The big merge that makes t_cose 2.0 the main line#87
Open
laurencelundblade wants to merge 148 commits intomasterfrom
Open
The big merge that makes t_cose 2.0 the main line#87laurencelundblade wants to merge 148 commits intomasterfrom
laurencelundblade wants to merge 148 commits intomasterfrom
Conversation
Getting started on the 2.0 work. This adds completely new parameter handling to accommodate custom parameters and re-use of the parameter handling for COSE_Encrypt and COSE_Mac as well as parameters for COSE_Signature. The tbs functions are tweaked so they can be used for multiple signers with COSE_Sign. * Add in the new parameter handling code * New tbs_hash function; makefile fixes * couple more makefile fixes * Add API design; some parameter fixes Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
This is t_cose_sign (not t_cose_sign1 which it is to eventually replace). It supports both COSE_Sign and COSE_Sign1. It makes use of the new parameter handling functions so it supports custom parameters. This is in t_cose_parameters.h and is now public. This makes use of the abstract base class for COSE_Signature. This is in t_cose_signature_sign. There is one concrete instkantation of t_cose_signature_sign which is t_cose_signature_sign_ecdsa. No work was done on the verification side yet. The old t_cose_sign1 is still present. * Add in the new parameter handling code * New tbs_hash function; makefile fixes * couple more makefile fixes * Add API design; some parameter fixes * First version of COSE_Sign + COSE_Sign1 * Seems to be working... * Fix erroneous include * add inline declaration to fix warning * Fix return type for a few tests * Add new source files to cmake Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
This is the new verify API for multiple recipients. Supports COSE_Sign, COSE_Sign1 and COSE_Signatures. Code is running, but lots of testing is needed. * The new COSE verify is mostly working * add some more crude documentation * Improve makefile * Clean up the Makefile * More makefile fixes * Update copyright (and trigger re test in CI) Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
This improves the new API for signing and adds a lot of documentation. * Simplified and improved signing API * Documentation clean up * More documentation improvements Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
New more flexible algorithm variability strategy for t_cose 2.0 -- how to link or not link algorithms in libraries that are available or not available... * Add t_cose_is_algorithm_supported() * Readme improvements; test conditional on run time * discuss omitting algorithms * Fix use of the CRYPTO_DISABLE macros Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
This picks up a particular version of Mbedtls that supports HPKE that is not yet part of the mainline. * Build CI with HPKE mbedtls PR Bring in PR 5078 from MbedTLS to build CI. This builds this version with -DTEST_HPKE in the cmake invocation. * Make generated files in mbed TLS The released versions of mbed TLS contain various generated files which are missing in pull request branches. Generate these so that they will always be present. * Try only generating files for mbed TLS on branch Only run the generated files target when fetching the branch. * Try fix for build issue Instead of pulling in the crypto version, pull in one that fixes the build error. * Install jinja2 Newer versions of mbed TLS have a python dependency on this package. * Fix cmake invocation syntax Symbols must have values.
src/t_cose_sign_sign.c
Outdated
|
|
||
|
|
||
| /* --- Add the CBOR tag indicating COSE_Sign1 --- */ | ||
| if(!(me->option_flags & T_COSE_OPT_OMIT_CBOR_TAG)) { |
Contributor
There was a problem hiding this comment.
