Clean up commented out code
Also enable some algorithms that weren't previously.
diff --git a/dumper/dumper.c b/dumper/dumper.c
index 23feca1..fea6500 100644
--- a/dumper/dumper.c
+++ b/dumper/dumper.c
@@ -237,8 +237,9 @@
{
int i;
- for (i = 0; i < depth; i++)
+ for (i = 0; i < depth; i++) {
WrapPrintF(fp, " ");
+ }
}
void PrintUsage()
@@ -254,8 +255,9 @@
for (i = 0; i < cbor->length; i++) {
if ((cbor->v.bytes[i] < 32) || (cbor->v.bytes[i] > 126) ||
- (cbor->v.bytes[i] == '\''))
+ (cbor->v.bytes[i] == '\'')) {
fText = false;
+ }
}
if (fText && (cbor->length > 0)) {
@@ -290,8 +292,9 @@
if (pFOO != NULL) {
switch (pFOO->type) {
case CN_CBOR_TAG:
- if (cbor->type != CN_CBOR_TAG)
+ if (cbor->type != CN_CBOR_TAG) {
pFOO = NULL;
+ }
break;
default:
break;
@@ -299,10 +302,12 @@
}
if (fField && (pFOO != NULL) && (pFOO->fieldName != NULL)) {
- if (fInComment)
+ if (fInComment) {
WrapPrintF(out, "\\ %s \\ ", pFOO->fieldName);
- else
+ }
+ else {
WrapPrintF(out, "/ %s / ", pFOO->fieldName);
+ }
}
switch (cbor->type) {
@@ -321,16 +326,21 @@
WrapPrintF(out, "[");
cbor2 = cbor->first_child;
for (i = 0; i < cbor->length; i++, cbor2 = cbor2->next) {
- if (i != 0)
+ if (i != 0) {
WrapPrintF(out, ", ");
- if (pFOO == NULL)
+ }
+ if (pFOO == NULL) {
pFoo2 = NULL;
- else if (pFOO->count == 1)
+ }
+ else if (pFOO->count == 1) {
pFoo2 = pFOO->children;
- else if (i >= pFOO->count)
+ }
+ else if (i >= pFOO->count) {
pFoo2 = NULL;
- else
+ }
+ else {
pFoo2 = &pFOO->children[i];
+ }
WrapPrintF(out, "\n");
Indent(out, depth + 1);
@@ -364,23 +374,28 @@
// Locate the right entry in foo
for (i2 = 0, pFoo2 = pFOO->children; i2 < pFOO->count;
pFoo2++, i2 += 1) {
- if ((unsigned)pFoo2->type != cbor2->type)
+ if ((unsigned)pFoo2->type != cbor2->type) {
continue;
+ }
switch (cbor2->type) {
case CN_CBOR_UINT:
if ((group != 0) && (pFoo2->group != 0) &&
- (pFoo2->group != group))
+ (pFoo2->group != group)) {
continue;
- if (pFoo2->value == (int)cbor2->v.uint)
+ }
+ if (pFoo2->value == (int)cbor2->v.uint) {
i2 = pFOO->count + 1;
+ }
break;
case CN_CBOR_INT:
if ((group != 0) && (pFoo2->group != 0) &&
- (pFoo2->group != group))
+ (pFoo2->group != group)) {
continue;
- if (pFoo2->value == cbor2->v.sint)
+ }
+ if (pFoo2->value == cbor2->v.sint) {
i2 = pFOO->count + 1;
+ }
break;
default:
@@ -388,14 +403,17 @@
break;
}
- if (i2 == pFOO->count + 1)
+ if (i2 == pFOO->count + 1) {
break;
+ }
}
- if (i2 == pFOO->count)
+ if (i2 == pFOO->count) {
pFoo2 = NULL;
+ }
}
- if (i != 0)
+ if (i != 0) {
WrapPrintF(out, ", ");
+ }
WrapPrintF(out, "\n");
Indent(out, depth + 1);
DumpTree(cbor2, out, pFoo2, depth + 1, true, false, fInComment);
@@ -432,10 +450,12 @@
if ((pFoo2->type == CN_CBOR_INT) &&
(pFoo2->value == cbor->v.sint)) {
if (pFoo2->fieldName != NULL) {
