Setup the configuration file
We can now turn individual algorithms on and off
diff --git a/src/Encrypt.c b/src/Encrypt.c
index 6c39d06..4f14c93 100644
--- a/src/Encrypt.c
+++ b/src/Encrypt.c
@@ -211,33 +211,71 @@
alg = (int) cn->v.uint;
switch (alg) {
-#ifdef INCLUDE_AES_CCM
+#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
cbitKey = 128;
break;
+#endif
+#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
cbitKey = 256;
break;
-#endif // INCLUDE_AES_CCM
+#endif
+#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
cbitKey = 128;
break;
+#endif
+#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
cbitKey = 192;
break;
+#endif USE_AES_GCM_192
+#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
cbitKey = 256;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -279,33 +317,67 @@
CHECK_CONDITION(cn != NULL, COSE_ERR_INVALID_PARAMETER);
switch (alg) {
-#ifdef INCLUDE_AES_CCM
+#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
+ if (!AES_CCM_Decrypt(pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
if (!AES_CCM_Decrypt(pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
+#endif
+#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
+ if (!AES_CCM_Decrypt(pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
if (!AES_CCM_Decrypt(pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
+#endif
+#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
+ if (!AES_CCM_Decrypt(pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
if (!AES_CCM_Decrypt(pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
+#endif
+#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
+ if (!AES_CCM_Decrypt(pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
if (!AES_CCM_Decrypt(pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
-#endif // INCLUDE_AES_CCM
+#endif
+#ifdef USE_AES_GCM
+#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
+#endif
+#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
+#endif
+#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
+#endif
if (!AES_GCM_Decrypt(pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -352,25 +424,63 @@
// Get the key size
switch (alg) {
-#ifdef INCLUDE_AES_CCM
+#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
cbitKey = 128;
break;
+#endif
+#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
cbitKey = 256;
break;
-#endif // INCLUDE_AES_CCM
+#endif
+#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128: cbitKey = 128; break;
+#endif
+#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192: cbitKey = 192; break;
+#endif
+#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256: cbitKey = 256; break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -412,33 +522,67 @@
if (!_COSE_Encrypt_Build_AAD(&pcose->m_message, &pbAuthData, &cbAuthData, "Enveloped", perr)) goto errorReturn;
switch (alg) {
-#ifdef INCLUDE_AES_CCM
+#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
+ if (!AES_CCM_Encrypt(pcose, 64, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
if (!AES_CCM_Encrypt(pcose, 64, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
+ if (!AES_CCM_Encrypt(pcose, 128, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
if (!AES_CCM_Encrypt(pcose, 128, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
+ if (!AES_CCM_Encrypt(pcose, 64, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
if (!AES_CCM_Encrypt(pcose, 64, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
+ if (!AES_CCM_Encrypt(pcose, 128, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
if (!AES_CCM_Encrypt(pcose, 128, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
+#ifdef USE_AES_GCM
+#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
+#endif
+#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
+#endif
+#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
+#endif
if (!AES_GCM_Encrypt(pcose, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
diff --git a/src/Encrypt0.c b/src/Encrypt0.c
index 0d8e78b..bca0487 100644
--- a/src/Encrypt0.c
+++ b/src/Encrypt0.c
@@ -164,33 +164,71 @@
alg = (int) cn->v.uint;
switch (alg) {
-#ifdef INCLUDE_AES_CCM
+#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
cbitKey = 128;
break;
+#endif
+#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
cbitKey = 256;
break;
-#endif // INCLUDE_AES_CCM
+#endif
+#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
cbitKey = 128;
break;
+#endif
+#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
cbitKey = 192;
break;
+#endif
+#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
cbitKey = 256;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -220,33 +258,71 @@
CHECK_CONDITION(cn != NULL, COSE_ERR_INVALID_PARAMETER);
switch (alg) {
-#ifdef INCLUDE_AES_CCM
+#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
+ if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 64, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
+#endif
+#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
+ if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 128, 16, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
+#endif
+#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
