bool Test_cn_cbor_array_replace()
{
cn_cbor * pRoot;
cn_cbor * pItem;
// Cases that are not currently covered
// 1. Pass in invalid arguements
cn_cbor_array_replace(NULL, NULL, 0, CBOR_CONTEXT_PARAM_COMMA NULL);
// 2. Insert 0 item with no items currently in the list
pRoot = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA NULL);
pItem = cn_cbor_int_create(5, CBOR_CONTEXT_PARAM_COMMA NULL);
cn_cbor_array_replace(pRoot, pItem, 0, CBOR_CONTEXT_PARAM_COMMA NULL);
// 3. Insert 0 item w/ exactly one item in the list
pItem = cn_cbor_int_create(6, CBOR_CONTEXT_PARAM_COMMA NULL);
cn_cbor_array_replace(pRoot, pItem, 0, CBOR_CONTEXT_PARAM_COMMA NULL);
// 4. The last item in the array
pItem = cn_cbor_int_create(7, CBOR_CONTEXT_PARAM_COMMA NULL);
cn_cbor_array_replace(pRoot, pItem, 1, CBOR_CONTEXT_PARAM_COMMA NULL);
pItem = cn_cbor_int_create(8, CBOR_CONTEXT_PARAM_COMMA NULL);
cn_cbor_array_replace(pRoot, pItem, 1, CBOR_CONTEXT_PARAM_COMMA NULL);
return true;
}
bool _COSE_Encrypt_Build_AAD(COSE * pMessage, byte ** ppbAAD, size_t * pcbAAD, const char * szContext, cose_errback * perr)
{
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pMessage->m_allocContext;
#endif
cn_cbor_errback cbor_error;
byte * pbAuthData;
size_t cbAuthData;
cn_cbor * pAuthData;
cn_cbor * pItem;
cn_cbor * ptmp = NULL;
// Build authenticated data
pbAuthData = NULL;
pAuthData = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(pAuthData != NULL, cbor_error);
ptmp = cn_cbor_string_create(szContext, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = NULL;
pItem = _COSE_arrayget_int(pMessage, INDEX_PROTECTED);
CHECK_CONDITION(pItem != NULL, COSE_ERR_INVALID_PARAMETER);
if ((pItem->length == 1) && (pItem->v.bytes[0] == 0xa0)) {
ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
}
else {
ptmp = cn_cbor_data_create(pItem->v.bytes, (int)pItem->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
}
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = NULL;
ptmp = cn_cbor_data_create(pMessage->m_pbExternal, (int) pMessage->m_cbExternal, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = NULL;
cbAuthData = cn_cbor_encoder_write(RgbDontUse, 0, sizeof(RgbDontUse), pAuthData);
pbAuthData = (byte *)COSE_CALLOC(cbAuthData, 1, context);
CHECK_CONDITION(pbAuthData != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION((size_t)cn_cbor_encoder_write(pbAuthData, 0, cbAuthData, pAuthData) == cbAuthData, COSE_ERR_CBOR);
*ppbAAD = pbAuthData;
*pcbAAD = cbAuthData;
return true;
errorReturn:
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (ptmp != NULL) CN_CBOR_FREE(ptmp, NULL);
if (pAuthData != NULL) CN_CBOR_FREE(pAuthData, context);
return false;
}
bool COSE_Enveloped_AddRecipient(HCOSE_ENVELOPED hEnc, HCOSE_RECIPIENT hRecip, cose_errback * perr)
{
COSE_RecipientInfo * pRecip;
COSE_Enveloped * pEncrypt;
cn_cbor * pRecipients = NULL;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context;
#endif
cn_cbor_errback cbor_error;
CHECK_CONDITION(IsValidEnvelopedHandle(hEnc), COSE_ERR_INVALID_HANDLE);
CHECK_CONDITION(IsValidRecipientHandle(hRecip), COSE_ERR_INVALID_HANDLE);
pEncrypt = (COSE_Enveloped *)hEnc;
pRecip = (COSE_RecipientInfo *)hRecip;
#ifdef USE_CBOR_CONTEXT
context = &pEncrypt->m_message.m_allocContext;
#endif // USE_CBOR_CONTEXT
pRecip->m_recipientNext = pEncrypt->m_recipientFirst;
pEncrypt->m_recipientFirst = pRecip;
pRecipients = _COSE_arrayget_int(&pEncrypt->m_message, INDEX_RECIPIENTS);
if (pRecipients == NULL) {
