Merge a590f55 into fd44899

cose-wg · Apr 22, 2020 · 8613647 · 8613647
2 parents fd44899 + a590f55
commit 8613647
Show file tree

Hide file tree

Showing 10 changed files with 139 additions and 54 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -174,8 +174,7 @@ else()
 endif()
 
 if(COSE_C_USE_MBEDTLS)
-  add_definitions(-DUSE_MBED_TLS)
-
+  set(COSE_C_USE_OPENSSL OFF)
   if(COSE_C_USE_FIND_PACKAGE)
     find_package(MbedTLS)
   else()
@@ -207,6 +206,7 @@ if(COSE_C_USE_MBEDTLS)
   endif()
 else()
   find_package(OpenSSL REQUIRED)
+  set(COSE_C_USE_OPENSSL ON)
 endif()
 
 ###############################################################################

diff --git a/include/cose/cose.h b/include/cose/cose.h
@@ -1,9 +1,14 @@
 #pragma once
 
-#include <stdbool.h>
 #include <cn-cbor/cn-cbor.h>
 #include "cose/cose_configure.h"
 
+#if defined(COSE_C_USE_MBEDTLS)
+#include "mbedtls/ecp.h"
+#endif // COSE_C_USE_MBEDTLS
+
+#include <stdbool.h>
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -203,6 +208,16 @@ typedef enum {
 	COSE_Curve_Ed448 = 7,
 } COSE_Curves;
 
+
+#if defined(COSE_C_USE_MBEDTLS)
+typedef struct mbedtls_ecp_keypair eckey_t;
+#else
+	typedef struct eckey_t {
+		struct ec_key_st *key;
+		int group;
+	} eckey_t;
+#endif // COSE_C_USE_MBEDTLS
+
 /*
  *  messages dealing with the Enveloped message type
  */
@@ -344,7 +359,7 @@ bool COSE_Signer_SetExternal(HCOSE_SIGNER hcose, const byte * pbExternalData, si
 #define COSE_Sign0_map_get_int COSE_Sign1_map_get_int
 #define COSE_Sign0_map_put_int COSE_Sign1_map_put_int
 
-    
+
 HCOSE_SIGN1 COSE_Sign1_Init(COSE_INIT_FLAGS flags, CBOR_CONTEXT_COMMA cose_errback * perr);
 bool COSE_Sign1_Free(HCOSE_SIGN1 cose);
 
@@ -353,6 +368,8 @@ bool COSE_Sign1_SetExternal(HCOSE_SIGN1 hcose, const byte * pbExternalData, size
 
 bool COSE_Sign1_Sign(HCOSE_SIGN1 h, const cn_cbor * pkey, cose_errback * perr);
 bool COSE_Sign1_validate(HCOSE_SIGN1 hSign, const cn_cbor * pkey, cose_errback * perr);
+bool COSE_Sign1_Sign_eckey(HCOSE_SIGN1 h, const eckey_t * pbKey, cose_errback * perr);
+bool COSE_Sign1_validate_eckey(HCOSE_SIGN1 hSign, const eckey_t * pbKey, cose_errback * perr);
 cn_cbor * COSE_Sign1_map_get_int(HCOSE_SIGN1 h, int key, int flags, cose_errback * perror);
 bool COSE_Sign1_map_put_int(HCOSE_SIGN1 cose, int key, cn_cbor * value, int flags, cose_errback * errp);
 

diff --git a/include/cose/cose_configure.h → include/cose/cose_configure.h.in b/include/cose/cose_configure.h → include/cose/cose_configure.h.in
@@ -1,20 +1,39 @@
 //
-//  Determine which cryptographic library we are going to be using
+// cose_configure.h. Generated from cose_configure.h.in by CMake
+// Determine which cryptographic library we are going to be using
 //
 
