src/Recipient.c - third_party/github/cose-wg/COSE-C - Git at Google

 #include <stdlib.h>
 #include <memory.h>

 #include "cose.h"
 #include "cose_int.h"
 #include "configure.h"
 #include "crypto.h"

 bool IsValidRecipientHandle(HCOSE_RECIPIENT h)
 {
 	if (h == NULL) return false;
 	return true;
 }

 HCOSE_RECIPIENT COSE_Recipient_Init(CBOR_CONTEXT_COMMA cose_errback * perror)
 {
 	COSE_RecipientInfo * pobj = (COSE_RecipientInfo *)COSE_CALLOC(1, sizeof(COSE_RecipientInfo), context);
 	if (pobj == NULL) {
 		if (perror != NULL) perror->err = COSE_ERR_OUT_OF_MEMORY;
 		return NULL;
 	}

 	if (!_COSE_Init(&pobj->m_encrypt.m_message, COSE_recipient_object, CBOR_CONTEXT_PARAM_COMMA perror)) {
 		COSE_Recipient_Free((HCOSE_RECIPIENT)pobj);
 		return NULL;
 	}

 	return (HCOSE_RECIPIENT)pobj;
 }

 bool COSE_Recipient_Free(HCOSE_RECIPIENT hRecipient)
 {
 	if (IsValidRecipientHandle(hRecipient)) {

 		_COSE_Recipient_Free((COSE_RecipientInfo *)hRecipient);
 		return true;
 	}

 	return false;
 }


 HCOSE_RECIPIENT COSE_Encrypt_GetRecipient(HCOSE_ENCRYPT cose, int iRecipient, cose_errback * perr)
 {
 	int i;
 	COSE_RecipientInfo * p;

 	if (!IsValidEncryptHandle(cose)) {
 		if (perr != NULL) perr->err = COSE_ERR_INVALID_PARAMETER;
 		return NULL;
 	}

 	p = ((COSE_Encrypt *)cose)->m_recipientFirst;
 	for (i = 0; i < iRecipient; i++) {
 		if (p == NULL) {
 			if (perr != NULL) perr->err = COSE_ERR_INVALID_PARAMETER;
 			return NULL;
 		}
 		p = p->m_recipientNext;
 	}
 	return (HCOSE_RECIPIENT)p;
 }

 COSE_RecipientInfo * _COSE_Recipient_Init_From_Object(cn_cbor * cbor, CBOR_CONTEXT_COMMA cose_errback * perr)
 {
 	COSE_RecipientInfo * pRecipient = NULL;

 	pRecipient = (COSE_RecipientInfo *)COSE_CALLOC(1, sizeof(COSE_RecipientInfo), context);
 	CHECK_CONDITION(pRecipient != NULL, COSE_ERR_OUT_OF_MEMORY);

 #ifdef USE_ARRAY
 	CHECK_CONDITION(cbor->type == CN_CBOR_ARRAY, COSE_ERR_INVALID_PARAMETER);
 #else
 	if (cbor->type != CN_CBOR_MAP) {
 		if (errp != NULL) errp->err = COSE_ERR_INVALID_PARAMETER;
 		COSE_FREE(pRecipient, context);
 		return NULL;
 	}
 #endif

 	if (_COSE_Encrypt_Init_From_Object(cbor, &pRecipient->m_encrypt, CBOR_CONTEXT_PARAM_COMMA perr) == NULL) {
 		goto errorReturn;
 	}

 	return pRecipient;

 errorReturn:
 	_COSE_Recipient_Free(pRecipient);
 	return NULL;
 }

 void _COSE_Recipient_Free(COSE_RecipientInfo * pRecipient)
 {
 	COSE_FREE(pRecipient, &pRecipient->m_encrypt.m_message.m_allocContext);

 	return;
 }

 bool _COSE_Recipient_decrypt(COSE_RecipientInfo * pRecip, int cbitKey, byte * pbKeyIn, cose_errback * perr)
 {
 	int alg;
 	const cn_cbor * cn = NULL;
 	COSE_RecipientInfo * pRecip2;
 	byte * pbKey = pbKeyIn;
 #ifdef USE_CBOR_CONTEXT
 	cn_cbor_context * context;
 #endif
 	byte * pbAuthData = NULL;
 	ssize_t cbAuthData;
 	cn_cbor * pAuthData = NULL;
 	byte * pbProtected = NULL;
 	ssize_t cbProtected;
 	COSE_Encrypt * pcose = &pRecip->m_encrypt;

