bool AES_CBC_MAC_Create(COSE_MacMessage * pcose, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr) { const EVP_CIPHER * pcipher = NULL; EVP_CIPHER_CTX ctx; int cbOut; byte rgbIV[16] = { 0 }; byte * rgbOut = NULL; bool f = false; unsigned int i; cn_cbor * cn = NULL; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pcose->m_message.m_allocContext; #endif rgbOut = COSE_CALLOC(16, 1, context); CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY); switch (cbKey*8) { case 128: pcipher = EVP_aes_128_cbc(); break; case 256: pcipher = EVP_aes_256_cbc(); break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } // Setup and run the OpenSSL code EVP_CIPHER_CTX_init(&ctx); CHECK_CONDITION(EVP_EncryptInit_ex(&ctx, pcipher, NULL, pbKey, rgbIV), COSE_ERR_CRYPTO_FAIL); for (i = 0; i < (unsigned int)cbAuthData / 16; i++) { CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, pbAuthData + (i * 16), 16), COSE_ERR_CRYPTO_FAIL); } if (cbAuthData % 16 != 0) { CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, pbAuthData + (i * 16), cbAuthData % 16), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, rgbIV, 16 - (cbAuthData % 16)), COSE_ERR_CRYPTO_FAIL); } cn = cn_cbor_data_create(rgbOut, TSize / 8, CBOR_CONTEXT_PARAM_COMMA NULL); CHECK_CONDITION(cn != NULL, COSE_ERR_OUT_OF_MEMORY); rgbOut = NULL; CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cn, INDEX_MAC_TAG, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR); cn = NULL; EVP_CIPHER_CTX_cleanup(&ctx); return !f; errorReturn: if (rgbOut != NULL) COSE_FREE(rgbOut, context); if (cn != NULL) CN_CBOR_FREE(cn, context); EVP_CIPHER_CTX_cleanup(&ctx); return false; }
bool ECDSA_Sign(COSE * pSigner, int index, const cn_cbor * pKey, int cbitDigest, const byte * rgbToSign, size_t cbToSign, cose_errback * perr) { EC_KEY * eckey = NULL; byte rgbDigest[EVP_MAX_MD_SIZE]; unsigned int cbDigest = sizeof(rgbDigest); byte * pbSig = NULL; const EVP_MD * digest; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pSigner->m_allocContext; #endif cn_cbor * p = NULL; ECDSA_SIG * psig = NULL; cn_cbor_errback cbor_error; int cbR; byte rgbSig[66]; int cb; eckey = ECKey_From(pKey, &cbR, perr); if (eckey == NULL) { errorReturn: if (p != NULL) CN_CBOR_FREE(p, context); if (eckey != NULL) EC_KEY_free(eckey); return false; } switch (cbitDigest) { case 256: digest = EVP_sha256(); break; case 512: digest = EVP_sha512(); break; case 384: digest = EVP_sha384(); break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } EVP_Digest(rgbToSign, cbToSign, rgbDigest, &cbDigest, digest, NULL); psig = ECDSA_do_sign(rgbDigest, cbDigest, eckey); CHECK_CONDITION(psig != NULL, COSE_ERR_CRYPTO_FAIL); pbSig = COSE_CALLOC(cbR, 2, context); CHECK_CONDITION(pbSig != NULL, COSE_ERR_OUT_OF_MEMORY); cb = BN_bn2bin(psig->r, rgbSig); CHECK_CONDITION(cb <= cbR, COSE_ERR_INVALID_PARAMETER); memcpy(pbSig + cbR - cb, rgbSig, cb); cb = BN_bn2bin(psig->s, rgbSig); CHECK_CONDITION(cb <= cbR, COSE_ERR_INVALID_PARAMETER); memcpy(pbSig + 2*cbR - cb, rgbSig, cb); p = cn_cbor_data_create(pbSig, cbR*2, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(p != NULL, cbor_error); CHECK_CONDITION(_COSE_array_replace(pSigner, p, index, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR); return true; }
bool ECDSA_Verify(COSE * pSigner, int index, const cn_cbor * pKey, int cbitDigest, const byte * rgbToSign, size_t cbToSign, cose_errback * perr) { mbedtls_ecp_keypair keypair; mbedtls_mpi r; mbedtls_mpi s; mbedtls_md_type_t mdType; const mbedtls_md_info_t *pmdInfo; byte rgbDigest[MBEDTLS_MD_MAX_SIZE]; cn_cbor * pSig; bool result = false; mbedtls_ecp_keypair_init(&keypair); mbedtls_mpi_init(&r); mbedtls_mpi_init(&s); if(!ECKey_From(pKey, &keypair, perr)) goto errorReturn; switch(cbitDigest) { case 256: mdType = MBEDTLS_MD_SHA256; break; case 384: mdType = MBEDTLS_MD_SHA384; break; case 512: mdType = MBEDTLS_MD_SHA512; break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } pmdInfo = mbedtls_md_info_from_type(mdType); CHECK_CONDITION(pmdInfo != NULL, COSE_ERR_INVALID_PARAMETER); CHECK_CONDITION(mbedtls_md(pmdInfo, rgbToSign, cbToSign, rgbDigest) == 0, COSE_ERR_INVALID_PARAMETER); pSig = _COSE_arrayget_int(pSigner, index); CHECK_CONDITION((pSig != NULL) && (pSig->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER); CHECK_CONDITION(mbedtls_mpi_read_binary( &r, pSig->v.bytes, pSig->length / 2 ) == 0, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(mbedtls_mpi_read_binary( &s, pSig->v.bytes + pSig->length / 2, pSig->length / 2 ) == 0, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(mbedtls_ecdsa_verify(&keypair.grp, rgbDigest, mbedtls_md_get_size(pmdInfo), &keypair.Q, &r, &s) == 0, COSE_ERR_CRYPTO_FAIL); result = true; errorReturn: mbedtls_mpi_free(&r); mbedtls_mpi_free(&s); mbedtls_ecp_keypair_free(&keypair); return result; }
bool AES_CBC_MAC_Validate(COSE_MacMessage * pcose, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr) { const EVP_CIPHER * pcipher = NULL; EVP_CIPHER_CTX ctx; int cbOut; byte rgbIV[16] = { 0 }; byte rgbTag[16] = { 0 }; bool f = false; unsigned int i; switch (cbKey*8) { case 128: pcipher = EVP_aes_128_cbc(); break; case 256: pcipher = EVP_aes_256_cbc(); break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } // Setup and run the OpenSSL code EVP_CIPHER_CTX_init(&ctx); CHECK_CONDITION(EVP_EncryptInit_ex(&ctx, pcipher, NULL, pbKey, rgbIV), COSE_ERR_CRYPTO_FAIL); TSize /= 8; for (i = 0; i < (unsigned int) cbAuthData / 16; i++) { CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbTag, &cbOut, pbAuthData+(i*16), 16), COSE_ERR_CRYPTO_FAIL); } if (cbAuthData % 16 != 0) { CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbTag, &cbOut, pbAuthData + (i * 16), cbAuthData % 16), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbTag, &cbOut, rgbIV, 16 - (cbAuthData % 16)), COSE_ERR_CRYPTO_FAIL); } cn_cbor * cn = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_TAG); CHECK_CONDITION(cn != NULL, COSE_ERR_CBOR); for (i = 0; i < (unsigned int)TSize; i++) f |= (cn->v.bytes[i] != rgbTag[i]); EVP_CIPHER_CTX_cleanup(&ctx); return !f; errorReturn: EVP_CIPHER_CTX_cleanup(&ctx); return false; }
bool ECDSA_Verify(COSE * pSigner, int index, const cn_cbor * pKey, int cbitDigest, const byte * rgbToSign, size_t cbToSign, cose_errback * perr) { EC_KEY * eckey = NULL; byte rgbDigest[EVP_MAX_MD_SIZE]; unsigned int cbDigest = sizeof(rgbDigest); const EVP_MD * digest; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pSigner->m_allocContext; #endif cn_cbor * p = NULL; ECDSA_SIG sig = { NULL, NULL }; int cbR; cn_cbor * pSig; size_t cbSignature; eckey = ECKey_From(pKey, &cbR, perr); if (eckey == NULL) { errorReturn: if (sig.r != NULL) BN_free(sig.r); if (sig.s != NULL) BN_free(sig.s); if (p != NULL) CN_CBOR_FREE(p, context); if (eckey != NULL) EC_KEY_free(eckey); return false; } switch (cbitDigest) { case 256: digest = EVP_sha256(); break; case 512: digest = EVP_sha512(); break; case 384: digest = EVP_sha384(); break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } EVP_Digest(rgbToSign, cbToSign, rgbDigest, &cbDigest, digest, NULL); pSig = _COSE_arrayget_int(pSigner, index); CHECK_CONDITION(pSig != NULL, CN_CBOR_ERR_INVALID_PARAMETER); cbSignature = pSig->length; CHECK_CONDITION(cbSignature / 2 == cbR, COSE_ERR_INVALID_PARAMETER); sig.r = BN_bin2bn(pSig->v.bytes,(int) cbSignature/2, NULL); sig.s = BN_bin2bn(pSig->v.bytes+cbSignature/2, (int) cbSignature/2, NULL); CHECK_CONDITION(ECDSA_do_verify(rgbDigest, cbDigest, &sig, eckey) == 1, COSE_ERR_CRYPTO_FAIL); BN_free(sig.r); BN_free(sig.s); if (eckey != NULL) EC_KEY_free(eckey); return true; }