pRecipients = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(pRecipients != NULL, cbor_error);
if (!_COSE_array_replace(&pEncrypt->m_message, pRecipients, INDEX_RECIPIENTS, CBOR_CONTEXT_PARAM_COMMA &cbor_error)) {
CN_CBOR_FREE(pRecipients, context);
if (perr != NULL) perr->err = _MapFromCBOR(cbor_error);
goto errorReturn;
}
}
CHECK_CONDITION_CBOR(cn_cbor_array_append(pRecipients, pRecip->m_encrypt.m_message.m_cbor, &cbor_error), cbor_error);
pRecip->m_encrypt.m_message.m_refCount++;
return true;
errorReturn:
return false;
}
bool COSE_Mac_AddRecipient(HCOSE_MAC hMac, HCOSE_RECIPIENT hRecip, cose_errback * perr)
{
COSE_RecipientInfo * pRecip;
COSE_MacMessage * pMac;
cn_cbor * pRecipients = NULL;
cn_cbor * pRecipientsT = NULL;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = NULL;
#endif
cn_cbor_errback cbor_error;
CHECK_CONDITION(IsValidMacHandle(hMac), COSE_ERR_INVALID_PARAMETER);
CHECK_CONDITION(IsValidRecipientHandle(hRecip), COSE_ERR_INVALID_PARAMETER);
pMac = (COSE_MacMessage *)hMac;
pRecip = (COSE_RecipientInfo *)hRecip;
pRecip->m_recipientNext = pMac->m_recipientFirst;
pMac->m_recipientFirst = pRecip;
#ifdef USE_CBOR_CONTEXT
context = &pMac->m_message.m_allocContext;
#endif // USE_CBOR_CONTEXT
pRecipients = _COSE_arrayget_int(&pMac->m_message, INDEX_MAC_RECIPIENTS);
if (pRecipients == NULL) {
pRecipientsT = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(pRecipientsT != NULL, cbor_error);
CHECK_CONDITION_CBOR(_COSE_array_replace(&pMac->m_message, pRecipientsT, INDEX_MAC_RECIPIENTS, CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error);
pRecipients = pRecipientsT;
pRecipientsT = NULL;
}
CHECK_CONDITION_CBOR(cn_cbor_array_append(pRecipients, pRecip->m_encrypt.m_message.m_cbor, &cbor_error), cbor_error);
pRecip->m_encrypt.m_message.m_refCount++;
return true;
errorReturn:
if (pRecipientsT == NULL) CN_CBOR_FREE(pRecipientsT, context);
return false;
}
bool _COSE_Init(COSE* pobj, int msgType, CBOR_CONTEXT_COMMA cose_errback * perr)
{
cn_cbor_errback errState;;
#ifdef USE_CBOR_CONTEXT
if (context != NULL) pobj->m_allocContext = *context;
#endif
pobj->m_protectedMap = cn_cbor_map_create(CBOR_CONTEXT_PARAM_COMMA &errState);
CHECK_CONDITION_CBOR(pobj->m_protectedMap != NULL, errState);
pobj->m_dontSendMap = cn_cbor_map_create(CBOR_CONTEXT_PARAM_COMMA &errState);
CHECK_CONDITION_CBOR(pobj->m_dontSendMap != NULL, errState);
pobj->m_cbor = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &errState);
CHECK_CONDITION_CBOR(pobj->m_cbor != NULL, errState);
pobj->m_ownMsg = 1;
#ifdef TAG_IN_ARRAY
if (msgType > 0) {
cn_cbor * cn = cn_cbor_int_create(msgType, CBOR_CONTEXT_PARAM_COMMA &errState);
CHECK_CONDITION_CBOR(cn != NULL, errState);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pobj->m_cbor, cn, &errState), errState);
pobj->m_msgType = msgType;
}
#else
pobj->m_msgType = msgType;
#endif
pobj->m_unprotectMap = cn_cbor_map_create(CBOR_CONTEXT_PARAM_COMMA &errState);
CHECK_CONDITION_CBOR(pobj->m_unprotectMap != NULL, errState);
CHECK_CONDITION_CBOR(_COSE_array_replace(pobj, pobj->m_unprotectMap, INDEX_UNPROTECTED, CBOR_CONTEXT_PARAM_COMMA &errState), errState);
pobj->m_ownUnprotectedMap = false;
pobj->m_refCount = 1;
return true;
errorReturn:
_COSE_Release(pobj);
return false;
}
bool COSE_Mac0_validate(HCOSE_MAC0 h, const byte * pbKey, size_t cbKey, cose_errback * perr)
{
COSE_Mac0Message * pcose = (COSE_Mac0Message *)h;
cn_cbor_errback cbor_error;
byte * pbAuthData = NULL;
