Number of changes
* Add external data to each of the structures
* Try and get coverity coverage on OPENSSL
* Add more documentation from Doxygen
diff --git a/Coverity_Model.c b/Coverity_Model.c
index 61e158c..96a7d2f 100644
--- a/Coverity_Model.c
+++ b/Coverity_Model.c
@@ -29,3 +29,53 @@
__coverity_alloc__(len);
__coverity_escape__(pbuf);
}
+
+void * EC_GROUP_new_by_curve_name(int curve)
+{
+ __coverity_alloc__(curve);
+}
+
+void EC_GROUP_free(void * p)
+{
+ __coverity_free__(p);
+}
+
+void * EC_POINT_new(void * group)
+{
+ __coverity_alloc__(10);
+}
+
+void EC_POINT_free(void * point)
+{
+ __coverity_free__(point);
+}
+
+void * EC_KEY_new(void)
+{
+ __coverity_alloc__(10);
+}
+
+void EC_KEY_free(void * key)
+{
+ __coverity_free__(key);
+}
+
+void * BN_bin2bn(void * pb, int cb, void * pbn)
+{
+ __coverity_alloc__(cb);
+}
+
+void BN_free(void * p)
+{
+ __coverity_free__(p);
+}
+
+void *ECDA_do_sign(void * pdigest, int digest, void * key)
+{
+ __coverity_alloc__(digest);
+}
+
+void ECDSA_free(void * p)
+{
+ __coverity_free__(p);
+}
diff --git a/src/Encrypt.c b/src/Encrypt.c
index 8fd4c1f..57a25b4 100644
--- a/src/Encrypt.c
+++ b/src/Encrypt.c
@@ -1,3 +1,7 @@
+/** \file Encrypt.c
+* Contains implementation of the functions related to HCOSE_ENVELOPED handle objects.
+*/
+
#include <stdlib.h>
#include <memory.h>
#include <stdio.h>
@@ -436,6 +440,21 @@
return _COSE_Enveloped_SetContent((COSE_Enveloped *)h, rgb, cb, perror);
}
+/*!
+* @brief Set the application external data for authentication
+*
+* Enveloped data objects support the authentication of external application
+* supplied data. This function is provided to supply that data to the library.
+*
+* The external data is not copied, nor will be it freed when the handle is released.
+*
+* @param hcose Handle for the COSE Enveloped data object
+* @param pbEternalData point to the external data
+* @param cbExternalData size of the external data
+* @param perr location to return errors
+* @return result of the operation.
+*/
+
bool COSE_Enveloped_SetExternal(HCOSE_ENVELOPED hcose, const byte * pbExternalData, size_t cbExternalData, cose_errback * perr)
{
if (!IsValidEnvelopedHandle(hcose)) {
diff --git a/src/MacMessage.c b/src/MacMessage.c
index cd138b4..fba8431 100644
--- a/src/MacMessage.c
+++ b/src/MacMessage.c
@@ -1,3 +1,7 @@
+/** \file MacMessage.c
+* Contains implementation of the functions related to HCOSE_MAC handle objects.
+*/
+
#include <stdlib.h>
#include <memory.h>
#include <stdio.h>
@@ -153,6 +157,31 @@
return false;
}
+/*!
+* @brief Set the application external data for authentication
+*
+* MAC data objects support the authentication of external application
+* supplied data. This function is provided to supply that data to the library.
+*
+* The external data is not copied, nor will be it freed when the handle is released.
+*
+* @param hcose Handle for the COSE MAC data object
+* @param pbEternalData point to the external data
+* @param cbExternalData size of the external data
+* @param perr location to return errors
+* @return result of the operation.
+*/
+
+bool COSE_MAC_SetExternal(HCOSE_MAC hcose, const byte * pbExternalData, size_t cbExternalData, cose_errback * perr)
+{
+ if (!IsValidMacHandle(hcose)) {
+ if (perr != NULL) perr->err = COSE_ERR_INVALID_PARAMETER;
+ return false;
+ }
+
+ return _COSE_SetExternal(&((COSE_MacMessage *)hcose)->m_message, pbExternalData, cbExternalData, perr);
+}
+
cn_cbor * COSE_Mac_map_get_int(HCOSE_MAC h, int key, int flags, cose_errback * perror)
{
diff --git a/src/MacMessage0.c b/src/MacMessage0.c
index 470bdbd..81c8c4b 100644
--- a/src/MacMessage0.c
+++ b/src/MacMessage0.c
@@ -1,3 +1,7 @@
+/** \file MacMessage0.c
+* Contains implementation of the functions related to HCOSE_MAC0 handle objects.