bool HMAC_Validate(COSE_MacMessage * pcose, int HSize, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr) { mbedtls_md_context_t contx; const char* md_name; const struct mbedtls_md_info_t * info; byte * rgbOut = NULL; unsigned int cbOut; bool f = false; unsigned int i; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pcose->m_message.m_allocContext; #endif switch (HSize) { case 256: md_name = "SHA256"; break; case 384: md_name = "SHA384"; break; case 512: md_name = "SHA512"; break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break; } mbedtls_md_init(&contx); info = mbedtls_md_info_from_string (md_name); mbedtls_md_setup( &contx, info, 1 ); cbOut = mbedtls_md_get_size(info); rgbOut = COSE_CALLOC(cbOut, 1, context); CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(!(mbedtls_md_hmac_starts (&contx, (char*)pbKey, cbKey)), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(!(mbedtls_md_hmac_update (&contx, pbAuthData, cbAuthData)), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(!(mbedtls_md_hmac_finish (&contx, rgbOut)), COSE_ERR_CRYPTO_FAIL); cn_cbor * cn = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_TAG); CHECK_CONDITION(cn != NULL, COSE_ERR_CBOR); if (cn->length > (int) cbOut) return false; for (i = 0; i < (unsigned int) TSize/8; i++) f |= (cn->v.bytes[i] != rgbOut[i]); mbedtls_md_free(&contx); return !f; errorReturn: COSE_FREE(rgbOut, context); mbedtls_md_free(&contx); return false; }
// We are doing CBC-MAC not CMAC at this time bool AES_CMAC_Validate(COSE_MacMessage * pcose, int KeySize, int TagSize, const byte * pbAuthData, int cbAuthData, cose_errback * perr) { CMAC_CTX * pctx = NULL; const EVP_CIPHER * pcipher = NULL; byte * rgbOut = NULL; size_t cbOut; bool f = false; unsigned int i; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pcose->m_message.m_allocContext; #endif pctx = CMAC_CTX_new(); switch (KeySize) { case 128: pcipher = EVP_aes_128_cbc(); break; case 256: pcipher = EVP_aes_256_cbc(); break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break; } rgbOut = COSE_CALLOC(128/8, 1, context); CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(CMAC_Init(pctx, pcose->pbKey, pcose->cbKey, pcipher, NULL /*impl*/) == 1, COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(CMAC_Update(pctx, pbAuthData, cbAuthData), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(CMAC_Final(pctx, rgbOut, &cbOut), COSE_ERR_CRYPTO_FAIL); cn_cbor * cn = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_TAG); CHECK_CONDITION(cn != NULL, COSE_ERR_CBOR); for (i = 0; i < (unsigned int)TagSize / 8; i++) f |= (cn->v.bytes[i] != rgbOut[i]); COSE_FREE(rgbOut, context); CMAC_CTX_cleanup(pctx); CMAC_CTX_free(pctx); return !f; errorReturn: COSE_FREE(rgbOut, context); CMAC_CTX_cleanup(pctx); CMAC_CTX_free(pctx); return false; }
bool HMAC_Validate(COSE_MacMessage * pcose, int HSize, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr) { HMAC_CTX ctx; const EVP_MD * pmd = NULL; byte * rgbOut = NULL; unsigned int cbOut; bool f = false; unsigned int i; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pcose->m_message.m_allocContext; #endif HMAC_CTX_init(&ctx); switch (HSize) { case 256: pmd = EVP_sha256(); break; case 384: pmd = EVP_sha384(); break; case 512: pmd = EVP_sha512(); break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break; } rgbOut = COSE_CALLOC(EVP_MAX_MD_SIZE, 1, context); CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(HMAC_Init(&ctx, pbKey, (int) cbKey, pmd), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(HMAC_Update(&ctx, pbAuthData, cbAuthData), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(HMAC_Final(&ctx, rgbOut, &cbOut), COSE_ERR_CRYPTO_FAIL); cn_cbor * cn = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_TAG); CHECK_CONDITION(cn != NULL, COSE_ERR_CBOR); if (cn->length > (int) cbOut) return false; for (i = 0; i < (unsigned int) TSize/8; i++) f |= (cn->v.bytes[i] != rgbOut[i]); HMAC_cleanup(&ctx); return !f; errorReturn: COSE_FREE(rgbOut, context); HMAC_cleanup(&ctx); return false; }
bool _COSE_map_put(COSE * pCose, int key, cn_cbor * value, int flags, cose_errback * perr) { #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pCose->m_allocContext; #endif cn_cbor_errback error; bool f; if ((flags & COSE_BOTH) == COSE_BOTH) { if (perr != NULL) perr->err = COSE_ERR_INVALID_PARAMETER; errorReturn: return false; } if (perr != NULL) perr->err = COSE_ERR_NONE; switch (flags) { case COSE_PROTECT_ONLY: f = cn_cbor_mapput_int(pCose->m_protectedMap, key, value, CBOR_CONTEXT_PARAM_COMMA &error); break; case COSE_UNPROTECT_ONLY: f = cn_cbor_mapput_int(pCose->m_unprotectMap, key, value, CBOR_CONTEXT_PARAM_COMMA &error); break; case COSE_DONT_SEND: if (pCose->m_dontSendMap == NULL) { pCose->m_dontSendMap = cn_cbor_map_create(CBOR_CONTEXT_PARAM_COMMA &error); CHECK_CONDITION(pCose->m_dontSendMap != NULL, COSE_ERR_OUT_OF_MEMORY); } f = cn_cbor_mapput_int(pCose->m_dontSendMap, key, value, CBOR_CONTEXT_PARAM_COMMA &error); break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break; } CHECK_CONDITION(f, _MapFromCBOR(error)); return f; }
bool HMAC_Create(COSE_MacMessage * pcose, int HSize, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr) { byte * rgbOut = NULL; // unsigned int cbOut; mbedtls_md_context_t contx; const char* md_name; const struct mbedtls_md_info_t * info; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pcose->m_message.m_allocContext; #endif switch (HSize) { case 256: md_name = "SHA256"; break; case 384: md_name = "SHA384"; break; case 512: md_name = "SHA512"; break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break; } if (0) { errorReturn: COSE_FREE(rgbOut, context); mbedtls_md_free(&contx); return false; } mbedtls_md_init(&contx); info = mbedtls_md_info_from_string (md_name); mbedtls_md_setup( &contx, info, 1 ); rgbOut = COSE_CALLOC(mbedtls_md_get_size(info), 1, context); CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(!(mbedtls_md_hmac_starts (&contx, (char*)pbKey, cbKey)), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(!(mbedtls_md_hmac_update (&contx, pbAuthData, cbAuthData)), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(!(mbedtls_md_hmac_finish (&contx, rgbOut)), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cn_cbor_data_create(rgbOut, TSize / 8, CBOR_CONTEXT_PARAM_COMMA NULL), INDEX_MAC_TAG, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR); mbedtls_md_free(&contx); return true; }
bool HMAC_Create(COSE_MacMessage * pcose, int HSize, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr) { HMAC_CTX ctx; const EVP_MD * pmd = NULL; byte * rgbOut = NULL; unsigned int cbOut; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pcose->m_message.m_allocContext; #endif HMAC_CTX_init(&ctx); if (0) { errorReturn: COSE_FREE(rgbOut, context); HMAC_cleanup(&ctx); return false; } switch (HSize) { case 256: pmd = EVP_sha256(); break; case 384: pmd = EVP_sha384(); break; case 512: pmd = EVP_sha512(); break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break; } rgbOut = COSE_CALLOC(EVP_MAX_MD_SIZE, 1, context); CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(HMAC_Init(&ctx, pbKey, (int) cbKey, pmd), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(HMAC_Update(&ctx, pbAuthData, cbAuthData), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(HMAC_Final(&ctx, rgbOut, &cbOut), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cn_cbor_data_create(rgbOut, TSize / 8, CBOR_CONTEXT_PARAM_COMMA NULL), INDEX_MAC_TAG, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR); HMAC_cleanup(&ctx); return true; }
