HCOSE_ENCRYPT COSE_Encrypt_Init_From_Object(cn_cbor * cbor, CBOR_CONTEXT_COMMA cose_errback * perr)
{
COSE_Encrypt * pobj;
cose_errback error = { 0 };
if (perr == NULL) perr = &error;
pobj = (COSE_Encrypt *) COSE_CALLOC(1, sizeof(COSE_Encrypt), context);
if (pobj == NULL) {
perr->err = COSE_ERR_OUT_OF_MEMORY;
errorReturn:
if (pobj != NULL) {
_COSE_Encrypt_Release(pobj);
COSE_FREE(pobj, context);
}
return NULL;
}
if (!_COSE_Init_From_Object(&pobj->m_message, cbor, CBOR_CONTEXT_PARAM_COMMA perr)) {
goto errorReturn;
}
_COSE_InsertInList(&EncryptRoot, &pobj->m_message);
return(HCOSE_ENCRYPT) pobj;
}
bool AES_KW_Encrypt(COSE_RecipientInfo * pcose, const byte * pbKeyIn, int cbitKey, const byte * pbContent, int cbContent, cose_errback * perr)
{
byte *pbOut = NULL;
AES_KEY key;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_encrypt.m_message.m_allocContext;
#endif
cn_cbor * cnTmp = NULL;
pbOut = COSE_CALLOC(cbContent + 8, 1, context);
CHECK_CONDITION(AES_set_encrypt_key(pbKeyIn, cbitKey, &key) == 0, COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(AES_wrap_key(&key, NULL, pbOut, pbContent, cbContent), COSE_ERR_CRYPTO_FAIL);
cnTmp = cn_cbor_data_create(pbOut, (int)cbContent + 8, CBOR_CONTEXT_PARAM_COMMA NULL);
CHECK_CONDITION(cnTmp != NULL, COSE_ERR_CBOR);
pbOut = NULL;
CHECK_CONDITION(_COSE_array_replace(&pcose->m_encrypt.m_message, cnTmp, INDEX_BODY, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
cnTmp = NULL;
return true;
errorReturn:
COSE_FREE(cnTmp, context);
if (pbOut != NULL) COSE_FREE(pbOut, context);
return false;
}
HCOSE_MAC0 _COSE_Mac0_Init_From_Object(cn_cbor * cbor, COSE_Mac0Message * pIn, CBOR_CONTEXT_COMMA cose_errback * perr)
{
COSE_Mac0Message * pobj = pIn;
cn_cbor * pRecipients = NULL;
// cn_cbor * tmp;
cose_errback error = { COSE_ERR_NONE };
if (perr == NULL) perr = &error;
if (pobj == NULL) pobj = (COSE_Mac0Message *)COSE_CALLOC(1, sizeof(COSE_Mac0Message), context);
if (pobj == NULL) {
perr->err = COSE_ERR_OUT_OF_MEMORY;
errorReturn:
if ((pIn == NULL) && (pobj != NULL)) COSE_FREE(pobj, context);
return NULL;
}
if (!_COSE_Init_From_Object(&pobj->m_message, cbor, CBOR_CONTEXT_PARAM_COMMA perr)) {
goto errorReturn;
}
pRecipients = _COSE_arrayget_int(&pobj->m_message, INDEX_MAC_RECIPIENTS);
CHECK_CONDITION(pRecipients == NULL, COSE_ERR_INVALID_PARAMETER);
return(HCOSE_MAC0)pobj;
}
HCOSE_ENCRYPT _COSE_Encrypt_Init_From_Object(cn_cbor * cbor, COSE_Encrypt * pIn, CBOR_CONTEXT_COMMA cose_errback * perr)
{
COSE_Encrypt * pobj = pIn;
cn_cbor * pRecipients = NULL;
cose_errback error = { 0 };
if (perr == NULL) perr = &error;
if (pobj == NULL) pobj = (COSE_Encrypt *)COSE_CALLOC(1, sizeof(COSE_Encrypt), context);
if (pobj == NULL) {
perr->err = COSE_ERR_OUT_OF_MEMORY;
errorReturn:
if ((pIn == NULL) && (pobj != NULL)) COSE_FREE(pobj, context);
return NULL;
}
if (!_COSE_Init_From_Object(&pobj->m_message, cbor, CBOR_CONTEXT_PARAM_COMMA perr)) {
goto errorReturn;
}
pRecipients = _COSE_arrayget_int(&pobj->m_message, INDEX_RECIPIENTS);
CHECK_CONDITION(pRecipients == NULL, COSE_ERR_INVALID_PARAMETER);
_COSE_InsertInList(&EncryptRoot, &pobj->m_message);
return(HCOSE_ENCRYPT) pobj;
}
bool AES_CBC_MAC_Create(COSE_MacMessage * pcose, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
const EVP_CIPHER * pcipher = NULL;
EVP_CIPHER_CTX ctx;
int cbOut;
byte rgbIV[16] = { 0 };
byte * rgbOut = NULL;
bool f = false;
unsigned int i;
cn_cbor * cn = NULL;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
rgbOut = COSE_CALLOC(16, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
switch (cbKey*8) {
case 128:
pcipher = EVP_aes_128_cbc();
break;
case 256:
pcipher = EVP_aes_256_cbc();
break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
// Setup and run the OpenSSL code
EVP_CIPHER_CTX_init(&ctx);
CHECK_CONDITION(EVP_EncryptInit_ex(&ctx, pcipher, NULL, pbKey, rgbIV), COSE_ERR_CRYPTO_FAIL);
for (i = 0; i < (unsigned int)cbAuthData / 16; i++) {
CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, pbAuthData + (i * 16), 16), COSE_ERR_CRYPTO_FAIL);
}
if (cbAuthData % 16 != 0) {
CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, pbAuthData + (i * 16), cbAuthData % 16), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, rgbIV, 16 - (cbAuthData % 16)), COSE_ERR_CRYPTO_FAIL);
}
cn = cn_cbor_data_create(rgbOut, TSize / 8, CBOR_CONTEXT_PARAM_COMMA NULL);
CHECK_CONDITION(cn != NULL, COSE_ERR_OUT_OF_MEMORY);
rgbOut = NULL;
CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cn, INDEX_MAC_TAG, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
cn = NULL;
EVP_CIPHER_CTX_cleanup(&ctx);
return !f;
errorReturn:
if (rgbOut != NULL) COSE_FREE(rgbOut, context);
if (cn != NULL) CN_CBOR_FREE(cn, context);
EVP_CIPHER_CTX_cleanup(&ctx);
return false;
}
bool ECDSA_Sign(COSE * pSigner, int index, const cn_cbor * pKey, int cbitDigest, const byte * rgbToSign, size_t cbToSign, cose_errback * perr)
{
EC_KEY * eckey = NULL;
byte rgbDigest[EVP_MAX_MD_SIZE];
unsigned int cbDigest = sizeof(rgbDigest);
byte * pbSig = NULL;
const EVP_MD * digest;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pSigner->m_allocContext;
#endif
cn_cbor * p = NULL;
ECDSA_SIG * psig = NULL;
cn_cbor_errback cbor_error;
int cbR;
byte rgbSig[66];
int cb;
eckey = ECKey_From(pKey, &cbR, perr);
if (eckey == NULL) {
errorReturn:
if (p != NULL) CN_CBOR_FREE(p, context);
if (eckey != NULL) EC_KEY_free(eckey);
return false;
}
switch (cbitDigest) {
case 256: digest = EVP_sha256(); break;
case 512: digest = EVP_sha512(); break;
case 384: digest = EVP_sha384(); break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
EVP_Digest(rgbToSign, cbToSign, rgbDigest, &cbDigest, digest, NULL);
psig = ECDSA_do_sign(rgbDigest, cbDigest, eckey);
CHECK_CONDITION(psig != NULL, COSE_ERR_CRYPTO_FAIL);
pbSig = COSE_CALLOC(cbR, 2, context);
CHECK_CONDITION(pbSig != NULL, COSE_ERR_OUT_OF_MEMORY);
cb = BN_bn2bin(psig->r, rgbSig);
CHECK_CONDITION(cb <= cbR, COSE_ERR_INVALID_PARAMETER);
memcpy(pbSig + cbR - cb, rgbSig, cb);
cb = BN_bn2bin(psig->s, rgbSig);
CHECK_CONDITION(cb <= cbR, COSE_ERR_INVALID_PARAMETER);
memcpy(pbSig + 2*cbR - cb, rgbSig, cb);
p = cn_cbor_data_create(pbSig, cbR*2, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(p != NULL, cbor_error);
CHECK_CONDITION(_COSE_array_replace(pSigner, p, index, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
return true;
}
bool _COSE_Encrypt_Build_AAD(COSE * pMessage, byte ** ppbAAD, size_t * pcbAAD, const char * szContext, cose_errback * perr)
{
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pMessage->m_allocContext;
#endif
cn_cbor_errback cbor_error;
byte * pbAuthData;
size_t cbAuthData;
cn_cbor * pAuthData;
cn_cbor * pItem;
cn_cbor * ptmp = NULL;
// Build authenticated data
pbAuthData = NULL;
