Skip to content

Commit

Permalink
hotplace rev.360 cbor_object_signing_encryption::composer::parse
Browse files Browse the repository at this point in the history
  • Loading branch information
princeb612 committed Oct 24, 2023
1 parent bdf0acd commit 7ad1f2b
Show file tree
Hide file tree
Showing 8 changed files with 197 additions and 75 deletions.
4 changes: 2 additions & 2 deletions sdk/crypto/cose/cbor_object_encryption.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -447,11 +447,11 @@ return_t cbor_object_encryption::decrypt(cose_context_t* handle, crypto_key* key
__leave2;
}

composer.parse(handle, cbor_tag_t::cose_tag_encrypt, input);
composer.parse(handle, input);

// AAD_hex
binary_t authenticated_data;
compose_enc_structure(authenticated_data, handle->tag, handle->body.bin_protected, handle->binarymap[cose_param_t::cose_external]);
compose_enc_structure(authenticated_data, handle->cbor_tag, handle->body.bin_protected, handle->binarymap[cose_param_t::cose_external]);

// too many parameters... handle w/ map
handle->binarymap[cose_param_t::cose_param_aad] = authenticated_data;
Expand Down
22 changes: 13 additions & 9 deletions sdk/crypto/cose/cbor_object_signing.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ return_t cbor_object_signing::sign(cose_context_t* handle, crypto_key* key, std:
}

binary_t tobesigned;
compose_tobesigned(tobesigned, tag, convert(""), item.bin_protected, external, input);
compose_tobe_processed(tobesigned, tag, convert(""), item.bin_protected, external, input);
openssl_sign signprocessor;
signprocessor.sign(pkey, sig, tobesigned, item.bin_data); // signature

Expand Down Expand Up @@ -145,7 +145,7 @@ return_t cbor_object_signing::verify(cose_context_t* handle, crypto_key* key, bi
ret = errorcode_t::verify;
result = false;

composer.parse(handle, cbor_tag_t::cose_tag_sign, input);
composer.parse(handle, input);

const char* k = nullptr;

Expand All @@ -161,7 +161,7 @@ return_t cbor_object_signing::verify(cose_context_t* handle, crypto_key* key, bi
hint.find(cose_param_t::cose_param_cek, &cek);

cose_parts_t& item = *iter;
compose_tobesigned(tobesigned, handle->tag, handle->body.bin_protected, item.bin_protected, external, handle->payload);
compose_tobe_processed(tobesigned, handle->cbor_tag, handle->body.bin_protected, item.bin_protected, external, handle->payload);

int alg = 0;
std::string kid;
Expand All @@ -178,7 +178,7 @@ return_t cbor_object_signing::verify(cose_context_t* handle, crypto_key* key, bi
k = kid.c_str();
}

check = verify(handle, key, k, (cose_alg_t)alg, tobesigned, item.bin_data);
check = doverify(handle, key, k, (cose_alg_t)alg, tobesigned, item.bin_data);
results.insert((errorcode_t::success == check) ? true : false);
}

Expand Down Expand Up @@ -225,8 +225,8 @@ return_t cbor_object_signing::write_signature(cose_context_t* handle, uint8 tag,
return ret;
}

return_t cbor_object_signing::verify(cose_context_t* handle, crypto_key* key, const char* kid, cose_alg_t alg, binary_t const& tobesigned,
binary_t const& signature) {
return_t cbor_object_signing::doverify(cose_context_t* handle, crypto_key* key, const char* kid, cose_alg_t alg, binary_t const& tobesigned,
binary_t const& signature) {
return_t ret = errorcode_t::success;
crypto_advisor* advisor = crypto_advisor::get_instance();
openssl_sign signprocessor;
Expand Down Expand Up @@ -278,7 +278,7 @@ return_t cbor_object_signing::verify(cose_context_t* handle, crypto_key* key, co
ret = signprocessor.verify(pkey, sig, tobesigned, signature);
break;
default:
ret = errorcode_t::request; // studying...
ret = errorcode_t::not_supported; // studying...
break;
}
}
Expand All @@ -288,8 +288,8 @@ return_t cbor_object_signing::verify(cose_context_t* handle, crypto_key* key, co
return ret;
}

