Skip to content

Commit

Permalink
Add ECDH for X25519 (#123)
Browse files Browse the repository at this point in the history
* Add ECDH for X25519

* Fix gnu compiler error

It doesn't like jumping things it should not care about.
Try using a different checkout code
Still track down how to do OpenSSL 1.1 on appveyor

* Fix errors

Fix compiler error - context error
Fix crash from missing - error ptr == null

* Fix MBEDTLS crash

Need to clear a pointer in one case and change the return error for unknown curves.

* Remove support for Openssl pre 1.1

* Deal with flag for doing compressed vs uncompressed points
* Use EVP everywhere but ECDSA signing - should do that too

* Correct no context compiler error

* Run clang-format
  • Loading branch information
jimsch authored Jun 3, 2020
1 parent ae2c5f7 commit 97d1805
Show file tree
Hide file tree
Showing 13 changed files with 450 additions and 199 deletions.
1 change: 1 addition & 0 deletions .appveyor.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ install:
before_build:
- set PATH=c:\OpenSSL-v111-Win64\bin;%PATH%
- set OPENSSL_ROOT_DIR=c:\OpenSSL-v111-Win64
- set CMAKE_FRAMEWORK_PATH=c:\OpenSSL-v111-Win64
- cmake --version
- mkdir build
- cd build
Expand Down
18 changes: 18 additions & 0 deletions .github/workflows/cancel.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: Cancel
on:
push:
branches:
- master
pull_request:
branches:
- '*'
jobs:
cancel:
name: 'Cancel Previous Runs'
runs-on: ubuntu-latest
timeout-minutes: 3
steps:
- uses: styfle/[email protected]
with:
workflow_id: 479426
access_token: ${{ github.token }}
2 changes: 1 addition & 1 deletion .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ jobs:
COMPILER: gcc

steps:
- uses: actions/checkout@v1
- uses: actions/checkout@v2

- name: setup (windows)
if: startsWith(matrix.os, 'windows')
Expand Down
3 changes: 3 additions & 0 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -331,6 +331,9 @@ message(STATUS "COSE_C_USE_MEMORY_SANITIZER:.....${COSE_C_USE_MEMORY_SANITIZER}"
message(STATUS "COSE_C_USE_LEAK_SANITIZER:.......${COSE_C_USE_LEAK_SANITIZER}")
message(STATUS "COSE_C_USE_UNDEFINED_SANITIZER:..${COSE_C_USE_UNDEFINED_SANITIZER}")
message(STATUS "COSE_C_VALGRIND_MEMORY_CHECK:....${COSE_C_VALGRIND_MEMORY_CHECK}")
if(COSE_C_USE_OPENSSL)
message(STATUS "OpenSSL .........................${OPENSSL_LIBRARIES}")
endif()
message(STATUS "project_cn_cbor_SOURCE_DIR:......${project_cn_cbor_SOURCE_DIR}")
message(STATUS "project_cn_cbor_BINARY_DIR:......${project_cn_cbor_BINARY_DIR}")
message(STATUS "project_mbedtls_SOURCE_DIR:......${project_mbedtls_SOURCE_DIR}")
Expand Down
10 changes: 5 additions & 5 deletions include/cose/cose.h
Original file line number Diff line number Diff line change
Expand Up @@ -222,9 +222,9 @@ typedef enum {
* Functions dealing with keys
*/

const int COSE_KEY_FL_OWN = 0x1; // Cede ownership of the key to the libraray
// Only neede for MBEDTLS as OpenSSL does reference counts

const int COSE_KEY_FL_OWN =
0x1; // Cede ownership of the key to the libraray
// Only neede for MBEDTLS as OpenSSL does reference counts

