hotplace rev.332 json_object_encryption, json_object_signing

README.md

@@ -90,7 +90,7 @@
  * RFC 9052 CBOR Object Signing and Encryption (COSE): Structures and Process
  * RFC 9053 CBOR Object Signing and Encryption (COSE): Initial Algorithms
  * RFC 9054 CBOR Object Signing and Encryption (COSE): Hash Algorithms
- * RFC 8338 CBOR Object Signing and Encryption (COSE): Countersignatures
+ * RFC 9338 CBOR Object Signing and Encryption (COSE): Countersignatures
  * RFC 9360 CBOR Object Signing and Encryption (COSE): Header Parameters for Carrying and Referencing X.509 Certificates
 
 ## build

sdk/crypto/basic/crypto_advisor.cpp

@@ -1422,21 +1422,29 @@ const hint_cose_algorithm_t hint_cose_algorithms[] = {
         cose_alg_t::cose_direct_hkdf_sha_256,  // -10
         crypto_kty_t::kty_hmac,
         cose_group_t::cose_group_direct_hkdf_sha,
+        16,
+        "sha256",
     },
     {
         cose_alg_t::cose_direct_hkdf_sha_512,  // -11
         crypto_kty_t::kty_hmac,
         cose_group_t::cose_group_direct_hkdf_sha,
+        32,
+        "sha512",
     },
     {
         cose_alg_t::cose_direct_hkdf_aes_128,  // -12
         crypto_kty_t::kty_hmac,
         cose_group_t::cose_group_direct_hkdf_aes,
+        16,
+        "aes-128-wrap",
     },
     {
         cose_alg_t::cose_direct_hkdf_aes_256,  // -13
         crypto_kty_t::kty_hmac,
         cose_group_t::cose_group_direct_hkdf_aes,
+        32,
+        "aes-256-wrap",
     },
     {
         cose_alg_t::cose_sha1,  // -14
@@ -1482,51 +1490,71 @@ const hint_cose_algorithm_t hint_cose_algorithms[] = {
         cose_alg_t::cose_ecdh_es_hkdf_256,  // -25
         crypto_kty_t::kty_ec,
         cose_group_t::cose_group_ecdh_es_hkdf,
+        16,
+        "sha256",
     },
     {
         cose_alg_t::cose_ecdh_es_hkdf_512,  // -26
         crypto_kty_t::kty_ec,
         cose_group_t::cose_group_ecdh_es_hkdf,
+        32,
+        "sha512",
     },
     {
         cose_alg_t::cose_ecdh_ss_hkdf_256,  // -27
         crypto_kty_t::kty_ec,
         cose_group_t::cose_group_ecdh_ss_hkdf,
+        16,
+        "sha256",
     },
     {
         cose_alg_t::cose_ecdh_ss_hkdf_512,  // -28
         crypto_kty_t::kty_ec,
         cose_group_t::cose_group_ecdh_ss_hkdf,
+        32,
+        "sha512",
     },
     {
         cose_alg_t::cose_ecdh_es_a128kw,  // -29
         crypto_kty_t::kty_ec,
         cose_group_t::cose_group_ecdh_es_aeskw,
+        16,
+        "aes-128-wrap",
     },
     {
         cose_alg_t::cose_ecdh_es_a192kw,  // -30
         crypto_kty_t::kty_ec,
         cose_group_t::cose_group_ecdh_es_aeskw,
+        24,
+        "aes-192-wrap",
     },
     {
         cose_alg_t::cose_ecdh_es_a256kw,  // -31
         crypto_kty_t::kty_ec,
         cose_group_t::cose_group_ecdh_es_aeskw,
+        32,
+        "aes-256-wrap",
     },
     {
         cose_alg_t::cose_ecdh_ss_a128kw,  // -32
         crypto_kty_t::kty_ec,
         cose_group_t::cose_group_ecdh_ss_aeskw,
+        16,
+        "aes-128-wrap",
     },
     {
         cose_alg_t::cose_ecdh_ss_a192kw,  // -33
         crypto_kty_t::kty_ec,
         cose_group_t::cose_group_ecdh_ss_aeskw,
+        24,
+        "aes-192-wrap",
     },
     {
         cose_alg_t::cose_ecdh_ss_a256kw,  // -34
         crypto_kty_t::kty_ec,
         cose_group_t::cose_group_ecdh_ss_aeskw,
+        32,
+        "aes-256-wrap",
     },
     {
         cose_alg_t::cose_ps256,  // -37

sdk/crypto/basic/openssl_crypt.cpp

@@ -311,6 +311,8 @@ return_t openssl_crypt::encrypt2(crypt_context_t* handle, const unsigned char* d
     return ret;
 }
 
