Skip to content

Commit

Permalink
Test improvements for crit params; t_cose 1 compat (#261)
Browse files Browse the repository at this point in the history 
Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
  • Loading branch information
@laurencelundblade
laurencelundblade and Laurence Lundblade authored Aug 14, 2023
1 parent 6ebef8d commit c9328fd
Show file tree
Hide file tree
Showing 3 changed files with 75 additions and 57 deletions.
18 changes: 9 additions & 9 deletions inc/t_cose/t_cose_common.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -724,17 +724,17 @@ enum t_cose_err_t {
/**
* Functions like t_cose_sign_verify() and t_cose_encrypt_dec() will
* error out with \ref T_COSE_ERR_UNKNOWN_CRITICAL_PARAMETER if there
* are any critical header parameters. Since the header parameters for
* verification, decryption and similar are all standard, don't need
* to be marked critical and understood by this implementation, this
* error is not returned.
*
* This option turns off the check for critical parameters for use
* cases that use them. In that case the caller of t_cose takes
* responsibility for checking all the parameters decoded to be sure
* there are no critical parameters that are not understood.
* are any unknown critical header parameters.
*
* This option turns off the check for critical parameters. if this is
* set, the caller of t_cose takes responsibility for checking all the
* parameters decoded to be sure there are no critical parameters that
* are not understood.
*/
#define T_COSE_OPT_NO_CRIT_PARAM_CHECK 0x00001000
#define T_COSE_OPT_UNKNOWN_CRIT_ALLOWED T_COSE_OPT_NO_CRIT_PARAM_CHECK




/**
Expand Down
10 changes: 5 additions & 5 deletions test/t_cose_make_test_messages.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,11 @@ encode_protected_parameters(uint32_t test_message_options,
QCBOREncode_CloseArray(&cbor_encode_ctx);
}

if(test_message_options & T_COSE_TEST_BAD_CRIT_PARAMETER) {
QCBOREncode_AddSZStringToMapN(&cbor_encode_ctx,
T_COSE_HEADER_PARAM_CRIT, "hi");
}

if(test_message_options & T_COSE_TEST_EMPTY_CRIT_PARAMETER) {
QCBOREncode_OpenArrayInMapN(&cbor_encode_ctx, T_COSE_HEADER_PARAM_CRIT);
QCBOREncode_CloseArray(&cbor_encode_ctx);
Expand Down Expand Up @@ -240,11 +245,6 @@ add_unprotected_parameters(uint32_t test_message_options,
QCBOREncode_AddBytes(cbor_encode_ctx, kid);
}

if(test_message_options & T_COSE_TEST_BAD_CRIT_PARAMETER) {
QCBOREncode_AddSZStringToMapN(cbor_encode_ctx,
T_COSE_HEADER_PARAM_CRIT, "hi");
}

if(test_message_options & T_COSE_TEST_EXTRA_PARAMETER) {
QCBOREncode_OpenArrayInMapN(cbor_encode_ctx, 55);
QCBOREncode_OpenMap(cbor_encode_ctx);
Expand Down
104 changes: 61 additions & 43 deletions test/t_cose_test.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -721,7 +721,8 @@ int32_t cose_example_test()
}


static enum t_cose_err_t run_test_sign_and_verify(uint32_t test_mess_options)
static enum t_cose_err_t run_test_sign_and_verify(uint32_t test_mess_options,
uint32_t verify_options)
{
struct t_cose_sign1_sign_ctx sign_ctx;
struct t_cose_sign1_verify_ctx verify_ctx;
Expand All @@ -740,7 +741,10 @@ static enum t_cose_err_t run_test_sign_and_verify(uint32_t test_mess_options)
cose_algorithm_id = T_COSE_ALGORITHM_SHORT_CIRCUIT_256;
}

init_fixed_test_signing_key(cose_algorithm_id, &key_pair);
result = init_fixed_test_signing_key(cose_algorithm_id, &key_pair);
if(result) {
return result + 1000;
}

/* --- Start making COSE Sign1 object --- */

Expand All @@ -763,9 +767,10 @@ static enum t_cose_err_t run_test_sign_and_verify(uint32_t test_mess_options)


/* --- Start verifying the COSE Sign1 object --- */
t_cose_sign1_verify_init(&verify_ctx, T_COSE_OPT_ALLOW_SHORT_CIRCUIT);
t_cose_sign1_verify_init(&verify_ctx, T_COSE_OPT_ALLOW_SHORT_CIRCUIT | verify_options);
t_cose_sign1_set_verification_key(&verify_ctx, key_pair);


/* Run the signature verification */
result = t_cose_sign1_verify(&verify_ctx,
/* COSE to verify */
Expand Down Expand Up @@ -862,48 +867,43 @@ int32_t all_header_parameters_test()

struct test_case {
uint32_t test_option;
uint32_t verify_option;
enum t_cose_err_t result;
};

static struct test_case bad_parameters_tests_table[] = {
// TODO: document that this is different than t_cose 1.0
{T_COSE_TEST_EMPTY_PROTECTED_PARAMETERS, T_COSE_ERR_NO_ALG_ID},

