Merge branch 'dev' into no-hpke

laurencelundblade · Jul 1, 2023 · f34a1c5 · f34a1c5
2 parents 5752a1c + 02fa902
commit f34a1c5
Show file tree

Hide file tree

Showing 20 changed files with 1,456 additions and 10 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -80,6 +80,8 @@ set(T_COSE_SRC_COMMON
     src/t_cose_encrypt_dec.c
     src/t_cose_recipient_dec_keywrap.c
     src/t_cose_recipient_enc_keywrap.c
+    src/t_cose_recipient_dec_esdh.c
+    src/t_cose_recipient_enc_esdh.c
     src/t_cose_qcbor_gap.c
 )
 

diff --git a/Makefile.common b/Makefile.common
@@ -33,6 +33,9 @@ SRC_OBJ=src/t_cose_util.o \
         src/t_cose_encrypt_dec.o \
         src/t_cose_recipient_dec_keywrap.o \
         src/t_cose_recipient_enc_keywrap.o \
+        src/t_cose_recipient_dec_esdh.o \
+        src/t_cose_recipient_enc_esdh.o \
+        src/hpke.o \
         src/t_cose_qcbor_gap.o
 
 
@@ -69,6 +72,10 @@ PUBLIC_INTERFACE=inc/t_cose/q_useful_buf.h \
                  inc/t_cose/t_cose_recipient_dec_keywrap.h \
                  inc/t_cose/t_cose_recipient_enc.h \
                  inc/t_cose/t_cose_recipient_enc_keywrap.h \
+                 inc/t_cose/t_cose_recipient_dec_esdh.h \
+                 inc/t_cose/t_cose_recipient_enc.h \
+                 inc/t_cose/t_cose_recipient_enc_keywrap.h \
+                 inc/t_cose/t_cose_recipient_enc_esdh.h \
                  inc/t_cose/t_cose_sign1_sign.h \
                  inc/t_cose/t_cose_sign1_verify.h \
                  inc/t_cose/t_cose_sign_sign.h \
@@ -186,6 +193,10 @@ src/t_cose_recipient_enc_keywrap.o: src/t_cose_recipient_enc_keywrap.c
 src/t_cose_recipient_dec_keywrap.o: src/t_cose_recipient_dec_keywrap.c
 
 
+src/t_cose_recpient_enc_esdh.o: src/t_cose_recipient_enc_esdh.c
+
+src/t_cose_recpient_dec_esdh.o: src/t_cose_recipient_dec_esdh.c
+
 # ---- test dependencies -----
 test/t_cose_test.o: test/t_cose_test.h \
                     test/t_cose_make_test_messages.h \

diff --git a/crypto_adapters/t_cose_openssl_crypto.c b/crypto_adapters/t_cose_openssl_crypto.c
@@ -1411,6 +1411,48 @@ t_cose_crypto_free_symmetric_key(struct t_cose_key key)
 }
 
 
+/*
+ * See documentation in t_cose_crypto.h
+ */
+enum t_cose_err_t
+t_cose_crypto_export_public_key(struct t_cose_key      key,
+                                struct q_useful_buf    pk_buffer,
+                                size_t                *pk_len)
+{
+    /* TBD: This is a dummy function */
+    *pk_len = 0;
+    return T_COSE_SUCCESS;
+}
+
+
+/*
+ * See documentation in t_cose_crypto.h
+ */
+enum t_cose_err_t
+t_cose_crypto_generate_key(struct t_cose_key    *ephemeral_key,
+                           int32_t               cose_algorithm_id)
+{
+    /* TBD: This is a dummy function */
+    return T_COSE_SUCCESS;
+}
+
+
+/*
+ * See documentation in t_cose_crypto.h
+ */
+enum t_cose_err_t
+t_cose_crypto_key_agreement(const int32_t          cose_algorithm_id,
+                            struct t_cose_key      private_key,
+                            struct t_cose_key      public_key,
+                            struct q_useful_buf    symmetric_key,
+                            size_t                *symmetric_key_len
+                           )
+{
+    /* TBD: This is a dummy function */
+    *symmetric_key_len = 0;
+    return T_COSE_SUCCESS;
+}
+
 /* Compute size of ciphertext, given size of plaintext. Returns
  * SIZE_MAX if the algorithm is unknown. Also returns the tag
  * length. */

diff --git a/crypto_adapters/t_cose_psa_crypto.c b/crypto_adapters/t_cose_psa_crypto.c
@@ -726,14 +726,17 @@ t_cose_crypto_generate_key(struct t_cose_key    *ephemeral_key,
     psa_status_t         status;
 
    switch (cose_algorithm_id) {
+    case T_COSE_ELLIPTIC_CURVE_P_256:
     case T_COSE_HPKE_KEM_ID_P256:
         type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1);
         key_bitlen = 256;
         break;
+    case T_COSE_ELLIPTIC_CURVE_P_384:
     case T_COSE_HPKE_KEM_ID_P384:
          type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1);
          key_bitlen = 384;
          break;
+    case T_COSE_ELLIPTIC_CURVE_P_521:
     case T_COSE_HPKE_KEM_ID_P521:
          type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1);
          key_bitlen = 521;
@@ -1325,6 +1328,59 @@ t_cose_crypto_aead_decrypt(const int32_t          cose_algorithm_id,
 
