Expand to cover more curves
diff --git a/dumper/dumper.c b/dumper/dumper.c
index cf3c2c2..d0923f2 100644
--- a/dumper/dumper.c
+++ b/dumper/dumper.c
@@ -9,6 +9,10 @@
#include <string.h>
#include <stdarg.h>
+#ifdef _MSC_VER
+#include <io.h>
+#endif
+
#ifndef _countof
#define _countof(x) (sizeof(x)/sizeof(x[0]))
#endif
@@ -53,8 +57,8 @@
{"AES-CCM-16-64-256", CN_CBOR_UINT, 11, NULL, 0, 0 },
{"AES-CCM-16-128-128", CN_CBOR_UINT, 12, NULL, 0, 0 },
{"AES-CCM-16-128-256", CN_CBOR_UINT, 13, NULL, 0, 0 },
- {"AES-CBC-MAC-128/64", CN_CBOR_UINT, 14, NULL, 0, 0},
- {"AES-CBC-MAC-256/64", CN_CBOR_UINT, 15, NULL, 0, 0},
+ {"AES-CBC-MAC-128//64", CN_CBOR_UINT, 14, NULL, 0, 0},
+ {"AES-CBC-MAC-256//64", CN_CBOR_UINT, 15, NULL, 0, 0},
{"ChaCha20//Poly1305", CN_CBOR_UINT, 24, NULL, 0, 0 },
{"AES-CBC-MAC-128/128", CN_CBOR_UINT, 25, NULL, 0, 0},
{"AES-CBC-MAC-256/128", CN_CBOR_UINT, 26, NULL, 0, 0},
diff --git a/src/Cose.c b/src/Cose.c
index c0d9b50..ff33f3b 100644
--- a/src/Cose.c
+++ b/src/Cose.c
@@ -119,7 +119,7 @@
}
-HCOSE COSE_Decode(const byte * rgbData, int cbData, int * ptype, COSE_object_type struct_type, CBOR_CONTEXT_COMMA cose_errback * perr)
+HCOSE COSE_Decode(const byte * rgbData, size_t cbData, int * ptype, COSE_object_type struct_type, CBOR_CONTEXT_COMMA cose_errback * perr)
{
cn_cbor * cbor = NULL;
#ifdef TAG_IN_ARRAY
diff --git a/src/Encrypt.c b/src/Encrypt.c
index 4e43848..b136779 100644
--- a/src/Encrypt.c
+++ b/src/Encrypt.c
@@ -19,7 +19,7 @@
}
-size_t COSE_Encode(HCOSE msg, byte * rgb, int ib, size_t cb)
+size_t COSE_Encode(HCOSE msg, byte * rgb, size_t ib, size_t cb)
{
if (rgb == NULL) return cn_cbor_encoder_write(RgbDontUse, 0, sizeof(RgbDontUse), ((COSE *)msg)->m_cbor) + ib;
return cn_cbor_encoder_write(rgb, ib, cb, ((COSE*)msg)->m_cbor);
diff --git a/src/MacMessage.c b/src/MacMessage.c
index 9e06f98..e5bfad1 100644
--- a/src/MacMessage.c
+++ b/src/MacMessage.c
@@ -595,11 +595,10 @@
cn_cbor * pRecipients = NULL;
cn_cbor * pRecipientsT = NULL;
#ifdef USE_CBOR_CONTEXT
- cn_cbor_context * context;
+ cn_cbor_context * context = NULL;
#endif
cn_cbor_errback cbor_error;
-
CHECK_CONDITION(IsValidMacHandle(hMac), COSE_ERR_INVALID_PARAMETER);
CHECK_CONDITION(IsValidRecipientHandle(hRecip), COSE_ERR_INVALID_PARAMETER);