The problem with this if-clause is that it does not create COSE_SIGN-tagged structures. Change it to:
if(!(me->option_flags & T_COSE_OPT_OMIT_CBOR_TAG)) { if(me->option_flags & T_COSE_OPT_COSE_SIGN1) { QCBOREncode_AddTag(cbor_encode_ctx, CBOR_TAG_COSE_SIGN1); } else { QCBOREncode_AddTag(cbor_encode_ctx, CBOR_TAG_COSE_SIGN); } }
This is a large change that introduces support for COSE_Mac0. This is merged to get it into the main dev code line sooner rather than later. Various follow up issues will be filed. * Fix PSA 1.0 alignment Replace internal type definiton with public one: - mbedtls_svc_key_id_t -> psa_key_handle_t Signed-off-by: Adam Kulesza <adam.kulesza@arm.com> Change-Id: I94f2e8c5df4a75c8b9653dae3a376f708431861a * Add COSE_Mac0 support COSE_Mac0 support is already available in the forked version of t_cose in the TF-M project: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/lib/ext/t_cose Co-authored-by: David Hu <david.hu@arm.com> Signed-off-by: Adam Kulesza <adam.kulesza@arm.com> Change-Id: I7a8d04e4d8de3028acb9e1c879cd9997334fdf41 * Adds t_cose_mac0_sign to mac0 API Signed-off-by: Adam Kulesza <adam.kulesza@arm.com> Change-Id: I6422735e14a8da9ed454301f21ca7c42d5db27eb * Adds tests for COSE_Mac0 t_cose_sign_verify_mac0_test.h/c was derived from t_cose_sign_verify_test.h/c Signed-off-by: Adam Kulesza <adam.kulesza@arm.com> Change-Id: Idfa7bf624ca7cf825fe5a823c0f83c5bdc918481 * Generalizes function name Signed-off-by: Adam Kulesza <adam.kulesza@arm.com> Change-Id: I05d8ff40bfcf709ccec39a5efb5f19bdc63690aa * Allows for disabling sign1 Sign1 functionality can be disabled to reduce the program size. Signed-off-by: Adam Kulesza <adam.kulesza@arm.com> Change-Id: Id458c0e67c27eab7c8af44ef1a97b02038805c9f * Renames t_cose_mac0_* to t_cose_mac_* Signed-off-by: Adam Kulesza <adam.kulesza@arm.com> Change-Id: Iae2d744d30beb3ec135f91bd10378f940872d553 * Removes unnecessary ifs Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: I7027110479d0aa6b876450f0dcd8894351a67815 * Resolves conflict marker Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: I01bf68acb56a6f7a9c20f8348bd7d8c82aae1c21 * Moves function from common to util Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: I3763605994b32a9e667773798452479e1612f967 * Adds aad and detached to sign mac API Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: I1513c994aaa8391006416e9f6e372230476f1ef5 * Fixes return values in mac test Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: I8ff585dd89ded68b826ddc72b85da3ea58dc8dcd * Adds tstr make header param macro Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: Id682df2dc5c91f6ac9a8f53848d22e98da6fa816 * Updates mac sign to new parameter encoding API Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: I29ece54d96eb2d986bb9b5ccbb1b7aff4761ad7e * Changes SIGN1 to MAC0 in process_tags Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: Ief581eb3a6a488040dba3ec43cc3d665077360fa * Adds missing include Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: I1288ef94bfb3de53815346b52d39f75187f5f8b8 * Moves num headers definition to common file Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: I1381bc69c99f0fb7d54bcdb27c9ced1662287268 * Updates mac verify to new parameter decoding API Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: Ibac865a7f23d7a0f67e2702d95aafb23c97fdb4c * Adds aad and detached to verify api Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: I4c400adf51291fb969f32be8c58368a2ea4c1ff3 * Removes short circuit from mac Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: If0f857937d373c1272f8567d5511692e63482d5a * Converts all cose_alg parameters to uint32_t Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: Ifbca08e0b988a43ad7b6a6c70cbbacb344bbb77f * Renames mac sign functions and struct to mac compute Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: Icbff801626418585981d2b65de33804f77902852 * Renames mac sign files to mac compute Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: I9c32ef2104cb719208a82f07e908d9d8a8ecb482 * Renames mac verify functions and struct to mac validate Change-Id: I0d58dc75b7ea0fc2fd6de96c84de5ae829d7ea85 Signed-off-by: Adam Kulesza <adam.kule@gmail.com> * Renames mac verify files to mac validate Change-Id: I2b2aa7a2c6613bd7f4d62a782195b7fa5fbf71ac Signed-off-by: Adam Kulesza <adam.kule@gmail.com> * Removes unnecessary include Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: I96aa95be1764538efc8b4a090415f06b350cf24f * Renames mac test file Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: Ia8b760ec06c82db004a4db5f255df265aa9cc086 * Changes params size to correct definition Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: I437d6fb4dfc18c598bbe4278bad51bf746b1be23 * Fixes returning stack variable address Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: Ie3fa2bdd2b1cf4677b105420245cf59091ea7c70 * Converts option_flags to uint32_t in mac struct Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: I9f14cfd6f276dff190413125662bc48f7afcff96 * Removes unused variable and label warnings Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: I1c4dd88963446523a2d3fc43dfde3c21336dcc5b * Removes empty array initializer warning Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: Ic97e8cd4ead66daa57642bd3083e2f75f6c5c27a * Removes wrong type warnings Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: Iebaf0be2d7be1f44aae643d5d4982012aefbb0ca * Adds