cn_cbor * COSE_Encrypt_map_get_int(HCOSE_ENCRYPT h, int key, int flags, cose_errback * perror)
{
if (!IsValidEncryptHandle(h)) {
if (perror != NULL) perror->err = COSE_ERR_INVALID_PARAMETER;
return NULL;
}
return _COSE_map_get_int(&((COSE_Encrypt *)h)->m_message, key, flags, perror);
}
cn_cbor * COSE_Enveloped_map_get_int(HCOSE_ENVELOPED h, int key, int flags, cose_errback * perror)
{
if (!IsValidEnvelopedHandle(h)) {
if (perror != NULL) perror->err = COSE_ERR_INVALID_HANDLE;
return NULL;
}
return _COSE_map_get_int(&((COSE_Enveloped *)h)->m_message, key, flags, perror);
}
cn_cbor * COSE_Mac0_map_get_int(HCOSE_MAC0 h, int key, int flags, cose_errback * perror)
{
if (!IsValidMac0Handle(h)) {
if (perror != NULL) perror->err = COSE_ERR_INVALID_PARAMETER;
return NULL;
}
return _COSE_map_get_int(&((COSE_Mac0Message *)h)->m_message, key, flags, perror);
}
bool AES_CCM_Decrypt(COSE_Enveloped * pcose, int TSize, int LSize, const byte * pbKey, size_t cbKey, const byte * pbCrypto, size_t cbCrypto, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
mbedtls_ccm_context ctx;
int cbOut;
byte * rgbOut = NULL;
int NSize = 15 - (LSize/8);
byte rgbIV[15] = { 0 };
const cn_cbor * pIV = NULL;
mbedtls_cipher_id_t cipher;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
mbedtls_ccm_init(&ctx);
// Setup the IV/Nonce and put it into the message
pIV = _COSE_map_get_int(&pcose->m_message, COSE_Header_IV, COSE_BOTH, NULL);
if ((pIV == NULL) || (pIV->type!= CN_CBOR_BYTES)) {
if (perr != NULL) perr->err = COSE_ERR_INVALID_PARAMETER;
errorReturn:
if (rgbOut != NULL) COSE_FREE(rgbOut, context);
mbedtls_ccm_free(&ctx);
return false;
}
CHECK_CONDITION(pIV->length == NSize, COSE_ERR_INVALID_PARAMETER);
memcpy(rgbIV, pIV->v.str, pIV->length);
// Setup and run the mbedTLS code
cipher = MBEDTLS_CIPHER_ID_AES;
CHECK_CONDITION(!mbedtls_ccm_setkey(&ctx, cipher, pbKey, cbKey*8), COSE_ERR_CRYPTO_FAIL);
TSize /= 8; // Comes in in bits not bytes.
cbOut = (int) cbCrypto - TSize;
rgbOut = (byte *)COSE_CALLOC(cbOut, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(!mbedtls_ccm_auth_decrypt(&ctx, cbOut, rgbIV, NSize, pbAuthData, cbAuthData, pbCrypto, rgbOut, &pbCrypto[cbOut], TSize), COSE_ERR_CRYPTO_FAIL);
mbedtls_ccm_free(&ctx);
pcose->pbContent = rgbOut;
pcose->cbContent = cbOut;
return true;
}
bool COSE_Encrypt_encrypt(HCOSE_ENCRYPT h, const byte * pbKey, size_t cbKey, cose_errback * perr)
{
int alg;
const cn_cbor * cn_Alg = NULL;
byte * pbAuthData = NULL;
cn_cbor * pAuthData = NULL;
cn_cbor * ptmp = NULL;
size_t cbitKey;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = NULL;
#endif
COSE_Encrypt * pcose = (COSE_Encrypt *) h;
CHECK_CONDITION(IsValidEncryptHandle(h), COSE_ERR_INVALID_PARAMETER);
#ifdef USE_CBOR_CONTEXT
context = &pcose->m_message.m_allocContext;
#endif // USE_CBOR_CONTEXT
cn_Alg = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
if (cn_Alg == NULL) goto errorReturn;
CHECK_CONDITION((cn_Alg->type == CN_CBOR_UINT) || (cn_Alg->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
alg = (int) cn_Alg->v.uint;
// Get the key size
switch (alg) {
#ifdef INCLUDE_AES_CCM
case COSE_Algorithm_AES_CCM_64_64_128:
case COSE_Algorithm_AES_CCM_16_128_128:
case COSE_Algorithm_AES_CCM_64_128_128:
case COSE_Algorithm_AES_CCM_16_64_128:
cbitKey = 128;
break;
case COSE_Algorithm_AES_CCM_64_64_256:
case COSE_Algorithm_AES_CCM_16_128_256:
case COSE_Algorithm_AES_CCM_64_128_256:
case COSE_Algorithm_AES_CCM_16_64_256:
cbitKey = 256;
break;
#endif // INCLUDE_AES_CCM
case COSE_Algorithm_AES_GCM_128: cbitKey = 128; break;
case COSE_Algorithm_AES_GCM_192: cbitKey = 192; break;
case COSE_Algorithm_AES_GCM_256: cbitKey = 256; break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
// Build protected headers
const cn_cbor * cbProtected = _COSE_encode_protected(&pcose->m_message, perr);
if (cbProtected == NULL) goto errorReturn;
// Build authenticated data
size_t cbAuthData = 0;
if (!_COSE_Encrypt_Build_AAD(&pcose->m_message, &pbAuthData, &cbAuthData, "Encrypted", perr)) goto errorReturn;
switch (alg) {
#ifdef INCLUDE_AES_CCM
case COSE_Algorithm_AES_CCM_16_64_128:
case COSE_Algorithm_AES_CCM_16_64_256:
if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 64, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_AES_CCM_16_128_128:
case COSE_Algorithm_AES_CCM_16_128_256:
if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 128, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_AES_CCM_64_64_128:
case COSE_Algorithm_AES_CCM_64_64_256:
if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 64, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_AES_CCM_64_128_128:
case COSE_Algorithm_AES_CCM_64_128_256:
if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 128, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
case COSE_Algorithm_AES_GCM_128:
case COSE_Algorithm_AES_GCM_192:
case COSE_Algorithm_AES_GCM_256:
if (!AES_GCM_Encrypt((COSE_Enveloped *)pcose, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
// Figure out the clean up
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
return true;
errorReturn:
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
if (ptmp != NULL) cn_cbor_free(ptmp CBOR_CONTEXT_PARAM);
return false;
}
bool _COSE_Encrypt_decrypt(COSE_Encrypt * pcose, const byte * pbKey, size_t cbKey, cose_errback * perr)
{
int alg;
const cn_cbor * cn = NULL;
int cbitKey;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context;
#endif
byte * pbAuthData = NULL;
size_t cbAuthData;
cn_cbor * pAuthData = NULL;
byte * pbProtected = NULL;
ssize_t cbProtected;
#ifdef USE_CBOR_CONTEXT
context = &pcose->m_message.m_allocContext;
#endif
cn = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
if (cn == NULL) {
error:
errorReturn:
if (pbProtected != NULL) COSE_FREE(pbProtected, context);
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
return false;
}
CHECK_CONDITION((cn->type == CN_CBOR_UINT) || (cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
alg = (int) cn->v.uint;
switch (alg) {
#ifdef INCLUDE_AES_CCM
case COSE_Algorithm_AES_CCM_16_64_128:
case COSE_Algorithm_AES_CCM_16_128_128:
case COSE_Algorithm_AES_CCM_64_64_128:
case COSE_Algorithm_AES_CCM_64_128_128:
cbitKey = 128;
break;
case COSE_Algorithm_AES_CCM_64_64_256:
case COSE_Algorithm_AES_CCM_16_128_256:
case COSE_Algorithm_AES_CCM_64_128_256:
case COSE_Algorithm_AES_CCM_16_64_256:
cbitKey = 256;
break;
#endif // INCLUDE_AES_CCM
case COSE_Algorithm_AES_GCM_128:
cbitKey = 128;
break;
case COSE_Algorithm_AES_GCM_192:
cbitKey = 192;
break;
case COSE_Algorithm_AES_GCM_256:
cbitKey = 256;
break;
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
CHECK_CONDITION(cbitKey / 8 == cbKey, COSE_ERR_INVALID_PARAMETER);
// Build protected headers
CHECK_CONDITION(pcose->m_message.m_protectedMap != NULL, COSE_ERR_INVALID_PARAMETER);
if ((pcose->m_message.m_protectedMap != NULL) && (pcose->m_message.m_protectedMap->first_child != NULL)) {
cbProtected = cn_cbor_encoder_write(RgbDontUse, 0, sizeof(RgbDontUse), pcose->m_message.m_protectedMap);
pbProtected = (byte *)COSE_CALLOC(cbProtected, 1, context);
if (pbProtected == NULL) goto error;
if (cn_cbor_encoder_write(pbProtected, 0, cbProtected, pcose->m_message.m_protectedMap) != cbProtected) goto error;
}
else {
pbProtected = NULL;
cbProtected = 0;
}
// Build authenticated data
if (!_COSE_Encrypt_Build_AAD(&pcose->m_message, &pbAuthData, &cbAuthData, "Encrypted", perr)) goto errorReturn;
cn = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY);
CHECK_CONDITION(cn != NULL, COSE_ERR_INVALID_PARAMETER);
switch (alg) {
#ifdef INCLUDE_AES_CCM
case COSE_Algorithm_AES_CCM_16_64_128:
case COSE_Algorithm_AES_CCM_16_64_256:
if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
case COSE_Algorithm_AES_CCM_16_128_128:
case COSE_Algorithm_AES_CCM_16_128_256:
if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
case COSE_Algorithm_AES_CCM_64_64_128:
case COSE_Algorithm_AES_CCM_64_64_256:
if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
case COSE_Algorithm_AES_CCM_64_128_128:
case COSE_Algorithm_AES_CCM_64_128_256:
if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif // INCLUDE_AES_CCM
case COSE_Algorithm_AES_GCM_128:
case COSE_Algorithm_AES_GCM_192:
case COSE_Algorithm_AES_GCM_256:
if (!AES_GCM_Decrypt((COSE_Enveloped *)pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
if (pbProtected != NULL) COSE_FREE(pbProtected, context);
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