bool COSE_Mac0_validate(HCOSE_MAC0 h, const byte * pbKey, size_t cbKey, cose_errback * perr) { COSE_Mac0Message * pcose = (COSE_Mac0Message *)h; cn_cbor_errback cbor_error; byte * pbAuthData = NULL; int cbitKey = 0; int alg; const cn_cbor * cn = NULL; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = NULL; #endif ssize_t cbAuthData; cn_cbor * pAuthData = NULL; cn_cbor * ptmp = NULL; CHECK_CONDITION(IsValidMac0Handle(h), COSE_ERR_INVALID_PARAMETER); #ifdef USE_CBOR_CONTEXT context = &pcose->m_message.m_allocContext; #endif cn = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr); if (cn == NULL) goto errorReturn; if (cn->type == CN_CBOR_TEXT) { FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM); } else { CHECK_CONDITION((cn->type == CN_CBOR_UINT || cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER); alg = (int)cn->v.uint; switch (alg) { case COSE_Algorithm_CBC_MAC_128_64: case COSE_Algorithm_CBC_MAC_128_128: cbitKey = 128; break; case COSE_Algorithm_CBC_MAC_256_64: case COSE_Algorithm_CBC_MAC_256_128: case COSE_Algorithm_HMAC_256_64: case COSE_Algorithm_HMAC_256_256: cbitKey = 256; break; case COSE_Algorithm_HMAC_384_384: cbitKey = 384; break; case COSE_Algorithm_HMAC_512_512: cbitKey = 512; break; default: FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM); break; } } // Build protected headers cn_cbor * cnProtected = _COSE_arrayget_int(&pcose->m_message, INDEX_PROTECTED); CHECK_CONDITION((cnProtected != NULL) && (cnProtected->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER); cn_cbor * cnContent = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY); CHECK_CONDITION((cnContent != NULL) && (cnContent->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER); // Build authenticated data pbAuthData = NULL; pAuthData = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(pAuthData != NULL, cbor_error); ptmp = cn_cbor_string_create("MAC0", CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error); CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error); ptmp = cn_cbor_data_create(cnProtected->v.bytes, (int) cnProtected->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error); CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error); ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error); CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error); ptmp = cn_cbor_data_create(cnContent->v.bytes, (int) cnContent->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error); CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error); cbAuthData = cn_cbor_encoder_write(RgbDontUseMac, 0, sizeof(RgbDontUseMac), pAuthData); pbAuthData = (byte *)COSE_CALLOC(cbAuthData, 1, context); CHECK_CONDITION(pbAuthData != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION((cn_cbor_encoder_write(pbAuthData, 0, cbAuthData+1, pAuthData) == cbAuthData), COSE_ERR_CBOR); // M00HACK switch (alg) { case COSE_Algorithm_HMAC_256_256: if (!HMAC_Validate((COSE_MacMessage *)pcose, 256, 256, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_HMAC_256_64: if (!HMAC_Validate((COSE_MacMessage *)pcose, 256, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_HMAC_384_384: if (!HMAC_Validate((COSE_MacMessage *)pcose, 384, 384, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_HMAC_512_512: if (!HMAC_Validate((COSE_MacMessage *)pcose, 512, 512, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_CBC_MAC_128_64: case COSE_Algorithm_CBC_MAC_256_64: if (!AES_CBC_MAC_Validate((COSE_MacMessage *)pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_CBC_MAC_128_128: case COSE_Algorithm_CBC_MAC_256_128: if (!AES_CBC_MAC_Validate((COSE_MacMessage *)pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; default: FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM); break; } if (pbAuthData != NULL) COSE_FREE(pbAuthData, context); if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM); return true; errorReturn: if (pbAuthData != NULL) COSE_FREE(pbAuthData, context); if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM); return false; }
bool COSE_Mac0_encrypt(HCOSE_MAC0 h, const byte * pbKey, size_t cbKey, cose_errback * perr) { int alg; const cn_cbor * cn_Alg = NULL; byte * pbAuthData = NULL; cn_cbor * pAuthData = NULL; cn_cbor * ptmp = NULL; size_t cbitKey; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = NULL; #endif COSE_Mac0Message * pcose = (COSE_Mac0Message *)h; cn_cbor_errback cbor_error; CHECK_CONDITION(IsValidMac0Handle(h), COSE_ERR_INVALID_PARAMETER); #ifdef USE_CBOR_CONTEXT context = &pcose->m_message.m_allocContext; #endif // USE_CBOR_CONTEXT cn_Alg = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr); if (cn_Alg == NULL) goto errorReturn; CHECK_CONDITION(((cn_Alg->type == CN_CBOR_UINT || cn_Alg->type == CN_CBOR_INT)), COSE_ERR_INVALID_PARAMETER); alg = (int) cn_Alg->v.uint; // Get the key size switch (alg) { case COSE_Algorithm_CBC_MAC_128_64: case COSE_Algorithm_CBC_MAC_128_128: cbitKey = 128; break; case COSE_Algorithm_CBC_MAC_256_64: case COSE_Algorithm_CBC_MAC_256_128: case COSE_Algorithm_HMAC_256_64: case COSE_Algorithm_HMAC_256_256: cbitKey = 256; break; case COSE_Algorithm_HMAC_384_384: cbitKey = 384; break; case COSE_Algorithm_HMAC_512_512: cbitKey = 512; break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } // Build protected headers const cn_cbor * cbProtected = _COSE_encode_protected(&pcose->m_message, perr); if (cbProtected == NULL) goto errorReturn; // Get the body const cn_cbor * cbBody = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY); CHECK_CONDITION(cbBody != NULL, COSE_ERR_INVALID_PARAMETER); // Build authenticated data // Protected headers // external data // body size_t cbAuthData = 0; pAuthData = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA NULL); CHECK_CONDITION(pAuthData != NULL, COSE_ERR_OUT_OF_MEMORY); ptmp = cn_cbor_string_create("MAC0", CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error); CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error); ptmp = NULL; ptmp = cn_cbor_data_create(cbProtected->v.bytes, (int) cbProtected->length, CBOR_CONTEXT_PARAM_COMMA NULL); CHECK_CONDITION(ptmp != NULL, COSE_ERR_CBOR); CHECK_CONDITION(cn_cbor_array_append(pAuthData, ptmp, NULL), COSE_ERR_CBOR); ptmp = NULL; ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error); CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error); ptmp = NULL; ptmp = cn_cbor_data_create(cbBody->v.bytes, (int) cbBody->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error); CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error); ptmp = NULL; cbAuthData = cn_cbor_encoder_write(RgbDontUse2, 0, sizeof(RgbDontUse2), pAuthData); CHECK_CONDITION(cbAuthData > 0, COSE_ERR_CBOR); pbAuthData = (byte *)COSE_CALLOC(cbAuthData, 1, context); CHECK_CONDITION(pbAuthData != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(cn_cbor_encoder_write(pbAuthData, 0, cbAuthData, pAuthData) == cbAuthData, COSE_ERR_CBOR); switch (alg) { case COSE_Algorithm_CBC_MAC_128_64: case COSE_Algorithm_CBC_MAC_256_64: if (!AES_CBC_MAC_Create((COSE_MacMessage *)pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_CBC_MAC_128_128: case COSE_Algorithm_CBC_MAC_256_128: if (!AES_CBC_MAC_Create((COSE_MacMessage *)pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_HMAC_256_64: if (!HMAC_Create((COSE_MacMessage *)pcose, 256, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_HMAC_256_256: if (!HMAC_Create((COSE_MacMessage *)pcose, 256, 256, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_HMAC_384_384: if (!HMAC_Create((COSE_MacMessage *)pcose, 384, 384, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_HMAC_512_512: if (!HMAC_Create((COSE_MacMessage *)pcose, 512, 512, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } // Figure out the clean up if (pbAuthData != NULL) COSE_FREE(pbAuthData, context); if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM); if (ptmp != NULL) cn_cbor_free(ptmp CBOR_CONTEXT_PARAM); return true; errorReturn: if (pbAuthData != NULL) COSE_FREE(pbAuthData, context); if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM); if (ptmp != NULL) cn_cbor_free(ptmp CBOR_CONTEXT_PARAM); return false; }