 #ifdef USE_CBOR_CONTEXT
 	context = &pcose->m_message.m_allocContext;
 #endif

 	cn = _COSE_map_get_int(&pRecip->m_encrypt.m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
 	if (cn == NULL) {
 	error:
 	errorReturn:
 		if (pbProtected != NULL) COSE_FREE(pbProtected, context);
 		if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
 		if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
 		if ((pbKey != NULL) && (pbKeyIn == NULL)) {
 			memset(pbKey, 0xff, cbitKey / 8);
 			COSE_FREE(pbKey, context);
 		}
 		return false;
 	}
 	CHECK_CONDITION((cn->type == CN_CBOR_UINT) || (cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
 	alg = (int)cn->v.uint;

 	CHECK_CONDITION(pbKey != NULL, COSE_ERR_INVALID_PARAMETER);

 	switch (alg) {
 	case COSE_Algorithm_Direct:
 		CHECK_CONDITION((pcose->pbKey != NULL) || (pRecip->m_pkey != NULL), COSE_ERR_INVALID_PARAMETER);
 		if (pRecip->m_pkey != NULL) {
 			cn = cn_cbor_mapget_int(pRecip->m_pkey, -1);
 			CHECK_CONDITION((cn != NULL) && (cn->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
 			CHECK_CONDITION((cn->length == (unsigned int)cbitKey / 8), COSE_ERR_INVALID_PARAMETER);
 			memcpy(pbKey, cn->v.bytes, cn->length);

 			return true;
 		}
 		CHECK_CONDITION(pcose->cbKey == (unsigned int)cbitKey / 8, COSE_ERR_INVALID_PARAMETER);
 		memcpy(pbKey, pcose->pbKey, pcose->cbKey);
 		return true;

 	case COSE_Algorithm_AES_KW_128:
 	case COSE_Algorithm_AES_KW_192:
 	case COSE_Algorithm_AES_KW_256:
 		break;

 	default:
 		FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
 		break;
 	}

 	//  Allocate the key if we have not already done so

 	if (pbKey == NULL) {
 		pbKey = COSE_CALLOC(cbitKey / 8, 1, context);
 		CHECK_CONDITION(pbKey != NULL, COSE_ERR_OUT_OF_MEMORY);
 	}

 	//  If there is a recipient - ask it for the key

 	for (pRecip2 = pcose->m_recipientFirst; pRecip2 != NULL; pRecip2 = pRecip->m_recipientNext) {
 		if (_COSE_Recipient_decrypt(pRecip2, cbitKey, pbKey, perr)) break;
 	}

 	switch (alg) {
 	case COSE_Algorithm_AES_KW_128:
 	case COSE_Algorithm_AES_KW_256:
 		CHECK_CONDITION((pcose->pbKey != NULL) || (pRecip->m_pkey != NULL), COSE_ERR_INVALID_PARAMETER);
 		if (pRecip->m_pkey != NULL) {
 			int x = cbitKey / 8;
 			cn = cn_cbor_mapget_int(pRecip->m_pkey, -1);
 			CHECK_CONDITION((cn != NULL) && (cn->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);

 		return 			AES_KW_Decrypt(pcose, cn->v.bytes, cn->length*8, pbKey, &x, perr);
 		}
 		CHECK_CONDITION(pcose->cbKey == (unsigned int)cbitKey / 8, COSE_ERR_INVALID_PARAMETER);
 		memcpy(pbKey, pcose->pbKey, pcose->cbKey);
 		return true;

 		break;

 	default:
 		FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
 		break;
 	}

 	return true;
 }

 byte RgbDontUse9[8 * 1024];

 bool _COSE_Recipient_encrypt(COSE_RecipientInfo * pRecipient, const byte * pbContent, size_t cbContent, cose_errback * perr)
 {
 	int alg;
 	int t;
 	COSE_RecipientInfo * pri;
 	const cn_cbor * cn_Alg = NULL;
 	byte * pbAuthData = NULL;
 	cn_cbor * pAuthData = NULL;
 	cn_cbor * ptmp = NULL;
 	size_t cbitKey;
 #ifdef USE_CBOR_CONTEXT
 	cn_cbor_context * context = NULL;
 #endif
 	cn_cbor_errback cbor_error;

 #ifdef USE_CBOR_CONTEXT
 	context = &pRecipient->m_encrypt.m_message.m_allocContext;
 #endif // USE_CBOR_CONTEXT

 	cn_Alg = _COSE_map_get_int(&pRecipient->m_encrypt.m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
 	if (cn_Alg == NULL) goto errorReturn;

 	CHECK_CONDITION((cn_Alg->type == CN_CBOR_UINT) || (cn_Alg->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
 	alg = (int)cn_Alg->v.uint;