+return_t openssl_crypt::encrypt(crypt_context_t* handle, binary_t const& input, binary_t& out) { return encrypt(handle, &input[0], input.size(), out); }
+
 return_t openssl_crypt::encrypt2(crypt_context_t* handle, const unsigned char* data_plain, size_t size_plain, unsigned char* out_encrypted,
                                  size_t* size_encrypted, binary_t* aad, binary_t* tag) {
     return_t ret = errorcode_t::success;
@@ -505,6 +507,10 @@ return_t openssl_crypt::decrypt(crypt_context_t* handle, const unsigned char* da
     return decrypt2(handle, data_encrypted, size_encrypted, out_decrypted);
 }
 
+return_t openssl_crypt::decrypt(crypt_context_t* handle, binary_t const& input, binary_t& out_decrypted) {
+    return decrypt2(handle, &input[0], input.size(), out_decrypted);
+}
+
 return_t openssl_crypt::decrypt2(crypt_context_t* handle, const unsigned char* data_encrypted, size_t size_encrypted, binary_t& out_decrypted, binary_t* aad,
                                  binary_t* tag) {
     return_t ret = errorcode_t::success;

sdk/crypto/basic/openssl_crypt.hpp

@@ -142,7 +142,15 @@ class openssl_crypt : public crypt_t {
      *        crypt.encrypt(handle, data_plain, size_plain, data_encrypted);
      */
     virtual return_t encrypt(crypt_context_t* handle, const unsigned char* data_plain, size_t size_plain, binary_t& out_encrypted);
-
+    /**
+     * @brief encrypt
+     * @param crypt_context_t* handle [in]
+     * @param binary_t const& input [in]
+     * @param binary_t& out [out]
+     * @return error code (see error.hpp)
+     * @example
+     */
+    virtual return_t encrypt(crypt_context_t* handle, binary_t const& input, binary_t& out);
     /**
      * @brief encrypt (GCM)
      * @param crypt_context_t* handle [in]
@@ -191,6 +199,14 @@ class openssl_crypt : public crypt_t {
      *        crypt.decrypt(handle, data_encrypted, size_encrypted, data_decrypted);
      */
     virtual return_t decrypt(crypt_context_t* handle, const unsigned char* data_encrypted, size_t size_encrypted, binary_t& out_decrypted);
+    /**
+     * @brief decrypt
+     * @param crypt_context_t* handle [in]
+     * @param binary_t const& input [in]
+     * @param binary_t& out [out]
+     * @return error code (see error.hpp)
+     */
+    virtual return_t decrypt(crypt_context_t* handle, binary_t const& input, binary_t& out);
 
     /**
      * @brief decrypt (GCM)

sdk/crypto/basic/openssl_hash.cpp

@@ -513,16 +513,59 @@ return_t openssl_hash::hash(hash_context_t* handle, const byte_t* source_data, s
 
 crypt_poweredby_t openssl_hash::get_type() { return crypt_poweredby_t::openssl; }
 
+return_t hmac(binary_t& output, const char* alg, binary_t const& key, binary_t const& input) {
+    return_t ret = errorcode_t::success;
+    openssl_hash hash;
+    hash_context_t* handle = nullptr;
+
+    __try2 {
+        ret = hash.open_byname(&handle, alg, &key[0], key.size());
+        if (errorcode_t::success != ret) {
+            __leave2;
+        }
+        hash.init(handle);
+        hash.update(handle, &input[0], input.size());
+        hash.finalize(handle, output);
+    }
+    __finally2 { hash.close(handle); }
+
+    return ret;
+}
+
 return_t hmac(binary_t& output, hash_algorithm_t alg, binary_t const& key, binary_t const& input) {
     return_t ret = errorcode_t::success;
     openssl_hash hash;
     hash_context_t* handle = nullptr;
 