bool _COSE_Enveloped_encrypt(COSE_Enveloped * pcose, const byte * pbKeyIn, size_t cbKeyIn, const char * szContext, cose_errback * perr) { int alg; int t; COSE_RecipientInfo * pri; const cn_cbor * cn_Alg = NULL; byte * pbAuthData = NULL; size_t cbitKey; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pcose->m_message.m_allocContext; #endif bool fRet = false; byte * pbKey = NULL; size_t cbKey = 0; cn_Alg = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr); if (cn_Alg == NULL) goto errorReturn; CHECK_CONDITION((cn_Alg->type != CN_CBOR_TEXT), COSE_ERR_UNKNOWN_ALGORITHM); CHECK_CONDITION((cn_Alg->type == CN_CBOR_UINT) || (cn_Alg->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER); alg = (int) cn_Alg->v.uint; // Get the key size switch (alg) { #ifdef USE_AES_CCM_64_64_128 case COSE_Algorithm_AES_CCM_64_64_128: cbitKey = 128; break; #endif #ifdef USE_AES_CCM_16_128_128 case COSE_Algorithm_AES_CCM_16_128_128: cbitKey = 128; break; #endif #ifdef USE_AES_CCM_64_128_128 case COSE_Algorithm_AES_CCM_64_128_128: cbitKey = 128; break; #endif #ifdef USE_AES_CCM_16_64_128 case COSE_Algorithm_AES_CCM_16_64_128: cbitKey = 128; break; #endif #ifdef USE_AES_CCM_64_64_256 case COSE_Algorithm_AES_CCM_64_64_256: cbitKey = 256; break; #endif #ifdef USE_AES_CCM_16_128_256 case COSE_Algorithm_AES_CCM_16_128_256: cbitKey = 256; break; #endif #ifdef USE_AES_CCM_64_128_256 case COSE_Algorithm_AES_CCM_64_128_256: cbitKey = 256; break; #endif #ifdef USE_AES_CCM_16_64_256 case COSE_Algorithm_AES_CCM_16_64_256: cbitKey = 256; break; #endif #ifdef USE_AES_GCM_128 case COSE_Algorithm_AES_GCM_128: cbitKey = 128; break; #endif #ifdef USE_AES_GCM_192 case COSE_Algorithm_AES_GCM_192: cbitKey = 192; break; #endif #ifdef USE_AES_GCM_256 case COSE_Algorithm_AES_GCM_256: cbitKey = 256; break; #endif default: FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM); } // Enveloped or Encrypted? if (pbKeyIn != NULL) { CHECK_CONDITION(cbKeyIn == cbitKey / 8, COSE_ERR_INVALID_PARAMETER); pbKey = pbKeyIn; cbKey = cbKeyIn; } else { // If we are doing direct encryption - then recipient generates the key t = 0; for (pri = pcose->m_recipientFirst; pri != NULL; pri = pri->m_recipientNext) { if (pri->m_encrypt.m_message.m_flags & 1) { CHECK_CONDITION(pbKey == NULL, COSE_ERR_INVALID_PARAMETER); t |= 1; pbKey = _COSE_RecipientInfo_generateKey(pri, alg, cbitKey, perr); cbKey = cbitKey / 8; if (pbKey == NULL) goto errorReturn; } else { t |= 2; } } CHECK_CONDITION(t != 3, COSE_ERR_INVALID_PARAMETER); if (t == 2) { pbKey = (byte *)COSE_CALLOC(cbitKey / 8, 1, context); CHECK_CONDITION(pbKey != NULL, COSE_ERR_OUT_OF_MEMORY); cbKey = cbitKey / 8; rand_bytes(pbKey, cbKey); } } // Build protected headers const cn_cbor * cbProtected = _COSE_encode_protected(&pcose->m_message, perr); if (cbProtected == NULL) goto errorReturn; #ifdef USE_COUNTER_SIGNATURES // Setup Counter Signatures if (!_COSE_CountSign_create(&pcose->m_message, NULL, CBOR_CONTEXT_PARAM_COMMA perr)) { goto errorReturn; } #endif // Build authenticated data size_t cbAuthData = 0; if (!_COSE_Encrypt_Build_AAD(&pcose->m_message, &pbAuthData, &cbAuthData, szContext, perr)) goto errorReturn; switch (alg) { #ifdef USE_AES_CCM_16_64_128 case COSE_Algorithm_AES_CCM_16_64_128: if (!AES_CCM_Encrypt(pcose, 64, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; #endif #ifdef USE_AES_CCM_16_64_256 case COSE_Algorithm_AES_CCM_16_64_256: if (!AES_CCM_Encrypt(pcose, 64, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; #endif #ifdef USE_AES_CCM_16_128_128 case COSE_Algorithm_AES_CCM_16_128_128: if (!AES_CCM_Encrypt(pcose, 128, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; #endif #ifdef USE_AES_CCM_16_128_256 case COSE_Algorithm_AES_CCM_16_128_256: if (!AES_CCM_Encrypt(pcose, 128, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; #endif #ifdef USE_AES_CCM_64_64_128 case COSE_Algorithm_AES_CCM_64_64_128: if (!AES_CCM_Encrypt(pcose, 64, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; #endif #ifdef USE_AES_CCM_64_64_256 case COSE_Algorithm_AES_CCM_64_64_256: if (!AES_CCM_Encrypt(pcose, 64, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; #endif #ifdef USE_AES_CCM_64_128_128 case COSE_Algorithm_AES_CCM_64_128_128: if (!AES_CCM_Encrypt(pcose, 128, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; #endif #ifdef USE_AES_CCM_64_128_256 case COSE_Algorithm_AES_CCM_64_128_256: if (!AES_CCM_Encrypt(pcose, 128, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; #endif #ifdef USE_AES_GCM_128 case COSE_Algorithm_AES_GCM_128: if (!AES_GCM_Encrypt(pcose, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; #endif #ifdef USE_AES_GCM_192 case COSE_Algorithm_AES_GCM_192: if (!AES_GCM_Encrypt(pcose, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; #endif #ifdef USE_AES_GCM_256 case COSE_Algorithm_AES_GCM_256: if (!AES_GCM_Encrypt(pcose, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; #endif default: FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM); } for (pri = pcose->m_recipientFirst; pri != NULL; pri = pri->m_recipientNext) { if (!_COSE_Recipient_encrypt(pri, pbKey, cbKey, perr)) goto errorReturn; } // Figure out the clean up fRet = true; errorReturn: if (pbAuthData != NULL) COSE_FREE(pbAuthData, context); if ((pbKey != NULL) && (pbKey != pbKeyIn)) { memset(pbKey, 0, cbKey); COSE_FREE(pbKey, context); } return fRet; }
bool _COSE_Enveloped_decrypt(COSE_Enveloped * pcose, COSE_RecipientInfo * pRecip, const byte *pbKeyIn, size_t cbKeyIn, const char * szContext, cose_errback * perr) { int alg; const cn_cbor * cn = NULL; byte * pbKey = NULL; size_t cbitKey = 0; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context; #endif byte * pbAuthData = NULL; size_t cbAuthData; #ifdef USE_CBOR_CONTEXT context = &pcose->m_message.m_allocContext; #endif CHECK_CONDITION(!((pRecip != NULL) && (pbKeyIn != NULL)), COSE_ERR_INTERNAL); cn = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr); if (cn == NULL) { error: errorReturn: if (pbAuthData != NULL) COSE_FREE(pbAuthData, context); if ((pbKey != NULL) && (pbKeyIn == NULL)) { memset(pbKey, 0xff, cbitKey / 8); COSE_FREE(pbKey, context); } return false; } CHECK_CONDITION((cn->type == CN_CBOR_UINT) || (cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER); alg = (int) cn->v.uint; switch (alg) { #ifdef USE_AES_CCM_16_64_128 case COSE_Algorithm_AES_CCM_16_64_128: cbitKey = 128; break; #endif #ifdef USE_AES_CCM_16_128_128 case COSE_Algorithm_AES_CCM_16_128_128: cbitKey = 128; break; #endif #ifdef USE_AES_CCM_64_64_128 case COSE_Algorithm_AES_CCM_64_64_128: cbitKey = 128; break; #endif #ifdef USE_AES_CCM_64_128_128 case COSE_Algorithm_AES_CCM_64_128_128: cbitKey = 128; break; #endif #ifdef USE_AES_CCM_64_64_256 case COSE_Algorithm_AES_CCM_64_64_256: cbitKey = 256; break; #endif #ifdef USE_AES_CCM_16_128_256 case COSE_Algorithm_AES_CCM_16_128_256: cbitKey = 256; break; #endif #ifdef USE_AES_CCM_64_128_256 case COSE_Algorithm_AES_CCM_64_128_256: cbitKey = 256; break; #endif #ifdef USE_AES_CCM_16_64_256 case COSE_Algorithm_AES_CCM_16_64_256: cbitKey = 256; break; #endif #ifdef USE_AES_GCM_128 case COSE_Algorithm_AES_GCM_128: cbitKey = 128; break; #endif #ifdef USE_AES_GCM_192 case COSE_Algorithm_AES_GCM_192: cbitKey = 192; break; #endif #ifdef USE_AES_GCM_256 case COSE_Algorithm_AES_GCM_256: cbitKey = 256; break; #endif default: FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM); break; } // // We are doing the enveloped item - so look for the passed in recipient // if (pbKeyIn != NULL) { CHECK_CONDITION(cbKeyIn == cbitKey / 8, COSE_ERR_INVALID_PARAMETER); pbKey = pbKeyIn; } else { // Allocate the key if we have not already done so if (pbKey == NULL) { pbKey = COSE_CALLOC(cbitKey / 8, 1, context); CHECK_CONDITION(pbKey != NULL, COSE_ERR_OUT_OF_MEMORY); } // If there is a recipient - ask it for the key if (pRecip != NULL) { COSE_RecipientInfo * pRecipX; for (pRecipX = pcose->m_recipientFirst; pRecipX != NULL; pRecipX = pRecipX->m_recipientNext) { if (pRecipX == pRecip) { if (!