Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mini sign, a tiny (<500 bytes) implementation of COSE_Sign1 #69

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open
2 changes: 2 additions & 0 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ set(T_COSE_SRC_COMMON
src/t_cose_sign1_verify.c
src/t_cose_util.c
src/t_cose_short_circuit.c
src/t_cose_mini_sign1_sign.c
)

find_package(QCBOR REQUIRED)
Expand Down Expand Up @@ -110,6 +111,7 @@ if (BUILD_TESTS)

if (NOT CRYPTO_PROVIDER STREQUAL "Test")
list(APPEND TEST_SRC_COMMON test/t_cose_sign_verify_test.c)
list(APPEND TEST_SRC_COMMON test/t_cose_mini_sign1_sign_test.c)
endif()

if (CRYPTO_PROVIDER STREQUAL "MbedTLS")
Expand Down
4 changes: 2 additions & 2 deletions Makefile.ossl
Original file line number Diff line number Diff line change
Expand Up @@ -54,15 +54,15 @@ C_OPTS=-Os -fPIC

# ---- T_COSE Config and test options ----
TEST_CONFIG_OPTS=
TEST_OBJ=test/t_cose_test.o test/run_tests.o test/t_cose_sign_verify_test.o test/t_cose_make_test_messages.o $(CRYPTO_TEST_OBJ)
TEST_OBJ=test/t_cose_test.o test/run_tests.o test/t_cose_sign_verify_test.o test/t_cose_make_test_messages.o test/t_cose_mini_sign1_sign_test.o $(CRYPTO_TEST_OBJ)


# ---- the main body that is invariant ----
INC=-I inc -I test -I src
ALL_INC=$(INC) $(CRYPTO_INC) $(QCBOR_INC)
CFLAGS=$(CMD_LINE) $(ALL_INC) $(C_OPTS) $(TEST_CONFIG_OPTS) $(CRYPTO_CONFIG_OPTS)

SRC_OBJ=src/t_cose_sign1_verify.o src/t_cose_sign1_sign.o src/t_cose_util.o src/t_cose_parameters.o src/t_cose_short_circuit.o
SRC_OBJ=src/t_cose_sign1_verify.o src/t_cose_sign1_sign.o src/t_cose_mini_sign1_sign.o src/t_cose_util.o src/t_cose_parameters.o src/t_cose_short_circuit.o

.PHONY: all install install_headers install_so uninstall clean

Expand Down
4 changes: 2 additions & 2 deletions Makefile.psa
Original file line number Diff line number Diff line change
Expand Up @@ -56,15 +56,15 @@ C_OPTS=-Os -fPIC

# ---- T_COSE Config and test options ----
TEST_CONFIG_OPTS=
TEST_OBJ=test/t_cose_test.o test/run_tests.o test/t_cose_sign_verify_test.o test/t_cose_make_test_messages.o $(CRYPTO_TEST_OBJ)
TEST_OBJ=test/t_cose_test.o test/run_tests.o test/t_cose_sign_verify_test.o test/t_cose_make_test_messages.o test/t_cose_mini_sign1_sign_test.o $(CRYPTO_TEST_OBJ)


# ---- the main body that is invariant ----
INC=-I inc -I test -I src
ALL_INC=$(INC) $(CRYPTO_INC) $(QCBOR_INC)
CFLAGS=$(CMD_LINE) $(ALL_INC) $(C_OPTS) $(TEST_CONFIG_OPTS) $(CRYPTO_CONFIG_OPTS)

SRC_OBJ=src/t_cose_sign1_verify.o src/t_cose_sign1_sign.o src/t_cose_util.o src/t_cose_parameters.o src/t_cose_short_circuit.o
SRC_OBJ=src/t_cose_sign1_verify.o src/t_cose_sign1_sign.o src/t_cose_mini_sign1_sign.o src/t_cose_util.o src/t_cose_parameters.o src/t_cose_short_circuit.o

.PHONY: all install install_headers install_so uninstall clean

Expand Down
2 changes: 1 addition & 1 deletion Makefile.test
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ INC=-I inc -I test -I src
ALL_INC=$(INC) $(CRYPTO_INC) $(QCBOR_INC)
CFLAGS=$(CMD_LINE) $(ALL_INC) $(C_OPTS) $(TEST_CONFIG_OPTS) $(CRYPTO_CONFIG_OPTS)

SRC_OBJ=src/t_cose_sign1_verify.o src/t_cose_sign1_sign.o src/t_cose_util.o src/t_cose_parameters.o src/t_cose_short_circuit.o
SRC_OBJ=src/t_cose_sign1_verify.o src/t_cose_sign1_sign.o src/t_cose_mini_sign1_sign.o src/t_cose_util.o src/t_cose_parameters.o src/t_cose_short_circuit.o