void argument to prevent warnings Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: Id2780a4f059bf2e916c5ccb4fd900eb4d0ca4ebf * Moves params to validate context struct Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Change-Id: I977afeba4e2a6d858e78ba110883db9842f5dbba * Adds mac files to CMakeLists.txt Change-Id: I6cd83499c9d9fef27085cd736ef2025a2a2bcdbb Signed-off-by: Adam Kulesza <adam.kule@gmail.com> * Disables mac for unsupported crypto providers Change-Id: I5380e2b193e27f2dd2c00b7b1e166ee64a2103f8 Signed-off-by: Adam Kulesza <adam.kule@gmail.com> * Adds mac test file to test src Change-Id: I52fc4009182609e1e9a55af89a0d816386cfd229 Signed-off-by: Adam Kulesza <adam.kule@gmail.com> * Updates t_cose_mac_compute_private comment Change-Id: I4d08f1c29e642c4ca646050d7d447045bc6d1ed4 Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Signed-off-by: Adam Kulesza <adam.kulesza@arm.com> Signed-off-by: Adam Kulesza <adam.kule@gmail.com> Co-authored-by: Tamas Ban <tamas.ban@arm.com> Co-authored-by: David Hu <david.hu@arm.com> Co-authored-by: Adam Kulesza <adam.kulesza@arm.com>
Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
The t_cose_sign1 implementation now rests on the t_cose_sign implementation. This PR also fixes a bunch of bugs in t_cose_sign to the point that it mostly works properly for COSE_SIgn1. It doesn't work properly for COSE_Sign yet. This PR fixes a bunch of bugs in header parameter encoding and decoding, something that Mac and Encrypt will make use of. Also, some tests are not passing. They are disabled. They will be fixed on a more incremental pace. * t_cose_sign1 build on top of t_cose_sign * signing compatibility layer is passing most tests * compatibility mode tests passing; dup encode param detection * Checkpoint COSE_Sign1 compatibility layer * checkpoint compatibiliy work -- tests are passing * add files to CMakeLists * Check point work on option flags * tdv tests passing * Fixes for parameter look up functions Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
* Checkpoint parameters work and more... * Parameter work checkpoing -- big rename and encode tests mostly finished and passing * check point parameter work * Add a bunch of parameter tests * Parameter documentation clean up and lots more... * Add tests of find_xxx and MAKE_xx for params * Add some more tests * Fix some warnings * The t_cose_make_xxx_parameter now works for c++ * Parameters lists are linked lists rather than arrays and vectors of arrays * make t_cose_standard_constants public * unify / rename all the standard constants * straggler missing include * Last clean up odds and ends Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
Supports direct, key wrap and and an early version of HPKE. Still needs test. Changes in the encrypt API are expected. * Checkpoint -- compiling and linking * Add the example file (missed in previous commits) * Mostly passing the all the tests now * tdv tests passing, no more compiler warnings * fix long lines and formatting * Fix line endings; no other change * Disable HPKE in Makefile, other tweaks * Clean a few unnecessary changes * reverse more unnecessary changes * Disable HPKE in X Code project * option to disable AES KW * hacking CI, does mbed 2.28 work? * CI hacking disable KW in cmake * More disabling of key wrap * CI hacking -- try to disable AES * CI hacking -- syntax error * Straggler nits * Update readme Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
This doesn't change any code other than a few renames. This is improvements in documentation and code comments for signing. There's still a ways to go on documentation, but this is still a big step forward. * Lots of documentation improvements for signing * More documentation and related changes * More documentation and comment improvements Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
RFC 8152 is obsolete now, it has been replaced by RFC 9052 and 9053. Change-Id: Ic959050b12cda15999160795263863eccf04d28f Signed-off-by: David Vincze <david.vincze@arm.com> Signed-off-by: David Vincze <david.vincze@arm.com>
Use lower case q_useful_buf type instead of UsefulBuf in Mac0 code. Use the matching style Q_USEFUL_BUF_MAKE_STACK_UB and NULL_Q_USEFUL_BUF* macros in the code for consistency. Change-Id: Ied28c58a85c4dbc464372457b97868810e767fe5 Signed-off-by: David Vincze <david.vincze@arm.com> Signed-off-by: David Vincze <david.vincze@arm.com>
The make files were out of date for installation of all the new stuff in dev. This PR also cleans up a bunch of formatting. Thank you Ken! * add: headers to be installed * refactor: Makefile.(psa|ossl) * ignore: psa examples
This is just naming changes, no semantic changes. It aligns to the use of "compute" and "validate" for HMAC operations rather than "sign" and "verify" that might be confused with COSE_Sign. * Align Mac0 function names to convention - align MAC function names to convention - fix alignment differences in MAC code for consistency and better readability Change-Id: I587fca31a21da310e1442a6696a83ce0c51ed89e Signed-off-by: David Vincze <david.vincze@arm.com> * Align Mac0 test function names to convention Change-Id: Ie6dee86581f60e993050f259b9e76b56c411128b Signed-off-by: David Vincze <david.vincze@arm.com> * Correct algorithm/key parameters in Mac0 code - The algorithm IDs are int32_t parameters in the code, update Mac0 code sections to be consistent, - HMAC uses symmetric keys, therefore the "key_pair" naming is misleading in the code. Change-Id: Idf6b127a8ed243f4a70d9f64332330c696eb96bb Signed-off-by: David Vincze <david.vincze@arm.com> Signed-off-by: David Vincze <david.vincze@arm.com>