pAuthData = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(pAuthData != NULL, cbor_error);
ptmp = cn_cbor_string_create(szContext, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = NULL;
pItem = _COSE_arrayget_int(pMessage, INDEX_PROTECTED);
CHECK_CONDITION(pItem != NULL, COSE_ERR_INVALID_PARAMETER);
if ((pItem->length == 1) && (pItem->v.bytes[0] == 0xa0)) {
ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
}
else {
ptmp = cn_cbor_data_create(pItem->v.bytes, (int)pItem->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
}
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = NULL;
ptmp = cn_cbor_data_create(pMessage->m_pbExternal, (int) pMessage->m_cbExternal, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = NULL;
cbAuthData = cn_cbor_encoder_write(RgbDontUse, 0, sizeof(RgbDontUse), pAuthData);
pbAuthData = (byte *)COSE_CALLOC(cbAuthData, 1, context);
CHECK_CONDITION(pbAuthData != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION((size_t)cn_cbor_encoder_write(pbAuthData, 0, cbAuthData, pAuthData) == cbAuthData, COSE_ERR_CBOR);
*ppbAAD = pbAuthData;
*pcbAAD = cbAuthData;
return true;
errorReturn:
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (ptmp != NULL) CN_CBOR_FREE(ptmp, NULL);
if (pAuthData != NULL) CN_CBOR_FREE(pAuthData, context);
return false;
}
bool _COSE_Encrypt_SetContent(COSE_Encrypt * cose, const byte * rgb, size_t cb, cose_errback * perror)
{
byte * pb;
cose->pbContent = pb = (byte *)COSE_CALLOC(cb, 1, &cose->m_message.m_allocContext);
if (cose->pbContent == NULL) {
if (perror != NULL) perror->err = COSE_ERR_INVALID_PARAMETER;
return false;
}
memcpy(pb, rgb, cb);
cose->cbContent = cb;
return true;
}
HCOSE_MAC0 COSE_Mac0_Init(CBOR_CONTEXT_COMMA cose_errback * perr)
{
COSE_Mac0Message * pobj = (COSE_Mac0Message *)COSE_CALLOC(1, sizeof(COSE_Mac0Message), context);
CHECK_CONDITION(pobj != NULL, COSE_ERR_OUT_OF_MEMORY);
if (!_COSE_Init(&pobj->m_message, COSE_mac0_object, CBOR_CONTEXT_PARAM_COMMA perr)) {
goto errorReturn;
}
return (HCOSE_MAC0)pobj;
errorReturn:
if (pobj != NULL) COSE_Mac0_Free((HCOSE_MAC0)pobj);
return NULL;
}
bool AES_CCM_Decrypt(COSE_Enveloped * pcose, int TSize, int LSize, const byte * pbKey, size_t cbKey, const byte * pbCrypto, size_t cbCrypto, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
mbedtls_ccm_context ctx;
int cbOut;
byte * rgbOut = NULL;
int NSize = 15 - (LSize/8);
byte rgbIV[15] = { 0 };
const cn_cbor * pIV = NULL;
mbedtls_cipher_id_t cipher;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
mbedtls_ccm_init(&ctx);
// Setup the IV/Nonce and put it into the message
pIV = _COSE_map_get_int(&pcose->m_message, COSE_Header_IV, COSE_BOTH, NULL);
if ((pIV == NULL) || (pIV->type!= CN_CBOR_BYTES)) {
if (perr != NULL) perr->err = COSE_ERR_INVALID_PARAMETER;
errorReturn:
if (rgbOut != NULL) COSE_FREE(rgbOut, context);
mbedtls_ccm_free(&ctx);
return false;
}
CHECK_CONDITION(pIV->length == NSize, COSE_ERR_INVALID_PARAMETER);
memcpy(rgbIV, pIV->v.str, pIV->length);
// Setup and run the mbedTLS code
cipher = MBEDTLS_CIPHER_ID_AES;
CHECK_CONDITION(!mbedtls_ccm_setkey(&ctx, cipher, pbKey, cbKey*8), COSE_ERR_CRYPTO_FAIL);
TSize /= 8; // Comes in in bits not bytes.
cbOut = (int) cbCrypto - TSize;
rgbOut = (byte *)COSE_CALLOC(cbOut, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(!mbedtls_ccm_auth_decrypt(&ctx, cbOut, rgbIV, NSize, pbAuthData, cbAuthData, pbCrypto, rgbOut, &pbCrypto[cbOut], TSize), COSE_ERR_CRYPTO_FAIL);
mbedtls_ccm_free(&ctx);
pcose->pbContent = rgbOut;
pcose->cbContent = cbOut;
return true;
}
bool HMAC_Validate(COSE_MacMessage * pcose, int HSize, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
mbedtls_md_context_t contx;
const char* md_name;
const struct mbedtls_md_info_t * info;
byte * rgbOut = NULL;
unsigned int cbOut;
bool f = false;
unsigned int i;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
switch (HSize) {
case 256: md_name = "SHA256"; break;
case 384: md_name = "SHA384"; break;
case 512: md_name = "SHA512"; break;
default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break;
}
mbedtls_md_init(&contx);
info = mbedtls_md_info_from_string (md_name);
mbedtls_md_setup( &contx, info, 1 );
cbOut = mbedtls_md_get_size(info);
rgbOut = COSE_CALLOC(cbOut, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(!(mbedtls_md_hmac_starts (&contx, (char*)pbKey, cbKey)), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(!(mbedtls_md_hmac_update (&contx, pbAuthData, cbAuthData)), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(!(mbedtls_md_hmac_finish (&contx, rgbOut)), COSE_ERR_CRYPTO_FAIL);
cn_cbor * cn = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_TAG);
CHECK_CONDITION(cn != NULL, COSE_ERR_CBOR);
if (cn->length > (int) cbOut) return false;
for (i = 0; i < (unsigned int) TSize/8; i++) f |= (cn->v.bytes[i] != rgbOut[i]);
mbedtls_md_free(&contx);
return !f;
errorReturn:
COSE_FREE(rgbOut, context);
mbedtls_md_free(&contx);
return false;
}
HCOSE_ENCRYPT COSE_Encrypt_Init(CBOR_CONTEXT_COMMA cose_errback * perror)
{
COSE_Encrypt * pobj = (COSE_Encrypt *)COSE_CALLOC(1, sizeof(COSE_Encrypt), context);
if (pobj == NULL) {
if (perror != NULL) perror->err = COSE_ERR_OUT_OF_MEMORY;
return NULL;
}
if (!_COSE_Init(&pobj->m_message, COSE_enveloped_object, CBOR_CONTEXT_PARAM_COMMA perror)) {
COSE_Encrypt_Free((HCOSE_ENCRYPT)pobj);
return NULL;
}
_COSE_InsertInList(&EncryptRoot, &pobj->m_message);
return (HCOSE_ENCRYPT) pobj;
}
// We are doing CBC-MAC not CMAC at this time
bool AES_CMAC_Validate(COSE_MacMessage * pcose, int KeySize, int TagSize, const byte * pbAuthData, int cbAuthData, cose_errback * perr)
{
CMAC_CTX * pctx = NULL;
const EVP_CIPHER * pcipher = NULL;
byte * rgbOut = NULL;
size_t cbOut;
bool f = false;
unsigned int i;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
pctx = CMAC_CTX_new();
switch (KeySize) {
case 128: pcipher = EVP_aes_128_cbc(); break;
case 256: pcipher = EVP_aes_256_cbc(); break;
default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break;
}
rgbOut = COSE_CALLOC(128/8, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(CMAC_Init(pctx, pcose->pbKey, pcose->cbKey, pcipher, NULL /*impl*/) == 1, COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(CMAC_Update(pctx, pbAuthData, cbAuthData), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(CMAC_Final(pctx, rgbOut, &cbOut), COSE_ERR_CRYPTO_FAIL);
cn_cbor * cn = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_TAG);
CHECK_CONDITION(cn != NULL, COSE_ERR_CBOR);
for (i = 0; i < (unsigned int)TagSize / 8; i++) f |= (cn->v.bytes[i] != rgbOut[i]);
COSE_FREE(rgbOut, context);
CMAC_CTX_cleanup(pctx);
CMAC_CTX_free(pctx);
return !f;
errorReturn:
COSE_FREE(rgbOut, context);
CMAC_CTX_cleanup(pctx);
CMAC_CTX_free(pctx);
return false;
}
/*!
