From 7208ff07d4fb6671092d83daab5657e51751f525 Mon Sep 17 00:00:00 2001 From: Jim Schaad Date: Mon, 30 Sep 2019 19:26:12 -0700 Subject: [PATCH] Cbor update (#48) * Update to CBOR 4.0 This is due to a found security issue. * Change travis build script --- .travis.yml | 2 ++ COSE/Attributes.cs | 2 +- COSE/COSE.Std10.csproj | 13 ++++++++----- COSE/EncryptCommon.cs | 10 +++++----- COSE/EncryptMessage.cs | 18 +++++++++--------- COSE/Key.cs | 6 +++--- COSE/MACMessage.cs | 20 ++++++++++---------- COSE/Message.cs | 2 +- COSE/PrettyPrint.cs | 2 +- COSE/Sign0Message.cs | 14 +++++++------- COSE/Signer.cs | 14 +++++++------- COSE/Tests/Tests.csproj | 6 +++--- build.sh | 2 +- 13 files changed, 58 insertions(+), 53 deletions(-) diff --git a/.travis.yml b/.travis.yml index 4301ac3..c9d6289 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,6 +10,7 @@ matrix: TARGET=Std10 VERSION=Release NUGET=dotnet + FRAMEWORK=netcoreapp2.0 os: osx - dotnet: 2.2 mono: none @@ -18,6 +19,7 @@ matrix: TARGET=Std10 VERSION=Release NUGET=dotnet + FRAMEWORK=netcoreapp2.0 os: linux install: diff --git a/COSE/Attributes.cs b/COSE/Attributes.cs index 3dc9ea8..1ca8809 100644 --- a/COSE/Attributes.cs +++ b/COSE/Attributes.cs @@ -98,7 +98,7 @@ public void AddAttribute(string label, CBORObject value, int bucket) /// Which bucket is the attribute placed in? public void AddAttribute(CBORObject label, CBORObject value, int bucket) { - if ((label.Type != CBORType.Number) && (label.Type != CBORType.TextString)) + if ((label.Type != CBORType.Integer) && (label.Type != CBORType.TextString)) { throw new CoseException("Labels must be integers or strings"); } diff --git a/COSE/COSE.Std10.csproj b/COSE/COSE.Std10.csproj index 1c80210..c345d57 100644 --- a/COSE/COSE.Std10.csproj +++ b/COSE/COSE.Std10.csproj @@ -1,11 +1,11 @@ - + netstandard2.0;net462;netcoreapp2.0 Com.AugustCellars.COSE Com.AugustCellars.COSE - 1.5.0 - 1.5.0 + 1.6.0 + 1.6.0 Jim Schaad An implementation of the CBOR Object Signing and Encryption standards. false @@ -13,6 +13,9 @@ COSE CBOR +1.6.0 + - Update to use CBOR version 4.0 due to a security parsing problem. + - Update to 1.8.5 of BouncyCastle 1.5.0 - Add NetStandard2.0 as a new target - Internal changes to make clr compliant @@ -73,8 +76,8 @@ - - + + diff --git a/COSE/EncryptCommon.cs b/COSE/EncryptCommon.cs index 29f8705..cf60ec5 100644 --- a/COSE/EncryptCommon.cs +++ b/COSE/EncryptCommon.cs @@ -53,7 +53,7 @@ protected void DecryptWithKey(byte[] CEK) if (alg.Type == CBORType.TextString) { throw new CoseException("Algorithm not supported " + alg.AsString()); } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.AES_GCM_128: case AlgorithmValuesInt.AES_GCM_192: @@ -114,7 +114,7 @@ public void EncryptWithKey(byte[] contentKey) throw new CoseException("Content encryption algorithm is not recognized"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.AES_GCM_128: case AlgorithmValuesInt.AES_GCM_192: @@ -180,7 +180,7 @@ public int GetKeySize(CBORObject alg) if (alg.Type == CBORType.TextString) { throw new CoseException("Unknown Algorithm Specified"); } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.AES_GCM_128: case AlgorithmValuesInt.AES_CCM_16_64_128: @@ -315,7 +315,7 @@ private byte[] AES_CCM(CBORObject alg, byte[] K) // Figure out what the correct internal