Merge pull request #30 from jimsch/master

Check point

Author: jimsch

pom.xml

@@ -61,8 +61,28 @@
                 <configuration>
                     <source>1.7</source>
                     <target>1.7</target>
+                    <showDeprecation>true</showDeprecation>
                 </configuration>
             </plugin>
+            <plugin>
+              <groupId>org.jacoco</groupId>
+              <artifactId>jacoco-maven-plugin</artifactId>
+              <version>0.7.7.201606060606</version>
+              <executions>
+                <execution>
+                  <goals>
+                    <goal>prepare-agent</goal>
+                  </goals>
+                </execution>
+                <execution>
+                  <id>report</id>
+                  <phase>prepare-package</phase>
+                  <goals>
+                    <goal>report</goal>
+                  </goals>
+                </execution>
+              </executions>
+            </plugin>
         </plugins>
     </build>
 

src/main/java/COSE/Attribute.java

@@ -22,10 +22,32 @@
  */
 
 class Attribute {
+    /**
+     * Internal map of protected attributes
+     */
     protected CBORObject objProtected = CBORObject.NewMap();
+    
+    /**
+     * Internal map of unprotected attributes
+    */
     protected CBORObject objUnprotected = CBORObject.NewMap();
+    
+    /**
+     * Internal map of attributes which are not a part of the encoded message.
+     */
     protected CBORObject objDontSend = CBORObject.NewMap();
+    
+    /**
+     * The encoded byte string for the protected attributes.  If this variable is 
+     * set then the message was either decoded or as been cryptographically signed/encrypted/maced.
+     * If it is set, then do not allow objProtected to be modified.
+     */
     protected byte[] rgbProtected;
+    
+    /**
+     * Holder for the external data object that is authenticated as part of the 
+     * message
+     */
     protected byte[] externalData = new byte[0];
 
     /**
@@ -276,13 +298,40 @@ public CBORObject findAttribute(HeaderKeys label, int where) {
         return findAttribute(label.AsCBOR(), where);
     }
 
+    /**
+     * Return the entire map of protected attributes
+     * 
+     * @return the protected attribute map
+     */
+    public CBORObject getProtectedAttributes() {
+        return objProtected;
+    }
+    
+    /**
+     * Return the entire map of unprotected attributes
+     * 
+     * @return the unprotected attribute map
+     */
+    public CBORObject getUnprotectedAttributes() {
+        return objUnprotected;
+    }
+
+    /**
+     * Return the entire map of do not send attributes
+     * 
+     * @return the do not send attribute map
+     */
+    public CBORObject getDoNotSendAttributes() {
+        return objDontSend;
+    }
+
     /**
      * Remove an attribute from the set of all attribute maps.
      * 
-     * @param label 
+     * @param label attribute to be removed
      * @exception CoseException if integrity protection would be modified.
      */
-    private void removeAttribute(CBORObject label) throws CoseException {
+    public void removeAttribute(CBORObject label) throws CoseException {
         if (objProtected.ContainsKey(label)) {
             if (rgbProtected != null) throw new CoseException("Operation would modify integrity protected attributes");
             objProtected.Remove(label);
@@ -291,6 +340,25 @@ private void removeAttribute(CBORObject label) throws CoseException {
         if (objDontSend.ContainsKey(label)) objDontSend.Remove(label);
     }
 
+    /**
+     * Remove an attribute from the set of all attribute maps.
+     * 
+     * @param label attribute to be removed
+     * @throws CoseException 
+     */
+    public void removeAttribute(HeaderKeys label) throws CoseException {
+        removeAttribute(label.AsCBOR());
+    }
+    
+    /**
+     * Get the optional external data field to be authenticated
+     * 
+     * * @return external authenticated data
+     */
+    public byte[] getExternal() {
+        return externalData;
+    }
+    
     /**
      * Set the optional external data field to be authenticated
      * 