* @brief Allocate and initialize an object for creation of an Enveloped message object
*
* Allocate and initialize the object used to create a COSE Enveloped message object.
* Supported flags are:
* COSE_INIT_FLAG_DETACHED_CONTENT - content is not part of the message
* COSE_INIT_NO_CBOR_FLAG - Do not emit the leading CBOR tag on the message.
*
* See the notes on the memory model for the use of the context variable.
* Applications need to free the returned handle before deallocating the
* memory block that it was wrapped in for correct handle checking.
*
* @param flags Set of initialization flags from the COSE_INIT_FLAGS enum
* @param context CN_CBOR context allocator struture
* @param perr Location to return error specific information
* @returns handle to the newly allocated object
*/
HCOSE_ENVELOPED COSE_Enveloped_Init(COSE_INIT_FLAGS flags, CBOR_CONTEXT_COMMA cose_errback * perr)
{
COSE_Enveloped * pobj = (COSE_Enveloped *)COSE_CALLOC(1, sizeof(COSE_Enveloped), context);
CHECK_CONDITION(pobj != NULL, COSE_ERR_OUT_OF_MEMORY);
if (!_COSE_Init(flags,&pobj->m_message, COSE_enveloped_object, CBOR_CONTEXT_PARAM_COMMA perr)) {
_COSE_Enveloped_Release(pobj);
COSE_FREE(pobj, context);
return NULL;
}
_COSE_InsertInList(&EnvelopedRoot, &pobj->m_message);
return (HCOSE_ENVELOPED) pobj;
errorReturn:
return NULL;
}
HCOSE_ENCRYPT COSE_Encrypt_Init(COSE_INIT_FLAGS flags, CBOR_CONTEXT_COMMA cose_errback * perr)
{
CHECK_CONDITION(flags == COSE_INIT_FLAGS_NONE, COSE_ERR_INVALID_PARAMETER);
COSE_Encrypt * pobj = (COSE_Encrypt *)COSE_CALLOC(1, sizeof(COSE_Encrypt), context);
CHECK_CONDITION(pobj != NULL, COSE_ERR_OUT_OF_MEMORY);
if (!_COSE_Init(flags, &pobj->m_message, COSE_enveloped_object, CBOR_CONTEXT_PARAM_COMMA perr)) {
_COSE_Encrypt_Release(pobj);
COSE_FREE(pobj, context);
return NULL;
}
_COSE_InsertInList(&EncryptRoot, &pobj->m_message);
return (HCOSE_ENCRYPT) pobj;
errorReturn:
return NULL;
}
bool HMAC_Validate(COSE_MacMessage * pcose, int HSize, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
HMAC_CTX ctx;
const EVP_MD * pmd = NULL;
byte * rgbOut = NULL;
unsigned int cbOut;
bool f = false;
unsigned int i;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
HMAC_CTX_init(&ctx);
switch (HSize) {
case 256: pmd = EVP_sha256(); break;
case 384: pmd = EVP_sha384(); break;
case 512: pmd = EVP_sha512(); break;
default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break;
}
rgbOut = COSE_CALLOC(EVP_MAX_MD_SIZE, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(HMAC_Init(&ctx, pbKey, (int) cbKey, pmd), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(HMAC_Update(&ctx, pbAuthData, cbAuthData), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(HMAC_Final(&ctx, rgbOut, &cbOut), COSE_ERR_CRYPTO_FAIL);
cn_cbor * cn = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_TAG);
CHECK_CONDITION(cn != NULL, COSE_ERR_CBOR);
if (cn->length > (int) cbOut) return false;
for (i = 0; i < (unsigned int) TSize/8; i++) f |= (cn->v.bytes[i] != rgbOut[i]);
HMAC_cleanup(&ctx);
return !f;
errorReturn:
COSE_FREE(rgbOut, context);
HMAC_cleanup(&ctx);
return false;
}
bool HMAC_Create(COSE_MacMessage * pcose, int HSize, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
byte * rgbOut = NULL;
// unsigned int cbOut;
mbedtls_md_context_t contx;
const char* md_name;
const struct mbedtls_md_info_t * info;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
switch (HSize) {
case 256: md_name = "SHA256"; break;
case 384: md_name = "SHA384"; break;
case 512: md_name = "SHA512"; break;
default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break;
}
if (0) {
errorReturn:
COSE_FREE(rgbOut, context);
mbedtls_md_free(&contx);
return false;
}
mbedtls_md_init(&contx);
info = mbedtls_md_info_from_string (md_name);
mbedtls_md_setup( &contx, info, 1 );
rgbOut = COSE_CALLOC(mbedtls_md_get_size(info), 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(!(mbedtls_md_hmac_starts (&contx, (char*)pbKey, cbKey)), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(!(mbedtls_md_hmac_update (&contx, pbAuthData, cbAuthData)), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(!(mbedtls_md_hmac_finish (&contx, rgbOut)), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cn_cbor_data_create(rgbOut, TSize / 8, CBOR_CONTEXT_PARAM_COMMA NULL), INDEX_MAC_TAG, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
mbedtls_md_free(&contx);
return true;
}
HCOSE_ENVELOPED _COSE_Enveloped_Init_From_Object(cn_cbor * cbor, COSE_Enveloped * pIn, CBOR_CONTEXT_COMMA cose_errback * perr)
{
COSE_Enveloped * pobj = pIn;
cn_cbor * pRecipients = NULL;
cose_errback error = { 0 };
if (perr == NULL) perr = &error;
if (pobj == NULL) pobj = (COSE_Enveloped *)COSE_CALLOC(1, sizeof(COSE_Enveloped), context);
if (pobj == NULL) {
perr->err = COSE_ERR_OUT_OF_MEMORY;
errorReturn:
if (pobj != NULL) {
_COSE_Enveloped_Release(pobj);
if (pIn == NULL) COSE_FREE(pobj, context);
}
return NULL;
}
if (!_COSE_Init_From_Object(&pobj->m_message, cbor, CBOR_CONTEXT_PARAM_COMMA perr)) {
goto errorReturn;
}
pRecipients = _COSE_arrayget_int(&pobj->m_message, INDEX_RECIPIENTS);
if (pRecipients != NULL) {
CHECK_CONDITION(pRecipients->type == CN_CBOR_ARRAY, COSE_ERR_INVALID_PARAMETER);
pRecipients = pRecipients->first_child;
while (pRecipients != NULL) {
COSE_RecipientInfo * pInfo = _COSE_Recipient_Init_From_Object(pRecipients, CBOR_CONTEXT_PARAM_COMMA perr);
CHECK_CONDITION(pInfo != NULL, COSE_ERR_OUT_OF_MEMORY);
pInfo->m_recipientNext = pobj->m_recipientFirst;
pobj->m_recipientFirst = pInfo;
pRecipients = pRecipients->next;
}
}
if (pIn == NULL) _COSE_InsertInList(&EnvelopedRoot, &pobj->m_message);
return(HCOSE_ENVELOPED) pobj;
}
cn_cbor * _COSE_encode_protected(COSE * pMessage, cose_errback * perr)
{
cn_cbor * pProtected;
int cbProtected;
byte * pbProtected = NULL;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pMessage->m_allocContext;
#endif // USE_CBOR_CONTEXT
#ifdef TAG_IN_ARRAY
pProtected = cn_cbor_index(pMessage->m_cbor, INDEX_PROTECTED + (pMessage->m_msgType == 0 ? 0 : 1));
#else
pProtected = cn_cbor_index(pMessage->m_cbor, INDEX_PROTECTED);
#endif
if ((pProtected != NULL) &&(pProtected->type != CN_CBOR_INVALID)) {
errorReturn:
if (pbProtected != NULL) COSE_FREE(pbProtected, context);
return pProtected;
}
if (pMessage->m_protectedMap->length > 0) {
cbProtected = cn_cbor_encoder_write(RgbDontUse3, 0, sizeof(RgbDontUse3), pMessage->m_protectedMap);
pbProtected = (byte *)COSE_CALLOC(cbProtected, 1, context);