+ if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 64, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
+#endif
+#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
+ if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
if (!AES_CCM_Decrypt((COSE_Enveloped *)pcose, 128, 64, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
-#endif // INCLUDE_AES_CCM
+#endif
+#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
+ if (!AES_GCM_Decrypt((COSE_Enveloped *)pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
+ if (!AES_GCM_Decrypt((COSE_Enveloped *)pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
+ break;
+#endif
+
+#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
if (!AES_GCM_Decrypt((COSE_Enveloped *)pcose, pbKey, cbitKey / 8, cn->v.bytes, cn->length, pbAuthData, cbAuthData, perr)) goto error;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -288,25 +364,65 @@
// Get the key size
switch (alg) {
-#ifdef INCLUDE_AES_CCM
+#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
cbitKey = 128;
break;
+#endif
+#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
cbitKey = 256;
break;
-#endif // INCLUDE_AES_CCM
+#endif
+#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128: cbitKey = 128; break;
+#endif
+
+#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192: cbitKey = 192; break;
+#endif
+
+#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256: cbitKey = 256; break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -323,33 +439,67 @@
if (!_COSE_Encrypt_Build_AAD(&pcose->m_message, &pbAuthData, &cbAuthData, "Encrypted", perr)) goto errorReturn;
switch (alg) {
-#ifdef INCLUDE_AES_CCM
+#ifdef USE_AES_CCM_16_64_128
case COSE_Algorithm_AES_CCM_16_64_128:
+ if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 64, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_64_256
case COSE_Algorithm_AES_CCM_16_64_256:
if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 64, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CCM_16_128_128
case COSE_Algorithm_AES_CCM_16_128_128:
+ if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 128, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_16_128_256
case COSE_Algorithm_AES_CCM_16_128_256:
if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 128, 16, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CCM_64_64_128
case COSE_Algorithm_AES_CCM_64_64_128:
+ if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 64, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_64_256
case COSE_Algorithm_AES_CCM_64_64_256:
if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 64, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CCM_64_128_128
case COSE_Algorithm_AES_CCM_64_128_128:
+ if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 128, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CCM_64_128_256
case COSE_Algorithm_AES_CCM_64_128_256:
if (!AES_CCM_Encrypt((COSE_Enveloped *)pcose, 128, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
#endif
+#ifdef USE_AES_GCM
+#ifdef USE_AES_GCM_128
case COSE_Algorithm_AES_GCM_128:
+#endif
+#ifdef USE_AES_GCM_192
case COSE_Algorithm_AES_GCM_192:
+#endif
+#ifdef USE_AES_GCM_256
case COSE_Algorithm_AES_GCM_256:
+#endif
if (!AES_GCM_Encrypt((COSE_Enveloped *)pcose, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
diff --git a/src/MacMessage.c b/src/MacMessage.c
index 6a1a9f8..74733ef 100644
--- a/src/MacMessage.c
+++ b/src/MacMessage.c
@@ -330,25 +330,53 @@
// Get the key size
switch (alg) {
- case COSE_Algorithm_CBC_MAC_128_64:
+#ifdef USE_AES_CBC_MAC_128_64
+ case COSE_Algorithm_CBC_MAC_128_64:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_128_128
case COSE_Algorithm_CBC_MAC_128_128:
- cbitKey = 128;
+ cbitKey = 128;
break;
+#endif
- case COSE_Algorithm_CBC_MAC_256_64:
- case COSE_Algorithm_CBC_MAC_256_128:
- case COSE_Algorithm_HMAC_256_64:
- case COSE_Algorithm_HMAC_256_256:
- cbitKey = 256;
+#ifdef USE_AES_CBC_MAC_256_64
+ case COSE_Algorithm_CBC_MAC_256_64:
+ cbitKey = 256;
break;
+#endif
- case COSE_Algorithm_HMAC_384_384:
- cbitKey = 384;
+#ifdef USE_AES_CBC_MAC_256_128
+ case COSE_Algorithm_CBC_MAC_256_128:
+ cbitKey = 256;
break;
+#endif
- case COSE_Algorithm_HMAC_512_512:
- cbitKey = 512;
+#ifdef USE_HMAC_256_64
+ case COSE_Algorithm_HMAC_256_64:
+ cbitKey = 256;
break;
+#endif
+
+#ifdef USE_HMAC_256_256
+ case COSE_Algorithm_HMAC_256_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_HMAC_384_384
+ case COSE_Algorithm_HMAC_384_384:
+ cbitKey = 384;
+ break;
+#endif
+
+#ifdef USE_HMAC_512_512
+ case COSE_Algorithm_HMAC_512_512:
+ cbitKey = 512;
+ break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -390,31 +418,53 @@
if (!_COSE_Mac_Build_AAD(&pcose->m_message, "MAC", &pbAuthData, &cbAuthData, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
switch (alg) {
+#ifdef USE_AES_CBC_MAC_128_64
case COSE_Algorithm_CBC_MAC_128_64:
+ if (!AES_CBC_MAC_Create(pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_256_64
case COSE_Algorithm_CBC_MAC_256_64:
if (!AES_CBC_MAC_Create(pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CBC_MAC_128_128
case COSE_Algorithm_CBC_MAC_128_128:
+ if (!AES_CBC_MAC_Create(pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_256_128