return_t cbor_object_signing::compose_tobesigned(binary_t& tobesigned, uint8 tag, binary_t const& body_protected, binary_t const& sign_protected,
binary_t const& external, binary_t const& payload) {
return_t cbor_object_signing::compose_tobe_processed(binary_t& tobesigned, uint8 tag, binary_t const& body_protected, binary_t const& sign_protected,
binary_t const& external, binary_t const& payload) {
return_t ret = errorcode_t::success;
cbor_encode encoder;
cbor_publisher pub;
Expand All @@ -313,6 +313,10 @@ return_t cbor_object_signing::compose_tobesigned(binary_t& tobesigned, uint8 tag
*root << new cbor_data("Signature");
} else if (cbor_tag_t::cose_tag_sign1 == tag) {
*root << new cbor_data("Signature1");
} else if (cbor_tag_t::cose_tag_mac == tag) {
*root << new cbor_data("MAC");
} else if (cbor_tag_t::cose_tag_mac0 == tag) {
*root << new cbor_data("MAC0");
} else {
ret = errorcode_t::request;
__leave2;
Expand Down
8 changes: 4 additions & 4 deletions sdk/crypto/cose/cbor_object_signing.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,9 @@ class cbor_object_signing {
* @param binary_t const& signature [in]
* @return error code (see error.hpp)
*/
return_t verify(cose_context_t* handle, crypto_key* key, const char* kid, cose_alg_t alg, binary_t const& tobesigned, binary_t const& signature);
return_t doverify(cose_context_t* handle, crypto_key* key, const char* kid, cose_alg_t alg, binary_t const& tobesigned, binary_t const& signature);
/**
* @brief tobesigned
* @brief compose the ToBeSigned/ToBeMaced
* @param binary_t& tobesigned [out]
* @param uint8 tag [in]
* @param binary_t const& body_protected [in]
Expand All @@ -87,8 +87,8 @@ class cbor_object_signing {
* @param binary_t const& payload [in]
* @return error code (see error.hpp)
*/
return_t compose_tobesigned(binary_t& tobesigned, uint8 tag, binary_t const& body_protected, binary_t const& sign_protected, binary_t const& external,
binary_t const& payload);
return_t compose_tobe_processed(binary_t& tobesigned, uint8 tag, binary_t const& body_protected, binary_t const& sign_protected, binary_t const& external,
binary_t const& payload);
};

} // namespace crypto
Expand Down
206 changes: 152 additions & 54 deletions sdk/crypto/cose/cbor_object_signing_encryption.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -425,7 +425,7 @@ return_t cbor_object_signing_encryption::composer::build_data_b16(cbor_data** ob
return ret;
}

return_t cbor_object_signing_encryption::composer::parse(cose_context_t* handle, cbor_tag_t message_tag, binary_t const& input) {
return_t cbor_object_signing_encryption::composer::parse(cose_context_t* handle, binary_t const& input) {
return_t ret = errorcode_t::success;
return_t check = errorcode_t::success;
cbor_reader reader;
Expand Down Expand Up @@ -458,69 +458,173 @@ return_t cbor_object_signing_encryption::composer::parse(cose_context_t* handle,
__leave2_trace(ret);
}

size_t size_elem = 4;
cbor_tag_t tag = root->tag_value();
switch (tag) {
case cbor_tag_t::cose_tag_sign1: // 18
case cbor_tag_t::cose_tag_encrypt: // 96
case cbor_tag_t::cose_tag_mac: // 97
case cbor_tag_t::cose_tag_sign: // 98
break;
case cbor_tag_t::cose_tag_encrypt0: // 16
case cbor_tag_t::cose_tag_mac0: // 17
size_elem = 3;
break;
default:
ret = errorcode_t::request;
int elemof_cbor = root->size();
cbor_tag_t cbor_tag = root->tag_value();

enum cose_message_type_t {
cose_message_type_not_exist = 0,
cose_message_type_protected = 1,
cose_message_type_unprotected = 2,
cose_message_type_payload = 3,
cose_message_type_signature = 4,
cose_message_type_items = 5, // recipients, signatures
cose_message_type_tag = 6,
};
typedef struct _cose_message_structure_t {
cbor_tag_t cbor_tag;
int elemof_cbor;
cose_message_type_t typeof_item[5];
} cose_message_structure_t;