 	//  Get the key size

 	switch (alg) {
 	case COSE_Algorithm_Direct:
 		//  This is a NOOP
 		cbitKey = 0;
 		CHECK_CONDITION(pRecipient->m_encrypt.m_recipientFirst == NULL, COSE_ERR_INVALID_PARAMETER);
 		break;

 	case COSE_Algorithm_AES_KW_128:
 		cbitKey = 128;
 		break;

 	case COSE_Algorithm_AES_KW_192:
 		cbitKey = 192;
 		break;

 	case COSE_Algorithm_AES_KW_256:
 		cbitKey = 256;
 		break;

 	default:
 		FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
 	}

 	//  If we are doing direct encryption - then recipient generates the key

 	if ((pRecipient->m_encrypt.m_recipientFirst != NULL) && ( pRecipient->m_encrypt.pbKey == NULL)) {
 		t = 0;
 		for (pri = pRecipient->m_encrypt.m_recipientFirst; pri != NULL; pri = pri->m_recipientNext) {
 			if (pri->m_encrypt.m_message.m_flags & 1) {
 				t |= 1;
 				pRecipient->m_encrypt.pbKey = _COSE_RecipientInfo_generateKey(pri, cbitKey, perr);
 				if (pRecipient->m_encrypt.pbKey == NULL) goto errorReturn;
 				pRecipient->m_encrypt.cbKey = cbitKey / 8;
 			}
 			else {
 				t |= 2;
 			}
 		}
 		CHECK_CONDITION(t != 3, COSE_ERR_INVALID_PARAMETER);
 	}

 	//   Do we need to generate a random key at this point -
 	//   This is only true if we both haven't done it and and we have a recipient to encrypt it.

 	if ((pRecipient->m_pkey!= NULL) && (pRecipient->m_encrypt.pbKey == NULL)) {
 		pRecipient->m_encrypt.pbKey = (byte *)COSE_CALLOC(cbitKey / 8, 1, context);
 		CHECK_CONDITION(pRecipient->m_encrypt.pbKey != NULL, COSE_ERR_OUT_OF_MEMORY);
 		pRecipient->m_encrypt.cbKey = cbitKey / 8;
 		rand_bytes(pRecipient->m_encrypt.pbKey, pRecipient->m_encrypt.cbKey);
 	}

 	//  Build protected headers

 	const cn_cbor * cbProtected = _COSE_encode_protected(&pRecipient->m_encrypt.m_message, perr);
 	if (cbProtected == NULL) goto errorReturn;

 	//  Build authenticated data
 	ssize_t cbAuthData = 0;
 	pbAuthData = NULL;
 	pAuthData = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error);
 	CHECK_CONDITION_CBOR(pAuthData != NULL, cbor_error);

 	ptmp = cn_cbor_data_create(cbProtected->v.bytes, (int)cbProtected->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
 	CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
 	CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
 	ptmp = NULL;

 	ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
 	CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
 	CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
 	ptmp = NULL;

 	cbAuthData = cn_cbor_encoder_write(RgbDontUse9, 0, sizeof(RgbDontUse9), pAuthData);
 	pbAuthData = (byte *)COSE_CALLOC(cbAuthData, 1, context);
 	CHECK_CONDITION(pbAuthData != NULL, COSE_ERR_OUT_OF_MEMORY);
 	CHECK_CONDITION(cn_cbor_encoder_write(pbAuthData, 0, cbAuthData, pAuthData) == cbAuthData, COSE_ERR_CBOR);

 	switch (alg) {

 	case COSE_Algorithm_Direct:
 		ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
 		CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
 		CHECK_CONDITION_CBOR(_COSE_array_replace(&pRecipient->m_encrypt.m_message, ptmp, INDEX_BODY, CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error);
 		break;

 	case COSE_Algorithm_AES_KW_256:
 		if (pRecipient->m_pkey != NULL) {
 			cn_cbor * pK = cn_cbor_mapget_int(pRecipient->m_pkey, -1);
 			CHECK_CONDITION(pK != NULL, COSE_ERR_INVALID_PARAMETER);
 			if (!AES_KW_Encrypt(pRecipient, pK->v.bytes, (int) pK->length*8, pbContent, (int) cbContent, perr)) goto errorReturn;
 		}
 		else {
 			if (!AES_KW_Encrypt(pRecipient, NULL, 0, pbContent, (int) cbContent, perr)) goto errorReturn;
 		}
 		break;

 	default:
 		FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
 	}

 	for (pri = pRecipient->m_encrypt.m_recipientFirst; pri != NULL; pri = pri->m_recipientNext) {
 		if (!_COSE_Recipient_encrypt(pri, pRecipient->m_encrypt.pbKey, pRecipient->m_encrypt.cbKey, perr)) goto errorReturn;
 	}

 	//  Figure out the clean up

 	if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
 	if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);

 	return true;

 errorReturn:
 	if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
 	if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
 	if (ptmp != NULL) cn_cbor_free(ptmp CBOR_CONTEXT_PARAM);
 	return false;
 }

 byte * _COSE_RecipientInfo_generateKey(COSE_RecipientInfo * pRecipient, size_t cbitKeySize, cose_errback * perr)
 {
 	int alg;
 	const cn_cbor * cn_Alg = _COSE_map_get_int(&pRecipient->m_encrypt.m_message, COSE_Header_Algorithm, COSE_BOTH, perr);