_COSE_Recipient_decrypt(pRecipX, pRecip, alg, cbitKey, pbKey, perr)) goto errorReturn; break; } else if (pRecipX->m_encrypt.m_recipientFirst != NULL) { if (_COSE_Recipient_decrypt(pRecipX, pRecip, alg, cbitKey, pbKey, perr)) break; } } CHECK_CONDITION(pRecipX != NULL, COSE_ERR_NO_RECIPIENT_FOUND); } else { for (pRecip = pcose->m_recipientFirst; pRecip != NULL; pRecip = pRecip->m_recipientNext) { if (_COSE_Recipient_decrypt(pRecip, NULL, alg, cbitKey, pbKey, perr)) break; } CHECK_CONDITION(pRecip != NULL, COSE_ERR_NO_RECIPIENT_FOUND); } } // Build authenticated data if (!_COSE_Encrypt_Build_AAD(&pcose->m_message, &pbAuthData, &cbAuthData, szContext, perr)) goto errorReturn; cn = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY); CHECK_CONDITION(cn != NULL, COSE_ERR_INVALID_PARAMETER); switch (alg) { #ifdef USE_AES_CCM_16_64_128 case COSE_Algorithm_AES_CCM_16_64_128: if (!AES_CCM_Decrypt(pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_CCM_16_64_256 case COSE_Algorithm_AES_CCM_16_64_256: if (!AES_CCM_Decrypt(pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_CCM_16_128_128 case COSE_Algorithm_AES_CCM_16_128_128: if (!AES_CCM_Decrypt(pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_CCM_16_128_256 case COSE_Algorithm_AES_CCM_16_128_256: if (!AES_CCM_Decrypt(pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_CCM_64_64_128 case COSE_Algorithm_AES_CCM_64_64_128: if (!AES_CCM_Decrypt(pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_CCM_64_64_256 case COSE_Algorithm_AES_CCM_64_64_256: if (!AES_CCM_Decrypt(pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_CCM_64_128_128 case COSE_Algorithm_AES_CCM_64_128_128: if (!AES_CCM_Decrypt(pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_CCM_64_128_256 case COSE_Algorithm_AES_CCM_64_128_256: if (!AES_CCM_Decrypt(pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_GCM_128 case COSE_Algorithm_AES_GCM_128: if (!AES_GCM_Decrypt(pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_GCM_192 case COSE_Algorithm_AES_GCM_192: if (!AES_GCM_Decrypt(pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif #ifdef USE_AES_GCM_256 case COSE_Algorithm_AES_GCM_256: if (!AES_GCM_Decrypt(pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif default: FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM); break; } if (pbAuthData != NULL) COSE_FREE(pbAuthData, context); if ((pbKey != NULL) && (pbKeyIn == NULL)) COSE_FREE(pbKey, context); if (perr != NULL) perr->err = COSE_ERR_NONE; return true; }
bool COSE_Mac_validate(HCOSE_MAC h, HCOSE_RECIPIENT hRecip, cose_errback * perr) { COSE_MacMessage * pcose = (COSE_MacMessage *)h; COSE_RecipientInfo * pRecip = (COSE_RecipientInfo *)hRecip; cn_cbor_errback cbor_error; byte * pbAuthData = NULL; int cbitKey = 0; int alg; const cn_cbor * cn = NULL; byte * pbKey = NULL; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = NULL; #endif ssize_t cbAuthData; cn_cbor * pAuthData = NULL; cn_cbor * ptmp = NULL; CHECK_CONDITION(IsValidMacHandle(h) && IsValidRecipientHandle(hRecip), COSE_ERR_INVALID_PARAMETER); #ifdef USE_CBOR_CONTEXT context = &pcose->m_message.m_allocContext; #endif cn = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr); if (cn == NULL) goto errorReturn; if (cn->type == CN_CBOR_TEXT) { FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM); } else { CHECK_CONDITION((cn->type == CN_CBOR_UINT || cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER); alg = (int)cn->v.uint; switch (alg) { case COSE_Algorithm_CBC_MAC_128_64: case COSE_Algorithm_CBC_MAC_128_128: cbitKey = 128; break; case COSE_Algorithm_CBC_MAC_256_64: case COSE_Algorithm_CBC_MAC_256_128: case COSE_Algorithm_HMAC_256_64: case COSE_Algorithm_HMAC_256_256: cbitKey = 256; break; case COSE_Algorithm_HMAC_384_384: cbitKey = 384; break; case COSE_Algorithm_HMAC_512_512: cbitKey = 512; break; default: FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM); break; } } // Allocate the key if we have not already done so if (pbKey == NULL) { pbKey = COSE_CALLOC(cbitKey / 8, 1, context); CHECK_CONDITION(pbKey != NULL, COSE_ERR_OUT_OF_MEMORY); } // If there is a recipient - ask it for the key for (pRecip = pcose->m_recipientFirst; pRecip != NULL; pRecip = pRecip->m_recipientNext) { if (_COSE_Recipient_decrypt(pRecip, cbitKey, pbKey, perr)) break; } CHECK_CONDITION(pRecip != NULL, COSE_ERR_NO_RECIPIENT_FOUND); // Build protected headers cn_cbor * cnProtected = _COSE_arrayget_int(&pcose->m_message, INDEX_PROTECTED); CHECK_CONDITION((cnProtected != NULL) && (cnProtected->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER); cn_cbor * cnContent = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY); CHECK_CONDITION((cnContent != NULL) && (cnContent->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER); // Build authenticated data pbAuthData = NULL; pAuthData = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(pAuthData != NULL, cbor_error); ptmp = cn_cbor_string_create("MAC", CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error); CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error); ptmp = cn_cbor_data_create(cnProtected->v.bytes, (int) cnProtected->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error); CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error); ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error); CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error); ptmp = cn_cbor_data_create(cnContent->v.bytes, (int) cnContent->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error); CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error); cbAuthData = cn_cbor_encoder_write(RgbDontUseMac, 0, sizeof(RgbDontUseMac), pAuthData); pbAuthData = (byte *)COSE_CALLOC(cbAuthData, 1, context); CHECK_CONDITION(pbAuthData != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION((cn_cbor_encoder_write(pbAuthData, 0, cbAuthData+1, pAuthData) == cbAuthData), COSE_ERR_CBOR); // M00HACK switch (alg) { case COSE_Algorithm_HMAC_256_256: if (!HMAC_Validate(pcose, 256, 256, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_HMAC_256_64: if (!HMAC_Validate(pcose, 256, 64, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_HMAC_384_384: if (!HMAC_Validate(pcose, 384, 384, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_HMAC_512_512: if (!HMAC_Validate(pcose, 512, 512, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_CBC_MAC_128_64: case COSE_Algorithm_CBC_MAC_256_64: if (!AES_CBC_MAC_Validate(pcose, 64, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_CBC_MAC_128_128: case COSE_Algorithm_CBC_MAC_256_128: if (!AES_CBC_MAC_Validate(pcose, 128, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn; break; default: FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM); break; } if (pbAuthData != NULL) COSE_FREE(pbAuthData, context); if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM); if ((pbKey != NULL)) { memset(pbKey, 0xff, cbitKey / 8); COSE_FREE(pbKey, context); } return true; errorReturn: if (pbAuthData != NULL) COSE_FREE(pbAuthData, context); if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM); if ((pbKey != NULL)) { memset(pbKey, 0xff, cbitKey / 8); COSE_FREE(pbKey, context); } return false; }