case COSE_Algorithm_CBC_MAC_256_128:
if (!AES_CBC_MAC_Create(pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_256_64
case COSE_Algorithm_HMAC_256_64:
if (!HMAC_Create(pcose, 256, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_256_256
case COSE_Algorithm_HMAC_256_256:
if (!HMAC_Create(pcose, 256, 256, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_384_348
case COSE_Algorithm_HMAC_384_384:
if (!HMAC_Create(pcose, 384, 384, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_512_512
case COSE_Algorithm_HMAC_512_512:
if (!HMAC_Create(pcose, 512, 512, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
@@ -472,26 +522,53 @@
alg = (int)cn->v.uint;
switch (alg) {
+#ifdef USE_AES_CBC_MAC_128_64
case COSE_Algorithm_CBC_MAC_128_64:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_128_128
case COSE_Algorithm_CBC_MAC_128_128:
cbitKey = 128;
break;
+#endif
- case COSE_Algorithm_CBC_MAC_256_64:
- case COSE_Algorithm_CBC_MAC_256_128:
- case COSE_Algorithm_HMAC_256_64:
- case COSE_Algorithm_HMAC_256_256:
- cbitKey = 256;
+#ifdef USE_AES_CBC_MAC_256_64
+ case COSE_Algorithm_CBC_MAC_256_64:
+ cbitKey = 256;
break;
+#endif
- case COSE_Algorithm_HMAC_384_384:
- cbitKey = 384;
+#ifdef USE_AES_CBC_MAC_256_128
+ case COSE_Algorithm_CBC_MAC_256_128:
+ cbitKey = 256;
break;
+#endif
- case COSE_Algorithm_HMAC_512_512:
- cbitKey = 512;
+#ifdef USE_HMAC_256_64
+ case COSE_Algorithm_HMAC_256_64:
+ cbitKey = 256;
break;
+#endif
+#ifdef USE_HMAC_256_256
+ case COSE_Algorithm_HMAC_256_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_HMAC_384_384
+ case COSE_Algorithm_HMAC_384_384:
+ cbitKey = 384;
+ break;
+#endif
+
+#ifdef USE_HMAC_512_512
+ case COSE_Algorithm_HMAC_512_512:
+ cbitKey = 512;
+ break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
break;
@@ -522,31 +599,53 @@
if (!_COSE_Mac_Build_AAD(&pcose->m_message, "MAC", &pbAuthData, &cbAuthData, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
switch (alg) {
+#ifdef USE_HMAC_256_256
case COSE_Algorithm_HMAC_256_256:
if (!HMAC_Validate(pcose, 256, 256, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_256_64
case COSE_Algorithm_HMAC_256_64:
if (!HMAC_Validate(pcose, 256, 64, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_384_384
case COSE_Algorithm_HMAC_384_384:
if (!HMAC_Validate(pcose, 384, 384, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_512_512
case COSE_Algorithm_HMAC_512_512:
if (!HMAC_Validate(pcose, 512, 512, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CBC_MAC_128_64
case COSE_Algorithm_CBC_MAC_128_64:
+ if (!AES_CBC_MAC_Validate(pcose, 64, pbKey, cbitKey / 8, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_256_64
case COSE_Algorithm_CBC_MAC_256_64:
if (!AES_CBC_MAC_Validate(pcose, 64, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CBC_MAC_128_128
case COSE_Algorithm_CBC_MAC_128_128:
+ if (!AES_CBC_MAC_Validate(pcose, 128, pbKey, cbitKey / 8, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_256_128
case COSE_Algorithm_CBC_MAC_256_128:
if (!AES_CBC_MAC_Validate(pcose, 128, pbKey, cbitKey/8, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
diff --git a/src/MacMessage0.c b/src/MacMessage0.c
index 04b781b..11a6542 100644
--- a/src/MacMessage0.c
+++ b/src/MacMessage0.c
@@ -227,25 +227,53 @@
// Get the key size
switch (alg) {
+#ifdef USE_AES_CBC_MAC_128_64
case COSE_Algorithm_CBC_MAC_128_64:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_128_128
case COSE_Algorithm_CBC_MAC_128_128:
cbitKey = 128;
break;
+#endif
- case COSE_Algorithm_CBC_MAC_256_64:
- case COSE_Algorithm_CBC_MAC_256_128:
- case COSE_Algorithm_HMAC_256_64:
- case COSE_Algorithm_HMAC_256_256:
- cbitKey = 256;
+#ifdef USE_AES_CBC_MAC_256_64
+ case COSE_Algorithm_CBC_MAC_256_64:
+ cbitKey = 256;
break;
+#endif
- case COSE_Algorithm_HMAC_384_384:
- cbitKey = 384;
+#ifdef USE_AES_CBC_MAC_256_128
+ case COSE_Algorithm_CBC_MAC_256_128:
+ cbitKey = 256;
break;
+#endif
- case COSE_Algorithm_HMAC_512_512:
- cbitKey = 512;
+#ifdef USE_HMAC_256_64
+ case COSE_Algorithm_HMAC_256_64:
+ cbitKey = 256;
break;
+#endif
+
+#ifdef USE_HMAC_256_256
+ case COSE_Algorithm_HMAC_256_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_HMAC_384_384
+ case COSE_Algorithm_HMAC_384_384:
+ cbitKey = 384;
+ break;
+#endif
+
+#ifdef USE_HMAC_512_512
+ case COSE_Algorithm_HMAC_512_512:
+ cbitKey = 512;
+ break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -260,31 +288,53 @@
if (!_COSE_Mac_Build_AAD(&pcose->m_message, "MAC0", &pbAuthData, &cbAuthData, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
switch (alg) {
+#ifdef USE_AES_CBC_MAC_128_64
case COSE_Algorithm_CBC_MAC_128_64:
+ if (!AES_CBC_MAC_Create((COSE_MacMessage *)pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_256_64
case COSE_Algorithm_CBC_MAC_256_64:
if (!AES_CBC_MAC_Create((COSE_MacMessage *)pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CBC_MAC_128_128
case COSE_Algorithm_CBC_MAC_128_128:
+ if (!AES_CBC_MAC_Create((COSE_MacMessage *)pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_256_128
case COSE_Algorithm_CBC_MAC_256_128:
if (!AES_CBC_MAC_Create((COSE_MacMessage *)pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_256_64