HCOSE_KEY COSE_KEY_FromCbor(cn_cbor* pcborKey,
CBOR_CONTEXT_COMMA cose_errback* perror);
Expand All @@ -235,8 +235,8 @@ HCOSE_KEY COSE_KEY_FromEVP(EVP_PKEY* opensslKey,
CBOR_CONTEXT_COMMA cose_errback* perror);
#endif
#ifdef COSE_C_USE_MBEDTLS
HCOSE_KEY COSE_KEY_FromMbedKeypair(mbedtls_ecp_keypair *,
cn_cbor * pcborKey,
HCOSE_KEY COSE_KEY_FromMbedKeypair(mbedtls_ecp_keypair*,
cn_cbor* pcborKey,
int flags,
CBOR_CONTEXT_COMMA cose_errback* perror);
#endif
Expand Down
2 changes: 1 addition & 1 deletion src/CoseKey.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@ HCOSE_KEY COSE_KEY_FromEVP(EVP_PKEY *opensslKey,
#endif

#ifdef COSE_C_USE_MBEDTLS
HCOSE_KEY COSE_KEY_FromMbedKeypair(mbedtls_ecp_keypair * mbedtls_keypair,
HCOSE_KEY COSE_KEY_FromMbedKeypair(mbedtls_ecp_keypair *mbedtls_keypair,
cn_cbor *pcborKey,
int flags,
CBOR_CONTEXT_COMMA cose_errback *perror)
Expand Down
5 changes: 5 additions & 0 deletions src/Encrypt.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -533,6 +533,11 @@ bool COSE_Enveloped_encrypt(HCOSE_ENVELOPED h, cose_errback *perr)
CHECK_CONDITION(
pcose->m_recipientFirst != nullptr, COSE_ERR_INVALID_HANDLE);

cose_errback coseError;
if (perr == nullptr) {
perr = &coseError;
}

return _COSE_Enveloped_encrypt(pcose, nullptr, 0, "Encrypt", perr);

errorReturn:
Expand Down
32 changes: 24 additions & 8 deletions src/Recipient.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -211,20 +211,22 @@ static bool HKDF_X(COSE *pCose,
if (fECDH) {
#ifdef USE_ECDH

if (pKeyPrivate != nullptr) {
if (pKeyPrivate != nullptr && pKeyPrivate->m_cborKey != nullptr) {
cn = cn_cbor_mapget_int(pKeyPrivate->m_cborKey, COSE_Key_Type);
CHECK_CONDITION((cn != nullptr) && (cn->type == CN_CBOR_UINT),
COSE_ERR_INVALID_PARAMETER);
CHECK_CONDITION(
cn->v.uint == COSE_Key_Type_EC2, COSE_ERR_INVALID_PARAMETER);
CHECK_CONDITION(cn->v.uint == COSE_Key_Type_EC2 ||
cn->v.uint == COSE_Key_Type_OKP,
COSE_ERR_INVALID_PARAMETER);
}

if (pKeyPublic != nullptr) {
if (pKeyPublic != nullptr && pKeyPublic->m_cborKey != nullptr) {
cn = cn_cbor_mapget_int(pKeyPublic->m_cborKey, COSE_Key_Type);
CHECK_CONDITION((cn != nullptr) && (cn->type == CN_CBOR_UINT),
COSE_ERR_INVALID_PARAMETER);
CHECK_CONDITION(
cn->v.uint == COSE_Key_Type_EC2, COSE_ERR_INVALID_PARAMETER);
CHECK_CONDITION(cn->v.uint == COSE_Key_Type_EC2 ||
cn->v.uint == COSE_Key_Type_OKP,
COSE_ERR_INVALID_PARAMETER);
}

if (fSend) {
Expand Down Expand Up @@ -1643,7 +1645,7 @@ bool COSE_Recipient_SetSenderKey2(HCOSE_RECIPIENT h,
case 0:
break;

case 1:
case COSE_PROTECT_ONLY:
cn = cn_cbor_mapget_int(pKey->m_cborKey, COSE_Key_ID);
CHECK_CONDITION(cn != nullptr, COSE_ERR_INVALID_PARAMETER);
cn2 = cn_cbor_clone(cn, CBOR_CONTEXT_PARAM_COMMA & cbor_err);
Expand All @@ -1655,7 +1657,21 @@ bool COSE_Recipient_SetSenderKey2(HCOSE_RECIPIENT h,
cn2 = nullptr;
break;

