[nrf noup] COSE: Add sign_message option to sign1

The t_cose library only had support for signing a hash/digest. Adding support for signing message instead by using the option T_COSE_OPT_SIGN_MESSAGE. Signed-off-by: Sigurd Hellesvik <[email protected]>
nrfconnect · Nov 22, 2024 · 62b7864 · 62b7864
1 parent cc9a53f
commit 62b7864
Show file tree

Hide file tree

Showing 6 changed files with 70 additions and 30 deletions.
diff --git a/lib/ext/t_cose/crypto_adapters/t_cose_psa_crypto.c b/lib/ext/t_cose/crypto_adapters/t_cose_psa_crypto.c
@@ -157,16 +157,16 @@ t_cose_crypto_pub_key_verify(int32_t               cose_algorithm_id,
     return return_value;
 }
 
-
 /*
  * See documentation in t_cose_crypto.h
  */
 enum t_cose_err_t
 t_cose_crypto_pub_key_sign(int32_t                cose_algorithm_id,
                            struct t_cose_key      signing_key,
-                           struct q_useful_buf_c  hash_to_sign,
+                           struct q_useful_buf_c  to_sign,
                            struct q_useful_buf    signature_buffer,
-                           struct q_useful_buf_c *signature)
+                           struct q_useful_buf_c *signature,
+                           int32_t option_flags)
 {
     enum t_cose_err_t return_value;
     psa_status_t      psa_result;
@@ -196,13 +196,28 @@ t_cose_crypto_pub_key_sign(int32_t                cose_algorithm_id,
     /* It is assumed that this call is checking the signature_buffer
      * length and won't write off the end of it.
      */
-    psa_result = psa_sign_hash(signing_key_psa,
-                               psa_alg_id,
-                               hash_to_sign.ptr,
-                               hash_to_sign.len,
-                               signature_buffer.ptr, /* Sig buf */
-                               signature_buffer.len, /* Sig buf size */
-                               &signature_len);      /* Sig length */
+
+    if(!(option_flags & T_COSE_OPT_SIGN_MESSAGE)) {
+#ifndef T_COSE_SIGN_MESSAGE
+        psa_result = psa_sign_hash(signing_key_psa,
+                psa_alg_id,
+                to_sign.ptr,
+                to_sign.len,
+                signature_buffer.ptr, /* Sig buf */
+                signature_buffer.len, /* Sig buf size */
+                &signature_len);      /* Sig length */
+#endif
+    } else {
+#ifdef T_COSE_SIGN_MESSAGE
+        psa_result = psa_sign_message(signing_key_psa,
+                psa_alg_id,
+                to_sign.ptr,
+                to_sign.len,
+                signature_buffer.ptr, /* Sig buf */
+                signature_buffer.len, /* Sig buf size */
+                &signature_len);      /* Sig length */
+#endif
+    }
 
     return_value = psa_status_to_t_cose_error_signing(psa_result);
 

diff --git a/lib/ext/t_cose/inc/t_cose_common.h b/lib/ext/t_cose/inc/t_cose_common.h
@@ -496,6 +496,14 @@ struct t_cose_parameters {
  */
 #define T_COSE_OPT_DECODE_ONLY  0x00000008
 
+/**
+ * By default, the cose t_cose_sign1_sign will calculate the hash
+ * of the payload and sign the hash.
+ * Set T_COSE_OPT_SIGN_MESSAGE to instead sign the message(payload)
+ * directly instead.
+ */
+#define T_COSE_OPT_SIGN_MESSAGE 0x00000010
+
 
 #ifdef __cplusplus
 }

diff --git a/lib/ext/t_cose/src/t_cose_crypto.h b/lib/ext/t_cose/src/t_cose_crypto.h
@@ -155,10 +155,10 @@ t_cose_crypto_sig_size(int32_t            cose_algorithm_id,
                        struct t_cose_key  signing_key,
                        size_t            *sig_size);
 
-
 /**
- * \brief Perform public key signing. Part of the t_cose crypto
- * adaptation layer.
+ * \brief Perform public key signing of a payload. Can sign either
+ * a message or message hash. Part of the t_cose crypto adaptation
+ * layer.
  *
  * \param[in] cose_algorithm_id The algorithm to sign with. The IDs are
  *                              defined in [COSE (RFC 8152)]
@@ -169,8 +169,7 @@ t_cose_crypto_sig_size(int32_t            cose_algorithm_id,
  *                              locally (\c \#define) if the needed
  *                              one hasn't been registered.
  * \param[in] signing_key       Indicates or contains key to sign with.
- * \param[in] hash_to_sign      The bytes to sign. Typically, a hash of
- *                              a payload.
+ * \param[in] to_sign           The bytes to sign.
  * \param[in] signature_buffer  Pointer and length of buffer into which
  *                              the resulting signature is put.
  * \param[in] signature         Pointer and length of the signature
@@ -215,9 +214,11 @@ t_cose_crypto_sig_size(int32_t            cose_algorithm_id,
 enum t_cose_err_t
 t_cose_crypto_pub_key_sign(int32_t                cose_algorithm_id,
                            struct t_cose_key      signing_key,
-                           struct q_useful_buf_c  hash_to_sign,
+                           struct q_useful_buf_c  to_sign,
                            struct q_useful_buf    signature_buffer,
-                           struct q_useful_buf_c *signature);
+                           struct q_useful_buf_c *signature,
+                           int32_t option_flags);
+
 