Add HMAC algorithms to the list of supported algorithms to be able to query whether a particular one is supported or not - the t_cose tests are actively using this feature. These lists vary per crypto libraries. Change-Id: I75a5e4ea2dae7a3b0ee9ebebe8a1294a21334466 Signed-off-by: David Vincze <david.vincze@arm.com> Signed-off-by: David Vincze <david.vincze@arm.com>
Brings in support for RSA and EdDSA signing from the main branch. Rename the ECDSA signer/verifier to "main" as it handles RSA and ECDSA. EdDSA is in a separate signer/verifier. Short-circuit is no longer a fake mode of ECDSA keying off a special key ID or a signer/verifier of its own. It is now what the test crypto uses for signing. It has its own algorithm ID and is invoked by algorithm ID. It is supported by the "main" signer, but only when test crypto is used. Many test cases were upgraded so they run with real crypto instead of only with short-circuit signatures. This increases test coverage when test crypto is used. Interface change to signer/verifiers so that the full option flag set is passed to them. This is a fairly large PR that touches a lot of files. * Fix include directory ordering in Makefile.test * Add support for RSASSA-PSS signatures. (#90) This is described in RFC8230. Both OpenSSL and MbedTLS support is added. The test suite includes some sign/verify self-tests, along with some "known good" signatures, that are verified. As additional confirmation, I've made sure the signatures produced by t_cose could be verified by the pycose library, and vice-versa. Reduces stack requirement for ECDSA signature by making use of OpenBytes API in QCBOR 1.1. * Address CR comments. * Fix formatting of known good signatures. * Fix RSASSA-PSS warnings * Fix warnings * Fix some makefile and test. * Fix more warnings * Add pragmas to ignore Wcast-qual on OpenSSL calls. * Remove extraneous includes. * Add check for QCBOR1.1 * Update README Co-authored-by: Paul Liétar <lietarpaul@microsoft.com> * Add Paul Liétar to credits * Fix rarely occuring memory leak (#94) Co-authored-by: Laurence Lundblade <lgl@securitytheory.com> * Add EdDSA signatures support. (#92) Support for EdDSA signature is added for PSA and OpenSSL crypto. Thanks Paul! * A few straggler nits from EdDSA addition (#98) Co-authored-by: Laurence Lundblade <lgl@securitytheory.com> * checkpoint -- most tests are passing now * Fix the cmake file * All tests passing, but still work to do.... * All tests passing * Short circuit signer now part of the main signer * Remove short from cmake * Another cmake fix * Tody cwt test; will it fix CI issue? * Cmake fixes for CI * rename ecdsa signer/verifier to main * Fix installation of eddsa related headers * More minor tweaks and fixes * fix compiler warnings; add signature header for eddsa * documentation and formatting Co-authored-by: Laurence Lundblade <lgl@securitytheory.com> Co-authored-by: Paul Liétar <plietar@users.noreply.github.com> Co-authored-by: Paul Liétar <lietarpaul@microsoft.com>
* Use struct instead of 4 params for sig input and save 100's of bytes * Documentation and formatting Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
* improve signer/verifier interface * A little formatting Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
A crypto context (a pointer to a structure) can be passed from the public interface to the crypto adapter to accommodate special configuration of the crypto library, returning other data from the crypto library or tracking special state in the crypto library. This context is specific to the particular crypto library. The plan is that this will be used for crypto restart (the public key crypto will yield part way through the operation when it is running at an elevated priority). * Add crypto context pointer for signing * documentation; remove crypto_context from eddsa * Comment block formatting Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
No functional change, just lots of documentation change and better naming for function names, types and variables. Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
This makes the HPKE implementation part of the t_cose source, not something supplied by the crypto library. HPKE still relies on a crypto library for the underlying diffie helman, HKDF and such. This is a crude first pass only for PSA. It needs to have the crypto adapter layer augmented so t_cose can support HPKE with OpenSSL (in fact this HPKE code started out in the OpenSSL library). It still has compiler warnings and other issues. There is no test other than running the example code. This PR also fixes key handle memory leaks in encryption. * Make hpke part of t_cose * Makefile and conditional fixes for CI tests * remove use of md.h * disable hpke for test crypto * remove ref to mbedtls/build_info.h Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
* Support for empty protected headers * decoding/encoding of unprotected alg id param * documentation formatting --------- Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
Documentation for sign is improved Comments for sign implementation improved Rename "aad" to "ext_sup_data" in the interface to align with 4.3 in RFC 9052. Improved error reporting for signing.