 #pragma once
 
-#if defined(USE_MBED_TLS)
-#if defined(USE_OPEN_SSL) || defined(USE_BCRYPT)
+#cmakedefine COSE_C_USE_MBEDTLS
+#cmakedefine COSE_C_USE_OPENSSL
+#cmakedefine COSE_C_USE_BCRYPT
+
+// make sure we only use one crypto lib
+#if defined(COSE_C_USE_MBEDTLS)
+#if defined(COSE_C_USE_OPENSSL) || defined(COSE_C_USE_BCRYPT)
 #error Only Define One Crypto Package
 #endif
-#elif defined(USE_BCRYPT)
-#if defined(USE_OPENSSL)
+#endif
+
+#if defined(COSE_C_USE_BCRYPT)
+#if defined(COSE_C_USE_OPENSSL)
 #error Only Define One Crypto Package
 #endif
-#elif !defined(USE_OPEN_SSL)
+#endif
+
+#if defined(COSE_C_USE_OPENSSL)
 #include <openssl/opensslv.h>
-#define USE_OPEN_SSL
+//  MBEDTLS currently supports ECDH for X25519 but not EdDSA
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+// Requires OPEN SSL 1.1.1 to build
+#define USE_EDDSA
+#else
+#define STRINGIFY(x) #x
+#define TOSTRING(x) STRINGIFY(x)
+#pragma message("OPENSSL VERSION IS " OPENSSL_VERSION_TEXT)
+#pragma message ("Version number: " TOSTRING(OPENSSL_VERSION_NUMBER))
+#endif
 #endif
 
 //
@@ -60,20 +79,20 @@
 //  Define which AES CBC-MAC algorithms are to be used
 //
 
-#if !defined(USE_MBED_TLS)
+#if !defined(COSE_C_USE_MBEDTLS)
 
 #define USE_AES_CBC_MAC_128_64
 #define USE_AES_CBC_MAC_128_128
 #define USE_AES_CBC_MAC_256_64
 #define USE_AES_CBC_MAC_256_128
 
-#endif // !defined(USE_MBED_TLS)
+#endif // !defined(COSE_C_USE_MBEDTLS)
 
 //
 //  Define which ECDH algorithms are to be used
 //
 
-#if !defined(USE_MBED_TLS)
+#if !defined(COSE_C_USE_MBEDTLS)
 #define USE_ECDH_ES_HKDF_256
 #define USE_ECDH_ES_HKDF_512
 #define USE_ECDH_SS_HKDF_256
@@ -82,9 +101,9 @@
 #define USE_ECDH 1
 #define USE_HKDF_SHA2 1
 #endif
-#endif // !defined(USE_MBED_TLS)
+#endif // !defined(COSE_C_USE_MBEDTLS)
 
-#if !defined(USE_MBED_TLS)
+#if !defined(COSE_C_USE_MBEDTLS)
 #define USE_ECDH_ES_A128KW
 #define USE_ECDH_ES_A192KW
 #define USE_ECDH_ES_A256KW
@@ -95,23 +114,23 @@
 #define USE_ECDH 1
 #define USE_HKDF_AES 1
 #endif
-#endif // !defined(USE_MBED_TLS)
+#endif // !defined(COSE_C_USE_MBEDTLS)
 
 //
 //  Define which Key Wrap functions are to be used
 //
 
-#if !defined(USE_MBED_TLS)
+#if !defined(COSE_C_USE_MBEDTLS)
 #define USE_AES_KW_128
 #define USE_AES_KW_192
 #define USE_AES_KW_256
-#endif // !defined(USE_MBED_TLS)
+#endif // !defined(COSE_C_USE_MBEDTLS)
 
 //
 //  Define which of the DIRECT + KDF algorithms are to be used
 //
 
-#if !defined(USE_MBED_TLS)
+#if !defined(COSE_C_USE_MBEDTLS)
 #define USE_Direct_HKDF_HMAC_SHA_256
 #define USE_Direct_HKDF_HMAC_SHA_512
 #define USE_Direct_HKDF_AES_128
@@ -122,7 +141,7 @@
 #if defined(USE_Direct_HKDF_AES_128) || defined(USE_Direct_KDF_AES_256)
 #define USE_HKDF_AES 1
 #endif
-#endif // !defined(USE_MBED_TLS)
+#endif // !defined(COSE_C_USE_MBEDTLS)
 
 
 //
@@ -132,17 +151,6 @@
 #define USE_ECDSA_SHA_256
 #define USE_ECDSA_SHA_384
 #define USE_ECDSA_SHA_512
-#if !defined(USE_MBED_TLS)
-//  MBEDTLS currently supports ECDH for X25519 but not EdDSA
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
-// Requires OPEN SSL 1.1.1 to build
-#define USE_EDDSA
-#else
-#pragma message("OPENSSL VERSION IS ")
-#pragma message(OPENSSL_VERISON_NUMBER)
-#endif
-#endif // !defined (USE_MBED_TLS)
-
 