case COSE_Algorithm_HMAC_256_64:
if (!HMAC_Create((COSE_MacMessage *)pcose, 256, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_256_256
case COSE_Algorithm_HMAC_256_256:
if (!HMAC_Create((COSE_MacMessage *)pcose, 256, 256, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_384_384
case COSE_Algorithm_HMAC_384_384:
if (!HMAC_Create((COSE_MacMessage *)pcose, 384, 384, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_512_512
case COSE_Algorithm_HMAC_512_512:
if (!HMAC_Create((COSE_MacMessage *)pcose, 512, 512, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
@@ -331,25 +381,53 @@
alg = (int)cn->v.uint;
switch (alg) {
+#ifdef USE_AES_CBC_MAC_128_64
case COSE_Algorithm_CBC_MAC_128_64:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_128_128
case COSE_Algorithm_CBC_MAC_128_128:
cbitKey = 128;
break;
+#endif
- case COSE_Algorithm_CBC_MAC_256_64:
- case COSE_Algorithm_CBC_MAC_256_128:
- case COSE_Algorithm_HMAC_256_64:
- case COSE_Algorithm_HMAC_256_256:
- cbitKey = 256;
+#ifdef USE_AES_CBC_MAC_256_64
+ case COSE_Algorithm_CBC_MAC_256_64:
+ cbitKey = 256;
break;
+#endif
- case COSE_Algorithm_HMAC_384_384:
- cbitKey = 384;
+#ifdef USE_AES_CBC_MAC_256_128
+ case COSE_Algorithm_CBC_MAC_256_128:
+ cbitKey = 256;
break;
+#endif
- case COSE_Algorithm_HMAC_512_512:
- cbitKey = 512;
+#ifdef USE_HMAC_256_64
+ case COSE_Algorithm_HMAC_256_64:
+ cbitKey = 256;
break;
+#endif
+
+#ifdef USE_HMAC_256_256
+ case COSE_Algorithm_HMAC_256_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_HMAC_384_384
+ case COSE_Algorithm_HMAC_384_384:
+ cbitKey = 384;
+ break;
+#endif
+
+#ifdef USE_HMAC_512_512
+ case COSE_Algorithm_HMAC_512_512:
+ cbitKey = 512;
+ break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -366,31 +444,53 @@
if (!_COSE_Mac_Build_AAD(&pcose->m_message, "MAC0", &pbAuthData, &cbAuthData, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
switch (alg) {
+#ifdef USE_HMAC_256_256
case COSE_Algorithm_HMAC_256_256:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 256, 256, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_256_64
case COSE_Algorithm_HMAC_256_64:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 256, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_384_384
case COSE_Algorithm_HMAC_384_384:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 384, 384, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_HMAC_512_512
case COSE_Algorithm_HMAC_512_512:
if (!HMAC_Validate((COSE_MacMessage *)pcose, 512, 512, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CBC_MAC_128_64
case COSE_Algorithm_CBC_MAC_128_64:
+ if (!AES_CBC_MAC_Validate((COSE_MacMessage *)pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_256_64
case COSE_Algorithm_CBC_MAC_256_64:
if (!AES_CBC_MAC_Validate((COSE_MacMessage *)pcose, 64, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_AES_CBC_MAC_128_128
case COSE_Algorithm_CBC_MAC_128_128:
+ if (!AES_CBC_MAC_Validate((COSE_MacMessage *)pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
+ break;
+#endif
+
+#ifdef USE_AES_CBC_MAC_256_128
case COSE_Algorithm_CBC_MAC_256_128:
if (!AES_CBC_MAC_Validate((COSE_MacMessage *)pcose, 128, pbKey, cbKey, pbAuthData, cbAuthData, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
diff --git a/src/Recipient.c b/src/Recipient.c
index 5a08b20..43a59a8 100644
--- a/src/Recipient.c
+++ b/src/Recipient.c
@@ -268,39 +268,91 @@
return true;
+#ifdef AES_KW_128
case COSE_Algorithm_AES_KW_128:
cbitKeyX = 128;
break;
+#endif
+#ifdef AES_KW_192
case COSE_Algorithm_AES_KW_192:
cbitKeyX = 192;
break;
+#endif
+#ifdef AES_KW_256
case COSE_Algorithm_AES_KW_256:
cbitKeyX = 192;
break;
+#endif
+#ifdef USE_Direct_HKDF_AES_128
case COSE_Algorithm_Direct_HKDF_AES_128:
+#endif
+
+#ifdef USE_Direct_HKDF_AES_256
case COSE_Algorithm_Direct_HKDF_AES_256:
+#endif
+
+#ifdef USE_Direct_HKDF_HMAC_SHA_256
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_256:
+ break;
+#endif
+
+#ifdef USE_Direct_HKDF_HMAC_SHA_512
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_512:
break;
+#endif
+#ifdef USE_ECDH_ES_HKDF_256
case COSE_Algorithm_ECDH_ES_HKDF_256:
+ break;
+#endif
+
+#ifdef USE_ECDH_ES_HKDF_512
case COSE_Algorithm_ECDH_ES_HKDF_512:
+ break;
+#endif
+
+#ifdef USE_ECDH_SS_HKDF_256
case COSE_Algorithm_ECDH_SS_HKDF_256:
+ break;
+#endif
+
+#ifdef USE_ECDH_SS_HKDF_512
case COSE_Algorithm_ECDH_SS_HKDF_512:
break;
+#endif
+#ifdef USE_ECDH_ES_A128KW
case COSE_Algorithm_ECDH_ES_A128KW:
+ break;
+#endif
+
+#ifdef USE_ECDH_ES_A192KW
case COSE_Algorithm_ECDH_ES_A192KW:
+ break;
+#endif
+
+#ifdef USE_ECDH_ES_A256KW
case COSE_Algorithm_ECDH_ES_A256KW:
break;
+#endif
+#ifdef USE_ECDH_SS_A128KW
case COSE_Algorithm_ECDH_SS_A128KW:
+ break;
+#endif
+
+#ifdef USE_ECDH_SS_A192KW
case COSE_Algorithm_ECDH_SS_A192KW:
+ break;
+#endif
+
+#ifdef USE_ECDH_SS_A256KW
case COSE_Algorithm_ECDH_SS_A256KW:
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -323,8 +375,41 @@
CHECK_CONDITION(cnBody != NULL, COSE_ERR_INVALID_PARAMETER);
switch (alg) {
+#ifdef AES_KW_128
case COSE_Algorithm_AES_KW_128:
+ if (pbKeyX != NULL) {
+ int x = cbitKeyOut / 8;