// [0] [1] [2] [3] [4]
// cose_tag_encrypt protected, unprotected_map, ciphertext, [+recipient]
// cose_tag_encrypt0 protected, unprotected_map, ciphertext
// cose_tag_mac protected, unprotected_map, payload, tag, [+recipient]
// cose_tag_mac0 protected, unprotected_map, payload, tag
// cose_tag_sign protected, unprotected_map, payload, [+signature]
// cose_tag_sign1 protected, unprotected_map, payload, signature
cose_message_structure_t cose_message_structure_table[] = {
{
cose_tag_encrypt,
4,
{
cose_message_type_protected,
cose_message_type_unprotected,
cose_message_type_payload,
cose_message_type_items,
},
},
{
cose_tag_encrypt0,
3,
{
cose_message_type_protected,
cose_message_type_unprotected,
cose_message_type_payload,
},
},
{
cose_tag_mac,
5,
{
cose_message_type_protected,
cose_message_type_unprotected,
cose_message_type_payload,
cose_message_type_tag,
cose_message_type_items,
},
},
{
cose_tag_mac0,
4,
{
cose_message_type_protected,
cose_message_type_unprotected,
cose_message_type_payload,
cose_message_type_tag,
},
},
{
cose_tag_sign,
4,
{
cose_message_type_protected,
cose_message_type_unprotected,
cose_message_type_payload,
cose_message_type_items,
},
},
{
cose_tag_sign1,
4,
{
cose_message_type_protected,
cose_message_type_unprotected,
cose_message_type_payload,
cose_message_type_signature,
},
},
};

cose_message_structure_t* cose_message_map = nullptr;
for (unsigned i = 0; i < RTL_NUMBER_OF(cose_message_structure_table); i++) {
if (cose_message_structure_table[i].cbor_tag == cbor_tag) {
cose_message_map = cose_message_structure_table + i;
break;
}
}
if (size_elem != root->size()) {
if (nullptr == cose_message_map) {
ret = errorcode_t::bad_data;
__leave2_trace(ret);
__leave2;
}
if (errorcode_t::success != ret) {
__leave2_trace(ret);
if (cose_message_map->elemof_cbor != elemof_cbor) {
ret = errorcode_t::bad_data;
__leave2;
}

cbor_tag_t simple_tag;
if (cbor_tag_t::cose_tag_encrypt == message_tag) {
simple_tag = cbor_tag_t::cose_tag_encrypt0;
} else if (cbor_tag_t::cose_tag_sign == message_tag) {
simple_tag = cbor_tag_t::cose_tag_sign1;
}
handle->cbor_tag = cbor_tag;

handle->tag = tag;
for (int i = 0; i < cose_message_map->elemof_cbor; i++) {
int typeof_item = cose_message_map->typeof_item[i];
cbor_object* item = (*(cbor_array*)root)[i];

cbor_data* cbor_protected = (cbor_data*)(*(cbor_array*)root)[0];
cbor_map* cbor_unprotected = (cbor_map*)(*(cbor_array*)root)[1];
cbor_data* cbor_payload = (cbor_data*)(*(cbor_array*)root)[2];
if (cose_message_type_protected == typeof_item) {
cbor_data* cbor_protected = cbor_typeof<cbor_data>(item, cbor_type_t::cbor_type_data);
if (nullptr == cbor_protected) {
ret = errorcode_t::bad_data;
break;
}

bool typecheck1 = (cbor_type_t::cbor_type_data == cbor_protected->type());
bool typecheck2 = (cbor_type_t::cbor_type_map == cbor_unprotected->type());
bool typecheck3 = (cbor_type_t::cbor_type_data == cbor_payload->type());
if (typecheck1 && typecheck2 && typecheck3) {
} else {
ret = errorcode_t::bad_data;
__leave2_trace(ret);
}
variant_binary(cbor_protected->data(), handle->body.bin_protected);
composer.parse_binary(handle->body.bin_protected, handle->body.protected_map);
} else if (cose_message_type_unprotected == typeof_item) {
cbor_map* cbor_unprotected = cbor_typeof<cbor_map>(item, cbor_type_t::cbor_type_map);
if (nullptr == cbor_unprotected) {
ret = errorcode_t::bad_data;
break;
}

composer.parse_map(cbor_unprotected, handle->body.unprotected_map);
} else if (cose_message_type_payload == typeof_item) {
cbor_data* cbor_payload = cbor_typeof<cbor_data>(item, cbor_type_t::cbor_type_data);
if (nullptr == cbor_payload) {
ret = errorcode_t::bad_data;
break;
}