HCOSE_RECIPIENT COSE_Mac_add_shared_secret(HCOSE_MAC hcose, COSE_Algorithms alg, byte * rgbKey, int cbKey, byte * rgbKid, int cbKid, cose_errback * perr) { #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = NULL; #endif // USE_CBOR_CONTEXT COSE_RecipientInfo * pobj; COSE_MacMessage * pcose = (COSE_MacMessage *)hcose; cn_cbor * cn_Temp = NULL; cn_cbor * pRecipients = NULL; cn_cbor * pRecipientsNew = NULL; byte * pbKey = NULL; byte * pbTemp = NULL; cn_cbor * cnTemp = NULL; cn_cbor_errback cbor_error; CHECK_CONDITION(IsValidMacHandle(hcose) && (rgbKey != NULL), COSE_ERR_INVALID_PARAMETER); #ifdef USE_CBOR_CONTEXT context = &pcose->m_message.m_allocContext; #endif // USE_CBOR_CONTEXT switch (alg) { case COSE_Algorithm_Direct: break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } pobj = (COSE_RecipientInfo *)COSE_CALLOC(1, sizeof(COSE_RecipientInfo), context); CHECK_CONDITION(pobj != NULL, COSE_ERR_OUT_OF_MEMORY); if (!_COSE_Init(&pobj->m_encrypt.m_message, COSE_unknown_object, CBOR_CONTEXT_PARAM_COMMA perr)) { goto errorReturn; } cn_Temp = cn_cbor_int_create(alg, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(cn_Temp != NULL, cbor_error); CHECK_CONDITION_CBOR(cn_cbor_mapput_int(pobj->m_encrypt.m_message.m_unprotectMap, COSE_Header_Algorithm, cn_Temp, CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error); cn_Temp = NULL; if (cbKid > 0) { pbTemp = (byte *)COSE_CALLOC(cbKid, 1, context); CHECK_CONDITION(pbTemp != NULL, COSE_ERR_OUT_OF_MEMORY); memcpy(pbTemp, rgbKid, cbKid); cnTemp = cn_cbor_data_create(pbTemp, cbKid, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(cnTemp != NULL, cbor_error); pbTemp = NULL; CHECK_CONDITION_CBOR(cn_cbor_mapput_int(pobj->m_encrypt.m_message.m_unprotectMap, COSE_Header_KID, cnTemp, CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error); } pobj->m_encrypt.pbKey = pbKey = (byte *)COSE_CALLOC(cbKey, 1, context); CHECK_CONDITION(pobj->m_encrypt.pbKey != NULL, COSE_ERR_OUT_OF_MEMORY); memcpy(pbKey, rgbKey, cbKey); pobj->m_encrypt.cbKey = cbKey; pobj->m_recipientNext = pcose->m_recipientFirst; pcose->m_recipientFirst = pobj; pRecipients = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_RECIPIENTS); if (pRecipients == NULL) { pRecipients = pRecipientsNew = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(pRecipients != NULL, cbor_error); pRecipientsNew = NULL; CHECK_CONDITION_CBOR(_COSE_array_replace(&pcose->m_message, pRecipients, INDEX_MAC_RECIPIENTS, CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error); } CHECK_CONDITION_CBOR(cn_cbor_array_append(pRecipients, pobj->m_encrypt.m_message.m_cbor, &cbor_error), cbor_error); pobj->m_encrypt.m_message.m_flags |= 1; return (HCOSE_RECIPIENT)pobj; errorReturn: if (cn_Temp != NULL) CN_CBOR_FREE(cn_Temp, context); if (pRecipientsNew != NULL) CN_CBOR_FREE(pRecipientsNew, context); // if (pobj != NULL) COSE_Recipient_Free(pobj); return NULL; }
bool ECDSA_Sign(COSE * pSigner, int index, const cn_cbor * pKey, int cbitDigest, const byte * rgbToSign, size_t cbToSign, cose_errback * perr) { #if defined(MBEDTLS_ECDSA_DETERMINISTIC) byte rgbDigest[MBEDTLS_MD_MAX_SIZE]; uint8_t * pbSig = NULL; cn_cbor_errback cbor_error; int cbR; mbedtls_md_type_t mdType; const mbedtls_md_info_t *pmdInfo; mbedtls_ecp_keypair keypair; mbedtls_mpi r; mbedtls_mpi s; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pSigner->m_allocContext; #endif cn_cbor * p = NULL; bool result = false; mbedtls_ecp_keypair_init(&keypair); mbedtls_mpi_init(&r); mbedtls_mpi_init(&s); if(!ECKey_From(pKey, &keypair, perr)) goto errorReturn; CHECK_CONDITION(keypair.d.n != 0, COSE_ERR_INVALID_PARAMETER); switch(cbitDigest) { case 256: mdType = MBEDTLS_MD_SHA256; break; case 384: mdType = MBEDTLS_MD_SHA384; break; case 512: mdType = MBEDTLS_MD_SHA512; break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } pmdInfo = mbedtls_md_info_from_type(mdType); CHECK_CONDITION(pmdInfo != NULL, COSE_ERR_INVALID_PARAMETER); CHECK_CONDITION(mbedtls_md(pmdInfo, rgbToSign, cbToSign, rgbDigest) == 0, COSE_ERR_INVALID_PARAMETER); CHECK_CONDITION(mbedtls_ecdsa_sign_det(&keypair.grp, &r, &s, &keypair.d, rgbDigest, mbedtls_md_get_size(pmdInfo), mdType) == 0, COSE_ERR_CRYPTO_FAIL); cbR = (keypair.grp.nbits + 7) / 8; pbSig = COSE_CALLOC(cbR, 2, context); CHECK_CONDITION(pbSig != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(mbedtls_mpi_write_binary(&r, pbSig, cbR) == 0, COSE_ERR_INTERNAL); CHECK_CONDITION(mbedtls_mpi_write_binary(&s, pbSig + cbR, cbR) == 0, COSE_ERR_INTERNAL); p = cn_cbor_data_create(pbSig, cbR*2, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(p != NULL, cbor_error); CHECK_CONDITION(_COSE_array_replace(pSigner, p, index, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR); p = NULL; pbSig = NULL; result = true; errorReturn: cn_cbor_free(p CBOR_CONTEXT_PARAM); COSE_FREE(pbSig, context); mbedtls_mpi_free(&r); mbedtls_mpi_free(&s); mbedtls_ecp_keypair_free(&keypair); return result; #else return false; #endif }
bool ECKey_From(const cn_cbor * pKey, mbedtls_ecp_keypair *keypair, cose_errback * perr) { byte rgbKey[MBEDTLS_ECP_MAX_PT_LEN]; int cbKey; int cbGroup; const cn_cbor * p; mbedtls_ecp_group_id groupId; p = cn_cbor_mapget_int(pKey, COSE_Key_Type); CHECK_CONDITION(p != NULL, COSE_ERR_INVALID_PARAMETER); if(p->type == CN_CBOR_UINT) { CHECK_CONDITION(p->v.uint == COSE_Key_Type_EC2, COSE_ERR_INVALID_PARAMETER); } else { FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } p = cn_cbor_mapget_int(pKey, COSE_Key_EC_Curve); CHECK_CONDITION((p != NULL) && (p->type == CN_CBOR_UINT), COSE_ERR_INVALID_PARAMETER); switch (p->v.uint) { case 1: // P-256 groupId = MBEDTLS_ECP_DP_SECP256R1; break; case 2: // P-384 groupId = MBEDTLS_ECP_DP_SECP384R1; break; case 3: // P-521 groupId = MBEDTLS_ECP_DP_SECP521R1; break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } CHECK_CONDITION(mbedtls_ecp_group_load(&keypair->grp, groupId) == 0, COSE_ERR_INVALID_PARAMETER); cbGroup = (keypair->grp.nbits + 7) / 8; p = cn_cbor_mapget_int(pKey, COSE_Key_EC_X); CHECK_CONDITION((p != NULL) && (p->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER); CHECK_CONDITION(p->length == cbGroup, COSE_ERR_INVALID_PARAMETER); memcpy(rgbKey+1, p->v.str, p->length); p = cn_cbor_mapget_int(pKey, COSE_Key_EC_Y); CHECK_CONDITION((p != NULL), COSE_ERR_INVALID_PARAMETER); if (p->type == CN_CBOR_BYTES) { rgbKey[0] = 0x04; cbKey = cbGroup * 2 + 1; CHECK_CONDITION(p->length == cbGroup, COSE_ERR_INVALID_PARAMETER); memcpy(rgbKey + p->length + 1, p->v.str, p->length); } else if (p->type == CN_CBOR_TRUE) { cbKey = cbGroup + 1; rgbKey[0] = 0x03; } else if (p->type == CN_CBOR_FALSE) { cbKey = cbGroup + 1; rgbKey[0] = 0x02; } else FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); CHECK_CONDITION(mbedtls_ecp_point_read_binary(&keypair->grp, &keypair->Q, rgbKey, cbKey) == 0, COSE_ERR_INVALID_PARAMETER); p = cn_cbor_mapget_int(pKey, COSE_Key_EC_d); if (p != NULL) { CHECK_CONDITION(p->type == CN_CBOR_BYTES, COSE_ERR_INVALID_PARAMETER); CHECK_CONDITION(mbedtls_mpi_read_binary( &keypair->d, p->v.bytes, p->length) == 0, COSE_ERR_CRYPTO_FAIL); } return true; errorReturn: return false; }