parameters to use are - Debug.Assert(alg.Type == CBORType.Number); + Debug.Assert(alg.Type == CBORType.Integer); switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.AES_CCM_16_64_128: case AlgorithmValuesInt.AES_CCM_64_64_128: @@ -414,7 +414,7 @@ private void AES_CCM_Decrypt(CBORObject alg, byte[] K) // Figure out what the correct internal parameters to use are - Debug.Assert(alg.Type == CBORType.Number); + Debug.Assert(alg.Type == CBORType.Integer); switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.AES_CCM_16_64_128: case AlgorithmValuesInt.AES_CCM_64_64_128: diff --git a/COSE/EncryptMessage.cs b/COSE/EncryptMessage.cs index 789de1d..ad4e604 100644 --- a/COSE/EncryptMessage.cs +++ b/COSE/EncryptMessage.cs @@ -56,7 +56,7 @@ public Recipient(OneKey key, CBORObject algorithm = null) : base(true, true, "Re throw new CoseException("Unrecognized recipient algorithm"); } } - else if (algorithm.Type == CBORType.Number) { + else if (algorithm.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) algorithm.AsInt32()) { case AlgorithmValuesInt.Direct_HKDF_HMAC_SHA_256: case AlgorithmValuesInt.Direct_HKDF_HMAC_SHA_512: @@ -124,7 +124,7 @@ public Recipient(OneKey key, CBORObject algorithm = null) : base(true, true, "Re AddAttribute(HeaderKeys.Algorithm, algorithm, UNPROTECTED); } else { - if (key[CoseKeyKeys.KeyType].Type == CBORType.Number) { + if (key[CoseKeyKeys.KeyType].Type == CBORType.Integer) { switch ((GeneralValuesInt) key[CoseKeyKeys.KeyType].AsInt32()) { case GeneralValuesInt.KeyType_Octet: switch (key.AsBytes(CoseKeyParameterKeys.Octet_k).Length) { @@ -350,7 +350,7 @@ public byte[] Decrypt(OneKey key, int cbitCEK, CBORObject algCEK) } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.DIRECT: if (key[CoseKeyKeys.KeyType].AsInt32() != (int) GeneralValuesInt.KeyType_Octet) return null; @@ -561,7 +561,7 @@ public void Encrypt() throw new CoseException("Unknown or unsupported algorithm: " + alg); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.DIRECT: case AlgorithmValuesInt.Direct_HKDF_AES_128: @@ -717,7 +717,7 @@ public byte[] GetKey(CBORObject alg) throw new CoseException("Unknown Algorithm Specified"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.AES_GCM_128: case AlgorithmValuesInt.AES_CCM_16_64_128: @@ -764,7 +764,7 @@ public byte[] GetKey(CBORObject alg) else throw new CoseException("Algorithm incorrectly encoded"); CBORObject keyManagement = FindAttribute(HeaderKeys.Algorithm); - if (keyManagement.Type == CBORType.Number) { + if (keyManagement.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) keyManagement.AsInt32()) { case AlgorithmValuesInt.DIRECT: if (!m_key[CoseKeyKeys.KeyType].Equals(GeneralValues.KeyType_Octet)) throw new CoseException("Key and key managment algorithm don't match"); @@ -864,7 +864,7 @@ private void AES_KeyWrap(int keySize, byte[] rgbKey = null) { if (rgbKey == null) { CBORObject cborKeyType = m_key[CoseKeyKeys.KeyType]; - if ((cborKeyType == null) || (cborKeyType.Type != CBORType.Number) || + if ((cborKeyType == null) || (cborKeyType.Type != CBORType.Integer) || (cborKeyType.AsInt32() != (int) GeneralValuesInt.KeyType_Octet)) throw new CoseException("Key is not correct type"); rgbKey = m_key.AsBytes(CoseKeyParameterKeys.Octet_k); @@ -881,7 +881,7 @@ private byte[] AES_KeyUnwrap(OneKey