if (perr != NULL) perr->err = COSE_ERR_NONE;
return true;
}
bool COSE_Mac0_validate(HCOSE_MAC0 h, const byte * pbKey, size_t cbKey, cose_errback * perr)
{
COSE_Mac0Message * pcose = (COSE_Mac0Message *)h;
cn_cbor_errback cbor_error;
byte * pbAuthData = NULL;
int cbitKey = 0;
int alg;
const cn_cbor * cn = NULL;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = NULL;
#endif
ssize_t cbAuthData;
cn_cbor * pAuthData = NULL;
cn_cbor * ptmp = NULL;
CHECK_CONDITION(IsValidMac0Handle(h), COSE_ERR_INVALID_PARAMETER);
#ifdef USE_CBOR_CONTEXT
context = &pcose->m_message.m_allocContext;
#endif
cn = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
if (cn == NULL) goto errorReturn;
if (cn->type == CN_CBOR_TEXT) {
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
}
else {
CHECK_CONDITION((cn->type == CN_CBOR_UINT || cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
alg = (int)cn->v.uint;
switch (alg) {
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_128_128:
cbitKey = 128;
break;
case COSE_Algorithm_CBC_MAC_256_64:
case COSE_Algorithm_CBC_MAC_256_128:
case COSE_Algorithm_HMAC_256_64:
case COSE_Algorithm_HMAC_256_256:
cbitKey = 256;
break;
case COSE_Algorithm_HMAC_384_384:
cbitKey = 384;
break;
case COSE_Algorithm_HMAC_512_512:
cbitKey = 512;
break;
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
}
// Build protected headers
cn_cbor * cnProtected = _COSE_arrayget_int(&pcose->m_message, INDEX_PROTECTED);
CHECK_CONDITION((cnProtected != NULL) && (cnProtected->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
cn_cbor * cnContent = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY);
CHECK_CONDITION((cnContent != NULL) && (cnContent->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
// Build authenticated data
pbAuthData = NULL;
pAuthData = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(pAuthData != NULL, cbor_error);
ptmp = cn_cbor_string_create("MAC0", CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(cnProtected->v.bytes, (int) cnProtected->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(cnContent->v.bytes, (int) cnContent->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
cbAuthData = cn_cbor_encoder_write(RgbDontUseMac, 0, sizeof(RgbDontUseMac), pAuthData);
pbAuthData = (byte *)COSE_CALLOC(cbAuthData, 1, context);
CHECK_CONDITION(pbAuthData != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION((cn_cbor_encoder_write(pbAuthData, 0, cbAuthData+1, pAuthData) == cbAuthData), COSE_ERR_CBOR); // M00HACK
switch (alg) {
case COSE_Algorithm_HMAC_256_256:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 256, 256, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_256_64:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 256, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_384_384:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 384, 384, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_512_512:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 512, 512, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_256_64:
if (!AES_CBC_MAC_Validate((COSE_MacMessage *)pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_CBC_MAC_128_128:
case COSE_Algorithm_CBC_MAC_256_128:
if (!AES_CBC_MAC_Validate((COSE_MacMessage *)pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
return true;
errorReturn:
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
return false;
}
bool COSE_Mac0_encrypt(HCOSE_MAC0 h, const byte * pbKey, size_t cbKey, cose_errback * perr)
{
int alg;
const cn_cbor * cn_Alg = NULL;
byte * pbAuthData = NULL;
cn_cbor * pAuthData = NULL;
cn_cbor * ptmp = NULL;
size_t cbitKey;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = NULL;
#endif
COSE_Mac0Message * pcose = (COSE_Mac0Message *)h;
cn_cbor_errback cbor_error;
CHECK_CONDITION(IsValidMac0Handle(h), COSE_ERR_INVALID_PARAMETER);
#ifdef USE_CBOR_CONTEXT
context = &pcose->m_message.m_allocContext;
#endif // USE_CBOR_CONTEXT
cn_Alg = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
if (cn_Alg == NULL) goto errorReturn;
CHECK_CONDITION(((cn_Alg->type == CN_CBOR_UINT || cn_Alg->type == CN_CBOR_INT)), COSE_ERR_INVALID_PARAMETER);
alg = (int) cn_Alg->v.uint;
// Get the key size
switch (alg) {