 //#define USE_COUNTER_SIGNATURES
 

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -19,6 +19,11 @@ endif()
 
 add_library(${PROJECT_NAME})
 
+# some structs look differently depending on the crypto lib used
+# therefore we create the config header file at configure time.
+configure_file(${CMAKE_CURRENT_LIST_DIR}/../include/cose/cose_configure.h.in
+               ${CMAKE_BINARY_DIR}/include/cose/cose_configure.h)
+
 if(COSE_C_USE_MBEDTLS)
   set(cose_crypto mbedtls.c)
 else()
@@ -27,7 +32,7 @@ endif()
 
 set(cose_sources
     ${PROJECT_SOURCE_DIR}/include/cose/cose.h
-    ${PROJECT_SOURCE_DIR}/include/cose/cose_configure.h
+    ${CMAKE_BINARY_DIR}/include/cose/cose_configure.h
     crypto.h
     cose_int.h
     crypto.h
@@ -47,7 +52,8 @@ target_sources(${PROJECT_NAME} PRIVATE ${cose_sources})
 
 target_include_directories(
   ${PROJECT_NAME}
-  PUBLIC $<BUILD_INTERFACE:${PROJECT_SOURCE_DIR}/include> $<INSTALL_INTERFACE:include>
+  PUBLIC $<BUILD_INTERFACE:${PROJECT_SOURCE_DIR}/include> $<BUILD_INTERFACE:${CMAKE_BINARY_DIR}/include>
+         $<INSTALL_INTERFACE:include>
   PRIVATE ../src)
 target_link_libraries(${PROJECT_NAME} PRIVATE cn-cbor::cn-cbor)
 
@@ -120,3 +126,9 @@ install(
   COMPONENT dev
   FILES_MATCHING
   PATTERN "*.h")
+install(
+  DIRECTORY ${CMAKE_BINARY_DIR}/include/cose
+  DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
+  COMPONENT dev
+  FILES_MATCHING
+  PATTERN "*.h")
diff --git a/src/MacMessage.c b/src/MacMessage.c
@@ -17,7 +17,7 @@
 
 #if INCLUDE_MAC
 
-COSE * MacRoot = NULL;
+static COSE * MacRoot = NULL;
 
 /*! \private
 * @brief Test if a HCOSE_MAC handle is valid

diff --git a/src/Sign1.c b/src/Sign1.c
@@ -1,4 +1,4 @@
-/** \file Sign.c
+/** \file Sign1.c
 * Contains implementation of the functions related to HCOSE_SIGN handle objects.
 */
 
@@ -11,8 +11,8 @@
 
 #if INCLUDE_SIGN1
 
-bool _COSE_Signer0_sign(COSE_Sign1Message * pSigner, const cn_cbor * pKey, cose_errback * perr);
-bool _COSE_Signer0_validate(COSE_Sign1Message * pSign, const cn_cbor * pKey, cose_errback * perr);
+bool _COSE_Signer1_sign(COSE_Sign1Message * pSigner, const cn_cbor * pKey, cose_errback * perr);
+bool _COSE_Signer1_validate(COSE_Sign1Message * pSign, const cn_cbor * pKey, cose_errback * perr);
 void _COSE_Sign1_Release(COSE_Sign1Message * p);
 
 COSE * Sign1Root = NULL;
@@ -196,7 +196,32 @@ bool COSE_Sign1_Sign(HCOSE_SIGN1 h, const cn_cbor * pKey, cose_errback * perr)
 	pcborProtected = _COSE_encode_protected(&pMessage->m_message, perr);
 	if (pcborProtected == NULL) goto errorReturn;
 