 	CHECK_CONDITION(cn_Alg != NULL, COSE_ERR_INVALID_PARAMETER);
 	CHECK_CONDITION((cn_Alg->type == CN_CBOR_UINT) || (cn_Alg->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
 	alg = (int)cn_Alg->v.uint;

 	switch (alg) {
 	case COSE_Algorithm_Direct:
 	{
 		byte * pb;
 		if (pRecipient->m_pkey != NULL) {
 			const cn_cbor * pK = cn_cbor_mapget_int(pRecipient->m_pkey, -1);
 			CHECK_CONDITION((pK != NULL) && (pK->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
 			CHECK_CONDITION(pK->length == cbitKeySize / 8, COSE_ERR_INVALID_PARAMETER);
 			pb = COSE_CALLOC(cbitKeySize / 8, 1, &pRecipient->m_encrypt.m_message.m_allocContext);
 			CHECK_CONDITION(pb != NULL, COSE_ERR_OUT_OF_MEMORY);
 			memcpy(pb, pK->v.bytes, cbitKeySize / 8);
 		}
 		else {
 			if (pRecipient->m_encrypt.cbKey != cbitKeySize / 8) return NULL;
 			pb = (byte *)malloc(cbitKeySize / 8);
 			if (pb == NULL) return NULL;
 			memcpy(pb, pRecipient->m_encrypt.pbKey, cbitKeySize / 8);
 		}
 		return pb;
 	}
 	break;

 	case COSE_Algorithm_ECDH_SS_HKDF_256: {
 		//  Need to have a key and it needs to be the correct type of key.
 		if ((pRecipient->m_pkey == NULL) || (cn_cbor_mapget_int(pRecipient->m_pkey, 1)->v.uint != 2)) return NULL;
 		break;
 	}

 	default:
 		return NULL;
 	}

 errorReturn:
 	return NULL;
 }

 bool COSE_Recipient_SetKey_secret(HCOSE_RECIPIENT h, const byte * pbKey, int cbKey, cose_errback * perror)
 {
 	COSE_RecipientInfo * p;

 	if (!IsValidRecipientHandle(h) || (pbKey == NULL)) {
 		if (perror != NULL) perror->err = COSE_ERR_CBOR;
 		return false;
 	}

 	p = (COSE_RecipientInfo *)h;

 	p->m_encrypt.pbKey = (byte *)COSE_CALLOC(cbKey, 1, &p->m_encrypt.m_message.m_allocContext);
 	if (p->m_encrypt.pbKey == NULL) {
 		if (perror != NULL) perror->err = COSE_ERR_OUT_OF_MEMORY;
 		return false;
 	}

 	memcpy(p->m_encrypt.pbKey, pbKey, cbKey);
 	p->m_encrypt.cbKey = cbKey;

 	return true;
 }

 bool COSE_Recipient_SetKey(HCOSE_RECIPIENT h, const cn_cbor * pKey, cose_errback * perror)
 {
 	COSE_RecipientInfo * p;

 	if (!IsValidRecipientHandle(h) || (pKey == NULL)) {
 		if (perror != NULL) perror->err = COSE_ERR_INVALID_PARAMETER;
 		return false;
 	}


 	p = (COSE_RecipientInfo *)h;
 	p->m_pkey = pKey;

 	return true;
 }

 bool COSE_Recipient_map_put(HCOSE_RECIPIENT h, int key, cn_cbor * value, int flags, cose_errback * perror)
 {
 	if (!IsValidRecipientHandle(h) || (value == NULL)) {
 		if (perror != NULL) perror->err = COSE_ERR_INVALID_PARAMETER;
 		return false;
 	}

 	if (!_COSE_map_put(&((COSE_RecipientInfo *)h)->m_encrypt.m_message, key, value, flags, perror)) return false;

 	if (key == COSE_Header_Algorithm) {
 		if (value->type == CN_CBOR_INT) {
 			switch (value->v.uint) {
 			case COSE_Algorithm_Direct:
 			case COSE_Algorithm_ECDH_ES_HKDF_256:
 			case COSE_Algorithm_ECDH_ES_HKDF_512:
 				((COSE_RecipientInfo *)h)->m_encrypt.m_message.m_flags |= 1;
 				break;

 			default:
 				((COSE_RecipientInfo *)h)->m_encrypt.m_message.m_flags &= ~1;
 				break;
 			}
 		}
 		else {
 			((COSE_RecipientInfo *)h)->m_encrypt.m_message.m_flags &= ~1;
 		}
 	}

 	return true;
 }
	#include <stdlib.h>
	#include <memory.h>

	#include "cose.h"
	#include "cose_int.h"
	#include "configure.h"
	#include "crypto.h"

	bool IsValidRecipientHandle(HCOSE_RECIPIENT h)
	{
	if (h == NULL) return false;
	return true;
	}