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_128_128:
cbitKey = 128;
break;
case COSE_Algorithm_CBC_MAC_256_64:
case COSE_Algorithm_CBC_MAC_256_128:
case COSE_Algorithm_HMAC_256_64:
case COSE_Algorithm_HMAC_256_256:
cbitKey = 256;
break;
case COSE_Algorithm_HMAC_384_384:
cbitKey = 384;
break;
case COSE_Algorithm_HMAC_512_512:
cbitKey = 512;
break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
// Build protected headers
const cn_cbor * cbProtected = _COSE_encode_protected(&pcose->m_message, perr);
if (cbProtected == NULL) goto errorReturn;
// Get the body
const cn_cbor * cbBody = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY);
CHECK_CONDITION(cbBody != NULL, COSE_ERR_INVALID_PARAMETER);
// Build authenticated data
// Protected headers
// external data
// body
size_t cbAuthData = 0;
pAuthData = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA NULL);
CHECK_CONDITION(pAuthData != NULL, COSE_ERR_OUT_OF_MEMORY);
ptmp = cn_cbor_string_create("MAC0", CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = NULL;
ptmp = cn_cbor_data_create(cbProtected->v.bytes, (int) cbProtected->length, CBOR_CONTEXT_PARAM_COMMA NULL);
CHECK_CONDITION(ptmp != NULL, COSE_ERR_CBOR);
CHECK_CONDITION(cn_cbor_array_append(pAuthData, ptmp, NULL), COSE_ERR_CBOR);
ptmp = NULL;
ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = NULL;
ptmp = cn_cbor_data_create(cbBody->v.bytes, (int) cbBody->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = NULL;
cbAuthData = cn_cbor_encoder_write(RgbDontUse2, 0, sizeof(RgbDontUse2), pAuthData);
CHECK_CONDITION(cbAuthData > 0, COSE_ERR_CBOR);
pbAuthData = (byte *)COSE_CALLOC(cbAuthData, 1, context);
CHECK_CONDITION(pbAuthData != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(cn_cbor_encoder_write(pbAuthData, 0, cbAuthData, pAuthData) == cbAuthData, COSE_ERR_CBOR);
switch (alg) {
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_256_64:
if (!AES_CBC_MAC_Create((COSE_MacMessage *)pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_CBC_MAC_128_128:
case COSE_Algorithm_CBC_MAC_256_128:
if (!AES_CBC_MAC_Create((COSE_MacMessage *)pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_256_64:
if (!HMAC_Create((COSE_MacMessage *)pcose, 256, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_256_256:
if (!HMAC_Create((COSE_MacMessage *)pcose, 256, 256, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_384_384:
if (!HMAC_Create((COSE_MacMessage *)pcose, 384, 384, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_512_512:
if (!HMAC_Create((COSE_MacMessage *)pcose, 512, 512, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
// Figure out the clean up
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
if (ptmp != NULL) cn_cbor_free(ptmp CBOR_CONTEXT_PARAM);
return true;
errorReturn:
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
if (ptmp != NULL) cn_cbor_free(ptmp CBOR_CONTEXT_PARAM);
return false;
}
bool _COSE_Enveloped_encrypt(COSE_Enveloped * pcose, const byte * pbKeyIn, size_t cbKeyIn, const char * szContext, cose_errback * perr)
{
int alg;
int t;
COSE_RecipientInfo * pri;
const cn_cbor * cn_Alg = NULL;
byte * pbAuthData = NULL;
size_t cbitKey;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
bool fRet = false;
byte * pbKey = NULL;
size_t cbKey = 0;
cn_Alg = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
if (cn_Alg == NULL) goto errorReturn;
CHECK_CONDITION((cn_Alg->type != CN_CBOR_TEXT), COSE_ERR_UNKNOWN_ALGORITHM);
CHECK_CONDITION((cn_Alg->type == CN_CBOR_UINT) || (cn_Alg->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
alg = (int) cn_Alg->v.uint;
// Get the key size
switch (alg) {
#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
cbitKey = 256;
break;
#endif
#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
cbitKey = 256;
break;
#endif
#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
cbitKey = 256;
break;
#endif
#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
cbitKey = 256;
break;
#endif
#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
cbitKey = 192;
break;
#endif
#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
cbitKey = 256;
break;
#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
}
// Enveloped or Encrypted?