-	if (!_COSE_Signer0_sign(pMessage, pKey, perr)) goto errorReturn;
+	if (!_COSE_Signer1_sign(pMessage, pKey, perr)) goto errorReturn;
+
+	return true;
+}
+
+bool COSE_Sign1_Sign_eckey(HCOSE_SIGN1 h, const eckey_t * eckey, cose_errback * perr)
+{
+#ifdef USE_CBOR_CONTEXT
+	// cn_cbor_context * context = NULL;
+#endif
+	COSE_Sign1Message * pMessage = (COSE_Sign1Message *)h;
+	const cn_cbor * pcborProtected;
+
+    if (!IsValidSign1Handle(h)) {
+		CHECK_CONDITION(false, COSE_ERR_INVALID_HANDLE);
+	errorReturn:
+		return false;
+	}
+#ifdef USE_CBOR_CONTEXT
+	//	context = &pMessage->m_message.m_allocContext;
+#endif
+
+	pcborProtected = _COSE_encode_protected(&pMessage->m_message, perr);
+	if (pcborProtected == NULL) goto errorReturn;
+
+	if (!_COSE_Signer1_sign(pMessage, eckey, perr)) goto errorReturn;
 
 	return true;
 }
@@ -218,14 +243,35 @@ bool COSE_Sign1_validate(HCOSE_SIGN1 hSign, const cn_cbor * pKey, cose_errback *
 	cnProtected = _COSE_arrayget_int(&pSign->m_message, INDEX_PROTECTED);
 	CHECK_CONDITION(cnProtected != NULL && cnProtected->type == CN_CBOR_BYTES, COSE_ERR_INVALID_PARAMETER);
 
-	f = _COSE_Signer0_validate(pSign, pKey,  perr);
+	f = _COSE_Signer1_validate(pSign, pKey,  perr);
 
 	return f;
 
 errorReturn:
 	return false;
 }
 
+bool COSE_Sign1_validate_eckey(HCOSE_SIGN1 hSign, const eckey_t * eckey, cose_errback * perr)
+{
+	COSE_Sign1Message * pSign;
+	const cn_cbor * cnContent;
+	const cn_cbor * cnProtected;
+
+	CHECK_CONDITION(IsValidSign1Handle(hSign), COSE_ERR_INVALID_HANDLE);
+
+	pSign = (COSE_Sign1Message *)hSign;
+
+	cnContent = _COSE_arrayget_int(&pSign->m_message, INDEX_BODY);
+	CHECK_CONDITION(cnContent != NULL && cnContent->type == CN_CBOR_BYTES, COSE_ERR_INVALID_PARAMETER);
+
+	cnProtected = _COSE_arrayget_int(&pSign->m_message, INDEX_PROTECTED);
+	CHECK_CONDITION(cnProtected != NULL && cnProtected->type == CN_CBOR_BYTES, COSE_ERR_INVALID_PARAMETER);
+
+	return _COSE_Signer1_validate(pSign, eckey,  perr);
+
+errorReturn:
+	return false;
+}
 
 cn_cbor * COSE_Sign1_map_get_int(HCOSE_SIGN1 h, int key, int flags, cose_errback * perror)
 {
@@ -311,7 +357,7 @@ static bool CreateSign1AAD(COSE_Sign1Message * pMessage, byte ** ppbToSign, size
 	return false;
 }
 
-bool _COSE_Signer0_sign(COSE_Sign1Message * pSigner, const cn_cbor * pKey, cose_errback * perr)
+bool _COSE_Signer1_sign(COSE_Sign1Message * pSigner, const cn_cbor * pKey, cose_errback * perr)
 {
 #ifdef USE_CBOR_CONTEXT
 	cn_cbor_context * context = &pSigner->m_message.m_allocContext;
@@ -386,7 +432,7 @@ bool _COSE_Signer0_sign(COSE_Sign1Message * pSigner, const cn_cbor * pKey, cose_
 	return f;
 }
 
-bool _COSE_Signer0_validate(COSE_Sign1Message * pSign, const cn_cbor * pKey, cose_errback * perr)
+bool _COSE_Signer1_validate(COSE_Sign1Message * pSign, const cn_cbor * pKey, cose_errback * perr)
 {
 	byte * pbToSign = NULL;
 	int alg;

diff --git a/src/bcrypt.c b/src/bcrypt.c
@@ -1,9 +1,10 @@
 #include "cose/cose.h"
-#include "cose/cose_configure.h"
+
+#if COSE_C_USE_BCRYPT
+
 #include "cose_int.h"
 #include "crypto.h"
 
-#if USE_BCRYPT
 
 #include <Windows.h>
 
@@ -61,4 +62,4 @@ bool AES_CCM_Encrypt(COSE_Encrypt * pcose, int TSize, int LSize, int KSize, byte
 	return true;
 }
 
-#endif // USE_BCRYPT
+#endif // COSE_C_USE_BCRYPT