Merge pull request #36 from jimsch/master
Use both SPK and SPK_KID for sender keys.
diff --git a/src/Encrypt.c b/src/Encrypt.c
index 6c39d06..bd6f25a 100644
--- a/src/Encrypt.c
+++ b/src/Encrypt.c
@@ -211,33 +211,71 @@
alg = (int) cn->v.uint;
switch (alg) {
-#ifdef INCLUDE_AES_CCM
+#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
cbitKey = 128;
break;
+#endif
+#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
cbitKey = 256;
break;
-#endif // INCLUDE_AES_CCM
+#endif
+#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
cbitKey = 128;
break;
+#endif
+#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
cbitKey = 192;
break;
+#endif
+#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
cbitKey = 256;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -279,33 +317,71 @@
CHECK_CONDITION(cn != NULL, COSE_ERR_INVALID_PARAMETER);
switch (alg) {
-#ifdef INCLUDE_AES_CCM
+#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
+ if (!AES_CCM_Decrypt(pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
if (!AES_CCM_Decrypt(pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
+#endif
+#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
+ if (!AES_CCM_Decrypt(pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
if (!AES_CCM_Decrypt(pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
+#endif
+#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
+ if (!AES_CCM_Decrypt(pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
if (!AES_CCM_Decrypt(pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
+#endif
+#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
+ if (!AES_CCM_Decrypt(pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
if (!AES_CCM_Decrypt(pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
-#endif // INCLUDE_AES_CCM
+#endif
+#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
+ if (!AES_GCM_Decrypt(pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
+ if (!AES_GCM_Decrypt(pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
if (!AES_GCM_Decrypt(pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -352,25 +428,63 @@
// Get the key size
switch (alg) {
-#ifdef INCLUDE_AES_CCM
+#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
cbitKey = 128;
break;
+#endif
+#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
cbitKey = 256;
break;
-#endif // INCLUDE_AES_CCM
+#endif
+#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128: cbitKey = 128; break;
+#endif
+#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192: cbitKey = 192; break;
+#endif
+#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256: cbitKey = 256; break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -412,33 +526,71 @@
if (!_COSE_Encrypt_Build_AAD(&pcose->m_message, &pbAuthData, &cbAuthData, "Enveloped", perr)) goto errorReturn;
switch (alg) {
-#ifdef INCLUDE_AES_CCM
+#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
+ if (!AES_CCM_Encrypt(pcose, 64, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
if (!AES_CCM_Encrypt(pcose, 64, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
+ if (!AES_CCM_Encrypt(pcose, 128, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
if (!AES_CCM_Encrypt(pcose, 128, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
+ if (!AES_CCM_Encrypt(pcose, 64, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
if (!AES_CCM_Encrypt(pcose, 64, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
+ if (!AES_CCM_Encrypt(pcose, 128, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
if (!AES_CCM_Encrypt(pcose, 128, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
+#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
+ if (!AES_GCM_Encrypt(pcose, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
+ if (!AES_GCM_Encrypt(pcose, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
if (!AES_GCM_Encrypt(pcose, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
diff --git a/src/Encrypt0.c b/src/Encrypt0.c
index 0d8e78b..bca0487 100644
--- a/src/Encrypt0.c
+++ b/src/Encrypt0.c
@@ -164,33 +164,71 @@
alg = (int) cn->v.uint;
switch (alg) {
-#ifdef INCLUDE_AES_CCM
+#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
cbitKey = 128;
break;
+#endif
+#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
cbitKey = 256;
break;
-#endif // INCLUDE_AES_CCM
+#endif
+#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
cbitKey = 128;
break;
+#endif
+#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
cbitKey = 192;
break;
+#endif
+#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
cbitKey = 256;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -220,33 +258,71 @@
CHECK_CONDITION(cn != NULL, COSE_ERR_INVALID_PARAMETER);
switch (alg) {
-#ifdef INCLUDE_AES_CCM
+#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
+ if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
+#endif
+#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
+ if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
+#endif
+#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
+ if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
+#endif
+#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
+ if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
-#endif // INCLUDE_AES_CCM
+#endif
+#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
+ if (!AES_GCM_Decrypt((COSE_Enveloped *)pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
+ if (!AES_GCM_Decrypt((COSE_Enveloped *)pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
if (!AES_GCM_Decrypt((COSE_Enveloped *)pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -288,25 +364,65 @@
// Get the key size
switch (alg) {
-#ifdef INCLUDE_AES_CCM
+#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
cbitKey = 128;
break;
+#endif
+#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
