hotplace rev.343 COSE static_key, static_key_id

princeb612 · Oct 20, 2023 · c7ec282 · c7ec282
1 parent 19a4f72
commit c7ec282
Show file tree

Hide file tree

Showing 8 changed files with 70 additions and 15 deletions.
diff --git a/sdk/base/system/datetime.cpp b/sdk/base/system/datetime.cpp
@@ -852,7 +852,7 @@ void system_gettime(int clockid, struct timespec& ts) {
         ts.tv_nsec = tv.tv_usec * 1000;
     }
 #else
-    clock_gettime(CLOCK_REALTIME, &ts);
+    clock_gettime(clockid, &ts);
 #endif
 }
 

diff --git a/sdk/crypto/basic/crypto_advisor_hint_cose.cpp b/sdk/crypto/basic/crypto_advisor_hint_cose.cpp
@@ -477,6 +477,13 @@ const hint_cose_algorithm_t hint_cose_algorithms[] = {
         cose_alg_t::cose_chacha20_poly1305,
         crypto_kty_t::kty_hmac,
         cose_group_t::cose_group_chacha20_poly1305,
+        {},
+        {
+            "chacha20-poly1305",
+            32,
+            16,
+            3,
+        },
     },
     {
         cose_alg_t::cose_iv_generation,

diff --git a/sdk/crypto/basic/dump_pem.cpp b/sdk/crypto/basic/dump_pem.cpp
@@ -81,7 +81,9 @@ return_t write_pem(EVP_PKEY* pkey, BIO* out) {
 
             if (nullptr == ec_key) {
                 ret = errorcode_t::bad_data;
+#if defined DEBUG
                 throw ret;
+#endif
                 __leave2_trace(ret);
             }
 

diff --git a/sdk/crypto/basic/openssl_ecdh.cpp b/sdk/crypto/basic/openssl_ecdh.cpp
@@ -53,6 +53,9 @@ return_t dh_key_agreement(EVP_PKEY* pkey, EVP_PKEY* peer, binary_t& secret) {
 
         if (nullptr == pkey || nullptr == peer) {
             ret = errorcode_t::invalid_parameter;
+#if defined DEBUG
+            throw ret;
+#endif
             __leave2;
         }
 

diff --git a/sdk/crypto/cose/cbor_object_encryption.cpp b/sdk/crypto/cose/cbor_object_encryption.cpp
@@ -297,6 +297,7 @@ return_t dodecrypt(cose_context_t* handle, crypto_key* key, int tag, binary_t& o
             hint.find(cose_param_t::cose_shared_iv, &iv);
         }
         if (iv.size()) {
+            // TEST FAILED
             // RFC 8152 3.1.  Common COSE Headers Parameters
             // Partial IV
             // 1.  Left-pad the Partial IV with zeros to the length of IV.
@@ -364,6 +365,18 @@ return_t dodecrypt(cose_context_t* handle, crypto_key* key, int tag, binary_t& o
             crypt.set(crypt_handle, crypt_ctrl_t::crypt_ctrl_lsize, enc_hint->param.lsize);
             ret = crypt.decrypt2(crypt_handle, &handle->payload[0], enc_size, output, &authenticated_data, &tag);
             crypt.close(crypt_handle);
+        } else if (cose_group_t::cose_group_chacha20_poly1305 == enc_hint->group) {
+            // TEST FAILED - counter ??
+            size_t enc_size = 0;
+            split(handle->payload, enc_size, tag, enc_hint->param.tsize);
+
+            uint32 counter = 0;
+            binary_t chacha20iv;
+            openssl_chacha20_iv(chacha20iv, counter, iv);
+            // RFC 8152 10.3. ChaCha20 and Poly1305
+            crypt.open(&crypt_handle, enc_hint->param.algname, cek, chacha20iv);
+            ret = crypt.decrypt2(crypt_handle, &handle->payload[0], enc_size, output, &authenticated_data, &tag);
+            crypt.close(crypt_handle);
         }
     }
     __finally2 {
@@ -469,6 +482,18 @@ return_t cbor_object_encryption::decrypt(cose_context_t* handle, crypto_key* key
                 continue;
             }
 
+            EVP_PKEY* epk = nullptr;
+
+            if (composer.exist(cose_key_t::cose_ephemeral_key, item.unprotected_map)) {
+                epk = item.epk;
+            } else if (composer.exist(cose_key_t::cose_static_key, item.unprotected_map)) {
+                epk = item.epk;
+            } else if (composer.exist(cose_key_t::cose_static_key_id, item.unprotected_map)) {
+                std::string static_keyid;
+                composer.finditem(cose_key_t::cose_static_key_id, static_keyid, item.unprotected_map);
+                epk = key->find(static_keyid.c_str(), alg_hint->kty);
+            }
+
             cose_group_t group = alg_hint->group;
 
             // reversing "AAD_hex", "CEK_hex", "Context_hex", "KEK_hex" from https://github.com/cose-wg/Examples
@@ -505,7 +530,7 @@ return_t cbor_object_encryption::decrypt(cose_context_t* handle, crypto_key* key
             } else if (cose_group_t::cose_group_ecdhes_hkdf == group) {
                 // RFC 8152 12.4.1. ECDH
                 // RFC 8152 11.1.  HMAC-Based Extract-and-Expand Key Derivation Function (HKDF)
-                dh_key_agreement(pkey, item.epk, secret);
+                dh_key_agreement(pkey, epk, secret);
 
                 compose_kdf_context(handle, &item, context);
 
