Skip to content

Commit

Permalink
Cbor update (cose-wg#48)
Browse files Browse the repository at this point in the history
* Update to CBOR 4.0

This is due to a found security issue.

* Change travis build script
  • Loading branch information
jimsch authored Oct 1, 2019
1 parent bc4d143 commit 7208ff0
Show file tree
Hide file tree
Showing 13 changed files with 58 additions and 53 deletions.
2 changes: 2 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ matrix:
TARGET=Std10
VERSION=Release
NUGET=dotnet
FRAMEWORK=netcoreapp2.0
os: osx
- dotnet: 2.2
mono: none
Expand All @@ -18,6 +19,7 @@ matrix:
TARGET=Std10
VERSION=Release
NUGET=dotnet
FRAMEWORK=netcoreapp2.0
os: linux

install:
Expand Down
2 changes: 1 addition & 1 deletion COSE/Attributes.cs
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ public void AddAttribute(string label, CBORObject value, int bucket)
/// <param name="bucket">Which bucket is the attribute placed in?</param>
public void AddAttribute(CBORObject label, CBORObject value, int bucket)
{
if ((label.Type != CBORType.Number) && (label.Type != CBORType.TextString))
if ((label.Type != CBORType.Integer) && (label.Type != CBORType.TextString))
{
throw new CoseException("Labels must be integers or strings");
}
Expand Down
13 changes: 8 additions & 5 deletions COSE/COSE.Std10.csproj
Original file line number Diff line number Diff line change
@@ -1,18 +1,21 @@
<Project Sdk="Microsoft.NET.Sdk">
<Project Sdk="Microsoft.NET.Sdk">

<PropertyGroup>
<TargetFrameworks>netstandard2.0;net462;netcoreapp2.0</TargetFrameworks>
<PackageId>Com.AugustCellars.COSE</PackageId>
<Id>Com.AugustCellars.COSE</Id>
<PackageVersion>1.5.0</PackageVersion>
<Version>1.5.0</Version>
<PackageVersion>1.6.0</PackageVersion>
<Version>1.6.0</Version>
<Authors>Jim Schaad</Authors>
<Description>An implementation of the CBOR Object Signing and Encryption standards.</Description>
<PackageRequireLicenseAcceptance>false</PackageRequireLicenseAcceptance>
<Copyright>Copyright @2016-9 Jim Schaad</Copyright>
<PackageTags>COSE CBOR</PackageTags>

<PackageReleaseNotes>
1.6.0
- Update to use CBOR version 4.0 due to a security parsing problem.
- Update to 1.8.5 of BouncyCastle
1.5.0
- Add NetStandard2.0 as a new target
- Internal changes to make clr compliant
Expand Down Expand Up @@ -73,8 +76,8 @@


<ItemGroup>
<PackageReference Include="PeterO.Cbor" Version="3.0.3" />
<PackageReference Include="Portable.BouncyCastle" Version="1.8.4" />
<PackageReference Include="PeterO.Cbor" Version="4.0.0" />
<PackageReference Include="Portable.BouncyCastle" Version="1.8.5" />
</ItemGroup>
<ItemGroup>
<Compile Include="Attributes.cs" />
Expand Down
10 changes: 5 additions & 5 deletions COSE/EncryptCommon.cs
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ protected void DecryptWithKey(byte[] CEK)
if (alg.Type == CBORType.TextString) {
throw new CoseException("Algorithm not supported " + alg.AsString());
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.AES_GCM_128:
case AlgorithmValuesInt.AES_GCM_192:
Expand Down Expand Up @@ -114,7 +114,7 @@ public void EncryptWithKey(byte[] contentKey)
throw new CoseException("Content encryption algorithm is not recognized");
}
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.AES_GCM_128:
case AlgorithmValuesInt.AES_GCM_192:
Expand Down Expand Up @@ -180,7 +180,7 @@ public int GetKeySize(CBORObject alg)
if (alg.Type == CBORType.TextString) {
throw new CoseException("Unknown Algorithm Specified");
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.AES_GCM_128:
case AlgorithmValuesInt.AES_CCM_16_64_128:
Expand Down Expand Up @@ -315,7 +315,7 @@ private byte[] AES_CCM(CBORObject alg, byte[] K)