Better testing for decryption. Better error reporting for decryption failures. New general test mechanism for testing against COSE messages specified in diag. * Add decryption fail tests plus bug fixes * Straggler makefile * Straggler makefile * Fix merge error; other clean up --------- Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
Initialise the PSA signing context in the PSA crypto adapter when the restartable signing API called with started==false. Change-Id: I9f5c40d2908f1cd32aa35b8d9562b63873d21471
Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
* add: AES-CTR and AES-CBC mode * add: AES-CTR and AEC-CBC tests * update: skip decrypt_known_good_aeskw_non_aead_test() with MbedTLS 2.28 * add: non_aead functions to test_crypto * update: returns T_COSE_ERR_AAD_WITH_NON_AEAD if necessary * update: confirm that the t_cose_encrypt_enc returns T_COSE_ERR_AAD_WITH_NON_AEAD for AES-CTR and AES-CBC * update: move all params to unprotected header only for non AEAD * add: enc-dec test for AES-CTR and AES-CBC * update: allow algorithm id in unprotected header * fix: t_cose_param_find_alg_id_unprot * del: unused variable dummy_length * del: psa_crypto_init() * add: appropriate cast * fix: typo * update: AES-KW + non AEAD test binary * update: move AES-CTR and AES-CBC test case into test/data/*diag * fix: nit
* Further non-aead fixes * Encrypt0 tests with non-aead * Remove some #if'd junk --------- Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
* More rework for empty protected headers * Test and key wrap fixes * Fix check for alt empty parameters form --------- Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
* Finish of ext sup data (aad) for MAC * Formatting and documentation --------- Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
This adds test coverage for most things that can go wrong with a COSE_Encrypt and fixes the error handling for these things. The shell script that processes diag into test input is improved. * More tests and error handling fixes for COSE_Encrypt * Fill out error handling for COSE_Encrypt decoding * Fix left over merge issue * Add .diag files to Xcode project * error checking in script for making test messages * Describe test cases; fix rcpt test case; rename some * straggler files --------- Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
* Rework of crypto adaptor layer for MAC * A little more tidying up * Improve comments; re order * More code formatting and comments * More code formatting and comments * More code formatting and comments --------- Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
* fix: IV size for AES-GCM * del: IV size for AES-KW
This is a breaking change in the t_cose v2 API, but it is not difficult to adapt to it. To adapt, switch from t_cose_sign_verify() to t_cose_sign_verify_msg() with an additional parameter if tag numbers are expected or NULL if not. The main entry points for verify/validate/decrypt are changed to take a QCBORDecodeContext from which to read the message to decode. This makes them simpler inside and more flexible for the caller. A new additional entry point for verify/validate/decrypt is added with the name ending in _msg that takes the pointer and length like the old main entry points. This also returns all the tag numbers. t_cose_mac_validate_nth_tag() is removed and the size of the verify/validate/decrypt context is reduced. This commit make t_cose compatible with QCBOR v2, which does tag number decoding in a different way than QCBOR v1. This commit also continues to work with QCBOR v1 and the sign1 APIs are still compatible with t_cose v1. * Tag number processing update for QCBOR v1 * Seems to be running for both versions of QCBOR * Fix test build. Documentation and code tidy up * Fix warnings, documentation and some bugs * Various clean ups * enable detached test, unneccesary include * Close out some TODO's, mostly documentation and error handling * Close out documentation TODO's --------- Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
This PR mitigates AEAD to non-AEAD downgrade attacks by warning the library uses to comply with RFC 9459. Non AEAD algorithms are disabled by default, and will be enabled only when the T_COSE_OPT_ENABLE_NON_AEAD option is specified by the library caller. The library callers using AES-CTR or AES-CBC will lose the backward compatibility, but it is crucial avoiding them to be vulnerable. * update: disable non AEAD algorithms by default and introduce T_COSE_OPT_ENABLE_NON_AEAD to avoid unintentional use of them * update: warn non AEAD use on T_COSE_OPT_ENABLE_NON_AEAD * update: return T_COSE_ERR_NON_AEAD_DISABLED in both encrypt and decrypt functions * fix: error code to T_COSE_ERR_NON_AEAD_DISABLED * update: the usage of T_COSE_OPT_ENABLE_NON_AEAD --------- Co-authored-by: Laurence Lundblade <laurencelundblade@users.noreply.github.com>
Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
When using the PSA Crypto adapter layer, the signature buffer provided to `t_cose_crypto_sign()` may be significantly larger than necessary for the algorithm in use. Passing oversized buffers to `psa_sign_hash()` can lead to performance inefficiencies and potential internal errors in strict environments. This change queries the expected signature size using `t_cose_crypto_sig_size()` and checks it against the actual buffer length before calling `psa_sign_hash()`. If the expected size exceeds the available buffer, t_cose_crypto_sign() returns with T_COSE_ERR_SIG_BUFFER_SIZE. This improves robustness and avoids excessive memory usage during signature generation. Change-Id: I1f0bda9afe0856a1f5f4571459c270aa8b106cfc Signed-off-by: G. Varga, Gabor <Gabor.G.Varga@arm.com>
Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
* Add gcov test coverage to make files * Remove extraneous Makefile * update copyright * Fix mistake --------- Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
Still a lot of work to do in this area; inconsistencies and such, but it's time to get the CI and builds working again. This PR fixes compatibility with QCBOR version. You also need the latest QCBORs to work with this because it relies on CMake package info. This PR adds CI support for Windows. This PR uses package managers to get OpenSSL and MbedTLS. This will make it much easier to adapt to varying versions of crypto libraries. This PR reorganizes the fan out. It adds tests against QCBOR versions and ifdef fan out.
More CI fixes, mostly for windows Fan out QCBOR versions for windows Windows uses Conan to fetch all crypto libs; same as linux; no more vcpkg Turn on warning flags for the compiler Add comments and improve formatting Fix Linux compiler fan out * fan out qcbor * hack 44 * improve windows 'name' in CI * fan out crypto for msvc * hack xx * Get Openssl from conan for Windows * hack * hack * hack * hack * uniform indention and comments * fix compiler fan out * no container * Turn on warning generating compiler flags --------- Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
Cmake now can build and install a cmake package file. QCBOR is found by looking for installation as a package, or if it's location is passed as cmake cache variables. The "building" section of the readme is updated and improved. This exposes an undocumented interface for the use of testing so the test suite doesn't have to reach in to private header files. The test suite highly benefits from the ability to call some non-public functions both to test them and to make use of them for testing. These are primarily crypto operations. It is useful to test the crypto adaptation layer and to use the crypto to construct test messages. Some other refactoring of the test code so it never reaches into t_cose source. Cmake exports cmake package info * Add missling file * hack * add semi-public interface for crypto adapter layer for better factoring of tests * Remove stray file * Clean up some constants in test case * Export dependencies * Add cmake 'Find' back in * Fix QCBOR::QCBOR -> qcbor::qcbor ; lower case is the convention * various fixes * Manual QCBOR path configuration * pass on qbcor location either as package or not * Update documentation * Nits * Minor tweaks to sync with master * various --------- Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
HKDF doesn't like a NULL salt. It used to. Also fan out CI for more versions of OpenSSL. * Totally fanout openssl in CI * Fix for OpenSSL 3.5 and higher * back off # of OpenSSL versions by one --------- Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
This reverts commit 0aa7b3b.
For PSA, use our own AES key wrap implementation rather than the one in MbedTLS (which was not good anyway). This removes a major dependency of MbedTLS, getting closer to only depending on the PSA API. With this removal, there's no need for T_COSE_DISABLE_KEYWRAP * Keywrap refactoring; remote T_COSE_DISABLE_KEYWRAP * little fixes * OpenSSL keywrap improvemnts and other refactoring * Fix up test crypto key wrap so it passes * tidy up * did the todo --------- Co-authored-by: Laurence Lundblade <lgl@securitytheory.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This merge won't happen until 2.0 is in good shape. Probably late 2022 or maybe 2023. The PR is to be able to see the diff easily.