cbitKey = 256;
break;
-#endif // INCLUDE_AES_CCM
+#endif
+#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128: cbitKey = 128; break;
+#endif
+
+#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192: cbitKey = 192; break;
+#endif
+
+#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256: cbitKey = 256; break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -323,33 +439,67 @@
if (!_COSE_Encrypt_Build_AAD(&pcose->m_message, &pbAuthData, &cbAuthData, "Encrypted", perr)) goto errorReturn;
switch (alg) {
-#ifdef INCLUDE_AES_CCM
+#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
+ if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 64, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 64, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
+ if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 128, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 128, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
+ if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 64, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 64, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
+ if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 128, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 128, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
+#ifdef USE_AES_GCM
+#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
+#endif
+#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
+#endif
+#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
+#endif
if (!AES_GCM_Encrypt((COSE_Enveloped *)pcose, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
diff --git a/src/MacMessage.c b/src/MacMessage.c
index 6a1a9f8..a6a9008 100644
--- a/src/MacMessage.c
+++ b/src/MacMessage.c
@@ -330,25 +330,53 @@
// Get the key size
switch (alg) {
- case COSE_Algorithm_CBC_MAC_128_64:
+#ifdef USE_AES_CBC_MAC_128_64
+ case COSE_Algorithm_CBC_MAC_128_64:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_128_128
case COSE_Algorithm_CBC_MAC_128_128:
- cbitKey = 128;
+ cbitKey = 128;
break;
+#endif
- case COSE_Algorithm_CBC_MAC_256_64:
- case COSE_Algorithm_CBC_MAC_256_128:
- case COSE_Algorithm_HMAC_256_64:
- case COSE_Algorithm_HMAC_256_256:
- cbitKey = 256;
+#ifdef USE_AES_CBC_MAC_256_64
+ case COSE_Algorithm_CBC_MAC_256_64:
+ cbitKey = 256;
break;
+#endif
- case COSE_Algorithm_HMAC_384_384:
- cbitKey = 384;
+#ifdef USE_AES_CBC_MAC_256_128
+ case COSE_Algorithm_CBC_MAC_256_128:
+ cbitKey = 256;
break;
+#endif
- case COSE_Algorithm_HMAC_512_512:
- cbitKey = 512;
+#ifdef USE_HMAC_256_64
+ case COSE_Algorithm_HMAC_256_64:
+ cbitKey = 256;
break;
+#endif
+
+#ifdef USE_HMAC_256_256
+ case COSE_Algorithm_HMAC_256_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_HMAC_384_384
+ case COSE_Algorithm_HMAC_384_384:
+ cbitKey = 384;
+ break;
+#endif
+
+#ifdef USE_HMAC_512_512
+ case COSE_Algorithm_HMAC_512_512:
+ cbitKey = 512;
+ break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -390,31 +418,53 @@
if (!_COSE_Mac_Build_AAD(&pcose->m_message, "MAC", &pbAuthData, &cbAuthData, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
switch (alg) {
+#ifdef USE_AES_CBC_MAC_128_64
case COSE_Algorithm_CBC_MAC_128_64:
+ if (!AES_CBC_MAC_Create(pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_256_64
case COSE_Algorithm_CBC_MAC_256_64:
if (!AES_CBC_MAC_Create(pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CBC_MAC_128_128
case COSE_Algorithm_CBC_MAC_128_128:
+ if (!AES_CBC_MAC_Create(pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_256_128
case COSE_Algorithm_CBC_MAC_256_128:
if (!AES_CBC_MAC_Create(pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_256_64
case COSE_Algorithm_HMAC_256_64:
if (!HMAC_Create(pcose, 256, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_256_256
case COSE_Algorithm_HMAC_256_256:
if (!HMAC_Create(pcose, 256, 256, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_384_384
case COSE_Algorithm_HMAC_384_384:
if (!HMAC_Create(pcose, 384, 384, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_512_512
case COSE_Algorithm_HMAC_512_512:
if (!HMAC_Create(pcose, 512, 512, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
@@ -472,26 +522,53 @@
alg = (int)cn->v.uint;
switch (alg) {
+#ifdef USE_AES_CBC_MAC_128_64
case COSE_Algorithm_CBC_MAC_128_64:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_128_128
case COSE_Algorithm_CBC_MAC_128_128:
cbitKey = 128;
break;
+#endif
- case COSE_Algorithm_CBC_MAC_256_64:
- case COSE_Algorithm_CBC_MAC_256_128:
- case COSE_Algorithm_HMAC_256_64:
- case COSE_Algorithm_HMAC_256_256:
- cbitKey = 256;
+#ifdef USE_AES_CBC_MAC_256_64
+ case COSE_Algorithm_CBC_MAC_256_64:
+ cbitKey = 256;
break;
+#endif
- case COSE_Algorithm_HMAC_384_384:
- cbitKey = 384;
+#ifdef USE_AES_CBC_MAC_256_128
+ case COSE_Algorithm_CBC_MAC_256_128:
+ cbitKey = 256;
break;
+#endif
- case COSE_Algorithm_HMAC_512_512:
- cbitKey = 512;
+#ifdef USE_HMAC_256_64
+ case COSE_Algorithm_HMAC_256_64:
+ cbitKey = 256;
break;
+#endif
+#ifdef USE_HMAC_256_256
+ case COSE_Algorithm_HMAC_256_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_HMAC_384_384
+ case COSE_Algorithm_HMAC_384_384:
+ cbitKey = 384;
+ break;
+#endif
+
+#ifdef USE_HMAC_512_512
+ case COSE_Algorithm_HMAC_512_512:
+ cbitKey = 512;
+ break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
@@ -522,31 +599,53 @@
if (!_COSE_Mac_Build_AAD(&pcose->m_message, "MAC", &pbAuthData, &cbAuthData, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
switch (alg) {
+#ifdef USE_HMAC_256_256
case COSE_Algorithm_HMAC_256_256:
if (!HMAC_Validate(pcose, 256, 256, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_256_64
case COSE_Algorithm_HMAC_256_64:
if (!HMAC_Validate(pcose, 256, 64, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_384_384
case COSE_Algorithm_HMAC_384_384:
if (!HMAC_Validate(pcose, 384, 384, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_512_512
case COSE_Algorithm_HMAC_512_512:
if (!HMAC_Validate(pcose, 512, 512, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CBC_MAC_128_64
case COSE_Algorithm_CBC_MAC_128_64:
+ if (!AES_CBC_MAC_Validate(pcose, 64, pbKey, cbitKey / 8, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_256_64
case COSE_Algorithm_CBC_MAC_256_64:
if (!AES_CBC_MAC_Validate(pcose, 64, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CBC_MAC_128_128
case COSE_Algorithm_CBC_MAC_128_128:
+ if (!AES_CBC_MAC_Validate(pcose, 128, pbKey, cbitKey / 8, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_256_128
case COSE_Algorithm_CBC_MAC_256_128:
if (!AES_CBC_MAC_Validate(pcose, 128, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
diff --git a/src/MacMessage0.c b/src/MacMessage0.c
index 04b781b..11a6542 100644
--- a/src/MacMessage0.c
+++ b/src/MacMessage0.c
@@ -227,25 +227,53 @@
// Get the key size
switch (alg) {
+#ifdef USE_AES_CBC_MAC_128_64
case COSE_Algorithm_CBC_MAC_128_64:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_128_128
case COSE_Algorithm_CBC_MAC_128_128:
cbitKey = 128;
break;
+#endif
- case COSE_Algorithm_CBC_MAC_256_64:
- case COSE_Algorithm_CBC_MAC_256_128:
- case COSE_Algorithm_HMAC_256_64:
- case COSE_Algorithm_HMAC_256_256:
- cbitKey = 256;
+#ifdef USE_AES_CBC_MAC_256_64
+ case COSE_Algorithm_CBC_MAC_256_64:
+ cbitKey = 256;
break;
+#endif
- case COSE_Algorithm_HMAC_384_384:
- cbitKey = 384;
+#ifdef USE_AES_CBC_MAC_256_128
+ case COSE_Algorithm_CBC_MAC_256_128:
+ cbitKey = 256;
break;
+#endif
- case COSE_Algorithm_HMAC_512_512:
- cbitKey = 512;
+#ifdef USE_HMAC_256_64
+ case COSE_Algorithm_HMAC_256_64:
+ cbitKey = 256;
break;
+#endif
+
+#ifdef USE_HMAC_256_256
+ case COSE_Algorithm_HMAC_256_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_HMAC_384_384
+ case COSE_Algorithm_HMAC_384_384:
+ cbitKey = 384;
+ break;
+#endif
+
+#ifdef USE_HMAC_512_512
+ case COSE_Algorithm_HMAC_512_512:
+ cbitKey = 512;
+ break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -260,31 +288,53 @@
if (!_COSE_Mac_Build_AAD(&pcose->m_message, "MAC0", &pbAuthData, &cbAuthData, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
switch (alg) {
+#ifdef USE_AES_CBC_MAC_128_64
case COSE_Algorithm_CBC_MAC_128_64:
+ if (!AES_CBC_MAC_Create((COSE_MacMessage *)pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_256_64
case COSE_Algorithm_CBC_MAC_256_64:
if (!AES_CBC_MAC_Create((COSE_MacMessage *)pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CBC_MAC_128_128
case COSE_Algorithm_CBC_MAC_128_128:
+ if (!AES_CBC_MAC_Create((COSE_MacMessage *)pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_256_128
case COSE_Algorithm_CBC_MAC_256_128:
if (!AES_CBC_MAC_Create((COSE_MacMessage *)pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_256_64
case COSE_Algorithm_HMAC_256_64:
if (!HMAC_Create((COSE_MacMessage *)pcose, 256, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_256_256
case COSE_Algorithm_HMAC_256_256:
if (!HMAC_Create((COSE_MacMessage *)pcose, 256, 256, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_384_384
case COSE_Algorithm_HMAC_384_384:
if (!HMAC_Create((COSE_MacMessage *)pcose, 384, 384, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_512_512
case COSE_Algorithm_HMAC_512_512:
if (!HMAC_Create((COSE_MacMessage *)pcose, 512, 512, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
@@ -331,25 +381,53 @@
alg = (int)cn->v.uint;
switch (alg) {
+#ifdef USE_AES_CBC_MAC_128_64
case COSE_Algorithm_CBC_MAC_128_64:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_128_128
case COSE_Algorithm_CBC_MAC_128_128:
cbitKey = 128;
break;
+#endif
- case COSE_Algorithm_CBC_MAC_256_64:
- case COSE_Algorithm_CBC_MAC_256_128:
- case COSE_Algorithm_HMAC_256_64:
- case COSE_Algorithm_HMAC_256_256:
- cbitKey = 256;
+#ifdef USE_AES_CBC_MAC_256_64
+ case COSE_Algorithm_CBC_MAC_256_64:
+ cbitKey = 256;
break;
+#endif
- case COSE_Algorithm_HMAC_384_384:
- cbitKey = 384;
+#ifdef USE_AES_CBC_MAC_256_128
+ case COSE_Algorithm_CBC_MAC_256_128:
+ cbitKey = 256;
break;
+#endif
- case COSE_Algorithm_HMAC_512_512:
- cbitKey = 512;
+#ifdef USE_HMAC_256_64
+ case COSE_Algorithm_HMAC_256_64:
+ cbitKey = 256;
break;
+#endif
+
+#ifdef USE_HMAC_256_256
+ case COSE_Algorithm_HMAC_256_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_HMAC_384_384
+ case COSE_Algorithm_HMAC_384_384:
+ cbitKey = 384;
+ break;
+#endif
+
+#ifdef USE_HMAC_512_512
+ case COSE_Algorithm_HMAC_512_512:
+ cbitKey = 512;
+ break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -366,31 +444,53 @@
if (!_COSE_Mac_Build_AAD(&pcose->m_message, "MAC0", &pbAuthData, &cbAuthData, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
switch (alg) {
+#ifdef USE_HMAC_256_256
case COSE_Algorithm_HMAC_256_256:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 256, 256, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_256_64
case COSE_Algorithm_HMAC_256_64:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 256, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_384_384
case COSE_Algorithm_HMAC_384_384:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 384, 384, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_512_512
case COSE_Algorithm_HMAC_512_512:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 512, 512, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CBC_MAC_128_64
case COSE_Algorithm_CBC_MAC_128_64:
+ if (!AES_CBC_MAC_Validate((COSE_MacMessage *)pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_256_64
case COSE_Algorithm_CBC_MAC_256_64:
if (!AES_CBC_MAC_Validate((COSE_MacMessage *)pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CBC_MAC_128_128
case COSE_Algorithm_CBC_MAC_128_128:
+ if (!AES_CBC_MAC_Validate((COSE_MacMessage *)pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_256_128
case COSE_Algorithm_CBC_MAC_256_128:
if (!AES_CBC_MAC_Validate((COSE_MacMessage *)pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
diff --git a/src/Recipient.c b/src/Recipient.c
index da0543e..a40bef5 100644
--- a/src/Recipient.c
+++ b/src/Recipient.c
@@ -172,7 +172,7 @@
pkeyMessage = (cn_cbor *) pKeyPrivate;
if (!ECDH_ComputeSecret(pCose, &pkeyMessage, pKeyPublic, &pbSecret, &cbSecret, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
- if (pkeyMessage->parent == NULL) {
+ if (!fStatic && pkeyMessage->parent == NULL) {
if (!_COSE_map_put(pCose, COSE_Header_ECDH_EPHEMERAL, pkeyMessage, COSE_UNPROTECT_ONLY, perr)) goto errorReturn;
}
}
@@ -268,39 +268,91 @@
return true;
+#ifdef USE_AES_KW_128
case COSE_Algorithm_AES_KW_128:
cbitKeyX = 128;
break;
+#endif
+#ifdef USE_AES_KW_192
case COSE_Algorithm_AES_KW_192:
cbitKeyX = 192;
break;
+#endif
+#ifdef USE_AES_KW_256
case COSE_Algorithm_AES_KW_256:
cbitKeyX = 192;
break;
+#endif
+#ifdef USE_Direct_HKDF_AES_128
case COSE_Algorithm_Direct_HKDF_AES_128:
+#endif
+
+#ifdef USE_Direct_HKDF_AES_256
case COSE_Algorithm_Direct_HKDF_AES_256:
+#endif
+
+#ifdef USE_Direct_HKDF_HMAC_SHA_256
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_256:
+ break;
+#endif
+
+#ifdef USE_Direct_HKDF_HMAC_SHA_512
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_512:
break;
+#endif
+#ifdef USE_ECDH_ES_HKDF_256
case COSE_Algorithm_ECDH_ES_HKDF_256:
+ break;
+#endif
+
+#ifdef USE_ECDH_ES_HKDF_512
case COSE_Algorithm_ECDH_ES_HKDF_512:
+ break;
+#endif
+
+#ifdef USE_ECDH_SS_HKDF_256
case COSE_Algorithm_ECDH_SS_HKDF_256:
+ break;
+#endif
+
+#ifdef USE_ECDH_SS_HKDF_512
case COSE_Algorithm_ECDH_SS_HKDF_512:
break;
+#endif
+#ifdef USE_ECDH_ES_A128KW
case COSE_Algorithm_ECDH_ES_A128KW:
+ break;
+#endif
+
+#ifdef USE_ECDH_ES_A192KW
case COSE_Algorithm_ECDH_ES_A192KW:
+ break;
+#endif
+
+#ifdef USE_ECDH_ES_A256KW
case COSE_Algorithm_ECDH_ES_A256KW:
break;
+#endif
+#ifdef USE_ECDH_SS_A128KW
case COSE_Algorithm_ECDH_SS_A128KW:
+ break;
+#endif
+
+#ifdef USE_ECDH_SS_A192KW
case COSE_Algorithm_ECDH_SS_A192KW:
+ break;
+#endif
+
+#ifdef USE_ECDH_SS_A256KW
case COSE_Algorithm_ECDH_SS_A256KW:
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -316,14 +368,48 @@
for (pRecip2 = pcose->m_recipientFirst; pRecip2 != NULL; pRecip2 = pRecip->m_recipientNext) {
if (_COSE_Recipient_decrypt(pRecip2, alg, cbitKeyX, pbKeyX, perr)) break;
}
+ CHECK_CONDITION(pRecip2 != NULL, COSE_ERR_NO_RECIPIENT_FOUND);
}
cnBody = _COSE_arrayget_int(&pcose->m_message, INDEX_BODY);
CHECK_CONDITION(cnBody != NULL, COSE_ERR_INVALID_PARAMETER);
switch (alg) {
+#ifdef USE_AES_KW_128
case COSE_Algorithm_AES_KW_128:
+ if (pbKeyX != NULL) {
+ int x = cbitKeyOut / 8;
+ if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, pbKeyX, cbitKeyX, cnBody->v.bytes, cnBody->length, pbKeyOut, &x, perr)) goto errorReturn;
+ }
+ else {
+ CHECK_CONDITION(pRecip->m_pkey != NULL, COSE_ERR_INVALID_PARAMETER);
+ int x = cbitKeyOut / 8;
+ cn = cn_cbor_mapget_int(pRecip->m_pkey, -1);
+ CHECK_CONDITION((cn != NULL) && (cn->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
+
+ if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, cn->v.bytes, cn->length * 8, cnBody->v.bytes, cnBody->length, pbKeyOut, &x, perr)) goto errorReturn;
+ }
+ break;
+#endif
+
+#ifdef USE_AES_KW_192
case COSE_Algorithm_AES_KW_192:
+ if (pbKeyX != NULL) {
+ int x = cbitKeyOut / 8;
+ if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, pbKeyX, cbitKeyX, cnBody->v.bytes, cnBody->length, pbKeyOut, &x, perr)) goto errorReturn;
+ }
+ else {
+ CHECK_CONDITION(pRecip->m_pkey != NULL, COSE_ERR_INVALID_PARAMETER);
+ int x = cbitKeyOut / 8;
+ cn = cn_cbor_mapget_int(pRecip->m_pkey, -1);
+ CHECK_CONDITION((cn != NULL) && (cn->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
+
+ if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, cn->v.bytes, cn->length * 8, cnBody->v.bytes, cnBody->length, pbKeyOut, &x, perr)) goto errorReturn;
+ }
+ break;
+#endif
+
+#ifdef USE_AES_KW_256
case COSE_Algorithm_AES_KW_256:
if (pbKeyX != NULL) {
int x = cbitKeyOut / 8;
@@ -338,80 +424,109 @@
if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, cn->v.bytes, cn->length * 8, cnBody->v.bytes, cnBody->length, pbKeyOut, &x, perr)) goto errorReturn;
}
break;
+#endif
+#ifdef USE_Direct_HKDF_HMAC_SHA_256
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_256:
if (!HKDF_X(&pcose->m_message, true, false, false, false, algIn, pRecip->m_pkey, NULL, pbKeyOut, cbitKeyOut, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_Direct_HKDF_HMAC_SHA_512
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_512:
if (!HKDF_X(&pcose->m_message, true, false, false, false, algIn, pRecip->m_pkey, NULL, pbKeyOut, cbitKeyOut, 512, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_Direct_HKDF_AES_128
case COSE_Algorithm_Direct_HKDF_AES_128:
if (!HKDF_X(&pcose->m_message, false, false, false, false, algIn, pRecip->m_pkey, NULL, pbKeyOut, cbitKeyOut, 128, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_Direct_HKDF_AES_256
case COSE_Algorithm_Direct_HKDF_AES_256:
if (!HKDF_X(&pcose->m_message, false, false, false, false, algIn, pRecip->m_pkey, NULL, pbKeyOut, cbitKeyOut, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_HKDF_256
case COSE_Algorithm_ECDH_ES_HKDF_256:
if (!HKDF_X(&pcose->m_message, true, true, false, false, algIn, pRecip->m_pkey, NULL, pbKeyOut, cbitKeyOut, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_HKDF_512
case COSE_Algorithm_ECDH_ES_HKDF_512:
if (!HKDF_X(&pcose->m_message, true, true, false, false, algIn, pRecip->m_pkey, NULL, pbKeyOut, cbitKeyOut, 512, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_HKDF_256
case COSE_Algorithm_ECDH_SS_HKDF_256:
if (!HKDF_X(&pcose->m_message, true, true, true, false, algIn, pRecip->m_pkey, NULL, pbKeyOut, cbitKeyOut, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_HKDF_512
case COSE_Algorithm_ECDH_SS_HKDF_512:
if (!HKDF_X(&pcose->m_message, true, true, true, false, algIn, pRecip->m_pkey, NULL, pbKeyOut, cbitKeyOut, 512, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_A128KW
case COSE_Algorithm_ECDH_ES_A128KW:
if (!HKDF_X(&pcose->m_message, true, true, false, false, COSE_Algorithm_AES_KW_128, pRecip->m_pkey, NULL, rgbKey, 128, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, rgbKey, 128, cnBody->v.bytes, cnBody->length, pbKeyOut, &cbKey2, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_A192KW
case COSE_Algorithm_ECDH_ES_A192KW:
if (!HKDF_X(&pcose->m_message, true, true, false, false, COSE_Algorithm_AES_KW_192, pRecip->m_pkey, NULL, rgbKey, 192, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, rgbKey, 192, cnBody->v.bytes, cnBody->length, pbKeyOut, &cbKey2, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_A256KW
case COSE_Algorithm_ECDH_ES_A256KW:
if (!HKDF_X(&pcose->m_message, true, true, false, false, COSE_Algorithm_AES_KW_256, pRecip->m_pkey, NULL, rgbKey, 256, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, rgbKey, 256, cnBody->v.bytes, cnBody->length, pbKeyOut, &cbKey2, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_A128KW
case COSE_Algorithm_ECDH_SS_A128KW:
if (!HKDF_X(&pcose->m_message, true, true, true, false, COSE_Algorithm_AES_KW_128, pRecip->m_pkey, NULL, rgbKey, 128, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, rgbKey, 128, cnBody->v.bytes, cnBody->length, pbKeyOut, &cbKey2, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_A192KW
case COSE_Algorithm_ECDH_SS_A192KW:
if (!HKDF_X(&pcose->m_message, true, true, true, false, COSE_Algorithm_AES_KW_192, pRecip->m_pkey, NULL, rgbKey, 192, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, rgbKey, 192, cnBody->v.bytes, cnBody->length, pbKeyOut, &cbKey2, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_A256KW
case COSE_Algorithm_ECDH_SS_A256KW:
if (!HKDF_X(&pcose->m_message, true, true, true, false, COSE_Algorithm_AES_KW_256, pRecip->m_pkey, NULL, rgbKey, 256, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, rgbKey, 256, cnBody->v.bytes, cnBody->length, pbKeyOut, &cbKey2, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -448,6 +563,7 @@
cn_Alg = _COSE_map_get_int(&pRecipient->m_encrypt.m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
if (cn_Alg == NULL) goto errorReturn;
+ CHECK_CONDITION(cn_Alg->type != CN_CBOR_TEXT, COSE_ERR_UNKNOWN_ALGORITHM);
CHECK_CONDITION((cn_Alg->type == CN_CBOR_UINT) || (cn_Alg->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
alg = (int)cn_Alg->v.uint;
@@ -455,39 +571,92 @@
switch (alg) {
case COSE_Algorithm_Direct:
+#ifdef USE_Direct_HKDF_HMAC_SHA_256
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_256:
+#endif
+
+#ifdef USE_Direct_HKDF_HMAC_SHA_512
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_512:
+#endif
+#ifdef USE_Direct_HKDF_AES_128
case COSE_Algorithm_Direct_HKDF_AES_128:
+#endif
+#ifdef USE_Direct_HKDF_AES_256
case COSE_Algorithm_Direct_HKDF_AES_256:
+#endif
+#ifdef USE_ECDH_ES_HKDF_256
case COSE_Algorithm_ECDH_ES_HKDF_256:
+#endif
+#ifdef USE_ECDH_ES_HKDF_512
case COSE_Algorithm_ECDH_ES_HKDF_512:
+#endif
+#ifdef USE_ECDH_SS_HKDF_256
case COSE_Algorithm_ECDH_SS_HKDF_256:
+#endif
+#ifdef USE_ECDH_SS_HKDF_512
case COSE_Algorithm_ECDH_SS_HKDF_512:
+#endif
// This is a NOOP
cbitKey = 0;
CHECK_CONDITION(pRecipient->m_encrypt.m_recipientFirst == NULL, COSE_ERR_INVALID_PARAMETER);
break;
+#ifdef USE_AES_KW_128
case COSE_Algorithm_AES_KW_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_ECDH_ES_A128KW
case COSE_Algorithm_ECDH_ES_A128KW:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_ECDH_SS_A128KW
case COSE_Algorithm_ECDH_SS_A128KW:
cbitKey = 128;
break;
+#endif
+#ifdef USE_AES_KW_192
case COSE_Algorithm_AES_KW_192:
+ cbitKey = 192;
+ break;
+#endif
+
+#ifdef USE_ECDH_ES_A192KW
case COSE_Algorithm_ECDH_ES_A192KW:
+ cbitKey = 192;
+ break;
+#endif
+
+#ifdef USE_ECDH_SS_A192KW
case COSE_Algorithm_ECDH_SS_A192KW:
cbitKey = 192;
break;
+#endif
+#ifdef USE_AES_KW_256
case COSE_Algorithm_AES_KW_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_ECDH_ES_A256KW
case COSE_Algorithm_ECDH_ES_A256KW:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_ECDH_SS_A256KW
case COSE_Algorithm_ECDH_SS_A256KW:
cbitKey = 256;
break;
+#endif
default:
- FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
+ FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
}
// If we are doing direct encryption - then recipient generates the key
@@ -530,14 +699,31 @@
switch (alg) {
case COSE_Algorithm_Direct:
+#ifdef USE_Direct_HKDF_HMAC_SHA_256
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_256:
+#endif
+
+#ifdef USE_Direct_HKDF_HMAC_SHA_512
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_512:
+#endif
+#ifdef USE_Direct_HKDF_AES_128
case COSE_Algorithm_Direct_HKDF_AES_128:
+#endif
+#ifdef USE_Direct_HKDF_AES_256
case COSE_Algorithm_Direct_HKDF_AES_256:
+#endif
+#ifdef USE_ECDH_ES_HKDF_256
case COSE_Algorithm_ECDH_ES_HKDF_256:
+#endif
+#ifdef USE_ECDH_ES_HKDF_512
case COSE_Algorithm_ECDH_ES_HKDF_512:
+#endif
+#ifdef USE_ECDH_SS_HKDF_256
case COSE_Algorithm_ECDH_SS_HKDF_256:
+#endif
+#ifdef USE_ECDH_SS_HKDF_512
case COSE_Algorithm_ECDH_SS_HKDF_512:
+#endif
ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(_COSE_array_replace(&pRecipient->m_encrypt.m_message, ptmp, INDEX_BODY, CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error);
@@ -545,8 +731,33 @@
break;
+#ifdef USE_AES_KW_128
case COSE_Algorithm_AES_KW_128:
+ if (pRecipient->m_pkey != NULL) {
+ cn_cbor * pK = cn_cbor_mapget_int(pRecipient->m_pkey, -1);