+*/
+
#include <stdlib.h>
#include <memory.h>
#include <stdio.h>
@@ -129,6 +133,30 @@
return false;
}
+/*!
+* @brief Set the application external data for authentication
+*
+* MAC data objects support the authentication of external application
+* supplied data. This function is provided to supply that data to the library.
+*
+* The external data is not copied, nor will be it freed when the handle is released.
+*
+* @param hcose Handle for the COSE MAC data object
+* @param pbEternalData point to the external data
+* @param cbExternalData size of the external data
+* @param perr location to return errors
+* @return result of the operation.
+*/
+
+bool COSE_Mac0_SetExternal(HCOSE_MAC0 hcose, const byte * pbExternalData, size_t cbExternalData, cose_errback * perr)
+{
+ if (!IsValidMac0Handle(hcose)) {
+ if (perr != NULL) perr->err = COSE_ERR_INVALID_PARAMETER;
+ return false;
+ }
+
+ return _COSE_SetExternal(&((COSE_Mac0Message *)hcose)->m_message, pbExternalData, cbExternalData, perr);
+}
cn_cbor * COSE_Mac0_map_get_int(HCOSE_MAC0 h, int key, int flags, cose_errback * perror)
{
diff --git a/src/Recipient.c b/src/Recipient.c
index cac46e6..71baa81 100644
--- a/src/Recipient.c
+++ b/src/Recipient.c
@@ -725,6 +725,32 @@
return true;
}
+/*!
+* @brief Set the application external data for authentication
+*
+* Recipient data objects support the authentication of external application
+* supplied data. This function is provided to supply that data to the library.
+*
+* The external data is not copied, nor will be it freed when the handle is released.
+*
+* @param hcose Handle for the COSE recipient data object
+* @param pbEternalData point to the external data
+* @param cbExternalData size of the external data
+* @param perr location to return errors
+* @return result of the operation.
+*/
+
+bool COSE_Recipient_SetExternal(HCOSE_RECIPIENT hcose, const byte * pbExternalData, size_t cbExternalData, cose_errback * perr)
+{
+ if (!IsValidRecipientHandle(hcose)) {
+ if (perr != NULL) perr->err = COSE_ERR_INVALID_PARAMETER;
+ return false;
+ }
+
+ return _COSE_SetExternal(&((COSE_RecipientInfo *)hcose)->m_encrypt.m_message, pbExternalData, cbExternalData, perr);
+}
+
+
bool COSE_Recipient_map_put(HCOSE_RECIPIENT h, int key, cn_cbor * value, int flags, cose_errback * perror)
{
if (!IsValidRecipientHandle(h) || (value == NULL)) {
diff --git a/src/Sign.c b/src/Sign.c
index 3065bb0..fa3ae03 100644
--- a/src/Sign.c
+++ b/src/Sign.c
@@ -1,3 +1,7 @@
+/** \file Sign.c
+* Contains implementation of the functions related to HCOSE_SIGN handle objects.
+*/
+
#include <stdlib.h>
#include "cose.h"
@@ -5,6 +9,20 @@
COSE * SignRoot = NULL;
+/*! \private
+* @brief Test if a HCOSE_SIGN handle is valid
+*
+* Internal function to test if a sign handle is valid.
+* This will start returning invalid results and cause the code to
+* crash if handles are not released before the memory that underlies them
+* is deallocated. This is an issue of a block allocator is used since
+* in that case it is common to allocate memory but never to de-allocate it
+* and just do that in a single big block.
+*
+* @param h handle to be validated
+* @returns result of check
+*/
+
bool IsValidSignHandle(HCOSE_SIGN h)
{
COSE_SignMessage * p = (COSE_SignMessage *)h;
@@ -14,15 +32,22 @@
}
-HCOSE_SIGN COSE_Sign_Init(CBOR_CONTEXT_COMMA cose_errback * perror)
+/** Allocate a SIGN message structure.
+*
+* Allocate a new SIGN message structure for creation of a COSE_Sign object.
