Attest: Add attestation core, COSE library & tests
Adds core library for creating EAT (draft-mandyam-eat-01)
format attestations. Adds t_cose an implementation of
COSE_Sign1 as defined in RFC 8152 section 4.2. Adds
basic test for creation of EAT format attestations.
Change-Id: I1ff8339edc55d50bd7639e42539844f2394280dc
Signed-off-by: Laurence Lundblade <lgl@securitytheory.com>
diff --git a/lib/t_cose/inc/t_cose_common.h b/lib/t_cose/inc/t_cose_common.h
new file mode 100644
index 0000000..d509a4b
--- /dev/null
+++ b/lib/t_cose/inc/t_cose_common.h
@@ -0,0 +1,148 @@
+/*
+ * t_cose_common.h
+ *
+ * Copyright 2019, Laurence Lundblade
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ * See BSD-3-Clause license in README.mdE.
+ */
+
+
+#ifndef __T_COSE_COMMON_H__
+#define __T_COSE_COMMON_H__
+
+
+/**
+ * \file t_cose_common.h
+ *
+ * \brief Defines common to all public t_cose interfaces.
+ *
+ */
+
+
+/* Private value. Intentionally not documented for Doxygen.
+ * This is the size allocated for the encoded protected headers. It
+ * needs to be big enough for make_protected_header() to succeed. It
+ * currently sized for one header with an algorithm ID up to 32 bits
+ * long -- one byte for the wrapping map, one byte for the label, 5
+ * bytes for the ID. If this is made accidentially too small, QCBOR will
+ * only return an error, and not overrun any buffers.
+ *
+ * 9 extra bytes are added, rounding it up to 16 total, in case some
+ * other protected header is to be added.
+ */
+#define T_COSE_SIGN1_MAX_PROT_HEADER (1+1+5+9)
+
+
+/**
+ * Error codes return by t_cose.
+ *
+ * Do not reorder these. It is OK to add
+ * new ones at the end.
+ */
+enum t_cose_err_t {
+ /**
+ * Operation completed successfully
+ */
+ T_COSE_SUCCESS = 0,
+ /**
+ * The requested signing algorithm is not supported.
+ */
+ T_COSE_ERR_UNSUPPORTED_SIGNING_ALG,
+ /**
+ * Error constructing the protected headers.
+ */
+ T_COSE_ERR_PROTECTED_HEADERS,
+ /**
+ * The hash algorithm needed is not supported. Note that the
+ * signing algorithm identifier usually identifies the hash
+ * algorithm.
+ */
+ T_COSE_ERR_UNSUPPORTED_HASH,
+ /**
+ * Some system failure when running the hash algorithm.
+ */
+ T_COSE_ERR_HASH_GENERAL_FAIL,
+ /**
+ * The buffer to receive a hash result is too small.
+ */
+ T_COSE_ERR_HASH_BUFFER_SIZE,
+ /**
+ * The buffer to receive result of a signing operation is too
+ * small.
+ */
+ T_COSE_ERR_SIG_BUFFER_SIZE,
+ /**
+ * The buffer to receive to receive a key is too small.
+ */
+ T_COSE_ERR_KEY_BUFFER_SIZE,
+ /**
+ * When verifying a \c COSE_Sign1, something is wrong with the
+ * format of the CBOR. For example, it is missing something like
+ * the payload.
+ */
+ T_COSE_ERR_SIGN1_FORMAT,
+ /**
+ * When decoding some CBOR like a \c COSE_Sign1, the CBOR was not
+ * well-formed. Most likely what was supposed to be CBOR was is
+ * either not or it has been corrupted.
+ */
+ T_COSE_ERR_CBOR_NOT_WELL_FORMED,
+ /**
+ * No algorithm ID was found when one is needed. For example, when
+ * verifying a \c COSE_Sign1.
+ */
+ T_COSE_ERR_NO_ALG_ID,
+ /**
+ * No key ID was found when one is needed. For example, when
+ * verifying a \c COSE_Sign1.
+ */
+ T_COSE_ERR_NO_KID,
+ /**
+ * Signature verification failed. For example, the cryptographic
+ * operations completed successfully but hash wasn't as expected.
+ */
+ T_COSE_ERR_SIG_VERIFY,
+ /**
+ * Verification of a short-circuit signature failed.
+ */
+ T_COSE_ERR_BAD_SHORT_CIRCUIT_KID,
+ /**
+ * Some (unspecified) argument was not valid.
+ */
+ T_COSE_ERR_INVALID_ARGUMENT,
+ /**
+ * Out of heap memory.
+ */
+ T_COSE_ERR_INSUFFICIENT_MEMORY,
+ /**
+ * General unspecific failure.
+ */
+ T_COSE_ERR_FAIL,
+ /**
+ * Equivalent to \c PSA_ERROR_TAMPERING_DETECTED.
+ */
+ T_COSE_ERR_TAMPERING_DETECTED,
+ /**
+ * The key identified by a key slot of a key ID was not found.
+ */
+ T_COSE_ERR_UNKNOWN_KEY,
+ /**
+ * The key was found, but it was the wrong type for the operation.
+ */
+ T_COSE_ERR_WRONG_TYPE_OF_KEY,
+ /**
+ * Error constructing the \c Sig_structure when signing or verify.
+ */
+ T_COSE_ERR_SIG_STRUCT,
+ /**
+ * Signature was short-circuit. THe option to allow verification
+ * of short-circuit signatures was not set
+ */
+ T_COSE_ERR_SHORT_CIRCUIT_SIG
+};
+
+
+
+#endif /* __T_COSE_COMMON_H__ */