Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add eckey_t #93

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
4 changes: 2 additions & 2 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -174,8 +174,7 @@ else()
endif()

if(COSE_C_USE_MBEDTLS)
add_definitions(-DUSE_MBED_TLS)

set(COSE_C_USE_OPENSSL OFF)
if(COSE_C_USE_FIND_PACKAGE)
find_package(MbedTLS)
else()
Expand Down Expand Up @@ -207,6 +206,7 @@ if(COSE_C_USE_MBEDTLS)
endif()
else()
find_package(OpenSSL REQUIRED)
set(COSE_C_USE_OPENSSL ON)
endif()

###############################################################################
Expand Down
21 changes: 19 additions & 2 deletions include/cose/cose.h
Original file line number Diff line number Diff line change
@@ -1,9 +1,14 @@
#pragma once

#include <stdbool.h>
#include <cn-cbor/cn-cbor.h>
#include "cose/cose_configure.h"

#if defined(COSE_C_USE_MBEDTLS)
#include "mbedtls/ecp.h"
#endif // COSE_C_USE_MBEDTLS

#include <stdbool.h>

#ifdef __cplusplus
extern "C" {
#endif
Expand Down Expand Up @@ -203,6 +208,16 @@ typedef enum {
COSE_Curve_Ed448 = 7,
} COSE_Curves;


#if defined(COSE_C_USE_MBEDTLS)
typedef struct mbedtls_ecp_keypair eckey_t;
#else
typedef struct eckey_t {
struct ec_key_st *key;
int group;
} eckey_t;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure where this came from. I would expect it to be an EVP_KEY*

#endif // COSE_C_USE_MBEDTLS

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As noted in the other pull request, this is not the way that I think this should go in the end. It would be better to declare a COSE_Key structure and have a method to build that. This can this be changed internal to the library without issues as well as adding some other types of keys. If you are doing this, please just make this specific to MBEDTLS as passing in the structure is not how one would do this for OpenSSL, instead you would pass in an EVP_KEY *.

I don't know what the current support is in MBEDTLS for TEMs at the moment. I would expect that at some point in the future this is going to be added if not currently present and that would require yet a different possible internal change for that support.

/*
* messages dealing with the Enveloped message type
*/
Expand Down Expand Up @@ -344,7 +359,7 @@ bool COSE_Signer_SetExternal(HCOSE_SIGNER hcose, const byte * pbExternalData, si
#define COSE_Sign0_map_get_int COSE_Sign1_map_get_int
#define COSE_Sign0_map_put_int COSE_Sign1_map_put_int


HCOSE_SIGN1 COSE_Sign1_Init(COSE_INIT_FLAGS flags, CBOR_CONTEXT_COMMA cose_errback * perr);
bool COSE_Sign1_Free(HCOSE_SIGN1 cose);

Expand All @@ -353,6 +368,8 @@ bool COSE_Sign1_SetExternal(HCOSE_SIGN1 hcose, const byte * pbExternalData, size

bool COSE_Sign1_Sign(HCOSE_SIGN1 h, const cn_cbor * pkey, cose_errback * perr);
bool COSE_Sign1_validate(HCOSE_SIGN1 hSign, const cn_cbor * pkey, cose_errback * perr);
bool COSE_Sign1_Sign_eckey(HCOSE_SIGN1 h, const eckey_t * pbKey, cose_errback * perr);
bool COSE_Sign1_validate_eckey(HCOSE_SIGN1 hSign, const eckey_t * pbKey, cose_errback * perr);
cn_cbor * COSE_Sign1_map_get_int(HCOSE_SIGN1 h, int key, int flags, cose_errback * perror);
bool COSE_Sign1_map_put_int(HCOSE_SIGN1 cose, int key, cn_cbor * value, int flags, cose_errback * errp);

Expand Down
64 changes: 36 additions & 28 deletions include/cose/cose_configure.h → include/cose/cose_configure.h.in
Original file line number Diff line number Diff line change
@@ -1,20 +1,39 @@
//
// Determine which cryptographic library we are going to be using
// cose_configure.h. Generated from cose_configure.h.in by CMake
// Determine which cryptographic library we are going to be using
//