src/main/java/COSE/EncryptCommon.java

@@ -7,7 +7,6 @@
 
 import com.upokecenter.cbor.CBORObject;
 import com.upokecenter.cbor.CBORType;
-import java.nio.charset.StandardCharsets;
 import java.security.SecureRandom;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.engines.AESFastEngine;
@@ -27,7 +26,7 @@ public abstract class EncryptCommon extends Message {
     SecureRandom random = new SecureRandom();
 
     protected byte[] decryptWithKey(byte[] rgbKey) throws CoseException, InvalidCipherTextException {
-        CBORObject algX = findAttribute(HeaderKeys.Algorithm.AsCBOR());
+        CBORObject algX = findAttribute(HeaderKeys.Algorithm);
         AlgorithmID alg = AlgorithmID.FromCBOR(algX);
 
         if (rgbEncrypt == null) throw new CoseException("No Encrypted Content Specified");
@@ -58,7 +57,7 @@ protected byte[] decryptWithKey(byte[] rgbKey) throws CoseException, InvalidCiph
     }
 
     void encryptWithKey(byte[] rgbKey) throws CoseException, IllegalStateException, InvalidCipherTextException {
-        CBORObject algX = findAttribute(HeaderKeys.Algorithm.AsCBOR());
+        CBORObject algX = findAttribute(HeaderKeys.Algorithm);
         AlgorithmID alg = AlgorithmID.FromCBOR(algX);
 
         if (rgbContent == null) throw new CoseException("No Content Specified");
@@ -172,7 +171,7 @@ private void AES_CCM_Encrypt(AlgorithmID alg, byte[] rgbKey) throws CoseExceptio
         }
         else {
             random.nextBytes(IV);
-            AddUnprotected(HeaderKeys.IV, CBORObject.FromObject(IV));
+            addAttribute(HeaderKeys.IV, CBORObject.FromObject(IV), Attribute.UNPROTECTED);
         }
 
         if (rgbKey.length != alg.getKeySize()/8) throw new CoseException("Key Size is incorrect");
@@ -223,7 +222,7 @@ private void AES_GCM_Encrypt(AlgorithmID alg, byte[] rgbKey) throws CoseExceptio
         if (cn == null) {
             IV = new byte[96/8];
             random.nextBytes(IV);
-            AddUnprotected(HeaderKeys.IV, CBORObject.FromObject(IV));
+            addAttribute(HeaderKeys.IV, CBORObject.FromObject(IV), Attribute.UNPROTECTED);
         }
         else {
             if (cn.getType() != CBORType.ByteString) throw new CoseException("IV is incorrectly formed");

src/main/java/COSE/Message.java

@@ -10,14 +10,33 @@
 import java.nio.charset.StandardCharsets;
 
 /**
+ * The Message class provides a common class that all of the COSE message classes
+ * inherit from.  It provides the function used for decoding all of the known
+ * messages.
  * 
  * @author jimsch
  */
+
 public abstract class Message extends Attribute {
+    /**
+     * Is the tag identifying the message emitted?
+     */
     protected boolean emitTag = true;
+    
+    /**
+     * Is the content emitted as part of the message?
+     */
     protected boolean emitContent = true;
-    protected MessageTag messageTag;
-    protected byte[] rgbContent;
+    
+    /**
+     * What message tag identifies this message?
+    */
+    protected MessageTag messageTag = MessageTag.Unknown;
+    
+    /**
+     * What is the plain text content of the message.
+     */
+    protected byte[] rgbContent = null;
 
     /**
      * Decode a COSE message object.  This function assumes that the message
@@ -51,9 +70,9 @@ public static Message DecodeFromBytes(byte[] rgbData, MessageTag defaultTag) thr
             if (messageObject.GetTags().length != 1) throw new CoseException("Malformed message - too many tags");
 
             if (defaultTag == MessageTag.Unknown) {
-                defaultTag = MessageTag.FromInt(messageObject.getOutermostTag().intValue());
+                defaultTag = MessageTag.FromInt(messageObject.getInnermostTag().intValue());
             }
-            else if (defaultTag != MessageTag.FromInt(messageObject.getOutermostTag().intValue())) {
+            else if (defaultTag != MessageTag.FromInt(messageObject.getInnermostTag().intValue())) {
                 throw new CoseException("Passed in tag does not match actual tag");
             }
         }
@@ -96,13 +115,41 @@ else if (defaultTag != MessageTag.FromInt(messageObject.getOutermostTag().intVal
         return msg;
 