int cbitKey = 0;
int alg;
const cn_cbor * cn = NULL;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = NULL;
#endif
ssize_t cbAuthData;
cn_cbor * pAuthData = NULL;
cn_cbor * ptmp = NULL;
CHECK_CONDITION(IsValidMac0Handle(h), COSE_ERR_INVALID_PARAMETER);
#ifdef USE_CBOR_CONTEXT
context = &pcose->m_message.m_allocContext;
#endif
cn = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
if (cn == NULL) goto errorReturn;
if (cn->type == CN_CBOR_TEXT) {
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
}
else {
CHECK_CONDITION((cn->type == CN_CBOR_UINT || cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
alg = (int)cn->v.uint;
switch (alg) {
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_128_128:
cbitKey = 128;
break;
case COSE_Algorithm_CBC_MAC_256_64:
case COSE_Algorithm_CBC_MAC_256_128:
case COSE_Algorithm_HMAC_256_64:
case COSE_Algorithm_HMAC_256_256:
cbitKey = 256;
break;
case COSE_Algorithm_HMAC_384_384:
cbitKey = 384;
break;
case COSE_Algorithm_HMAC_512_512:
cbitKey = 512;
break;
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
}
// Build protected headers
cn_cbor * cnProtected = _COSE_arrayget_int(&pcose->m_message, INDEX_PROTECTED);
CHECK_CONDITION((cnProtected != NULL) && (cnProtected->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
cn_cbor * cnContent = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY);
CHECK_CONDITION((cnContent != NULL) && (cnContent->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
// Build authenticated data
pbAuthData = NULL;
pAuthData = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(pAuthData != NULL, cbor_error);
ptmp = cn_cbor_string_create("MAC0", CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(cnProtected->v.bytes, (int) cnProtected->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(cnContent->v.bytes, (int) cnContent->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
cbAuthData = cn_cbor_encoder_write(RgbDontUseMac, 0, sizeof(RgbDontUseMac), pAuthData);
pbAuthData = (byte *)COSE_CALLOC(cbAuthData, 1, context);
CHECK_CONDITION(pbAuthData != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION((cn_cbor_encoder_write(pbAuthData, 0, cbAuthData+1, pAuthData) == cbAuthData), COSE_ERR_CBOR); // M00HACK
switch (alg) {
case COSE_Algorithm_HMAC_256_256:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 256, 256, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_256_64:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 256, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_384_384:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 384, 384, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_512_512:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 512, 512, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_256_64:
if (!AES_CBC_MAC_Validate((COSE_MacMessage *)pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_CBC_MAC_128_128:
case COSE_Algorithm_CBC_MAC_256_128:
if (!AES_CBC_MAC_Validate((COSE_MacMessage *)pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
return true;
errorReturn:
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
return false;
}
bool COSE_Mac0_encrypt(HCOSE_MAC0 h, const byte * pbKey, size_t cbKey, cose_errback * perr)
{
int alg;
const cn_cbor * cn_Alg = NULL;
byte * pbAuthData = NULL;
cn_cbor * pAuthData = NULL;
cn_cbor * ptmp = NULL;
size_t cbitKey;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = NULL;
#endif
COSE_Mac0Message * pcose = (COSE_Mac0Message *)h;