#pragma once

#if defined(USE_MBED_TLS)
#if defined(USE_OPEN_SSL) || defined(USE_BCRYPT)
gocarlos marked this conversation as resolved.
Show resolved Hide resolved
#cmakedefine COSE_C_USE_MBEDTLS
#cmakedefine COSE_C_USE_OPENSSL
#cmakedefine COSE_C_USE_BCRYPT

// make sure we only use one crypto lib
#if defined(COSE_C_USE_MBEDTLS)
#if defined(COSE_C_USE_OPENSSL) || defined(COSE_C_USE_BCRYPT)
#error Only Define One Crypto Package
#endif
#elif defined(USE_BCRYPT)
#if defined(USE_OPENSSL)
jimsch marked this conversation as resolved.
Show resolved Hide resolved
#endif

#if defined(COSE_C_USE_BCRYPT)
#if defined(COSE_C_USE_OPENSSL)
#error Only Define One Crypto Package
#endif
#elif !defined(USE_OPEN_SSL)
#endif

#if defined(COSE_C_USE_OPENSSL)
#include <openssl/opensslv.h>
#define USE_OPEN_SSL
// MBEDTLS currently supports ECDH for X25519 but not EdDSA
#if OPENSSL_VERSION_NUMBER > 0x10100000L
// Requires OPEN SSL 1.1.1 to build
#define USE_EDDSA
#else
#define STRINGIFY(x) #x
#define TOSTRING(x) STRINGIFY(x)
#pragma message("OPENSSL VERSION IS " OPENSSL_VERSION_TEXT)
#pragma message ("Version number: " TOSTRING(OPENSSL_VERSION_NUMBER))
#endif
#endif

//
Expand Down Expand Up @@ -60,20 +79,20 @@
// Define which AES CBC-MAC algorithms are to be used
//

#if !defined(USE_MBED_TLS)
#if !defined(COSE_C_USE_MBEDTLS)

#define USE_AES_CBC_MAC_128_64
#define USE_AES_CBC_MAC_128_128
#define USE_AES_CBC_MAC_256_64
#define USE_AES_CBC_MAC_256_128

#endif // !defined(USE_MBED_TLS)
#endif // !defined(COSE_C_USE_MBEDTLS)

//
// Define which ECDH algorithms are to be used
//

#if !defined(USE_MBED_TLS)
#if !defined(COSE_C_USE_MBEDTLS)
#define USE_ECDH_ES_HKDF_256
#define USE_ECDH_ES_HKDF_512
#define USE_ECDH_SS_HKDF_256
Expand All @@ -82,9 +101,9 @@
#define USE_ECDH 1
#define USE_HKDF_SHA2 1
#endif
#endif // !defined(USE_MBED_TLS)
#endif // !defined(COSE_C_USE_MBEDTLS)

#if !defined(USE_MBED_TLS)
#if !defined(COSE_C_USE_MBEDTLS)
#define USE_ECDH_ES_A128KW
#define USE_ECDH_ES_A192KW
#define USE_ECDH_ES_A256KW
Expand All @@ -95,23 +114,23 @@
#define USE_ECDH 1
#define USE_HKDF_AES 1
#endif
#endif // !defined(USE_MBED_TLS)
#endif // !defined(COSE_C_USE_MBEDTLS)

//
// Define which Key Wrap functions are to be used
//

#if !defined(USE_MBED_TLS)
#if !defined(COSE_C_USE_MBEDTLS)
#define USE_AES_KW_128
#define USE_AES_KW_192
#define USE_AES_KW_256
#endif // !defined(USE_MBED_TLS)
#endif // !defined(COSE_C_USE_MBEDTLS)

//
// Define which of the DIRECT + KDF algorithms are to be used
//

#if !defined(USE_MBED_TLS)
#if !defined(COSE_C_USE_MBEDTLS)
#define USE_Direct_HKDF_HMAC_SHA_256
#define USE_Direct_HKDF_HMAC_SHA_512
#define USE_Direct_HKDF_AES_128
Expand All @@ -122,7 +141,7 @@
#if defined(USE_Direct_HKDF_AES_128) || defined(USE_Direct_KDF_AES_256)
#define USE_HKDF_AES 1
#endif
#endif // !defined(USE_MBED_TLS)
#endif // !defined(COSE_C_USE_MBEDTLS)