EC_KEY * ECKey_From(const cn_cbor * pKey, int * cbGroup, cose_errback * perr) { EC_KEY * pNewKey = EC_KEY_new(); byte rgbKey[512+1]; const cn_cbor * p; int nidGroup = -1; EC_POINT * pPoint = NULL; p = cn_cbor_mapget_int(pKey, COSE_Key_EC_Curve); CHECK_CONDITION(p != NULL, COSE_ERR_INVALID_PARAMETER); switch (p->v.sint) { case 1: // P-256 nidGroup = NID_X9_62_prime256v1; *cbGroup = 256 / 8; break; case 2: // P-384 nidGroup = NID_secp384r1; *cbGroup = 384 / 8; break; case 3: // P-521 nidGroup = NID_secp521r1; *cbGroup = (521 + 7) / 8; break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } EC_GROUP * ecgroup = EC_GROUP_new_by_curve_name(nidGroup); EC_KEY_set_group(pNewKey, ecgroup); rgbKey[0] = POINT_CONVERSION_UNCOMPRESSED; p = cn_cbor_mapget_int(pKey, COSE_Key_EC_X); if (p == NULL) return NULL; if (p->type != CN_CBOR_BYTES) return NULL; memcpy(rgbKey+1, p->v.str, p->length); p = cn_cbor_mapget_int(pKey, COSE_Key_EC_Y); if (p == NULL) return NULL; if (p->type != CN_CBOR_BYTES) return NULL; memcpy(rgbKey + p->length+1, p->v.str, p->length); pPoint = EC_POINT_new(ecgroup); EC_POINT_oct2point(ecgroup, pPoint, rgbKey, p->length * 2 + 1, NULL); EC_KEY_set_public_key(pNewKey, pPoint); p = cn_cbor_mapget_int(pKey, COSE_Key_EC_d); if (p != NULL) { BIGNUM * pbn; pbn = BN_bin2bn(p->v.bytes, (int) p->length, NULL); EC_KEY_set_private_key(pNewKey, pbn); } return pNewKey; errorReturn: return NULL; }
bool _COSE_Encrypt_decrypt(COSE_Encrypt * pcose, const byte * pbKey, size_t cbKey, cose_errback * perr) { int alg; const cn_cbor * cn = NULL; int cbitKey; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context; #endif byte * pbAuthData = NULL; size_t cbAuthData; cn_cbor * pAuthData = NULL; byte * pbProtected = NULL; ssize_t cbProtected; #ifdef USE_CBOR_CONTEXT context = &pcose->m_message.m_allocContext; #endif cn = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr); if (cn == NULL) { error: errorReturn: if (pbProtected != NULL) COSE_FREE(pbProtected, context); if (pbAuthData != NULL) COSE_FREE(pbAuthData, context); if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM); return false; } CHECK_CONDITION((cn->type == CN_CBOR_UINT) || (cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER); alg = (int) cn->v.uint; switch (alg) { #ifdef INCLUDE_AES_CCM case COSE_Algorithm_AES_CCM_16_64_128: case COSE_Algorithm_AES_CCM_16_128_128: case COSE_Algorithm_AES_CCM_64_64_128: case COSE_Algorithm_AES_CCM_64_128_128: cbitKey = 128; break; case COSE_Algorithm_AES_CCM_64_64_256: case COSE_Algorithm_AES_CCM_16_128_256: case COSE_Algorithm_AES_CCM_64_128_256: case COSE_Algorithm_AES_CCM_16_64_256: cbitKey = 256; break; #endif // INCLUDE_AES_CCM case COSE_Algorithm_AES_GCM_128: cbitKey = 128; break; case COSE_Algorithm_AES_GCM_192: cbitKey = 192; break; case COSE_Algorithm_AES_GCM_256: cbitKey = 256; break; default: FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM); break; } CHECK_CONDITION(cbitKey / 8 == cbKey, COSE_ERR_INVALID_PARAMETER); // Build protected headers CHECK_CONDITION(pcose->m_message.m_protectedMap != NULL, COSE_ERR_INVALID_PARAMETER); if ((pcose->m_message.m_protectedMap != NULL) && (pcose->m_message.m_protectedMap->first_child != NULL)) { cbProtected = cn_cbor_encoder_write(RgbDontUse, 0, sizeof(RgbDontUse), pcose->m_message.m_protectedMap); pbProtected = (byte *)COSE_CALLOC(cbProtected, 1, context); if (pbProtected == NULL) goto error; if (cn_cbor_encoder_write(pbProtected, 0, cbProtected, pcose->m_message.m_protectedMap) != cbProtected) goto error; } else { pbProtected = NULL; cbProtected = 0; } // Build authenticated data if (!_COSE_Encrypt_Build_AAD(&pcose->m_message, &pbAuthData, &cbAuthData, "Encrypted", perr)) goto errorReturn; cn = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY); CHECK_CONDITION(cn != NULL, COSE_ERR_INVALID_PARAMETER); switch (alg) { #ifdef INCLUDE_AES_CCM case COSE_Algorithm_AES_CCM_16_64_128: case COSE_Algorithm_AES_CCM_16_64_256: if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; case COSE_Algorithm_AES_CCM_16_128_128: case COSE_Algorithm_AES_CCM_16_128_256: if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; case COSE_Algorithm_AES_CCM_64_64_128: case COSE_Algorithm_AES_CCM_64_64_256: if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; case COSE_Algorithm_AES_CCM_64_128_128: case COSE_Algorithm_AES_CCM_64_128_256: if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; #endif // INCLUDE_AES_CCM case COSE_Algorithm_AES_GCM_128: case COSE_Algorithm_AES_GCM_192: case COSE_Algorithm_AES_GCM_256: if (!AES_GCM_Decrypt((COSE_Enveloped *)pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error; break; default: FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM); break; } if (pbProtected != NULL) COSE_FREE(pbProtected, context); if (pbAuthData != NULL) COSE_FREE(pbAuthData, context); if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM); if (perr != NULL) perr->err = COSE_ERR_NONE; return true; }
HCOSE COSE_Decode(const byte * rgbData, size_t cbData, int * ptype, COSE_object_type struct_type, CBOR_CONTEXT_COMMA cose_errback * perr) { cn_cbor * cbor = NULL; cn_cbor * cborRoot = NULL; #ifdef TAG_IN_ARRAY const cn_cbor * pType = NULL; #endif cn_cbor_errback cbor_err; HCOSE h; CHECK_CONDITION((rgbData != NULL) && (ptype != NULL), COSE_ERR_INVALID_PARAMETER); cbor = cborRoot = cn_cbor_decode(rgbData, cbData, CBOR_CONTEXT_PARAM_COMMA &cbor_err); CHECK_CONDITION_CBOR(cbor != NULL, cbor_err); #ifdef TAG_IN_ARRAY CHECK_CONDITION(cbor->type == CN_CBOR_ARRAY, COSE_ERR_INVALID_PARAMETER); pType = cn_cbor_index(cbor, 0); CHECK_CONDITION(((pType != NULL) && (pType->type == CN_CBOR_UINT)), COSE_ERR_INVALID_PARAMETER); *ptype = pType->v.sint; #else // ! TAG_IN_ARRAY if (cbor->type == CN_CBOR_TAG) { if (struct_type != 0) { CHECK_CONDITION(struct_type == (COSE_object_type) cbor->v.sint, COSE_ERR_INVALID_PARAMETER); } else struct_type = cbor->v.uint; *ptype = struct_type; cbor = cbor->first_child; } else { *ptype = struct_type; } CHECK_CONDITION(cbor->type == CN_CBOR_ARRAY, COSE_ERR_INVALID_PARAMETER); #endif // TAG_IN_ARRAY switch (*ptype) { case COSE_enveloped_object: h = (HCOSE)_COSE_Enveloped_Init_From_Object(cbor, NULL, CBOR_CONTEXT_PARAM_COMMA perr); if (h == NULL) { goto errorReturn; } break; case COSE_sign_object: h = (HCOSE)_COSE_Sign_Init_From_Object(cborRoot, NULL, CBOR_CONTEXT_PARAM_COMMA perr); if (h == NULL) { goto errorReturn; } break; case COSE_sign0_object: h = (HCOSE)_COSE_Sign0_Init_From_Object(cborRoot, NULL, CBOR_CONTEXT_PARAM_COMMA perr); if (h == NULL) { goto errorReturn; } break; case COSE_mac_object: h = (HCOSE)_COSE_Mac_Init_From_Object(cbor, NULL, CBOR_CONTEXT_PARAM_COMMA perr); if (h == NULL) { goto errorReturn; } break; case COSE_mac0_object: h = (HCOSE)_COSE_Mac0_Init_From_Object(cbor, NULL, CBOR_CONTEXT_PARAM_COMMA perr); if (h == NULL) { goto errorReturn; } break; case COSE_encrypt_object: h = (HCOSE)_COSE_Encrypt_Init_From_Object(cbor, NULL, CBOR_CONTEXT_PARAM_COMMA perr); if (h == NULL) { goto errorReturn; } break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } return h; errorReturn: COSE_FREE(cbor, context); return NULL; }