- if (fInComment)
+ if (fInComment) {
WrapPrintF(out, " \\ %s \\", pFoo2->fieldName);
- else
+ }
+ else {
WrapPrintF(out, " / %s /", pFoo2->fieldName);
+ }
}
break;
}
@@ -451,10 +471,12 @@
if ((pFoo2->type == CN_CBOR_UINT) &&
(pFoo2->value == (int)cbor->v.uint)) {
if (pFoo2->fieldName != NULL) {
- if (fInComment)
+ if (fInComment) {
WrapPrintF(out, " \\ %s \\", pFoo2->fieldName);
- else
+ }
+ else {
WrapPrintF(out, " / %s /", pFoo2->fieldName);
+ }
}
break;
}
@@ -504,27 +526,36 @@
if (strcmp(&argv[i][1], "someoption") == 0) {
} else if (strcmp(&argv[i][1], "xml=yes") == 0) {
forXML = true;
- } else if (strcmp(&argv[i][1], "xml=no") == 0)
+ } else if (strcmp(&argv[i][1], "xml=no") == 0) {
forXML = false;
+ }
else if (strncmp(&argv[i][1], "wrap=", 5) == 0) {
WrapLineAt = atoi(&argv[i][6]);
} else if (strncmp(&argv[i][1], "type=", 5) == 0) {
- if (strcmp(&argv[i][1], "type=encrypt") == 0)
+ if (strcmp(&argv[i][1], "type=encrypt") == 0) {
root = &EncryptedMessage;
- else if (strcmp(&argv[i][1], "type=envelope") == 0)
+ }
+ else if (strcmp(&argv[i][1], "type=envelope") == 0) {
root = &EnvelopedMessage;
- else if (strcmp(&argv[i][1], "type=signed") == 0)
+ }
+ else if (strcmp(&argv[i][1], "type=signed") == 0) {
root = &SignedMessage;
- else if (strcmp(&argv[i][1], "type=mac") == 0)
+ }
+ else if (strcmp(&argv[i][1], "type=mac") == 0) {
root = &MacMessage;
- else if (strcmp(&argv[i][1], "type=mac0") == 0)
+ }
+ else if (strcmp(&argv[i][1], "type=mac0") == 0) {
root = &Mac0Message;
- else if (strcmp(&argv[i][1], "type=keyset") == 0)
+ }
+ else if (strcmp(&argv[i][1], "type=keyset") == 0) {
root = &KeySet;
- else if (strcmp(&argv[i][1], "type=key") == 0)
+ }
+ else if (strcmp(&argv[i][1], "type=key") == 0) {
root = &Key;
- else
+ }
+ else {
PrintUsage();
+ }
} else {
PrintUsage();
exit(1);
@@ -560,8 +591,9 @@
// OPEN_O_BINARY);
#endif
}
- if (out == NULL)
+ if (out == NULL) {
out = stdout;
+ }
// Read the input to a buffer - needed for the parser
diff --git a/include/cose/cose_configure.h.in b/include/cose/cose_configure.h.in
index 718b57f..3f97ffd 100644
--- a/include/cose/cose_configure.h.in
+++ b/include/cose/cose_configure.h.in
@@ -24,6 +24,10 @@
#include <openssl/opensslv.h>
#endif
+#if defined(COSE_C_USE_MBEDTLS)
+#include <mbedtls/config.h>
+#endif
+
//
// Define which AES GCM algorithms are being used
//
@@ -82,7 +86,6 @@
// Define which ECDH algorithms are to be used
//
-#if !defined(COSE_C_USE_MBEDTLS)
#define USE_ECDH_ES_HKDF_256
#define USE_ECDH_ES_HKDF_512
#define USE_ECDH_SS_HKDF_256
@@ -92,9 +95,8 @@
#define USE_ECDH 1
#define USE_HKDF_SHA2 1
#endif
-#endif // !defined(COSE_C_USE_MBEDTLS)
-#if !defined(COSE_C_USE_MBEDTLS)
+#if !defined(COSE_C_USE_MBEDTLS) || defined(MBEDTLS_NIST_KW_C)
