Skip to content

Commit

Permalink
Merge branch 'dev' into esdh-decrypt
Browse files Browse the repository at this point in the history
  • Loading branch information
Laurence Lundblade committed Jul 10, 2023
2 parents 67a7b4c + 097d98e commit d566dcb
Show file tree
Hide file tree
Showing 14 changed files with 394 additions and 310 deletions.
16 changes: 15 additions & 1 deletion inc/t_cose/t_cose_common.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -642,7 +642,11 @@ enum t_cose_err_t {
T_COSE_ERR_SIG_IN_PROGRESS = 83,

/* A T_COSE_OPT_XXX is invalid in some way. */
T_COSE_ERR_BAD_OPT = 84
T_COSE_ERR_BAD_OPT = 84,

T_COSE_ERR_CANT_DETERMINE_MESSAGE_TYPE = 85,

T_COSE_ERR_WRONG_COSE_MESSAGE_TYPE = 86,
};


Expand Down Expand Up @@ -743,6 +747,16 @@ enum t_cose_err_t {
#define T_COSE_OPT_NO_CRIT_PARAM_CHECK 0x00001000


/**
* The maximum number of unprocessed tags that can be returned by
* t_cose_xxx_get_nth_tag(). The CWT
* tag is an example of the tags that might returned. The COSE tags
* that are processed, don't count here.
*/
#define T_COSE_MAX_TAGS_TO_RETURN 4



/* The lower 8 bits of the options give the type of the
* COSE message to decode.
* TODO: this may not be implmented correctly yet
Expand Down
37 changes: 37 additions & 0 deletions inc/t_cose/t_cose_encrypt_dec.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,8 @@ struct t_cose_encrypt_dec_ctx {
struct t_cose_parameter __params[T_COSE_NUM_VERIFY_DECODE_HEADERS];
struct t_cose_parameter_storage *p_storage;

uint64_t unprocessed_tag_nums[T_COSE_MAX_TAGS_TO_RETURN];

struct q_useful_buf extern_enc_struct_buffer;
};

Expand Down Expand Up @@ -311,6 +313,30 @@ t_cose_encrypt_dec_detached(struct t_cose_encrypt_dec_ctx *context,
struct t_cose_parameter **returned_parameters);



/**
* \brief Return unprocessed tags from most recent decryption.
*
* \param[in] context The t_cose decryption context.
* \param[in] n Index of the tag to return.
*
* \return The tag value or \ref CBOR_TAG_INVALID64 if there is no tag
* at the index or the index is too large.
*
* The 0th tag is the one for which the COSE message is the content. Loop
* from 0 up until \ref CBOR_TAG_INVALID64 is returned. The maximum
* is \ref T_COSE_MAX_TAGS_TO_RETURN.
*
* It will be necessary to call this for a general implementation
* of a CWT since sometimes the CWT tag is required. This is also
* useful for recursive processing of nested COSE signing, mac
* and encryption.
*/
static inline uint64_t
t_cose_encrypt_dec_nth_tag(const struct t_cose_encrypt_dec_ctx *context,
size_t n);


/* ------------------------------------------------------------------------
* Inline implementations of public functions defined above.
*/
Expand Down Expand Up @@ -377,6 +403,17 @@ t_cose_encrypt_dec(struct t_cose_encrypt_dec_ctx *me,
returned_parameters);
}


static inline uint64_t
t_cose_encrypt_dec_nth_tag(const struct t_cose_encrypt_dec_ctx *me,
size_t n)
{
if(n > T_COSE_MAX_TAGS_TO_RETURN) {
return CBOR_TAG_INVALID64;
}
return me->unprocessed_tag_nums[n];
}

#ifdef __cplusplus
}
#endif
Expand Down
43 changes: 39 additions & 4 deletions inc/t_cose/t_cose_mac_validate.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,8 @@ extern "C" {
struct t_cose_mac_validate_ctx {
/* Private data structure */
struct t_cose_key validation_key;
int32_t option_flags;
uint64_t auTags[T_COSE_MAX_TAGS_TO_RETURN];
uint32_t option_flags;
uint64_t unprocessed_tag_nums[T_COSE_MAX_TAGS_TO_RETURN];
struct t_cose_parameter __params[T_COSE_NUM_VERIFY_DECODE_HEADERS];
struct t_cose_parameter_storage parameter_storage;
};
Expand All @@ -53,7 +53,7 @@ struct t_cose_mac_validate_ctx {
*/
static void
t_cose_mac_validate_init(struct t_cose_mac_validate_ctx *context,
int32_t option_flags);
uint32_t option_flags);


/**
Expand Down Expand Up @@ -125,6 +125,30 @@ t_cose_mac_validate_detached(struct t_cose_mac_validate_ctx *context,
struct t_cose_parameter **return_params);