	HCOSE_RECIPIENT COSE_Recipient_Init(CBOR_CONTEXT_COMMA cose_errback * perror)
	{
	COSE_RecipientInfo * pobj = (COSE_RecipientInfo *)COSE_CALLOC(1, sizeof(COSE_RecipientInfo), context);
	if (pobj == NULL) {
	if (perror != NULL) perror->err = COSE_ERR_OUT_OF_MEMORY;
	return NULL;
	}

	if (!_COSE_Init(&pobj->m_encrypt.m_message, COSE_recipient_object, CBOR_CONTEXT_PARAM_COMMA perror)) {
	COSE_Recipient_Free((HCOSE_RECIPIENT)pobj);
	return NULL;
	}

	return (HCOSE_RECIPIENT)pobj;
	}

	bool COSE_Recipient_Free(HCOSE_RECIPIENT hRecipient)
	{
	if (IsValidRecipientHandle(hRecipient)) {

	_COSE_Recipient_Free((COSE_RecipientInfo *)hRecipient);
	return true;
	}

	return false;
	}


	HCOSE_RECIPIENT COSE_Encrypt_GetRecipient(HCOSE_ENCRYPT cose, int iRecipient, cose_errback * perr)
	{
	int i;
	COSE_RecipientInfo * p;

	if (!IsValidEncryptHandle(cose)) {
	if (perr != NULL) perr->err = COSE_ERR_INVALID_PARAMETER;
	return NULL;
	}

	p = ((COSE_Encrypt *)cose)->m_recipientFirst;
	for (i = 0; i < iRecipient; i++) {
	if (p == NULL) {
	if (perr != NULL) perr->err = COSE_ERR_INVALID_PARAMETER;
	return NULL;
	}
	p = p->m_recipientNext;
	}
	return (HCOSE_RECIPIENT)p;
	}

	COSE_RecipientInfo * _COSE_Recipient_Init_From_Object(cn_cbor * cbor, CBOR_CONTEXT_COMMA cose_errback * perr)
	{
	COSE_RecipientInfo * pRecipient = NULL;

	pRecipient = (COSE_RecipientInfo *)COSE_CALLOC(1, sizeof(COSE_RecipientInfo), context);
	CHECK_CONDITION(pRecipient != NULL, COSE_ERR_OUT_OF_MEMORY);

	#ifdef USE_ARRAY
	CHECK_CONDITION(cbor->type == CN_CBOR_ARRAY, COSE_ERR_INVALID_PARAMETER);
	#else
	if (cbor->type != CN_CBOR_MAP) {
	if (errp != NULL) errp->err = COSE_ERR_INVALID_PARAMETER;
	COSE_FREE(pRecipient, context);
	return NULL;
	}
	#endif

	if (_COSE_Encrypt_Init_From_Object(cbor, &pRecipient->m_encrypt, CBOR_CONTEXT_PARAM_COMMA perr) == NULL) {
	goto errorReturn;
	}

	return pRecipient;

	errorReturn:
	_COSE_Recipient_Free(pRecipient);
	return NULL;
	}

	void _COSE_Recipient_Free(COSE_RecipientInfo * pRecipient)
	{
	COSE_FREE(pRecipient, &pRecipient->m_encrypt.m_message.m_allocContext);

	return;
	}

	bool _COSE_Recipient_decrypt(COSE_RecipientInfo * pRecip, int cbitKey, byte * pbKeyIn, cose_errback * perr)
	{
	int alg;
	const cn_cbor * cn = NULL;
	COSE_RecipientInfo * pRecip2;
	byte * pbKey = pbKeyIn;
	#ifdef USE_CBOR_CONTEXT
	cn_cbor_context * context;
	#endif
	byte * pbAuthData = NULL;
	ssize_t cbAuthData;
	cn_cbor * pAuthData = NULL;
	byte * pbProtected = NULL;
	ssize_t cbProtected;
	COSE_Encrypt * pcose = &pRecip->m_encrypt;

	#ifdef USE_CBOR_CONTEXT
	context = &pcose->m_message.m_allocContext;
	#endif

	cn = _COSE_map_get_int(&pRecip->m_encrypt.m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
	if (cn == NULL) {
	error:
	errorReturn:
	if (pbProtected != NULL) COSE_FREE(pbProtected, context);
	if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
	if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
	if ((pbKey != NULL) && (pbKeyIn == NULL)) {
	memset(pbKey, 0xff, cbitKey / 8);
	COSE_FREE(pbKey, context);
	}
	return false;
	}
	CHECK_CONDITION((cn->type == CN_CBOR_UINT) \|\| (cn->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
	alg = (int)cn->v.uint;