 
 
+/*
+ * See documentation in t_cose_crypto.h
+ */
+
+enum t_cose_err_t
+t_cose_crypto_key_agreement(const int32_t          cose_algorithm_id,
+                            struct t_cose_key      private_key,
+                            struct t_cose_key      public_key,
+                            struct q_useful_buf    symmetric_key,
+                            size_t                *symmetric_key_len
+                           )
+{
+    psa_status_t status;
+    size_t pubKey_len;
+    enum t_cose_err_t return_value;
+    psa_algorithm_t key_agreement_alg;
+    Q_USEFUL_BUF_MAKE_STACK_UB(pubKey, T_COSE_EXPORT_PUBLIC_KEY_MAX_SIZE );
+
+    switch(cose_algorithm_id) {
+    case T_COSE_ALGORITHM_ECDH_ES_A128KW:
+    case T_COSE_ALGORITHM_ECDH_ES_A192KW:
+    case T_COSE_ALGORITHM_ECDH_ES_A256KW:
+        key_agreement_alg = PSA_ALG_ECDH;
+        break;
+    default:
+        return T_COSE_ERR_UNSUPPORTED_CONTENT_KEY_DISTRIBUTION_ALG;
+    }
+
+    /* Export public key for use with PSA Crypto API */
+    return_value = t_cose_crypto_export_public_key(
+                         public_key,
+                         pubKey,
+                         &pubKey_len);
+
+    if (return_value != T_COSE_SUCCESS) {
+        return(return_value);
+    }
+
+    /* Produce ECDH derived key */
+    status = psa_raw_key_agreement( key_agreement_alg,       // algorithm id
+                                    private_key.key.handle,  // client secret key
+                                    pubKey.ptr, pubKey_len,  // server public key
+                                    symmetric_key.ptr,       // buffer to store derived key
+                                    symmetric_key.len,       // length of the buffer for derived key
+                                    symmetric_key_len );     // length of derived key
+    if( status != PSA_SUCCESS )
+    {
+        return T_COSE_ERR_KEY_AGREEMENT_FAIL;
+    }
+
+    return T_COSE_SUCCESS;
+}
+
 
 /*
  * See documentation in t_cose_crypto.h

diff --git a/crypto_adapters/t_cose_test_crypto.c b/crypto_adapters/t_cose_test_crypto.c
@@ -389,6 +389,54 @@ t_cose_crypto_verify_eddsa(struct t_cose_key     verification_key,
 }
 
 
+/*
+ * See documentation in t_cose_crypto.h
+ */
+enum t_cose_err_t
+t_cose_crypto_export_public_key(struct t_cose_key      key,
+                                struct q_useful_buf    pk_buffer,
+                                size_t                *pk_len)
+{
+    (void)key;
+    (void)pk_buffer;
+    (void)pk_len;
+    return T_COSE_ERR_PUBLIC_KEY_EXPORT_FAILED;
+}
+
+
+/*
+ * See documentation in t_cose_crypto.h
+ */
+enum t_cose_err_t
+t_cose_crypto_generate_key(struct t_cose_key    *ephemeral_key,
+                           int32_t               cose_algorithm_id)
+{
+    (void)ephemeral_key;
+    (void)cose_algorithm_id;
+    return T_COSE_ERR_KEY_GENERATION_FAILED;
+}
+
+
+/*
+ * See documentation in t_cose_crypto.h
+ */
+enum t_cose_err_t
+t_cose_crypto_key_agreement(const int32_t          cose_algorithm_id,
+                            struct t_cose_key      private_key,
+                            struct t_cose_key      public_key,
+                            struct q_useful_buf    symmetric_key,
+                            size_t                *symmetric_key_len
+                           )
+{
+    (void)cose_algorithm_id;
+    (void)private_key;
+    (void)public_key;
+    (void)symmetric_key;
+    (void)symmetric_key_len;
+    return T_COSE_ERR_KEY_AGREEMENT_FAIL;
+}
+
+
 /*
  * See documentation in t_cose_crypto.h
  */