#define USE_ECDH_ES_A128KW
#define USE_ECDH_ES_A192KW
#define USE_ECDH_ES_A256KW
@@ -113,7 +115,7 @@
// Define which Key Wrap functions are to be used
//
-#if !defined(COSE_C_USE_MBEDTLS)
+#if !defined(COSE_C_USE_MBEDTLS) || defined(MBEDTLS_NIST_KW_C)
#define USE_AES_KW_128
#define USE_AES_KW_192
#define USE_AES_KW_256
@@ -123,15 +125,15 @@
// Define which of the DIRECT + KDF algorithms are to be used
//
-#if !defined(COSE_C_USE_MBEDTLS)
#define USE_Direct_HKDF_HMAC_SHA_256
#define USE_Direct_HKDF_HMAC_SHA_512
-#define USE_Direct_HKDF_AES_128
-#define USE_Direct_HKDF_AES_256
#if defined(USE_Direct_HKDF_HMAC_SHA_256) || \
defined(USE_Direct_HKDF_HMAC_SHA_512)
#define USE_HKDF_SHA2 1
#endif
+#if !defined(COSE_C_USE_MBEDTLS)
+#define USE_Direct_HKDF_AES_128
+#define USE_Direct_HKDF_AES_256
#if defined(USE_Direct_HKDF_AES_128) || defined(USE_Direct_KDF_AES_256)
#define USE_HKDF_AES 1
#endif
diff --git a/src/mbedtls.c b/src/mbedtls.c
index 8577dec..6727c14 100644
--- a/src/mbedtls.c
+++ b/src/mbedtls.c
@@ -20,11 +20,13 @@
#include "mbedtls/ecp.h"
#include "mbedtls/ecdh.h"
#include "mbedtls/nist_kw.h"
+#include "mbedtls/hkdf.h"
static bool FUseCompressed = true;
#define MIN(A, B) ((A) < (B) ? (A) : (B))
+#ifdef INCLUDE_AES_CCM
bool AES_CCM_Decrypt(COSE_Enveloped *pcose,
int TSize,
int LSize,
@@ -52,12 +54,14 @@
// Setup the IV/Nonce and put it into the message
pIV = _COSE_map_get_int(&pcose->m_message, COSE_Header_IV, COSE_BOTH, NULL);
if ((pIV == NULL) || (pIV->type != CN_CBOR_BYTES)) {
- if (perr != NULL)
+ if (perr != NULL) {
perr->err = COSE_ERR_INVALID_PARAMETER;
+ }
errorReturn:
- if (rgbOut != NULL)
+ if (rgbOut != NULL) {
COSE_FREE(rgbOut, context);
+ }
mbedtls_ccm_free(&ctx);
return false;
}
@@ -129,8 +133,9 @@
pbIV = NULL;
if (!_COSE_map_put(&pcose->m_message, COSE_Header_IV, cbor_iv_t,
- COSE_UNPROTECT_ONLY, perr))
+ COSE_UNPROTECT_ONLY, perr)) {
goto errorReturn;
+ }
cbor_iv_t = NULL;
}
else {
@@ -172,18 +177,25 @@
return true;
errorReturn:
- if (pbIV != NULL)
+ if (pbIV != NULL) {
COSE_FREE(pbIV, context);
- if (cbor_iv_t != NULL)
+ }
+ if (cbor_iv_t != NULL) {
COSE_FREE(cbor_iv_t, context);
- if (rgbOut != NULL)
+ }
+ if (rgbOut != NULL) {
COSE_FREE(rgbOut, context);
- if (cnTmp != NULL)
+ }
+ if (cnTmp != NULL) {
COSE_FREE(cnTmp, context);
+ }
mbedtls_ccm_free(&ctx);
return false;
}
+#endif
+
+#ifdef USE_AES_GCM
bool AES_GCM_Decrypt(COSE_Enveloped *pcose,
const byte *pbKey,
size_t cbKey,
@@ -210,12 +222,14 @@
pIV = _COSE_map_get_int(&pcose->m_message, COSE_Header_IV, COSE_BOTH, NULL);
if ((pIV == NULL) || (pIV->type != CN_CBOR_BYTES)) {
- if (perr != NULL)
+ if (perr != NULL) {
perr->err = COSE_ERR_INVALID_PARAMETER;
+ }
errorReturn:
- if (rgbOut != NULL)
+ if (rgbOut != NULL) {
COSE_FREE(rgbOut, context);