+* @param context is a cn_cbor context object
+* @param perr is a cose_errback return variable
+* @return HCOSE_SIGN a handle for the newly allocated object
+*/
+HCOSE_SIGN COSE_Sign_Init(CBOR_CONTEXT_COMMA cose_errback * perr)
{
COSE_SignMessage * pobj = (COSE_SignMessage *)COSE_CALLOC(1, sizeof(COSE_SignMessage), context);
if (pobj == NULL) {
- if (perror != NULL) perror->err = COSE_ERR_OUT_OF_MEMORY;
+ if (perr != NULL) perr->err = COSE_ERR_OUT_OF_MEMORY;
return NULL;
}
- if (!_COSE_Init(&pobj->m_message, COSE_sign_object, CBOR_CONTEXT_PARAM_COMMA perror)) {
+ if (!_COSE_Init(&pobj->m_message, COSE_sign_object, CBOR_CONTEXT_PARAM_COMMA perr)) {
_COSE_Sign_Release(pobj);
COSE_FREE(pobj, context);
return NULL;
diff --git a/src/SignerInfo.c b/src/SignerInfo.c
index 1eb1676..4c6c2a0 100644
--- a/src/SignerInfo.c
+++ b/src/SignerInfo.c
@@ -1,3 +1,7 @@
+/** \file SignerInfo.c
+* Contains implementation of the functions related to HCOSE_SIGNER handle objects.
+*/
+
#include <stdlib.h>
#include <memory.h>
@@ -232,6 +236,32 @@
return true;
}
+/*!
+* @brief Set the application external data for authentication
+*
+* Signer data objects support the authentication of external application
+* supplied data. This function is provided to supply that data to the library.
+*
+* The external data is not copied, nor will be it freed when the handle is released.
+*
+* @param hcose Handle for the COSE MAC data object
+* @param pbEternalData point to the external data
+* @param cbExternalData size of the external data
+* @param perr location to return errors
+* @return result of the operation.
+*/
+
+bool COSE_Signer_SetExternal(HCOSE_SIGNER hcose, const byte * pbExternalData, size_t cbExternalData, cose_errback * perr)
+{
+ if (!IsValidSignerHandle(hcose)) {
+ if (perr != NULL) perr->err = COSE_ERR_INVALID_PARAMETER;
+ return false;
+ }
+
+ return _COSE_SetExternal(&((COSE_SignerInfo *)hcose)->m_message, pbExternalData, cbExternalData, perr);
+}
+
+
bool _COSE_Signer_validate(COSE_SignMessage * pSign, COSE_SignerInfo * pSigner, const cn_cbor * pcborBody, const cn_cbor * pcborProtected, cose_errback * perr)
{
byte * pbToBeSigned = NULL;
diff --git a/src/cose.h b/src/cose.h
index f74d1f4..634933d 100644
--- a/src/cose.h
+++ b/src/cose.h
@@ -193,6 +193,7 @@
bool COSE_Recipient_SetKey_secret(HCOSE_RECIPIENT h, const byte * rgb, int cb, const byte * rgbKid, int cbKid, cose_errback * perr);
bool COSE_Recipient_SetKey(HCOSE_RECIPIENT h, const cn_cbor * pKey, cose_errback * perror);
+bool COSE_Recipient_SetExternal(HCOSE_RECIPIENT hcose, const byte * pbExternalData, size_t cbExternalData, cose_errback * perr);
bool COSE_Recipient_map_put(HCOSE_RECIPIENT h, int key, cn_cbor * value, int flags, cose_errback * perror);
cn_cbor * COSE_Recipient_map_get_string(HCOSE_RECIPIENT cose, const char * key, int flags, cose_errback * errp);
@@ -224,6 +225,7 @@
//
bool COSE_Mac_SetContent(HCOSE_MAC cose, const byte * rgbContent, size_t cbContent, cose_errback * errp);