	CHECK_CONDITION(pbKey != NULL, COSE_ERR_INVALID_PARAMETER);

	switch (alg) {
	case COSE_Algorithm_Direct:
	CHECK_CONDITION((pcose->pbKey != NULL) \|\| (pRecip->m_pkey != NULL), COSE_ERR_INVALID_PARAMETER);
	if (pRecip->m_pkey != NULL) {
	cn = cn_cbor_mapget_int(pRecip->m_pkey, -1);
	CHECK_CONDITION((cn != NULL) && (cn->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
	CHECK_CONDITION((cn->length == (unsigned int)cbitKey / 8), COSE_ERR_INVALID_PARAMETER);
	memcpy(pbKey, cn->v.bytes, cn->length);

	return true;
	}
	CHECK_CONDITION(pcose->cbKey == (unsigned int)cbitKey / 8, COSE_ERR_INVALID_PARAMETER);
	memcpy(pbKey, pcose->pbKey, pcose->cbKey);
	return true;

	case COSE_Algorithm_AES_KW_128:
	case COSE_Algorithm_AES_KW_192:
	case COSE_Algorithm_AES_KW_256:
	break;

	default:
	FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
	break;
	}

	// Allocate the key if we have not already done so

	if (pbKey == NULL) {
	pbKey = COSE_CALLOC(cbitKey / 8, 1, context);
	CHECK_CONDITION(pbKey != NULL, COSE_ERR_OUT_OF_MEMORY);
	}

	// If there is a recipient - ask it for the key

	for (pRecip2 = pcose->m_recipientFirst; pRecip2 != NULL; pRecip2 = pRecip->m_recipientNext) {
	if (_COSE_Recipient_decrypt(pRecip2, cbitKey, pbKey, perr)) break;
	}

	switch (alg) {
	case COSE_Algorithm_AES_KW_128:
	case COSE_Algorithm_AES_KW_256:
	CHECK_CONDITION((pcose->pbKey != NULL) \|\| (pRecip->m_pkey != NULL), COSE_ERR_INVALID_PARAMETER);
	if (pRecip->m_pkey != NULL) {
	int x = cbitKey / 8;
	cn = cn_cbor_mapget_int(pRecip->m_pkey, -1);
	CHECK_CONDITION((cn != NULL) && (cn->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);

	return AES_KW_Decrypt(pcose, cn->v.bytes, cn->length*8, pbKey, &x, perr);
	}
	CHECK_CONDITION(pcose->cbKey == (unsigned int)cbitKey / 8, COSE_ERR_INVALID_PARAMETER);
	memcpy(pbKey, pcose->pbKey, pcose->cbKey);
	return true;

	break;

	default:
	FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
	break;
	}

	return true;
	}

	byte RgbDontUse9[8 * 1024];

	bool _COSE_Recipient_encrypt(COSE_RecipientInfo * pRecipient, const byte * pbContent, size_t cbContent, cose_errback * perr)
	{
	int alg;
	int t;
	COSE_RecipientInfo * pri;
	const cn_cbor * cn_Alg = NULL;
	byte * pbAuthData = NULL;
	cn_cbor * pAuthData = NULL;
	cn_cbor * ptmp = NULL;
	size_t cbitKey;
	#ifdef USE_CBOR_CONTEXT
	cn_cbor_context * context = NULL;
	#endif
	cn_cbor_errback cbor_error;

	#ifdef USE_CBOR_CONTEXT
	context = &pRecipient->m_encrypt.m_message.m_allocContext;
	#endif // USE_CBOR_CONTEXT

	cn_Alg = _COSE_map_get_int(&pRecipient->m_encrypt.m_message, COSE_Header_Algorithm, COSE_BOTH, perr);
	if (cn_Alg == NULL) goto errorReturn;

	CHECK_CONDITION((cn_Alg->type == CN_CBOR_UINT) \|\| (cn_Alg->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
	alg = (int)cn_Alg->v.uint;