{T_COSE_TEST_UNCLOSED_PROTECTED, T_COSE_ERR_PARAMETER_CBOR},
{T_COSE_TEST_EMPTY_PROTECTED_PARAMETERS, 0, T_COSE_ERR_NO_ALG_ID},

{T_COSE_TEST_UNCLOSED_PROTECTED, 0, T_COSE_ERR_PARAMETER_CBOR},

#ifndef T_COSE_DISABLE_CONTENT_TYPE
{T_COSE_TEST_DUP_CONTENT_ID, T_COSE_ERR_DUPLICATE_PARAMETER},
{T_COSE_TEST_DUP_CONTENT_ID, 0, T_COSE_ERR_DUPLICATE_PARAMETER},

{T_COSE_TEST_TOO_LARGE_CONTENT_TYPE, T_COSE_ERR_BAD_CONTENT_TYPE},
{T_COSE_TEST_TOO_LARGE_CONTENT_TYPE, 0, T_COSE_ERR_BAD_CONTENT_TYPE},
#endif /* T_COSE_DISABLE_CONTENT_TYPE */

{T_COSE_TEST_NOT_WELL_FORMED_2, T_COSE_ERR_CBOR_NOT_WELL_FORMED},
{T_COSE_TEST_NOT_WELL_FORMED_2, 0, T_COSE_ERR_CBOR_NOT_WELL_FORMED},

{T_COSE_TEST_KID_IN_PROTECTED, T_COSE_ERR_DUPLICATE_PARAMETER},
{T_COSE_TEST_KID_IN_PROTECTED, 0, T_COSE_ERR_DUPLICATE_PARAMETER},

#ifdef TODO_CRIT_PARAM_FIXED
{T_COSE_TEST_TOO_MANY_UNKNOWN, T_COSE_ERR_TOO_MANY_PARAMETERS},
#endif

{T_COSE_TEST_UNPROTECTED_NOT_MAP, T_COSE_ERR_PARAMETER_CBOR},
{T_COSE_TEST_UNPROTECTED_NOT_MAP, 0, T_COSE_ERR_PARAMETER_CBOR},

#ifdef TODO_CRIT_PARAM_FIXED
{T_COSE_TEST_BAD_CRIT_PARAMETER, T_COSE_ERR_CRIT_PARAMETER},
#endif
{T_COSE_TEST_BAD_CRIT_PARAMETER, 0, T_COSE_ERR_CRIT_PARAMETER},

{T_COSE_TEST_NOT_WELL_FORMED_1, T_COSE_ERR_CBOR_NOT_WELL_FORMED},
{T_COSE_TEST_NOT_WELL_FORMED_1, 0, T_COSE_ERR_CBOR_NOT_WELL_FORMED},

{T_COSE_TEST_NO_UNPROTECTED_PARAMETERS, T_COSE_ERR_PARAMETER_CBOR},
{T_COSE_TEST_NO_UNPROTECTED_PARAMETERS, 0, T_COSE_ERR_PARAMETER_CBOR},

{T_COSE_TEST_NO_PROTECTED_PARAMETERS, T_COSE_ERR_PARAMETER_CBOR},
{T_COSE_TEST_NO_PROTECTED_PARAMETERS, 0, T_COSE_ERR_PARAMETER_CBOR},

{T_COSE_TEST_EXTRA_PARAMETER, T_COSE_SUCCESS},
{T_COSE_TEST_EXTRA_PARAMETER, 0, T_COSE_SUCCESS},

{T_COSE_TEST_PARAMETER_LABEL, T_COSE_ERR_PARAMETER_CBOR},
{T_COSE_TEST_PARAMETER_LABEL, 0, T_COSE_ERR_PARAMETER_CBOR},

{T_COSE_TEST_BAD_PROTECTED, T_COSE_ERR_PARAMETER_CBOR},
{T_COSE_TEST_BAD_PROTECTED, 0, T_COSE_ERR_PARAMETER_CBOR},

{0, 0}
{0, 0, 0}
};


Expand All @@ -913,10 +913,17 @@ static struct test_case bad_parameters_tests_table[] = {
int32_t bad_parameters_test()
{
struct test_case *test;
enum t_cose_err_t err;
int n;

for(test = bad_parameters_tests_table; test->test_option; test++) {
if(run_test_sign_and_verify(test->test_option) != test->result) {
return (int32_t)(test - bad_parameters_tests_table + 1);
for(n = 0; ; n++) {
test = &bad_parameters_tests_table[n];
if(!test->test_option) {
break;
}
err = run_test_sign_and_verify(test->test_option, test->verify_option);
if(err != test->result) {
return (int32_t)(n + 1);
}
}