CHECK_CONDITION(pbProtected != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(cn_cbor_encoder_write(pbProtected, 0, cbProtected, pMessage->m_protectedMap) == cbProtected, COSE_ERR_CBOR);
}
else {
cbProtected = 0;
}
pProtected = cn_cbor_data_create(pbProtected, cbProtected, CBOR_CONTEXT_PARAM_COMMA NULL);
CHECK_CONDITION(pProtected != NULL, COSE_ERR_OUT_OF_MEMORY);
pbProtected = NULL;
CHECK_CONDITION(_COSE_array_replace(pMessage, pProtected, INDEX_PROTECTED, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
return pProtected;
}
bool HMAC_Create(COSE_MacMessage * pcose, int HSize, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
HMAC_CTX ctx;
const EVP_MD * pmd = NULL;
byte * rgbOut = NULL;
unsigned int cbOut;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
HMAC_CTX_init(&ctx);
if (0) {
errorReturn:
COSE_FREE(rgbOut, context);
HMAC_cleanup(&ctx);
return false;
}
switch (HSize) {
case 256: pmd = EVP_sha256(); break;
case 384: pmd = EVP_sha384(); break;
case 512: pmd = EVP_sha512(); break;
default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break;
}
rgbOut = COSE_CALLOC(EVP_MAX_MD_SIZE, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(HMAC_Init(&ctx, pbKey, (int) cbKey, pmd), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(HMAC_Update(&ctx, pbAuthData, cbAuthData), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(HMAC_Final(&ctx, rgbOut, &cbOut), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cn_cbor_data_create(rgbOut, TSize / 8, CBOR_CONTEXT_PARAM_COMMA NULL), INDEX_MAC_TAG, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
HMAC_cleanup(&ctx);
return true;
}
HCOSE_MAC _COSE_Mac_Init_From_Object(cn_cbor * cbor, COSE_MacMessage * pIn, CBOR_CONTEXT_COMMA cose_errback * perr)
{
COSE_MacMessage * pobj = pIn;
cn_cbor * pRecipients = NULL;
// cn_cbor * tmp;
cose_errback error = { COSE_ERR_NONE };
if (perr == NULL) perr = &error;
if (pobj == NULL) pobj = (COSE_MacMessage *)COSE_CALLOC(1, sizeof(COSE_MacMessage), context);
if (pobj == NULL) {
perr->err = COSE_ERR_OUT_OF_MEMORY;
errorReturn:
if ((pIn == NULL) && (pobj != NULL)) COSE_FREE(pobj, context);
return NULL;
}
if (!_COSE_Init_From_Object(&pobj->m_message, cbor, CBOR_CONTEXT_PARAM_COMMA perr)) {
goto errorReturn;
}
pRecipients = _COSE_arrayget_int(&pobj->m_message, INDEX_MAC_RECIPIENTS);
if (pRecipients != NULL) {
CHECK_CONDITION(pRecipients->type == CN_CBOR_ARRAY, COSE_ERR_INVALID_PARAMETER);
pRecipients = pRecipients->first_child;
while (pRecipients != NULL) {
COSE_RecipientInfo * pInfo = _COSE_Recipient_Init_From_Object(pRecipients, CBOR_CONTEXT_PARAM_COMMA perr);
if (pInfo == NULL) goto errorReturn;
pInfo->m_recipientNext = pobj->m_recipientFirst;
pobj->m_recipientFirst = pInfo;
pRecipients = pRecipients->next;
}
}
return(HCOSE_MAC)pobj;
}
bool ECDSA_Sign(COSE * pSigner, int index, const cn_cbor * pKey, int cbitDigest, const byte * rgbToSign, size_t cbToSign, cose_errback * perr)
{
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
byte rgbDigest[MBEDTLS_MD_MAX_SIZE];
uint8_t * pbSig = NULL;
cn_cbor_errback cbor_error;
int cbR;
mbedtls_md_type_t mdType;
const mbedtls_md_info_t *pmdInfo;
mbedtls_ecp_keypair keypair;
mbedtls_mpi r;
mbedtls_mpi s;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pSigner->m_allocContext;
#endif
cn_cbor * p = NULL;
bool result = false;
mbedtls_ecp_keypair_init(&keypair);
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
if(!ECKey_From(pKey, &keypair, perr)) goto errorReturn;
CHECK_CONDITION(keypair.d.n != 0, COSE_ERR_INVALID_PARAMETER);
switch(cbitDigest)
{
case 256:
mdType = MBEDTLS_MD_SHA256;
break;
case 384:
mdType = MBEDTLS_MD_SHA384;
break;
case 512:
mdType = MBEDTLS_MD_SHA512;
break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
pmdInfo = mbedtls_md_info_from_type(mdType);
CHECK_CONDITION(pmdInfo != NULL, COSE_ERR_INVALID_PARAMETER);
CHECK_CONDITION(mbedtls_md(pmdInfo, rgbToSign, cbToSign, rgbDigest) == 0, COSE_ERR_INVALID_PARAMETER);
CHECK_CONDITION(mbedtls_ecdsa_sign_det(&keypair.grp, &r, &s, &keypair.d, rgbDigest, mbedtls_md_get_size(pmdInfo), mdType) == 0, COSE_ERR_CRYPTO_FAIL);
cbR = (keypair.grp.nbits + 7) / 8;
pbSig = COSE_CALLOC(cbR, 2, context);
CHECK_CONDITION(pbSig != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(mbedtls_mpi_write_binary(&r, pbSig, cbR) == 0, COSE_ERR_INTERNAL);
CHECK_CONDITION(mbedtls_mpi_write_binary(&s, pbSig + cbR, cbR) == 0, COSE_ERR_INTERNAL);
p = cn_cbor_data_create(pbSig, cbR*2, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(p != NULL, cbor_error);
CHECK_CONDITION(_COSE_array_replace(pSigner, p, index, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
p = NULL;
pbSig = NULL;
result = true;
errorReturn:
cn_cbor_free(p CBOR_CONTEXT_PARAM);
COSE_FREE(pbSig, context);
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
mbedtls_ecp_keypair_free(&keypair);
return result;
#else
return false;
#endif
}
bool _COSE_Enveloped_decrypt(COSE_Enveloped * pcose, COSE_RecipientInfo * pRecip, const byte *pbKeyIn, size_t cbKeyIn, const char * szContext, cose_errback * perr)
{
int alg;
const cn_cbor * cn = NULL;
byte * pbKey = NULL;
size_t cbitKey = 0;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context;
#endif
byte * pbAuthData = NULL;
size_t cbAuthData;
#ifdef USE_CBOR_CONTEXT
context = &pcose->m_message.m_allocContext;
#endif
CHECK_CONDITION(!((pRecip != NULL) && (pbKeyIn != NULL)), COSE_ERR_INTERNAL);
cn = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
if (cn == NULL) {
error:
errorReturn:
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if ((pbKey != NULL) && (pbKeyIn == NULL)) {
memset(pbKey, 0xff, cbitKey / 8);
COSE_FREE(pbKey, context);
}
return false;
}
CHECK_CONDITION((cn->type == CN_CBOR_UINT) || (cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
alg = (int) cn->v.uint;
switch (alg) {
#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
cbitKey = 256;
break;
#endif
#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
cbitKey = 256;
break;
#endif
#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
cbitKey = 256;
break;
#endif
#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
cbitKey = 256;
break;
#endif
#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
cbitKey = 192;
break;
#endif
#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
cbitKey = 256;
break;
#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
//
// We are doing the enveloped item - so look for the passed in recipient
//
if (pbKeyIn != NULL) {