diff --git a/src/Recipient.c b/src/Recipient.c
index 0fbae3e..573d870 100644
--- a/src/Recipient.c
+++ b/src/Recipient.c
@@ -110,7 +110,6 @@
cn_cbor * pAuthData = NULL;
byte * pbProtected = NULL;
ssize_t cbProtected;
- cn_cbor * ptmp = NULL;
COSE_Encrypt * pcose = &pRecip->m_encrypt;
#ifdef USE_CBOR_CONTEXT
@@ -195,8 +194,6 @@
break;
}
- if (perr != NULL) perr->err = COSE_ERR_NONE;
-
return true;
}
diff --git a/src/SignerInfo.c b/src/SignerInfo.c
index e8d2e39..8a5079a 100644
--- a/src/SignerInfo.c
+++ b/src/SignerInfo.c
@@ -213,7 +213,15 @@
switch (alg) {
case COSE_Algorithm_ECDSA_SHA_256:
- if (!ECDSA_Verify(pSigner, pbAuthData, cbAuthData, cnSignature->v.bytes, cnSignature->length, perr)) goto errorReturn;
+ if (!ECDSA_Verify(pSigner, 256, pbAuthData, cbAuthData, cnSignature->v.bytes, cnSignature->length, perr)) goto errorReturn;
+ break;
+
+ case COSE_Algorithm_ECDSA_SHA_384:
+ if (!ECDSA_Verify(pSigner, 384, pbAuthData, cbAuthData, cnSignature->v.bytes, cnSignature->length, perr)) goto errorReturn;
+ break;
+
+ case COSE_Algorithm_ECDSA_SHA_512:
+ if (!ECDSA_Verify(pSigner, 512, pbAuthData, cbAuthData, cnSignature->v.bytes, cnSignature->length, perr)) goto errorReturn;
break;
default:
diff --git a/src/cose.h b/src/cose.h
index aafe457..907f1c8 100644
--- a/src/cose.h
+++ b/src/cose.h
@@ -52,8 +52,8 @@
// Generic functions for the COSE library
-HCOSE COSE_Decode(const byte * rgbData, int cbData, int * type, COSE_object_type struct_type, CBOR_CONTEXT_COMMA cose_errback * perr); // Decode the object
-size_t COSE_Encode(HCOSE msg, byte * rgb, int ib, size_t cb);
+HCOSE COSE_Decode(const byte * rgbData, size_t cbData, int * type, COSE_object_type struct_type, CBOR_CONTEXT_COMMA cose_errback * perr); // Decode the object
+size_t COSE_Encode(HCOSE msg, byte * rgb, size_t ib, size_t cb);
cn_cbor * COSE_get_cbor(HCOSE hmsg);
@@ -119,7 +119,10 @@
COSE_Algorithm_PS256 = -26,
COSE_Algorithm_PS384 = -27,
COSE_Algorithm_PS512 = -28,
+
COSE_Algorithm_ECDSA_SHA_256 = -7,
+ COSE_Algorithm_ECDSA_SHA_384 = -8,
+ COSE_Algorithm_ECDSA_SHA_512 = -9,
} COSE_Algorithms;
typedef enum {
diff --git a/src/crypto.h b/src/crypto.h
index af46cdc..52f84f1 100644
--- a/src/crypto.h
+++ b/src/crypto.h
@@ -56,7 +56,7 @@
* @return Did the function succeed?