bool AES_CCM_Encrypt(COSE_Enveloped * pcose, int TSize, int LSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr) { EVP_CIPHER_CTX ctx; int cbOut; byte * rgbOut = NULL; int NSize = 15 - (LSize/8); int outl = 0; const cn_cbor * cbor_iv = NULL; cn_cbor * cbor_iv_t = NULL; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pcose->m_message.m_allocContext; #endif cn_cbor * cnTmp = NULL; const EVP_CIPHER * cipher; byte rgbIV[16]; byte * pbIV = NULL; cn_cbor_errback cbor_error; switch (cbKey*8) { case 128: cipher = EVP_aes_128_ccm(); break; case 192: cipher = EVP_aes_192_ccm(); break; case 256: cipher = EVP_aes_256_ccm(); break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } // Setup the IV/Nonce and put it into the message cbor_iv = _COSE_map_get_int(&pcose->m_message, COSE_Header_IV, COSE_BOTH, perr); if (cbor_iv == NULL) { pbIV = COSE_CALLOC(NSize, 1, context); CHECK_CONDITION(pbIV != NULL, COSE_ERR_OUT_OF_MEMORY); rand_bytes(pbIV, NSize); memcpy(rgbIV, pbIV, NSize); cbor_iv_t = cn_cbor_data_create(pbIV, NSize, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(cbor_iv_t != NULL, cbor_error); pbIV = NULL; if (!_COSE_map_put(&pcose->m_message, COSE_Header_IV, cbor_iv_t, COSE_UNPROTECT_ONLY, perr)) goto errorReturn; cbor_iv_t = NULL; } else { CHECK_CONDITION(cbor_iv->type == CN_CBOR_BYTES, COSE_ERR_INVALID_PARAMETER); CHECK_CONDITION(cbor_iv->length == NSize, COSE_ERR_INVALID_PARAMETER); memcpy(rgbIV, cbor_iv->v.str, cbor_iv->length); } // Setup and run the OpenSSL code EVP_CIPHER_CTX_init(&ctx); CHECK_CONDITION(EVP_EncryptInit_ex(&ctx, cipher, NULL, NULL, NULL), COSE_ERR_CRYPTO_FAIL); TSize /= 8; // Comes in in bits not bytes. CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_L, (LSize/8), 0), COSE_ERR_CRYPTO_FAIL); // CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, NSize, 0), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, TSize, NULL), COSE_ERR_CRYPTO_FAIL); // Say we are doing an 8 byte tag CHECK_CONDITION(EVP_EncryptInit(&ctx, 0, pbKey, rgbIV), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(EVP_EncryptUpdate(&ctx, 0, &cbOut, 0, (int) pcose->cbContent), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(EVP_EncryptUpdate(&ctx, NULL, &outl, pbAuthData, (int) cbAuthData), COSE_ERR_CRYPTO_FAIL); rgbOut = (byte *)COSE_CALLOC(cbOut+TSize, 1, context); CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, pcose->pbContent, (int) pcose->cbContent), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(EVP_EncryptFinal_ex(&ctx, &rgbOut[cbOut], &cbOut), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, TSize, &rgbOut[pcose->cbContent]), COSE_ERR_CRYPTO_FAIL); cnTmp = cn_cbor_data_create(rgbOut, (int)pcose->cbContent + TSize, CBOR_CONTEXT_PARAM_COMMA NULL); CHECK_CONDITION(cnTmp != NULL, COSE_ERR_CBOR); rgbOut = NULL; CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cnTmp, INDEX_BODY, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR); cnTmp = NULL; EVP_CIPHER_CTX_cleanup(&ctx); return true; errorReturn: if (pbIV != NULL) COSE_FREE(pbIV, context); if (cbor_iv_t != NULL) COSE_FREE(cbor_iv_t, context); if (rgbOut != NULL) COSE_FREE(rgbOut, context); if (cnTmp != NULL) COSE_FREE(cnTmp, context); EVP_CIPHER_CTX_cleanup(&ctx); return false; }
bool COSE_Encrypt_encrypt(HCOSE_ENCRYPT h, const byte * pbKey, size_t cbKey, cose_errback * perr) { int alg; const cn_cbor * cn_Alg = NULL; byte * pbAuthData = NULL; cn_cbor * pAuthData = NULL; cn_cbor * ptmp = NULL; size_t cbitKey; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = NULL; #endif COSE_Encrypt * pcose = (COSE_Encrypt *) h; CHECK_CONDITION(IsValidEncryptHandle(h), COSE_ERR_INVALID_PARAMETER); #ifdef USE_CBOR_CONTEXT context = &pcose->m_message.m_allocContext; #endif // USE_CBOR_CONTEXT cn_Alg = _COSE_map_get_int(&pcose->m_message, COSE_Header_Algorithm, COSE_BOTH, perr); if (cn_Alg == NULL) goto errorReturn; CHECK_CONDITION((cn_Alg->type == CN_CBOR_UINT) || (cn_Alg->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER); alg = (int) cn_Alg->v.uint; // Get the key size switch (alg) { #ifdef INCLUDE_AES_CCM case COSE_Algorithm_AES_CCM_64_64_128: case COSE_Algorithm_AES_CCM_16_128_128: case COSE_Algorithm_AES_CCM_64_128_128: case COSE_Algorithm_AES_CCM_16_64_128: cbitKey = 128; break; case COSE_Algorithm_AES_CCM_64_64_256: case COSE_Algorithm_AES_CCM_16_128_256: case COSE_Algorithm_AES_CCM_64_128_256: case COSE_Algorithm_AES_CCM_16_64_256: cbitKey = 256; break; #endif // INCLUDE_AES_CCM case COSE_Algorithm_AES_GCM_128: cbitKey = 128; break; case COSE_Algorithm_AES_GCM_192: cbitKey = 192; break; case COSE_Algorithm_AES_GCM_256: cbitKey = 256; break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } // Build protected headers const cn_cbor * cbProtected = _COSE_encode_protected(&pcose->m_message, perr); if (cbProtected == NULL) goto errorReturn; // Build authenticated data size_t cbAuthData = 0; if (!_COSE_Encrypt_Build_AAD(&pcose->m_message, &pbAuthData, &cbAuthData, "Encrypted", perr)) goto errorReturn; switch (alg) { #ifdef INCLUDE_AES_CCM case COSE_Algorithm_AES_CCM_16_64_128: case COSE_Algorithm_AES_CCM_16_64_256: if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 64, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_AES_CCM_16_128_128: case COSE_Algorithm_AES_CCM_16_128_256: if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 128, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_AES_CCM_64_64_128: case COSE_Algorithm_AES_CCM_64_64_256: if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 64, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; case COSE_Algorithm_AES_CCM_64_128_128: case COSE_Algorithm_AES_CCM_64_128_256: if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 128, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; #endif case COSE_Algorithm_AES_GCM_128: case COSE_Algorithm_AES_GCM_192: case COSE_Algorithm_AES_GCM_256: if (!AES_GCM_Encrypt((COSE_Enveloped *)pcose, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn; break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } // Figure out the clean up if (pbAuthData != NULL) COSE_FREE(pbAuthData, context); if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM); return true; errorReturn: if (pbAuthData != NULL) COSE_FREE(pbAuthData, context); if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM); if (ptmp != NULL) cn_cbor_free(ptmp CBOR_CONTEXT_PARAM); return false; }
bool AES_GCM_Decrypt(COSE_Enveloped * pcose, const byte * pbKey, int cbKey, const byte * pbCrypto, size_t cbCrypto, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr) { EVP_CIPHER_CTX ctx; int cbOut; byte * rgbOut = NULL; int outl = 0; byte rgbIV[15] = { 0 }; const cn_cbor * pIV = NULL; const EVP_CIPHER * cipher; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pcose->m_message.m_allocContext; #endif int TSize = 128 / 8; assert(perr != NULL); EVP_CIPHER_CTX_init(&ctx); // Setup the IV/Nonce and put it into the message pIV = _COSE_map_get_int(&pcose->m_message, COSE_Header_IV, COSE_BOTH, NULL); if ((pIV == NULL) || (pIV->type != CN_CBOR_BYTES)) { perr->err = COSE_ERR_INVALID_PARAMETER; errorReturn: if (rgbOut != NULL) COSE_FREE(rgbOut, context); EVP_CIPHER_CTX_cleanup(&ctx); return false; } CHECK_CONDITION(pIV->length == 96/8, COSE_ERR_INVALID_PARAMETER); memcpy(rgbIV, pIV->v.str, pIV->length); // Setup and run the OpenSSL code switch (cbKey) { case 128 / 8: cipher = EVP_aes_128_gcm(); break; case 192 / 8: cipher = EVP_aes_192_gcm(); break; case 256 / 8: cipher = EVP_aes_256_gcm(); break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break; } // Do the setup for OpenSSL CHECK_CONDITION(EVP_DecryptInit_ex(&ctx, cipher, NULL, NULL, NULL), COSE_ERR_DECRYPT_FAILED); CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, TSize, (void *)&pbCrypto[cbCrypto - TSize]), COSE_ERR_DECRYPT_FAILED); CHECK_CONDITION(EVP_DecryptInit(&ctx, 0, pbKey, rgbIV), COSE_ERR_DECRYPT_FAILED); // Pus in the AAD CHECK_CONDITION(EVP_DecryptUpdate(&ctx, NULL, &outl, pbAuthData, (int) cbAuthData), COSE_ERR_DECRYPT_FAILED); // cbOut = (int)cbCrypto - TSize; rgbOut = (byte *)COSE_CALLOC(cbOut, 1, context); CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY); // Process content CHECK_CONDITION(EVP_DecryptUpdate(&ctx, rgbOut, &cbOut, pbCrypto, (int)cbCrypto - TSize), COSE_ERR_DECRYPT_FAILED); // Process Tag CHECK_CONDITION(EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, TSize, (byte *)pbCrypto + cbCrypto - TSize), COSE_ERR_DECRYPT_FAILED); // Check the result CHECK_CONDITION(EVP_DecryptFinal(&ctx, rgbOut + cbOut, &cbOut), COSE_ERR_DECRYPT_FAILED); EVP_CIPHER_CTX_cleanup(&ctx); pcose->pbContent = rgbOut; pcose->cbContent = cbOut; return true; }