 
 /**

diff --git a/lib/ext/t_cose/src/t_cose_sign1_sign.c b/lib/ext/t_cose/src/t_cose_sign1_sign.c
@@ -323,6 +323,8 @@ t_cose_sign1_encode_signature(struct t_cose_sign1_sign_ctx *me,
      */
     enum t_cose_err_t            return_value;
     QCBORError                   cbor_err;
+    /* Pointer to useful_buf used for the signature*/
+    struct q_useful_buf_c        *tbs;
     /* pointer and length of the completed tbs hash */
     struct q_useful_buf_c        tbs_hash;
     /* Pointer and length of the completed signature */
@@ -358,21 +360,27 @@ t_cose_sign1_encode_signature(struct t_cose_sign1_sign_ctx *me,
                                                me->signing_key,
                                               &signature.len);
      } else {
+        /* Sign hash
+         */
 
+        if(!(me->option_flags & T_COSE_OPT_SIGN_MESSAGE)) {
+    #ifndef T_COSE_SIGN_MESSAGE
         /* Create the hash of the to-be-signed bytes. Inputs to the
          * hash are the protected parameters, the payload that is
          * getting signed, the cose signature alg from which the hash
          * alg is determined. The cose_algorithm_id was checked in
          * t_cose_sign1_init() so it doesn't need to be checked here.
          */
-        return_value = create_tbs_hash(me->cose_algorithm_id,
-                                       me->protected_parameters,
-                                       T_COSE_TBS_PAYLOAD_IS_BSTR_WRAPPED,
-                                       signed_payload,
-                                       buffer_for_tbs_hash,
-                                       &tbs_hash);
-        if(return_value) {
-            goto Done;
+            return_value = create_tbs_hash(me->cose_algorithm_id,
+                    me->protected_parameters,
+                    T_COSE_TBS_PAYLOAD_IS_BSTR_WRAPPED,
+                    signed_payload,
+                    buffer_for_tbs_hash,
+                    &tbs_hash);
+            if(return_value) {
+                goto Done;
+            }
+    #endif
         }
 
         /* Compute the signature using public key crypto. The key and
@@ -388,11 +396,17 @@ t_cose_sign1_encode_signature(struct t_cose_sign1_sign_ctx *me,
          */
         if(!(me->option_flags & T_COSE_OPT_SHORT_CIRCUIT_SIG)) {
             /* Normal, non-short-circuit signing */
+            if(!(me->option_flags & T_COSE_OPT_SIGN_MESSAGE)) {
+                tbs = &tbs_hash;
+            } else {
+                tbs = &(me->protected_parameters);
+            }
             return_value = t_cose_crypto_pub_key_sign(me->cose_algorithm_id,
-                                                      me->signing_key,
-                                                      tbs_hash,
-                                                      buffer_for_signature,
-                                                      &signature);
+                    me->signing_key,
+                    *tbs,
+                    buffer_for_signature,
+                    &signature,
+                    me->option_flags);
         } else {
     #ifndef T_COSE_DISABLE_SHORT_CIRCUIT_SIGN
             /* Short-circuit signing */

diff --git a/lib/ext/t_cose/test/t_cose_make_test_messages.c b/lib/ext/t_cose/test/t_cose_make_test_messages.c
@@ -533,7 +533,8 @@ t_cose_sign1_test_message_output_signature(struct t_cose_sign1_sign_ctx *me,
                                                   me->signing_key,
                                                   tbs_hash,
                                                   buffer_for_signature,
-                                                  &signature);
+                                                  &signature,
+                                                  me->option_flags);
     } else {
 #ifndef T_COSE_DISABLE_SHORT_CIRCUIT_SIGN
         return_value = short_circuit_sign(me->cose_algorithm_id,

diff --git a/lib/ext/t_cose/tfm_t_cose.cmake b/lib/ext/t_cose/tfm_t_cose.cmake
@@ -29,6 +29,7 @@ target_compile_definitions(tfm_t_cose_defs
         $<$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>:T_COSE_DISABLE_SIGN1>
         $<$<NOT:$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>>:T_COSE_DISABLE_MAC0>
         $<$<NOT:$<BOOL:${ATTEST_INCLUDE_TEST_CODE}>>:T_COSE_DISABLE_SHORT_CIRCUIT_SIGN>
+        $<$<BOOL:${ATTEST_SIGN_MESSAGE}>:T_COSE_SIGN_MESSAGE>
 )
 
 ############################### t_cose common ##################################