binary_t bin_signer_signature;
variant_binary(cbor_protected->data(), handle->body.bin_protected);
variant_binary(cbor_payload->data(), handle->payload);
composer.parse_binary(handle->body.bin_protected, handle->body.protected_map);
composer.parse_map(cbor_unprotected, handle->body.unprotected_map);
variant_binary(cbor_payload->data(), handle->payload);
} else if (cose_message_type_tag == typeof_item) {
cbor_data* cbor_item = cbor_typeof<cbor_data>(item, cbor_type_t::cbor_type_data);
if (nullptr == cbor_item) {
ret = errorcode_t::bad_data;
break;
}

if (size_elem > 3) {
if (message_tag == tag) {
cbor_array* cbor_items = (cbor_array*)(*(cbor_array*)root)[3]; // signatures, recipients
variant_binary(cbor_item->data(), handle->tag);
} else if (cose_message_type_signature == typeof_item) {
cbor_data* cbor_item = cbor_typeof<cbor_data>(item, cbor_type_t::cbor_type_data);
if (nullptr == cbor_item) {
ret = errorcode_t::bad_data;
break;
}

cose_parts_t part;
variant_binary(cbor_item->data(), part.bin_data);
handle->subitems.push_back(part);
} else if (cose_message_type_items == typeof_item) {
cbor_array* cbor_items = cbor_typeof<cbor_array>(item, cbor_type_t::cbor_type_array);
if (nullptr == cbor_items) {
ret = errorcode_t::bad_data;
break;
}

size_t size_array = cbor_items->size();
for (size_t i = 0; i < size_array; i++) {
cbor_array* cbor_item = (cbor_array*)(*cbor_items)[i]; // signature, recipient
if (3 == cbor_item->size()) {
cbor_data* cbor_signer_protected = (cbor_data*)(*cbor_item)[0];
cbor_map* cbor_signer_unprotected = (cbor_map*)(*cbor_item)[1];
cbor_data* cbor_signer_signature = (cbor_data*)(*cbor_item)[2];
cbor_data* cbor_signer_protected = cbor_typeof<cbor_data>((*cbor_item)[0], cbor_type_t::cbor_type_data);
cbor_map* cbor_signer_unprotected = cbor_typeof<cbor_map>((*cbor_item)[1], cbor_type_t::cbor_type_map);
cbor_data* cbor_signer_signature = cbor_typeof<cbor_data>((*cbor_item)[2], cbor_type_t::cbor_type_data);

cose_parts_t part;
variant_binary(cbor_signer_protected->data(), part.bin_protected);
Expand All @@ -530,12 +634,6 @@ return_t cbor_object_signing_encryption::composer::parse(cose_context_t* handle,
handle->subitems.push_back(part);
}
}
} else if (simple_tag == tag) {
cbor_data* cbor_item = (cbor_data*)(*(cbor_array*)root)[3];

cose_parts_t part;
variant_binary(cbor_item->data(), part.bin_data);
handle->subitems.push_back(part);
}
}
}
Expand Down
3 changes: 1 addition & 2 deletions sdk/crypto/cose/cbor_object_signing_encryption.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,11 +150,10 @@ class cbor_object_signing_encryption {
/**
* @brief parse
* @param cose_context_t* handle [in]
* @param cbor_tag_t tag [in] cbor_tag_t::cose_tag_sign, cbor_tag_t::cose_tag_encrypt
* @param binary_t const& input [in]
* @return error code (see error.hpp)
*/
return_t parse(cose_context_t* handle, cbor_tag_t tag, binary_t const& input);
return_t parse(cose_context_t* handle, binary_t const& input);
/**
* @brief read bstr of protected (cbor_data) to list
* @param binary_t const& data [in]
Expand Down
7 changes: 4 additions & 3 deletions sdk/crypto/cose/types.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,15 +83,16 @@ typedef struct _cose_parts_t {
} cose_parts_t;

typedef struct _cose_context_t {
uint8 tag;
uint8 cbor_tag;
cose_parts_t body;
binary_t payload;
binary_t tag;
std::list<cose_parts_t> subitems;

cose_binarymap_t binarymap;
uint32 debug_flag;

_cose_context_t() : tag(0), debug_flag(0) {}
_cose_context_t() : cbor_tag(0), debug_flag(0) {}
~_cose_context_t() { clearall(); }
void clearall() {
clear();
Expand All @@ -106,7 +107,7 @@ typedef struct _cose_context_t {
map.clear();
}
void clear() {
tag = 0;
cbor_tag = 0;
body.clear();
payload.clear();
std::list<cose_parts_t>::iterator iter;
Expand Down
Loading

0 comments on commit 7ad1f2b

Please sign in to comment.