Sign.c
+/** \file Sign1.c
  * Contains implementation of the functions related to HCOSE_SIGN handle
  * objects.
  */
@@ -12,10 +12,10 @@
 
 #if INCLUDE_SIGN1
 
-bool _COSE_Signer0_sign(COSE_Sign1Message *pSigner,
+bool _COSE_Signer1_sign(COSE_Sign1Message *pSigner,
 	const cn_cbor *pKey,
 	cose_errback *perr);
-bool _COSE_Signer0_validate(COSE_Sign1Message *pSign,
+bool _COSE_Signer1_validate(COSE_Sign1Message *pSign,
 	const cn_cbor *pKey,
 	cose_errback *perr);
 void _COSE_Sign1_Release(COSE_Sign1Message *p);
@@ -227,7 +227,36 @@ bool COSE_Sign1_Sign(HCOSE_SIGN1 h, const cn_cbor *pKey, cose_errback *perr)
 	if (pcborProtected == NULL)
 		goto errorReturn;
 
-	if (!_COSE_Signer0_sign(pMessage, pKey, perr))
+	if (!_COSE_Signer1_sign(pMessage, pKey, perr))
+		goto errorReturn;
+
+	return true;
+}
+
+bool COSE_Sign1_Sign_eckey(HCOSE_SIGN1 h,
+	const eckey_t *eckey,
+	cose_errback *perr)
+{
+#ifdef USE_CBOR_CONTEXT
+	// cn_cbor_context * context = NULL;
+#endif
+	COSE_Sign1Message *pMessage = (COSE_Sign1Message *)h;
+	const cn_cbor *pcborProtected;
+
+	if (!IsValidSign1Handle(h)) {
+		CHECK_CONDITION(false, COSE_ERR_INVALID_HANDLE);
+	errorReturn:
+		return false;
+	}
+#ifdef USE_CBOR_CONTEXT
+	//	context = &pMessage->m_message.m_allocContext;
+#endif
+
+	pcborProtected = _COSE_encode_protected(&pMessage->m_message, perr);
+	if (pcborProtected == NULL)
+		goto errorReturn;
+
+	if (!_COSE_Signer1_sign(pMessage, eckey, perr))
 		goto errorReturn;
 
 	return true;
@@ -254,14 +283,40 @@ bool COSE_Sign1_validate(HCOSE_SIGN1 hSign,
 	CHECK_CONDITION(cnProtected != NULL && cnProtected->type == CN_CBOR_BYTES,
 		COSE_ERR_INVALID_PARAMETER);
 
-	f = _COSE_Signer0_validate(pSign, pKey, perr);
+	f = _COSE_Signer1_validate(pSign, pKey, perr);
 
 	return f;
 
 errorReturn:
 	return false;
 }
 
+bool COSE_Sign1_validate_eckey(HCOSE_SIGN1 hSign,
+	const eckey_t *eckey,
+	cose_errback *perr)
+{
+	COSE_Sign1Message *pSign;
+	const cn_cbor *cnContent;
+	const cn_cbor *cnProtected;
+
+	CHECK_CONDITION(IsValidSign1Handle(hSign), COSE_ERR_INVALID_HANDLE);
+
+	pSign = (COSE_Sign1Message *)hSign;
+
+	cnContent = _COSE_arrayget_int(&pSign->m_message, INDEX_BODY);
+	CHECK_CONDITION(cnContent != NULL && cnContent->type == CN_CBOR_BYTES,
+		COSE_ERR_INVALID_PARAMETER);
+
+	cnProtected = _COSE_arrayget_int(&pSign->m_message, INDEX_PROTECTED);
+	CHECK_CONDITION(cnProtected != NULL && cnProtected->type == CN_CBOR_BYTES,
+		COSE_ERR_INVALID_PARAMETER);
+
+	return _COSE_Signer1_validate(pSign, eckey, perr);
+
+errorReturn:
+	return false;
+}
+
 cn_cbor *COSE_Sign1_map_get_int(HCOSE_SIGN1 h,
 	int key,
 	int flags,
@@ -377,7 +432,7 @@ static bool CreateSign1AAD(COSE_Sign1Message *pMessage,
 	return false;
 }
 
-bool _COSE_Signer0_sign(COSE_Sign1Message *pSigner,
+bool _COSE_Signer1_sign(COSE_Sign1Message *pSigner,
 	const cn_cbor *pKey,
 	cose_errback *perr)
 {
@@ -465,7 +520,7 @@ bool _COSE_Signer0_sign(COSE_Sign1Message *pSigner,
 	return f;
 }
 
-bool _COSE_Signer0_validate(COSE_Sign1Message *pSign,
+bool _COSE_Signer1_validate(COSE_Sign1Message *pSign,
 	const cn_cbor *pKey,
 	cose_errback *perr)
 {

src/bcrypt.c

@@ -1,9 +1,10 @@
 #include "cose/cose.h"
-#include "cose/cose_configure.h"
+
+#if COSE_C_USE_BCRYPT
+
 #include "cose_int.h"
 #include "crypto.h"
 
-#if USE_BCRYPT
 
 #include <Windows.h>
 
@@ -77,4 +78,4 @@ bool AES_CCM_Encrypt(COSE_Encrypt *pcose,
 	return true;
 }
 
-#endif	// USE_BCRYPT
+#endif // COSE_C_USE_BCRYPT