case 2:
case COSE_UNPROTECT_ONLY:
if (pKey->m_cborKey == nullptr) {
#ifdef COSE_C_USE_OPENSSL
pKey->m_cborKey = EVP_ToCBOR(pKey->m_opensslKey, true,
#ifdef USE_CBOR_CONTEXT
&pKey->m_allocContext,
#endif
perr);
if (pKey->m_cborKey == nullptr) {
return false;
}
#else
return false;
#endif
}
cn2 = cn_cbor_map_create(CBOR_CONTEXT_PARAM_COMMA & cbor_err);
CHECK_CONDITION_CBOR(cn2 != nullptr, cbor_err);
cn = cn_cbor_mapget_int(pKey->m_cborKey, COSE_Key_Type);
Expand Down
9 changes: 6 additions & 3 deletions src/cose_int.h
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ typedef struct _COSE_KEY {
EVP_PKEY *m_opensslKey;
#endif
#ifdef COSE_C_USE_MBEDTLS
mbedtls_ecp_keypair * m_mbedtls_keypair;
mbedtls_ecp_keypair *m_mbedtls_keypair;
#endif
} COSE_KEY;

Expand Down Expand Up @@ -476,13 +476,16 @@ enum { COSE_Int_Alg_AES_CBC_MAC_256_64 = -22 };
#define COSE_CounterSign_object 1000
#define COSE_CounterSign1_object 1001


#if defined(COSE_C_USE_OPENSSL) && (OPENSSL_VERSION_NUMBER > 0x10100000L)
EC_KEY *ECKey_From(COSE_KEY *pKey, int *cbGroup, cose_errback *perr);
cn_cbor *EVP_ToCBOR(EVP_PKEY *pKey,
bool fCompressPoints,
CBOR_CONTEXT_COMMA cose_errback *perr);
EVP_PKEY *EVP_FromKey(COSE_KEY *pKey, CBOR_CONTEXT_COMMA cose_errback *perr);
#endif

#ifdef COSE_C_USE_MBEDTLS
mbedtls_ecp_keypair * ECKey_From(COSE_KEY *pKey,
mbedtls_ecp_keypair *ECKey_From(COSE_KEY *pKey,
mbedtls_ecp_keypair *keypair,
cose_errback *perr);
#endif
9 changes: 5 additions & 4 deletions src/mbedtls.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -666,14 +666,14 @@ bool HMAC_Validate(COSE_MacMessage *pcose,
#define COSE_Key_EC_Y -3
#define COSE_Key_EC_d -4

mbedtls_ecp_keypair * ECKey_From(COSE_KEY *pKey,
mbedtls_ecp_keypair *ECKey_From(COSE_KEY *pKey,
mbedtls_ecp_keypair *keypair,
cose_errback *perr)
{
if (pKey->m_mbedtls_keypair != nullptr) {
return pKey->m_mbedtls_keypair;
}

byte rgbKey[MBEDTLS_ECP_MAX_PT_LEN];
int cbKey = 0;
int cbGroup = 0;
Expand Down Expand Up @@ -869,7 +869,7 @@ bool ECDSA_Verify(COSE *pSigner,
cose_errback *perr)
{
mbedtls_ecp_keypair keypair;
mbedtls_ecp_keypair* useKey = nullptr;
mbedtls_ecp_keypair *useKey = nullptr;
mbedtls_mpi r;
mbedtls_mpi s;
mbedtls_md_type_t mdType;
Expand Down Expand Up @@ -1188,7 +1188,8 @@ bool ECDH_ComputeSecret(COSE *pRecipient,
break;

default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
p = nullptr;
FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
}
p = nullptr;

Expand Down
Loading

0 comments on commit 97d1805

Please sign in to comment.