Add decryption fail tests plus bug fixes

crypto_adapters/t_cose_openssl_crypto.c

@@ -1884,7 +1884,7 @@ t_cose_crypto_aead_decrypt(const int32_t          cose_algorithm_id,
                                       (int)tag_length,
                                       tmp);
     if(ossl_result != 1) {
-        return_value = 10; // TODO: proper error code
+        return_value = T_COSE_ERR_DATA_AUTH_FAILED;
         goto Done1;
     }
     /* The pointer math is safe and this call won't write off the end
@@ -1898,7 +1898,7 @@ t_cose_crypto_aead_decrypt(const int32_t          cose_algorithm_id,
                                       &dummy_length);
     if(ossl_result != 1) {
         /* This is where an authentication failure is detected. */
-        return_value = 10; // TODO: proper error code
+        return_value = T_COSE_ERR_DATA_AUTH_FAILED;
         goto Done1;
     }
 

examples/init_keys_psa.c

@@ -192,7 +192,7 @@ void free_fixed_signing_key(struct t_cose_key key_pair)
  * Public function, see init_keys.h
  */
 enum t_cose_err_t
-init_fixed_test_ec_encryption_key(uint32_t           cose_ec_curve_id,
+init_fixed_test_ec_encryption_key(int32_t            cose_ec_curve_id,
                                   struct t_cose_key *public_key,
                                   struct t_cose_key *private_key)
 {

inc/t_cose/t_cose_common.h

@@ -9,7 +9,6 @@
  * See BSD-3-Clause license in README.md
  */
 
-
 #ifndef __T_COSE_COMMON_H__
 #define __T_COSE_COMMON_H__
 
@@ -490,6 +489,7 @@ enum t_cose_err_t {
      */
     T_COSE_ERR_MAC0_FORMAT = 48,
 
+    // TODO: duplicate uses of next three error codes.
     /** The requested content key distribution algorithm is not supported.  */
     T_COSE_ERR_UNSUPPORTED_CONTENT_KEY_DISTRIBUTION_ALG = 46,
 
@@ -636,7 +636,11 @@ enum t_cose_err_t {
      * to be larger because there are too many protected
      * headers, party u/v identities were added or
      * supp info was added. TODO: see xxxx*/
-    T_COSE_ERR_KDF_CONTEXT_SIZE = 88
+    T_COSE_ERR_KDF_CONTEXT_SIZE = 88,
+
+    /** COSE_Encrypt has the wrong stuff in it */
+    T_COSE_ERR_ENCRYPT_FORMAT = 89,
+
 };
 
 

src/t_cose_encrypt_dec.c

@@ -219,8 +219,15 @@ t_cose_encrypt_dec_detached(struct t_cose_encrypt_dec_ctx* me,
         header_location.nesting = 1;
         header_location.index   = 0;
 
-        /* Loop over the array of COSE_Recipients */
+        /* --- Enter array of recipients --- */
         QCBORDecode_EnterArray(&cbor_decoder, NULL);
+        cbor_error = QCBORDecode_GetError(&cbor_decoder);
+        if(cbor_error != QCBOR_SUCCESS) {
+            return_value = qcbor_decode_error_to_t_cose_error(cbor_error, T_COSE_ERR_ENCRYPT_FORMAT);
+            goto Done;
+        }
+
+        /* Loop over the array of COSE_Recipients */
         while(1) {
             return_value = decrypt_one_recipient(me,
                                                  header_location,
@@ -230,8 +237,20 @@ t_cose_encrypt_dec_detached(struct t_cose_encrypt_dec_ctx* me,
                                                 &rcpnt_params_list,
                                                  &cek);
             /* This will have consumed the CBOR of one recipient */
+
             if(return_value == T_COSE_SUCCESS) {
-                break; /* One success is good enough. This is done. */
+                /* One success is enough to get the CEK.
+                 *
+                 * Breaking here short circuits decoding
+                 * further recipients. If they are not well-formed
+                 * it will be detected by QCBORDecode_ExitArray(), but
+                 * if they are well-formed and have the wrong CBOR
+                 * types and such, it will not be detected. This is
+                 * considered OK for this implementation. Perhaps
+                 * some will disagree. However doing the error detection
+                 * on all will add code and complexity.
+                 */
+                break;
             }
 
             if(return_value != T_COSE_ERR_DECLINE) {

src/t_cose_recipient_dec_esdh.c

@@ -112,6 +112,7 @@ t_cose_recipient_dec_esdh_cb_private(struct t_cose_recipient_dec *me_x,
 {
     struct t_cose_recipient_dec_esdh *me;
     QCBORError             result;
+    QCBORError             cbor_error;
     int64_t                alg;
     struct q_useful_buf_c  cek_encrypted;
     struct q_useful_buf_c  info_struct;
@@ -139,16 +140,26 @@ t_cose_recipient_dec_esdh_cb_private(struct t_cose_recipient_dec *me_x,
 
     /* One recipient */
     QCBORDecode_EnterArray(cbor_decoder, NULL);
+    cbor_error = QCBORDecode_GetError(cbor_decoder);
+    if(cbor_error != QCBOR_SUCCESS) {
+        cose_result = qcbor_decode_error_to_t_cose_error(cbor_error, T_COSE_ERR_RECIPIENT_FORMAT);
+        goto done;
+    }
 
     cose_result = t_cose_headers_decode(
                            cbor_decoder, /* in: decoder to read from */
-                           loc,          /* in: location in COSE message*/
+                           loc,          /* in: location in COSE message */
                            decode_ephemeral_key, /* in: callback for specials */
-                           NULL,         /* in: context for callback */
+                           NULL,         /* in: context for specials callback */
                            p_storage,    /* in: parameter storage */
                            params,       /* out: list of decoded params */
                           &protected_params /* out: encoded prot params */
                            );
+
+    if(cose_result != T_COSE_SUCCESS) {
+        goto done;
+    }
+
     /* The ephemeral public key comes from the headers. It was
      * processed by the decode_ephemeral_key() callback. */
     ephem_param = t_cose_param_find(*params,
@@ -159,9 +170,6 @@ t_cose_recipient_dec_esdh_cb_private(struct t_cose_recipient_dec *me_x,
     }
     ephemeral_key = ephem_param->value.special_decode.value.key;
 