keyObject, int keySize, byte[] rgbKey=null) { if (keyObject != null) { CBORObject cborKeyType = m_key[CoseKeyKeys.KeyType]; - if ((cborKeyType == null) || (cborKeyType.Type != CBORType.Number) || + if ((cborKeyType == null) || (cborKeyType.Type != CBORType.Integer) || (cborKeyType.AsInt32() != (int) GeneralValuesInt.KeyType_Octet)) throw new CoseException("Key is not correct type"); rgbKey = keyObject.AsBytes(CoseKeyParameterKeys.Octet_k); @@ -1106,7 +1106,7 @@ private byte[] ECDH_GenerateSecret(OneKey key) { OneKey epk; - if (key[CoseKeyKeys.KeyType].Type != CBORType.Number) throw new CoseException("Not an EC Key"); + if (key[CoseKeyKeys.KeyType].Type != CBORType.Integer) throw new CoseException("Not an EC Key"); if (m_senderKey != null) { epk = key; diff --git a/COSE/Key.cs b/COSE/Key.cs index 10fc373..76fc436 100644 --- a/COSE/Key.cs +++ b/COSE/Key.cs @@ -360,13 +360,13 @@ public X9ECParameters GetCurve() throw new CoseException("Malformed key struture"); } - if ((cborKeyType.Type != CBORType.Number) && + if ((cborKeyType.Type != CBORType.Integer) && !((cborKeyType.Equals(GeneralValues.KeyType_EC)) || (cborKeyType.Equals(GeneralValues.KeyType_OKP)))) { throw new CoseException("Not an EC key"); } CBORObject cborCurve = _map[CoseKeyParameterKeys.EC_Curve]; - if (cborCurve.Type == CBORType.Number) { + if (cborCurve.Type == CBORType.Integer) { switch ((GeneralValuesInt) cborCurve.AsInt32()) { case GeneralValuesInt.P256: return NistNamedCurves.GetByName("P-256"); @@ -466,7 +466,7 @@ public OneKey PublicKey() foreach (CBORObject obj in _map.Keys) { switch (obj.Type) { - case CBORType.Number: + case CBORType.Integer: if (obj.AsInt32() > 0) { newKey.Add(obj, _map[obj]); } diff --git a/COSE/MACMessage.cs b/COSE/MACMessage.cs index 938dd29..1210990 100644 --- a/COSE/MACMessage.cs +++ b/COSE/MACMessage.cs @@ -110,7 +110,7 @@ public void Compute(byte[] contentKey) throw new CoseException("Unknown Algorithm Specified"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.HMAC_SHA_256: case AlgorithmValuesInt.HMAC_SHA_384: @@ -163,10 +163,10 @@ public bool Validate(byte[] rgbKey) break; default: - throw new CoseException("Unknown Algoirthm Specified"); + throw new CoseException("Unknown Algorithm Specified"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.HMAC_SHA_256_64: case AlgorithmValuesInt.HMAC_SHA_256: @@ -209,7 +209,7 @@ public bool Validate(byte[] rgbKey) throw new CoseException("Unknown Algorithm Specified"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.HMAC_SHA_256: case AlgorithmValuesInt.HMAC_SHA_384: @@ -386,7 +386,7 @@ public virtual void MAC() throw new CoseException("Unknown Algorithm Specified"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.HMAC_SHA_256_64: case AlgorithmValuesInt.HMAC_SHA_256: @@ -457,7 +457,7 @@ public virtual void MAC() throw new CoseException("Unknown Algorithm Specified"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.HMAC_SHA_256: case AlgorithmValuesInt.HMAC_SHA_384: @@ -511,7 +511,7 @@ public bool Validate(Recipient recipientReceiver) throw new CoseException("Unknown Algorithm Specified"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.HMAC_SHA_256_64: case AlgorithmValuesInt.HMAC_SHA_256: @@ -570,7 +570,7 @@ public bool Validate(Recipient recipientReceiver) throw new CoseException("Unknown