+bool COSE_Mac_SetExternal(HCOSE_MAC hcose, const byte * pbExternalData, size_t cbExternalData, cose_errback * perr);
cn_cbor * COSE_Mac_map_get_int(HCOSE_MAC h, int key, int flags, cose_errback * perror);
bool COSE_Mac_map_put_int(HCOSE_MAC cose, int key, cn_cbor * value, int flags, cose_errback * errp);
@@ -240,6 +242,7 @@
bool COSE_Mac0_Free(HCOSE_MAC0 cose);
bool COSE_Mac0_SetContent(HCOSE_MAC0 cose, const byte * rgbContent, size_t cbContent, cose_errback * errp);
+bool COSE_Mac0_SetExternal(HCOSE_MAC0 hcose, const byte * pbExternalData, size_t cbExternalData, cose_errback * perr);
cn_cbor * COSE_Mac0_map_get_int(HCOSE_MAC0 h, int key, int flags, cose_errback * perror);
bool COSE_Mac0_map_put_int(HCOSE_MAC0 cose, int key, cn_cbor * value, int flags, cose_errback * errp);
diff --git a/src/openssl.c b/src/openssl.c
index 282473e..9ce333f 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -554,6 +554,8 @@
int cbDigest = 0;
byte rgbOut[16];
+ EVP_CIPHER_CTX_init(&ctx);
+
switch (cbitKey) {
case 128:
pcipher = EVP_aes_128_cbc();
@@ -570,7 +572,6 @@
// Setup and run the OpenSSL code
- EVP_CIPHER_CTX_init(&ctx);
for (ib = 0; ib < cbOutput; ib += 16, bCount += 1) {
size_t ib2;
@@ -608,6 +609,8 @@
const EVP_MD * pmd = NULL;
unsigned int cbDigest;
+ HMAC_CTX_init(&ctx);
+
if (0) {
errorReturn:
HMAC_cleanup(&ctx);
@@ -623,7 +626,6 @@
cnSalt = _COSE_map_get_int(pcose, COSE_Header_HKDF_salt, COSE_BOTH, perr);
- HMAC_CTX_init(&ctx);
if (cnSalt != NULL) {
CHECK_CONDITION(HMAC_Init(&ctx, cnSalt->v.bytes, (int) cnSalt->length, pmd), COSE_ERR_CRYPTO_FAIL);
}
@@ -647,6 +649,8 @@
byte rgbDigest[EVP_MAX_MD_SIZE];
byte bCount = 1;
+ HMAC_CTX_init(&ctx);
+
if (0) {
errorReturn:
HMAC_cleanup(&ctx);
@@ -660,7 +664,6 @@
default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break;
}
- HMAC_CTX_init(&ctx);
for (ib = 0; ib < cbOutput; ib += cbDigest, bCount += 1) {
CHECK_CONDITION(HMAC_Init_ex(&ctx, pbPRK, (int)cbPRK, pmd, NULL), COSE_ERR_CRYPTO_FAIL);
diff --git a/test/encrypt.c b/test/encrypt.c
index 7bebb97..c691b4e 100644
--- a/test/encrypt.c
+++ b/test/encrypt.c
@@ -443,6 +443,7 @@
if (COSE_Encrypt_SetContent(hEncrypt, rgb, 10, NULL)) CFails++;
if (COSE_Encrypt_map_get_int(hEncrypt, 1, COSE_BOTH, NULL)) CFails++;
if (COSE_Encrypt_map_put_int(hEncrypt, 1, cn, COSE_PROTECT_ONLY, NULL)) CFails++;
+ if (COSE_Encrypt_SetExternal(hEncrypt, rgb, 10, NULL)) CFails++;
if (COSE_Encrypt_encrypt(hEncrypt, rgb, sizeof(rgb), NULL)) CFails++;
if (COSE_Encrypt_decrypt(hEncrypt, rgb, sizeof(rgb), NULL)) CFails++;
if (COSE_Encrypt_Free((HCOSE_ENCRYPT)hEncrypt)) CFails++;
@@ -455,6 +456,7 @@
if (COSE_Encrypt_map_get_int(hEncrypt, 1, COSE_BOTH, NULL)) CFails++;
if (COSE_Encrypt_map_put_int(hEncrypt, 1, cn, COSE_PROTECT_ONLY, NULL)) CFails++;
if (COSE_Encrypt_encrypt(hEncrypt, rgb, sizeof(rgb), NULL)) CFails++;
+ if (COSE_Encrypt_SetExternal(hEncrypt, rgb, 10, NULL)) CFails++;
if (COSE_Encrypt_decrypt(hEncrypt, rgb, sizeof(rgb), NULL)) CFails++;
if (COSE_Encrypt_Free(hEncrypt)) CFails++;