CHECK_CONDITION(cbKeyIn == cbitKey / 8, COSE_ERR_INVALID_PARAMETER);
pbKey = pbKeyIn;
}
else {
// Allocate the key if we have not already done so
if (pbKey == NULL) {
pbKey = COSE_CALLOC(cbitKey / 8, 1, context);
CHECK_CONDITION(pbKey != NULL, COSE_ERR_OUT_OF_MEMORY);
}
// If there is a recipient - ask it for the key
if (pRecip != NULL) {
COSE_RecipientInfo * pRecipX;
for (pRecipX = pcose->m_recipientFirst; pRecipX != NULL; pRecipX = pRecipX->m_recipientNext) {
if (pRecipX == pRecip) {
if (!_COSE_Recipient_decrypt(pRecipX, pRecip, alg, cbitKey, pbKey, perr)) goto errorReturn;
break;
}
else if (pRecipX->m_encrypt.m_recipientFirst != NULL) {
if (_COSE_Recipient_decrypt(pRecipX, pRecip, alg, cbitKey, pbKey, perr)) break;
}
}
CHECK_CONDITION(pRecipX != NULL, COSE_ERR_NO_RECIPIENT_FOUND);
}
else {
for (pRecip = pcose->m_recipientFirst; pRecip != NULL; pRecip = pRecip->m_recipientNext) {
if (_COSE_Recipient_decrypt(pRecip, NULL, alg, cbitKey, pbKey, perr)) break;
}
CHECK_CONDITION(pRecip != NULL, COSE_ERR_NO_RECIPIENT_FOUND);
}
}
// Build authenticated data
if (!_COSE_Encrypt_Build_AAD(&pcose->m_message, &pbAuthData, &cbAuthData, szContext, perr)) goto errorReturn;
cn = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY);
CHECK_CONDITION(cn != NULL, COSE_ERR_INVALID_PARAMETER);
switch (alg) {
#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
if (!AES_CCM_Decrypt(pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
if (!AES_CCM_Decrypt(pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
if (!AES_CCM_Decrypt(pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
if (!AES_CCM_Decrypt(pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
if (!AES_CCM_Decrypt(pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
if (!AES_CCM_Decrypt(pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
if (!AES_CCM_Decrypt(pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
if (!AES_CCM_Decrypt(pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
if (!AES_GCM_Decrypt(pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
if (!AES_GCM_Decrypt(pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
if (!AES_GCM_Decrypt(pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if ((pbKey != NULL) && (pbKeyIn == NULL)) COSE_FREE(pbKey, context);
if (perr != NULL) perr->err = COSE_ERR_NONE;
return true;
}
bool _COSE_Encrypt_decrypt(COSE_Encrypt * pcose, const byte * pbKey, size_t cbKey, cose_errback * perr)
{
int alg;
const cn_cbor * cn = NULL;
int cbitKey;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context;
#endif
byte * pbAuthData = NULL;
size_t cbAuthData;
cn_cbor * pAuthData = NULL;
byte * pbProtected = NULL;
ssize_t cbProtected;
#ifdef USE_CBOR_CONTEXT
context = &pcose->m_message.m_allocContext;
#endif
cn = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
if (cn == NULL) {
error:
errorReturn:
if (pbProtected != NULL) COSE_FREE(pbProtected, context);
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
return false;
}
CHECK_CONDITION((cn->type == CN_CBOR_UINT) || (cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
alg = (int) cn->v.uint;
switch (alg) {
#ifdef INCLUDE_AES_CCM
case COSE_Algorithm_AES_CCM_16_64_128:
case COSE_Algorithm_AES_CCM_16_128_128:
case COSE_Algorithm_AES_CCM_64_64_128:
case COSE_Algorithm_AES_CCM_64_128_128:
cbitKey = 128;
break;
case COSE_Algorithm_AES_CCM_64_64_256:
case COSE_Algorithm_AES_CCM_16_128_256:
case COSE_Algorithm_AES_CCM_64_128_256:
case COSE_Algorithm_AES_CCM_16_64_256:
cbitKey = 256;
break;
#endif // INCLUDE_AES_CCM
case COSE_Algorithm_AES_GCM_128:
cbitKey = 128;
break;
case COSE_Algorithm_AES_GCM_192:
cbitKey = 192;
break;
case COSE_Algorithm_AES_GCM_256:
cbitKey = 256;
break;
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
CHECK_CONDITION(cbitKey / 8 == cbKey, COSE_ERR_INVALID_PARAMETER);
// Build protected headers
CHECK_CONDITION(pcose->m_message.m_protectedMap != NULL, COSE_ERR_INVALID_PARAMETER);
if ((pcose->m_message.m_protectedMap != NULL) && (pcose->m_message.m_protectedMap->first_child != NULL)) {
cbProtected = cn_cbor_encoder_write(RgbDontUse, 0, sizeof(RgbDontUse), pcose->m_message.m_protectedMap);
pbProtected = (byte *)COSE_CALLOC(cbProtected, 1, context);
if (pbProtected == NULL) goto error;
if (cn_cbor_encoder_write(pbProtected, 0, cbProtected, pcose->m_message.m_protectedMap) != cbProtected) goto error;
}
else {
pbProtected = NULL;
cbProtected = 0;
}
// Build authenticated data
if (!_COSE_Encrypt_Build_AAD(&pcose->m_message, &pbAuthData, &cbAuthData, "Encrypted", perr)) goto errorReturn;
cn = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY);
CHECK_CONDITION(cn != NULL, COSE_ERR_INVALID_PARAMETER);
switch (alg) {
#ifdef INCLUDE_AES_CCM
case COSE_Algorithm_AES_CCM_16_64_128:
case COSE_Algorithm_AES_CCM_16_64_256:
if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
case COSE_Algorithm_AES_CCM_16_128_128:
case COSE_Algorithm_AES_CCM_16_128_256:
if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
case COSE_Algorithm_AES_CCM_64_64_128:
case COSE_Algorithm_AES_CCM_64_64_256:
if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
case COSE_Algorithm_AES_CCM_64_128_128:
case COSE_Algorithm_AES_CCM_64_128_256:
if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif // INCLUDE_AES_CCM
case COSE_Algorithm_AES_GCM_128:
case COSE_Algorithm_AES_GCM_192:
case COSE_Algorithm_AES_GCM_256:
if (!AES_GCM_Decrypt((COSE_Enveloped *)pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
if (pbProtected != NULL) COSE_FREE(pbProtected, context);
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
if (perr != NULL) perr->err = COSE_ERR_NONE;
return true;
}
bool AES_CCM_Encrypt(COSE_Enveloped * pcose, int TSize, int LSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
mbedtls_ccm_context ctx;
int cbOut;
byte * rgbOut = NULL;
int NSize = 15 - (LSize/8);
const cn_cbor * cbor_iv = NULL;
cn_cbor * cbor_iv_t = NULL;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
cn_cbor * cnTmp = NULL;
mbedtls_cipher_id_t cipher;
byte rgbIV[16];
byte * pbIV = NULL;
cn_cbor_errback cbor_error;
mbedtls_ccm_init(&ctx);
cipher = MBEDTLS_CIPHER_ID_AES;
// Setup the IV/Nonce and put it into the message
cbor_iv = _COSE_map_get_int(&pcose->m_message, COSE_Header_IV, COSE_BOTH, perr);
if (cbor_iv == NULL) {
pbIV = COSE_CALLOC(NSize, 1, context);
CHECK_CONDITION(pbIV != NULL, COSE_ERR_OUT_OF_MEMORY);
rand_bytes(pbIV, NSize);
memcpy(rgbIV, pbIV, NSize);