cn_cbor_errback cbor_error;
CHECK_CONDITION(IsValidMac0Handle(h), COSE_ERR_INVALID_PARAMETER);
#ifdef USE_CBOR_CONTEXT
context = &pcose->m_message.m_allocContext;
#endif // USE_CBOR_CONTEXT
cn_Alg = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
if (cn_Alg == NULL) goto errorReturn;
CHECK_CONDITION(((cn_Alg->type == CN_CBOR_UINT || cn_Alg->type == CN_CBOR_INT)), COSE_ERR_INVALID_PARAMETER);
alg = (int) cn_Alg->v.uint;
// Get the key size
switch (alg) {
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_128_128:
cbitKey = 128;
break;
case COSE_Algorithm_CBC_MAC_256_64:
case COSE_Algorithm_CBC_MAC_256_128:
case COSE_Algorithm_HMAC_256_64:
case COSE_Algorithm_HMAC_256_256:
cbitKey = 256;
break;
case COSE_Algorithm_HMAC_384_384:
cbitKey = 384;
break;
case COSE_Algorithm_HMAC_512_512:
cbitKey = 512;
break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
// Build protected headers
const cn_cbor * cbProtected = _COSE_encode_protected(&pcose->m_message, perr);
if (cbProtected == NULL) goto errorReturn;
// Get the body
const cn_cbor * cbBody = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY);
CHECK_CONDITION(cbBody != NULL, COSE_ERR_INVALID_PARAMETER);
// Build authenticated data
// Protected headers
// external data
// body
size_t cbAuthData = 0;
pAuthData = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA NULL);
CHECK_CONDITION(pAuthData != NULL, COSE_ERR_OUT_OF_MEMORY);
ptmp = cn_cbor_string_create("MAC0", CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = NULL;
ptmp = cn_cbor_data_create(cbProtected->v.bytes, (int) cbProtected->length, CBOR_CONTEXT_PARAM_COMMA NULL);
CHECK_CONDITION(ptmp != NULL, COSE_ERR_CBOR);
CHECK_CONDITION(cn_cbor_array_append(pAuthData, ptmp, NULL), COSE_ERR_CBOR);
ptmp = NULL;
ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = NULL;
ptmp = cn_cbor_data_create(cbBody->v.bytes, (int) cbBody->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = NULL;
cbAuthData = cn_cbor_encoder_write(RgbDontUse2, 0, sizeof(RgbDontUse2), pAuthData);
CHECK_CONDITION(cbAuthData > 0, COSE_ERR_CBOR);
pbAuthData = (byte *)COSE_CALLOC(cbAuthData, 1, context);
CHECK_CONDITION(pbAuthData != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION(cn_cbor_encoder_write(pbAuthData, 0, cbAuthData, pAuthData) == cbAuthData, COSE_ERR_CBOR);
switch (alg) {
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_256_64:
if (!AES_CBC_MAC_Create((COSE_MacMessage *)pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_CBC_MAC_128_128:
case COSE_Algorithm_CBC_MAC_256_128:
if (!AES_CBC_MAC_Create((COSE_MacMessage *)pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_256_64:
if (!HMAC_Create((COSE_MacMessage *)pcose, 256, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_256_256:
if (!HMAC_Create((COSE_MacMessage *)pcose, 256, 256, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_384_384:
if (!HMAC_Create((COSE_MacMessage *)pcose, 384, 384, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_512_512:
if (!HMAC_Create((COSE_MacMessage *)pcose, 512, 512, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
// Figure out the clean up
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
if (ptmp != NULL) cn_cbor_free(ptmp CBOR_CONTEXT_PARAM);
return true;
errorReturn:
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
if (ptmp != NULL) cn_cbor_free(ptmp CBOR_CONTEXT_PARAM);
return false;
}
bool COSE_Mac_validate(HCOSE_MAC h, HCOSE_RECIPIENT hRecip, cose_errback * perr)