*/
bool ECDSA_Sign(COSE_SignerInfo * pSigner, const byte * rgbToSign, size_t cbToSign, cose_errback * perr);
-bool ECDSA_Verify(COSE_SignerInfo * pSigner, const byte * rgbToSign, size_t cbToSign, const byte * rgbSig, size_t cbSig, cose_errback * perr);
+bool ECDSA_Verify(COSE_SignerInfo * pSigner, int cbitsDigest, const byte * rgbToSign, size_t cbToSign, const byte * rgbSig, size_t cbSig, cose_errback * perr);
/**
* Generate random bytes in a buffer
diff --git a/src/openssl.c b/src/openssl.c
index 0bd5ae6..560d766 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -736,34 +736,44 @@
return true;
}
-bool ECDSA_Verify(COSE_SignerInfo * pSigner, const byte * rgbToSign, size_t cbToSign, const byte * rgbSignature, size_t cbSignature, cose_errback * perr)
+bool ECDSA_Verify(COSE_SignerInfo * pSigner, int cbitDigest, const byte * rgbToSign, size_t cbToSign, const byte * rgbSignature, size_t cbSignature, cose_errback * perr)
{
EC_KEY * eckey = NULL;
byte rgbDigest[EVP_MAX_MD_SIZE];
unsigned int cbDigest = sizeof(rgbDigest);
+ const EVP_MD * digest;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pSigner->m_message.m_allocContext;
#endif
cn_cbor * p = NULL;
+ ECDSA_SIG sig = { NULL, NULL };
eckey = ECKey_From(pSigner->m_pkey, perr);
if (eckey == NULL) {
errorReturn:
+ if (sig.r != NULL) BN_free(sig.r);
+ if (sig.s != NULL) BN_free(sig.s);
if (p != NULL) CN_CBOR_FREE(p, context);
if (eckey != NULL) EC_KEY_free(eckey);
return false;
}
- EVP_Digest(rgbToSign, cbToSign, rgbDigest, &cbDigest, EVP_sha256(), NULL);
+ switch (cbitDigest) {
+ case 256: digest = EVP_sha256(); break;
+ case 512: digest = EVP_sha512(); break;
+ case 384: digest = EVP_sha384(); break;
+ default:
+ FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
+ }
+ EVP_Digest(rgbToSign, cbToSign, rgbDigest, &cbDigest, digest, NULL);
- ECDSA_SIG sig;
sig.r = BN_bin2bn(rgbSignature,(int) cbSignature/2, NULL);
sig.s = BN_bin2bn(rgbSignature+cbSignature/2, (int) cbSignature/2, NULL);
CHECK_CONDITION(ECDSA_do_verify(rgbDigest, cbDigest, &sig, eckey) == 1, COSE_ERR_CRYPTO_FAIL);
- //BN_FREE(sig.r);
- //BN_FREE(sig.s);
+ BN_free(sig.r);
+ BN_free(sig.s);
return true;
}
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index 05496f0..0c6d4cb 100644
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -31,7 +31,9 @@
add_test ( NAME cose_test COMMAND cose_test )
add_test ( NAME mac-02 WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} COMMAND cose_test Examples/spec-examples/Mac-02.json )
add_test ( NAME mac-04 WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} COMMAND cose_test Examples/spec-examples/Mac-04.json )
+
add_test ( NAME sig-01 WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} COMMAND cose_test Examples/spec-examples/Sig-01.json )
+add_test ( NAME sig-02 WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} COMMAND cose_test Examples/spec-examples/Sig-02.json )
add_test ( NAME sig-03 WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} COMMAND cose_test Examples/spec-examples/Sig-03.json )
add_test ( NAME sig-04 WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} COMMAND cose_test Examples/spec-examples/Sig-04.json )
diff --git a/test/encrypt.c b/test/encrypt.c
index 18ac857..863bbad 100644
--- a/test/encrypt.c
+++ b/test/encrypt.c
@@ -13,7 +13,7 @@
#include "context.h"
-int _ValidateEnveloped(const cn_cbor * pControl, const byte * pbEncoded, int cbEncoded)
+int _ValidateEnveloped(const cn_cbor * pControl, const byte * pbEncoded, size_t cbEncoded)
{
const cn_cbor * pInput = cn_cbor_mapget_string(pControl, "input");
const cn_cbor * pFail;
diff --git a/test/test.c b/test/test.c
index 4f11f60..f70f0bb 100644
--- a/test/test.c
+++ b/test/test.c
@@ -58,7 +58,7 @@
{"P-512", 3}
};
-int MapName(const cn_cbor * p, NameMap * rgMap, int cMap)
+int MapName(const cn_cbor * p, NameMap * rgMap, unsigned int cMap)
{
unsigned int i;
@@ -273,7 +273,7 @@
return pKeyOut;
}
-int _ValidateMAC(const cn_cbor * pControl, const byte * pbEncoded, int cbEncoded)
+int _ValidateMAC(const cn_cbor * pControl, const byte * pbEncoded, size_t cbEncoded)
{
const cn_cbor * pInput = cn_cbor_mapget_string(pControl, "input");
const cn_cbor * pFail;