+ }
mbedtls_gcm_free(&ctx);
return false;
}
@@ -258,9 +272,10 @@
// CHECK TAG HERE
bool f = false;
- byte *pb = pbCrypto + cbOut;
- for (int i = 0; i < (unsigned int)TSize; i++)
+ const byte *pb = pbCrypto + cbOut;
+ for (int i = 0; i < (unsigned int)TSize; i++) {
f |= (pb[i] != tag[i]);
+ }
CHECK_CONDITION(!f, COSE_ERR_CRYPTO_FAIL);
mbedtls_gcm_free(&ctx);
@@ -307,8 +322,9 @@
pbIV = NULL;
if (!_COSE_map_put(&pcose->m_message, COSE_Header_IV, cbor_iv_t,
- COSE_UNPROTECT_ONLY, perr))
+ COSE_UNPROTECT_ONLY, perr)) {
goto errorReturn;
+ }
cbor_iv_t = NULL;
}
else {
@@ -362,140 +378,22 @@
return true;
errorReturn:
- if (pbIV != NULL)
+ if (pbIV != NULL) {
COSE_FREE(pbIV, context);
- if (cbor_iv_t != NULL)
+ }
+ if (cbor_iv_t != NULL) {
COSE_FREE(cbor_iv_t, context);
- if (rgbOut != NULL)
+ }
+ if (rgbOut != NULL) {
COSE_FREE(rgbOut, context);
+ }
mbedtls_gcm_free(&ctx);
return false;
}
-/*
-bool AES_CBC_MAC_Create(COSE_MacMessage * pcose, int TSize, const byte * pbKey,
-size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr)
-{
- const EVP_CIPHER * pcipher = NULL;
- EVP_CIPHER_CTX ctx;
- int cbOut;
- byte rgbIV[16] = { 0 };
- byte * rgbOut = NULL;
- bool f = false;
- unsigned int i;
- cn_cbor * cn = NULL;
-#ifdef USE_CBOR_CONTEXT
- cn_cbor_context * context = &pcose->m_message.m_allocContext;
#endif
- EVP_CIPHER_CTX_init(&ctx);
- rgbOut = COSE_CALLOC(16, 1, context);
- CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
-
- switch (cbKey*8) {
- case 128:
- pcipher = EVP_aes_128_cbc();
- break;
-
- case 256:
- pcipher = EVP_aes_256_cbc();
- break;
-
- default:
- FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
- }
-
- // Setup and run the OpenSSL code
-
- CHECK_CONDITION(EVP_EncryptInit_ex(&ctx, pcipher, NULL, pbKey, rgbIV),
-COSE_ERR_CRYPTO_FAIL);
-
- for (i = 0; i < (unsigned int)cbAuthData / 16; i++) {
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, pbAuthData + (i
-* 16), 16), COSE_ERR_CRYPTO_FAIL);
- }
- if (cbAuthData % 16 != 0) {
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, pbAuthData + (i
-* 16), cbAuthData % 16), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbOut, &cbOut, rgbIV, 16 -
-(cbAuthData % 16)), COSE_ERR_CRYPTO_FAIL);
- }
-
- cn = cn_cbor_data_create(rgbOut, TSize / 8, CBOR_CONTEXT_PARAM_COMMA NULL);
- CHECK_CONDITION(cn != NULL, COSE_ERR_OUT_OF_MEMORY);
- rgbOut = NULL;
-
- CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cn, INDEX_MAC_TAG,
-CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR); cn = NULL;
-
- EVP_CIPHER_CTX_cleanup(&ctx);
- return !f;
-
-errorReturn:
- if (rgbOut != NULL) COSE_FREE(rgbOut, context);
- if (cn != NULL) CN_CBOR_FREE(cn, context);
- EVP_CIPHER_CTX_cleanup(&ctx);
- return false;
-}
-