+ CHECK_CONDITION(pK != NULL, COSE_ERR_INVALID_PARAMETER);
+ if (!AES_KW_Encrypt(pRecipient, pK->v.bytes, (int)pK->length * 8, pbContent, (int)cbContent, perr)) goto errorReturn;
+ }
+ else {
+ if (!AES_KW_Encrypt(pRecipient, pbKey, (int)cbKey * 8, pbContent, (int)cbContent, perr)) goto errorReturn;
+ }
+ break;
+#endif
+
+#ifdef USE_AES_KW_192
case COSE_Algorithm_AES_KW_192:
+ if (pRecipient->m_pkey != NULL) {
+ cn_cbor * pK = cn_cbor_mapget_int(pRecipient->m_pkey, -1);
+ CHECK_CONDITION(pK != NULL, COSE_ERR_INVALID_PARAMETER);
+ if (!AES_KW_Encrypt(pRecipient, pK->v.bytes, (int)pK->length * 8, pbContent, (int)cbContent, perr)) goto errorReturn;
+ }
+ else {
+ if (!AES_KW_Encrypt(pRecipient, pbKey, (int)cbKey * 8, pbContent, (int)cbContent, perr)) goto errorReturn;
+ }
+ break;
+#endif
+
+#ifdef USE_AES_KW_256
case COSE_Algorithm_AES_KW_256:
if (pRecipient->m_pkey != NULL) {
cn_cbor * pK = cn_cbor_mapget_int(pRecipient->m_pkey, -1);
@@ -557,36 +768,49 @@
if (!AES_KW_Encrypt(pRecipient, pbKey, (int) cbKey*8, pbContent, (int) cbContent, perr)) goto errorReturn;
}
break;
+#endif
+#ifdef USE_ECDH_ES_A128KW
case COSE_Algorithm_ECDH_ES_A128KW:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, false, true, COSE_Algorithm_AES_KW_128, NULL, pRecipient->m_pkey, rgbKey, 128, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Encrypt(pRecipient, rgbKey, 128, pbContent, (int)cbContent, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_A192KW
case COSE_Algorithm_ECDH_ES_A192KW:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, false, true, COSE_Algorithm_AES_KW_192, NULL, pRecipient->m_pkey, rgbKey, 192, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Encrypt(pRecipient, rgbKey, 192, pbContent, (int)cbContent, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_A256KW
case COSE_Algorithm_ECDH_ES_A256KW:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, false, true, COSE_Algorithm_AES_KW_256, NULL, pRecipient->m_pkey, rgbKey, 256, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Encrypt(pRecipient, rgbKey, 256, pbContent, (int)cbContent, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_A128KW
case COSE_Algorithm_ECDH_SS_A128KW:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, true, true, COSE_Algorithm_AES_KW_128, pRecipient->m_pkeyStatic, pRecipient->m_pkey, rgbKey, 128, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Encrypt(pRecipient, rgbKey, 128, pbContent, (int)cbContent, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_A192KW
case COSE_Algorithm_ECDH_SS_A192KW:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, true, true, COSE_Algorithm_AES_KW_192, pRecipient->m_pkeyStatic, pRecipient->m_pkey, rgbKey, 192, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Encrypt(pRecipient, rgbKey, 192, pbContent, (int)cbContent, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_A256KW
case COSE_Algorithm_ECDH_SS_A256KW:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, true, true, COSE_Algorithm_AES_KW_256, pRecipient->m_pkeyStatic, pRecipient->m_pkey, rgbKey, 256, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Encrypt(pRecipient, rgbKey, 256, pbContent, (int)cbContent, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
@@ -643,37 +867,53 @@
memcpy(pb, pK->v.bytes, cbitKeySize / 8);
break;
+#ifdef USE_Direct_HKDF_HMAC_SHA_256
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_256:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, false, false, true, algIn, pRecipient->m_pkey, NULL, pb, cbitKeySize, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_Direct_HKDF_HMAC_SHA_512
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_512:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, false, false, true, algIn, pRecipient->m_pkey, NULL, pb, cbitKeySize, 512, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_Direct_HKDF_AES_128
case COSE_Algorithm_Direct_HKDF_AES_128:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, false, false, false, true, algIn, pRecipient->m_pkey, NULL, pb, cbitKeySize, 128, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_Direct_HKDF_AES_256
case COSE_Algorithm_Direct_HKDF_AES_256:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, false, false, false, true, algIn, pRecipient->m_pkey, NULL, pb, cbitKeySize, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_HKDF_256
case COSE_Algorithm_ECDH_ES_HKDF_256:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, false, true, algIn, NULL, pRecipient->m_pkey, pb, cbitKeySize, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_HKDF_512
case COSE_Algorithm_ECDH_ES_HKDF_512:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, false, true, algIn, NULL, pRecipient->m_pkey, pb, cbitKeySize, 512, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_HKDF_256
case COSE_Algorithm_ECDH_SS_HKDF_256:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, true, true, algIn, pRecipient->m_pkeyStatic, pRecipient->m_pkey, pb, cbitKeySize, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_HKDF_512
case COSE_Algorithm_ECDH_SS_HKDF_512:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, true, true, algIn, pRecipient->m_pkeyStatic, pRecipient->m_pkey, pb, cbitKeySize, 512, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
@@ -911,14 +1151,30 @@
if (value->type == CN_CBOR_INT) {
switch (value->v.uint) {
case COSE_Algorithm_Direct:
+#ifdef USE_Direct_HKDF_AES_128
case COSE_Algorithm_Direct_HKDF_AES_128:
+#endif
+#ifdef USE_Direct_HKDF_AES_256
case COSE_Algorithm_Direct_HKDF_AES_256:
+#endif
+#ifdef USE_Direct_HKDF_HMAC_SHA_256
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_256:
+#endif
+#ifdef USE_Direct_HKDF_HMAC_SHA_512
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_512:
+#endif
+#ifdef USE_ECDH_ES_HKDF_256