/**
* \brief Return unprocessed tags from most recent MAC validate.
*
* \param[in] context The t_cose mac validation context.
* \param[in] n Index of the tag to return.
*
* \return The tag value or \ref CBOR_TAG_INVALID64 if there is no tag
* at the index or the index is too large.
*
* The 0th tag is the one for which the COSE message is the content. Loop
* from 0 up until \ref CBOR_TAG_INVALID64 is returned. The maximum
* is \ref T_COSE_MAX_TAGS_TO_RETURN.
*
* It will be necessary to call this for a general implementation
* of a CWT since sometimes the CWT tag is required. This is also
* useful for recursive processing of nested COSE signing, mac
* and encryption.
*/
static inline uint64_t
t_cose_mac_validate_nth_tag(const struct t_cose_mac_validate_ctx *context,
size_t n);



/* ------------------------------------------------------------------------
* Private and inline implementations of public functions defined above.
* ------------------------------------------------------------------------ */
Expand Down Expand Up @@ -162,7 +186,7 @@ t_cose_mac_validate_private(struct t_cose_mac_validate_ctx *context,

static inline void
t_cose_mac_validate_init(struct t_cose_mac_validate_ctx *me,
int32_t option_flags)
uint32_t option_flags)
{
memset(me, 0, sizeof(*me));
me->option_flags = option_flags;
Expand Down Expand Up @@ -210,6 +234,17 @@ t_cose_mac_validate_detached(struct t_cose_mac_validate_ctx *me,
}


static inline uint64_t
t_cose_mac_validate_nth_tag(const struct t_cose_mac_validate_ctx *me,
size_t n)
{
if(n > T_COSE_MAX_TAGS_TO_RETURN) {
return CBOR_TAG_INVALID64;
}
return me->unprocessed_tag_nums[n];
}


#ifdef __cplusplus
}
#endif
Expand Down
53 changes: 10 additions & 43 deletions inc/t_cose/t_cose_sign1_verify.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,6 @@ struct t_cose_sign1_verify_ctx {
struct t_cose_signature_verify_eddsa eddsa_verifier;

uint32_t option_flags;
uint64_t auTags[T_COSE_MAX_TAGS_TO_RETURN];
};


Expand Down Expand Up @@ -249,7 +248,7 @@ t_cose_sign1_verify_auxiliary_buffer_size(struct t_cose_sign1_verify_ctx *contex
* payload is an indefinite-length byte string, this error will be
* returned.
*/
static enum t_cose_err_t
enum t_cose_err_t
t_cose_sign1_verify(struct t_cose_sign1_verify_ctx *context,
struct q_useful_buf_c sign1,
struct q_useful_buf_c *payload,
Expand Down Expand Up @@ -352,47 +351,6 @@ t_cose_sign1_get_nth_tag(const struct t_cose_sign1_verify_ctx *context,
* Inline implementations of public functions defined above.
*/

static inline uint64_t
t_cose_sign1_get_nth_tag(const struct t_cose_sign1_verify_ctx *context,
size_t n)
{
if(n > T_COSE_MAX_TAGS_TO_RETURN) {
return CBOR_TAG_INVALID64;
}
return context->auTags[n];
}



static inline enum t_cose_err_t
t_cose_sign1_verify(struct t_cose_sign1_verify_ctx *me,
struct q_useful_buf_c cose_sign1,
struct q_useful_buf_c *payload,
struct t_cose_parameters *parameters)
{
enum t_cose_err_t return_value;
struct t_cose_parameter *decoded_params;

return_value = t_cose_sign_verify(&(me->me2),
cose_sign1,
NULL_Q_USEFUL_BUF_C,
payload,
&decoded_params);
if(return_value != T_COSE_SUCCESS) {
goto Done;
}

if(parameters != NULL) {
return_value = t_cose_params_common(decoded_params,
parameters);
}

memcpy(me->auTags, me->me2.auTags, sizeof(me->auTags));

Done:
return return_value;
}


static inline enum t_cose_err_t
t_cose_sign1_verify_aad(struct t_cose_sign1_verify_ctx *me,
Expand Down Expand Up @@ -457,6 +415,15 @@ t_cose_sign1_verify_auxiliary_buffer_size(struct t_cose_sign1_verify_ctx *me)
return t_cose_signature_verify_eddsa_auxiliary_buffer_size(&(me->eddsa_verifier));
}


static inline uint64_t
t_cose_sign1_get_nth_tag(const struct t_cose_sign1_verify_ctx *me,
size_t n)
{
return t_cose_sign_verify_nth_tag(&(me->me2), n);
}