if (pbKeyIn != NULL) {
CHECK_CONDITION(cbKeyIn == cbitKey / 8, COSE_ERR_INVALID_PARAMETER);
pbKey = pbKeyIn;
cbKey = cbKeyIn;
}
else {
// If we are doing direct encryption - then recipient generates the key
t = 0;
for (pri = pcose->m_recipientFirst; pri != NULL; pri = pri->m_recipientNext) {
if (pri->m_encrypt.m_message.m_flags & 1) {
CHECK_CONDITION(pbKey == NULL, COSE_ERR_INVALID_PARAMETER);
t |= 1;
pbKey = _COSE_RecipientInfo_generateKey(pri, alg, cbitKey, perr);
cbKey = cbitKey / 8;
if (pbKey == NULL) goto errorReturn;
}
else {
t |= 2;
}
}
CHECK_CONDITION(t != 3, COSE_ERR_INVALID_PARAMETER);
if (t == 2) {
pbKey = (byte *)COSE_CALLOC(cbitKey / 8, 1, context);
CHECK_CONDITION(pbKey != NULL, COSE_ERR_OUT_OF_MEMORY);
cbKey = cbitKey / 8;
rand_bytes(pbKey, cbKey);
}
}
// Build protected headers
const cn_cbor * cbProtected = _COSE_encode_protected(&pcose->m_message, perr);
if (cbProtected == NULL) goto errorReturn;
#ifdef USE_COUNTER_SIGNATURES
// Setup Counter Signatures
if (!_COSE_CountSign_create(&pcose->m_message, NULL, CBOR_CONTEXT_PARAM_COMMA perr)) {
goto errorReturn;
}
#endif
// Build authenticated data
size_t cbAuthData = 0;
if (!_COSE_Encrypt_Build_AAD(&pcose->m_message, &pbAuthData, &cbAuthData, szContext, perr)) goto errorReturn;
switch (alg) {
#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
if (!AES_CCM_Encrypt(pcose, 64, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
if (!AES_CCM_Encrypt(pcose, 64, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
if (!AES_CCM_Encrypt(pcose, 128, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
if (!AES_CCM_Encrypt(pcose, 128, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
if (!AES_CCM_Encrypt(pcose, 64, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
if (!AES_CCM_Encrypt(pcose, 64, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
if (!AES_CCM_Encrypt(pcose, 128, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
if (!AES_CCM_Encrypt(pcose, 128, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
if (!AES_GCM_Encrypt(pcose, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
if (!AES_GCM_Encrypt(pcose, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
if (!AES_GCM_Encrypt(pcose, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
}
for (pri = pcose->m_recipientFirst; pri != NULL; pri = pri->m_recipientNext) {
if (!_COSE_Recipient_encrypt(pri, pbKey, cbKey, perr)) goto errorReturn;
}
// Figure out the clean up
fRet = true;
errorReturn:
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if ((pbKey != NULL) && (pbKey != pbKeyIn)) {
memset(pbKey, 0, cbKey);
COSE_FREE(pbKey, context);
}
return fRet;
}
bool _COSE_Enveloped_decrypt(COSE_Enveloped * pcose, COSE_RecipientInfo * pRecip, const byte *pbKeyIn, size_t cbKeyIn, const char * szContext, cose_errback * perr)
{
int alg;
const cn_cbor * cn = NULL;
byte * pbKey = NULL;
size_t cbitKey = 0;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context;
#endif
byte * pbAuthData = NULL;
size_t cbAuthData;
#ifdef USE_CBOR_CONTEXT
context = &pcose->m_message.m_allocContext;
#endif
CHECK_CONDITION(!((pRecip != NULL) && (pbKeyIn != NULL)), COSE_ERR_INTERNAL);
cn = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
if (cn == NULL) {
error:
errorReturn:
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if ((pbKey != NULL) && (pbKeyIn == NULL)) {
memset(pbKey, 0xff, cbitKey / 8);
COSE_FREE(pbKey, context);
}
return false;
}
CHECK_CONDITION((cn->type == CN_CBOR_UINT) || (cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
alg = (int) cn->v.uint;
switch (alg) {
#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
cbitKey = 256;
break;
#endif
#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
cbitKey = 256;
break;
#endif
#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
cbitKey = 256;
break;
#endif
#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
cbitKey = 256;
break;
#endif
#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
cbitKey = 128;
break;
#endif
#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
cbitKey = 192;
break;
#endif
#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
cbitKey = 256;
break;
#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
//
// We are doing the enveloped item - so look for the passed in recipient
//
if (pbKeyIn != NULL) {
CHECK_CONDITION(cbKeyIn == cbitKey / 8, COSE_ERR_INVALID_PARAMETER);
pbKey = pbKeyIn;
}
else {
// Allocate the key if we have not already done so
if (pbKey == NULL) {
pbKey = COSE_CALLOC(cbitKey / 8, 1, context);
CHECK_CONDITION(pbKey != NULL, COSE_ERR_OUT_OF_MEMORY);
}
// If there is a recipient - ask it for the key
if (pRecip != NULL) {
COSE_RecipientInfo * pRecipX;
for (pRecipX = pcose->m_recipientFirst; pRecipX != NULL; pRecipX = pRecipX->m_recipientNext) {
if (pRecipX == pRecip) {
if (!_COSE_Recipient_decrypt(pRecipX, pRecip, alg, cbitKey, pbKey, perr)) goto errorReturn;
