A few straggler nits from EdDSA addition (#98)

Co-authored-by: Laurence Lundblade <[email protected]>
laurencelundblade · Sep 9, 2022 · e7a40d2 · e7a40d2
1 parent 80b6a37
commit e7a40d2
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -97,7 +97,7 @@ To build run:
 #### OpenSSL Crypto -- Makefile.ossl
 
 This OpenSSL integration supports SHA-256, SHA-384 and SHA-512 with
-ECDSA or RSAPSS to support the COSE algorithms ES256, ES384 and
+ECDSA, EdDSA, or RSAPSS to support the COSE algorithms ES256, ES384 and
 ES512, PS256, PS384 and PS512. It is a full and tested integration
 with OpenSSL crypto.
 
@@ -141,7 +141,7 @@ As of March 2022, t_cose works with the PSA 1.0 Crypto API as
 implemented by Mbed TLS 2.x and 3.x.
 
 This integration supports SHA-256, SHA-384 and SHA-512 with
-ECDSA or RSAPSS to support the COSE algorithms ES256, ES384 and
+ECDSA, EdDSA or RSAPSS to support the COSE algorithms ES256, ES384 and
 ES512, PS256, PS384 and PS512.
 
 If Mbed TLS is installed in /usr/local, you can probably just run
@@ -297,14 +297,13 @@ just have different names.
   been assigned by IANA.
 * No way to add custom headers when creating signed messages or
   process them during verification.
-* EDDSA signatures are not supported yet.
 * Does not handle CBOR indefinite length strings (indefinite length
   maps and arrays are handled).
 * Counter signatures are not supported.
 
 ## Credit
 
-* Paul Liétar for RSA PSS (PS256..PS512)
+* Paul Liétar for RSA PSS (PS256..PS512) and EdDSA
 * Maik Riechert for cmake, CI and other.
 * Ken Takayama for the bulk of the detached content implementation.
 * Tamas Ban for lots code review comments, design ideas and porting to ARM PSA.

diff --git a/src/t_cose_short_circuit.c b/src/t_cose_short_circuit.c
@@ -119,4 +119,12 @@ t_cose_crypto_short_circuit_verify(struct q_useful_buf_c hash_to_verify,
     return return_value;
 }
 
+#else /* T_COSE_DISABLE_SHORT_CIRCUIT_SIGN */
+
+/* So some of the build checks don't get confused by an empty object file */
+void t_cose_short_circuit_placeholder()
+{}
+
+
 #endif /* T_COSE_DISABLE_SHORT_CIRCUIT_SIGN */
+
diff --git a/src/t_cose_sign1_verify.c b/src/t_cose_sign1_verify.c
@@ -1,7 +1,7 @@
 /*
  *  t_cose_sign1_verify.c
  *
- * Copyright 2019-2021, Laurence Lundblade
+ * Copyright 2019-2022, Laurence Lundblade
  *
  * SPDX-License-Identifier: BSD-3-Clause
  *
@@ -143,6 +143,7 @@ qcbor_decode_error_to_t_cose_error(QCBORError qcbor_error)
     return T_COSE_SUCCESS;
 }
 
+
 #ifndef T_COSE_DISABLE_SHORT_CIRCUIT_SIGN
 /**
  * \brief Verify the short-circuit signature of a COSE_Sign1 message.
@@ -204,6 +205,7 @@ sign1_verify_short_circuit(struct t_cose_sign1_verify_ctx *me,
 }
 #endif /* T_COSE_DISABLE_SHORT_CIRCUIT_SIGN */
 
+
 #ifndef T_COSE_DISABLE_EDDSA
 /**
  * \brief Verify the EDDSA signature from a COSE_Sign1 message.
@@ -228,7 +230,7 @@ sign1_verify_short_circuit(struct t_cose_sign1_verify_ctx *me,
  * flag is set. This mode can however be used to determine the
  * necessary size for the auxiliary buffer.
  */
-enum t_cose_err_t
+static enum t_cose_err_t
 sign1_verify_eddsa(struct t_cose_sign1_verify_ctx *me,
                    const struct t_cose_parameters *parameters,
                    struct q_useful_buf_c           signature,
@@ -285,6 +287,7 @@ sign1_verify_eddsa(struct t_cose_sign1_verify_ctx *me,
 }
 #endif /* T_COSE_DISABLE_EDDSA */
 
+
 /**
  * \brief Verify the signature from a COSE_Sign1 message, following
  * the general process which work for most algorithms.
@@ -305,7 +308,7 @@ sign1_verify_eddsa(struct t_cose_sign1_verify_ctx *me,
  * procedure, are not supported. See \ref sign1_sign_short_circuit and
  * \ref sign1_sign_eddsa.
  */
-enum t_cose_err_t
+static enum t_cose_err_t
 sign1_verify_default(struct t_cose_sign1_verify_ctx *me,
                      const struct t_cose_parameters *parameters,
                      struct q_useful_buf_c           signature,
@@ -344,6 +347,10 @@ sign1_verify_default(struct t_cose_sign1_verify_ctx *me,
     return return_value;
 }
 
