From 29ca59be6556138069a00d7a27bb36330c429699 Mon Sep 17 00:00:00 2001
From: Laurence Lundblade <lgl@securitytheory.com>
Date: Mon, 6 Nov 2023 18:23:41 +0100
Subject: [PATCH] Finish of ext sup data (aad) for MAC

---
 inc/t_cose/t_cose_mac_compute.h         |  1 +
 src/t_cose_mac_compute.c                | 10 +++++-----
 src/t_cose_mac_validate.c               |  6 +++---
 src/t_cose_util.c                       |  6 +++---
 test/t_cose_compute_validate_mac_test.c | 16 +++++++++-------
 5 files changed, 21 insertions(+), 18 deletions(-)

diff --git a/inc/t_cose/t_cose_mac_compute.h b/inc/t_cose/t_cose_mac_compute.h
index e1db31a3..cf21cb3c 100644
--- a/inc/t_cose/t_cose_mac_compute.h
+++ b/inc/t_cose/t_cose_mac_compute.h
@@ -163,6 +163,7 @@ t_cose_mac_encode_parameters(struct t_cose_mac_calculate_ctx *context,
  */
 enum t_cose_err_t
 t_cose_mac_encode_tag(struct t_cose_mac_calculate_ctx *context,
+                      struct q_useful_buf_c            ext_sup_data,
                       struct q_useful_buf_c            payload,
                       QCBOREncodeContext              *cbor_encode_ctx);
 
diff --git a/src/t_cose_mac_compute.c b/src/t_cose_mac_compute.c
index 6e1ae64e..1c61c298 100644
--- a/src/t_cose_mac_compute.c
+++ b/src/t_cose_mac_compute.c
@@ -81,6 +81,7 @@ t_cose_mac_encode_parameters(struct t_cose_mac_calculate_ctx *me,
  */
 enum t_cose_err_t
 t_cose_mac_encode_tag(struct t_cose_mac_calculate_ctx *me,
+                      struct q_useful_buf_c            ext_sup_data,
                       struct q_useful_buf_c            payload,
                       QCBOREncodeContext              *cbor_encode_ctx)
 {
@@ -127,8 +128,8 @@ t_cose_mac_encode_tag(struct t_cose_mac_calculate_ctx *me,
      * MAC are the protected parameters, the payload that is
      * getting MACed.
      */
-    mac_input.ext_sup_data = NULL_Q_USEFUL_BUF_C; // TODO: this won't be NULL when AAD is supported
-    mac_input.payload = payload;
+    mac_input.ext_sup_data   = ext_sup_data;
+    mac_input.payload        = payload;
     mac_input.body_protected = me->protected_parameters;
     mac_input.sign_protected = NULL_Q_USEFUL_BUF_C; /* Never sign-protected for MAC */
     return_value = create_tbm(&mac_input,
@@ -191,12 +192,11 @@ t_cose_mac_encode_tag(struct t_cose_mac_calculate_ctx *me,
 enum t_cose_err_t
 t_cose_mac_compute_private(struct t_cose_mac_calculate_ctx *me,
                            bool                             payload_is_detached,
-                           struct q_useful_buf_c            aad,
+                           struct q_useful_buf_c            ext_sup_data,
                            struct q_useful_buf_c            payload,
                            struct q_useful_buf              out_buf,
                            struct q_useful_buf_c           *result)
 {
-    (void)aad;
     QCBOREncodeContext  encode_ctx;
     enum t_cose_err_t   return_value;
 
@@ -217,7 +217,7 @@ t_cose_mac_compute_private(struct t_cose_mac_calculate_ctx *me,
         QCBOREncode_AddBytes(&encode_ctx, payload);
     }
 
-    return_value = t_cose_mac_encode_tag(me, payload, &encode_ctx);
+    return_value = t_cose_mac_encode_tag(me, ext_sup_data, payload, &encode_ctx);
     if(return_value) {
         goto Done;
     }
diff --git a/src/t_cose_mac_validate.c b/src/t_cose_mac_validate.c
index a4efd97a..ca330977 100644
--- a/src/t_cose_mac_validate.c
+++ b/src/t_cose_mac_validate.c
@@ -29,7 +29,7 @@
 enum t_cose_err_t
 t_cose_mac_validate_private(struct t_cose_mac_validate_ctx *me,
                             struct q_useful_buf_c           cose_mac,
-                            struct q_useful_buf_c           aad,
+                            struct q_useful_buf_c           ext_sup_data,
                             bool                            payload_is_detached,
                             struct q_useful_buf_c          *payload,
                             struct t_cose_parameter       **return_params)
@@ -129,8 +129,8 @@ t_cose_mac_validate_private(struct t_cose_mac_validate_ctx *me,
     }
 
     /* -- Compute the ToBeMaced -- */
-    mac_input.ext_sup_data = aad;
-    mac_input.payload = *payload;
+    mac_input.ext_sup_data   = ext_sup_data;
+    mac_input.payload        = *payload;
     mac_input.body_protected = protected_parameters;
     mac_input.sign_protected = NULL_Q_USEFUL_BUF_C; /* Never sign-protected for MAC */
     return_value = create_tbm(&mac_input,
diff --git a/src/t_cose_util.c b/src/t_cose_util.c
index 47dfd700..a1bacfe8 100644
--- a/src/t_cose_util.c
+++ b/src/t_cose_util.c
@@ -296,10 +296,10 @@ create_tbm(const struct t_cose_sign_inputs *mac_inputs,
     /* body_protected */
     QCBOREncode_AddBytes(&cbor_encode_ctx, mac_inputs->body_protected);
 
