diff --git a/.github/workflows/minimal-build.yml b/.github/workflows/minimal-build.yml index 918c04e..c89317b 100644 --- a/.github/workflows/minimal-build.yml +++ b/.github/workflows/minimal-build.yml @@ -46,6 +46,10 @@ jobs: - name: MAC-only (HMAC + AES-MAC) wolfssl_flags: "--enable-cryptonly --enable-sha256 --enable-sha384 --enable-sha512 --enable-aescbc" cache_key: wolfssl-mac-only-v1 + - name: Lean core (WOLFCOSE_LEAN, minimal wolfSSL) + wolfssl_flags: "--enable-cryptonly --enable-ecc --enable-aesgcm --enable-keygen" + cache_key: wolfssl-ecc-only-v4 + cose_flags: "-DWOLFCOSE_LEAN" steps: - uses: actions/checkout@v4 @@ -81,19 +85,19 @@ jobs: - name: Build wolfCOSE run: | export WOLFSSL_DIR=$HOME/wolfssl-minimal - make CFLAGS="-std=c99 -DHAVE_ANONYMOUS_INLINE_AGGREGATES=1 -Os -Wall -Wextra -Wpedantic -Wshadow -Wconversion -I./include -isystem $WOLFSSL_DIR/include" \ + make CFLAGS="-std=c99 -DHAVE_ANONYMOUS_INLINE_AGGREGATES=1 -Os -Wall -Wextra -Wpedantic -Wshadow -Wconversion ${{ matrix.cose_flags }} -I./include -isystem $WOLFSSL_DIR/include" \ LDFLAGS="-L$WOLFSSL_DIR/lib -lwolfssl" - name: Run unit tests run: | export WOLFSSL_DIR=$HOME/wolfssl-minimal export LD_LIBRARY_PATH=$WOLFSSL_DIR/lib - make test CFLAGS="-std=c99 -DHAVE_ANONYMOUS_INLINE_AGGREGATES=1 -Os -Wall -Wextra -Wpedantic -Wshadow -Wconversion -I./include -isystem $WOLFSSL_DIR/include" \ + make test CFLAGS="-std=c99 -DHAVE_ANONYMOUS_INLINE_AGGREGATES=1 -Os -Wall -Wextra -Wpedantic -Wshadow -Wconversion ${{ matrix.cose_flags }} -I./include -isystem $WOLFSSL_DIR/include" \ LDFLAGS="-L$WOLFSSL_DIR/lib -lwolfssl" - name: Run tool round-trip test run: | export WOLFSSL_DIR=$HOME/wolfssl-minimal export LD_LIBRARY_PATH=$WOLFSSL_DIR/lib - make tool-test CFLAGS="-std=c99 -DHAVE_ANONYMOUS_INLINE_AGGREGATES=1 -Os -Wall -Wextra -Wpedantic -Wshadow -Wconversion -I./include -isystem $WOLFSSL_DIR/include" \ + make tool-test CFLAGS="-std=c99 -DHAVE_ANONYMOUS_INLINE_AGGREGATES=1 -Os -Wall -Wextra -Wpedantic -Wshadow -Wconversion ${{ matrix.cose_flags }} -I./include -isystem $WOLFSSL_DIR/include" \ LDFLAGS="-L$WOLFSSL_DIR/lib -lwolfssl" diff --git a/.github/workflows/misra-2023.yml b/.github/workflows/misra-2023.yml index ffcc160..fc8f2b5 100644 --- a/.github/workflows/misra-2023.yml +++ b/.github/workflows/misra-2023.yml @@ -100,16 +100,6 @@ jobs: -DWOLFSSL_SHA384 -DWOLFSSL_SHA512 \ -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT \ -DHAVE_HKDF -DHAVE_AES_CBC \ - -DWOLFCOSE_SIGN1 -DWOLFCOSE_SIGN1_SIGN -DWOLFCOSE_SIGN1_VERIFY \ - -DWOLFCOSE_ENCRYPT0 -DWOLFCOSE_ENCRYPT0_ENCRYPT -DWOLFCOSE_ENCRYPT0_DECRYPT \ - -DWOLFCOSE_MAC0 -DWOLFCOSE_MAC0_CREATE -DWOLFCOSE_MAC0_VERIFY \ - -DWOLFCOSE_SIGN -DWOLFCOSE_SIGN_SIGN -DWOLFCOSE_SIGN_VERIFY \ - -DWOLFCOSE_ENCRYPT -DWOLFCOSE_ENCRYPT_ENCRYPT -DWOLFCOSE_ENCRYPT_DECRYPT \ - -DWOLFCOSE_MAC -DWOLFCOSE_MAC_CREATE -DWOLFCOSE_MAC_VERIFY \ - -DWOLFCOSE_RECIPIENTS -DWOLFCOSE_KEY_WRAP \ - -DWOLFCOSE_ECDH -DWOLFCOSE_ECDH_WRAP \ - -DWOLFCOSE_CBOR_ENCODE -DWOLFCOSE_CBOR_DECODE \ - -DWOLFCOSE_KEY_ENCODE -DWOLFCOSE_KEY_DECODE \ -DWOLFCOSE_FLOAT \ -I./include -isystem $WOLFSSL_DIR/include" for f in src/*.c; do diff --git a/docs/Macros.md b/docs/Macros.md index b9f60b8..7154252 100644 --- a/docs/Macros.md +++ b/docs/Macros.md @@ -1,6 +1,41 @@ # Configuration Macros -wolfCOSE uses an opt-out design: all features are enabled by default, and you disable the ones you don't need with `WOLFCOSE_NO_*` defines. A more configurable model — opt-in tuning via `user_settings.h` for features that should not be on by default — is on the roadmap. +wolfCOSE has two configuration modes. The default is an opt-out full build: every algorithm wolfSSL provides is enabled, and you strip what you don't need with `WOLFCOSE_NO_*` defines. Alternatively, `WOLFCOSE_LEAN` switches to an opt-in core build and you add extensions with `WOLFCOSE_ENABLE_*`. See [Lean Configuration Layer](#lean-configuration-layer). + +## Lean Configuration Layer + +Defining `WOLFCOSE_LEAN` keeps only the core — `COSE_Sign1`/`Encrypt0`/`Mac0` with ES256, AES-GCM, and HMAC-SHA256 — and turns every other algorithm into an opt-in. This is the recommended starting point for constrained targets. + +| Define | Description | +|--------|-------------| +| `WOLFCOSE_LEAN` | Core-only base; all extensions become opt-in | +| `WOLFCOSE_ENABLE_ALL` | Re-enable every extension on top of `WOLFCOSE_LEAN` | +| `WOLFCOSE_ENABLE_` | Opt in a single extension (see list below) | + +Extension names for `WOLFCOSE_ENABLE_`: `ES384`, `ES512`, `EDDSA`, `ED448`, `RSAPSS`, `MLDSA`, `HMAC384`, `HMAC512`, `AESCCM`, `CHACHA20`, `AESMAC`, `AESWRAP`, `ECDH_ES`, `SIGN` (multi-signer), `ENCRYPT` (multi-recipient), `MAC` (multi-recipient). + +An extension is compiled in when it is explicitly enabled (`WOLFCOSE_ENABLE_` or `WOLFCOSE_ENABLE_ALL`), or — in a non-lean build — when wolfSSL provides the primitive and it is not opted out with `WOLFCOSE_NO_`. Enabling an extension wolfSSL cannot provide is a compile error. The resolved state is exposed internally as read-only `WOLFCOSE_HAVE_` gates (e.g. `WOLFCOSE_HAVE_MLDSA`); sources, tests, and examples compile against those, so you set `WOLFCOSE_ENABLE_*`/`WOLFCOSE_NO_*`, not `WOLFCOSE_HAVE_*`. + +## Algorithm Gates + +Per-algorithm opt-outs for the default (non-lean) build. Each also has a `WOLFCOSE_ENABLE_` form for lean opt-in. `ES256`, `AESGCM`, and `HMAC256` form the lean core and stay on unless explicitly opted out. + +| Opt-out | Algorithm | wolfSSL requirement | +|---------|-----------|---------------------| +| `WOLFCOSE_NO_ES256` | ECDSA P-256 (ES256) | `HAVE_ECC` | +| `WOLFCOSE_NO_ES384` | ECDSA P-384 (ES384) | `HAVE_ECC` + `WOLFSSL_SHA384` | +| `WOLFCOSE_NO_ES512` | ECDSA P-521 (ES512) | `HAVE_ECC` + `WOLFSSL_SHA512` | +| `WOLFCOSE_NO_EDDSA` | Ed25519 | `HAVE_ED25519` | +| `WOLFCOSE_NO_ED448` | Ed448 | `HAVE_ED448` | +| `WOLFCOSE_NO_RSAPSS` | RSA-PSS (PS256/384/512) | `WC_RSA_PSS` | +| `WOLFCOSE_NO_MLDSA` | ML-DSA (FIPS 204) | `WOLFSSL_HAVE_MLDSA` | +| `WOLFCOSE_NO_AESGCM` | AES-GCM | `HAVE_AESGCM` | +| `WOLFCOSE_NO_AESCCM` | AES-CCM | `HAVE_AESCCM` | +| `WOLFCOSE_NO_CHACHA20` | ChaCha20-Poly1305 | `HAVE_CHACHA` + `HAVE_POLY1305` | +| `WOLFCOSE_NO_HMAC256` | HMAC-SHA256 | HMAC (`NO_HMAC` unset) | +| `WOLFCOSE_NO_HMAC384` | HMAC-SHA384 | `WOLFSSL_SHA384` | +| `WOLFCOSE_NO_HMAC512` | HMAC-SHA512 | `WOLFSSL_SHA512` | +| `WOLFCOSE_NO_AESMAC` | AES-CBC-MAC | `HAVE_AES_CBC` | ## Message Type Gates @@ -76,16 +111,13 @@ wolfCOSE uses an opt-out design: all features are enabled by default, and you di | Define | Description | Default | |--------|-------------|---------| -| `WOLFCOSE_RECIPIENTS` | Enable recipient array support | Enabled | -| `WOLFCOSE_NO_RECIPIENTS` | Disable all multi-recipient support | - | -| `WOLFCOSE_KEY_WRAP` | Enable AES Key Wrap (A128KW, A192KW, A256KW) | Enabled* | -| `WOLFCOSE_NO_KEY_WRAP` | Disable AES Key Wrap | - | -| `WOLFCOSE_ECDH` | Enable ECDH key distribution | Enabled* | -| `WOLFCOSE_NO_ECDH` | Disable ECDH | - | -| `WOLFCOSE_ECDH_WRAP` | Enable ECDH-ES + AES-KW combined modes | Enabled* | -| `WOLFCOSE_NO_ECDH_WRAP` | Disable ECDH + wrap | - | - -*Requires corresponding wolfSSL feature enabled (`HAVE_AES_KEYWRAP`, `HAVE_ECC`) +| `WOLFCOSE_NO_RECIPIENTS` | Disable all multi-recipient support (COSE_Encrypt/COSE_Mac) | - | +| `WOLFCOSE_NO_AESWRAP` | Disable AES Key Wrap (A128KW, A192KW, A256KW) | - | +| `WOLFCOSE_NO_ECDH_ES` | Disable ECDH-ES key agreement | - | +| `WOLFCOSE_ENABLE_AESWRAP` | Opt in AES Key Wrap under `WOLFCOSE_LEAN` | - | +| `WOLFCOSE_ENABLE_ECDH_ES` | Opt in ECDH-ES under `WOLFCOSE_LEAN` | - | + +Resolved internally as read-only `WOLFCOSE_KEY_WRAP`, `WOLFCOSE_ECDH`, and `WOLFCOSE_ECDH_WRAP` gates. Requires the matching wolfSSL feature (`HAVE_AES_KEYWRAP`; `HAVE_ECC` + `HAVE_HKDF` for ECDH-ES) and at least one multi-recipient message type enabled. --- diff --git a/examples/comprehensive/encrypt_all.c b/examples/comprehensive/encrypt_all.c index 86eb620..059af0c 100644 --- a/examples/comprehensive/encrypt_all.c +++ b/examples/comprehensive/encrypt_all.c @@ -71,7 +71,7 @@ * @param useAad 0=no AAD, 1=with external AAD * @return 0 on success, negative error code on failure. */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static int test_encrypt0(int32_t alg, int keySz, int detached, int useAad) { int ret = 0; @@ -164,10 +164,10 @@ static int test_encrypt0(int32_t alg, int keySz, int detached, int useAad) return ret; } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ /* ----- Multi-Recipient Encrypt Worker (Direct Key) ----- */ -#if defined(HAVE_AESGCM) && defined(WOLFCOSE_ENCRYPT) +#if defined(WOLFCOSE_HAVE_AESGCM) && defined(WOLFCOSE_ENCRYPT) static int test_encrypt_multi_direct(int32_t contentAlg, int keySz, int recipCount, int detached, int useAad) { @@ -255,10 +255,10 @@ static int test_encrypt_multi_direct(int32_t contentAlg, int keySz, } return ret; } -#endif /* HAVE_AESGCM && WOLFCOSE_ENCRYPT */ +#endif /* WOLFCOSE_HAVE_AESGCM && WOLFCOSE_ENCRYPT */ /* ----- Multi-Recipient with Different Keys (Wrong Key Test) ----- */ -#if defined(HAVE_AESGCM) && defined(WOLFCOSE_ENCRYPT) +#if defined(WOLFCOSE_HAVE_AESGCM) && defined(WOLFCOSE_ENCRYPT) static int test_encrypt_wrong_key(void) { int ret = 0; @@ -365,10 +365,10 @@ static int test_encrypt_wrong_key(void) } return ret; } -#endif /* HAVE_AESGCM && WOLFCOSE_ENCRYPT */ +#endif /* WOLFCOSE_HAVE_AESGCM && WOLFCOSE_ENCRYPT */ /* ----- Encrypt0 Test Runner (12 tests) ----- */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static int test_encrypt0_all(void) { int ret = 0; @@ -437,10 +437,10 @@ static int test_encrypt0_all(void) printf("\nEncrypt0 Summary: %d passed, %d failed\n", passed, failed); return failed; } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ /* ----- Multi-Recipient Test Runner ----- */ -#if defined(HAVE_AESGCM) && defined(WOLFCOSE_ENCRYPT) && \ +#if defined(WOLFCOSE_HAVE_AESGCM) && defined(WOLFCOSE_ENCRYPT) && \ !defined(WOLFCOSE_NO_ENCRYPT_ALL_MULTI) static int