+ if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, pbKeyX, cbitKeyX, cnBody->v.bytes, cnBody->length, pbKeyOut, &x, perr)) goto errorReturn;
+ }
+ else {
+ CHECK_CONDITION(pRecip->m_pkey != NULL, COSE_ERR_INVALID_PARAMETER);
+ int x = cbitKeyOut / 8;
+ cn = cn_cbor_mapget_int(pRecip->m_pkey, -1);
+ CHECK_CONDITION((cn != NULL) && (cn->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
+
+ if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, cn->v.bytes, cn->length * 8, cnBody->v.bytes, cnBody->length, pbKeyOut, &x, perr)) goto errorReturn;
+ }
+ break;
+#endif
+
+#ifdef AES_KW_192
case COSE_Algorithm_AES_KW_192:
+ if (pbKeyX != NULL) {
+ int x = cbitKeyOut / 8;
+ if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, pbKeyX, cbitKeyX, cnBody->v.bytes, cnBody->length, pbKeyOut, &x, perr)) goto errorReturn;
+ }
+ else {
+ CHECK_CONDITION(pRecip->m_pkey != NULL, COSE_ERR_INVALID_PARAMETER);
+ int x = cbitKeyOut / 8;
+ cn = cn_cbor_mapget_int(pRecip->m_pkey, -1);
+ CHECK_CONDITION((cn != NULL) && (cn->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
+
+ if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, cn->v.bytes, cn->length * 8, cnBody->v.bytes, cnBody->length, pbKeyOut, &x, perr)) goto errorReturn;
+ }
+ break;
+#endif
+
+#ifdef AES_KW_256
case COSE_Algorithm_AES_KW_256:
if (pbKeyX != NULL) {
int x = cbitKeyOut / 8;
@@ -339,80 +424,109 @@
if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, cn->v.bytes, cn->length * 8, cnBody->v.bytes, cnBody->length, pbKeyOut, &x, perr)) goto errorReturn;
}
break;
+#endif
+#ifdef USE_Direct_HKDF_HMAC_SHA_256
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_256:
if (!HKDF_X(&pcose->m_message, true, false, false, false, algIn, pRecip->m_pkey, NULL, pbKeyOut, cbitKeyOut, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_Direct_HKDF_HMAC_SHA_512
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_512:
if (!HKDF_X(&pcose->m_message, true, false, false, false, algIn, pRecip->m_pkey, NULL, pbKeyOut, cbitKeyOut, 512, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_Direct_HKDF_AES_128
case COSE_Algorithm_Direct_HKDF_AES_128:
if (!HKDF_X(&pcose->m_message, false, false, false, false, algIn, pRecip->m_pkey, NULL, pbKeyOut, cbitKeyOut, 128, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_Direct_HKDF_AES_256
case COSE_Algorithm_Direct_HKDF_AES_256:
if (!HKDF_X(&pcose->m_message, false, false, false, false, algIn, pRecip->m_pkey, NULL, pbKeyOut, cbitKeyOut, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_HKDF_256
case COSE_Algorithm_ECDH_ES_HKDF_256:
if (!HKDF_X(&pcose->m_message, true, true, false, false, algIn, pRecip->m_pkey, NULL, pbKeyOut, cbitKeyOut, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_HKDF_512
case COSE_Algorithm_ECDH_ES_HKDF_512:
if (!HKDF_X(&pcose->m_message, true, true, false, false, algIn, pRecip->m_pkey, NULL, pbKeyOut, cbitKeyOut, 512, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_HKDF_256
case COSE_Algorithm_ECDH_SS_HKDF_256:
if (!HKDF_X(&pcose->m_message, true, true, true, false, algIn, pRecip->m_pkey, NULL, pbKeyOut, cbitKeyOut, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_HKDF_512
case COSE_Algorithm_ECDH_SS_HKDF_512:
if (!HKDF_X(&pcose->m_message, true, true, true, false, algIn, pRecip->m_pkey, NULL, pbKeyOut, cbitKeyOut, 512, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_A128KW
case COSE_Algorithm_ECDH_ES_A128KW:
if (!HKDF_X(&pcose->m_message, true, true, false, false, COSE_Algorithm_AES_KW_128, pRecip->m_pkey, NULL, rgbKey, 128, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, rgbKey, 128, cnBody->v.bytes, cnBody->length, pbKeyOut, &cbKey2, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_A192KW
case COSE_Algorithm_ECDH_ES_A192KW:
if (!HKDF_X(&pcose->m_message, true, true, false, false, COSE_Algorithm_AES_KW_192, pRecip->m_pkey, NULL, rgbKey, 192, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, rgbKey, 192, cnBody->v.bytes, cnBody->length, pbKeyOut, &cbKey2, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_A256KW
case COSE_Algorithm_ECDH_ES_A256KW:
if (!HKDF_X(&pcose->m_message, true, true, false, false, COSE_Algorithm_AES_KW_256, pRecip->m_pkey, NULL, rgbKey, 256, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, rgbKey, 256, cnBody->v.bytes, cnBody->length, pbKeyOut, &cbKey2, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_A128KW
case COSE_Algorithm_ECDH_SS_A128KW:
if (!HKDF_X(&pcose->m_message, true, true, true, false, COSE_Algorithm_AES_KW_128, pRecip->m_pkey, NULL, rgbKey, 128, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, rgbKey, 128, cnBody->v.bytes, cnBody->length, pbKeyOut, &cbKey2, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_A192KW
case COSE_Algorithm_ECDH_SS_A192KW:
if (!HKDF_X(&pcose->m_message, true, true, true, false, COSE_Algorithm_AES_KW_192, pRecip->m_pkey, NULL, rgbKey, 192, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, rgbKey, 192, cnBody->v.bytes, cnBody->length, pbKeyOut, &cbKey2, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_A256KW
case COSE_Algorithm_ECDH_SS_A256KW:
if (!HKDF_X(&pcose->m_message, true, true, true, false, COSE_Algorithm_AES_KW_256, pRecip->m_pkey, NULL, rgbKey, 256, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Decrypt((COSE_Enveloped *)pcose, rgbKey, 256, cnBody->v.bytes, cnBody->length, pbKeyOut, &cbKey2, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -457,36 +571,89 @@
switch (alg) {
case COSE_Algorithm_Direct:
+#ifdef USE_Direct_HKDF_HMAC_SHA_256
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_256:
+#endif
+
+#ifdef USE_Direct_HKDF_HMAC_SHA_512
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_512:
+#endif
+#ifdef USE_Direct_HKDF_AES_128
case COSE_Algorithm_Direct_HKDF_AES_128:
+#endif
+#ifdef USE_Direct_HKDF_AES_256
case COSE_Algorithm_Direct_HKDF_AES_256:
+#endif
+#ifdef USE_ECDH_ES_HKDF_256
case COSE_Algorithm_ECDH_ES_HKDF_256:
+#endif
+#ifdef USE_ECDH_ES_HKDF_512
case COSE_Algorithm_ECDH_ES_HKDF_512:
+#endif
+#ifdef USE_ECDH_SS_HKDF_256
case COSE_Algorithm_ECDH_SS_HKDF_256:
+#endif
+#ifdef USE_ECDH_SS_HKDF_512
case COSE_Algorithm_ECDH_SS_HKDF_512:
+#endif
// This is a NOOP
cbitKey = 0;
CHECK_CONDITION(pRecipient->m_encrypt.m_recipientFirst == NULL, COSE_ERR_INVALID_PARAMETER);
break;
+#ifdef AES_KW_128
case COSE_Algorithm_AES_KW_128:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_ECDH_ES_A128KW
case COSE_Algorithm_ECDH_ES_A128KW:
+ cbitKey = 128;
+ break;
+#endif
+
+#ifdef USE_ECDH_SS_A128KW
case COSE_Algorithm_ECDH_SS_A128KW:
cbitKey = 128;
break;
+#endif
+#ifdef AES_KW_192
case COSE_Algorithm_AES_KW_192:
+ cbitKey = 192;
+ break;
+#endif
+
+#ifdef USE_ECDH_ES_A192KW
case COSE_Algorithm_ECDH_ES_A192KW:
+ cbitKey = 192;
+ break;
+#endif
+
+#ifdef USE_ECDH_SS_A192KW
case COSE_Algorithm_ECDH_SS_A192KW:
cbitKey = 192;
break;
+#endif
+#ifdef AES_KW_256
case COSE_Algorithm_AES_KW_256:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_ECDH_ES_A256KW
case COSE_Algorithm_ECDH_ES_A256KW:
+ cbitKey = 256;
+ break;
+#endif
+
+#ifdef USE_ECDH_SS_A256KW
case COSE_Algorithm_ECDH_SS_A256KW:
cbitKey = 256;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -532,14 +699,31 @@
switch (alg) {
case COSE_Algorithm_Direct:
+#ifdef USE_Direct_HKDF_HMAC_SHA_256
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_256:
+#endif
+
+#ifdef USE_Direct_HKDF_HMAC_SHA_512
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_512:
+#endif
+#ifdef USE_Direct_HKDF_AES_128
case COSE_Algorithm_Direct_HKDF_AES_128:
+#endif
+#ifdef USE_Direct_HKDF_AES_256
case COSE_Algorithm_Direct_HKDF_AES_256:
+#endif
+#ifdef USE_ECDH_ES_HKDF_256
case COSE_Algorithm_ECDH_ES_HKDF_256:
+#endif
+#ifdef USE_ECDH_ES_HKDF_512
case COSE_Algorithm_ECDH_ES_HKDF_512:
+#endif
+#ifdef USE_ECDH_SS_HKDF_256
case COSE_Algorithm_ECDH_SS_HKDF_256:
+#endif
+#ifdef USE_ECDH_SS_HKDF_512
case COSE_Algorithm_ECDH_SS_HKDF_512:
+#endif
ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
CHECK_CONDITION_CBOR(_COSE_array_replace(&pRecipient->m_encrypt.m_message, ptmp, INDEX_BODY, CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error);
@@ -547,8 +731,33 @@
break;
+#ifdef AES_KW_128
case COSE_Algorithm_AES_KW_128:
+ if (pRecipient->m_pkey != NULL) {
+ cn_cbor * pK = cn_cbor_mapget_int(pRecipient->m_pkey, -1);
+ CHECK_CONDITION(pK != NULL, COSE_ERR_INVALID_PARAMETER);
+ if (!AES_KW_Encrypt(pRecipient, pK->v.bytes, (int)pK->length * 8, pbContent, (int)cbContent, perr)) goto errorReturn;
+ }
+ else {
+ if (!AES_KW_Encrypt(pRecipient, pbKey, (int)cbKey * 8, pbContent, (int)cbContent, perr)) goto errorReturn;
+ }
+ break;
+#endif
+
+#ifdef AES_KW_192
case COSE_Algorithm_AES_KW_192:
+ if (pRecipient->m_pkey != NULL) {
+ cn_cbor * pK = cn_cbor_mapget_int(pRecipient->m_pkey, -1);
+ CHECK_CONDITION(pK != NULL, COSE_ERR_INVALID_PARAMETER);
+ if (!AES_KW_Encrypt(pRecipient, pK->v.bytes, (int)pK->length * 8, pbContent, (int)cbContent, perr)) goto errorReturn;
+ }
+ else {
+ if (!AES_KW_Encrypt(pRecipient, pbKey, (int)cbKey * 8, pbContent, (int)cbContent, perr)) goto errorReturn;
+ }
+ break;
+#endif
+
+#ifdef AES_KW_256
case COSE_Algorithm_AES_KW_256:
if (pRecipient->m_pkey != NULL) {
cn_cbor * pK = cn_cbor_mapget_int(pRecipient->m_pkey, -1);
@@ -559,36 +768,49 @@
if (!AES_KW_Encrypt(pRecipient, pbKey, (int) cbKey*8, pbContent, (int) cbContent, perr)) goto errorReturn;
}
break;
+#endif
+#ifdef USE_ECDH_ES_A128KW
case COSE_Algorithm_ECDH_ES_A128KW:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, false, true, COSE_Algorithm_AES_KW_128, NULL, pRecipient->m_pkey, rgbKey, 128, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Encrypt(pRecipient, rgbKey, 128, pbContent, (int)cbContent, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_A192KW
case COSE_Algorithm_ECDH_ES_A192KW:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, false, true, COSE_Algorithm_AES_KW_192, NULL, pRecipient->m_pkey, rgbKey, 192, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Encrypt(pRecipient, rgbKey, 192, pbContent, (int)cbContent, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_A256KW
case COSE_Algorithm_ECDH_ES_A256KW:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, false, true, COSE_Algorithm_AES_KW_256, NULL, pRecipient->m_pkey, rgbKey, 256, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Encrypt(pRecipient, rgbKey, 256, pbContent, (int)cbContent, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_A128KW