.PHONY: all clean

Expand Down
4 changes: 4 additions & 0 deletions inc/t_cose/t_cose_common.h
Original file line number Diff line number Diff line change
Expand Up @@ -403,6 +403,10 @@ enum t_cose_err_t {

/** The auxiliary buffer is too small */
T_COSE_ERR_AUXILIARY_BUFFER_SIZE = 39,

/** The size or length is larger than can be handled. */
T_COSE_ERR_TOO_LONG = 40

};


Expand Down
111 changes: 111 additions & 0 deletions inc/t_cose/t_cose_mini_sign1_sign.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
/*
* t_cose_mini_sign1_sign.h
*
* Copyright 2022-2023, Laurence Lundblade
*
* SPDX-License-Identifier: BSD-3-Clause
*
* See BSD-3-Clause license in README.md
*/


#ifndef __T_COSE_MINI_SIGN_H__
#define __T_COSE_MINI_SIGN_H__


#include "t_cose/q_useful_buf.h"
#include "t_cose/t_cose_common.h"


#ifdef __cplusplus
extern "C" {
#if 0
} /* Keep editor indention formatting happy */
#endif
#endif



/* The output buffer must be this much larger than the payload size. */
#define T_COSE_MINI_SIGN_SIZE_OVERHEAD_ES256 \
1 + /* Open the array */ \
5 + /* The header parameters */ \
3 + /* The CBOR head of the payload */ \
/* The payload -- add this in yourself */ \
2 + /* CBOR head of signature */ \
64 /* T_COSE_EC_P256_SIG_SIZE */

#define T_COSE_MINI_SIGN_SIZE_OVERHEAD_ES384 \
1 + /* Open the array */ \
6 + /* The header parameters */ \
3 + /* The CBOR head of the payload */ \
/* The payload -- add this in yourself */ \
2 + /* CBOR head of signature */ \
96 /* T_COSE_EC_P384_SIG_SIZE */

#define T_COSE_MINI_SIGN_SIZE_OVERHEAD_ES512 \
1 + /* Open the array */ \
6 + /* The header parameters */ \
3 + /* The CBOR head of the payload */ \
/* The payload -- add this in yourself */ \
2 + /* CBOR head of signature */ \
132 /* T_COSE_EC_P512_SIG_SIZE */


/**
* @brief Create a COSE_Sign1 with fixed algorithm and no header parameters.
*
* @param[in] payload The payload to sign.
* @param[in] signing_key The key to sign with.
* @param[in] output_buffer The buffer where the COSE_Sign1 is written.
* @param[out] output Pointer and length of the completed COSE_Sign1.
*
* @return T_COSE_ERR_TOO_LONG The payload length is > UINT16_MAX
* T_COSE_ERR_TOO_SMALL The output_buffer is too small for the
* payload.
* Other errors related to invocation of the crypto algorithms.
*
* This signs a payload to make a COSE_Sign1 in the simplest possible
* way. The object code for this is very small. This is achieved by
* fixing the algorithm at compile time, not allowing any header
* parameters but the signing algorithm and limiting the payload size
* to \c UINT16_MAX. The default algorithm is COSE ES256 (EC with the
* secp256r1 curve).
*
* See t_cose_sign1_sign() for full-featured signing.
*
* The inputs are a payload to sign and a signing key. The signing key
* is a handle or pointer to a key usable with the crypto library this
* is linked against (probably OpenSSL or Mbed TLS). The key
* set up is the same as in the t_cose examples.
*
* An output buffer must be given sized large enough to hold the
* COSE_Sign1 message produced. The size of this is \ref
* T_COSE_MINI_SIGN_SIZE_OVERHEAD_ES256 larger than the payload. If
* \c output_buffer is too small, an error will be returned.
*
* This does NOT need to link with a CBOR encoder. It does need to
* link with a cryptographic library. OpenSSL and Mbed TLS are
* supported. It uses the t_cose_crypto.h layer to interface with the
* cryptographic library. It should be easy adapt this to other
* cryptographic libraries.
*
* ES384 and ES512 are also supported, but you have to modify the
* source to switch to one of them. The source could be further
* modified to support RSA.
*
* See comments in the source code to change the algorithm and
* discussion about other modifications.
*/
enum t_cose_err_t
t_cose_mini_sign1_sign(struct q_useful_buf_c payload,
struct t_cose_key signing_key,
struct q_useful_buf output_buffer,
struct q_useful_buf_c *output);


#ifdef __cplusplus
}
#endif

#endif /* __T_COSE_MINI_SIGN_H__ */
Loading