bool COSE_Encrypt_map_put_int(HCOSE_ENCRYPT h, int key, cn_cbor * value, int flags, cose_errback * perror) { if (!IsValidEncryptHandle(h) || (value == NULL)) { if (perror != NULL) perror->err = COSE_ERR_INVALID_PARAMETER; return false; } return _COSE_map_put(&((COSE_Encrypt *)h)->m_message, key, value, flags, perror); }
bool COSE_Enveloped_map_put_int(HCOSE_ENVELOPED h, int key, cn_cbor * value, int flags, cose_errback * perr) { CHECK_CONDITION(IsValidEnvelopedHandle(h), COSE_ERR_INVALID_HANDLE); CHECK_CONDITION(value != NULL, COSE_ERR_INVALID_PARAMETER); return _COSE_map_put(&((COSE_Enveloped *)h)->m_message, key, value, flags, perr); errorReturn: return false; }
bool AES_CCM_Encrypt(COSE_Enveloped * pcose, int TSize, int LSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr) { mbedtls_ccm_context ctx; int cbOut; byte * rgbOut = NULL; int NSize = 15 - (LSize/8); const cn_cbor * cbor_iv = NULL; cn_cbor * cbor_iv_t = NULL; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pcose->m_message.m_allocContext; #endif cn_cbor * cnTmp = NULL; mbedtls_cipher_id_t cipher; byte rgbIV[16]; byte * pbIV = NULL; cn_cbor_errback cbor_error; mbedtls_ccm_init(&ctx); cipher = MBEDTLS_CIPHER_ID_AES; // Setup the IV/Nonce and put it into the message cbor_iv = _COSE_map_get_int(&pcose->m_message, COSE_Header_IV, COSE_BOTH, perr); if (cbor_iv == NULL) { pbIV = COSE_CALLOC(NSize, 1, context); CHECK_CONDITION(pbIV != NULL, COSE_ERR_OUT_OF_MEMORY); rand_bytes(pbIV, NSize); memcpy(rgbIV, pbIV, NSize); cbor_iv_t = cn_cbor_data_create(pbIV, NSize, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(cbor_iv_t != NULL, cbor_error); pbIV = NULL; if (!_COSE_map_put(&pcose->m_message, COSE_Header_IV, cbor_iv_t, COSE_UNPROTECT_ONLY, perr)) goto errorReturn; cbor_iv_t = NULL; } else { CHECK_CONDITION(cbor_iv->type == CN_CBOR_BYTES, COSE_ERR_INVALID_PARAMETER); CHECK_CONDITION(cbor_iv->length == NSize, COSE_ERR_INVALID_PARAMETER); memcpy(rgbIV, cbor_iv->v.str, cbor_iv->length); } // Setup and run the mbedTLS code //cbKey comes in bytes not bits CHECK_CONDITION(!mbedtls_ccm_setkey(&ctx, cipher, pbKey, cbKey*8), COSE_ERR_CRYPTO_FAIL); TSize /= 8; // Comes in in bits not bytes. cbOut = pcose->cbContent; // M00BUG - This is a missing call? rgbOut = (byte *)COSE_CALLOC(cbOut+TSize, 1, context); CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(!mbedtls_ccm_encrypt_and_tag(&ctx, pcose->cbContent, rgbIV, NSize, pbAuthData, cbAuthData, pcose->pbContent, rgbOut, &rgbOut[pcose->cbContent], TSize), COSE_ERR_CRYPTO_FAIL); cnTmp = cn_cbor_data_create(rgbOut, (int)pcose->cbContent + TSize, CBOR_CONTEXT_PARAM_COMMA NULL); CHECK_CONDITION(cnTmp != NULL, COSE_ERR_CBOR); rgbOut = NULL; CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cnTmp, INDEX_BODY, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR); cnTmp = NULL; mbedtls_ccm_free(&ctx); return true; errorReturn: if (pbIV != NULL) COSE_FREE(pbIV, context); if (cbor_iv_t != NULL) COSE_FREE(cbor_iv_t, context); if (rgbOut != NULL) COSE_FREE(rgbOut, context); if (cnTmp != NULL) COSE_FREE(cnTmp, context); printf("errorReturn from OPENSSL\n"); mbedtls_ccm_free(&ctx); return false; }