//
Expand All @@ -132,17 +151,6 @@
#define USE_ECDSA_SHA_256
#define USE_ECDSA_SHA_384
#define USE_ECDSA_SHA_512
#if !defined(USE_MBED_TLS)
// MBEDTLS currently supports ECDH for X25519 but not EdDSA
#if OPENSSL_VERSION_NUMBER > 0x10100000L
// Requires OPEN SSL 1.1.1 to build
#define USE_EDDSA
#else
#pragma message("OPENSSL VERSION IS ")
#pragma message(OPENSSL_VERISON_NUMBER)
gocarlos marked this conversation as resolved.
Show resolved Hide resolved
#endif
#endif // !defined (USE_MBED_TLS)

gocarlos marked this conversation as resolved.
Show resolved Hide resolved

//#define USE_COUNTER_SIGNATURES

Expand Down
16 changes: 14 additions & 2 deletions src/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,11 @@ endif()

add_library(${PROJECT_NAME})

# some structs look differently depending on the crypto lib used
# therefore we create the config header file at configure time.
configure_file(${CMAKE_CURRENT_LIST_DIR}/../include/cose/cose_configure.h.in
${CMAKE_BINARY_DIR}/include/cose/cose_configure.h)

if(COSE_C_USE_MBEDTLS)
set(cose_crypto mbedtls.c)
else()
Expand All @@ -27,7 +32,7 @@ endif()

set(cose_sources
${PROJECT_SOURCE_DIR}/include/cose/cose.h
${PROJECT_SOURCE_DIR}/include/cose/cose_configure.h
${CMAKE_BINARY_DIR}/include/cose/cose_configure.h
crypto.h
cose_int.h
crypto.h
Expand All @@ -47,7 +52,8 @@ target_sources(${PROJECT_NAME} PRIVATE ${cose_sources})

target_include_directories(
${PROJECT_NAME}
PUBLIC $<BUILD_INTERFACE:${PROJECT_SOURCE_DIR}/include> $<INSTALL_INTERFACE:include>
PUBLIC $<BUILD_INTERFACE:${PROJECT_SOURCE_DIR}/include> $<BUILD_INTERFACE:${CMAKE_BINARY_DIR}/include>
$<INSTALL_INTERFACE:include>
PRIVATE ../src)
target_link_libraries(${PROJECT_NAME} PRIVATE cn-cbor::cn-cbor)

Expand Down Expand Up @@ -120,3 +126,9 @@ install(
COMPONENT dev
FILES_MATCHING
PATTERN "*.h")
install(
DIRECTORY ${CMAKE_BINARY_DIR}/include/cose
DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
COMPONENT dev
FILES_MATCHING
PATTERN "*.h")
2 changes: 1 addition & 1 deletion src/MacMessage.c
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@

#if INCLUDE_MAC

COSE * MacRoot = NULL;
static COSE * MacRoot = NULL;

/*! \private
* @brief Test if a HCOSE_MAC handle is valid
Expand Down
60 changes: 53 additions & 7 deletions src/Sign1.c
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/** \file Sign.c
/** \file Sign1.c
* Contains implementation of the functions related to HCOSE_SIGN handle objects.
*/

Expand All @@ -11,8 +11,8 @@

#if INCLUDE_SIGN1

bool _COSE_Signer0_sign(COSE_Sign1Message * pSigner, const cn_cbor * pKey, cose_errback * perr);
bool _COSE_Signer0_validate(COSE_Sign1Message * pSign, const cn_cbor * pKey, cose_errback * perr);
bool _COSE_Signer1_sign(COSE_Sign1Message * pSigner, const cn_cbor * pKey, cose_errback * perr);
bool _COSE_Signer1_validate(COSE_Sign1Message * pSign, const cn_cbor * pKey, cose_errback * perr);
void _COSE_Sign1_Release(COSE_Sign1Message * p);