case COSE_Algorithm_ECDH_SS_A128KW:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, true, true, COSE_Algorithm_AES_KW_128, pRecipient->m_pkeyStatic, pRecipient->m_pkey, rgbKey, 128, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Encrypt(pRecipient, rgbKey, 128, pbContent, (int)cbContent, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_A192KW
case COSE_Algorithm_ECDH_SS_A192KW:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, true, true, COSE_Algorithm_AES_KW_192, pRecipient->m_pkeyStatic, pRecipient->m_pkey, rgbKey, 192, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Encrypt(pRecipient, rgbKey, 192, pbContent, (int)cbContent, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_A256KW
case COSE_Algorithm_ECDH_SS_A256KW:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, true, true, COSE_Algorithm_AES_KW_256, pRecipient->m_pkeyStatic, pRecipient->m_pkey, rgbKey, 256, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
if (!AES_KW_Encrypt(pRecipient, rgbKey, 256, pbContent, (int)cbContent, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
@@ -645,37 +867,53 @@
memcpy(pb, pK->v.bytes, cbitKeySize / 8);
break;
+#ifdef USE_Direct_HKDF_HMAC_SHA_256
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_256:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, false, false, true, algIn, pRecipient->m_pkey, NULL, pb, cbitKeySize, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_Direct_HKDF_HMAC_SHA_512
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_512:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, false, false, true, algIn, pRecipient->m_pkey, NULL, pb, cbitKeySize, 512, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_Direct_HKDF_AES_128
case COSE_Algorithm_Direct_HKDF_AES_128:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, false, false, false, true, algIn, pRecipient->m_pkey, NULL, pb, cbitKeySize, 128, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_Direct_HKDF_AES_256
case COSE_Algorithm_Direct_HKDF_AES_256:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, false, false, false, true, algIn, pRecipient->m_pkey, NULL, pb, cbitKeySize, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_HKDF_256
case COSE_Algorithm_ECDH_ES_HKDF_256:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, false, true, algIn, NULL, pRecipient->m_pkey, pb, cbitKeySize, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_ES_HKDF_512
case COSE_Algorithm_ECDH_ES_HKDF_512:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, false, true, algIn, NULL, pRecipient->m_pkey, pb, cbitKeySize, 512, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_HKDF_256
case COSE_Algorithm_ECDH_SS_HKDF_256:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, true, true, algIn, pRecipient->m_pkeyStatic, pRecipient->m_pkey, pb, cbitKeySize, 256, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDH_SS_HKDF_512
case COSE_Algorithm_ECDH_SS_HKDF_512:
if (!HKDF_X(&pRecipient->m_encrypt.m_message, true, true, true, true, algIn, pRecipient->m_pkeyStatic, pRecipient->m_pkey, pb, cbitKeySize, 512, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
@@ -913,14 +1151,30 @@
if (value->type == CN_CBOR_INT) {
switch (value->v.uint) {
case COSE_Algorithm_Direct:
+#ifdef USE_Direct_HKDF_AES_128
case COSE_Algorithm_Direct_HKDF_AES_128:
+#endif
+#ifdef USE_Direct_HKDF_AES_256
case COSE_Algorithm_Direct_HKDF_AES_256:
+#endif
+#ifdef USE_Direct_HKDF_HMAC_SHA_256
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_256:
+#endif
+#ifdef USE_Direct_HKDF_HMAC_SHA_512
case COSE_Algorithm_Direct_HKDF_HMAC_SHA_512:
+#endif
+#ifdef USE_ECDH_ES_HKDF_256
case COSE_Algorithm_ECDH_ES_HKDF_256:
+#endif
+#ifdef USE_ECDH_ES_HKDF_512
case COSE_Algorithm_ECDH_ES_HKDF_512:
+#endif
+#ifdef USE_ECDH_SS_HKDF_256
case COSE_Algorithm_ECDH_SS_HKDF_256:
+#endif
+#ifdef USE_ECDH_SS_HKDF_512
case COSE_Algorithm_ECDH_SS_HKDF_512:
+#endif
((COSE_RecipientInfo *)h)->m_encrypt.m_message.m_flags |= 1;
break;
diff --git a/src/Sign0.c b/src/Sign0.c
index 4d273ea..b08ce5e 100644
--- a/src/Sign0.c
+++ b/src/Sign0.c
@@ -352,18 +352,23 @@
if (!CreateSign0AAD(pSigner, &pbToSign, &cbToSign, "Signature1", perr)) goto errorReturn;
switch (alg) {
+#ifdef USE_ECDSA_SHA_256
case COSE_Algorithm_ECDSA_SHA_256:
f = ECDSA_Sign(&pSigner->m_message, INDEX_SIGNATURE+1, pKey, 256, pbToSign, cbToSign, perr);
break;
+#endif
+#ifdef USE_ECDSA_SHA_384
case COSE_Algorithm_ECDSA_SHA_384:
f = ECDSA_Sign(&pSigner->m_message, INDEX_SIGNATURE+1, pKey, 384, pbToSign, cbToSign, perr);
break;
+#endif
+#ifdef USE_ECDSA_SHA_512
case COSE_Algorithm_ECDSA_SHA_512:
f = ECDSA_Sign(&pSigner->m_message, INDEX_SIGNATURE+1, pKey, 512, pbToSign, cbToSign, perr);
break;
-
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
}
@@ -409,17 +414,23 @@
cnSignature = _COSE_arrayget_int(&pSign->m_message, INDEX_SIGNATURE);
switch (alg) {
+#ifdef USE_ECDSA_SHA_256
case COSE_Algorithm_ECDSA_SHA_256:
if (!ECDSA_Verify(&pSign->m_message, INDEX_SIGNATURE+1, pKey, 256, pbToSign, cbToSign, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDSA_SHA_384
case COSE_Algorithm_ECDSA_SHA_384:
if (!ECDSA_Verify(&pSign->m_message, INDEX_SIGNATURE+1, pKey, 384, pbToSign, cbToSign, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDSA_SHA_512
case COSE_Algorithm_ECDSA_SHA_512:
if (!ECDSA_Verify(&pSign->m_message, INDEX_SIGNATURE+1, pKey, 512, pbToSign, cbToSign, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
diff --git a/src/SignerInfo.c b/src/SignerInfo.c
index dd75531..dd21e33 100644
--- a/src/SignerInfo.c
+++ b/src/SignerInfo.c
@@ -199,17 +199,23 @@
if (!BuildToBeSigned(&pbToSign, &cbToSign, pcborBody, pcborProtected, pcborProtectedSign, pSigner->m_message.m_pbExternal, pSigner->m_message.m_cbExternal, CBOR_CONTEXT_PARAM_COMMA perr)) goto errorReturn;
switch (alg) {
+#ifdef USE_ECDSA_SHA_256
case COSE_Algorithm_ECDSA_SHA_256:
f = ECDSA_Sign(&pSigner->m_message, INDEX_SIGNATURE, pSigner->m_pkey, 256, pbToSign, cbToSign, perr);
break;
+#endif
+#ifdef USE_ECDSA_SHA_384
case COSE_Algorithm_ECDSA_SHA_384:
f = ECDSA_Sign(&pSigner->m_message, INDEX_SIGNATURE, pSigner->m_pkey, 384, pbToSign, cbToSign, perr);
break;
+#endif
+#ifdef USE_ECDSA_SHA_512
case COSE_Algorithm_ECDSA_SHA_512:
f = ECDSA_Sign(&pSigner->m_message, INDEX_SIGNATURE, pSigner->m_pkey, 512, pbToSign, cbToSign, perr);
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
@@ -305,17 +311,23 @@
CHECK_CONDITION((cnSignature != NULL) && (cnSignature->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
switch (alg) {
+#ifdef USE_ECDSA_SHA_256
case COSE_Algorithm_ECDSA_SHA_256:
if (!ECDSA_Verify(&pSigner->m_message, INDEX_SIGNATURE, pSigner->m_pkey, 256, pbToBeSigned, cbToBeSigned, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDSA_SHA_384
case COSE_Algorithm_ECDSA_SHA_384:
if (!ECDSA_Verify(&pSigner->m_message, INDEX_SIGNATURE, pSigner->m_pkey, 384, pbToBeSigned, cbToBeSigned, perr)) goto errorReturn;
break;
+#endif
+#ifdef USE_ECDSA_SHA_512
case COSE_Algorithm_ECDSA_SHA_512:
if (!ECDSA_Verify(&pSigner->m_message, INDEX_SIGNATURE, pSigner->m_pkey, 512, pbToBeSigned, cbToBeSigned, perr)) goto errorReturn;
break;
+#endif
default:
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
diff --git a/src/configure.h b/src/configure.h
index bda50c5..64d41a2 100644
--- a/src/configure.h
+++ b/src/configure.h
@@ -1,4 +1,92 @@
-#define INCLUDE_AES_CCM 1
+//
+// Define which AES GCM algorithms are being used
+//
+
+#define USE_AES_GCM_128
+#define USE_AES_GCM_192
+#define USE_AES_GCM_256
+
+#if defined(USE_AES_GCM_128) || defined(USE_AES_GCM_192) || defined(USE_AES_GCM_256)
+#define USE_AES_GCM
+#endif
+
+//
+// Define which AES CCM algorithms are being used
+//
+
+#define USE_AES_CCM_16_64_128
+#define USE_AES_CCM_16_64_256
+#define USE_AES_CCM_64_64_128
+#define USE_AES_CCM_64_64_256
+#define USE_AES_CCM_16_128_128
+#define USE_AES_CCM_16_128_256
+//#define USE_AES_CCM_64_64_128
+//#define USE_AES_CCM_64_64_256
+
+#define INCLUDE_AES_CCM
+
+//
+// Define which HMAC-SHA algorithms are being used
+//
+
+#define USE_HMAC_256_64
+#define USE_HMAC_256_256
+#define USE_HMAC_384_384
+#define USE_HMAC_512_512
+#if defined(USE_HMAC_256_64) || defined(USE_HMAC_256_256) || defined(USE_HMAC_384_384) || defined(USE_HMAC_512_512)
+#define USE_HMAC
+#endif
+
+//
+// Define which AES CBC-MAC algorithms are to be used
+//
+
+#define USE_AES_CBC_MAC_128_64
+#define USE_AES_CBC_MAC_128_128
+#define USE_AES_CBC_MAC_256_64
+#define USE_AES_CBC_MAC_256_128
+
+//
+// Define which ECDH algorithms are to be used
+//
+
+#define USE_ECDH_ES_HKDF_256
+#define USE_ECDH_ES_HKDF_512
+#define USE_ECDH_SS_HKDF_256
+#define USE_ECDH_SS_HKDF_512
+
+#define USE_ECDH_ES_A128KW
+#define USE_ECDH_ES_A192KW
+#define USE_ECDH_ES_A256KW
+#define USE_ECDH_SS_A128KW
+#define USE_ECDH_SS_A192KW
+#define USE_ECDH_SS_A256KW
+
+//
+// Define which Key Wrap functions are to be used
+//
+
+#define USE_AES_KW_128
+#define USE_AES_KW_192
+#define USE_AES_KW_256
+
+//
+// Define which of the DIRECT + KDF algorithms are to be used
+//
+
+#define USE_Direct_HKDF_HMAC_SHA_256
+#define USE_Direct_HKDF_HMAC_SHA_512
+#define USE_Direct_HKDF_AES_128
+#define USE_Direct_HKDF_AES_256
+
+
+//
+// Define which of the signature algorithms are to be used
+//
+
+//#define USE_ECDSA_SHA_256
+//#define USE_ECDSA_SHA_384
+//#define USE_ECDSA_SHA_512
#define USE_OPEN_SSL 1
diff --git a/src/cose.h b/src/cose.h
index 7c13e36..358de79 100644
--- a/src/cose.h
+++ b/src/cose.h
@@ -95,10 +95,10 @@
COSE_Algorithm_AES_CCM_16_64_128 = 10,
COSE_Algorithm_AES_CCM_16_64_256 = 11,
- COSE_Algorithm_AES_CCM_64_64_128 = 30,
- COSE_Algorithm_AES_CCM_64_64_256 = 31,
- COSE_Algorithm_AES_CCM_16_128_128 = 12,
- COSE_Algorithm_AES_CCM_16_128_256 = 13,
+ COSE_Algorithm_AES_CCM_64_64_128 = 12,
+ COSE_Algorithm_AES_CCM_64_64_256 = 13,
+ COSE_Algorithm_AES_CCM_16_128_128 = 30,
+ COSE_Algorithm_AES_CCM_16_128_256 = 31,
COSE_Algorithm_AES_CCM_64_128_128 = 32,
COSE_Algorithm_AES_CCM_64_128_256 = 33,
@@ -125,9 +125,9 @@
COSE_Algorithm_Direct_HKDF_AES_128 = -12,
COSE_Algorithm_Direct_HKDF_AES_256 = -13,
- COSE_Algorithm_PS256 = -8,
- COSE_Algorithm_PS384 = -37,
- COSE_Algorithm_PS512 = -38,
+// COSE_Algorithm_PS256 = -8,
+// COSE_Algorithm_PS384 = -37,
+// COSE_Algorithm_PS512 = -38,
COSE_Algorithm_ECDSA_SHA_256 = -7,
COSE_Algorithm_ECDSA_SHA_384 = -35,