bool _COSE_Enveloped_decrypt(COSE_Enveloped * pcose, COSE_RecipientInfo * pRecip, const byte *pbKeyIn, size_t cbKeyIn, const char * szContext, cose_errback * perr) { int alg; const cn_cbor * cn = NULL; byte * pbKey = NULL; size_t cbitKey = 0; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context; #endif byte * pbAuthData = NULL; size_t cbAuthData; #ifdef USE_CBOR_CONTEXT context = &pcose->m_message.m_allocContext; #endif CHECK_CONDITION(!((pRecip != NULL) && (pbKeyIn != NULL)), COSE_ERR_INTERNAL); cn = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr); if (cn == NULL) { error: errorReturn: if (pbAuthData != NULL) COSE_FREE(pbAuthData, context); if ((pbKey != NULL) && (pbKeyIn == NULL)) { memset(pbKey, 0xff, cbitKey / 8); COSE_FREE(pbKey, context); } return false; } CHECK_CONDITION((cn->type == CN_CBOR_UINT) || (cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER); alg = (int) cn->v.uint; switch (alg) { #ifdef USE_AES_CCM_16_64_128 case COSE_Algorithm_AES_CCM_16_64_128: cbitKey = 128; break; #endif #ifdef USE_AES_CCM_16_128_128 case COSE_Algorithm_AES_CCM_16_128_128: cbitKey = 128; break; #endif #ifdef USE_AES_CCM_64_64_128 case COSE_Algorithm_AES_CCM_64_64_128: cbitKey = 128; break; #endif #ifdef USE_AES_CCM_64_128_128 case COSE_Algorithm_AES_CCM_64_128_128: cbitKey = 128; break; #endif #ifdef USE_AES_CCM_64_64_256 case COSE_Algorithm_AES_CCM_64_64_256: cbitKey = 256; break; #endif #ifdef USE_AES_CCM_16_128_256 case COSE_Algorithm_AES_CCM_16_128_256: cbitKey = 256; break; #endif #ifdef USE_AES_CCM_64_128_256 case COSE_Algorithm_AES_CCM_64_128_256: cbitKey = 256; break; #endif #ifdef USE_AES_CCM_16_64_256 case COSE_Algorithm_AES_CCM_16_64_256: cbitKey = 256; break; #endif #ifdef USE_AES_GCM_128 case COSE_Algorithm_AES_GCM_128: cbitKey = 128; break; #endif #ifdef USE_AES_GCM_192 case COSE_Algorithm_AES_GCM_192: cbitKey = 192; break; #endif #ifdef USE_AES_GCM_256 case COSE_Algorithm_AES_GCM_256: cbitKey = 256; break; #endif default: FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM); break; } // // We are doing the enveloped item - so look for the passed in recipient // if (pbKeyIn != NULL) { CHECK_CONDITION(cbKeyIn == cbitKey / 8, COSE_ERR_INVALID_PARAMETER); pbKey = pbKeyIn; } else { // Allocate the key if we have not already done so if (pbKey == NULL) { pbKey = COSE_CALLOC(cbitKey / 8, 1, context); CHECK_CONDITION(pbKey != NULL, COSE_ERR_OUT_OF_MEMORY); } // If there is a recipient - ask it for the key if (pRecip != NULL) { COSE_RecipientInfo * pRecipX; for (pRecipX = pcose->m_recipientFirst; pRecipX != NULL; pRecipX = pRecipX->m_recipientNext) { if (pRecipX == pRecip) { if (!_COSE_Recipient_decrypt(pRecipX, pRecip, alg, cbitKey, pbKey, perr)) goto errorReturn; break; } else if (pRecipX->m_encrypt.m_recipientFirst != NULL) { if (_COSE_Recipient_decrypt(pRecipX, pRecip, alg, cbitKey, pbKey, perr)) break; } } CHECK_CONDITION(pRecipX != NULL, COSE_ERR_NO_RECIPIENT_FOUND); } else { for (pRecip = pcose->m_recipientFirst; pRecip != NULL; pRecip = pRecip->m_recipientNext) { if (_COSE_Recipient_decrypt(pRecip, NULL, alg, cbitKey, pbKey, perr)) break; } CHECK_CONDITION(pRecip != NULL, COSE_ERR_NO_RECIPIENT_FOUND); } } // Build authenticated data if (!_COSE_Encrypt_Build_AAD(&pcose->m_message, &pbAuthData, &cbAuthData, szContext, perr)) goto errorReturn; cn = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY); CHECK_CONDITION(cn != NULL, COSE_ERR_INVALID_PARAMETER); switch (alg) { #ifdef USE_AES_CCM_16_64_128 case COSE_Algorithm_AES_CCM_16_64_128: if (!AES_CCM_Decrypt(pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_CCM_16_64_256 case COSE_Algorithm_AES_CCM_16_64_256: if (!AES_CCM_Decrypt(pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_CCM_16_128_128 case COSE_Algorithm_AES_CCM_16_128_128: if (!AES_CCM_Decrypt(pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_CCM_16_128_256 case COSE_Algorithm_AES_CCM_16_128_256: if (!AES_CCM_Decrypt(pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_CCM_64_64_128 case COSE_Algorithm_AES_CCM_64_64_128: if (!AES_CCM_Decrypt(pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_CCM_64_64_256 case COSE_Algorithm_AES_CCM_64_64_256: if (!AES_CCM_Decrypt(pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_CCM_64_128_128 case COSE_Algorithm_AES_CCM_64_128_128: if (!AES_CCM_Decrypt(pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_CCM_64_128_256 case COSE_Algorithm_AES_CCM_64_128_256: if (!AES_CCM_Decrypt(pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_GCM_128 case COSE_Algorithm_AES_GCM_128: if (!AES_GCM_Decrypt(pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_GCM_192 case COSE_Algorithm_AES_GCM_192: if (!AES_GCM_Decrypt(pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_GCM_256 case COSE_Algorithm_AES_GCM_256: if (!AES_GCM_Decrypt(pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif default: FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM); break; } if (pbAuthData != NULL) COSE_FREE(pbAuthData, context); if ((pbKey != NULL) && (pbKeyIn == NULL)) COSE_FREE(pbKey, context); if (perr != NULL) perr->err = COSE_ERR_NONE; return true; }
