Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A minimal COSE_Sign1 verifier #95

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Makefile.psa
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ INC=-I inc -I test -I src
ALL_INC=$(INC) $(CRYPTO_INC) $(QCBOR_INC)
CFLAGS=$(CMD_LINE) $(ALL_INC) $(C_OPTS) $(TEST_CONFIG_OPTS) $(CRYPTO_CONFIG_OPTS)

SRC_OBJ=src/t_cose_sign1_verify.o src/t_cose_sign1_sign.o src/t_cose_util.o src/t_cose_parameters.o
SRC_OBJ=src/t_cose_sign1_verify.o src/t_cose_sign1_sign.o src/t_cose_util.o src/t_cose_parameters.o src/t_cose_sign_mini_verify.o

.PHONY: all install install_headers install_so uninstall clean

Expand Down
73 changes: 73 additions & 0 deletions examples/t_cose_basic_example_psa.c
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@
#include "t_cose/t_cose_sign1_verify.h"
#include "t_cose/q_useful_buf.h"

#include "t_cose/t_cose_sign_mini_verify.h"

#include "psa/crypto.h"

#include <stdio.h>
Expand Down Expand Up @@ -595,11 +597,82 @@ int two_step_sign_example(void)
return (int)return_value;
}


void mini()
{
struct t_cose_sign1_sign_ctx sign_ctx;
enum t_cose_err_t return_value;
Q_USEFUL_BUF_MAKE_STACK_UB( signed_cose_buffer, 300);
struct q_useful_buf_c signed_cose;
struct q_useful_buf_c payload;
struct t_cose_key key_pair;


return_value = make_psa_ecdsa_key_pair(T_COSE_ALGORITHM_ES384, &key_pair);

/* ------ Initialize for signing ------
*
* Initialize the signing context by telling it the signing
* algorithm and signing options. No options are set here hence
* the 0 value.
*
* Set up the signing key and kid (key ID). No kid is passed here
* hence the NULL_Q_USEFUL_BUF_C.
*/

t_cose_sign1_sign_init(&sign_ctx, T_COSE_OPT_OMIT_CBOR_TAG, T_COSE_ALGORITHM_ES384);

t_cose_sign1_set_signing_key(&sign_ctx, key_pair, NULL_Q_USEFUL_BUF_C);

printf("Initialized t_cose and configured signing key\n");


/* ------ Sign ------
*
* This performs encoding of the headers, the signing and formatting
* in one shot.
*
* With this API the payload ends up in memory twice, once as the
* input and once in the output. If the payload is large, this
* needs about double the size of the payload to work.
*/
return_value = t_cose_sign1_sign(/* The context set up with signing key */
&sign_ctx,
/* Pointer and length of payload to be
* signed.
*/
Q_USEFUL_BUF_FROM_SZ_LITERAL("XX"),
/* Non-const pointer and length of the
* buffer where the completed output is
* written to. The length here is that
* of the whole buffer.
*/
signed_cose_buffer,
/* Const pointer and actual length of
* the completed, signed and encoded
* COSE_Sign1 message. This points
* into the output buffer and has the
* lifetime of the output buffer.
*/
&signed_cose);



return_value =
t_cose_sign1_mini_verify(signed_cose,
key_pair,
&payload);


}

int main(int argc, const char * argv[])
{
(void)argc; /* Avoid unused parameter error */
(void)argv;

mini();

one_step_sign_example();
two_step_sign_example();
}
80 changes: 80 additions & 0 deletions inc/t_cose/t_cose_sign_mini_verify.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
/*
* t_cose_sign_mini_verify.h
*
* Copyright 2022-2023, Laurence Lundblade
*
* Created by Laurence Lundblade on 8/17/22.
*
* SPDX-License-Identifier: BSD-3-Clause
*
* See BSD-3-Clause license in README.md
*/

#ifndef t_cose_sign_mini_verify_h
#define t_cose_sign_mini_verify_h

#include "t_cose/q_useful_buf.h"
#include "t_cose/t_cose_common.h"

#ifdef __cplusplus
extern "C" {
#endif


/*
* The algorithm is set at compile time for mini sign and can't be
* changed. Only one algorithm is
* supported at a time. Define one of these to configure the algorithm. If
* none are configured, ES256 is selected.

#define T_COSE_MINI_VERIFY_SELECT_ES256
#define T_COSE_MINI_VERIFY_SELECT_ES384
#define T_COSE_MINI_VERIFY_SELECT_ES512
*/

#if !defined(T_COSE_MINI_VERIFY_SELECT_ES256) && \
!defined(T_COSE_MINI_VERIFY_SELECT_ES384) && \
!defined(T_COSE_MINI_VERIFY_SELECT_ES512)
#define T_COSE_MINI_VERIFY_SELECT_ES256
#endif


/**
* @brief Minature verification of COSE_Sign1
*
* @param[in] cose_sign1 The COSE_Sign1 to verify.
* @param[in] verification_key The verification key.
* @param[out] payload Pointer and length of verified payload.
*
* @return The error result.
*
* This is an implementation of \c COSE_Sign1 verification
* with very small, near minimun code size. It has
* almost no external dependency, except a crypto library,
* not even a CBOR library.
*
* Only one algorithm is supported at a time. If the
* input \c COSE_Sign1 doesn't use that algorithm
* an error is returned.
*
* There is no header decoding to retrieve a key ID, so
* identification of the key must be by some other means.
*
* It simply checks that the algorithm header parameter
* matches what it compiled to support, decodes
* the payload and the signature, verifies the
* signature and returns the verified payload.
*
* This has very crude error reporting in order to keep
* the code size small. Success is always success and failure
* always failure, but the failure reported might be misleading
* as to the actual reason for the failure.
*/
enum t_cose_err_t
t_cose_sign1_mini_verify(struct q_useful_buf_c cose_sign1,
struct t_cose_key verification_key,
struct q_useful_buf_c *payload);



#endif /* t_cose_sign_mini_verify_h */
Loading