-bool AES_CBC_MAC_Validate(COSE_MacMessage * pcose, int TSize, const byte *
-pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback *
-perr)
-{
- const EVP_CIPHER * pcipher = NULL;
- EVP_CIPHER_CTX ctx;
- int cbOut;
- byte rgbIV[16] = { 0 };
- byte rgbTag[16] = { 0 };
- bool f = false;
- unsigned int i;
-
- switch (cbKey*8) {
- case 128:
- pcipher = EVP_aes_128_cbc();
- break;
-
- case 256:
- pcipher = EVP_aes_256_cbc();
- break;
-
- default:
- FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
- }
-
- // Setup and run the OpenSSL code
-
- EVP_CIPHER_CTX_init(&ctx);
- CHECK_CONDITION(EVP_EncryptInit_ex(&ctx, pcipher, NULL, pbKey, rgbIV),
-COSE_ERR_CRYPTO_FAIL);
-
- TSize /= 8;
-
- for (i = 0; i < (unsigned int) cbAuthData / 16; i++) {
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbTag, &cbOut,
-pbAuthData+(i*16), 16), COSE_ERR_CRYPTO_FAIL);
- }
- if (cbAuthData % 16 != 0) {
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbTag, &cbOut, pbAuthData + (i
-* 16), cbAuthData % 16), COSE_ERR_CRYPTO_FAIL);
- CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbTag, &cbOut, rgbIV, 16 -
-(cbAuthData % 16)), COSE_ERR_CRYPTO_FAIL);
- }
-
- cn_cbor * cn = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_TAG);
- CHECK_CONDITION(cn != NULL, COSE_ERR_CBOR);
-
- for (i = 0; i < (unsigned int)TSize; i++) f |= (cn->v.bytes[i] !=
-rgbTag[i]);
-
- EVP_CIPHER_CTX_cleanup(&ctx);
- return !f;
-
-errorReturn:
- EVP_CIPHER_CTX_cleanup(&ctx);
- return false;
-}
#if 0
// We are doing CBC-MAC not CMAC at this time
@@ -549,6 +447,7 @@
}
#endif
+#ifdef USE_HKDF_AES
bool HKDF_AES_Expand(COSE * pcose, size_t cbitKey, const byte * pbPRK, size_t
cbPRK, const byte * pbInfo, size_t cbInfo, byte * pbOutput, size_t cbOutput,
cose_errback * perr)
@@ -610,8 +509,9 @@
EVP_CIPHER_CTX_cleanup(&ctx);
return false;
}
-*/
+#endif
+#if defined(USE_HKDF_SHA2)
bool HKDF_Extract(COSE *pcose,
const byte *pbKey,
size_t cbKey,
@@ -722,52 +622,10 @@
return true;
}
-/*
-void dump_output(byte* b, size_t s){
- for(int i = 0; i < s; i++){
- printf("%02x", *b);
- b++;
- }
- printf("\n");
-}
+#endif
-void diff(unsigned char* a, size_t a_l, unsigned char* b, size_t b_l){
- size_t s;
- s = (a_l < b_l) ? a_l : b_l;
- unsigned char* tmp = a;
- printf("size = %d\n",s );
-// printf("%02x\n", *tmp);
- int i;
- for(i = 0; i < s; ++i){
- printf("%02x", *tmp);
- tmp++;
- }
- printf("\n");
- tmp = b;
- for(i = 0; i < s; ++i){
- printf("%02x", *tmp);
- tmp++;
- }
- printf("\n");
-
- for(i = 0; i < s; ++i){
-
- if(*a != *b){
- printf("^^");
-
- } else {
- printf("__");
-
- }
-
- a++;
- b++;
- }
- printf("\n");
-}
-*/
-
+#ifdef USE_HMAC
bool HMAC_Create(COSE_MacMessage *pcose,
int HSize,
int TSize,
@@ -887,10 +745,12 @@
cn_cbor *cn = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_TAG);