@@ -515,10 +540,6 @@ return_t cbor_object_encryption::decrypt(cose_context_t* handle, crypto_key* key
             } else if (cose_group_t::cose_group_ecdhss_hkdf == group) {
                 // RFC 8152 12.4.1. ECDH
                 // RFC 8152 11.1.  HMAC-Based Extract-and-Expand Key Derivation Function (HKDF)
-                std::string static_keyid;
-                composer.finditem(cose_key_t::cose_static_key_id, static_keyid, item.unprotected_map);
-
-                EVP_PKEY* epk = key->find(static_keyid.c_str(), alg_hint->kty);
                 dh_key_agreement(pkey, epk, secret);
 
                 compose_kdf_context(handle, &item, context);
@@ -529,7 +550,7 @@ return_t cbor_object_encryption::decrypt(cose_context_t* handle, crypto_key* key
             } else if (cose_group_t::cose_group_ecdhes_aeskw == group) {
                 // RFC 8152 12.5.1. ECDH
                 // RFC 8152 12.2.1. AES Key Wrap
-                dh_key_agreement(pkey, item.epk, secret);
+                dh_key_agreement(pkey, epk, secret);
 
                 compose_kdf_context(handle, &item, context);
 
@@ -542,9 +563,6 @@ return_t cbor_object_encryption::decrypt(cose_context_t* handle, crypto_key* key
                 // RFC 8152 12.2.1. AES Key Wrap
                 compose_kdf_context(handle, &item, context);
 
-                std::string static_keyid;
-                composer.finditem(cose_key_t::cose_static_key_id, static_keyid, item.unprotected_map);
-                EVP_PKEY* epk = key->find(static_keyid.c_str(), alg_hint->kty);
                 dh_key_agreement(pkey, epk, secret);
 
                 // 12.5.  Key Agreement with Key Wrap

diff --git a/sdk/crypto/cose/cbor_object_signing_encryption.cpp b/sdk/crypto/cose/cbor_object_signing_encryption.cpp
@@ -627,7 +627,7 @@ return_t cbor_object_signing_encryption::composer::parse_unprotected(cbor_map* r
             cbor_object* pair_value = (cbor_object*)pair->right();
             cbor_type_t type_value = pair_value->type();
             int keyid = 0;
-            cose_variantmap_t ephemeral_key;
+            cose_variantmap_t dh_key;
 
             keyid = t_variant_to_int<int>(pair_key->data());
 
@@ -638,12 +638,15 @@ return_t cbor_object_signing_encryption::composer::parse_unprotected(cbor_map* r
                 part.unprotected_map.insert(std::make_pair(keyid, vt));
             } else if (cbor_type_t::cbor_type_map == type_value) {
                 cbor_map* map_value = (cbor_map*)pair->right();
-                if (-1 == keyid) {
-                    parse_map(map_value, ephemeral_key);
+                if (-1 == keyid || -2 == keyid) {
+                    // -1 cose_ephemeral_key
+                    // -2 cose_static_key
+
+                    parse_map(map_value, dh_key);
 
                     return_t check = errorcode_t::success;
                     variant_t vt;
-                    maphint<int, variant_t> hint(ephemeral_key);
+                    maphint<int, variant_t> hint(dh_key);
                     check = hint.find(cose_key_lable_t::cose_lable_kty, &vt);
                     int kty = t_variant_to_int<int>(vt);
                     if (cose_kty_t::cose_kty_ec2 == kty || cose_kty_t::cose_kty_okp == kty) {
@@ -686,6 +689,21 @@ return_t cbor_object_signing_encryption::composer::parse_unprotected(cbor_map* r
     return ret;
 }
 
+bool cbor_object_signing_encryption::composer::exist(int key, cose_variantmap_t& from) {
+    bool ret_value = false;
+    return_t ret = errorcode_t::success;
+    cose_variantmap_t::iterator iter;
+    basic_stream cosekey;
+    variant_t vt;
+
+    maphint<int, variant_t> hint(from);
+    ret = hint.find(key, &vt);
+    if (errorcode_t::success == ret) {
+        ret_value = true;
+    }
+    return ret_value;
+}
+
 return_t cbor_object_signing_encryption::composer::finditem(int key, int& value, cose_variantmap_t& from) {
     return_t ret = errorcode_t::success;
     cose_variantmap_t::iterator iter;

diff --git a/sdk/crypto/cose/cbor_object_signing_encryption.hpp b/sdk/crypto/cose/cbor_object_signing_encryption.hpp
@@ -175,6 +175,13 @@ class cbor_object_signing_encryption {
          * @param   cose_parts_t& part [out]
          */
         return_t parse_unprotected(cbor_map* data, cose_parts_t& part);
+        /**
+         * @brief   find
+         * @param   int key [in]
+         * @param   int& value [out]
+         * @param   cose_variantmap_t& from [in]
+         */
+        bool exist(int key, cose_variantmap_t& from);
         /**
          * @brief   find
          * @param   int key [in]

diff --git a/test/cose/sample.cpp b/test/cose/sample.cpp
@@ -2131,7 +2131,7 @@ void test_github_example() {
 #endif
         // aes-wrap-examples
         {
-            &aes_ccm_key,
+            &aes_gcm_04_key,
             "aes-wrap-examples/aes-wrap-128-01.json",
             "aes-wrap-128-01: 128-bit key wrap for 128-bit MAC",
             "D8618543A1010EA054546869732069732074686520636F6E74656E742E4836F5AFAF0BAB5D43818340A20122044A6F75722D73656372657458182F8A3D2AA397D3D5C40AAF9F6656BA"