cbor_iv_t = cn_cbor_data_create(pbIV, NSize, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(cbor_iv_t != NULL, cbor_error);
pbIV = NULL;
if (!_COSE_map_put(&pcose->m_message, COSE_Header_IV, cbor_iv_t, COSE_UNPROTECT_ONLY, perr)) goto errorReturn;
cbor_iv_t = NULL;
}
else {
CHECK_CONDITION(cbor_iv->type == CN_CBOR_BYTES, COSE_ERR_INVALID_PARAMETER);
CHECK_CONDITION(cbor_iv->length == NSize, COSE_ERR_INVALID_PARAMETER);
memcpy(rgbIV, cbor_iv->v.str, cbor_iv->length);
}
// Setup and run the mbedTLS code
//cbKey comes in bytes not bits
CHECK_CONDITION(!mbedtls_ccm_setkey(&ctx, cipher, pbKey, cbKey*8), COSE_ERR_CRYPTO_FAIL);
TSize /= 8; // Comes in in bits not bytes.
cbOut = pcose->cbContent; // M00BUG - This is a missing call?
rgbOut = (byte *)COSE_CALLOC(cbOut+TSize, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(!mbedtls_ccm_encrypt_and_tag(&ctx, pcose->cbContent, rgbIV, NSize, pbAuthData, cbAuthData, pcose->pbContent, rgbOut, &rgbOut[pcose->cbContent], TSize), COSE_ERR_CRYPTO_FAIL);
cnTmp = cn_cbor_data_create(rgbOut, (int)pcose->cbContent + TSize, CBOR_CONTEXT_PARAM_COMMA NULL);
CHECK_CONDITION(cnTmp != NULL, COSE_ERR_CBOR);
rgbOut = NULL;
CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cnTmp, INDEX_BODY, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
cnTmp = NULL;
mbedtls_ccm_free(&ctx);
return true;
errorReturn:
if (pbIV != NULL) COSE_FREE(pbIV, context);
if (cbor_iv_t != NULL) COSE_FREE(cbor_iv_t, context);
if (rgbOut != NULL) COSE_FREE(rgbOut, context);
if (cnTmp != NULL) COSE_FREE(cnTmp, context);
printf("errorReturn from OPENSSL\n");
mbedtls_ccm_free(&ctx);
return false;
}
HCOSE_RECIPIENT COSE_Mac_add_shared_secret(HCOSE_MAC hcose, COSE_Algorithms alg, byte * rgbKey, int cbKey, byte * rgbKid, int cbKid, cose_errback * perr)
{
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = NULL;
#endif // USE_CBOR_CONTEXT
COSE_RecipientInfo * pobj;
COSE_MacMessage * pcose = (COSE_MacMessage *)hcose;
cn_cbor * cn_Temp = NULL;
cn_cbor * pRecipients = NULL;
cn_cbor * pRecipientsNew = NULL;
byte * pbKey = NULL;
byte * pbTemp = NULL;
cn_cbor * cnTemp = NULL;
cn_cbor_errback cbor_error;
CHECK_CONDITION(IsValidMacHandle(hcose) && (rgbKey != NULL), COSE_ERR_INVALID_PARAMETER);
#ifdef USE_CBOR_CONTEXT
context = &pcose->m_message.m_allocContext;
#endif // USE_CBOR_CONTEXT
switch (alg) {
case COSE_Algorithm_Direct:
break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
pobj = (COSE_RecipientInfo *)COSE_CALLOC(1, sizeof(COSE_RecipientInfo), context);
CHECK_CONDITION(pobj != NULL, COSE_ERR_OUT_OF_MEMORY);
if (!_COSE_Init(&pobj->m_encrypt.m_message, COSE_unknown_object, CBOR_CONTEXT_PARAM_COMMA perr)) {
goto errorReturn;
}
cn_Temp = cn_cbor_int_create(alg, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(cn_Temp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_mapput_int(pobj->m_encrypt.m_message.m_unprotectMap, COSE_Header_Algorithm, cn_Temp, CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error);
cn_Temp = NULL;
if (cbKid > 0) {
pbTemp = (byte *)COSE_CALLOC(cbKid, 1, context);
CHECK_CONDITION(pbTemp != NULL, COSE_ERR_OUT_OF_MEMORY);
memcpy(pbTemp, rgbKid, cbKid);
cnTemp = cn_cbor_data_create(pbTemp, cbKid, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(cnTemp != NULL, cbor_error);
pbTemp = NULL;
CHECK_CONDITION_CBOR(cn_cbor_mapput_int(pobj->m_encrypt.m_message.m_unprotectMap, COSE_Header_KID, cnTemp, CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error);
}
pobj->m_encrypt.pbKey = pbKey = (byte *)COSE_CALLOC(cbKey, 1, context);
CHECK_CONDITION(pobj->m_encrypt.pbKey != NULL, COSE_ERR_OUT_OF_MEMORY);
memcpy(pbKey, rgbKey, cbKey);
pobj->m_encrypt.cbKey = cbKey;
pobj->m_recipientNext = pcose->m_recipientFirst;
pcose->m_recipientFirst = pobj;
pRecipients = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_RECIPIENTS);
if (pRecipients == NULL) {
pRecipients = pRecipientsNew = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(pRecipients != NULL, cbor_error);
pRecipientsNew = NULL;
CHECK_CONDITION_CBOR(_COSE_array_replace(&pcose->m_message, pRecipients, INDEX_MAC_RECIPIENTS, CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error);
}
CHECK_CONDITION_CBOR(cn_cbor_array_append(pRecipients, pobj->m_encrypt.m_message.m_cbor, &cbor_error), cbor_error);
pobj->m_encrypt.m_message.m_flags |= 1;
return (HCOSE_RECIPIENT)pobj;
errorReturn:
if (cn_Temp != NULL) CN_CBOR_FREE(cn_Temp, context);
if (pRecipientsNew != NULL) CN_CBOR_FREE(pRecipientsNew, context);
// if (pobj != NULL) COSE_Recipient_Free(pobj);
return NULL;
}
bool COSE_Mac0_validate(HCOSE_MAC0 h, const byte * pbKey, size_t cbKey, cose_errback * perr)
{
COSE_Mac0Message * pcose = (COSE_Mac0Message *)h;
cn_cbor_errback cbor_error;
byte * pbAuthData = NULL;
int cbitKey = 0;
int alg;
const cn_cbor * cn = NULL;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = NULL;
#endif
ssize_t cbAuthData;
cn_cbor * pAuthData = NULL;
cn_cbor * ptmp = NULL;
CHECK_CONDITION(IsValidMac0Handle(h), COSE_ERR_INVALID_PARAMETER);
#ifdef USE_CBOR_CONTEXT
context = &pcose->m_message.m_allocContext;
#endif
cn = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
if (cn == NULL) goto errorReturn;
if (cn->type == CN_CBOR_TEXT) {
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
}
else {
CHECK_CONDITION((cn->type == CN_CBOR_UINT || cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
alg = (int)cn->v.uint;
switch (alg) {
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_128_128:
cbitKey = 128;
break;
case COSE_Algorithm_CBC_MAC_256_64:
case COSE_Algorithm_CBC_MAC_256_128:
case COSE_Algorithm_HMAC_256_64:
case COSE_Algorithm_HMAC_256_256:
cbitKey = 256;
break;
case COSE_Algorithm_HMAC_384_384:
cbitKey = 384;
break;
case COSE_Algorithm_HMAC_512_512:
cbitKey = 512;
break;
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
}
// Build protected headers
cn_cbor * cnProtected = _COSE_arrayget_int(&pcose->m_message, INDEX_PROTECTED);
CHECK_CONDITION((cnProtected != NULL) && (cnProtected->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
cn_cbor * cnContent = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY);
CHECK_CONDITION((cnContent != NULL) && (cnContent->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
// Build authenticated data
pbAuthData = NULL;
pAuthData = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(pAuthData != NULL, cbor_error);
ptmp = cn_cbor_string_create("MAC0", CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(cnProtected->v.bytes, (int) cnProtected->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(cnContent->v.bytes, (int) cnContent->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