{
COSE_MacMessage * pcose = (COSE_MacMessage *)h;
COSE_RecipientInfo * pRecip = (COSE_RecipientInfo *)hRecip;
cn_cbor_errback cbor_error;
byte * pbAuthData = NULL;
int cbitKey = 0;
int alg;
const cn_cbor * cn = NULL;
byte * pbKey = NULL;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = NULL;
#endif
ssize_t cbAuthData;
cn_cbor * pAuthData = NULL;
cn_cbor * ptmp = NULL;
CHECK_CONDITION(IsValidMacHandle(h) && IsValidRecipientHandle(hRecip), COSE_ERR_INVALID_PARAMETER);
#ifdef USE_CBOR_CONTEXT
context = &pcose->m_message.m_allocContext;
#endif
cn = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
if (cn == NULL) goto errorReturn;
if (cn->type == CN_CBOR_TEXT) {
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
}
else {
CHECK_CONDITION((cn->type == CN_CBOR_UINT || cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
alg = (int)cn->v.uint;
switch (alg) {
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_128_128:
cbitKey = 128;
break;
case COSE_Algorithm_CBC_MAC_256_64:
case COSE_Algorithm_CBC_MAC_256_128:
case COSE_Algorithm_HMAC_256_64:
case COSE_Algorithm_HMAC_256_256:
cbitKey = 256;
break;
case COSE_Algorithm_HMAC_384_384:
cbitKey = 384;
break;
case COSE_Algorithm_HMAC_512_512:
cbitKey = 512;
break;
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
}
// Allocate the key if we have not already done so
if (pbKey == NULL) {
pbKey = COSE_CALLOC(cbitKey / 8, 1, context);
CHECK_CONDITION(pbKey != NULL, COSE_ERR_OUT_OF_MEMORY);
}
// If there is a recipient - ask it for the key
for (pRecip = pcose->m_recipientFirst; pRecip != NULL; pRecip = pRecip->m_recipientNext) {
if (_COSE_Recipient_decrypt(pRecip, cbitKey, pbKey, perr)) break;
}
CHECK_CONDITION(pRecip != NULL, COSE_ERR_NO_RECIPIENT_FOUND);
// Build protected headers
cn_cbor * cnProtected = _COSE_arrayget_int(&pcose->m_message, INDEX_PROTECTED);
CHECK_CONDITION((cnProtected != NULL) && (cnProtected->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
cn_cbor * cnContent = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY);
CHECK_CONDITION((cnContent != NULL) && (cnContent->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
// Build authenticated data
pbAuthData = NULL;
pAuthData = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(pAuthData != NULL, cbor_error);
ptmp = cn_cbor_string_create("MAC", CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(cnProtected->v.bytes, (int) cnProtected->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
ptmp = cn_cbor_data_create(cnContent->v.bytes, (int) cnContent->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
cbAuthData = cn_cbor_encoder_write(RgbDontUseMac, 0, sizeof(RgbDontUseMac), pAuthData);
pbAuthData = (byte *)COSE_CALLOC(cbAuthData, 1, context);
CHECK_CONDITION(pbAuthData != NULL, COSE_ERR_OUT_OF_MEMORY);
CHECK_CONDITION((cn_cbor_encoder_write(pbAuthData, 0, cbAuthData+1, pAuthData) == cbAuthData), COSE_ERR_CBOR); // M00HACK
switch (alg) {
case COSE_Algorithm_HMAC_256_256:
if (!HMAC_Validate(pcose, 256, 256, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_256_64:
if (!HMAC_Validate(pcose, 256, 64, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_384_384:
if (!HMAC_Validate(pcose, 384, 384, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_HMAC_512_512:
if (!HMAC_Validate(pcose, 512, 512, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_CBC_MAC_128_64:
case COSE_Algorithm_CBC_MAC_256_64:
if (!AES_CBC_MAC_Validate(pcose, 64, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
case COSE_Algorithm_CBC_MAC_128_128:
case COSE_Algorithm_CBC_MAC_256_128:
if (!AES_CBC_MAC_Validate(pcose, 128, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
}
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
if ((pbKey != NULL)) {
memset(pbKey, 0xff, cbitKey / 8);
COSE_FREE(pbKey, context);
}
return true;
errorReturn:
if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
if ((pbKey != NULL)) {
memset(pbKey, 0xff, cbitKey / 8);
COSE_FREE(pbKey, context);
}
return false;
}
HCOSE_RECIPIENT COSE_Mac_add_shared_secret(HCOSE_MAC hcose, COSE_Algorithms alg, byte * rgbKey, int cbKey, byte * rgbKid, int cbKid, cose_errback * perr)
{
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = NULL;
#endif // USE_CBOR_CONTEXT
COSE_RecipientInfo * pobj;
COSE_MacMessage * pcose = (COSE_MacMessage *)hcose;
cn_cbor * cn_Temp = NULL;
cn_cbor * pRecipients = NULL;
cn_cbor * pRecipientsNew = NULL;
byte * pbKey = NULL;
byte * pbTemp = NULL;
cn_cbor * cnTemp = NULL;
cn_cbor_errback cbor_error;
CHECK_CONDITION(IsValidMacHandle(hcose) && (rgbKey != NULL), COSE_ERR_INVALID_PARAMETER);
#ifdef USE_CBOR_CONTEXT
context = &pcose->m_message.m_allocContext;
#endif // USE_CBOR_CONTEXT
switch (alg) {
case COSE_Algorithm_Direct:
break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
pobj = (COSE_RecipientInfo *)COSE_CALLOC(1, sizeof(COSE_RecipientInfo), context);
CHECK_CONDITION(pobj != NULL, COSE_ERR_OUT_OF_MEMORY);
if (!_COSE_Init(&pobj->m_encrypt.m_message, COSE_unknown_object, CBOR_CONTEXT_PARAM_COMMA perr)) {
goto errorReturn;
}
cn_Temp = cn_cbor_int_create(alg, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(cn_Temp != NULL, cbor_error);
CHECK_CONDITION_CBOR(cn_cbor_mapput_int(pobj->m_encrypt.m_message.m_unprotectMap, COSE_Header_Algorithm, cn_Temp, CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error);
cn_Temp = NULL;
if (cbKid > 0) {
pbTemp = (byte *)COSE_CALLOC(cbKid, 1, context);
CHECK_CONDITION(pbTemp != NULL, COSE_ERR_OUT_OF_MEMORY);
memcpy(pbTemp, rgbKid, cbKid);
cnTemp = cn_cbor_data_create(pbTemp, cbKid, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(cnTemp != NULL, cbor_error);
pbTemp = NULL;
CHECK_CONDITION_CBOR(cn_cbor_mapput_int(pobj->m_encrypt.m_message.m_unprotectMap, COSE_Header_KID, cnTemp, CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error);
}
pobj->m_encrypt.pbKey = pbKey = (byte *)COSE_CALLOC(cbKey, 1, context);
CHECK_CONDITION(pobj->m_encrypt.pbKey != NULL, COSE_ERR_OUT_OF_MEMORY);
memcpy(pbKey, rgbKey, cbKey);
pobj->m_encrypt.cbKey = cbKey;
pobj->m_recipientNext = pcose->m_recipientFirst;
pcose->m_recipientFirst = pobj;
pRecipients = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_RECIPIENTS);
if (pRecipients == NULL) {
pRecipients = pRecipientsNew = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(pRecipients != NULL, cbor_error);
pRecipientsNew = NULL;
CHECK_CONDITION_CBOR(_COSE_array_replace(&pcose->m_message, pRecipients, INDEX_MAC_RECIPIENTS, CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error);
}
CHECK_CONDITION_CBOR(cn_cbor_array_append(pRecipients, pobj->m_encrypt.m_message.m_cbor, &cbor_error), cbor_error);
pobj->m_encrypt.m_message.m_flags |= 1;
return (HCOSE_RECIPIENT)pobj;
errorReturn:
if (cn_Temp != NULL) CN_CBOR_FREE(cn_Temp, context);
if (pRecipientsNew != NULL) CN_CBOR_FREE(pRecipientsNew, context);
// if (pobj != NULL) COSE_Recipient_Free(pobj);
return NULL;
}