bool AES_CCM_Encrypt(COSE_Enveloped * pcose, int TSize, int LSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr) { EVP_CIPHER_CTX ctx; int cbOut; byte * rgbOut = NULL; int NSize = 15 - (LSize/8); int outl = 0; const cn_cbor * cbor_iv = NULL; cn_cbor * cbor_iv_t = NULL; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pcose->m_message.m_allocContext; #endif cn_cbor * cnTmp = NULL; const EVP_CIPHER * cipher; byte rgbIV[16]; byte * pbIV = NULL; cn_cbor_errback cbor_error; switch (cbKey*8) { case 128: cipher = EVP_aes_128_ccm(); break; case 192: cipher = EVP_aes_192_ccm(); break; case 256: cipher = EVP_aes_256_ccm(); break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } // Setup the IV/Nonce and put it into the message cbor_iv = _COSE_map_get_int(&pcose->m_message, COSE_Header_IV, COSE_BOTH, perr); if (cbor_iv == NULL) { pbIV = COSE_CALLOC(NSize, 1, context); CHECK_CONDITION(pbIV != NULL, COSE_ERR_OUT_OF_MEMORY); rand_bytes(pbIV, NSize); memcpy(rgbIV, pbIV, NSize); cbor_iv_t = cn_cbor_data_create(pbIV, NSize, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(cbor_iv_t != NULL, cbor_error); pbIV = NULL; if (!_COSE_map_put(&pcose->m_message, COSE_Header_IV, cbor_iv_t, COSE_UNPROTECT_ONLY, perr)) goto errorReturn; cbor_iv_t = NULL; } else { CHECK_CONDITION(cbor_iv->type == CN_CBOR_BYTES, COSE_ERR_INVALID_PARAMETER); CHECK_CONDITION(cbor_iv->length == NSize, COSE_ERR_INVALID_PARAMETER); memcpy(rgbIV, cbor_iv->v.str, cbor_iv->length); } // Setup and run the OpenSSL code EVP_CIPHER_CTX_init(&ctx); CHECK_CONDITION(EVP_EncryptInit_ex(&ctx, cipher, NULL, NULL, NULL), COSE_ERR_CRYPTO_FAIL); TSize /= 8; // Comes in in bits not bytes. CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_L, (LSize/8), 0), COSE_ERR_CRYPTO_FAIL); // CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, NSize, 0), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, TSize, NULL), COSE_ERR_CRYPTO_FAIL); // Say we are doing an 8 byte tag CHECK_CONDITION(EVP_EncryptInit(&ctx, 0, pbKey, rgbIV), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(EVP_EncryptUpdate(&ctx, 0, &cbOut, 0, (int) pcose->cbContent), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(EVP_EncryptUpdate(&ctx, NULL, &outl, pbAuthData, (int) cbAuthData), COSE_ERR_CRYPTO_FAIL); rgbOut = (byte *)COSE_CALLOC(cbOut+TSize, 1, context); CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, pcose->pbContent, (int) pcose->cbContent), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(EVP_EncryptFinal_ex(&ctx, &rgbOut[cbOut], &cbOut), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, TSize, &rgbOut[pcose->cbContent]), COSE_ERR_CRYPTO_FAIL); cnTmp = cn_cbor_data_create(rgbOut, (int)pcose->cbContent + TSize, CBOR_CONTEXT_PARAM_COMMA NULL); CHECK_CONDITION(cnTmp != NULL, COSE_ERR_CBOR); rgbOut = NULL; CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cnTmp, INDEX_BODY, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR); cnTmp = NULL; EVP_CIPHER_CTX_cleanup(&ctx); return true; errorReturn: if (pbIV != NULL) COSE_FREE(pbIV, context); if (cbor_iv_t != NULL) COSE_FREE(cbor_iv_t, context); if (rgbOut != NULL) COSE_FREE(rgbOut, context); if (cnTmp != NULL) COSE_FREE(cnTmp, context); EVP_CIPHER_CTX_cleanup(&ctx); return false; }