     }
-    
+
+    /**
+     * Encode the message to a byte array.  This function will force cryptographic operations to be executed as needed.
+     * 
+     * @return byte encoded object 
+     * @throws CoseException Internal COSE Exception
+     */
     public byte[] EncodeToBytes() throws CoseException {
         return EncodeToCBORObject().EncodeToBytes();
     }
 
+    /**
+     * Given a CBOR tree, parse the message.  This is an abstract function that is implemented for each different supported COSE message. 
+     * 
+     * @param messageObject CBORObject to be converted to a message.
+     * @throws CoseException 
+     */
+    
     protected abstract void DecodeFromCBORObject(CBORObject messageObject) throws CoseException;
+    
+    /**
+     * Encode the COSE message object to a CBORObject tree.  This function call will force cryptographic operations to be executed as needed.
+     * This is an internal function, as such it does not add the tag on the front and is implemented on a per message object.
+     * 
+     * @return CBORObject representing the message.
+     * @throws CoseException 
+     */
     protected abstract CBORObject EncodeCBORObject() throws CoseException;
+    
+    /**
+     * Encode the COSE message object to a CBORObject tree.  This function call will force cryptographic operations to be executed as needed.
+     * 
+     * @return CBORObject representing the message.
+     * @throws CoseException 
+     */
     public CBORObject EncodeToCBORObject() throws CoseException {
         CBORObject obj;
 
@@ -115,17 +162,40 @@ public CBORObject EncodeToCBORObject() throws CoseException {
         return obj;
     }
 
+    /**
+     * Return the content bytes of the message
+     * 
+     * @return bytes of the content
+     */
     public byte[] GetContent() {
         return rgbContent;
     }
 
+    /**
+     * Does the message current have content?
+     * 
+     * @return true if it has content 
+     */
+    public boolean HasContent() {
+        return rgbContent != null;
+    }
+    
+    /**
+     * Set the content bytes of the message.  If the message was transmitted with 
+     * detached content, this must be called before doing cryptographic processing on the message.
+     * 
+     * @param rgbData bytes to set as the content
+     */
     public void SetContent(byte[] rgbData) {
         rgbContent = rgbData;
     }
 
+    /**
+     * Set the content bytes as a text string.  The string will be encoded using UTF8 into a byte string.
+     * 
+     * @param strData string to set as the content
+     */
     public void SetContent(String strData) {
         rgbContent = strData.getBytes(StandardCharsets.UTF_8);
     }
-    
-
 }

