hotplace rev.350 COSE ECDH-ES/SS+AES-KEYWRAP

princeb612 · Oct 21, 2023 · 5aedcb7 · 5aedcb7
1 parent 9658864
commit 5aedcb7
Show file tree

Hide file tree

Showing 6 changed files with 233 additions and 99 deletions.
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
diff --git a/sdk/crypto/basic/crypto_advisor_hint_cose.cpp b/sdk/crypto/basic/crypto_advisor_hint_cose.cpp
@@ -203,7 +203,7 @@ const hint_cose_algorithm_t hint_cose_algorithms[] = {
         cose_group_t::cose_group_ecdhes_aeskw,
         {
             "sha256",
-            32,
+            16,
         },
         {
             "aes-128-wrap",
@@ -214,8 +214,8 @@ const hint_cose_algorithm_t hint_cose_algorithms[] = {
         crypto_kty_t::kty_ec,
         cose_group_t::cose_group_ecdhes_aeskw,
         {
-            "sha384",
-            48,
+            "sha256",
+            24,
         },
         {
             "aes-192-wrap",
@@ -226,8 +226,8 @@ const hint_cose_algorithm_t hint_cose_algorithms[] = {
         crypto_kty_t::kty_ec,
         cose_group_t::cose_group_ecdhes_aeskw,
         {
-            "sha512",
-            64,
+            "sha256",
+            32,
         },
         {
             "aes-256-wrap",
@@ -239,7 +239,7 @@ const hint_cose_algorithm_t hint_cose_algorithms[] = {
         cose_group_t::cose_group_ecdhss_aeskw,
         {
             "sha256",
-            32,
+            16,
         },
         {
             "aes-128-wrap",
@@ -251,8 +251,8 @@ const hint_cose_algorithm_t hint_cose_algorithms[] = {
         crypto_kty_t::kty_ec,
         cose_group_t::cose_group_ecdhss_aeskw,
         {
-            "sha384",
-            48,
+            "sha256",
+            24,
         },
         {
             "aes-192-wrap",
@@ -264,8 +264,8 @@ const hint_cose_algorithm_t hint_cose_algorithms[] = {
         crypto_kty_t::kty_ec,
         cose_group_t::cose_group_ecdhss_aeskw,
         {
-            "sha512",
-            64,
+            "sha256",
+            32,
         },
         {
             "aes-256-wrap",

diff --git a/sdk/crypto/basic/openssl_ecdh.cpp b/sdk/crypto/basic/openssl_ecdh.cpp
@@ -77,18 +77,18 @@ return_t dh_key_agreement(EVP_PKEY* pkey, EVP_PKEY* peer, binary_t& secret) {
                 ret_test = EVP_PKEY_derive_set_peer(pkey_context, pkey_peer);
                 if (1 > ret_test) {
                     ret = errorcode_t::internal_error;
-                    __leave2;
+                    __leave2_trace_openssl(ret);
                 }
                 ret_test = EVP_PKEY_derive(pkey_context, nullptr, &size_secret);
                 if (1 > ret_test) {
                     ret = errorcode_t::internal_error;
-                    __leave2;
+                    __leave2_trace_openssl(ret);
                 }
                 secret.resize(size_secret);
                 ret_test = EVP_PKEY_derive(pkey_context, &secret[0], &size_secret);
                 if (1 > ret_test) {
                     ret = errorcode_t::internal_error;
-                    __leave2;
+                    __leave2_trace_openssl(ret);
                 }
             }
             __finally2 { EVP_PKEY_free(pkey_peer); }

diff --git a/sdk/crypto/cose/cbor_object_encryption.cpp b/sdk/crypto/cose/cbor_object_encryption.cpp
@@ -537,6 +537,9 @@ return_t cbor_object_encryption::decrypt(cose_context_t* handle, crypto_key* key
             // reversing "AAD_hex", "CEK_hex", "Context_hex", "KEK_hex" from https://github.com/cose-wg/Examples
 
             if (cose_group_t::cose_group_aeskw == group) {
+#if defined DEBUG
+                handle->debug_flag |= cose_debug_aeskw;
+#endif
             } else if (cose_group_t::cose_group_direct == group) {
                 // RFC 8152 12.1. Direct Encryption
                 cek = secret;
@@ -632,6 +635,16 @@ return_t cbor_object_encryption::decrypt(cose_context_t* handle, crypto_key* key
 #if defined DEBUG
             dump_memory(authenticated_data, &bs);
             printf("AAD\n%s\n%s\n", bs.c_str(), base16_encode(authenticated_data).c_str());
+            dump_memory(context, &bs);
+            printf("Context\n%s\n%s\n", bs.c_str(), base16_encode(context).c_str());
+            if (secret.size()) {
+                dump_memory(secret, &bs);
+                printf("secret\n%s\n%s\n", bs.c_str(), base16_encode(secret).c_str());
+            }
+            if (iv.size()) {
+                dump_memory(iv, &bs);
+                printf("IV\n%s\n%s\n", bs.c_str(), base16_encode(iv).c_str());
+            }
             if (kek.size()) {
                 dump_memory(kek, &bs);
                 printf("KEK\n%s\n%s\n", bs.c_str(), base16_encode(kek).c_str());

diff --git a/sdk/crypto/cose/types.hpp b/sdk/crypto/cose/types.hpp
@@ -41,6 +41,7 @@ enum code_debug_flag_t {
     cose_debug_partial_iv = (1 << 1),
     cose_debug_aescmac = (1 << 2),
     cose_debug_chacha20_poly1305 = (1 << 3),
+    cose_debug_aeskw = (1 << 4),
 };
 
 typedef std::map<int, variant_t> cose_variantmap_t;