test_encrypt_multi_all(void) { @@ -500,10 +500,10 @@ static int test_encrypt_multi_all(void) printf("\nMulti-Recipient Summary: %d passed, %d failed\n", passed, failed); return failed; } -#endif /* HAVE_AESGCM && WOLFCOSE_ENCRYPT */ +#endif /* WOLFCOSE_HAVE_AESGCM && WOLFCOSE_ENCRYPT */ /* ----- Interop Vector Tests ----- */ -#if defined(HAVE_AESGCM) && !defined(WOLFCOSE_NO_ENCRYPT_ALL_INTEROP) +#if defined(WOLFCOSE_HAVE_AESGCM) && !defined(WOLFCOSE_NO_ENCRYPT_ALL_INTEROP) static int test_encrypt0_interop(void) { int ret = 0; @@ -576,7 +576,7 @@ static int test_encrypt0_interop(void) printf("\nInterop Summary: %d passed, %d failed\n", passed, failed); return failed; } -#endif /* HAVE_AESGCM && !WOLFCOSE_NO_ENCRYPT_ALL_INTEROP */ +#endif /* WOLFCOSE_HAVE_AESGCM && !WOLFCOSE_NO_ENCRYPT_ALL_INTEROP */ /* ----- Main Entry Point ----- */ int main(void) @@ -587,20 +587,20 @@ int main(void) printf("wolfCOSE Comprehensive Encrypt Tests\n"); printf("========================================\n"); -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM totalFailed += test_encrypt0_all(); #endif -#if defined(HAVE_AESGCM) && defined(WOLFCOSE_ENCRYPT) && \ +#if defined(WOLFCOSE_HAVE_AESGCM) && defined(WOLFCOSE_ENCRYPT) && \ !defined(WOLFCOSE_NO_ENCRYPT_ALL_MULTI) totalFailed += test_encrypt_multi_all(); #endif -#if defined(HAVE_AESGCM) && !defined(WOLFCOSE_NO_ENCRYPT_ALL_INTEROP) +#if defined(WOLFCOSE_HAVE_AESGCM) && !defined(WOLFCOSE_NO_ENCRYPT_ALL_INTEROP) totalFailed += test_encrypt0_interop(); #endif -#ifndef HAVE_AESGCM +#ifndef WOLFCOSE_HAVE_AESGCM printf("AES-GCM not available - encryption tests skipped\n"); #endif diff --git a/examples/comprehensive/errors_all.c b/examples/comprehensive/errors_all.c index 0e36616..306bcb9 100644 --- a/examples/comprehensive/errors_all.c +++ b/examples/comprehensive/errors_all.c @@ -44,10 +44,10 @@ #include #include -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 #include #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA #include #endif #include @@ -77,7 +77,7 @@ } while (0) /* ----- Sign1 Tamper Tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static int test_sign1_tamper(int tamperPos) { int ret = 0; @@ -157,10 +157,10 @@ static int test_sign1_tamper(int tamperPos) } return ret; } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ /* ----- Encrypt0 Tamper Tests ----- */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static int test_encrypt0_tamper(int tamperPos) { int ret = 0; @@ -223,10 +223,10 @@ static int test_encrypt0_tamper(int tamperPos) return ret; } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ /* ----- Mac0 Tamper Tests ----- */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 static int test_mac0_tamper(int tamperPos) { int ret = 0; @@ -285,10 +285,10 @@ static int test_mac0_tamper(int tamperPos) return ret; } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ /* ----- Truncated Input Tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static int test_sign1_truncated(void) { int ret = 0; @@ -350,9 +350,9 @@ static int test_sign1_truncated(void) } return ret; } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static int test_encrypt0_truncated(void) { int ret = 0; @@ -402,9 +402,9 @@ static int test_encrypt0_truncated(void) return ret; } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 static int test_mac0_truncated(void) { int ret = 0; @@ -450,10 +450,10 @@ static int test_mac0_truncated(void) return ret; } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ /* ----- AAD Mismatch Tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static int test_sign1_aad_mismatch(void) { int ret = 0; @@ -519,9 +519,9 @@ static int test_sign1_aad_mismatch(void) } return ret; } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static int test_encrypt0_aad_mismatch(void) { int ret = 0; @@ -574,9 +574,9 @@ static int test_encrypt0_aad_mismatch(void) return ret; } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 static int test_mac0_aad_mismatch(void) { int ret = 0; @@ -626,10 +626,10 @@ static int test_mac0_aad_mismatch(void) return ret; } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ /* ----- Detached Payload Missing Tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static int test_sign1_detached_missing(void) { int ret = 0; @@ -693,10 +693,10 @@ static int test_sign1_detached_missing(void) } return ret; } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ /* ----- Wrong Key Type Tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static int test_sign1_with_symmetric_key(void) { int ret = 0; @@ -737,9 +737,9 @@ static int test_sign1_with_symmetric_key(void) } return ret; } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#if defined(HAVE_ECC) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_HAVE_ES256) && defined(WOLFCOSE_HAVE_AESGCM) static int test_encrypt0_with_signing_key(void) { int ret = 0; @@ -796,10 +796,10 @@ static int test_encrypt0_with_signing_key(void) } return ret; } -#endif /* HAVE_ECC && HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_ES256 && WOLFCOSE_HAVE_AESGCM */ /* ----- Empty Payload Tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static int test_sign1_empty_payload(void) { int ret = 0; @@ -860,10 +860,10 @@ static int test_sign1_empty_payload(void) } return ret; } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ /* ----- Error Test Runners ----- */ -#if defined(HAVE_ECC) && !defined(WOLFCOSE_NO_ERRORS_ALL_SIGN) +#if defined(WOLFCOSE_HAVE_ES256) && !defined(WOLFCOSE_NO_ERRORS_ALL_SIGN) static int test_sign_errors_all(void) { int ret = 0; @@ -913,9 +913,9 @@ static int test_sign_errors_all(void) printf("\nSign1 Error Summary: %d passed, %d failed\n", passed, failed); return failed; } -#endif /* HAVE_ECC && !WOLFCOSE_NO_ERRORS_ALL_SIGN */ +#endif /* WOLFCOSE_HAVE_ES256 && !WOLFCOSE_NO_ERRORS_ALL_SIGN */ -#if defined(HAVE_AESGCM) && !defined(WOLFCOSE_NO_ERRORS_ALL_ENCRYPT) +#if defined(WOLFCOSE_HAVE_AESGCM) && !defined(WOLFCOSE_NO_ERRORS_ALL_ENCRYPT) static int test_encrypt_errors_all(void) { int ret = 0; @@ -947,7 +947,7 @@ static int test_encrypt_errors_all(void) ret = test_encrypt0_aad_mismatch(); CHECK_RESULT(ret, "encrypt0_aad_mismatch"); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 /* Wrong key type */ PRINT_TEST("encrypt0_with_signing_key"); ret = test_encrypt0_with_signing_key(); @@ -957,9 +957,9 @@ static int test_encrypt_errors_all(void) printf("\nEncrypt0 Error Summary: %d passed, %d failed\n", passed, failed); return failed; } -#endif /* HAVE_AESGCM && !WOLFCOSE_NO_ERRORS_ALL_ENCRYPT */ +#endif /* WOLFCOSE_HAVE_AESGCM && !WOLFCOSE_NO_ERRORS_ALL_ENCRYPT */ -#if !defined(NO_HMAC) && !defined(WOLFCOSE_NO_ERRORS_ALL_MAC) +#if defined(WOLFCOSE_HAVE_HMAC256) && !defined(WOLFCOSE_NO_ERRORS_ALL_MAC) static int test_mac_errors_all(void) { int ret = 0; @@ -994,7 +994,7 @@ static int test_mac_errors_all(void) printf("\nMac0 Error Summary: %d passed, %d failed\n", passed, failed); return failed; } -#endif /* !NO_HMAC && !WOLFCOSE_NO_ERRORS_ALL_MAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 && !WOLFCOSE_NO_ERRORS_ALL_MAC */ /* ----- Main Entry Point ----- */ int main(void) @@ -1005,15 +1005,15 @@ int main(void) printf("wolfCOSE Comprehensive Error Tests\n"); printf("========================================\n"); -#if defined(HAVE_ECC) && !defined(WOLFCOSE_NO_ERRORS_ALL_SIGN) +#if defined(WOLFCOSE_HAVE_ES256) && !defined(WOLFCOSE_NO_ERRORS_ALL_SIGN) totalFailed += test_sign_errors_all(); #endif -#if defined(HAVE_AESGCM) && !defined(WOLFCOSE_NO_ERRORS_ALL_ENCRYPT) +#if defined(WOLFCOSE_HAVE_AESGCM) && !defined(WOLFCOSE_NO_ERRORS_ALL_ENCRYPT) totalFailed += test_encrypt_errors_all(); #endif -#if !defined(NO_HMAC) && !defined(WOLFCOSE_NO_ERRORS_ALL_MAC) +#if defined(WOLFCOSE_HAVE_HMAC256) && !defined(WOLFCOSE_NO_ERRORS_ALL_MAC) totalFailed += test_mac_errors_all(); #endif diff --git a/examples/comprehensive/mac_all.c b/examples/comprehensive/mac_all.c index 3dfe7a2..9992e1c 100644 --- a/examples/comprehensive/mac_all.c +++ b/examples/comprehensive/mac_all.c @@ -74,7 +74,7 @@ * * Returns 0 on success, negative error code on failure. * ----- */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 static int test_mac0(int32_t alg, int keySz, int detached, int useAad) { int ret = 0; @@ -140,10 +140,10 @@ static int test_mac0(int32_t alg, int keySz, int detached, int useAad) return ret; } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ /* ----- Multi-Recipient Mac Worker (Direct Key) ----- */ -#if !defined(NO_HMAC) && defined(WOLFCOSE_MAC) +#if defined(WOLFCOSE_HAVE_HMAC256) && defined(WOLFCOSE_MAC) static int test_mac_multi_direct(int32_t macAlg, int keySz, int recipCount, int detached, int useAad) { @@ -209,10 +209,10 @@ static int test_mac_multi_direct(int32_t macAlg, int keySz, return ret; } -#endif /* !NO_HMAC && WOLFCOSE_MAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 && WOLFCOSE_MAC */ /* ----- Multi-Recipient Wrong Key Test ----- */ -#if !defined(NO_HMAC) && defined(WOLFCOSE_MAC) +#if defined(WOLFCOSE_HAVE_HMAC256) && defined(WOLFCOSE_MAC) static int test_mac_wrong_key(void) { int ret = 0; @@ -303,10 +303,10 @@ static int test_mac_wrong_key(void) return ret; } -#endif /* !NO_HMAC && WOLFCOSE_MAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 && WOLFCOSE_MAC */ /* ----- Mac0 Test Runner (20 tests) ----- */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 static int test_mac0_all(void) { int ret = 0; @@ -334,7 +334,7 @@ static int test_mac0_all(void) CHECK_RESULT(ret, "hmac256_detached_aad"); #endif -#if defined(WOLFSSL_SHA384) && !defined(WOLFCOSE_NO_MAC_ALL_HMAC384) +#if defined(WOLFCOSE_HAVE_HMAC384) && !defined(WOLFCOSE_NO_MAC_ALL_HMAC384) /* HMAC-384/384 - 4 combinations */ PRINT_TEST("hmac384_inline_noaad"); ret = test_mac0(WOLFCOSE_ALG_HMAC_384_384, 48, 0, 0); @@ -353,7 +353,7 @@ static int test_mac0_all(void) CHECK_RESULT(ret, "hmac384_detached_aad"); #endif -#if defined(WOLFSSL_SHA512) && !defined(WOLFCOSE_NO_MAC_ALL_HMAC512) +#if