	// Get the key size

	switch (alg) {
	case COSE_Algorithm_Direct:
	// This is a NOOP
	cbitKey = 0;
	CHECK_CONDITION(pRecipient->m_encrypt.m_recipientFirst == NULL, COSE_ERR_INVALID_PARAMETER);
	break;

	case COSE_Algorithm_AES_KW_128:
	cbitKey = 128;
	break;

	case COSE_Algorithm_AES_KW_192:
	cbitKey = 192;
	break;

	case COSE_Algorithm_AES_KW_256:
	cbitKey = 256;
	break;

	default:
	FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
	}

	// If we are doing direct encryption - then recipient generates the key

	if ((pRecipient->m_encrypt.m_recipientFirst != NULL) && ( pRecipient->m_encrypt.pbKey == NULL)) {
	t = 0;
	for (pri = pRecipient->m_encrypt.m_recipientFirst; pri != NULL; pri = pri->m_recipientNext) {
	if (pri->m_encrypt.m_message.m_flags & 1) {
	t \|= 1;
	pRecipient->m_encrypt.pbKey = _COSE_RecipientInfo_generateKey(pri, cbitKey, perr);
	if (pRecipient->m_encrypt.pbKey == NULL) goto errorReturn;
	pRecipient->m_encrypt.cbKey = cbitKey / 8;
	}
	else {
	t \|= 2;
	}
	}
	CHECK_CONDITION(t != 3, COSE_ERR_INVALID_PARAMETER);
	}

	// Do we need to generate a random key at this point -
	// This is only true if we both haven't done it and and we have a recipient to encrypt it.

	if ((pRecipient->m_pkey!= NULL) && (pRecipient->m_encrypt.pbKey == NULL)) {
	pRecipient->m_encrypt.pbKey = (byte *)COSE_CALLOC(cbitKey / 8, 1, context);
	CHECK_CONDITION(pRecipient->m_encrypt.pbKey != NULL, COSE_ERR_OUT_OF_MEMORY);
	pRecipient->m_encrypt.cbKey = cbitKey / 8;
	rand_bytes(pRecipient->m_encrypt.pbKey, pRecipient->m_encrypt.cbKey);
	}

	// Build protected headers

	const cn_cbor * cbProtected = _COSE_encode_protected(&pRecipient->m_encrypt.m_message, perr);
	if (cbProtected == NULL) goto errorReturn;

	// Build authenticated data
	ssize_t cbAuthData = 0;
	pbAuthData = NULL;
	pAuthData = cn_cbor_array_create(CBOR_CONTEXT_PARAM_COMMA &cbor_error);
	CHECK_CONDITION_CBOR(pAuthData != NULL, cbor_error);

	ptmp = cn_cbor_data_create(cbProtected->v.bytes, (int)cbProtected->length, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
	CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
	CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
	ptmp = NULL;

	ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
	CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
	CHECK_CONDITION_CBOR(cn_cbor_array_append(pAuthData, ptmp, &cbor_error), cbor_error);
	ptmp = NULL;

	cbAuthData = cn_cbor_encoder_write(RgbDontUse9, 0, sizeof(RgbDontUse9), pAuthData);
	pbAuthData = (byte *)COSE_CALLOC(cbAuthData, 1, context);
	CHECK_CONDITION(pbAuthData != NULL, COSE_ERR_OUT_OF_MEMORY);
	CHECK_CONDITION(cn_cbor_encoder_write(pbAuthData, 0, cbAuthData, pAuthData) == cbAuthData, COSE_ERR_CBOR);

	switch (alg) {

	case COSE_Algorithm_Direct:
	ptmp = cn_cbor_data_create(NULL, 0, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
	CHECK_CONDITION_CBOR(ptmp != NULL, cbor_error);
	CHECK_CONDITION_CBOR(_COSE_array_replace(&pRecipient->m_encrypt.m_message, ptmp, INDEX_BODY, CBOR_CONTEXT_PARAM_COMMA &cbor_error), cbor_error);
	break;

	case COSE_Algorithm_AES_KW_256:
	if (pRecipient->m_pkey != NULL) {
	cn_cbor * pK = cn_cbor_mapget_int(pRecipient->m_pkey, -1);
	CHECK_CONDITION(pK != NULL, COSE_ERR_INVALID_PARAMETER);
	if (!AES_KW_Encrypt(pRecipient, pK->v.bytes, (int) pK->length*8, pbContent, (int) cbContent, perr)) goto errorReturn;
	}
	else {
	if (!AES_KW_Encrypt(pRecipient, NULL, 0, pbContent, (int) cbContent, perr)) goto errorReturn;
	}
	break;

	default:
	FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
	}

	for (pri = pRecipient->m_encrypt.m_recipientFirst; pri != NULL; pri = pri->m_recipientNext) {
	if (!_COSE_Recipient_encrypt(pri, pRecipient->m_encrypt.pbKey, pRecipient->m_encrypt.cbKey, perr)) goto errorReturn;
	}

	// Figure out the clean up

	if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
	if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);

	return true;

	errorReturn:
	if (pbAuthData != NULL) COSE_FREE(pbAuthData, context);
	if (pAuthData != NULL) cn_cbor_free(pAuthData CBOR_CONTEXT_PARAM);
	if (ptmp != NULL) cn_cbor_free(ptmp CBOR_CONTEXT_PARAM);
	return false;
	}

	byte * _COSE_RecipientInfo_generateKey(COSE_RecipientInfo * pRecipient, size_t cbitKeySize, cose_errback * perr)
	{
	int alg;
	const cn_cbor * cn_Alg = _COSE_map_get_int(&pRecipient->m_encrypt.m_message, COSE_Header_Algorithm, COSE_BOTH, perr);