CHECK_CONDITION(cn != NULL, COSE_ERR_CBOR);
- if (cn->length > (int)cbOut)
+ if (cn->length > (int)cbOut) {
return false;
- for (i = 0; i < (unsigned int)TSize / 8; i++)
+ }
+ for (i = 0; i < (unsigned int)TSize / 8; i++) {
f |= (cn->v.bytes[i] != rgbOut[i]);
+ }
mbedtls_md_free(&contx);
return !f;
@@ -900,6 +760,7 @@
mbedtls_md_free(&contx);
return false;
}
+#endif
#define COSE_Key_EC_Curve -1
#define COSE_Key_EC_X -2
@@ -992,94 +853,6 @@
return false;
}
-/*
-cn_cbor * EC_FromKey(const EC_KEY * pKey, CBOR_CONTEXT_COMMA cose_errback *
-perr)
-{
- cn_cbor * pkey = NULL;
- const EC_GROUP * pgroup;
- int cose_group;
- cn_cbor * p = NULL;
- cn_cbor_errback cbor_error;
- const EC_POINT * pPoint;
- size_t cbSize;
- byte * pbOut = NULL;
-
- pgroup = EC_KEY_get0_group(pKey);
- CHECK_CONDITION(pgroup != NULL, COSE_ERR_INVALID_PARAMETER);
-
- switch (EC_GROUP_get_curve_name(pgroup)) {
- case NID_X9_62_prime256v1: cose_group = 1; break;
- case NID_secp384r1: cose_group = 2; break;
- case NID_secp521r1: cose_group = 3; break;
-
- default:
- FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
- }
-
- pkey = cn_cbor_map_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error);
- CHECK_CONDITION_CBOR(pkey != NULL, cbor_error);
-
- p = cn_cbor_int_create(cose_group, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
- CHECK_CONDITION_CBOR(p != NULL, cbor_error);
- CHECK_CONDITION_CBOR(cn_cbor_mapput_int(pkey, COSE_Key_EC_Curve, p,
-CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error); p = NULL;
-
- pPoint = EC_KEY_get0_public_key(pKey);
- CHECK_CONDITION(pPoint != NULL, COSE_ERR_INVALID_PARAMETER);
-
- if (FUseCompressed) {
- cbSize = EC_POINT_point2oct(pgroup, pPoint, POINT_CONVERSION_COMPRESSED,
-NULL, 0, NULL); CHECK_CONDITION(cbSize > 0, COSE_ERR_CRYPTO_FAIL); pbOut =
-COSE_CALLOC(cbSize, 1, context); CHECK_CONDITION(pbOut != NULL,
-COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(EC_POINT_point2oct(pgroup, pPoint,
-POINT_CONVERSION_COMPRESSED, pbOut, cbSize, NULL) == cbSize,
-COSE_ERR_CRYPTO_FAIL);
- }
- else {
- cbSize = EC_POINT_point2oct(pgroup, pPoint,
-POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL); CHECK_CONDITION(cbSize > 0,
-COSE_ERR_CRYPTO_FAIL); pbOut = COSE_CALLOC(cbSize, 1, context);
- CHECK_CONDITION(pbOut != NULL, COSE_ERR_OUT_OF_MEMORY);
- CHECK_CONDITION(EC_POINT_point2oct(pgroup, pPoint,
-POINT_CONVERSION_UNCOMPRESSED, pbOut, cbSize, NULL) == cbSize,
-COSE_ERR_CRYPTO_FAIL);
- }
- p = cn_cbor_data_create(pbOut+1, (int) (cbSize / 2),
-CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(p != NULL,
-cbor_error); CHECK_CONDITION_CBOR(cn_cbor_mapput_int(pkey, COSE_Key_EC_X, p,
-CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error); p = NULL;
