aboutsummaryrefslogtreecommitdiff log msg author committer range
path: root/lib/ext/t_cose/inc/t_cose_mac0_verify.h
blob: 1b7c039a1f0165e423642f9d37edd0919402eaea (plain)
 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116  /* * Copyright (c) 2019, Laurence Lundblade. All rights reserved. * Copyright (c) 2020 Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ #ifndef __T_COSE_MAC0_VERIFY_H_ #define __T_COSE_MAC0_VERIFY_H_ #include #include "qcbor.h" #include "t_cose_common.h" #ifdef __cplusplus extern "C" { #endif /** * Context for tag verification. It is about 24 bytes on a * 64-bit machine and 12 bytes on a 32-bit machine. */ struct t_cose_mac0_verify_ctx { /* Private data structure */ struct t_cose_key verification_key; int32_t option_flags; }; /** * \brief Initialize for \c COSE_Mac0 message verification. * * \param[in,out] context The context to initialize. * \param[in] option_flags Options controlling the verification. * * This must be called before using the verification context. */ static void t_cose_mac0_verify_init(struct t_cose_mac0_verify_ctx *context, int32_t option_flags); /** * \brief Set key for \c COSE_Mac0 message verification. * * \param[in,out] context The context of COSE_Mac0 verification * \param[in] verify_key The verification key to use. * * Look up by kid parameter and fetch the key for MAC verification. * Setup the \ref verify_key structure and fill it in \ref context. */ static void t_cose_mac0_set_verify_key(struct t_cose_mac0_verify_ctx *context, struct t_cose_key verify_key); /** * \brief Verify a COSE_Mac0 * * \param[in] context The context of COSE_Mac0 verification * \param[in] cose_mac0 Pointer and length of CBOR encoded \c COSE_Mac0 * that is to be verified. * \param[out] payload Pointer and length of the still CBOR encoded * payload * * \return This returns one of the error codes defined by \ref t_cose_err_t. * * Verification involves the following steps. * * The CBOR structure is parsed and verified. It makes sure \c COSE_Mac0 * is valid CBOR and that it is tagged as a \c COSE_Mac0. * * The signing algorithm is pulled out of the protected headers. * * The kid (key ID) is parsed out of the unprotected headers if it exists. * * The payload is identified. It doesn't have to be parsed in detail * because it is wrapped in a bstr. * * Finally, the MAC verification is performed if \ref T_COSE_OPT_DECODE_ONLY * is not set in option flag. Otherwise, the verification will be skipped. * The MAC algorithm to use comes from the signing algorithm in the * protected headers. * If the algorithm is not known or not supported this will error out. * * If it is successful, the pointer of the CBOR-encoded payload is * returned. */ enum t_cose_err_t t_cose_mac0_verify(struct t_cose_mac0_verify_ctx *context, struct q_useful_buf_c cose_mac0, struct q_useful_buf_c *payload, struct t_cose_parameters *parameters); /* ------------------------------------------------------------------------ * Inline implementations of public functions defined above. */ static inline void t_cose_mac0_verify_init(struct t_cose_mac0_verify_ctx *context, int32_t option_flags) { context->option_flags = option_flags; context->verification_key = T_COSE_NULL_KEY; } static inline void t_cose_mac0_set_verify_key(struct t_cose_mac0_verify_ctx *context, struct t_cose_key verify_key) { context->verification_key = verify_key; } #ifdef __cplusplus } #endif #endif /* __T_COSE_MAC0_VERIFY_H_ */