// Figure out what the correct internal parameters to use are

Debug.Assert(alg.Type == CBORType.Number);
Debug.Assert(alg.Type == CBORType.Integer);
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.AES_CCM_16_64_128:
case AlgorithmValuesInt.AES_CCM_64_64_128:
Expand Down Expand Up @@ -414,7 +414,7 @@ private void AES_CCM_Decrypt(CBORObject alg, byte[] K)

// Figure out what the correct internal parameters to use are

Debug.Assert(alg.Type == CBORType.Number);
Debug.Assert(alg.Type == CBORType.Integer);
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.AES_CCM_16_64_128:
case AlgorithmValuesInt.AES_CCM_64_64_128:
Expand Down
18 changes: 9 additions & 9 deletions COSE/EncryptMessage.cs
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ public Recipient(OneKey key, CBORObject algorithm = null) : base(true, true, "Re
throw new CoseException("Unrecognized recipient algorithm");
}
}
else if (algorithm.Type == CBORType.Number) {
else if (algorithm.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) algorithm.AsInt32()) {
case AlgorithmValuesInt.Direct_HKDF_HMAC_SHA_256:
case AlgorithmValuesInt.Direct_HKDF_HMAC_SHA_512:
Expand Down Expand Up @@ -124,7 +124,7 @@ public Recipient(OneKey key, CBORObject algorithm = null) : base(true, true, "Re
AddAttribute(HeaderKeys.Algorithm, algorithm, UNPROTECTED);
}
else {
if (key[CoseKeyKeys.KeyType].Type == CBORType.Number) {
if (key[CoseKeyKeys.KeyType].Type == CBORType.Integer) {
switch ((GeneralValuesInt) key[CoseKeyKeys.KeyType].AsInt32()) {
case GeneralValuesInt.KeyType_Octet:
switch (key.AsBytes(CoseKeyParameterKeys.Octet_k).Length) {
Expand Down Expand Up @@ -350,7 +350,7 @@ public byte[] Decrypt(OneKey key, int cbitCEK, CBORObject algCEK)

}
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.DIRECT:
if (key[CoseKeyKeys.KeyType].AsInt32() != (int) GeneralValuesInt.KeyType_Octet) return null;
Expand Down Expand Up @@ -561,7 +561,7 @@ public void Encrypt()
throw new CoseException("Unknown or unsupported algorithm: " + alg);
}
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.DIRECT:
case AlgorithmValuesInt.Direct_HKDF_AES_128:
Expand Down Expand Up @@ -717,7 +717,7 @@ public byte[] GetKey(CBORObject alg)
throw new CoseException("Unknown Algorithm Specified");
}
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.AES_GCM_128:
case AlgorithmValuesInt.AES_CCM_16_64_128:
Expand Down Expand Up @@ -764,7 +764,7 @@ public byte[] GetKey(CBORObject alg)
else throw new CoseException("Algorithm incorrectly encoded");

CBORObject keyManagement = FindAttribute(HeaderKeys.Algorithm);
if (keyManagement.Type == CBORType.Number) {
if (keyManagement.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) keyManagement.AsInt32()) {
case AlgorithmValuesInt.DIRECT:
if (!m_key[CoseKeyKeys.KeyType].Equals(GeneralValues.KeyType_Octet)) throw new CoseException("Key and key managment algorithm don't match");
Expand Down Expand Up @@ -864,7 +864,7 @@ private void AES_KeyWrap(int keySize, byte[] rgbKey = null)
{
if (rgbKey == null) {
CBORObject cborKeyType = m_key[CoseKeyKeys.KeyType];
if ((cborKeyType == null) || (cborKeyType.Type != CBORType.Number) ||
if ((cborKeyType == null) || (cborKeyType.Type != CBORType.Integer) ||
(cborKeyType.AsInt32() != (int) GeneralValuesInt.KeyType_Octet)) throw new CoseException("Key is not correct type");

rgbKey = m_key.AsBytes(CoseKeyParameterKeys.Octet_k);
Expand All @@ -881,7 +881,7 @@ private byte[] AES_KeyUnwrap(OneKey keyObject, int keySize, byte[] rgbKey=null)
{
if (keyObject != null) {
CBORObject cborKeyType = m_key[CoseKeyKeys.KeyType];
if ((cborKeyType == null) || (cborKeyType.Type != CBORType.Number) ||
if ((cborKeyType == null) || (cborKeyType.Type != CBORType.Integer) ||
(cborKeyType.AsInt32() != (int) GeneralValuesInt.KeyType_Octet)) throw new CoseException("Key is not correct type");