#ifdef __cplusplus
}
#endif
Expand Down
45 changes: 37 additions & 8 deletions inc/t_cose/t_cose_sign_verify.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,17 +25,11 @@ extern "C" {
#endif
#endif

/* TODO: Warning: multiple signatures and verifiers are still early development. Documentation may be incorrect. */


#define T_COSE_MAX_TAGS_TO_RETURN2 4




/**
* The maximum number of unprocessed tags that can be returned by
* t_cose_sign1_get_nth_tag(). The CWT
* t_cose_xxx_get_nth_tag(). The CWT
* tag is an example of the tags that might returned. The COSE tags
* that are processed, don't count here.
*/
Expand Down Expand Up @@ -67,7 +61,7 @@ struct t_cose_sign_verify_ctx {
/* Private data structure */
struct t_cose_signature_verify *verifiers;
uint32_t option_flags;
uint64_t auTags[T_COSE_MAX_TAGS_TO_RETURN2];
uint64_t unprocessed_tag_nums[T_COSE_MAX_TAGS_TO_RETURN];
struct t_cose_parameter_storage params;
struct t_cose_parameter __params[T_COSE_NUM_VERIFY_DECODE_HEADERS];
struct t_cose_parameter_storage *p_storage;
Expand Down Expand Up @@ -256,6 +250,30 @@ t_cose_sign_verify_detached(struct t_cose_sign_verify_ctx *context,



/**
* \brief Return unprocessed tags from most recent signature verify.
*
* \param[in] context The t_cose signature verification context.
* \param[in] n Index of the tag to return.
*
* \return The tag value or \ref CBOR_TAG_INVALID64 if there is no tag
* at the index or the index is too large.
*
* The 0th tag is the one for which the COSE message is the content. Loop
* from 0 up until \ref CBOR_TAG_INVALID64 is returned. The maximum
* is \ref T_COSE_MAX_TAGS_TO_RETURN.
*
* It will be necessary to call this for a general implementation
* of a CWT since sometimes the CWT tag is required. This is also
* needed for recursive processing of nested COSE signing and/or
* encryption.
*/
static uint64_t
t_cose_sign_verify_nth_tag(const struct t_cose_sign_verify_ctx *context,
size_t n);



/* Get a pointer to the last verifier that was called, the one that
* caused the error returned by t_cose_sign_verify(). */
// TODO: maybe this should return the signature index too?
Expand Down Expand Up @@ -375,6 +393,17 @@ t_cose_sign_verify_get_last(struct t_cose_sign_verify_ctx *me)
}


static inline uint64_t
t_cose_sign_verify_nth_tag(const struct t_cose_sign_verify_ctx *me,
size_t n)
{
if(n > T_COSE_MAX_TAGS_TO_RETURN) {
return CBOR_TAG_INVALID64;
}
return me->unprocessed_tag_nums[n];
}



#ifdef __cplusplus
}
Expand Down
19 changes: 11 additions & 8 deletions src/t_cose_encrypt_dec.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ t_cose_encrypt_dec_detached(struct t_cose_encrypt_dec_ctx* me,
QCBORDecodeContext cbor_decoder;
QCBORItem array_item;
QCBORError cbor_error;
uint32_t message_type;
uint64_t message_type;
struct t_cose_header_location header_location;
struct t_cose_parameter *body_params_list;
struct q_useful_buf_c nonce_cbor;
Expand All @@ -157,15 +157,18 @@ t_cose_encrypt_dec_detached(struct t_cose_encrypt_dec_ctx* me,

QCBORDecode_EnterArray(&cbor_decoder, &array_item);

message_type = me->option_flags & T_COSE_OPT_MESSAGE_TYPE_MASK;

/* Check whether tag is CBOR_TAG_COSE_ENCRYPT or CBOR_TAG_COSE_ENCRYPT0 */
// TODO: allow tag determination of message_type
if (QCBORDecode_IsTagged(&cbor_decoder, &array_item, CBOR_TAG_COSE_ENCRYPT) == false &&
QCBORDecode_IsTagged(&cbor_decoder, &array_item, CBOR_TAG_COSE_ENCRYPT0) == false) {
return T_COSE_ERR_INCORRECTLY_TAGGED;
const uint64_t signing_tag_nums[] = {CBOR_TAG_COSE_ENCRYPT, CBOR_TAG_COSE_ENCRYPT0, CBOR_TAG_INVALID64};
return_value = t_cose_tags_and_type(signing_tag_nums,
me->option_flags,
&array_item,
&cbor_decoder,
me->unprocessed_tag_nums,
&message_type);
if(return_value != T_COSE_SUCCESS) {
goto Done;
}


/* --- The header parameters --- */
/* The location of body header parameters is 0, 0 */
header_location.nesting = 0;
Expand Down
Loading

0 comments on commit d566dcb

Please sign in to comment.