+
+/*
+ * Semi-private function. See t_cose_sign1_verify.h
+ */
 enum t_cose_err_t
 t_cose_sign1_verify_internal(struct t_cose_sign1_verify_ctx *me,
                              struct q_useful_buf_c           cose_sign1,

diff --git a/t_cose.xcodeproj/project.pbxproj b/t_cose.xcodeproj/project.pbxproj
@@ -47,6 +47,9 @@
 		E73CDABE23A7316700D262E0 /* run_tests.c in Sources */ = {isa = PBXBuildFile; fileRef = E72FB01C231ADAA8000970FE /* run_tests.c */; };
 		E73CDABF23A7316700D262E0 /* t_cose_sign1_sign.c in Sources */ = {isa = PBXBuildFile; fileRef = E7E36E8E226CB9460040613B /* t_cose_sign1_sign.c */; };
 		E73CDAD423AD4F3900D262E0 /* t_cose_psa_crypto.c in Sources */ = {isa = PBXBuildFile; fileRef = E73CDAD223AD4E6D00D262E0 /* t_cose_psa_crypto.c */; };
+		E73FDFC528B6BB32002CF0CC /* t_cose_short_circuit.c in Sources */ = {isa = PBXBuildFile; fileRef = E73FDFC328B6BB32002CF0CC /* t_cose_short_circuit.c */; };
+		E73FDFC628B6BB62002CF0CC /* t_cose_short_circuit.c in Sources */ = {isa = PBXBuildFile; fileRef = E73FDFC328B6BB32002CF0CC /* t_cose_short_circuit.c */; };
+		E73FDFC728B6BB63002CF0CC /* t_cose_short_circuit.c in Sources */ = {isa = PBXBuildFile; fileRef = E73FDFC328B6BB32002CF0CC /* t_cose_short_circuit.c */; };
 		E74FFBBA263BAB38003B66FF /* libcrypto.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E74FFBB8263BAB0D003B66FF /* libcrypto.a */; };
 		E772026F23CAEC84006E966E /* t_cose_sign1_verify.c in Sources */ = {isa = PBXBuildFile; fileRef = E7E36E8A226CB9460040613B /* t_cose_sign1_verify.c */; };
 		E772027123CAEC84006E966E /* t_cose_test.c in Sources */ = {isa = PBXBuildFile; fileRef = E7F70AC52270DFAE007CE07F /* t_cose_test.c */; };
@@ -160,6 +163,8 @@
 		E73BF71C23B07ACF00DF5C36 /* t_cose_basic_example_openssl */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = t_cose_basic_example_openssl; sourceTree = BUILT_PRODUCTS_DIR; };
 		E73CDAC623A7316700D262E0 /* t_cose_psa */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = t_cose_psa; sourceTree = BUILT_PRODUCTS_DIR; };
 		E73CDAD223AD4E6D00D262E0 /* t_cose_psa_crypto.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = t_cose_psa_crypto.c; sourceTree = "<group>"; };
+		E73FDFC328B6BB32002CF0CC /* t_cose_short_circuit.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = t_cose_short_circuit.c; sourceTree = "<group>"; };
+		E73FDFC428B6BB32002CF0CC /* t_cose_short_circuit.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = t_cose_short_circuit.h; sourceTree = "<group>"; };
 		E7489C9F259F8B4B0004634C /* qcbor_encode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = qcbor_encode.h; path = ../../../../../usr/local/include/qcbor/qcbor_encode.h; sourceTree = "<group>"; };
 		E7489CA0259F8B4B0004634C /* qcbor_common.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = qcbor_common.h; path = ../../../../../usr/local/include/qcbor/qcbor_common.h; sourceTree = "<group>"; };
 		E7489CA1259F8B4B0004634C /* qcbor_spiffy_decode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = qcbor_spiffy_decode.h; path = ../../../../../usr/local/include/qcbor/qcbor_spiffy_decode.h; sourceTree = "<group>"; };
@@ -347,6 +352,8 @@
 		E7E36E86226CB9460040613B /* src */ = {
 			isa = PBXGroup;
 			children = (
+				E73FDFC328B6BB32002CF0CC /* t_cose_short_circuit.c */,
+				E73FDFC428B6BB32002CF0CC /* t_cose_short_circuit.h */,
 				E71D9ECA23341D8200A21F7F /* t_cose_standard_constants.h */,
 				E7E36E89226CB9460040613B /* t_cose_util.c */,
 				E7E36E8A226CB9460040613B /* t_cose_sign1_verify.c */,
@@ -556,6 +563,7 @@
 			files = (
 				E730E60B23612DAB00175CE0 /* t_cose_sign1_verify.c in Sources */,
 				E730E60C23612DAB00175CE0 /* run_tests.c in Sources */,
+				E73FDFC528B6BB32002CF0CC /* t_cose_short_circuit.c in Sources */,
 				E730E62123612E3900175CE0 /* t_cose_test_crypto.c in Sources */,
 				E730E61123612DAB00175CE0 /* t_cose_parameters.c in Sources */,
 				E730E61223612DAB00175CE0 /* t_cose_make_test_messages.c in Sources */,
@@ -601,6 +609,7 @@
 				E73CDAAE23A7316700D262E0 /* t_cose_sign1_verify.c in Sources */,
 				E73CDAB023A7316700D262E0 /* t_cose_test.c in Sources */,
 				E73CDAD423AD4F3900D262E0 /* t_cose_psa_crypto.c in Sources */,
+				E73FDFC728B6BB63002CF0CC /* t_cose_short_circuit.c in Sources */,
 				E73CDAB223A7316700D262E0 /* t_cose_util.c in Sources */,
 				E73CDAB623A7316700D262E0 /* t_cose_parameters.c in Sources */,
 				E73CDAB823A7316700D262E0 /* t_cose_sign_verify_test.c in Sources */,
@@ -641,6 +650,7 @@
 				E721CB9A2362ABA400C7FD56 /* t_cose_make_openssl_test_key.c in Sources */,
 				E7E36EA5226CBB570040613B /* t_cose_openssl_crypto.c in Sources */,
 				0F91057A2321878F00008572 /* t_cose_parameters.c in Sources */,
+				E73FDFC628B6BB62002CF0CC /* t_cose_short_circuit.c in Sources */,
 				0F8B2FEF2345A33A00A22349 /* t_cose_make_test_messages.c in Sources */,
 				E7E36E90226CB9460040613B /* t_cose_util.c in Sources */,
 				E721CB9B2362AC2A00C7FD56 /* t_cose_sign_verify_test.c in Sources */,