defined(WOLFCOSE_HAVE_HMAC512) && !defined(WOLFCOSE_NO_MAC_ALL_HMAC512) /* HMAC-512/512 - 4 combinations */ PRINT_TEST("hmac512_inline_noaad"); ret = test_mac0(WOLFCOSE_ALG_HMAC_512_512, 64, 0, 0); @@ -372,7 +372,7 @@ static int test_mac0_all(void) CHECK_RESULT(ret, "hmac512_detached_aad"); #endif -#if defined(HAVE_AES_CBC) && !defined(WOLFCOSE_NO_MAC_ALL_AES_MAC) +#if defined(WOLFCOSE_HAVE_AESMAC) && !defined(WOLFCOSE_NO_MAC_ALL_AES_MAC) /* AES-MAC-128/64 - 4 combinations */ PRINT_TEST("aes_mac_128_64_inline_noaad"); ret = test_mac0(WOLFCOSE_ALG_AES_MAC_128_64, 16, 0, 0); @@ -411,10 +411,10 @@ static int test_mac0_all(void) printf("\nMac0 Summary: %d passed, %d failed\n", passed, failed); return failed; } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ /* ----- Multi-Recipient Test Runner ----- */ -#if !defined(NO_HMAC) && defined(WOLFCOSE_MAC) && \ +#if defined(WOLFCOSE_HAVE_HMAC256) && defined(WOLFCOSE_MAC) && \ !defined(WOLFCOSE_NO_MAC_ALL_MULTI) static int test_mac_multi_all(void) { @@ -449,7 +449,7 @@ static int test_mac_multi_all(void) ret = test_mac_multi_direct(WOLFCOSE_ALG_HMAC_256_256, 32, 2, 1, 1); CHECK_RESULT(ret, "multi_hmac256_2recip_detached_aad"); -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_HMAC384 /* HMAC-384/384 with multiple recipients */ PRINT_TEST("multi_hmac384_2recip_inline"); ret = test_mac_multi_direct(WOLFCOSE_ALG_HMAC_384_384, 48, 2, 0, 0); @@ -460,7 +460,7 @@ static int test_mac_multi_all(void) CHECK_RESULT(ret, "multi_hmac384_3recip_aad"); #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_HMAC512 /* HMAC-512/512 with multiple recipients */ PRINT_TEST("multi_hmac512_2recip_inline"); ret = test_mac_multi_direct(WOLFCOSE_ALG_HMAC_512_512, 64, 2, 0, 0); @@ -479,10 +479,10 @@ static int test_mac_multi_all(void) printf("\nMulti-Recipient Summary: %d passed, %d failed\n", passed, failed); return failed; } -#endif /* !NO_HMAC && WOLFCOSE_MAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 && WOLFCOSE_MAC */ /* ----- Interop Vector Tests ----- */ -#if !defined(NO_HMAC) && !defined(WOLFCOSE_NO_MAC_ALL_INTEROP) +#if defined(WOLFCOSE_HAVE_HMAC256) && !defined(WOLFCOSE_NO_MAC_ALL_INTEROP) static int test_mac0_interop(void) { int ret = 0; @@ -551,7 +551,7 @@ static int test_mac0_interop(void) printf("\nInterop Summary: %d passed, %d failed\n", passed, failed); return failed; } -#endif /* !NO_HMAC && !WOLFCOSE_NO_MAC_ALL_INTEROP */ +#endif /* WOLFCOSE_HAVE_HMAC256 && !WOLFCOSE_NO_MAC_ALL_INTEROP */ /* ----- Main Entry Point ----- */ int main(void) @@ -562,20 +562,20 @@ int main(void) printf("wolfCOSE Comprehensive MAC Tests\n"); printf("========================================\n"); -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 totalFailed += test_mac0_all(); #endif -#if !defined(NO_HMAC) && defined(WOLFCOSE_MAC) && \ +#if defined(WOLFCOSE_HAVE_HMAC256) && defined(WOLFCOSE_MAC) && \ !defined(WOLFCOSE_NO_MAC_ALL_MULTI) totalFailed += test_mac_multi_all(); #endif -#if !defined(NO_HMAC) && !defined(WOLFCOSE_NO_MAC_ALL_INTEROP) +#if defined(WOLFCOSE_HAVE_HMAC256) && !defined(WOLFCOSE_NO_MAC_ALL_INTEROP) totalFailed += test_mac0_interop(); #endif -#ifdef NO_HMAC +#ifndef WOLFCOSE_HAVE_HMAC256 printf("HMAC not available - MAC tests skipped\n"); #endif diff --git a/examples/comprehensive/sign_all.c b/examples/comprehensive/sign_all.c index d986a46..c79931d 100644 --- a/examples/comprehensive/sign_all.c +++ b/examples/comprehensive/sign_all.c @@ -47,10 +47,10 @@ #include #include -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 #include #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA #include #endif #include @@ -70,7 +70,7 @@ } while (0) /* ----- Helper: Get ECC curve from key size ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static int crv_from_size(int keySz) { switch (keySz) { @@ -96,11 +96,11 @@ static int crv_from_size(int keySz) static int test_sign1(int32_t alg, int curveSize, int detached, int useAad) { int ret = 0; -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 ecc_key eccKey; int eccInit = 0; #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA ed25519_key edKey; int edInit = 0; #endif @@ -125,7 +125,7 @@ static int test_sign1(int32_t alg, int curveSize, int detached, int useAad) /* Key setup based on curve */ if ((ret == 0) && (curveSize == 0)) { -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA ret = wc_ed25519_init(&edKey); if (ret == 0) { edInit = 1; @@ -140,7 +140,7 @@ static int test_sign1(int32_t alg, int curveSize, int detached, int useAad) #endif } else if (ret == 0) { -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 ret = wc_ecc_init(&eccKey); if (ret == 0) { eccInit = 1; @@ -196,10 +196,10 @@ static int test_sign1(int32_t alg, int curveSize, int detached, int useAad) } /* Cleanup */ -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA if (edInit != 0) { wc_ed25519_free(&edKey); } #endif -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 if (eccInit != 0) { wc_ecc_free(&eccKey); } #endif if (rngInit != 0) { wc_FreeRng(&rng); } @@ -208,7 +208,7 @@ static int test_sign1(int32_t alg, int curveSize, int detached, int useAad) } /* ----- Multi-Signer Worker Function (2 signers) ----- */ -#if defined(HAVE_ECC) && defined(WOLFCOSE_SIGN) +#if defined(WOLFCOSE_HAVE_ES256) && defined(WOLFCOSE_SIGN) static int test_sign_multi_2(int32_t alg1, int keySz1, int32_t alg2, int keySz2, int detached, int useAad) { @@ -217,7 +217,7 @@ static int test_sign_multi_2(int32_t alg1, int keySz1, int32_t alg2, int keySz2, ecc_key eccKey2; int ecc1Init = 0; int ecc2Init = 0; -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA ed25519_key edKey1; ed25519_key edKey2; int ed1Init = 0; @@ -248,7 +248,7 @@ static int test_sign_multi_2(int32_t alg1, int keySz1, int32_t alg2, int keySz2, /* Setup key 1 */ if ((ret == 0) && (keySz1 == 0)) { -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA ret = wc_ed25519_init(&edKey1); if (ret == 0) { ed1Init = 1; @@ -276,7 +276,7 @@ static int test_sign_multi_2(int32_t alg1, int keySz1, int32_t alg2, int keySz2, /* Setup key 2 */ if ((ret == 0) && (keySz2 == 0)) { -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA ret = wc_ed25519_init(&edKey2); if (ret == 0) { ed2Init = 1; @@ -351,7 +351,7 @@ static int test_sign_multi_2(int32_t alg1, int keySz1, int32_t alg2, int keySz2, } /* Cleanup */ -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA if (ed1Init != 0) { wc_ed25519_free(&edKey1); } if (ed2Init != 0) { wc_ed25519_free(&edKey2); } #endif @@ -361,10 +361,10 @@ static int test_sign_multi_2(int32_t alg1, int keySz1, int32_t alg2, int keySz2, return ret; } -#endif /* HAVE_ECC && WOLFCOSE_SIGN */ +#endif /* WOLFCOSE_HAVE_ES256 && WOLFCOSE_SIGN */ /* ----- Multi-Signer Worker Function (3 signers) ----- */ -#if defined(HAVE_ECC) && defined(WOLFCOSE_SIGN) +#if defined(WOLFCOSE_HAVE_ES256) && defined(WOLFCOSE_SIGN) static int test_sign_multi_3(int32_t alg1, int keySz1, int32_t alg2, int keySz2, int32_t alg3, int keySz3, @@ -377,7 +377,7 @@ static int test_sign_multi_3(int32_t alg1, int keySz1, int ecc1Init = 0; int ecc2Init = 0; int ecc3Init = 0; -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA ed25519_key edKey1; ed25519_key edKey2; ed25519_key edKey3; @@ -405,7 +405,7 @@ static int test_sign_multi_3(int32_t alg1, int keySz1, ecc_key* eccKeys[3]; int* eccInits[3]; WOLFCOSE_KEY* cosKeys[3]; -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA ed25519_key* edKeys[3]; int* edInits[3]; #endif @@ -426,14 +426,14 @@ static int test_sign_multi_3(int32_t alg1, int keySz1, eccKeys[0] = &eccKey1; eccKeys[1] = &eccKey2; eccKeys[2] = &eccKey3; eccInits[0] = &ecc1Init; eccInits[1] = &ecc2Init; eccInits[2] = &ecc3Init; cosKeys[0] = &cosKey1; cosKeys[1] = &cosKey2; cosKeys[2] = &cosKey3; -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA edKeys[0] = &edKey1; edKeys[1] = &edKey2; edKeys[2] = &edKey3; edInits[0] = &ed1Init; edInits[1] = &ed2Init; edInits[2] = &ed3Init; #endif for (i = 0; (ret == 0) && (i < 3); i++) { if (keySizes[i] == 0) { -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA ret = wc_ed25519_init(edKeys[i]); if (ret == 0) { *edInits[i] = 1; @@ -496,7 +496,7 @@ static int test_sign_multi_3(int32_t alg1, int keySz1, } /* Cleanup */ -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA if (ed1Init != 0) { wc_ed25519_free(&edKey1); } if (ed2Init != 0) { wc_ed25519_free(&edKey2); } if (ed3Init != 0) { wc_ed25519_free(&edKey3); } @@ -508,10 +508,10 @@ static int test_sign_multi_3(int32_t alg1, int keySz1, return ret; } -#endif /* HAVE_ECC && WOLFCOSE_SIGN */ +#endif /* WOLFCOSE_HAVE_ES256 && WOLFCOSE_SIGN */ /* ----- Multi-Signer Worker Function (4 signers) ----- */ -#if defined(HAVE_ECC) && defined(WOLFCOSE_SIGN) && defined(HAVE_ED25519) +#if defined(WOLFCOSE_HAVE_ES256) && defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_EDDSA) static int test_sign_multi_4(int detached, int useAad) { int ret = 0; @@ -680,7 +680,7 @@ static int test_sign_multi_4(int detached, int useAad) return ret; } -#endif /* HAVE_ECC && WOLFCOSE_SIGN && HAVE_ED25519 */ +#endif /* WOLFCOSE_HAVE_ES256 && WOLFCOSE_SIGN && WOLFCOSE_HAVE_EDDSA */ /* ----- Sign1 Test Runner (16 tests) ----- */ static int test_sign1_all(void) @@ -691,7 +691,7 @@ static int test_sign1_all(void) printf("\n=== COSE_Sign1 Comprehensive Tests ===\n\n"); -#if defined(HAVE_ECC) && !defined(WOLFCOSE_NO_SIGN_ALL_ES256) +#if defined(WOLFCOSE_HAVE_ES256) && !defined(WOLFCOSE_NO_SIGN_ALL_ES256) /* ES256 - 4 combinations */ PRINT_TEST("es256_inline_noaad"); ret = test_sign1(WOLFCOSE_ALG_ES256, 32, 0, 0); @@ -710,7 +710,7 @@ static int test_sign1_all(void) CHECK_RESULT(ret, "es256_detached_aad"); #endif -#if defined(HAVE_ECC) && defined(WOLFSSL_SHA384) && \ +#if defined(WOLFCOSE_HAVE_ES384) && \ !defined(WOLFCOSE_NO_SIGN_ALL_ES384) /* ES384 - 4 combinations */ PRINT_TEST("es384_inline_noaad"); @@ -730,7 +730,7 @@ static int test_sign1_all(void) CHECK_RESULT(ret, "es384_detached_aad"); #endif -#if defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && \ +#if defined(WOLFCOSE_HAVE_ES512) && \ !defined(WOLFCOSE_NO_SIGN_ALL_ES512) /* ES512 - 4 combinations */ PRINT_TEST("es512_inline_noaad"); @@ -750,7 +750,7 @@ static int test_sign1_all(void) CHECK_RESULT(ret, "es512_detached_aad"); #endif -#if defined(HAVE_ED25519) && !defined(WOLFCOSE_NO_SIGN_ALL_EDDSA) +#if defined(WOLFCOSE_HAVE_EDDSA) && !defined(WOLFCOSE_NO_SIGN_ALL_EDDSA) /* EdDSA - 4 combinations */ PRINT_TEST("eddsa_inline_noaad"); ret = test_sign1(WOLFCOSE_ALG_EDDSA, 0, 0, 0); @@ -774,7 +774,7 @@ static int test_sign1_all(void) } /* ----- Multi-Signer Test Runner (52 tests total) ----- */ -#if defined(HAVE_ECC) && defined(WOLFCOSE_SIGN) && \ +#if defined(WOLFCOSE_HAVE_ES256) && defined(WOLFCOSE_SIGN) && \ !defined(WOLFCOSE_NO_SIGN_ALL_MULTI) static int test_sign_multi_all(void) { @@ -801,7 +801,7 @@ static int test_sign_multi_all(void) ret = test_sign_multi_2(WOLFCOSE_ALG_ES256, 32, WOLFCOSE_ALG_ES256, 32, 1, 1); CHECK_RESULT(ret, "multi2_es256_es256_detached_aad"); -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_ES384 /* Two-signer: ES256 + ES384 */ PRINT_TEST("multi2_es256_es384_inline_noaad"); ret = test_sign_multi_2(WOLFCOSE_ALG_ES256, 32, WOLFCOSE_ALG_ES384, 48, 0, 0); @@ -820,7 +820,7 @@ static int test_sign_multi_all(void) CHECK_RESULT(ret, "multi2_es256_es384_detached_aad"); #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_ES512 /* Two-signer: ES256 + ES512 */ PRINT_TEST("multi2_es256_es512_inline_noaad"); ret = test_sign_multi_2(WOLFCOSE_ALG_ES256, 32, WOLFCOSE_ALG_ES512, 66, 0, 0); @@ -839,7 +839,7 @@ static int test_sign_multi_all(void) CHECK_RESULT(ret, "multi2_es256_es512_detached_aad"); #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA /* Two-signer: ES256 + EdDSA */ PRINT_TEST("multi2_es256_eddsa_inline_noaad"); ret = test_sign_multi_2(WOLFCOSE_ALG_ES256, 32, WOLFCOSE_ALG_EDDSA, 0, 0, 0); @@ -858,7 +858,7 @@ static int test_sign_multi_all(void) CHECK_RESULT(ret, "multi2_es256_eddsa_detached_aad"); #endif -#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) +#if defined(WOLFCOSE_HAVE_ES384) && defined(WOLFCOSE_HAVE_ES512) /* Two-signer: ES384 + ES512 */ PRINT_TEST("multi2_es384_es512_inline_noaad"); ret = test_sign_multi_2(WOLFCOSE_ALG_ES384, 48, WOLFCOSE_ALG_ES512, 66, 0, 0); @@ -877,7 +877,7 @@ static int test_sign_multi_all(void) CHECK_RESULT(ret, "multi2_es384_es512_detached_aad"); #endif -#if defined(WOLFSSL_SHA384) && defined(HAVE_ED25519) +#if defined(WOLFCOSE_HAVE_ES384) && defined(WOLFCOSE_HAVE_EDDSA) /* Two-signer: ES384 + EdDSA */ PRINT_TEST("multi2_es384_eddsa_inline_noaad"); ret = test_sign_multi_2(WOLFCOSE_ALG_ES384, 48, WOLFCOSE_ALG_EDDSA, 0, 0, 0); @@ -896,7 +896,7 @@ static int test_sign_multi_all(void) CHECK_RESULT(ret, "multi2_es384_eddsa_detached_aad"); #endif -#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) +#if defined(WOLFCOSE_HAVE_ES384) && defined(WOLFCOSE_HAVE_ES512) /* Three-signer: ES256 + ES384 + ES512 */ PRINT_TEST("multi3_es256_es384_es512_inline_noaad"); ret = test_sign_multi_3(WOLFCOSE_ALG_ES256, 32, WOLFCOSE_ALG_ES384, 48, @@ -919,7 +919,7 @@ static int test_sign_multi_all(void) CHECK_RESULT(ret, "multi3_es256_es384_es512_detached_aad"); #endif -#if defined(WOLFSSL_SHA384) && defined(HAVE_ED25519) +#if defined(WOLFCOSE_HAVE_ES384) && defined(WOLFCOSE_HAVE_EDDSA) /* Three-signer: ES256 + ES384 + EdDSA */ PRINT_TEST("multi3_es256_es384_eddsa_inline_noaad"); ret = test_sign_multi_3(WOLFCOSE_ALG_ES256, 32, WOLFCOSE_ALG_ES384, 48, @@ -942,7 +942,7 @@ static int test_sign_multi_all(void) CHECK_RESULT(ret, "multi3_es256_es384_eddsa_detached_aad"); #endif -#if defined(WOLFSSL_SHA512) && defined(HAVE_ED25519) +#if defined(WOLFCOSE_HAVE_ES512) && defined(WOLFCOSE_HAVE_EDDSA) /* Three-signer: ES256 + ES512 + EdDSA */ PRINT_TEST("multi3_es256_es512_eddsa_inline_noaad"); ret = test_sign_multi_3(WOLFCOSE_ALG_ES256, 32, WOLFCOSE_ALG_ES512, 66, @@ -965,7 +965,7 @@ static int test_sign_multi_all(void) CHECK_RESULT(ret, "multi3_es256_es512_eddsa_detached_aad"); #endif -#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) && defined(HAVE_ED25519) +#if defined(WOLFCOSE_HAVE_ES384) && defined(WOLFCOSE_HAVE_ES512) && defined(WOLFCOSE_HAVE_EDDSA) /* Three-signer: ES384 + ES512 + EdDSA */ PRINT_TEST("multi3_es384_es512_eddsa_inline_noaad"); ret = test_sign_multi_3(WOLFCOSE_ALG_ES384, 48, WOLFCOSE_ALG_ES512, 66, @@ -988,7 +988,7 @@ static int test_sign_multi_all(void) CHECK_RESULT(ret, "multi3_es384_es512_eddsa_detached_aad"); #endif -#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) && defined(HAVE_ED25519) +#if defined(WOLFCOSE_HAVE_ES384) && defined(WOLFCOSE_HAVE_ES512) && defined(WOLFCOSE_HAVE_EDDSA) /* Four-signer: ES256 + ES384 + ES512 + EdDSA (4 modes) */ PRINT_TEST("multi4_all_algos_inline_noaad"); ret = test_sign_multi_4(0, 0); @@ -1010,10 +1010,10 @@ static int test_sign_multi_all(void) printf("\nMulti-Signer Summary: %d passed, %d failed\n", passed, failed); return failed; } -#endif /* HAVE_ECC && WOLFCOSE_SIGN && !WOLFCOSE_NO_SIGN_ALL_MULTI */ +#endif /* WOLFCOSE_HAVE_ES256 && WOLFCOSE_SIGN && !WOLFCOSE_NO_SIGN_ALL_MULTI */ /* ----- Interop Vector Tests (RFC 9052 Appendix C) ----- */ -#if defined(HAVE_ECC) && !defined(WOLFCOSE_NO_SIGN_ALL_INTEROP) +#if defined(WOLFCOSE_HAVE_ES256) && !defined(WOLFCOSE_NO_SIGN_ALL_INTEROP) static int test_sign1_interop(void) { int ret = 0; @@ -1120,7 +1120,7 @@ static int test_sign1_interop(void) printf("\nInterop Summary: %d passed, %d failed\n", passed, failed); return failed; } -#endif /* HAVE_ECC && !WOLFCOSE_NO_SIGN_ALL_INTEROP */ +#endif /* WOLFCOSE_HAVE_ES256 && !WOLFCOSE_NO_SIGN_ALL_INTEROP */ /* ----- Main Entry Point ----- */ int main(void) @@ -1133,12 +1133,12 @@ int main(void) totalFailed += test_sign1_all(); -#if defined(HAVE_ECC) && defined(WOLFCOSE_SIGN) && \ +#if defined(WOLFCOSE_HAVE_ES256) && defined(WOLFCOSE_SIGN) && \ !defined(WOLFCOSE_NO_SIGN_ALL_MULTI) totalFailed += test_sign_multi_all(); #endif -#if defined(HAVE_ECC) && !defined(WOLFCOSE_NO_SIGN_ALL_INTEROP) +#if defined(WOLFCOSE_HAVE_ES256) && !defined(WOLFCOSE_NO_SIGN_ALL_INTEROP) totalFailed += test_sign1_interop(); #endif diff --git a/examples/encrypt0_demo.c b/examples/encrypt0_demo.c index 70a1d21..688c4cb 100644 --- a/examples/encrypt0_demo.c +++ b/examples/encrypt0_demo.c @@ -268,7 +268,7 @@ int main(void) printf("=== wolfCOSE Encrypt0 Demo ===\n\n"); -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM if (demo_encrypt0_a128gcm() != 0) { failures++; } diff --git a/examples/lifecycle_demo.c b/examples/lifecycle_demo.c index fb4416a..200c170 100644 --- a/examples/lifecycle_demo.c +++ b/examples/lifecycle_demo.c @@ -48,16 +48,16 @@ #include #include -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 #include #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA #include #endif -#ifdef WC_RSA_PSS +#ifdef WOLFCOSE_HAVE_RSAPSS #include #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA #include #endif #include @@ -104,7 +104,7 @@ static int encode_sensor_payload(uint8_t* payload, size_t payloadSz, } /* ----- COSE_Sign1 lifecycle: ES256 ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static int demo_sign1_es256(void) { int ret = 0; @@ -185,10 +185,10 @@ static int demo_sign1_es256(void) return ret; } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ /* ----- COSE_Sign1 lifecycle: EdDSA (Ed25519) ----- */ -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA static int demo_sign1_eddsa(void) { int ret = 0; @@ -262,10 +262,10 @@ static int demo_sign1_eddsa(void) return ret; } -#endif /* HAVE_ED25519 */ +#endif /* WOLFCOSE_HAVE_EDDSA */ /* ----- COSE_Sign1 lifecycle: RSA-PSS (PS256) ----- */ -#if defined(WC_RSA_PSS) && defined(WOLFSSL_KEY_GEN) +#if defined(WOLFCOSE_HAVE_RSAPSS) && defined(WOLFSSL_KEY_GEN) static int demo_sign1_ps256(void) { int ret = 0; @@ -343,10 +343,10 @@ static int demo_sign1_ps256(void) return ret; } -#endif /* WC_RSA_PSS && WOLFSSL_KEY_GEN */ +#endif /* WOLFCOSE_HAVE_RSAPSS && WOLFSSL_KEY_GEN */ -/* ----- COSE_Sign1 lifecycle: ML-DSA-44 (ML-DSA) ----- */ -#ifdef WOLFSSL_HAVE_MLDSA +/* ----- COSE_Sign1 lifecycle: ML-DSA-44 ----- */ +#ifdef WOLFCOSE_HAVE_MLDSA static int demo_sign1_ml_dsa_44(void) { int ret = 0; @@ -427,10 +427,10 @@ static int demo_sign1_ml_dsa_44(void) return ret; } -#endif /* WOLFSSL_HAVE_MLDSA */ +#endif /* WOLFCOSE_HAVE_MLDSA */ /* ----- COSE_Encrypt0 lifecycle: AES-GCM ----- */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static int demo_encrypt0_aesgcm(int32_t alg) { int ret; @@ -504,10 +504,10 @@ static int demo_encrypt0_aesgcm(int32_t alg) printf(" Result: %s\n\n", (ret == 0) ? "PASS" : "FAIL"); return ret; } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ /* ----- COSE_Encrypt0 lifecycle: ChaCha20-Poly1305 ----- */ -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(WOLFCOSE_HAVE_CHACHA20) static int demo_encrypt0_chacha20(void) { int ret; @@ -570,10 +570,10 @@ static int demo_encrypt0_chacha20(void) printf(" Result: %s\n\n", (ret == 0) ? "PASS" : "FAIL"); return ret; } -#endif /* HAVE_CHACHA && HAVE_POLY1305 */ +#endif /* WOLFCOSE_HAVE_CHACHA20 && WOLFCOSE_HAVE_CHACHA20 */ /* ----- COSE_Encrypt0 lifecycle: AES-CCM ----- */ -#ifdef HAVE_AESCCM +#ifdef WOLFCOSE_HAVE_AESCCM static int demo_encrypt0_aes_ccm(void) { int ret; @@ -636,10 +636,10 @@ static int demo_encrypt0_aes_ccm(void) printf(" Result: %s\n\n", (ret == 0) ? "PASS" : "FAIL"); return ret; } -#endif /* HAVE_AESCCM */ +#endif /* WOLFCOSE_HAVE_AESCCM */ /* ----- COSE_Mac0 lifecycle: HMAC ----- */ -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC256) static int demo_mac0_hmac(int32_t alg) { int ret; @@ -712,7 +712,7 @@ static int demo_mac0_hmac(int32_t alg) printf(" Result: %s\n\n", (ret == 0) ? "PASS" : "FAIL"); return ret; } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ /* ----- Algorithm name parser ----- */ enum { @@ -804,25 +804,25 @@ int main(int argc, char* argv[]) printf("=== wolfCOSE Lifecycle Demo ===\n\n"); /* COSE_Sign1 demos */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 if ((demoAlg == DEMO_ALG_ALL) || (demoAlg == DEMO_ALG_ES256)) { tests++; if (demo_sign1_es256() != 0) { failures++; } } #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA if ((demoAlg == DEMO_ALG_ALL) || (demoAlg == DEMO_ALG_EDDSA)) { tests++; if (demo_sign1_eddsa() != 0) { failures++; } } #endif -#if defined(WC_RSA_PSS) && defined(WOLFSSL_KEY_GEN) +#if defined(WOLFCOSE_HAVE_RSAPSS) && defined(WOLFSSL_KEY_GEN) if ((demoAlg == DEMO_ALG_ALL) || (demoAlg == DEMO_ALG_PS256)) { tests++; if (demo_sign1_ps256() != 0) { failures++; } } #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA if ((demoAlg == DEMO_ALG_ALL) || (demoAlg == DEMO_ALG_ML_DSA_44)) { tests++; if (demo_sign1_ml_dsa_44() != 0) { failures++; } @@ -830,7 +830,7 @@ int main(int argc, char* argv[]) #endif /* COSE_Encrypt0 demos */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM if ((demoAlg == DEMO_ALG_ALL) || (demoAlg == DEMO_ALG_A128GCM)) { tests++; if (demo_encrypt0_aesgcm(WOLFCOSE_ALG_A128GCM) != 0) { failures++; } @@ -840,13 +840,13 @@ int main(int argc, char* argv[]) if (demo_encrypt0_aesgcm(WOLFCOSE_ALG_A256GCM) != 0) { failures++; } } #endif -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(WOLFCOSE_HAVE_CHACHA20) if ((demoAlg == DEMO_ALG_ALL) || (demoAlg == DEMO_ALG_CHACHA20)) { tests++; if (demo_encrypt0_chacha20() != 0) { failures++; } } #endif -#ifdef HAVE_AESCCM +#ifdef WOLFCOSE_HAVE_AESCCM if ((demoAlg == DEMO_ALG_ALL) || (demoAlg == DEMO_ALG_AES_CCM)) { tests++; if (demo_encrypt0_aes_ccm() != 0) { failures++; } @@ -854,24 +854,24 @@ int main(int argc, char* argv[]) #endif /* COSE_Mac0 demos */ -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC256) if ((demoAlg == DEMO_ALG_ALL) || (demoAlg == DEMO_ALG_HMAC256)) { tests++; if (demo_mac0_hmac(WOLFCOSE_ALG_HMAC256) != 0) { failures++; } } -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_HMAC384 if ((demoAlg == DEMO_ALG_ALL) || (demoAlg == DEMO_ALG_HMAC384)) { tests++; if (demo_mac0_hmac(WOLFCOSE_ALG_HMAC384) != 0) { failures++; } } #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_HMAC512 if ((demoAlg == DEMO_ALG_ALL) || (demoAlg == DEMO_ALG_HMAC512)) { tests++; if (demo_mac0_hmac(WOLFCOSE_ALG_HMAC512) != 0) { failures++; } } #endif -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ printf("=== Results: %d/%d passed", tests - failures, tests); if (failures > 0) { diff --git a/examples/mac0_demo.c b/examples/mac0_demo.c index e7b7732..3435d71 100644 --- a/examples/mac0_demo.c +++ b/examples/mac0_demo.c @@ -36,7 +36,7 @@ /* Guard: this demo requires both Mac0 create and verify APIs */ #if defined(WOLFCOSE_MAC0_CREATE) && defined(WOLFCOSE_MAC0_VERIFY) && \ - !defined(NO_HMAC) + defined(WOLFCOSE_HAVE_HMAC256) #define DEMO_ASSERT(cond, msg) do { \ if (!(cond)) { \ @@ -307,12 +307,12 @@ int main(void) if (demo_mac0_hmac256() != 0) { failures++; } -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_HMAC384 if (demo_mac0_hmac384() != 0) { failures++; } #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_HMAC512 if (demo_mac0_hmac512() != 0) { failures++; } @@ -336,10 +336,10 @@ int main(void) printf("mac0_demo: Mac0 create API disabled (WOLFCOSE_MAC0_CREATE not defined)\n"); #elif !defined(WOLFCOSE_MAC0_VERIFY) printf("mac0_demo: Mac0 verify API disabled (WOLFCOSE_MAC0_VERIFY not defined)\n"); -#elif defined(NO_HMAC) +#elif !defined(WOLFCOSE_HAVE_HMAC256) printf("mac0_demo: HMAC not enabled in wolfSSL\n"); #endif return 0; } -#endif /* WOLFCOSE_MAC0_CREATE && WOLFCOSE_MAC0_VERIFY && !NO_HMAC */ +#endif /* WOLFCOSE_MAC0_CREATE && WOLFCOSE_MAC0_VERIFY && WOLFCOSE_HAVE_HMAC256 */ diff --git a/examples/scenarios/firmware_update.c b/examples/scenarios/firmware_update.c index c58214d..c880f12 100644 --- a/examples/scenarios/firmware_update.c +++ b/examples/scenarios/firmware_update.c @@ -45,10 +45,10 @@ #include #include #include -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 #include #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA #include #endif #include @@ -68,7 +68,7 @@ static const uint8_t g_firmwareBinary[] = { }; /* ----- Step 1: OEM generates signing key (done once, stored securely) ----- */ -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA static int oem_generate_key_mldsa(wc_MlDsaKey* key, WC_RNG* rng) { int ret; @@ -98,7 +98,7 @@ static int oem_generate_key_mldsa(wc_MlDsaKey* key, WC_RNG* rng) } #endif -#if defined(HAVE_ECC) && !defined(WOLFSSL_HAVE_MLDSA) +#if defined(WOLFCOSE_HAVE_ES256) && !defined(WOLFCOSE_HAVE_MLDSA) static int oem_generate_key_ecdsa(ecc_key* key, WC_RNG* rng) { int ret; @@ -120,7 +120,7 @@ static int oem_generate_key_ecdsa(ecc_key* key, WC_RNG* rng) printf(" SUCCESS: ECDSA P-256 key generated\n"); return 0; } -#endif /* HAVE_ECC && !WOLFSSL_HAVE_MLDSA */ +#endif /* WOLFCOSE_HAVE_ES256 && !WOLFCOSE_HAVE_MLDSA */ /* ----- Step 2: OEM signs firmware with detached payload ----- */ static int oem_sign_firmware(WOLFCOSE_KEY* signingKey, int32_t alg, @@ -256,11 +256,11 @@ int main(void) WOLFCOSE_KEY signingKey; int32_t alg = 0; -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA wc_MlDsaKey dlKey; int dlInit = 0; #endif -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 ecc_key eccKey; int eccInit = 0; #endif @@ -276,7 +276,7 @@ int main(void) } rngInit = 1; -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA /* Prefer ML-DSA (post-quantum) if available */ if (ret == 0) { ret = oem_generate_key_mldsa(&dlKey, &rng); @@ -299,7 +299,7 @@ int main(void) printf("Using post-quantum ML-DSA-65 algorithm\n\n"); } -#elif defined(HAVE_ECC) +#elif defined(WOLFCOSE_HAVE_ES256) /* Fallback to ECDSA */ if (ret == 0) { ret = oem_generate_key_ecdsa(&eccKey, &rng); @@ -362,10 +362,10 @@ int main(void) } /* Cleanup */ -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA if (dlInit != 0) { wc_MlDsaKey_Free(&dlKey); } #endif -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 if (eccInit != 0) { wc_ecc_free(&eccKey); } #endif if (rngInit != 0) { wc_FreeRng(&rng); } diff --git a/examples/scenarios/group_broadcast_mac.c b/examples/scenarios/group_broadcast_mac.c index 351659c..7203d69 100644 --- a/examples/scenarios/group_broadcast_mac.c +++ b/examples/scenarios/group_broadcast_mac.c @@ -35,13 +35,15 @@ #include #endif #include +#include +#include /* Default: enabled */ #ifndef WOLFCOSE_NO_EXAMPLE_GROUP_BROADCAST #define WOLFCOSE_EXAMPLE_GROUP_BROADCAST #endif -#if defined(WOLFCOSE_EXAMPLE_GROUP_BROADCAST) && !defined(NO_HMAC) && \ +#if defined(WOLFCOSE_EXAMPLE_GROUP_BROADCAST) && defined(WOLFCOSE_HAVE_HMAC256) && \ defined(WOLFCOSE_MAC) #include @@ -303,7 +305,10 @@ static int tampered_message_detected(const uint8_t* macMsg, size_t macMsgLen) return -1; } XMEMCPY(tamperedMsg, macMsg, macMsgLen); - tamperedMsg[macMsgLen / 2] ^= 0xFF; /* Tamper with middle byte */ + /* Tamper a byte in the MAC-covered front (protected header / payload / tag); + * the middle would land in a later recipient's data that recipient 0 never + * reads, so verification would not detect it. */ + tamperedMsg[macMsgLen / 4] ^= 0xFF; /* Setup subscriber key */ wc_CoseKey_Init(&subscriberKey); @@ -421,7 +426,7 @@ int main(void) { #ifndef WOLFCOSE_EXAMPLE_GROUP_BROADCAST printf("group_broadcast_mac: example disabled\n"); -#elif defined(NO_HMAC) +#elif !defined(WOLFCOSE_HAVE_HMAC256) printf("group_broadcast_mac: requires HMAC support\n"); #elif !defined(WOLFCOSE_MAC) printf("group_broadcast_mac: requires WOLFCOSE_MAC\n"); @@ -429,4 +434,4 @@ int main(void) return 0; } -#endif /* WOLFCOSE_EXAMPLE_GROUP_BROADCAST && !NO_HMAC && WOLFCOSE_MAC */ +#endif /* WOLFCOSE_EXAMPLE_GROUP_BROADCAST && WOLFCOSE_HAVE_HMAC256 && WOLFCOSE_MAC */ diff --git a/examples/scenarios/iot_fleet_config.c b/examples/scenarios/iot_fleet_config.c index b274dbb..36ebf30 100644 --- a/examples/scenarios/iot_fleet_config.c +++ b/examples/scenarios/iot_fleet_config.c @@ -35,13 +35,15 @@ #include #endif #include +#include +#include /* Default: enabled */ #ifndef WOLFCOSE_NO_EXAMPLE_IOT_FLEET #define WOLFCOSE_EXAMPLE_IOT_FLEET #endif -#if defined(WOLFCOSE_EXAMPLE_IOT_FLEET) && defined(HAVE_AESGCM) && \ +#if defined(WOLFCOSE_EXAMPLE_IOT_FLEET) && defined(WOLFCOSE_HAVE_AESGCM) && \ defined(WOLFCOSE_ENCRYPT) #include @@ -360,7 +362,7 @@ int main(void) { #ifndef WOLFCOSE_EXAMPLE_IOT_FLEET printf("iot_fleet_config: example disabled\n"); -#elif !defined(HAVE_AESGCM) +#elif !defined(WOLFCOSE_HAVE_AESGCM) printf("iot_fleet_config: requires AES-GCM support\n"); #elif !defined(WOLFCOSE_ENCRYPT) printf("iot_fleet_config: requires WOLFCOSE_ENCRYPT\n"); @@ -368,4 +370,4 @@ int main(void) return 0; } -#endif /* WOLFCOSE_EXAMPLE_IOT_FLEET && HAVE_AESGCM && WOLFCOSE_ENCRYPT */ +#endif /* WOLFCOSE_EXAMPLE_IOT_FLEET && WOLFCOSE_HAVE_AESGCM && WOLFCOSE_ENCRYPT */ diff --git a/examples/scenarios/multi_party_approval.c b/examples/scenarios/multi_party_approval.c index c227196..abec378 100644 --- a/examples/scenarios/multi_party_approval.c +++ b/examples/scenarios/multi_party_approval.c @@ -35,13 +35,15 @@ #include #endif #include +#include +#include /* Default: enabled */ #ifndef WOLFCOSE_NO_EXAMPLE_MULTI_PARTY #define WOLFCOSE_EXAMPLE_MULTI_PARTY #endif -#if defined(WOLFCOSE_EXAMPLE_MULTI_PARTY) && defined(HAVE_ECC) && \ +#if defined(WOLFCOSE_EXAMPLE_MULTI_PARTY) && defined(WOLFCOSE_HAVE_ES256) && \ defined(WOLFCOSE_SIGN) #include @@ -92,7 +94,7 @@ static int silicon_vendor_init(ecc_key* key, WOLFCOSE_KEY* cosKey, WC_RNG* rng) } /* ----- OEM Key Generation ----- */ -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_ES384 static int oem_init(ecc_key* key, WOLFCOSE_KEY* cosKey, WC_RNG* rng) { int ret; @@ -145,7 +147,7 @@ static int sign_with_dual_control(WOLFCOSE_KEY* vendorKey, WOLFCOSE_KEY* oemKey, signers[0].kid = vendorKid; signers[0].kidLen = sizeof(vendorKid) - 1u; -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_ES384 signers[1].algId = WOLFCOSE_ALG_ES384; signers[1].key = oemKey; signers[1].kid = oemKid; @@ -172,7 +174,7 @@ static int sign_with_dual_control(WOLFCOSE_KEY* vendorKey, WOLFCOSE_KEY* oemKey, printf(" SUCCESS: Dual-signed message