cbAuthData = cn_cbor_encoder_write(RgbDontUseMac, 0, sizeof(RgbDontUseMac), pAuthData);
pbAuthData = (byte *)COSE_CALLOC(cbAuthData, 1, context);
CHECK_CONDITION(pbAuthData != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION((cn_cbor_encoder_write(pbAuthData, 0, cbAuthData+1, pAuthData) == cbAuthData), COSE_ERR_CBOR); // M00HACK
switch (alg) {
case COSE_Algorithm_HMAC_256_256:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 256, 256, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_256_64:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 256, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_384_384:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 384, 384, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_512_512:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 512, 512, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_256_64:
if (!AES_CBC_MAC_Validate((COSE_MacMessage *)pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_CBC_MAC_128_128:
case COSE_Algorithm_CBC_MAC_256_128:
if (!AES_CBC_MAC_Validate((COSE_MacMessage *)pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
return true;
errorReturn:
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
return false;
}
bool COSE_Mac_validate(HCOSE_MAC h, HCOSE_RECIPIENT hRecip, cose_errback * perr)
{
COSE_MacMessage * pcose = (COSE_MacMessage *)h;
COSE_RecipientInfo * pRecip = (COSE_RecipientInfo *)hRecip;
cn_cbor_errback cbor_error;
byte * pbAuthData = NULL;
int cbitKey = 0;
int alg;
const cn_cbor * cn = NULL;
byte * pbKey = NULL;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = NULL;
#endif
ssize_t cbAuthData;
cn_cbor * pAuthData = NULL;
cn_cbor * ptmp = NULL;
CHECK_CONDITION(IsValidMacHandle(h) && IsValidRecipientHandle(hRecip), COSE_ERR_INVALID_PARAMETER);
#ifdef USE_CBOR_CONTEXT
context = &pcose->m_message.m_allocContext;
#endif
cn = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
if (cn == NULL) goto errorReturn;
if (cn->type == CN_CBOR_TEXT) {
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
}
else {
CHECK_CONDITION((cn->type == CN_CBOR_UINT || cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
alg = (int)cn->v.uint;
switch (alg) {
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_128_128:
cbitKey = 128;
break;
case COSE_Algorithm_CBC_MAC_256_64:
case COSE_Algorithm_CBC_MAC_256_128:
case COSE_Algorithm_HMAC_256_64:
case COSE_Algorithm_HMAC_256_256:
cbitKey = 256;
break;
case COSE_Algorithm_HMAC_384_384:
cbitKey = 384;
break;
case COSE_Algorithm_HMAC_512_512:
cbitKey = 512;
break;
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
}
// Allocate the key if we have not already done so
if (pbKey == NULL) {
pbKey = COSE_CALLOC(cbitKey / 8, 1, context);
CHECK_CONDITION(pbKey != NULL, COSE_ERR_OUT_OF_MEMORY);
}
// If there is a recipient - ask it for the key
for (pRecip = pcose->m_recipientFirst; pRecip != NULL; pRecip = pRecip->m_recipientNext) {
if (_COSE_Recipient_decrypt(pRecip, cbitKey, pbKey, perr)) break;
}
CHECK_CONDITION(pRecip != NULL, COSE_ERR_NO_RECIPIENT_FOUND);
// Build protected headers
cn_cbor * cnProtected = _COSE_arrayget_int(&pcose->m_message, INDEX_PROTECTED);
CHECK_CONDITION((cnProtected != NULL) && (cnProtected->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
cn_cbor * cnContent = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY);
CHECK_CONDITION((cnContent != NULL) && (cnContent->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
// Build authenticated data
pbAuthData = NULL;
pAuthData = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(pAuthData != NULL, cbor_error);
ptmp = cn_cbor_string_create("MAC", CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(cnProtected->v.bytes, (int) cnProtected->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(cnContent->v.bytes, (int) cnContent->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
cbAuthData = cn_cbor_encoder_write(RgbDontUseMac, 0, sizeof(RgbDontUseMac), pAuthData);
pbAuthData = (byte *)COSE_CALLOC(cbAuthData, 1, context);
CHECK_CONDITION(pbAuthData != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION((cn_cbor_encoder_write(pbAuthData, 0, cbAuthData+1, pAuthData) == cbAuthData), COSE_ERR_CBOR); // M00HACK
switch (alg) {
case COSE_Algorithm_HMAC_256_256:
if (!HMAC_Validate(pcose, 256, 256, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_256_64:
if (!HMAC_Validate(pcose, 256, 64, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_384_384:
if (!HMAC_Validate(pcose, 384, 384, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_512_512:
if (!HMAC_Validate(pcose, 512, 512, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_256_64:
if (!AES_CBC_MAC_Validate(pcose, 64, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_CBC_MAC_128_128:
case COSE_Algorithm_CBC_MAC_256_128:
if (!AES_CBC_MAC_Validate(pcose, 128, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
if ((pbKey != NULL)) {
memset(pbKey, 0xff, cbitKey / 8);
COSE_FREE(pbKey, context);
}
return true;
errorReturn:
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
if ((pbKey != NULL)) {
memset(pbKey, 0xff, cbitKey / 8);
COSE_FREE(pbKey, context);
}
return false;
}
bool COSE_Mac0_encrypt(HCOSE_MAC0 h, const byte * pbKey, size_t cbKey, cose_errback * perr)
{
int alg;
const cn_cbor * cn_Alg = NULL;
byte * pbAuthData = NULL;
cn_cbor * pAuthData = NULL;
cn_cbor * ptmp = NULL;
size_t cbitKey;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = NULL;
#endif
COSE_Mac0Message * pcose = (COSE_Mac0Message *)h;
cn_cbor_errback cbor_error;
CHECK_CONDITION(IsValidMac0Handle(h), COSE_ERR_INVALID_PARAMETER);
#ifdef USE_CBOR_CONTEXT
context = &pcose->m_message.m_allocContext;
#endif // USE_CBOR_CONTEXT
cn_Alg = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
if (cn_Alg == NULL) goto errorReturn;
CHECK_CONDITION(((cn_Alg->type == CN_CBOR_UINT || cn_Alg->type == CN_CBOR_INT)), COSE_ERR_INVALID_PARAMETER);
alg = (int) cn_Alg->v.uint;
// Get the key size
switch (alg) {
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_128_128:
cbitKey = 128;
break;
case COSE_Algorithm_CBC_MAC_256_64:
case COSE_Algorithm_CBC_MAC_256_128:
case COSE_Algorithm_HMAC_256_64:
case COSE_Algorithm_HMAC_256_256:
cbitKey = 256;
break;
case COSE_Algorithm_HMAC_384_384:
cbitKey = 384;
break;
case COSE_Algorithm_HMAC_512_512:
cbitKey = 512;
break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