-
- if (FUseCompressed) {
- p = cn_cbor_bool_create(pbOut[0] & 1, CBOR_CONTEXT_PARAM_COMMA
-&cbor_error); CHECK_CONDITION_CBOR(p != NULL, cbor_error);
- CHECK_CONDITION_CBOR(cn_cbor_mapput_int(pkey, COSE_Key_EC_Y, p,
-CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error); p = NULL;
- }
- else {
- p = cn_cbor_data_create(pbOut + cbSize / 2 + 1, (int)(cbSize / 2),
-CBOR_CONTEXT_PARAM_COMMA &cbor_error); pbOut = NULL; // It is already part of
-the other one. CHECK_CONDITION_CBOR(p != NULL, cbor_error);
- CHECK_CONDITION_CBOR(cn_cbor_mapput_int(pkey, COSE_Key_EC_Y, p,
-CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error); p = NULL;
- }
-
- p = cn_cbor_int_create(COSE_Key_Type_EC2, CBOR_CONTEXT_PARAM_COMMA
-&cbor_error); CHECK_CONDITION_CBOR(p != NULL, cbor_error);
- CHECK_CONDITION_CBOR(cn_cbor_mapput_int(pkey, COSE_Key_Type, p,
-CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error); p = NULL;
-
-returnHere:
- if (pbOut != NULL) COSE_FREE(pbOut, context);
- if (p != NULL) CN_CBOR_FREE(p, context);
- return pkey;
-
-errorReturn:
- CN_CBOR_FREE(pkey, context);
- pkey = NULL;
- goto returnHere;
-}
-*/
bool ECDSA_Sign(COSE *pSigner,
int index,
@@ -1109,8 +882,9 @@
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
- if (!ECKey_From(pKey, &keypair, perr))
+ if (!ECKey_From(pKey, &keypair, perr)) {
goto errorReturn;
+ }
CHECK_CONDITION(keypair.d.n != 0, COSE_ERR_INVALID_PARAMETER);
@@ -1194,8 +968,9 @@
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
- if (!ECKey_From(pKey, &keypair, perr))
+ if (!ECKey_From(pKey, &keypair, perr)) {
goto errorReturn;
+ }
switch (cbitDigest) {
case 256:
@@ -1242,7 +1017,7 @@
return result;
}
-#ifdef MBEDTLS_NIST_KW_C
+#if defined(MBEDTLS_NIST_KW_C)
bool AES_KW_Decrypt(COSE_Enveloped *pcose,
const byte *pbKeyIn,
size_t cbitKey,
@@ -1320,7 +1095,7 @@
mbedtls_nist_kw_free(&ctx);
return false;
}
-#endif // MBEDTLS_NIST_KW_C
+#endif
/*
//#include <stdio.h> //TODO
@@ -1372,7 +1147,7 @@
}
*/
-mbedtls_ctr_drbg_context ctx;
+mbedtls_ctr_drbg_context ctxRandom;
int ctx_setup = 0;
mbedtls_entropy_context entropy;
@@ -1383,9 +1158,9 @@
if (!ctx_setup) {
mbedtls_entropy_init(&entropy);
- mbedtls_ctr_drbg_init(&ctx);
+ mbedtls_ctr_drbg_init(&ctxRandom);
- mbedtls_ctr_drbg_seed_entropy_len(&ctx, mbedtls_entropy_func,
+ mbedtls_ctr_drbg_seed_entropy_len(&ctxRandom, mbedtls_entropy_func,
(void *)&entropy, nonce_pers_pr, 16, 32);
ctx_setup = 1;
@@ -1394,7 +1169,7 @@
// mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON
// );
- mbedtls_ctr_drbg_random(&ctx, pb, cb);
+ mbedtls_ctr_drbg_random(&ctxRandom, pb, cb);
// mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE );
// memcmp( buf, result_pr, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