case COSE_Algorithm_ECDH_ES_HKDF_256:
+#endif
+#ifdef USE_ECDH_ES_HKDF_512
case COSE_Algorithm_ECDH_ES_HKDF_512:
+#endif
+#ifdef USE_ECDH_SS_HKDF_256
case COSE_Algorithm_ECDH_SS_HKDF_256:
+#endif
+#ifdef USE_ECDH_SS_HKDF_512
case COSE_Algorithm_ECDH_SS_HKDF_512:
+#endif
((COSE_RecipientInfo *)h)->m_encrypt.m_message.m_flags |= 1;
break;
diff --git a/src/Sign0.c b/src/Sign0.c
index 4d273ea..b08ce5e 100644
--- a/src/Sign0.c
+++ b/src/Sign0.c
@@ -352,18 +352,23 @@
if (!CreateSign0AAD(pSigner, &pbToSign, &cbToSign, "Signature1", perr)) goto errorReturn;
switch (alg) {
+#ifdef USE_ECDSA_SHA_256
case COSE_Algorithm_ECDSA_SHA_256:
f = ECDSA_Sign(&pSigner->m_message, INDEX_SIGNATURE+1, pKey, 256, pbToSign, cbToSign, perr);
break;
+#endif
+#ifdef USE_ECDSA_SHA_384
case COSE_Algorithm_ECDSA_SHA_384:
f = ECDSA_Sign(&pSigner->m_message, INDEX_SIGNATURE+1, pKey, 384, pbToSign, cbToSign, perr);
break;
+#endif
+#ifdef USE_ECDSA_SHA_512
case COSE_Algorithm_ECDSA_SHA_512:
f = ECDSA_Sign(&pSigner->m_message, INDEX_SIGNATURE+1, pKey, 512, pbToSign, cbToSign, perr);
break;
-
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
}
@@ -409,17 +414,23 @@
cnSignature = _COSE_arrayget_int(&pSign->m_message, INDEX_SIGNATURE);
switch (alg) {
+#ifdef USE_ECDSA_SHA_256
case COSE_Algorithm_ECDSA_SHA_256:
if (!ECDSA_Verify(&pSign->m_message, INDEX_SIGNATURE+1, pKey, 256, pbToSign, cbToSign, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDSA_SHA_384
case COSE_Algorithm_ECDSA_SHA_384:
if (!ECDSA_Verify(&pSign->m_message, INDEX_SIGNATURE+1, pKey, 384, pbToSign, cbToSign, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDSA_SHA_512
case COSE_Algorithm_ECDSA_SHA_512:
if (!ECDSA_Verify(&pSign->m_message, INDEX_SIGNATURE+1, pKey, 512, pbToSign, cbToSign, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
diff --git a/src/SignerInfo.c b/src/SignerInfo.c
index dd75531..dd21e33 100644
--- a/src/SignerInfo.c
+++ b/src/SignerInfo.c
@@ -199,17 +199,23 @@
if (!BuildToBeSigned(&pbToSign, &cbToSign, pcborBody, pcborProtected, pcborProtectedSign, pSigner->m_message.m_pbExternal, pSigner->m_message.m_cbExternal, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
switch (alg) {
+#ifdef USE_ECDSA_SHA_256
case COSE_Algorithm_ECDSA_SHA_256:
f = ECDSA_Sign(&pSigner->m_message, INDEX_SIGNATURE, pSigner->m_pkey, 256, pbToSign, cbToSign, perr);
break;
+#endif
+#ifdef USE_ECDSA_SHA_384
case COSE_Algorithm_ECDSA_SHA_384:
f = ECDSA_Sign(&pSigner->m_message, INDEX_SIGNATURE, pSigner->m_pkey, 384, pbToSign, cbToSign, perr);
break;
+#endif
+#ifdef USE_ECDSA_SHA_512
case COSE_Algorithm_ECDSA_SHA_512:
f = ECDSA_Sign(&pSigner->m_message, INDEX_SIGNATURE, pSigner->m_pkey, 512, pbToSign, cbToSign, perr);
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -305,17 +311,23 @@
CHECK_CONDITION((cnSignature != NULL) && (cnSignature->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
switch (alg) {
+#ifdef USE_ECDSA_SHA_256
case COSE_Algorithm_ECDSA_SHA_256:
if (!ECDSA_Verify(&pSigner->m_message, INDEX_SIGNATURE, pSigner->m_pkey, 256, pbToBeSigned, cbToBeSigned, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDSA_SHA_384
case COSE_Algorithm_ECDSA_SHA_384:
if (!ECDSA_Verify(&pSigner->m_message, INDEX_SIGNATURE, pSigner->m_pkey, 384, pbToBeSigned, cbToBeSigned, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDSA_SHA_512
case COSE_Algorithm_ECDSA_SHA_512:
if (!ECDSA_Verify(&pSigner->m_message, INDEX_SIGNATURE, pSigner->m_pkey, 512, pbToBeSigned, cbToBeSigned, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
diff --git a/src/configure.h b/src/configure.h
index bda50c5..e4706d4 100644
--- a/src/configure.h
+++ b/src/configure.h
@@ -1,4 +1,92 @@
-#define INCLUDE_AES_CCM 1
+//
+// Define which AES GCM algorithms are being used
+//
+
+#define USE_AES_GCM_128
+#define USE_AES_GCM_192
+#define USE_AES_GCM_256
+
+#if defined(USE_AES_GCM_128) || defined(USE_AES_GCM_192) || defined(USE_AES_GCM_256)
+#define USE_AES_GCM
+#endif
+
+//
+// Define which AES CCM algorithms are being used
+//
+
+#define USE_AES_CCM_16_64_128
+#define USE_AES_CCM_16_64_256
+#define USE_AES_CCM_64_64_128
+#define USE_AES_CCM_64_64_256
+#define USE_AES_CCM_16_128_128
+#define USE_AES_CCM_16_128_256
+#define USE_AES_CCM_64_128_128
+#define USE_AES_CCM_64_128_256
+
+#define INCLUDE_AES_CCM
+
+//
+// Define which HMAC-SHA algorithms are being used
+//
+
+#define USE_HMAC_256_64
+#define USE_HMAC_256_256
+#define USE_HMAC_384_384
+#define USE_HMAC_512_512
+#if defined(USE_HMAC_256_64) || defined(USE_HMAC_256_256) || defined(USE_HMAC_384_384) || defined(USE_HMAC_512_512)
+#define USE_HMAC
+#endif
+
+//
+// Define which AES CBC-MAC algorithms are to be used
+//
+
+#define USE_AES_CBC_MAC_128_64
+#define USE_AES_CBC_MAC_128_128
+#define USE_AES_CBC_MAC_256_64
+#define USE_AES_CBC_MAC_256_128
+
+//
+// Define which ECDH algorithms are to be used
+//
+
+#define USE_ECDH_ES_HKDF_256
+#define USE_ECDH_ES_HKDF_512
+#define USE_ECDH_SS_HKDF_256
+#define USE_ECDH_SS_HKDF_512
+
+#define USE_ECDH_ES_A128KW
+#define USE_ECDH_ES_A192KW
+#define USE_ECDH_ES_A256KW
+#define USE_ECDH_SS_A128KW
+#define USE_ECDH_SS_A192KW
+#define USE_ECDH_SS_A256KW
+
+//
+// Define which Key Wrap functions are to be used
+//
+
+#define USE_AES_KW_128
+#define USE_AES_KW_192
+#define USE_AES_KW_256
+
+//
+// Define which of the DIRECT + KDF algorithms are to be used
+//
+
+#define USE_Direct_HKDF_HMAC_SHA_256
+#define USE_Direct_HKDF_HMAC_SHA_512
+#define USE_Direct_HKDF_AES_128
+#define USE_Direct_HKDF_AES_256
+
+
+//
+// Define which of the signature algorithms are to be used
+//
+
+#define USE_ECDSA_SHA_256
+#define USE_ECDSA_SHA_384
+#define USE_ECDSA_SHA_512
#define USE_OPEN_SSL 1
diff --git a/src/cose.h b/src/cose.h
index 7c13e36..8add444 100644
--- a/src/cose.h
+++ b/src/cose.h
@@ -95,10 +95,10 @@