-    if(cose_result != T_COSE_SUCCESS) {
-        goto done_free_ec;
-    }
 
     /* Recipient array contains AES Key Wrap algorithm.
      * The KEK used to encrypt the CEK with AES-KW is then

test/data/aead_in_error.diag

@@ -0,0 +1,23 @@
+96(
+  [
+    h'A10103',
+    {5: h'02D1F7E6F26C43D4868D87CE'},
+    h'256B748DEB647131C12A10AC261DA0628E420492A36F3DED8642B4B6FA1EB15DCEC80A0E',
+    [
+      [
+        h'A101381C',
+        {-1:
+          {
+            1: 2,
+            -1: 1,
+            -2: h'E12C938B182258C9D447D41821715261AE99AD77D241943F4A12FF20DD3CE400',
+            -3: h'48B0588903365733B98D388C6136C04B7FFD1A770CD2611189EE84E9941A7E26'
+          },
+          4: h'6D65726961646F632E6272616E64796275636B406275636B6C616E642E6578616D706C65'
+        },
+        h'508FAD30A1A95D1380B5167D032799C72477AB60258ABFB71C7AB603A4890EF44F1363ED9F569E85'
+      ]
+    ]
+  ]
+)
+

test/data/cose_encrypt_junk_recipient.diag

@@ -0,0 +1,24 @@
+96(
+  [
+    h'A10103',
+    {5: h'02D1F7E6F26C43D4868D87CE'},
+    h'256B748DEB647131C12A10AC261DA0628E420492A36F3DED8642B4B6FA1EB15DCEC80A0F',
+    [
+      "junk in recipients array",
+      [
+        h'A101381C',
+        {-1:
+          {
+            1: 2,
+            -1: 1,
+            -2: h'E12C938B182258C9D447D41821715261AE99AD77D241943F4A12FF20DD3CE400',
+            -3: h'48B0588903365733B98D388C6136C04B7FFD1A770CD2611189EE84E9941A7E26'
+          },
+          4: h'6D65726961646F632E6272616E64796275636B406275636B6C616E642E6578616D706C65'
+        },
+         h'508FAD30A1A95D1380B5167D032799C72477AB60258ABFB71C7AB603A4890EF44F1363ED9F569E85'
+      ]
+    ]
+  ]
+)
+

test/data/cose_encrypt_p256_wrap_128.diag

@@ -0,0 +1,23 @@
+96(
+  [
+    h'A10103',
+    {5: h'02D1F7E6F26C43D4868D87CE'},
+    h'256B748DEB647131C12A10AC261DA0628E420492A36F3DED8642B4B6FA1EB15DCEC80A0F',
+    [
+      [
+        h'A101381C',
+        {-1:
+          {
+            1: 2,
+            -1: 1,
+            -2: h'E12C938B182258C9D447D41821715261AE99AD77D241943F4A12FF20DD3CE400',
+            -3: h'48B0588903365733B98D388C6136C04B7FFD1A770CD2611189EE84E9941A7E26'
+          },
+          4: h'6D65726961646F632E6272616E64796275636B406275636B6C616E642E6578616D706C65'
+        },
+         h'508FAD30A1A95D1380B5167D032799C72477AB60258ABFB71C7AB603A4890EF44F1363ED9F569E85'
+      ]
+    ]
+  ]
+)
+

test/data/cose_recipients_map_instead_of_array.diag

@@ -0,0 +1,24 @@
+96(
+  [
+    h'A10103',
+    {5: h'02D1F7E6F26C43D4868D87CE'},
+    h'256B748DEB647131C12A10AC261DA0628E420492A36F3DED8642B4B6FA1EB15DCEC80A0F',
+    {
+      "label":
+      [
+        h'A101381C',
+        {-1:
+          {
+            1: 2,
+            -1: 1,
+            -2: h'E12C938B182258C9D447D41821715261AE99AD77D241943F4A12FF20DD3CE400',
+            -3: h'48B0588903365733B98D388C6136C04B7FFD1A770CD2611189EE84E9941A7E26'
+          },
+          4: h'6D65726961646F632E6272616E64796275636B406275636B6C616E642E6578616D706C65'
+        },
+        h'508FAD30A1A95D1380B5167D032799C72477AB60258ABFB71C7AB603A4890EF44F1363ED9F569E85'
+      ]
+    }
+  ]
+)
+

test/data/make_test_messages.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+rm -rf test_messages.[ch]
+
+for i in *.diag;
+do
+  j=${i%.*}
+  diag2cbor.rb $i > $j
+
+  xxd -c 8 -i $j > $j.tmp
+  size=`grep 'unsigned int' $j.tmp | sed 's/^.*=\ \([0-9]*\);/\1/'`
+  grep 'unsigned char' $j.tmp | sed 's/^unsigned/extern const unsigned/' | \
+                                sed 's/].*/\];/' | \
+                                sed "s/\[\]/\[$size\]/" >> test_messages.h
+  cat $j.tmp | sed 's/^unsigned/const unsigned/' >> test_messages.c
+
+
+  rm $j $j.tmp
+
+done
+