Expand All @@ -930,34 +937,40 @@ static struct test_case crit_tests_table[] = {
/* Test existance of the critical header. Also makes sure that
* it works with the max number of labels allowed in it.
*/
{T_COSE_TEST_CRIT_PARAMETER_EXIST, T_COSE_SUCCESS},
{T_COSE_TEST_CRIT_PARAMETER_EXIST, 0, T_COSE_SUCCESS},

/* Exceed the max number of labels by one and get an error */
{T_COSE_TEST_TOO_MANY_CRIT_PARAMETER_EXIST, T_COSE_ERR_CRIT_PARAMETER},
{T_COSE_TEST_TOO_MANY_CRIT_PARAMETER_EXIST, 0, T_COSE_ERR_CRIT_PARAMETER},

/* A critical parameter exists in the protected section, but the
* format of the internals of this parameter is not the expected CBOR
*/
{T_COSE_TEST_BAD_CRIT_LABEL, T_COSE_ERR_CRIT_PARAMETER},
{T_COSE_TEST_BAD_CRIT_LABEL, 0, T_COSE_ERR_CRIT_PARAMETER},

/* A critical label is listed in the protected section, but
* the label doesn't exist. This works for integer-labeled header params.
*/
{T_COSE_TEST_UNKNOWN_CRIT_UINT_PARAMETER, T_COSE_ERR_UNKNOWN_CRITICAL_PARAMETER},
{T_COSE_TEST_UNKNOWN_CRIT_UINT_PARAMETER, 0, T_COSE_ERR_UNKNOWN_CRITICAL_PARAMETER},
{T_COSE_TEST_UNKNOWN_CRIT_UINT_PARAMETER, T_COSE_OPT_UNKNOWN_CRIT_ALLOWED, T_COSE_SUCCESS},

#if WE_HAVE_ADDED_STRING_LABELS
/* A critical label is listed in the protected section, but
* the label doesn't exist. This works for string-labeled header params.
*/
{T_COSE_TEST_UNKNOWN_CRIT_TSTR_PARAMETER, T_COSE_ERR_UNKNOWN_CRITICAL_PARAMETER},
{T_COSE_TEST_UNKNOWN_CRIT_TSTR_PARAMETER, 0, T_COSE_ERR_UNKNOWN_CRITICAL_PARAMETER},
{T_COSE_TEST_UNKNOWN_CRIT_TSTR_PARAMETER, T_COSE_OPT_UNKNOWN_CRIT_ALLOWED, T_COSE_SUCCESS},

#endif /* WE_HAVE_ADDED_STRING_LABELS */
/* The critical labels list is not protected */
{T_COSE_TEST_CRIT_NOT_PROTECTED, T_COSE_ERR_PARAMETER_NOT_PROTECTED},
{T_COSE_TEST_CRIT_NOT_PROTECTED, 0, T_COSE_ERR_PARAMETER_NOT_PROTECTED},

{T_COSE_TEST_EMPTY_CRIT_PARAMETER, T_COSE_ERR_CRIT_PARAMETER},
{T_COSE_TEST_EMPTY_CRIT_PARAMETER, 0, T_COSE_ERR_CRIT_PARAMETER},

#if WE_HAVE_ADDED_STRING_LABELS
{T_COSE_TEST_TOO_MANY_TSTR_CRIT_LABLELS, T_COSE_ERR_CRIT_PARAMETER},
{T_COSE_TEST_TOO_MANY_TSTR_CRIT_LABLELS, 0, T_COSE_ERR_CRIT_PARAMETER},
#endif /* WE_HAVE_ADDED_STRING_LABELS */

{0, 0}
Expand All @@ -969,13 +982,18 @@ static struct test_case crit_tests_table[] = {
*/
int32_t crit_parameters_test()
{
unsigned index;

for(index = 0; index < C_ARRAY_COUNT(crit_tests_table, struct test_case); index++) {
struct test_case *test = &crit_tests_table[index];
struct test_case *test;
enum t_cose_err_t err;
int n;

if(run_test_sign_and_verify(test->test_option) != test->result) {
return (int32_t)(index * 1000 + 1);
for(n = 0; ; n++) {
test = &crit_tests_table[n];
if(!test->test_option) {
break;
}
err = run_test_sign_and_verify(test->test_option, test->verify_option);
if(err != test->result) {
return (int32_t)(n + 1);
}
}

Expand Down Expand Up @@ -2115,7 +2133,7 @@ int32_t indef_array_and_map_test()
*/

/* General test with indefinite lengths */
return_value = run_test_sign_and_verify(T_COSE_TEST_INDEFINITE_MAPS_ARRAYS);
return_value = run_test_sign_and_verify(T_COSE_TEST_INDEFINITE_MAPS_ARRAYS, 0);
if(return_value != T_COSE_SUCCESS) {
return 1000 + (int32_t) return_value;
}
Expand Down

0 comments on commit c9328fd

Please sign in to comment.