	CHECK_CONDITION(cn_Alg != NULL, COSE_ERR_INVALID_PARAMETER);
	CHECK_CONDITION((cn_Alg->type == CN_CBOR_UINT) \|\| (cn_Alg->type == CN_CBOR_INT), COSE_ERR_INVALID_PARAMETER);
	alg = (int)cn_Alg->v.uint;

	switch (alg) {
	case COSE_Algorithm_Direct:
	{
	byte * pb;
	if (pRecipient->m_pkey != NULL) {
	const cn_cbor * pK = cn_cbor_mapget_int(pRecipient->m_pkey, -1);
	CHECK_CONDITION((pK != NULL) && (pK->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
	CHECK_CONDITION(pK->length == cbitKeySize / 8, COSE_ERR_INVALID_PARAMETER);
	pb = COSE_CALLOC(cbitKeySize / 8, 1, &pRecipient->m_encrypt.m_message.m_allocContext);
	CHECK_CONDITION(pb != NULL, COSE_ERR_OUT_OF_MEMORY);
	memcpy(pb, pK->v.bytes, cbitKeySize / 8);
	}
	else {
	if (pRecipient->m_encrypt.cbKey != cbitKeySize / 8) return NULL;
	pb = (byte *)malloc(cbitKeySize / 8);
	if (pb == NULL) return NULL;
	memcpy(pb, pRecipient->m_encrypt.pbKey, cbitKeySize / 8);
	}
	return pb;
	}
	break;

	case COSE_Algorithm_ECDH_SS_HKDF_256: {
	// Need to have a key and it needs to be the correct type of key.
	if ((pRecipient->m_pkey == NULL) \|\| (cn_cbor_mapget_int(pRecipient->m_pkey, 1)->v.uint != 2)) return NULL;
	break;
	}

	default:
	return NULL;
	}

	errorReturn:
	return NULL;
	}

	bool COSE_Recipient_SetKey_secret(HCOSE_RECIPIENT h, const byte * pbKey, int cbKey, cose_errback * perror)
	{
	COSE_RecipientInfo * p;

	if (!IsValidRecipientHandle(h) \|\| (pbKey == NULL)) {
	if (perror != NULL) perror->err = COSE_ERR_CBOR;
	return false;
	}

	p = (COSE_RecipientInfo *)h;

	p->m_encrypt.pbKey = (byte *)COSE_CALLOC(cbKey, 1, &p->m_encrypt.m_message.m_allocContext);
	if (p->m_encrypt.pbKey == NULL) {
	if (perror != NULL) perror->err = COSE_ERR_OUT_OF_MEMORY;
	return false;
	}

	memcpy(p->m_encrypt.pbKey, pbKey, cbKey);
	p->m_encrypt.cbKey = cbKey;

	return true;
	}

	bool COSE_Recipient_SetKey(HCOSE_RECIPIENT h, const cn_cbor * pKey, cose_errback * perror)
	{
	COSE_RecipientInfo * p;

	if (!IsValidRecipientHandle(h) \|\| (pKey == NULL)) {
	if (perror != NULL) perror->err = COSE_ERR_INVALID_PARAMETER;
	return false;
	}



	p = (COSE_RecipientInfo *)h;
	p->m_pkey = pKey;

	return true;
	}

	bool COSE_Recipient_map_put(HCOSE_RECIPIENT h, int key, cn_cbor * value, int flags, cose_errback * perror)
	{
	if (!IsValidRecipientHandle(h) \|\| (value == NULL)) {
	if (perror != NULL) perror->err = COSE_ERR_INVALID_PARAMETER;
	return false;
	}

	if (!_COSE_map_put(&((COSE_RecipientInfo *)h)->m_encrypt.m_message, key, value, flags, perror)) return false;

	if (key == COSE_Header_Algorithm) {
	if (value->type == CN_CBOR_INT) {
	switch (value->v.uint) {
	case COSE_Algorithm_Direct:
	case COSE_Algorithm_ECDH_ES_HKDF_256:
	case COSE_Algorithm_ECDH_ES_HKDF_512:
	((COSE_RecipientInfo *)h)->m_encrypt.m_message.m_flags \|= 1;
	break;

	default:
	((COSE_RecipientInfo *)h)->m_encrypt.m_message.m_flags &= ~1;
	break;
	}
	}
	else {
	((COSE_RecipientInfo *)h)->m_encrypt.m_message.m_flags &= ~1;
	}
	}

	return true;
	}