break;
}
else if (pRecipX->m_encrypt.m_recipientFirst != NULL) {
if (_COSE_Recipient_decrypt(pRecipX, pRecip, alg, cbitKey, pbKey, perr)) break;
}
}
CHECK_CONDITION(pRecipX != NULL, COSE_ERR_NO_RECIPIENT_FOUND);
}
else {
for (pRecip = pcose->m_recipientFirst; pRecip != NULL; pRecip = pRecip->m_recipientNext) {
if (_COSE_Recipient_decrypt(pRecip, NULL, alg, cbitKey, pbKey, perr)) break;
}
CHECK_CONDITION(pRecip != NULL, COSE_ERR_NO_RECIPIENT_FOUND);
}
}
// Build authenticated data
if (!_COSE_Encrypt_Build_AAD(&pcose->m_message, &pbAuthData, &cbAuthData, szContext, perr)) goto errorReturn;
cn = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY);
CHECK_CONDITION(cn != NULL, COSE_ERR_INVALID_PARAMETER);
switch (alg) {
#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
if (!AES_CCM_Decrypt(pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
if (!AES_CCM_Decrypt(pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
if (!AES_CCM_Decrypt(pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
if (!AES_CCM_Decrypt(pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
if (!AES_CCM_Decrypt(pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
if (!AES_CCM_Decrypt(pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
if (!AES_CCM_Decrypt(pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
if (!AES_CCM_Decrypt(pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
if (!AES_GCM_Decrypt(pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
if (!AES_GCM_Decrypt(pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
if (!AES_GCM_Decrypt(pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if ((pbKey != NULL) && (pbKeyIn == NULL)) COSE_FREE(pbKey, context);
if (perr != NULL) perr->err = COSE_ERR_NONE;
return true;
}
bool COSE_Mac_validate(HCOSE_MAC h, HCOSE_RECIPIENT hRecip, cose_errback * perr)
{
COSE_MacMessage * pcose = (COSE_MacMessage *)h;
COSE_RecipientInfo * pRecip = (COSE_RecipientInfo *)hRecip;
cn_cbor_errback cbor_error;
byte * pbAuthData = NULL;
int cbitKey = 0;
int alg;
const cn_cbor * cn = NULL;
byte * pbKey = NULL;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = NULL;
#endif
ssize_t cbAuthData;
cn_cbor * pAuthData = NULL;
cn_cbor * ptmp = NULL;
CHECK_CONDITION(IsValidMacHandle(h) && IsValidRecipientHandle(hRecip), COSE_ERR_INVALID_PARAMETER);
#ifdef USE_CBOR_CONTEXT
context = &pcose->m_message.m_allocContext;
#endif
cn = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
if (cn == NULL) goto errorReturn;
if (cn->type == CN_CBOR_TEXT) {
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
}
else {
CHECK_CONDITION((cn->type == CN_CBOR_UINT || cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
alg = (int)cn->v.uint;
switch (alg) {
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_128_128:
cbitKey = 128;
break;
case COSE_Algorithm_CBC_MAC_256_64:
case COSE_Algorithm_CBC_MAC_256_128:
case COSE_Algorithm_HMAC_256_64:
case COSE_Algorithm_HMAC_256_256:
cbitKey = 256;
break;
case COSE_Algorithm_HMAC_384_384:
cbitKey = 384;
break;
case COSE_Algorithm_HMAC_512_512:
cbitKey = 512;
break;
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
}
// Allocate the key if we have not already done so
if (pbKey == NULL) {
pbKey = COSE_CALLOC(cbitKey / 8, 1, context);
CHECK_CONDITION(pbKey != NULL, COSE_ERR_OUT_OF_MEMORY);
}
// If there is a recipient - ask it for the key
for (pRecip = pcose->m_recipientFirst; pRecip != NULL; pRecip = pRecip->m_recipientNext) {
if (_COSE_Recipient_decrypt(pRecip, cbitKey, pbKey, perr)) break;
}
CHECK_CONDITION(pRecip != NULL, COSE_ERR_NO_RECIPIENT_FOUND);
// Build protected headers
cn_cbor * cnProtected = _COSE_arrayget_int(&pcose->m_message, INDEX_PROTECTED);
CHECK_CONDITION((cnProtected != NULL) && (cnProtected->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
cn_cbor * cnContent = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY);
CHECK_CONDITION((cnContent != NULL) && (cnContent->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
// Build authenticated data
pbAuthData = NULL;
pAuthData = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(pAuthData != NULL, cbor_error);
ptmp = cn_cbor_string_create("MAC", CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(cnProtected->v.bytes, (int) cnProtected->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(cnContent->v.bytes, (int) cnContent->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
cbAuthData = cn_cbor_encoder_write(RgbDontUseMac, 0, sizeof(RgbDontUseMac), pAuthData);
pbAuthData = (byte *)COSE_CALLOC(cbAuthData, 1, context);
CHECK_CONDITION(pbAuthData != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION((cn_cbor_encoder_write(pbAuthData, 0, cbAuthData+1, pAuthData) == cbAuthData), COSE_ERR_CBOR); // M00HACK
switch (alg) {
case COSE_Algorithm_HMAC_256_256:
if (!HMAC_Validate(pcose, 256, 256, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_256_64:
if (!HMAC_Validate(pcose, 256, 64, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_384_384:
if (!HMAC_Validate(pcose, 384, 384, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_512_512:
if (!HMAC_Validate(pcose, 512, 512, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_256_64:
if (!AES_CBC_MAC_Validate(pcose, 64, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_CBC_MAC_128_128:
case COSE_Algorithm_CBC_MAC_256_128:
if (!AES_CBC_MAC_Validate(pcose, 128, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
if ((pbKey != NULL)) {
memset(pbKey, 0xff, cbitKey / 8);
COSE_FREE(pbKey, context);
}
return true;
errorReturn:
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
if ((pbKey != NULL)) {
memset(pbKey, 0xff, cbitKey / 8);
COSE_FREE(pbKey, context);
}
return false;
}
bool AES_CCM_Encrypt(COSE_Enveloped * pcose, int TSize, int LSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
mbedtls_ccm_context ctx;
int cbOut;
byte * rgbOut = NULL;
int NSize = 15 - (LSize/8);
const cn_cbor * cbor_iv = NULL;
cn_cbor * cbor_iv_t = NULL;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
cn_cbor * cnTmp = NULL;
mbedtls_cipher_id_t cipher;
byte rgbIV[16];
byte * pbIV = NULL;
cn_cbor_errback cbor_error;
mbedtls_ccm_init(&ctx);
cipher = MBEDTLS_CIPHER_ID_AES;
// Setup the IV/Nonce and put it into the message
cbor_iv = _COSE_map_get_int(&pcose->m_message, COSE_Header_IV, COSE_BOTH, perr);
if (cbor_iv == NULL) {
pbIV = COSE_CALLOC(NSize, 1, context);
CHECK_CONDITION(pbIV != NULL, COSE_ERR_OUT_OF_MEMORY);
rand_bytes(pbIV, NSize);
memcpy(rgbIV, pbIV, NSize);
cbor_iv_t = cn_cbor_data_create(pbIV, NSize, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(cbor_iv_t != NULL, cbor_error);
pbIV = NULL;
if (!_COSE_map_put(&pcose->m_message, COSE_Header_IV, cbor_iv_t, COSE_UNPROTECT_ONLY, perr)) goto errorReturn;
cbor_iv_t = NULL;
}
else {
CHECK_CONDITION(cbor_iv->type == CN_CBOR_BYTES, COSE_ERR_INVALID_PARAMETER);
CHECK_CONDITION(cbor_iv->length == NSize, COSE_ERR_INVALID_PARAMETER);
memcpy(rgbIV, cbor_iv->v.str, cbor_iv->length);
}
// Setup and run the mbedTLS code
//cbKey comes in bytes not bits
CHECK_CONDITION(!mbedtls_ccm_setkey(&ctx, cipher, pbKey, cbKey*8), COSE_ERR_CRYPTO_FAIL);
TSize /= 8; // Comes in in bits not bytes.
cbOut = pcose->cbContent; // M00BUG - This is a missing call?
rgbOut = (byte *)COSE_CALLOC(cbOut+TSize, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(!mbedtls_ccm_encrypt_and_tag(&ctx, pcose->cbContent, rgbIV, NSize, pbAuthData, cbAuthData, pcose->pbContent, rgbOut, &rgbOut[pcose->cbContent], TSize), COSE_ERR_CRYPTO_FAIL);
cnTmp = cn_cbor_data_create(rgbOut, (int)pcose->cbContent + TSize, CBOR_CONTEXT_PARAM_COMMA NULL);
CHECK_CONDITION(cnTmp != NULL, COSE_ERR_CBOR);
rgbOut = NULL;
CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cnTmp, INDEX_BODY, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
cnTmp = NULL;
mbedtls_ccm_free(&ctx);
return true;
errorReturn:
if (pbIV != NULL) COSE_FREE(pbIV, context);
if (cbor_iv_t != NULL) COSE_FREE(cbor_iv_t, context);
if (rgbOut != NULL) COSE_FREE(rgbOut, context);
if (cnTmp != NULL) COSE_FREE(cnTmp, context);
printf("errorReturn from OPENSSL\n");
mbedtls_ccm_free(&ctx);
return false;
}
bool AES_CCM_Encrypt(COSE_Enveloped * pcose, int TSize, int LSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
EVP_CIPHER_CTX ctx;
int cbOut;
byte * rgbOut = NULL;
int NSize = 15 - (LSize/8);
int outl = 0;
const cn_cbor * cbor_iv = NULL;
cn_cbor * cbor_iv_t = NULL;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
cn_cbor * cnTmp = NULL;
const EVP_CIPHER * cipher;
byte rgbIV[16];
byte * pbIV = NULL;
cn_cbor_errback cbor_error;
switch (cbKey*8) {
case 128:
cipher = EVP_aes_128_ccm();
break;
case 192:
cipher = EVP_aes_192_ccm();
break;
case 256:
cipher = EVP_aes_256_ccm();
break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
// Setup the IV/Nonce and put it into the message
cbor_iv = _COSE_map_get_int(&pcose->m_message, COSE_Header_IV, COSE_BOTH, perr);
if (cbor_iv == NULL) {
pbIV = COSE_CALLOC(NSize, 1, context);
CHECK_CONDITION(pbIV != NULL, COSE_ERR_OUT_OF_MEMORY);
rand_bytes(pbIV, NSize);
memcpy(rgbIV, pbIV, NSize);
cbor_iv_t = cn_cbor_data_create(pbIV, NSize, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(cbor_iv_t != NULL, cbor_error);
pbIV = NULL;
if (!_COSE_map_put(&pcose->m_message, COSE_Header_IV, cbor_iv_t, COSE_UNPROTECT_ONLY, perr)) goto errorReturn;
cbor_iv_t = NULL;
}
else {
CHECK_CONDITION(cbor_iv->type == CN_CBOR_BYTES, COSE_ERR_INVALID_PARAMETER);
CHECK_CONDITION(cbor_iv->length == NSize, COSE_ERR_INVALID_PARAMETER);
memcpy(rgbIV, cbor_iv->v.str, cbor_iv->length);
}
// Setup and run the OpenSSL code
EVP_CIPHER_CTX_init(&ctx);
CHECK_CONDITION(EVP_EncryptInit_ex(&ctx, cipher, NULL, NULL, NULL), COSE_ERR_CRYPTO_FAIL);
TSize /= 8; // Comes in in bits not bytes.
CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_L, (LSize/8), 0), COSE_ERR_CRYPTO_FAIL);
// CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, NSize, 0), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, TSize, NULL), COSE_ERR_CRYPTO_FAIL); // Say we are doing an 8 byte tag
CHECK_CONDITION(EVP_EncryptInit(&ctx, 0, pbKey, rgbIV), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(EVP_EncryptUpdate(&ctx, 0, &cbOut, 0, (int) pcose->cbContent), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(EVP_EncryptUpdate(&ctx, NULL, &outl, pbAuthData, (int) cbAuthData), COSE_ERR_CRYPTO_FAIL);
rgbOut = (byte *)COSE_CALLOC(cbOut+TSize, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, pcose->pbContent, (int) pcose->cbContent), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(EVP_EncryptFinal_ex(&ctx, &rgbOut[cbOut], &cbOut), COSE_ERR_CRYPTO_FAIL);
CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, TSize, &rgbOut[pcose->cbContent]), COSE_ERR_CRYPTO_FAIL);
cnTmp = cn_cbor_data_create(rgbOut, (int)pcose->cbContent + TSize, CBOR_CONTEXT_PARAM_COMMA NULL);
CHECK_CONDITION(cnTmp != NULL, COSE_ERR_CBOR);
rgbOut = NULL;
CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cnTmp, INDEX_BODY, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
cnTmp = NULL;
EVP_CIPHER_CTX_cleanup(&ctx);
return true;
errorReturn:
if (pbIV != NULL) COSE_FREE(pbIV, context);
if (cbor_iv_t != NULL) COSE_FREE(cbor_iv_t, context);
if (rgbOut != NULL) COSE_FREE(rgbOut, context);
if (cnTmp != NULL) COSE_FREE(cnTmp, context);
EVP_CIPHER_CTX_cleanup(&ctx);
return false;
}
bool AES_GCM_Decrypt(COSE_Enveloped * pcose, const byte * pbKey, int cbKey, const byte * pbCrypto, size_t cbCrypto, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
{
EVP_CIPHER_CTX ctx;
int cbOut;
byte * rgbOut = NULL;
int outl = 0;
byte rgbIV[15] = { 0 };
const cn_cbor * pIV = NULL;
const EVP_CIPHER * cipher;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
int TSize = 128 / 8;
assert(perr != NULL);
EVP_CIPHER_CTX_init(&ctx);
// Setup the IV/Nonce and put it into the message
pIV = _COSE_map_get_int(&pcose->m_message, COSE_Header_IV, COSE_BOTH, NULL);
if ((pIV == NULL) || (pIV->type != CN_CBOR_BYTES)) {
perr->err = COSE_ERR_INVALID_PARAMETER;
errorReturn:
if (rgbOut != NULL) COSE_FREE(rgbOut, context);
EVP_CIPHER_CTX_cleanup(&ctx);
return false;
}
CHECK_CONDITION(pIV->length == 96/8, COSE_ERR_INVALID_PARAMETER);
memcpy(rgbIV, pIV->v.str, pIV->length);
// Setup and run the OpenSSL code
switch (cbKey) {
case 128 / 8:
cipher = EVP_aes_128_gcm();
break;
case 192 / 8:
cipher = EVP_aes_192_gcm();
break;
case 256 / 8:
cipher = EVP_aes_256_gcm();
break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
break;
}
// Do the setup for OpenSSL
CHECK_CONDITION(EVP_DecryptInit_ex(&ctx, cipher, NULL, NULL, NULL), COSE_ERR_DECRYPT_FAILED);
CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, TSize, (void *)&pbCrypto[cbCrypto - TSize]), COSE_ERR_DECRYPT_FAILED);
CHECK_CONDITION(EVP_DecryptInit(&ctx, 0, pbKey, rgbIV), COSE_ERR_DECRYPT_FAILED);
// Pus in the AAD
CHECK_CONDITION(EVP_DecryptUpdate(&ctx, NULL, &outl, pbAuthData, (int) cbAuthData), COSE_ERR_DECRYPT_FAILED);
//
cbOut = (int)cbCrypto - TSize;
rgbOut = (byte *)COSE_CALLOC(cbOut, 1, context);
CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
// Process content
CHECK_CONDITION(EVP_DecryptUpdate(&ctx, rgbOut, &cbOut, pbCrypto, (int)cbCrypto - TSize), COSE_ERR_DECRYPT_FAILED);
// Process Tag
CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, TSize, (byte *)pbCrypto + cbCrypto - TSize), COSE_ERR_DECRYPT_FAILED);
// Check the result
CHECK_CONDITION(EVP_DecryptFinal(&ctx, rgbOut + cbOut, &cbOut), COSE_ERR_DECRYPT_FAILED);
EVP_CIPHER_CTX_cleanup(&ctx);
pcose->pbContent = rgbOut;
pcose->cbContent = cbOut;
return true;
}