-    /* external_aad. There is none so an empty bstr */
-    QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_Q_USEFUL_BUF_C);
+    /* ext_sup_data  */
+    QCBOREncode_AddBytes(&cbor_encode_ctx, mac_inputs->ext_sup_data);
 
-    /* The short fake payload, add only the byte string type and length */
+    /* The short fake payload, ext_sup_data only the byte string type and length */
     QCBOREncode_AddBytesLenOnly(&cbor_encode_ctx, mac_inputs->payload);
 
     /* Close of the array */
diff --git a/test/t_cose_compute_validate_mac_test.c b/test/t_cose_compute_validate_mac_test.c
index 3e000af4..74381050 100644
--- a/test/t_cose_compute_validate_mac_test.c
+++ b/test/t_cose_compute_validate_mac_test.c
@@ -78,6 +78,7 @@ static int32_t compute_validate_basic_test_alg_mac(int32_t cose_alg)
     struct q_useful_buf_c        maced_cose;
     struct t_cose_key            key;
     struct q_useful_buf_c        in_payload = Q_USEFUL_BUF_FROM_SZ_LITERAL("payload");
+    struct q_useful_buf_c        in_exp_sup_data = Q_USEFUL_BUF_FROM_SZ_LITERAL("sup data");
     struct q_useful_buf_c        out_payload;
 
     /* -- Get started with context initialization, selecting the alg -- */
@@ -93,7 +94,7 @@ static int32_t compute_validate_basic_test_alg_mac(int32_t cose_alg)
     t_cose_mac_set_computing_key(&mac_ctx, key, NULL_Q_USEFUL_BUF_C);
 
     cose_res = t_cose_mac_compute(&mac_ctx,
-                                   NULL_Q_USEFUL_BUF_C,
+                                   in_exp_sup_data,
                                    in_payload,
                                    maced_cose_buffer,
                                   &maced_cose);
@@ -109,7 +110,7 @@ static int32_t compute_validate_basic_test_alg_mac(int32_t cose_alg)
 
     cose_res = t_cose_mac_validate(&validate_ctx,
                                     maced_cose,  /* COSE to validate */
-                                    NULL_Q_USEFUL_BUF_C,
+                                    in_exp_sup_data,
                                    &out_payload, /* Payload from maced_cose */
                                     NULL);
     if(cose_res != T_COSE_SUCCESS) {
@@ -212,7 +213,7 @@ int32_t compute_validate_mac_fail_test(void)
     QCBOREncode_AddSZString(&cbor_encode, "payload");
     QCBOREncode_CloseBstrWrap2(&cbor_encode, false, &payload);
 
-    result = t_cose_mac_encode_tag(&mac_ctx, payload, &cbor_encode);
+    result = t_cose_mac_encode_tag(&mac_ctx, NULL_Q_USEFUL_BUF_C, payload, &cbor_encode);
     if(result) {
         return_value = 3000 + (int32_t)result;
         goto Done;
@@ -288,7 +289,7 @@ static int size_test(int32_t               cose_algorithm_id,
 
     QCBOREncode_AddBytes(&cbor_encode, payload);
 
-    return_value = t_cose_mac_encode_tag(&mac_ctx, payload, &cbor_encode);
+    return_value = t_cose_mac_encode_tag(&mac_ctx, NULL_Q_USEFUL_BUF_C, payload, &cbor_encode);
     if(return_value) {
         return 3000 + (int32_t)return_value;
     }
@@ -311,7 +312,7 @@ static int size_test(int32_t               cose_algorithm_id,
 
     QCBOREncode_AddBytes(&cbor_encode, payload);
 
-    return_value = t_cose_mac_encode_tag(&mac_ctx, payload, &cbor_encode);
+    return_value = t_cose_mac_encode_tag(&mac_ctx, NULL_Q_USEFUL_BUF_C, payload, &cbor_encode);
     if(return_value) {
         return 3000 + (int32_t)return_value;
     }
@@ -547,6 +548,7 @@ int32_t compute_validate_detached_content_mac_fail_test(void)
     QCBOREncode_AddNULL(&cbor_encode);
 
     result = t_cose_mac_encode_tag(&mac_ctx,
+                                   NULL_Q_USEFUL_BUF_C,
                                    Q_USEFUL_BUF_FROM_SZ_LITERAL("payload"),
                                    &cbor_encode);
     if(result) {
@@ -617,7 +619,7 @@ static int detached_content_size_test(int32_t               cose_algorithm_id,
 
     QCBOREncode_AddNULL(&cbor_encode);
 
-    return_value = t_cose_mac_encode_tag(&mac_ctx, payload, &cbor_encode);
+    return_value = t_cose_mac_encode_tag(&mac_ctx, NULL_Q_USEFUL_BUF_C, payload, &cbor_encode);
     if(return_value) {
         return 3000 + (int32_t)return_value;
     }
@@ -640,7 +642,7 @@ static int detached_content_size_test(int32_t               cose_algorithm_id,
 
     QCBOREncode_AddNULL(&cbor_encode);
 
-    return_value = t_cose_mac_encode_tag(&mac_ctx, payload, &cbor_encode);
+    return_value = t_cose_mac_encode_tag(&mac_ctx, NULL_Q_USEFUL_BUF_C, payload, &cbor_encode);
     if(return_value) {
         return 3000 + (int32_t)return_value;
     }