// Build protected headers
const cn_cbor * cbProtected = _COSE_encode_protected(&pcose->m_message, perr);
if (cbProtected == NULL) goto errorReturn;
// Get the body
const cn_cbor * cbBody = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY);
CHECK_CONDITION(cbBody != NULL, COSE_ERR_INVALID_PARAMETER);
// Build authenticated data
// Protected headers
// external data
// body
size_t cbAuthData = 0;
pAuthData = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA NULL);
CHECK_CONDITION(pAuthData != NULL, COSE_ERR_OUT_OF_MEMORY);
ptmp = cn_cbor_string_create("MAC0", CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = NULL;
ptmp = cn_cbor_data_create(cbProtected->v.bytes, (int) cbProtected->length, CBOR_CONTEXT_PARAM_COMMA NULL);
CHECK_CONDITION(ptmp != NULL, COSE_ERR_CBOR);
CHECK_CONDITION(cn_cbor_array_append(pAuthData, ptmp, NULL), COSE_ERR_CBOR);
ptmp = NULL;
ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = NULL;
ptmp = cn_cbor_data_create(cbBody->v.bytes, (int) cbBody->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = NULL;
cbAuthData = cn_cbor_encoder_write(RgbDontUse2, 0, sizeof(RgbDontUse2), pAuthData);
CHECK_CONDITION(cbAuthData > 0, COSE_ERR_CBOR);
pbAuthData = (byte *)COSE_CALLOC(cbAuthData, 1, context);
CHECK_CONDITION(pbAuthData != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(cn_cbor_encoder_write(pbAuthData, 0, cbAuthData, pAuthData) == cbAuthData, COSE_ERR_CBOR);
switch (alg) {
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_256_64:
if (!AES_CBC_MAC_Create((COSE_MacMessage *)pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_CBC_MAC_128_128:
case COSE_Algorithm_CBC_MAC_256_128:
if (!AES_CBC_MAC_Create((COSE_MacMessage *)pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_256_64:
if (!HMAC_Create((COSE_MacMessage *)pcose, 256, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_256_256:
if (!HMAC_Create((COSE_MacMessage *)pcose, 256, 256, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_384_384:
if (!HMAC_Create((COSE_MacMessage *)pcose, 384, 384, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_512_512:
if (!HMAC_Create((COSE_MacMessage *)pcose, 512, 512, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
// Figure out the clean up
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
if (ptmp != NULL) cn_cbor_free(ptmp CBOR_CONTEXT_PARAM);
return true;
errorReturn:
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
if (ptmp != NULL) cn_cbor_free(ptmp CBOR_CONTEXT_PARAM);
return false;
}
bool _COSE_Enveloped_encrypt(COSE_Enveloped * pcose, const byte * pbKeyIn, size_t cbKeyIn, const char * szContext, cose_errback * perr)
{
int alg;
int t;
COSE_RecipientInfo * pri;
const cn_cbor * cn_Alg = NULL;
byte * pbAuthData = NULL;
size_t cbitKey;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
bool fRet = false;
byte * pbKey = NULL;
size_t cbKey = 0;
cn_Alg = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
if (cn_Alg == NULL) goto errorReturn;
CHECK_CONDITION((cn_Alg->type != CN_CBOR_TEXT), COSE_ERR_UNKNOWN_ALGORITHM);
CHECK_CONDITION((cn_Alg->type == CN_CBOR_UINT) || (cn_Alg->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
alg = (int) cn_Alg->v.uint;
// Get the key size
switch (alg) {
#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
cbitKey = 256;
break;
#endif
#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
cbitKey = 256;
break;
#endif
#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
cbitKey = 256;
break;
#endif
#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
cbitKey = 256;
break;
#endif
#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
cbitKey = 192;
break;
#endif
#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
cbitKey = 256;
break;
#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
}
// Enveloped or Encrypted?
if (pbKeyIn != NULL) {
CHECK_CONDITION(cbKeyIn == cbitKey / 8, COSE_ERR_INVALID_PARAMETER);
pbKey = pbKeyIn;
cbKey = cbKeyIn;
}
else {
// If we are doing direct encryption - then recipient generates the key
t = 0;
for (pri = pcose->m_recipientFirst; pri != NULL; pri = pri->m_recipientNext) {
if (pri->m_encrypt.m_message.m_flags & 1) {
CHECK_CONDITION(pbKey == NULL, COSE_ERR_INVALID_PARAMETER);
t |= 1;
pbKey = _COSE_RecipientInfo_generateKey(pri, alg, cbitKey, perr);
cbKey = cbitKey / 8;
if (pbKey == NULL) goto errorReturn;
}
else {
t |= 2;
}
}
CHECK_CONDITION(t != 3, COSE_ERR_INVALID_PARAMETER);
if (t == 2) {
pbKey = (byte *)COSE_CALLOC(cbitKey / 8, 1, context);
CHECK_CONDITION(pbKey != NULL, COSE_ERR_OUT_OF_MEMORY);
cbKey = cbitKey / 8;
rand_bytes(pbKey, cbKey);
}
}
// Build protected headers
const cn_cbor * cbProtected = _COSE_encode_protected(&pcose->m_message, perr);
if (cbProtected == NULL) goto errorReturn;
#ifdef USE_COUNTER_SIGNATURES
// Setup Counter Signatures
if (!_COSE_CountSign_create(&pcose->m_message, NULL, CBOR_CONTEXT_PARAM_COMMA perr)) {
goto errorReturn;
}
#endif
// Build authenticated data
size_t cbAuthData = 0;
if (!_COSE_Encrypt_Build_AAD(&pcose->m_message, &pbAuthData, &cbAuthData, szContext, perr)) goto errorReturn;
switch (alg) {
#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
if (!AES_CCM_Encrypt(pcose, 64, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
if (!AES_CCM_Encrypt(pcose, 64, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
if (!AES_CCM_Encrypt(pcose, 128, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
if (!AES_CCM_Encrypt(pcose, 128, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
if (!AES_CCM_Encrypt(pcose, 64, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
if (!AES_CCM_Encrypt(pcose, 64, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
if (!AES_CCM_Encrypt(pcose, 128, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
if (!AES_CCM_Encrypt(pcose, 128, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
if (!AES_GCM_Encrypt(pcose, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
if (!AES_GCM_Encrypt(pcose, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
if (!AES_GCM_Encrypt(pcose, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
}
for (pri = pcose->m_recipientFirst; pri != NULL; pri = pri->m_recipientNext) {
if (!_COSE_Recipient_encrypt(pri, pbKey, cbKey, perr)) goto errorReturn;
}
// Figure out the clean up
fRet = true;
errorReturn:
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if ((pbKey != NULL) && (pbKey != pbKeyIn)) {
memset(pbKey, 0, cbKey);
COSE_FREE(pbKey, context);
}
return fRet;
}