src/main/java/COSE/Recipient.java

@@ -234,7 +234,7 @@ public void encrypt() throws CoseException, Exception {
                     byte[] rgbAPU = new byte[256/8];
                     random = new SecureRandom();
                     random.nextBytes(rgbAPU);
-                    addAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR(), CBORObject.FromObject(rgbAPU), Attribute.UnprotectedAttributes);
+                    addAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR(), CBORObject.FromObject(rgbAPU), Attribute.UNPROTECTED);
                 }
                 rgbKey = ECDH_GenerateSecret(privateKey);
                 rgbKey = HKDF(rgbKey, 128, AlgorithmID.AES_KW_128, new SHA256Digest());
@@ -255,7 +255,7 @@ public void encrypt() throws CoseException, Exception {
                     byte[] rgbAPU = new byte[256/8];
                     random = new SecureRandom();
                     random.nextBytes(rgbAPU);
-                    addAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR(), CBORObject.FromObject(rgbAPU), Attribute.UnprotectedAttributes);
+                    addAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR(), CBORObject.FromObject(rgbAPU), Attribute.UNPROTECTED);
                 }
                 rgbKey = ECDH_GenerateSecret(privateKey);
                 rgbKey = HKDF(rgbKey, 192, AlgorithmID.AES_KW_192, new SHA256Digest());
@@ -276,7 +276,7 @@ public void encrypt() throws CoseException, Exception {
                     byte[] rgbAPU = new byte[256/8];
                     random = new SecureRandom();
                     random.nextBytes(rgbAPU);
-                    addAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR(), CBORObject.FromObject(rgbAPU), Attribute.UnprotectedAttributes);
+                    addAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR(), CBORObject.FromObject(rgbAPU), Attribute.UNPROTECTED);
                 }
                 rgbKey = ECDH_GenerateSecret(privateKey);
                 rgbKey = HKDF(rgbKey, 256, AlgorithmID.AES_KW_256, new SHA256Digest());
@@ -365,7 +365,7 @@ public byte[] getKey(AlgorithmID algCEK) throws CoseException, Exception {
                     byte[] rgbAPU = new byte[256/8];
                     random = new SecureRandom();
                     random.nextBytes(rgbAPU);
-                    addAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR(), CBORObject.FromObject(rgbAPU), Attribute.UnprotectedAttributes);
+                    addAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR(), CBORObject.FromObject(rgbAPU), Attribute.UNPROTECTED);
                 }
                 rgbSecret = ECDH_GenerateSecret(privateKey);
                 return HKDF(rgbSecret, algCEK.getKeySize(), algCEK, new SHA256Digest());
@@ -376,7 +376,7 @@ public byte[] getKey(AlgorithmID algCEK) throws CoseException, Exception {
                     byte[] rgbAPU = new byte[512/8];
                     random = new SecureRandom();
                     random.nextBytes(rgbAPU);
-                    addAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR(), CBORObject.FromObject(rgbAPU), Attribute.UnprotectedAttributes);
+                    addAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR(), CBORObject.FromObject(rgbAPU), Attribute.UNPROTECTED);
                 }
                 rgbSecret = ECDH_GenerateSecret(privateKey);
                 return HKDF(rgbSecret, algCEK.getKeySize(), algCEK, new SHA512Digest());
@@ -466,7 +466,7 @@ private void ECDH_GenerateEphemeral() throws CoseException
         System.arraycopy(rgbEncoded, 1, X, 0, X.length);
         epk.Add(KeyKeys.EC2_X.AsCBOR(), CBORObject.FromObject(X));
         epk.Add(KeyKeys.EC2_Y.AsCBOR(), CBORObject.FromObject((rgbEncoded[0] & 1) == 1));
-        AddUnprotected(HeaderKeys.ECDH_EPK, epk);
+        addAttribute(HeaderKeys.ECDH_EPK, epk, Attribute.UNPROTECTED);
 
         OneKey secretKey = new OneKey();
         secretKey.add(KeyKeys.KeyType, KeyKeys.KeyType_EC2);

src/main/java/COSE/SignCommon.java

@@ -19,6 +19,7 @@
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 import org.bouncycastle.crypto.signers.ECDSASigner;
+import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
 import org.bouncycastle.math.ec.ECPoint;
 
 /**
@@ -58,7 +59,7 @@ byte[] computeSignature(byte[] rgbToBeSigned, CipherParameters key) throws CoseE
                 byte[] rgbDigest = new byte[digest.getDigestSize()];
                 digest.doFinal(rgbDigest, 0);
 
-                ECDSASigner ecdsa = new ECDSASigner();
+                ECDSASigner ecdsa = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest()));
                 ecdsa.init(true, key);
                 BigInteger[] sig = ecdsa.generateSignature(rgbDigest);
 
@@ -186,7 +187,7 @@ boolean validateSignature(byte[] rgbToBeSigned, byte[] rgbSignature, CipherParam
             }
 
             default:
-                throw new CoseException("Inernal error");
+                throw new CoseException("Internal error");
         }
     }