COSE * Sign1Root = NULL;
Expand Down Expand Up @@ -196,7 +196,32 @@ bool COSE_Sign1_Sign(HCOSE_SIGN1 h, const cn_cbor * pKey, cose_errback * perr)
pcborProtected = _COSE_encode_protected(&pMessage->m_message, perr);
if (pcborProtected == NULL) goto errorReturn;

if (!_COSE_Signer0_sign(pMessage, pKey, perr)) goto errorReturn;
if (!_COSE_Signer1_sign(pMessage, pKey, perr)) goto errorReturn;

return true;
}

bool COSE_Sign1_Sign_eckey(HCOSE_SIGN1 h, const eckey_t * eckey, cose_errback * perr)
{
#ifdef USE_CBOR_CONTEXT
// cn_cbor_context * context = NULL;
#endif
COSE_Sign1Message * pMessage = (COSE_Sign1Message *)h;
const cn_cbor * pcborProtected;

if (!IsValidSign1Handle(h)) {
CHECK_CONDITION(false, COSE_ERR_INVALID_HANDLE);
errorReturn:
return false;
}
#ifdef USE_CBOR_CONTEXT
// context = &pMessage->m_message.m_allocContext;
#endif

pcborProtected = _COSE_encode_protected(&pMessage->m_message, perr);
if (pcborProtected == NULL) goto errorReturn;

if (!_COSE_Signer1_sign(pMessage, eckey, perr)) goto errorReturn;

return true;
}
Expand All @@ -218,14 +243,35 @@ bool COSE_Sign1_validate(HCOSE_SIGN1 hSign, const cn_cbor * pKey, cose_errback *
cnProtected = _COSE_arrayget_int(&pSign->m_message, INDEX_PROTECTED);
CHECK_CONDITION(cnProtected != NULL && cnProtected->type == CN_CBOR_BYTES, COSE_ERR_INVALID_PARAMETER);

f = _COSE_Signer0_validate(pSign, pKey, perr);
f = _COSE_Signer1_validate(pSign, pKey, perr);

return f;

errorReturn:
return false;
}

bool COSE_Sign1_validate_eckey(HCOSE_SIGN1 hSign, const eckey_t * eckey, cose_errback * perr)
{
COSE_Sign1Message * pSign;
const cn_cbor * cnContent;
const cn_cbor * cnProtected;

CHECK_CONDITION(IsValidSign1Handle(hSign), COSE_ERR_INVALID_HANDLE);

pSign = (COSE_Sign1Message *)hSign;

cnContent = _COSE_arrayget_int(&pSign->m_message, INDEX_BODY);
CHECK_CONDITION(cnContent != NULL && cnContent->type == CN_CBOR_BYTES, COSE_ERR_INVALID_PARAMETER);

cnProtected = _COSE_arrayget_int(&pSign->m_message, INDEX_PROTECTED);
CHECK_CONDITION(cnProtected != NULL && cnProtected->type == CN_CBOR_BYTES, COSE_ERR_INVALID_PARAMETER);

return _COSE_Signer1_validate(pSign, eckey, perr);

errorReturn:
return false;
}

cn_cbor * COSE_Sign1_map_get_int(HCOSE_SIGN1 h, int key, int flags, cose_errback * perror)
{
Expand Down Expand Up @@ -311,7 +357,7 @@ static bool CreateSign1AAD(COSE_Sign1Message * pMessage, byte ** ppbToSign, size
return false;
}

bool _COSE_Signer0_sign(COSE_Sign1Message * pSigner, const cn_cbor * pKey, cose_errback * perr)
bool _COSE_Signer1_sign(COSE_Sign1Message * pSigner, const cn_cbor * pKey, cose_errback * perr)
{
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pSigner->m_message.m_allocContext;
Expand Down Expand Up @@ -386,7 +432,7 @@ bool _COSE_Signer0_sign(COSE_Sign1Message * pSigner, const cn_cbor * pKey, cose_
return f;
}

bool _COSE_Signer0_validate(COSE_Sign1Message * pSign, const cn_cbor * pKey, cose_errback * perr)
bool _COSE_Signer1_validate(COSE_Sign1Message * pSign, const cn_cbor * pKey, cose_errback * perr)
{
byte * pbToSign = NULL;
int alg;
Expand Down
7 changes: 4 additions & 3 deletions src/bcrypt.c
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
#include "cose/cose.h"
#include "cose/cose_configure.h"

#if COSE_C_USE_BCRYPT

#include "cose_int.h"
#include "crypto.h"

#if USE_BCRYPT

#include <Windows.h>

Expand Down Expand Up @@ -61,4 +62,4 @@ bool AES_CCM_Encrypt(COSE_Encrypt * pcose, int TSize, int LSize, int KSize, byte
return true;
}

#endif // USE_BCRYPT
#endif // COSE_C_USE_BCRYPT
Loading