-    hash.open(&handle, alg, &key[0], key.size());
-    hash.init(handle);
-    hash.update(handle, &input[0], input.size());
-    hash.finalize(handle, output);
-    hash.close(handle);
+    __try2 {
+        ret = hash.open(&handle, alg, &key[0], key.size());
+        if (errorcode_t::success != ret) {
+            __leave2;
+        }
+        hash.init(handle);
+        hash.update(handle, &input[0], input.size());
+        hash.finalize(handle, output);
+    }
+    __finally2 { hash.close(handle); }
+
+    return ret;
+}
+
+return_t cmac(binary_t& output, const char* alg, binary_t const& key, binary_t const& input) {
+    return_t ret = errorcode_t::success;
+    openssl_hash hash;
+    hash_context_t* handle = nullptr;
+
+    __try2 {
+        ret = hash.open_byname(&handle, alg, &key[0], key.size());
+        if (errorcode_t::success != ret) {
+            __leave2;
+        }
+        hash.init(handle);
+        hash.update(handle, &input[0], input.size());
+        hash.finalize(handle, output);
+    }
+    __finally2 { hash.close(handle); }
 
     return ret;
 }
@@ -532,11 +575,17 @@ return_t cmac(binary_t& output, crypt_algorithm_t alg, binary_t const& key, bina
     openssl_hash hash;
     hash_context_t* handle = nullptr;
 
-    hash.open(&handle, alg, &key[0], key.size());
-    hash.init(handle);
-    hash.update(handle, &input[0], input.size());
-    hash.finalize(handle, output);
-    hash.close(handle);
+    __try2 {
+        ret = hash.open(&handle, alg, &key[0], key.size());
+        if (errorcode_t::success != ret) {
+            __leave2;
+        }
+        hash.init(handle);
+        hash.update(handle, &input[0], input.size());
+        hash.finalize(handle, output);
+    }
+    __finally2 { hash.close(handle); }
+
     return ret;
 }
 

sdk/crypto/basic/openssl_hash.hpp

@@ -136,7 +136,9 @@ class openssl_hash : public hash_t {
     virtual crypt_poweredby_t get_type();
 };
 
+return_t hmac(binary_t& output, const char* alg, binary_t const& key, binary_t const& input);
 return_t hmac(binary_t& output, hash_algorithm_t alg, binary_t const& key, binary_t const& input);
+return_t cmac(binary_t& output, const char* alg, binary_t const& key, binary_t const& input);
 return_t cmac(binary_t& output, crypt_algorithm_t alg, binary_t const& key, binary_t const& input);
 
 }  // namespace crypto

sdk/crypto/basic/openssl_kdf.cpp

@@ -70,6 +70,25 @@ return_t kdf_hkdf(binary_t& derived, size_t dlen, binary_t const& key, binary_t
     return ret;
 }
 
+return_t kdf_hkdf(binary_t& derived, size_t dlen, binary_t const& key, binary_t const& salt, binary_t const& info, const char* alg) {
+    return_t ret = errorcode_t::success;
+    crypto_advisor* advisor = crypto_advisor::get_instance();
+
+    __try2 {
+        hash_algorithm_t ha;
+        ret = advisor->find_evp_md(alg, ha);
+        if (errorcode_t::success != ret) {
+            __leave2;
+        }
+
+        ret = kdf_hkdf(derived, dlen, key, salt, info, ha);
+    }
+    __finally2 {
+        // do nothing
+    }
+    return ret;
+}
+
 return_t kdf_pbkdf2(binary_t& derived, size_t dlen, std::string const& password, binary_t const& salt, int iter, hash_algorithm_t alg) {
     return kdf_pbkdf2(derived, dlen, password.c_str(), password.size(), &salt[0], salt.size(), iter, alg);
 }

sdk/crypto/basic/openssl_kdf.hpp

@@ -30,6 +30,7 @@ namespace crypto {
  * @param   hash_algorithm_t alg [in]
  */
 return_t kdf_hkdf(binary_t& derived, size_t dlen, binary_t const& key, binary_t const& salt, binary_t const& info, hash_algorithm_t alg);
+return_t kdf_hkdf(binary_t& derived, size_t dlen, binary_t const& key, binary_t const& salt, binary_t const& info, const char* alg);
 /**
  * @brief   PBKDF2
  * @param   binary_t& derived [out]