bool COSE_Mac_validate(HCOSE_MAC h, HCOSE_RECIPIENT hRecip, cose_errback * perr) { COSE_MacMessage * pcose = (COSE_MacMessage *)h; COSE_RecipientInfo * pRecip = (COSE_RecipientInfo *)hRecip; cn_cbor_errback cbor_error; byte * pbAuthData = NULL; int cbitKey = 0; int alg; const cn_cbor * cn = NULL; byte * pbKey = NULL; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = NULL; #endif ssize_t cbAuthData; cn_cbor * pAuthData = NULL; cn_cbor * ptmp = NULL; CHECK_CONDITION(IsValidMacHandle(h) && IsValidRecipientHandle(hRecip), COSE_ERR_INVALID_PARAMETER); #ifdef USE_CBOR_CONTEXT context = &pcose->m_message.m_allocContext; #endif cn = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr); if (cn == NULL) goto errorReturn; if (cn->type == CN_CBOR_TEXT) { FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM); } else { CHECK_CONDITION((cn->type == CN_CBOR_UINT || cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER); alg = (int)cn->v.uint; switch (alg) { case COSE_Algorithm_CBC_MAC_128_64: case COSE_Algorithm_CBC_MAC_128_128: cbitKey = 128; break; case COSE_Algorithm_CBC_MAC_256_64: case COSE_Algorithm_CBC_MAC_256_128: case COSE_Algorithm_HMAC_256_64: case COSE_Algorithm_HMAC_256_256: cbitKey = 256; break; case COSE_Algorithm_HMAC_384_384: cbitKey = 384; break; case COSE_Algorithm_HMAC_512_512: cbitKey = 512; break; default: FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM); break; } } // Allocate the key if we have not already done so if (pbKey == NULL) { pbKey = COSE_CALLOC(cbitKey / 8, 1, context); CHECK_CONDITION(pbKey != NULL, COSE_ERR_OUT_OF_MEMORY); } // If there is a recipient - ask it for the key for (pRecip = pcose->m_recipientFirst; pRecip != NULL; pRecip = pRecip->m_recipientNext) { if (_COSE_Recipient_decrypt(pRecip, cbitKey, pbKey, perr)) break; } CHECK_CONDITION(pRecip != NULL, COSE_ERR_NO_RECIPIENT_FOUND); // Build protected headers cn_cbor * cnProtected = _COSE_arrayget_int(&pcose->m_message, INDEX_PROTECTED); CHECK_CONDITION((cnProtected != NULL) && (cnProtected->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER); cn_cbor * cnContent = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY); CHECK_CONDITION((cnContent != NULL) && (cnContent->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER); // Build authenticated data pbAuthData = NULL; pAuthData = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(pAuthData != NULL, cbor_error); ptmp = cn_cbor_string_create("MAC", CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error); CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error); ptmp = cn_cbor_data_create(cnProtected->v.bytes, (int) cnProtected->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error); CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error); ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error); CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error); ptmp = cn_cbor_data_create(cnContent->v.bytes, (int) cnContent->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error); CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error); cbAuthData = cn_cbor_encoder_write(RgbDontUseMac, 0, sizeof(RgbDontUseMac), pAuthData); pbAuthData = (byte *)COSE_CALLOC(cbAuthData, 1, context); CHECK_CONDITION(pbAuthData != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION((cn_cbor_encoder_write(pbAuthData, 0, cbAuthData+1, pAuthData) == cbAuthData), COSE_ERR_CBOR); // M00HACK switch (alg) { case COSE_Algorithm_HMAC_256_256: if (!HMAC_Validate(pcose, 256, 256, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_HMAC_256_64: if (!HMAC_Validate(pcose, 256, 64, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_HMAC_384_384: if (!HMAC_Validate(pcose, 384, 384, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_HMAC_512_512: if (!HMAC_Validate(pcose, 512, 512, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_CBC_MAC_128_64: case COSE_Algorithm_CBC_MAC_256_64: if (!AES_CBC_MAC_Validate(pcose, 64, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_CBC_MAC_128_128: case COSE_Algorithm_CBC_MAC_256_128: if (!AES_CBC_MAC_Validate(pcose, 128, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn; break; default: FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM); break; } if (pbAuthData != NULL) COSE_FREE(pbAuthData, context); if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM); if ((pbKey != NULL)) { memset(pbKey, 0xff, cbitKey / 8); COSE_FREE(pbKey, context); } return true; errorReturn: if (pbAuthData != NULL) COSE_FREE(pbAuthData, context); if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM); if ((pbKey != NULL)) { memset(pbKey, 0xff, cbitKey / 8); COSE_FREE(pbKey, context); } return false; }