diff --git a/test/t_cose_sign_verify_test.c b/test/t_cose_sign_verify_test.c
@@ -300,7 +300,7 @@ int_fast32_t sign_verify_basic_test()
         if (t_cose_is_algorithm_supported(tc->cose_algorithm_id)) {
             return_value = sign_verify_basic_test_alg(tc->cose_algorithm_id);
             if (return_value) {
-                return (1 + tc - test_cases) * 10000 + return_value;
+                return (int32_t)(1 + tc - test_cases) * 10000 + return_value;
             }
         }
     }
@@ -405,7 +405,7 @@ int_fast32_t sign_verify_sig_fail_test()
         if (t_cose_is_algorithm_supported(tc->cose_algorithm_id)) {
             return_value = sig_fail_test(tc->cose_algorithm_id);
             if (return_value) {
-                return (1 + tc - test_cases) * 10000 + return_value;
+                return (int32_t)(1 + tc - test_cases) * 10000 + return_value;
             }
         }
     }
@@ -706,13 +706,13 @@ int_fast32_t sign_verify_get_size_test()
             return_value = size_test(tc->cose_algorithm_id,
                                      NULL_Q_USEFUL_BUF_C);
             if (return_value) {
-                return (1 + tc - test_cases) * 10000 + return_value;
+                return (int32_t)(1 + tc - test_cases) * 10000 + return_value;
             }
 
             return_value = size_test(tc->cose_algorithm_id,
                                      Q_USEFUL_BUF_FROM_SZ_LITERAL("greasy kid stuff"));
             if (return_value) {
-                return (1 + tc - test_cases) * 10000 + return_value;
+                return (int32_t)(1 + tc - test_cases) * 10000 + return_value;
             }
         }
     }
@@ -804,14 +804,14 @@ static int_fast32_t known_good_test(int cose_algorithm_id, struct q_useful_buf_c
 
 int_fast32_t sign_verify_known_good_test(void)
 {
-    int_fast32_t return_value;
+    int_fast32_t return_value = 0;
     const struct test_case* tc;
     for (tc = test_cases; tc->cose_algorithm_id != 0; tc++) {
         if (t_cose_is_algorithm_supported(tc->cose_algorithm_id)) {
             return_value = known_good_test(tc->cose_algorithm_id,
                                            tc->known_good_message);
             if (return_value) {
-                return (1 + tc - test_cases) * 10000 + return_value;
+                return (int32_t)(1 + tc - test_cases) * 10000 + return_value;
             }
         }
     }
@@ -885,7 +885,7 @@ int_fast32_t sign_verify_unsupported_test(void)
             return_value = sign_verify_unsupported_test_alg(tc->cose_algorithm_id,
                                                             tc->known_good_message);
             if (return_value) {
-                return (1 + tc - test_cases) * 10000 + return_value;
+                return (int32_t)(1 + tc - test_cases) * 10000 + return_value;
             }
         }
     }