COSE_Algorithm_AES_CCM_16_64_128 = 10,
COSE_Algorithm_AES_CCM_16_64_256 = 11,
- COSE_Algorithm_AES_CCM_64_64_128 = 30,
- COSE_Algorithm_AES_CCM_64_64_256 = 31,
- COSE_Algorithm_AES_CCM_16_128_128 = 12,
- COSE_Algorithm_AES_CCM_16_128_256 = 13,
+ COSE_Algorithm_AES_CCM_64_64_128 = 12,
+ COSE_Algorithm_AES_CCM_64_64_256 = 13,
+ COSE_Algorithm_AES_CCM_16_128_128 = 30,
+ COSE_Algorithm_AES_CCM_16_128_256 = 31,
COSE_Algorithm_AES_CCM_64_128_128 = 32,
COSE_Algorithm_AES_CCM_64_128_256 = 33,
@@ -125,9 +125,9 @@
COSE_Algorithm_Direct_HKDF_AES_128 = -12,
COSE_Algorithm_Direct_HKDF_AES_256 = -13,
- COSE_Algorithm_PS256 = -8,
- COSE_Algorithm_PS384 = -37,
- COSE_Algorithm_PS512 = -38,
+// COSE_Algorithm_PS256 = -8,
+// COSE_Algorithm_PS384 = -37,
+// COSE_Algorithm_PS512 = -38,
COSE_Algorithm_ECDSA_SHA_256 = -7,
COSE_Algorithm_ECDSA_SHA_384 = -35,
@@ -156,7 +156,7 @@
COSE_Header_ECDH_STATIC = -2,
COSE_Header_ECDH_EPK = -1,
COSE_Header_ECDH_SPK = -2,
- COSE_Header_ECDH_SPK_KID = -2,
+ COSE_Header_ECDH_SPK_KID = -3,
} COSE_Header;
diff --git a/test/encrypt.c b/test/encrypt.c
index ea5b23a..b3b9ff5 100644
--- a/test/encrypt.c
+++ b/test/encrypt.c
@@ -176,7 +176,8 @@
cn_cbor * pSenderKey = cn_cbor_mapget_string(pRecipient, "sender_key");
if (pSenderKey != NULL) {
cn_cbor * pSendKey = BuildKey(pSenderKey, false);
- if (!COSE_Recipient_SetSenderKey(hRecip, pSendKey, 2, NULL)) goto returnError;
+ cn_cbor * pKid = cn_cbor_mapget_string(pSenderKey, "kid");
+ if (!COSE_Recipient_SetSenderKey(hRecip, pSendKey, (pKid == NULL) ? 2 : 1, NULL)) goto returnError;
}
return hRecip;
@@ -636,6 +637,7 @@
CHECK_FAILURE(COSE_Recipient_SetSenderKey(hRecipBad, cn, 0, &cose_error), COSE_ERR_INVALID_HANDLE, CFails++);
CHECK_FAILURE(COSE_Recipient_SetSenderKey(hRecip, NULL, 0, &cose_error), COSE_ERR_INVALID_PARAMETER, CFails++);
CHECK_FAILURE(COSE_Recipient_SetSenderKey(hRecip, cn, 3, &cose_error), COSE_ERR_INVALID_PARAMETER, CFails++);
+ CHECK_RETURN(COSE_Recipient_SetSenderKey(hRecip, cn, 0, &cose_error), COSE_ERR_NONE, CFails++);
CHECK_FAILURE(COSE_Recipient_SetExternal(hRecipNULL, rgb, 10, &cose_error), COSE_ERR_INVALID_HANDLE, CFails++);
CHECK_FAILURE(COSE_Recipient_SetExternal(hRecipBad, rgb, 10, &cose_error), COSE_ERR_INVALID_HANDLE, CFails++);
@@ -648,4 +650,37 @@
CHECK_FAILURE(COSE_Recipient_map_put_int(hRecipBad, 1, cn, COSE_PROTECT_ONLY, &cose_error), COSE_ERR_INVALID_HANDLE, CFails++);
CHECK_FAILURE(COSE_Recipient_map_put_int(hRecip, 1, NULL, COSE_PROTECT_ONLY, &cose_error), COSE_ERR_INVALID_PARAMETER, CFails++);
CHECK_FAILURE(COSE_Recipient_map_put_int(hRecip, 1, cn, COSE_PROTECT_ONLY | COSE_UNPROTECT_ONLY, &cose_error), COSE_ERR_INVALID_PARAMETER, CFails++);
-}
\ No newline at end of file
+
+ CHECK_FAILURE(COSE_Recipient_AddRecipient(hRecipNULL, hRecip, &cose_error), COSE_ERR_INVALID_HANDLE, CFails++);
+ CHECK_FAILURE(COSE_Recipient_AddRecipient(hRecipBad, hRecip, &cose_error), COSE_ERR_INVALID_HANDLE, CFails++);
+ CHECK_FAILURE(COSE_Recipient_AddRecipient(hRecip, hRecipNULL, &cose_error), COSE_ERR_INVALID_HANDLE, CFails++);
+ CHECK_FAILURE(COSE_Recipient_AddRecipient(hRecip, hRecipBad, &cose_error), COSE_ERR_INVALID_HANDLE, CFails++);
+
+ COSE_Recipient_Free(hRecip);
+
+ // Unknown algorithms
+
+ HCOSE_ENVELOPED hEnv = COSE_Enveloped_Init(0, CBOR_CONTEXT_PARAM_COMMA NULL);
+ hRecip = COSE_Recipient_Init(0, CBOR_CONTEXT_PARAM_COMMA NULL);
+
+ CHECK_RETURN(COSE_Enveloped_map_put_int(hEnv, COSE_Header_Algorithm, cn_cbor_int_create(COSE_Algorithm_AES_GCM_128, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_PROTECT_ONLY, &cose_error), COSE_ERR_NONE, CFails++);
+ CHECK_RETURN(COSE_Enveloped_SetContent(hEnv, (byte *)"This the body", 13, &cose_error), COSE_ERR_NONE, CFails++);
+ CHECK_RETURN(COSE_Recipient_map_put_int(hRecip, COSE_Header_Algorithm, cn_cbor_int_create(-99, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_UNPROTECT_ONLY, &cose_error), COSE_ERR_NONE, CFails++);
+ CHECK_RETURN(COSE_Enveloped_AddRecipient(hEnv, hRecip, &cose_error), COSE_ERR_NONE, CFails++);
+ CHECK_FAILURE(COSE_Enveloped_encrypt(hEnv, &cose_error), COSE_ERR_UNKNOWN_ALGORITHM, CFails++);
+
+ COSE_Enveloped_Free(hEnv);
+ COSE_Recipient_Free(hRecip);
+
+ hEnv = COSE_Enveloped_Init(0, CBOR_CONTEXT_PARAM_COMMA NULL);
+ hRecip = COSE_Recipient_Init(0, CBOR_CONTEXT_PARAM_COMMA NULL);
+
+ CHECK_RETURN(COSE_Enveloped_map_put_int(hEnv, COSE_Header_Algorithm, cn_cbor_int_create(COSE_Algorithm_AES_GCM_128, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_PROTECT_ONLY, &cose_error), COSE_ERR_NONE, CFails++);
+ CHECK_RETURN(COSE_Enveloped_SetContent(hEnv, (byte *)"This the body", 13, &cose_error), COSE_ERR_NONE, CFails++);
+ CHECK_RETURN(COSE_Recipient_map_put_int(hRecip, COSE_Header_Algorithm, cn_cbor_string_create("Unknown", CBOR_CONTEXT_PARAM_COMMA NULL), COSE_UNPROTECT_ONLY, &cose_error), COSE_ERR_NONE, CFails++);
+ CHECK_RETURN(COSE_Enveloped_AddRecipient(hEnv, hRecip, &cose_error), COSE_ERR_NONE, CFails++);
+ CHECK_FAILURE(COSE_Enveloped_encrypt(hEnv, &cose_error), COSE_ERR_UNKNOWN_ALGORITHM, CFails++);
+
+ COSE_Enveloped_Free(hEnv);
+ COSE_Recipient_Free(hRecip);
+}
diff --git a/test/test.c b/test/test.c
index 7be7116..cb22d57 100644
--- a/test/test.c
+++ b/test/test.c
@@ -168,11 +168,11 @@
int operation;
int keyNew;
} RgStringKeys[7] = {
- { "kty", 0, OPERATION_IGNORE, 0},
- { "kid", 0, OPERATION_NONE, 1},
- { "crv", 2, OPERATION_STRING, -1},
- { "x", 2, OPERATION_BASE64, -2},
- { "y", 2, OPERATION_BASE64, -3},
+ { "kty", 0, OPERATION_IGNORE, COSE_Key_Type},
+ { "kid", 0, OPERATION_NONE, COSE_Key_ID},
+ { "crv", 2, OPERATION_STRING, COSE_Key_EC2_Curve},
+ { "x", 2, OPERATION_BASE64, COSE_Key_EC2_X},
+ { "y", 2, OPERATION_BASE64, COSE_Key_EC2_Y},
{ "d", 2, OPERATION_BASE64, -4},
{ "k", 4, OPERATION_BASE64, -1}
};