rgbKey = keyObject.AsBytes(CoseKeyParameterKeys.Octet_k);
Expand Down Expand Up @@ -1106,7 +1106,7 @@ private byte[] ECDH_GenerateSecret(OneKey key)
{
OneKey epk;

if (key[CoseKeyKeys.KeyType].Type != CBORType.Number) throw new CoseException("Not an EC Key");
if (key[CoseKeyKeys.KeyType].Type != CBORType.Integer) throw new CoseException("Not an EC Key");

if (m_senderKey != null) {
epk = key;
Expand Down
6 changes: 3 additions & 3 deletions COSE/Key.cs
Original file line number Diff line number Diff line change
Expand Up @@ -360,13 +360,13 @@ public X9ECParameters GetCurve()
throw new CoseException("Malformed key struture");
}

if ((cborKeyType.Type != CBORType.Number) &&
if ((cborKeyType.Type != CBORType.Integer) &&
!((cborKeyType.Equals(GeneralValues.KeyType_EC)) || (cborKeyType.Equals(GeneralValues.KeyType_OKP)))) {
throw new CoseException("Not an EC key");
}

CBORObject cborCurve = _map[CoseKeyParameterKeys.EC_Curve];
if (cborCurve.Type == CBORType.Number) {
if (cborCurve.Type == CBORType.Integer) {
switch ((GeneralValuesInt) cborCurve.AsInt32()) {
case GeneralValuesInt.P256:
return NistNamedCurves.GetByName("P-256");
Expand Down Expand Up @@ -466,7 +466,7 @@ public OneKey PublicKey()

foreach (CBORObject obj in _map.Keys) {
switch (obj.Type) {
case CBORType.Number:
case CBORType.Integer:
if (obj.AsInt32() > 0) {
newKey.Add(obj, _map[obj]);
}
Expand Down
20 changes: 10 additions & 10 deletions COSE/MACMessage.cs
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ public void Compute(byte[] contentKey)
throw new CoseException("Unknown Algorithm Specified");
}
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.HMAC_SHA_256:
case AlgorithmValuesInt.HMAC_SHA_384:
Expand Down Expand Up @@ -163,10 +163,10 @@ public bool Validate(byte[] rgbKey)
break;

default:
throw new CoseException("Unknown Algoirthm Specified");
throw new CoseException("Unknown Algorithm Specified");
}
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.HMAC_SHA_256_64:
case AlgorithmValuesInt.HMAC_SHA_256:
Expand Down Expand Up @@ -209,7 +209,7 @@ public bool Validate(byte[] rgbKey)
throw new CoseException("Unknown Algorithm Specified");
}
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.HMAC_SHA_256:
case AlgorithmValuesInt.HMAC_SHA_384:
Expand Down Expand Up @@ -386,7 +386,7 @@ public virtual void MAC()
throw new CoseException("Unknown Algorithm Specified");
}
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.HMAC_SHA_256_64:
case AlgorithmValuesInt.HMAC_SHA_256:
Expand Down Expand Up @@ -457,7 +457,7 @@ public virtual void MAC()
throw new CoseException("Unknown Algorithm Specified");
}
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.HMAC_SHA_256:
case AlgorithmValuesInt.HMAC_SHA_384:
Expand Down Expand Up @@ -511,7 +511,7 @@ public bool Validate(Recipient recipientReceiver)
throw new CoseException("Unknown Algorithm Specified");
}
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.HMAC_SHA_256_64:
case AlgorithmValuesInt.HMAC_SHA_256:
Expand Down Expand Up @@ -570,7 +570,7 @@ public bool Validate(Recipient recipientReceiver)
throw new CoseException("Unknown Algorithm Specified");
}
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.HMAC_SHA_256:
case AlgorithmValuesInt.HMAC_SHA_384:
Expand Down Expand Up @@ -653,7 +653,7 @@ protected byte[] AES_CBC_MAC(CBORObject alg, byte[] K)
// key sizes are 128, 192 and 256 bits
// Authentication tag sizes are 64 and 128 bits