Algorithm Specified"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.HMAC_SHA_256: case AlgorithmValuesInt.HMAC_SHA_384: @@ -653,7 +653,7 @@ protected byte[] AES_CBC_MAC(CBORObject alg, byte[] K) // key sizes are 128, 192 and 256 bits // Authentication tag sizes are 64 and 128 bits - Debug.Assert(alg.Type == CBORType.Number); + Debug.Assert(alg.Type == CBORType.Integer); switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.AES_CBC_MAC_128_64: cbitKey = 128; @@ -762,7 +762,7 @@ protected byte[] HMAC(CBORObject alg, byte[] K) throw new CoseException("Unrecognized algorithm"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.HMAC_SHA_256: cbResult = 256 / 8; diff --git a/COSE/Message.cs b/COSE/Message.cs index 9448df0..19e637f 100644 --- a/COSE/Message.cs +++ b/COSE/Message.cs @@ -298,7 +298,7 @@ public static Message DecodeFromCBOR(CBORObject messageObject, Tags defaultTag = if (messageObject.Type != CBORType.Array) throw new CoseException("Message is not a COSE security message."); if (messageObject.IsTagged) { - if (messageObject.GetTags().Count() != 1) throw new CoseException("Malformed message - too many tags"); + if (messageObject.GetAllTags().Count() != 1) throw new CoseException("Malformed message - too many tags"); if (defaultTag == Tags.Unknown) { defaultTag = (Tags) messageObject.MostOuterTag.ToInt32Checked(); diff --git a/COSE/PrettyPrint.cs b/COSE/PrettyPrint.cs index 90f9588..1dd1095 100644 --- a/COSE/PrettyPrint.cs +++ b/COSE/PrettyPrint.cs @@ -57,7 +57,7 @@ private string _PrintCBOR(CBORObject obj, int iLevel) strOut += "'"; break; - case CBORType.Number: + case CBORType.Integer: strOut = obj.AsInt32().ToString(); break; diff --git a/COSE/Sign0Message.cs b/COSE/Sign0Message.cs index d98b208..280fada 100644 --- a/COSE/Sign0Message.cs +++ b/COSE/Sign0Message.cs @@ -202,14 +202,14 @@ private byte[] _Sign(byte[] bytesToBeSigned) alg = FindAttribute(HeaderKeys.Algorithm); if (alg == null) { - if (_keyToSign[CoseKeyKeys.KeyType].Type == CBORType.Number) { + if (_keyToSign[CoseKeyKeys.KeyType].Type == CBORType.Integer) { switch ((GeneralValuesInt) _keyToSign[CoseKeyKeys.KeyType].AsInt32()) { case GeneralValuesInt.KeyType_RSA: alg = AlgorithmValues.RSA_PSS_256; break; case GeneralValuesInt.KeyType_EC2: - if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Number) { + if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Integer) { switch ((GeneralValuesInt) _keyToSign[CoseKeyParameterKeys.EC_Curve].AsInt32()) { case GeneralValuesInt.P256: alg = AlgorithmValues.ECDSA_256; @@ -237,7 +237,7 @@ private byte[] _Sign(byte[] bytesToBeSigned) break; case GeneralValuesInt.KeyType_OKP: - if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Number) { + if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Integer) { switch ((GeneralValuesInt)_keyToSign[CoseKeyParameterKeys.EC_Curve].AsInt32()) { case GeneralValuesInt.Ed25519: alg = AlgorithmValues.EdDSA; @@ -291,7 +291,7 @@ private byte[] _Sign(byte[] bytesToBeSigned) throw new CoseException("Unknown Algorithm Specified"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.RSA_PSS_256: @@ -333,7 +333,7 @@ private byte[] _Sign(byte[] bytesToBeSigned) throw new CoseException("Unknown Algorithm Specified"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.RSA_PSS_256: case AlgorithmValuesInt.RSA_PSS_384: @@ -454,7 +454,7 @@ public bool Validate(OneKey signerKey) throw new CoseException("Unknown signature algorithm"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.RSA_PSS_256: @@ -494,7 +494,7 @@ public bool Validate(OneKey signerKey) throw new CoseException("Unknown Algorithm"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.RSA_PSS_256: case AlgorithmValuesInt.RSA_PSS_384: diff --git a/COSE/Signer.cs b/COSE/Signer.cs index ca6d6d7..98bf87d 100644 --- a/COSE/Signer.cs +++ b/COSE/Signer.cs @@ -200,14 +200,14 @@ private byte[] Sign(byte[] bytesToBeSigned) alg = FindAttribute(HeaderKeys.Algorithm); if (alg == null) { - if (_keyToSign[CoseKeyKeys.KeyType].Type == CBORType.Number) { + if (_keyToSign[CoseKeyKeys.KeyType].Type == CBORType.Integer) { switch ((GeneralValuesInt) _keyToSign[CoseKeyKeys.KeyType].AsInt32()) { case GeneralValuesInt.KeyType_RSA: alg = AlgorithmValues.RSA_PSS_256; break; case GeneralValuesInt.KeyType_EC2: - if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Number) { + if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Integer) { switch ((GeneralValuesInt) _keyToSign[CoseKeyParameterKeys.EC_Curve].AsInt32()) { case GeneralValuesInt.P256: alg = AlgorithmValues.ECDSA_256; @@ -238,7 +238,7 @@ private byte[] Sign(byte[] bytesToBeSigned) break; case GeneralValuesInt.KeyType_OKP: - if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Number) { + if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Integer) { switch ((GeneralValuesInt) _keyToSign[CoseKeyParameterKeys.EC_Curve].AsInt32()) { case GeneralValuesInt.Ed25519: alg = AlgorithmValues.EdDSA; @@ -300,7 +300,7 @@ public static byte[] Sign(byte[] toBeSigned, CBORObject alg, OneKey keyToSign) throw new Exception("Unknown signature algorithm"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.RSA_PSS_256: @@ -343,7 +343,7 @@ public static byte[] Sign(byte[] toBeSigned, CBORObject alg, OneKey keyToSign) throw new CoseException("Unknown Algorithm"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt) alg.AsInt32()) { case AlgorithmValuesInt.RSA_PSS_256: case AlgorithmValuesInt.RSA_PSS_384: @@ -449,7 +449,7 @@ public static bool Validate(byte[] content, CBORObject alg, OneKey signKey, byte throw new Exception("Unknown signature algorithm"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.RSA_PSS_256: @@ -491,7 +491,7 @@ public static bool Validate(byte[] content, CBORObject alg, OneKey signKey, byte throw new CoseException("Unknown Algorithm"); } } - else if (alg.Type == CBORType.Number) { + else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.RSA_PSS_256: case AlgorithmValuesInt.RSA_PSS_384: diff --git a/COSE/Tests/Tests.csproj b/COSE/Tests/Tests.csproj index 8e3e9b5..f387a14 100644 --- a/COSE/Tests/Tests.csproj +++ b/COSE/Tests/Tests.csproj @@ -1,4 +1,4 @@ - + netcoreapp2.0;net462 @@ -10,8 +10,8 @@ - - + + diff --git a/build.sh b/build.sh index 493707a..6fde5fc 100755 --- a/build.sh +++ b/build.sh @@ -15,7 +15,7 @@ cd COSE #nuget.exe restore $SLN # $NUGET restore $SLN -dotnet build --configuration $VERSION $SLN +dotnet build --framework=$FRAMEWORK $SLN #xbuild /p:Configuration=$VERSION $SLN # mono ../testrunner/NUnit.ConsoleRunner.3.5.0/tools/nunit3-console.exe ./COSE.Tests/bin/$VERSION/$TARGET/COSE.Tests.dll