Debug.Assert(alg.Type == CBORType.Number);
Debug.Assert(alg.Type == CBORType.Integer);
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.AES_CBC_MAC_128_64:
cbitKey = 128;
Expand Down Expand Up @@ -762,7 +762,7 @@ protected byte[] HMAC(CBORObject alg, byte[] K)
throw new CoseException("Unrecognized algorithm");
}
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.HMAC_SHA_256:
cbResult = 256 / 8;
Expand Down
2 changes: 1 addition & 1 deletion COSE/Message.cs
Original file line number Diff line number Diff line change
Expand Up @@ -298,7 +298,7 @@ public static Message DecodeFromCBOR(CBORObject messageObject, Tags defaultTag =
if (messageObject.Type != CBORType.Array) throw new CoseException("Message is not a COSE security message.");

if (messageObject.IsTagged) {
if (messageObject.GetTags().Count() != 1) throw new CoseException("Malformed message - too many tags");
if (messageObject.GetAllTags().Count() != 1) throw new CoseException("Malformed message - too many tags");

if (defaultTag == Tags.Unknown) {
defaultTag = (Tags) messageObject.MostOuterTag.ToInt32Checked();
Expand Down
2 changes: 1 addition & 1 deletion COSE/PrettyPrint.cs
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ private string _PrintCBOR(CBORObject obj, int iLevel)
strOut += "'";
break;

case CBORType.Number:
case CBORType.Integer:
strOut = obj.AsInt32().ToString();
break;

Expand Down
14 changes: 7 additions & 7 deletions COSE/Sign0Message.cs
Original file line number Diff line number Diff line change
Expand Up @@ -202,14 +202,14 @@ private byte[] _Sign(byte[] bytesToBeSigned)
alg = FindAttribute(HeaderKeys.Algorithm);

if (alg == null) {
if (_keyToSign[CoseKeyKeys.KeyType].Type == CBORType.Number) {
if (_keyToSign[CoseKeyKeys.KeyType].Type == CBORType.Integer) {
switch ((GeneralValuesInt) _keyToSign[CoseKeyKeys.KeyType].AsInt32()) {
case GeneralValuesInt.KeyType_RSA:
alg = AlgorithmValues.RSA_PSS_256;
break;

case GeneralValuesInt.KeyType_EC2:
if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Number) {
if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Integer) {
switch ((GeneralValuesInt) _keyToSign[CoseKeyParameterKeys.EC_Curve].AsInt32()) {
case GeneralValuesInt.P256:
alg = AlgorithmValues.ECDSA_256;
Expand Down Expand Up @@ -237,7 +237,7 @@ private byte[] _Sign(byte[] bytesToBeSigned)
break;

case GeneralValuesInt.KeyType_OKP:
if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Number) {
if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Integer) {
switch ((GeneralValuesInt)_keyToSign[CoseKeyParameterKeys.EC_Curve].AsInt32()) {
case GeneralValuesInt.Ed25519:
alg = AlgorithmValues.EdDSA;
Expand Down Expand Up @@ -291,7 +291,7 @@ private byte[] _Sign(byte[] bytesToBeSigned)
throw new CoseException("Unknown Algorithm Specified");
}
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.RSA_PSS_256:
Expand Down Expand Up @@ -333,7 +333,7 @@ private byte[] _Sign(byte[] bytesToBeSigned)
throw new CoseException("Unknown Algorithm Specified");
}
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.RSA_PSS_256:
case AlgorithmValuesInt.RSA_PSS_384:
Expand Down Expand Up @@ -454,7 +454,7 @@ public bool Validate(OneKey signerKey)
throw new CoseException("Unknown signature algorithm");
}
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.RSA_PSS_256:
Expand Down Expand Up @@ -494,7 +494,7 @@ public bool Validate(OneKey signerKey)
throw new CoseException("Unknown Algorithm");
}
}
else if (alg.Type == CBORType.Number) {
else if (alg.Type == CBORType.Integer) {
switch ((AlgorithmValuesInt) alg.AsInt32()) {
case AlgorithmValuesInt.RSA_PSS_256:
case AlgorithmValuesInt.RSA_PSS_384:
Expand Down
Loading

0 comments on commit 7208ff0

Please sign in to comment.