created (%zu bytes)\n", *signedLen); printf(" Signer 0: Silicon Vendor (ES256)\n"); -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_ES384 printf(" Signer 1: OEM (ES384)\n"); #else printf(" Signer 1: OEM (ES256)\n"); @@ -252,7 +254,7 @@ int main(void) } } -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_ES384 if (ret == 0) { ret = oem_init(&oemEccKey, &oemKey, &rng); if (ret == 0) { @@ -328,7 +330,7 @@ int main(void) { #ifndef WOLFCOSE_EXAMPLE_MULTI_PARTY printf("multi_party_approval: example disabled\n"); -#elif !defined(HAVE_ECC) +#elif !defined(WOLFCOSE_HAVE_ES256) printf("multi_party_approval: requires ECC support\n"); #elif !defined(WOLFCOSE_SIGN) printf("multi_party_approval: requires WOLFCOSE_SIGN\n"); @@ -336,4 +338,4 @@ int main(void) return 0; } -#endif /* WOLFCOSE_EXAMPLE_MULTI_PARTY && HAVE_ECC && WOLFCOSE_SIGN */ +#endif /* WOLFCOSE_EXAMPLE_MULTI_PARTY && WOLFCOSE_HAVE_ES256 && WOLFCOSE_SIGN */ diff --git a/examples/scenarios/sensor_attestation.c b/examples/scenarios/sensor_attestation.c index 8abde77..28516fa 100644 --- a/examples/scenarios/sensor_attestation.c +++ b/examples/scenarios/sensor_attestation.c @@ -35,13 +35,15 @@ #include #endif #include +#include +#include /* Default: enabled */ #ifndef WOLFCOSE_NO_EXAMPLE_SENSOR_ATTEST #define WOLFCOSE_EXAMPLE_SENSOR_ATTEST #endif -#if defined(WOLFCOSE_EXAMPLE_SENSOR_ATTEST) && defined(HAVE_ECC) +#if defined(WOLFCOSE_EXAMPLE_SENSOR_ATTEST) && defined(WOLFCOSE_HAVE_ES256) #include #include @@ -319,10 +321,10 @@ int main(void) { #ifndef WOLFCOSE_EXAMPLE_SENSOR_ATTEST printf("sensor_attestation: example disabled\n"); -#elif !defined(HAVE_ECC) +#elif !defined(WOLFCOSE_HAVE_ES256) printf("sensor_attestation: requires ECC support\n"); #endif return 0; } -#endif /* WOLFCOSE_EXAMPLE_SENSOR_ATTEST && HAVE_ECC */ +#endif /* WOLFCOSE_EXAMPLE_SENSOR_ATTEST && WOLFCOSE_HAVE_ES256 */ diff --git a/examples/sign1_demo.c b/examples/sign1_demo.c index 2c2359e..9332d9c 100644 --- a/examples/sign1_demo.c +++ b/examples/sign1_demo.c @@ -37,7 +37,7 @@ } while(0) /* All buffers on stack - no dynamic allocation */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static int demo_sign1_es256(void) { WOLFCOSE_KEY key; @@ -92,7 +92,7 @@ static int demo_sign1_es256(void) return 0; } -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_ES384 static int demo_sign1_es384(void) { WOLFCOSE_KEY key; @@ -146,7 +146,7 @@ static int demo_sign1_es384(void) } #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_ES512 static int demo_sign1_es512(void) { WOLFCOSE_KEY key; @@ -264,9 +264,9 @@ static int demo_sign1_with_aad(void) printf(" Result: PASS\n"); return 0; } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA static int demo_sign1_eddsa(void) { WOLFCOSE_KEY key; @@ -326,16 +326,16 @@ int main(void) printf("=== wolfCOSE Sign1 Demo ===\n\n"); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 if (demo_sign1_es256() != 0) { failures++; } -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_ES384 if (demo_sign1_es384() != 0) { failures++; } #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_ES512 if (demo_sign1_es512() != 0) { failures++; } @@ -345,7 +345,7 @@ int main(void) } #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA if (demo_sign1_eddsa() != 0) { failures++; } diff --git a/include/wolfcose/settings.h b/include/wolfcose/settings.h new file mode 100644 index 0000000..fe56c2e --- /dev/null +++ b/include/wolfcose/settings.h @@ -0,0 +1,414 @@ +/* settings.h + * + * Copyright (C) 2026 wolfSSL Inc. + * + * This file is part of wolfCOSE. + * + * wolfCOSE is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfCOSE is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +/* wolfCOSE compile-time configuration. + * + * Default: every algorithm wolfSSL provides is enabled (full build). Strip an + * individual feature with WOLFCOSE_NO_. + * + * WOLFCOSE_LEAN: lean build. Only the core stays on — COSE_Sign1/Encrypt0/Mac0 + * with ES256, AES-GCM, HMAC-SHA256 — and everything else becomes opt-in via + * WOLFCOSE_ENABLE_. WOLFCOSE_ENABLE_ALL turns every extension back on. + * + * An extension is on when: explicitly enabled (WOLFCOSE_ENABLE_ or + * WOLFCOSE_ENABLE_ALL), or it is a full (non-LEAN) build and wolfSSL provides + * the primitive and it is not opted out. Explicitly enabling something wolfSSL + * cannot provide is a hard error. + * + * Configure via -D flags or the wolfSSL user_settings.h (included before this). + */ + +#ifndef WOLFCOSE_SETTINGS_H +#define WOLFCOSE_SETTINGS_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* === Signature algorithms === */ + +/* ES256 — core (on whenever wolfSSL has ECC) */ +#if defined(HAVE_ECC) && !defined(WOLFCOSE_NO_ES256) + #define WOLFCOSE_HAVE_ES256 +#endif + +/* ES384 — extension */ +#if defined(WOLFCOSE_ENABLE_ES384) || defined(WOLFCOSE_ENABLE_ALL) + #if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA384) + #error "WOLFCOSE_ENABLE_ES384 requires wolfSSL HAVE_ECC + WOLFSSL_SHA384" + #endif + #define WOLFCOSE_HAVE_ES384 +#elif !defined(WOLFCOSE_LEAN) && !defined(WOLFCOSE_NO_ES384) && \ + defined(HAVE_ECC) && defined(WOLFSSL_SHA384) + #define WOLFCOSE_HAVE_ES384 +#endif + +/* ES512 — extension */ +#if defined(WOLFCOSE_ENABLE_ES512) || defined(WOLFCOSE_ENABLE_ALL) + #if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA512) + #error "WOLFCOSE_ENABLE_ES512 requires wolfSSL HAVE_ECC + WOLFSSL_SHA512" + #endif + #define WOLFCOSE_HAVE_ES512 +#elif !defined(WOLFCOSE_LEAN) && !defined(WOLFCOSE_NO_ES512) && \ + defined(HAVE_ECC) && defined(WOLFSSL_SHA512) + #define WOLFCOSE_HAVE_ES512 +#endif + +/* EdDSA (Ed25519) — extension */ +#if defined(WOLFCOSE_ENABLE_EDDSA) || defined(WOLFCOSE_ENABLE_ALL) + #ifndef HAVE_ED25519 + #error "WOLFCOSE_ENABLE_EDDSA requires wolfSSL HAVE_ED25519" + #endif + #define WOLFCOSE_HAVE_EDDSA +#elif !defined(WOLFCOSE_LEAN) && !defined(WOLFCOSE_NO_EDDSA) && defined(HAVE_ED25519) + #define WOLFCOSE_HAVE_EDDSA +#endif + +/* Ed448 — extension */ +#if defined(WOLFCOSE_ENABLE_ED448) || defined(WOLFCOSE_ENABLE_ALL) + #ifndef HAVE_ED448 + #error "WOLFCOSE_ENABLE_ED448 requires wolfSSL HAVE_ED448" + #endif + #define WOLFCOSE_HAVE_ED448 +#elif !defined(WOLFCOSE_LEAN) && !defined(WOLFCOSE_NO_ED448) && defined(HAVE_ED448) + #define WOLFCOSE_HAVE_ED448 +#endif + +/* ML-DSA (44/65/87) — extension */ +#if defined(WOLFCOSE_ENABLE_MLDSA) || defined(WOLFCOSE_ENABLE_ALL) + #ifndef WOLFSSL_HAVE_MLDSA + #error "WOLFCOSE_ENABLE_MLDSA requires wolfSSL WOLFSSL_HAVE_MLDSA" + #endif + #define WOLFCOSE_HAVE_MLDSA +#elif !defined(WOLFCOSE_LEAN) && !defined(WOLFCOSE_NO_MLDSA) && defined(WOLFSSL_HAVE_MLDSA) + #define WOLFCOSE_HAVE_MLDSA +#endif + +/* RSA-PSS (PS256/384/512) — extension */ +#if defined(WOLFCOSE_ENABLE_RSAPSS) || defined(WOLFCOSE_ENABLE_ALL) + #ifndef WC_RSA_PSS + #error "WOLFCOSE_ENABLE_RSAPSS requires wolfSSL WC_RSA_PSS" + #endif + #define WOLFCOSE_RSAPSS_ON +#elif !defined(WOLFCOSE_LEAN) && !defined(WOLFCOSE_NO_RSAPSS) && defined(WC_RSA_PSS) + #define WOLFCOSE_RSAPSS_ON +#endif +#ifdef WOLFCOSE_RSAPSS_ON + #define WOLFCOSE_HAVE_PS256 + #ifdef WOLFSSL_SHA384 + #define WOLFCOSE_HAVE_PS384 + #endif + #ifdef WOLFSSL_SHA512 + #define WOLFCOSE_HAVE_PS512 + #endif +#endif + +#if defined(WOLFCOSE_HAVE_ES256) || defined(WOLFCOSE_HAVE_ES384) || \ + defined(WOLFCOSE_HAVE_ES512) + #define WOLFCOSE_HAVE_ECDSA +#endif +#if defined(WOLFCOSE_HAVE_PS256) || defined(WOLFCOSE_HAVE_PS384) || \ + defined(WOLFCOSE_HAVE_PS512) + #define WOLFCOSE_HAVE_RSAPSS +#endif +#if defined(WOLFCOSE_HAVE_ECDSA) || defined(WOLFCOSE_HAVE_EDDSA) || \ + defined(WOLFCOSE_HAVE_ED448) || defined(WOLFCOSE_HAVE_RSAPSS) || \ + defined(WOLFCOSE_HAVE_MLDSA) + #define WOLFCOSE_HAVE_SIG +#endif + +/* === AEAD algorithms === */ + +/* AES-GCM — core */ +#if defined(HAVE_AESGCM) && !defined(WOLFCOSE_NO_AESGCM) + #define WOLFCOSE_HAVE_AESGCM +#endif + +/* ChaCha20-Poly1305 — extension */ +#if defined(WOLFCOSE_ENABLE_CHACHA20) || defined(WOLFCOSE_ENABLE_ALL) + #if !defined(HAVE_CHACHA) || !defined(HAVE_POLY1305) + #error "WOLFCOSE_ENABLE_CHACHA20 requires wolfSSL HAVE_CHACHA + HAVE_POLY1305" + #endif + #define WOLFCOSE_HAVE_CHACHA20 +#elif !defined(WOLFCOSE_LEAN) && !defined(WOLFCOSE_NO_CHACHA20) && \ + defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + #define WOLFCOSE_HAVE_CHACHA20 +#endif + +/* AES-CCM — extension */ +#if defined(WOLFCOSE_ENABLE_AESCCM) || defined(WOLFCOSE_ENABLE_ALL) + #ifndef HAVE_AESCCM + #error "WOLFCOSE_ENABLE_AESCCM requires wolfSSL HAVE_AESCCM" + #endif + #define WOLFCOSE_HAVE_AESCCM +#elif !defined(WOLFCOSE_LEAN) && !defined(WOLFCOSE_NO_AESCCM) && defined(HAVE_AESCCM) + #define WOLFCOSE_HAVE_AESCCM +#endif + +#if defined(WOLFCOSE_HAVE_AESGCM) || defined(WOLFCOSE_HAVE_CHACHA20) || \ + defined(WOLFCOSE_HAVE_AESCCM) + #define WOLFCOSE_HAVE_AEAD +#endif + +/* === MAC algorithms === */ + +/* HMAC-SHA256 — core */ +#if !defined(NO_HMAC) && !defined(WOLFCOSE_NO_HMAC256) + #define WOLFCOSE_HAVE_HMAC256 +#endif + +/* HMAC-SHA384 — extension */ +#if defined(WOLFCOSE_ENABLE_HMAC384) || defined(WOLFCOSE_ENABLE_ALL) + #if defined(NO_HMAC) || !defined(WOLFSSL_SHA384) + #error "WOLFCOSE_ENABLE_HMAC384 requires wolfSSL HMAC + WOLFSSL_SHA384" + #endif + #define WOLFCOSE_HAVE_HMAC384 +#elif !defined(WOLFCOSE_LEAN) && !defined(WOLFCOSE_NO_HMAC384) && \ + !defined(NO_HMAC) && defined(WOLFSSL_SHA384) + #define WOLFCOSE_HAVE_HMAC384 +#endif + +/* HMAC-SHA512 — extension */ +#if defined(WOLFCOSE_ENABLE_HMAC512) || defined(WOLFCOSE_ENABLE_ALL) + #if defined(NO_HMAC) || !defined(WOLFSSL_SHA512) + #error "WOLFCOSE_ENABLE_HMAC512 requires wolfSSL HMAC + WOLFSSL_SHA512" + #endif + #define WOLFCOSE_HAVE_HMAC512 +#elif !defined(WOLFCOSE_LEAN) && !defined(WOLFCOSE_NO_HMAC512) && \ + !defined(NO_HMAC) && defined(WOLFSSL_SHA512) + #define WOLFCOSE_HAVE_HMAC512 +#endif + +/* AES-CBC-MAC — extension */ +#if defined(WOLFCOSE_ENABLE_AESMAC) || defined(WOLFCOSE_ENABLE_ALL) + #ifndef HAVE_AES_CBC + #error "WOLFCOSE_ENABLE_AESMAC requires wolfSSL HAVE_AES_CBC" + #endif + #define WOLFCOSE_HAVE_AESMAC +#elif !defined(WOLFCOSE_LEAN) && !defined(WOLFCOSE_NO_AESMAC) && defined(HAVE_AES_CBC) + #define WOLFCOSE_HAVE_AESMAC +#endif + +#if defined(WOLFCOSE_HAVE_HMAC256) || defined(WOLFCOSE_HAVE_HMAC384) || \ + defined(WOLFCOSE_HAVE_HMAC512) + #define WOLFCOSE_HAVE_HMAC +#endif + +#if defined(WOLFCOSE_HAVE_HMAC) || defined(WOLFCOSE_HAVE_AESMAC) + #define WOLFCOSE_HAVE_MAC +#endif + +/* === Message types === */ + +/* COSE_Sign1 — core (auto-off if no signature algorithm) */ +#if !defined(WOLFCOSE_NO_SIGN1) && defined(WOLFCOSE_HAVE_SIG) + #define WOLFCOSE_SIGN1 +#endif +#ifdef WOLFCOSE_SIGN1 + #ifndef WOLFCOSE_NO_SIGN1_SIGN + #define WOLFCOSE_SIGN1_SIGN + #endif + #ifndef WOLFCOSE_NO_SIGN1_VERIFY + #define WOLFCOSE_SIGN1_VERIFY + #endif +#endif + +/* COSE_Encrypt0 — core (auto-off if no AEAD) */ +#if !defined(WOLFCOSE_NO_ENCRYPT0) && defined(WOLFCOSE_HAVE_AEAD) + #define WOLFCOSE_ENCRYPT0 +#endif +#ifdef WOLFCOSE_ENCRYPT0 + #ifndef WOLFCOSE_NO_ENCRYPT0_ENCRYPT + #define WOLFCOSE_ENCRYPT0_ENCRYPT + #endif + #ifndef WOLFCOSE_NO_ENCRYPT0_DECRYPT + #define WOLFCOSE_ENCRYPT0_DECRYPT + #endif +#endif + +/* COSE_Mac0 — core (auto-off if no MAC) */ +#if !defined(WOLFCOSE_NO_MAC0) && defined(WOLFCOSE_HAVE_MAC) + #define WOLFCOSE_MAC0 +#endif +#ifdef WOLFCOSE_MAC0 + #ifndef WOLFCOSE_NO_MAC0_CREATE + #define WOLFCOSE_MAC0_CREATE + #endif + #ifndef WOLFCOSE_NO_MAC0_VERIFY + #define WOLFCOSE_MAC0_VERIFY + #endif +#endif + +/* COSE_Sign multi-signer — extension */ +#if defined(WOLFCOSE_ENABLE_SIGN) || defined(WOLFCOSE_ENABLE_ALL) + #define WOLFCOSE_SIGN_WANT +#elif !defined(WOLFCOSE_LEAN) && !defined(WOLFCOSE_NO_SIGN) + #define WOLFCOSE_SIGN_WANT +#endif +#if defined(WOLFCOSE_SIGN_WANT) && defined(WOLFCOSE_HAVE_SIG) + #define WOLFCOSE_SIGN + #ifndef WOLFCOSE_NO_SIGN_SIGN + #define WOLFCOSE_SIGN_SIGN + #endif + #ifndef WOLFCOSE_NO_SIGN_VERIFY + #define WOLFCOSE_SIGN_VERIFY + #endif +#endif + +/* COSE_Encrypt multi-recipient — extension */ +#if defined(WOLFCOSE_ENABLE_ENCRYPT) || defined(WOLFCOSE_ENABLE_ALL) + #define WOLFCOSE_ENCRYPT_WANT +#elif !defined(WOLFCOSE_LEAN) && !defined(WOLFCOSE_NO_ENCRYPT) + #define WOLFCOSE_ENCRYPT_WANT +#endif +#if defined(WOLFCOSE_ENCRYPT_WANT) && defined(WOLFCOSE_HAVE_AEAD) + #define WOLFCOSE_ENCRYPT + #ifndef WOLFCOSE_NO_ENCRYPT_ENCRYPT + #define WOLFCOSE_ENCRYPT_ENCRYPT + #endif + #ifndef WOLFCOSE_NO_ENCRYPT_DECRYPT + #define WOLFCOSE_ENCRYPT_DECRYPT + #endif +#endif + +/* COSE_Mac multi-recipient — extension */ +#if defined(WOLFCOSE_ENABLE_MAC) || defined(WOLFCOSE_ENABLE_ALL) + #define WOLFCOSE_MAC_WANT +#elif !defined(WOLFCOSE_LEAN) && !defined(WOLFCOSE_NO_MAC) + #define WOLFCOSE_MAC_WANT +#endif +#if defined(WOLFCOSE_MAC_WANT) && defined(WOLFCOSE_HAVE_MAC) + #define WOLFCOSE_MAC + #ifndef WOLFCOSE_NO_MAC_CREATE + #define WOLFCOSE_MAC_CREATE + #endif + #ifndef WOLFCOSE_NO_MAC_VERIFY + #define WOLFCOSE_MAC_VERIFY + #endif +#endif + +/* === Recipient key distribution (COSE_Encrypt / COSE_Mac only) === */ + +/* AES key wrap — extension */ +#if defined(WOLFCOSE_ENABLE_AESWRAP) || defined(WOLFCOSE_ENABLE_ALL) + #ifndef HAVE_AES_KEYWRAP + #error "WOLFCOSE_ENABLE_AESWRAP requires wolfSSL HAVE_AES_KEYWRAP" + #endif + #define WOLFCOSE_WANT_KEY_WRAP +#elif !defined(WOLFCOSE_LEAN) && !defined(WOLFCOSE_NO_AESWRAP) && \ + defined(HAVE_AES_KEYWRAP) + #define WOLFCOSE_WANT_KEY_WRAP +#endif + +/* ECDH-ES — extension */ +#if defined(WOLFCOSE_ENABLE_ECDH_ES) || defined(WOLFCOSE_ENABLE_ALL) + #if !defined(HAVE_ECC) || !defined(HAVE_HKDF) + #error "WOLFCOSE_ENABLE_ECDH_ES requires wolfSSL HAVE_ECC + HAVE_HKDF" + #endif + #define WOLFCOSE_WANT_ECDH +#elif !defined(WOLFCOSE_LEAN) && !defined(WOLFCOSE_NO_ECDH_ES) && \ + defined(HAVE_ECC) && defined(HAVE_HKDF) + #define WOLFCOSE_WANT_ECDH +#endif + +#if (defined(WOLFCOSE_ENCRYPT) || defined(WOLFCOSE_MAC)) && \ + !defined(WOLFCOSE_NO_RECIPIENTS) + #define WOLFCOSE_RECIPIENTS + #ifdef WOLFCOSE_WANT_KEY_WRAP + #define WOLFCOSE_KEY_WRAP + #endif + #ifdef WOLFCOSE_WANT_ECDH + #define WOLFCOSE_ECDH + #if defined(HAVE_ECC) && defined(HAVE_HKDF) + #define WOLFCOSE_ECDH_ES_DIRECT + #endif + #ifdef WOLFCOSE_KEY_WRAP + #define WOLFCOSE_ECDH_WRAP + #endif + #endif +#endif + +/* === COSE_Key serialization — core === */ +#ifndef WOLFCOSE_NO_KEY_ENCODE + #define WOLFCOSE_KEY_ENCODE +#endif +#ifndef WOLFCOSE_NO_KEY_DECODE + #define WOLFCOSE_KEY_DECODE +#endif + +/* === CBOR layer === + * Encode is required by any sign/encrypt/MAC-create op and by COSE_Key encode; + * decode by any verify/decrypt/MAC-verify op and COSE_Key decode. On by + * default; fail loud if explicitly disabled while still required. */ +#if !defined(WOLFCOSE_NO_CBOR_ENCODE) + #define WOLFCOSE_CBOR_ENCODE +#elif defined(WOLFCOSE_SIGN1_SIGN) || defined(WOLFCOSE_ENCRYPT0_ENCRYPT) || \ + defined(WOLFCOSE_MAC0_CREATE) || defined(WOLFCOSE_SIGN_SIGN) || \ + defined(WOLFCOSE_ENCRYPT_ENCRYPT) || defined(WOLFCOSE_MAC_CREATE) || \ + defined(WOLFCOSE_KEY_ENCODE) + #error "WOLFCOSE_NO_CBOR_ENCODE conflicts with an enabled encode operation" +#endif +#if !defined(WOLFCOSE_NO_CBOR_DECODE) + #define WOLFCOSE_CBOR_DECODE +#elif defined(WOLFCOSE_SIGN1_VERIFY) || defined(WOLFCOSE_ENCRYPT0_DECRYPT) || \ + defined(WOLFCOSE_MAC0_VERIFY) || defined(WOLFCOSE_SIGN_VERIFY) || \ + defined(WOLFCOSE_ENCRYPT_DECRYPT) || defined(WOLFCOSE_MAC_VERIFY) || \ + defined(WOLFCOSE_KEY_DECODE) + #error "WOLFCOSE_NO_CBOR_DECODE conflicts with an enabled decode operation" +#endif + +/* === Configurable limits === */ +#ifndef WOLFCOSE_MAX_SCRATCH_SZ + #if defined(WOLFCOSE_HAVE_MLDSA) + #define WOLFCOSE_MAX_SCRATCH_SZ 8192u + #else + #define WOLFCOSE_MAX_SCRATCH_SZ 512u + #endif +#endif +#ifndef WOLFCOSE_PROTECTED_HDR_MAX + #define WOLFCOSE_PROTECTED_HDR_MAX 64u +#endif +#ifndef WOLFCOSE_CBOR_MAX_DEPTH + #define WOLFCOSE_CBOR_MAX_DEPTH 8u +#endif +#ifndef WOLFCOSE_MAX_MAP_ITEMS + #define WOLFCOSE_MAX_MAP_ITEMS 16u +#endif +#ifndef WOLFCOSE_MAX_SIG_SZ + #if defined(WOLFCOSE_HAVE_MLDSA) + #define WOLFCOSE_MAX_SIG_SZ 4627u + #elif defined(WOLFCOSE_HAVE_RSAPSS) + #define WOLFCOSE_MAX_SIG_SZ 512u + #else + #define WOLFCOSE_MAX_SIG_SZ 132u + #endif +#endif + +#if defined(WOLFCOSE_HAVE_MLDSA) && (WOLFCOSE_MAX_SCRATCH_SZ < 4096u) + #error "wolfCOSE: ML-DSA enabled but WOLFCOSE_MAX_SCRATCH_SZ too small" +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* WOLFCOSE_SETTINGS_H */ diff --git a/include/wolfcose/wolfcose.h b/include/wolfcose/wolfcose.h index 7776e69..7f1d2e2 100644 --- a/include/wolfcose/wolfcose.h +++ b/include/wolfcose/wolfcose.h @@ -56,157 +56,9 @@ extern "C" { #endif -/* ----- - * Compile-time feature gates — opt-out design - * - * Users exclude features via WOLFCOSE_NO_* defines: - * -DWOLFCOSE_NO_ENCRYPT0 -DWOLFCOSE_NO_MAC0 → Sign-only build - * -DWOLFCOSE_NO_SIGN1_SIGN -DWOLFCOSE_NO_CBOR_ENCODE → Verify-only build - * - * Parent gates imply children unless child is explicitly excluded. - * ----- */ - -/* === Message Type Gates === */ - -/* SIGN1 */ -#if !defined(WOLFCOSE_NO_SIGN1) && !defined(WOLFCOSE_SIGN1) - #define WOLFCOSE_SIGN1 -#endif -#if defined(WOLFCOSE_SIGN1) - #if !defined(WOLFCOSE_NO_SIGN1_SIGN) && !defined(WOLFCOSE_SIGN1_SIGN) - #define WOLFCOSE_SIGN1_SIGN - #endif - #if !defined(WOLFCOSE_NO_SIGN1_VERIFY) && !defined(WOLFCOSE_SIGN1_VERIFY) - #define WOLFCOSE_SIGN1_VERIFY - #endif -#endif - -/* ENCRYPT0 */ -#if !defined(WOLFCOSE_NO_ENCRYPT0) && !defined(WOLFCOSE_ENCRYPT0) - #define WOLFCOSE_ENCRYPT0 -#endif -#if defined(WOLFCOSE_ENCRYPT0) - #if !defined(WOLFCOSE_NO_ENCRYPT0_ENCRYPT) && !defined(WOLFCOSE_ENCRYPT0_ENCRYPT) - #define WOLFCOSE_ENCRYPT0_ENCRYPT - #endif - #if !defined(WOLFCOSE_NO_ENCRYPT0_DECRYPT) && !defined(WOLFCOSE_ENCRYPT0_DECRYPT) - #define WOLFCOSE_ENCRYPT0_DECRYPT - #endif -#endif - -/* MAC0 */ -#if !defined(WOLFCOSE_NO_MAC0) && !defined(WOLFCOSE_MAC0) - #define WOLFCOSE_MAC0 -#endif -#if defined(WOLFCOSE_MAC0) - #if !defined(WOLFCOSE_NO_MAC0_CREATE) && !defined(WOLFCOSE_MAC0_CREATE) - #define WOLFCOSE_MAC0_CREATE - #endif - #if !defined(WOLFCOSE_NO_MAC0_VERIFY) && !defined(WOLFCOSE_MAC0_VERIFY) - #define WOLFCOSE_MAC0_VERIFY - #endif -#endif - -/* Multi-signer SIGN */ -#if !defined(WOLFCOSE_NO_SIGN) && !defined(WOLFCOSE_SIGN) - #define WOLFCOSE_SIGN -#endif -#if defined(WOLFCOSE_SIGN) - #if !defined(WOLFCOSE_NO_SIGN_SIGN) && !defined(WOLFCOSE_SIGN_SIGN) - #define WOLFCOSE_SIGN_SIGN - #endif - #if !defined(WOLFCOSE_NO_SIGN_VERIFY) && !defined(WOLFCOSE_SIGN_VERIFY) - #define WOLFCOSE_SIGN_VERIFY - #endif -#endif - -/* Multi-recipient ENCRYPT */ -#if !defined(WOLFCOSE_NO_ENCRYPT) && !defined(WOLFCOSE_ENCRYPT) - #define WOLFCOSE_ENCRYPT -#endif -#if defined(WOLFCOSE_ENCRYPT) - #if !defined(WOLFCOSE_NO_ENCRYPT_ENCRYPT) && !defined(WOLFCOSE_ENCRYPT_ENCRYPT) - #define WOLFCOSE_ENCRYPT_ENCRYPT - #endif - #if !defined(WOLFCOSE_NO_ENCRYPT_DECRYPT) && !defined(WOLFCOSE_ENCRYPT_DECRYPT) - #define WOLFCOSE_ENCRYPT_DECRYPT - #endif -#endif - -/* Multi-recipient MAC */ -#if !defined(WOLFCOSE_NO_MAC) && !defined(WOLFCOSE_MAC) - #define WOLFCOSE_MAC -#endif -#if defined(WOLFCOSE_MAC) - #if !defined(WOLFCOSE_NO_MAC_CREATE) && !defined(WOLFCOSE_MAC_CREATE) - #define WOLFCOSE_MAC_CREATE - #endif - #if !defined(WOLFCOSE_NO_MAC_VERIFY) && !defined(WOLFCOSE_MAC_VERIFY) - #define WOLFCOSE_MAC_VERIFY - #endif -#endif - -/* === Recipient/Key Distribution Gates === */ - -#if !defined(WOLFCOSE_NO_RECIPIENTS) && !defined(WOLFCOSE_RECIPIENTS) - #define WOLFCOSE_RECIPIENTS -#endif -#if defined(WOLFCOSE_RECIPIENTS) - #if !defined(WOLFCOSE_NO_KEY_WRAP) && defined(HAVE_AES_KEYWRAP) && \ - !defined(WOLFCOSE_KEY_WRAP) - #define WOLFCOSE_KEY_WRAP - #endif - #if !defined(WOLFCOSE_NO_ECDH) && (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ - !defined(WOLFCOSE_ECDH) - #define WOLFCOSE_ECDH - #endif - #if !defined(WOLFCOSE_NO_ECDH_WRAP) && defined(WOLFCOSE_ECDH) && \ - defined(WOLFCOSE_KEY_WRAP) && !defined(WOLFCOSE_ECDH_WRAP) - #define WOLFCOSE_ECDH_WRAP - #endif - #if !defined(WOLFCOSE_NO_ECDH_ES_DIRECT) && defined(WOLFCOSE_ECDH) && \ - defined(HAVE_ECC) && defined(HAVE_HKDF) && !defined(WOLFCOSE_ECDH_ES_DIRECT) - #define WOLFCOSE_ECDH_ES_DIRECT - #endif -#endif - -/* === CBOR Layer Gates === */ - -#if !defined(WOLFCOSE_NO_CBOR_ENCODE) && !defined(WOLFCOSE_CBOR_ENCODE) - #define WOLFCOSE_CBOR_ENCODE -#endif -#if !defined(WOLFCOSE_NO_CBOR_DECODE) && !defined(WOLFCOSE_CBOR_DECODE) - #define WOLFCOSE_CBOR_DECODE -#endif - -/* === COSE_Key Gates === */ - -#if !defined(WOLFCOSE_NO_KEY_ENCODE) && !defined(WOLFCOSE_KEY_ENCODE) - #define WOLFCOSE_KEY_ENCODE -#endif -#if !defined(WOLFCOSE_NO_KEY_DECODE) && !defined(WOLFCOSE_KEY_DECODE) - #define WOLFCOSE_KEY_DECODE -#endif - -/* === Auto-enable dependencies === */ - -/* Sign/Encrypt/Mac operations need CBOR encode */ -#if defined(WOLFCOSE_SIGN1_SIGN) || defined(WOLFCOSE_ENCRYPT0_ENCRYPT) || \ - defined(WOLFCOSE_MAC0_CREATE) || defined(WOLFCOSE_SIGN_SIGN) || \ - defined(WOLFCOSE_ENCRYPT_ENCRYPT) || defined(WOLFCOSE_MAC_CREATE) - #if !defined(WOLFCOSE_CBOR_ENCODE) - #define WOLFCOSE_CBOR_ENCODE - #endif -#endif - -/* Verify/Decrypt operations need CBOR decode */ -#if defined(WOLFCOSE_SIGN1_VERIFY) || defined(WOLFCOSE_ENCRYPT0_DECRYPT) || \ - defined(WOLFCOSE_MAC0_VERIFY) || defined(WOLFCOSE_SIGN_VERIFY) || \ - defined(WOLFCOSE_ENCRYPT_DECRYPT) || defined(WOLFCOSE_MAC_VERIFY) - #if !defined(WOLFCOSE_CBOR_DECODE) - #define WOLFCOSE_CBOR_DECODE - #endif -#endif +/* Compile-time configuration: NO_/ENABLE_ feature gates, per-algorithm + * WOLFCOSE_HAVE_* flags, and tunable limits all resolve here. */ +#include /* ----- Error codes (-9000 to -9099) ----- */ #define WOLFCOSE_SUCCESS 0 @@ -228,33 +80,6 @@ extern "C" { #define WOLFCOSE_E_MAC_FAIL (-9022) #define WOLFCOSE_E_DETACHED_PAYLOAD (-9023) -/* ----- Configurable limits ----- */ -#ifndef WOLFCOSE_MAX_SCRATCH_SZ - #if defined(WOLFSSL_HAVE_MLDSA) - #define WOLFCOSE_MAX_SCRATCH_SZ 8192u - #else - #define WOLFCOSE_MAX_SCRATCH_SZ 512u - #endif -#endif -#ifndef WOLFCOSE_PROTECTED_HDR_MAX - #define WOLFCOSE_PROTECTED_HDR_MAX 64u -#endif -#ifndef WOLFCOSE_CBOR_MAX_DEPTH - #define WOLFCOSE_CBOR_MAX_DEPTH 8u -#endif -#ifndef WOLFCOSE_MAX_MAP_ITEMS - #define WOLFCOSE_MAX_MAP_ITEMS 16u -#endif -#ifndef WOLFCOSE_MAX_SIG_SZ - #if defined(WOLFSSL_HAVE_MLDSA) - #define WOLFCOSE_MAX_SIG_SZ 4627u - #elif defined(WC_RSA_PSS) - #define WOLFCOSE_MAX_SIG_SZ 512u - #else - #define WOLFCOSE_MAX_SIG_SZ 132u - #endif -#endif - /* ----- CBOR constants (RFC 8949) ----- */ /* Major types (top 3 bits of initial byte) */ @@ -738,7 +563,7 @@ WOLFCOSE_API int wc_CoseKey_SetEcc(WOLFCOSE_KEY* key, int32_t crv, ecc_key* eccKey); #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA /** * \brief Attach an Ed25519 key to a COSE key structure. * \param key COSE key (must be initialized). @@ -749,16 +574,16 @@ WOLFCOSE_API int wc_CoseKey_SetEd25519(WOLFCOSE_KEY* key, ed25519_key* edKey); #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 WOLFCOSE_API int wc_CoseKey_SetEd448(WOLFCOSE_KEY* key, ed448_key* edKey); #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA WOLFCOSE_API int wc_CoseKey_SetMlDsa(WOLFCOSE_KEY* key, int32_t alg, wc_MlDsaKey* mlDsaKey); #endif -#ifdef WC_RSA_PSS +#ifdef WOLFCOSE_HAVE_RSAPSS WOLFCOSE_API int wc_CoseKey_SetRsa(WOLFCOSE_KEY* key, RsaKey* rsaKey); #endif @@ -930,7 +755,7 @@ WOLFCOSE_API int wc_CoseEncrypt0_Decrypt(WOLFCOSE_KEY* key, /* ----- COSE_Mac0 API (RFC 9052 Section 6.2) ----- */ -#if defined(WOLFCOSE_MAC0_CREATE) && (!defined(NO_HMAC) || defined(HAVE_AES_CBC)) +#if defined(WOLFCOSE_MAC0_CREATE) && (defined(WOLFCOSE_HAVE_HMAC) || defined(WOLFCOSE_HAVE_AESMAC)) /** * \brief Create a COSE_Mac0 message (RFC 9052 Section 6.2). * @@ -964,9 +789,9 @@ WOLFCOSE_API int wc_CoseMac0_Create(const WOLFCOSE_KEY* key, int32_t alg, const uint8_t* extAad, size_t extAadLen, uint8_t* scratch, size_t scratchSz, uint8_t* out, size_t outSz, size_t* outLen); -#endif /* WOLFCOSE_MAC0_CREATE && (!NO_HMAC || HAVE_AES_CBC) */ +#endif /* WOLFCOSE_MAC0_CREATE && (WOLFCOSE_HAVE_HMAC || WOLFCOSE_HAVE_AESMAC) */ -#if defined(WOLFCOSE_MAC0_VERIFY) && (!defined(NO_HMAC) || defined(HAVE_AES_CBC)) +#if defined(WOLFCOSE_MAC0_VERIFY) && (defined(WOLFCOSE_HAVE_HMAC) || defined(WOLFCOSE_HAVE_AESMAC)) /** * \brief Verify a COSE_Mac0 message and extract the payload. * @@ -993,7 +818,7 @@ WOLFCOSE_API int wc_CoseMac0_Verify(const WOLFCOSE_KEY* key, uint8_t* scratch, size_t scratchSz, WOLFCOSE_HDR* hdr, const uint8_t** payload, size_t* payloadLen); -#endif /* WOLFCOSE_MAC0_VERIFY && !NO_HMAC */ +#endif /* WOLFCOSE_MAC0_VERIFY && WOLFCOSE_HAVE_HMAC */ /* ----- COSE_Sign Multi-Signer API (RFC 9052 Section 4.1) ----- */ diff --git a/src/wolfcose.c b/src/wolfcose.c index 5afa454..e747de5 100644 --- a/src/wolfcose.c +++ b/src/wolfcose.c @@ -33,13 +33,14 @@ #include #include #include /* XMEMCPY */ -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) +#if defined(WOLFCOSE_HAVE_AESGCM) || defined(WOLFCOSE_HAVE_AESCCM) || \ + defined(WOLFCOSE_HAVE_AESMAC) || defined(WOLFCOSE_KEY_WRAP) #include #endif -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC #include #endif -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(WOLFCOSE_HAVE_CHACHA20) #include #endif #include @@ -137,22 +138,22 @@ int wolfCose_AlgToHashType(int32_t alg, enum wc_HashType* hashType) } else { switch (alg) { -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 case WOLFCOSE_ALG_ES256: *hashType = WC_HASH_TYPE_SHA256; break; - #ifdef WOLFSSL_SHA384 +#endif +#ifdef WOLFCOSE_HAVE_ES384 case WOLFCOSE_ALG_ES384: *hashType = WC_HASH_TYPE_SHA384; break; - #endif - #ifdef WOLFSSL_SHA512 +#endif +#ifdef WOLFCOSE_HAVE_ES512 case WOLFCOSE_ALG_ES512: *hashType = WC_HASH_TYPE_SHA512; break; - #endif -#endif /* HAVE_ECC */ -#if defined(HAVE_ED25519) || defined(HAVE_ED448) +#endif +#if defined(WOLFCOSE_HAVE_EDDSA) || defined(WOLFCOSE_HAVE_ED448) case WOLFCOSE_ALG_EDDSA: /* RFC 9053 Section 2.2: EdDSA hashes the message internally * with SHA-512 (Ed25519) or SHAKE-256 (Ed448). The "external" @@ -160,21 +161,21 @@ int wolfCose_AlgToHashType(int32_t alg, enum wc_HashType* hashType) *hashType = WC_HASH_TYPE_SHA512; break; #endif -#ifdef WC_RSA_PSS +#ifdef WOLFCOSE_HAVE_PS256 case WOLFCOSE_ALG_PS256: *hashType = WC_HASH_TYPE_SHA256; break; - #ifdef WOLFSSL_SHA384 +#endif +#ifdef WOLFCOSE_HAVE_PS384 case WOLFCOSE_ALG_PS384: *hashType = WC_HASH_TYPE_SHA384; break; - #endif - #ifdef WOLFSSL_SHA512 +#endif +#ifdef WOLFCOSE_HAVE_PS512 case WOLFCOSE_ALG_PS512: *hashType = WC_HASH_TYPE_SHA512; break; - #endif -#endif /* WC_RSA_PSS */ +#endif default: ret = WOLFCOSE_E_COSE_BAD_ALG; break; @@ -192,33 +193,33 @@ WOLFCOSE_LOCAL int wolfCose_SigSize(int32_t alg, size_t* sigSz) } else { switch (alg) { -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 case WOLFCOSE_ALG_ES256: *sigSz = 64; /* r(32) || s(32) */ break; - #ifdef WOLFSSL_SHA384 +#endif +#ifdef WOLFCOSE_HAVE_ES384 case WOLFCOSE_ALG_ES384: *sigSz = 96; /* r(48) || s(48) */ break; - #endif - #ifdef WOLFSSL_SHA512 +#endif +#ifdef WOLFCOSE_HAVE_ES512 case WOLFCOSE_ALG_ES512: *sigSz = 132; /* r(66) || s(66) */ break; - #endif #endif -#if defined(HAVE_ED25519) || defined(HAVE_ED448) +#if defined(WOLFCOSE_HAVE_EDDSA) || defined(WOLFCOSE_HAVE_ED448) case WOLFCOSE_ALG_EDDSA: /* Returns the worst-case signature size when both curves * are available so caller buffers are always sufficient. */ - #ifdef HAVE_ED448 + #ifdef WOLFCOSE_HAVE_ED448 *sigSz = 114; #else *sigSz = 64; #endif break; #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA case WOLFCOSE_ALG_ML_DSA_44: *sigSz = 2420; break; @@ -308,7 +309,7 @@ int wolfCose_AeadKeyLen(int32_t alg, size_t* keyLen) } else { switch (alg) { -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM case WOLFCOSE_ALG_A128GCM: *keyLen = 16; break; @@ -319,12 +320,12 @@ int wolfCose_AeadKeyLen(int32_t alg, size_t* keyLen) *keyLen = 32; break; #endif -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(WOLFCOSE_HAVE_CHACHA20) case WOLFCOSE_ALG_CHACHA20_POLY1305: *keyLen = WOLFCOSE_CHACHA_KEY_SZ; break; #endif -#ifdef HAVE_AESCCM +#ifdef WOLFCOSE_HAVE_AESCCM case WOLFCOSE_ALG_AES_CCM_16_64_128: /* fall through */ case WOLFCOSE_ALG_AES_CCM_64_64_128: /* fall through */ case WOLFCOSE_ALG_AES_CCM_16_128_128: /* fall through */ @@ -355,19 +356,19 @@ int wolfCose_AeadNonceLen(int32_t alg, size_t* nonceLen) } else { switch (alg) { -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM case WOLFCOSE_ALG_A128GCM: /* fall through */ case WOLFCOSE_ALG_A192GCM: /* fall through */ case WOLFCOSE_ALG_A256GCM: *nonceLen = WOLFCOSE_AES_GCM_NONCE_SZ; break; #endif -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(WOLFCOSE_HAVE_CHACHA20) case WOLFCOSE_ALG_CHACHA20_POLY1305: *nonceLen = WOLFCOSE_CHACHA_NONCE_SZ; break; #endif -#ifdef HAVE_AESCCM +#ifdef WOLFCOSE_HAVE_AESCCM case WOLFCOSE_ALG_AES_CCM_16_64_128: /* fall through */ case WOLFCOSE_ALG_AES_CCM_16_64_256: /* fall through */ case WOLFCOSE_ALG_AES_CCM_16_128_128: /* fall through */ @@ -398,19 +399,19 @@ int wolfCose_AeadTagLen(int32_t alg, size_t* tagLen) } else { switch (alg) { -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM case WOLFCOSE_ALG_A128GCM: /* fall through */ case WOLFCOSE_ALG_A192GCM: /* fall through */ case WOLFCOSE_ALG_A256GCM: *tagLen = WOLFCOSE_AES_GCM_TAG_SZ; break; #endif -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(WOLFCOSE_HAVE_CHACHA20) case WOLFCOSE_ALG_CHACHA20_POLY1305: *tagLen = WOLFCOSE_CHACHA_TAG_SZ; break; #endif -#ifdef HAVE_AESCCM +#ifdef WOLFCOSE_HAVE_AESCCM case WOLFCOSE_ALG_AES_CCM_16_64_128: /* fall through */ case WOLFCOSE_ALG_AES_CCM_16_64_256: /* fall through */ case WOLFCOSE_ALG_AES_CCM_64_64_128: /* fall through */ @@ -434,7 +435,7 @@ int wolfCose_AeadTagLen(int32_t alg, size_t* tagLen) /* ----- Internal: HMAC helpers ----- */ -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC) int wolfCose_HmacType(int32_t alg, int* hmacType) { int ret = WOLFCOSE_SUCCESS; @@ -444,15 +445,17 @@ int wolfCose_HmacType(int32_t alg, int* hmacType) } else { switch (alg) { +#ifdef WOLFCOSE_HAVE_HMAC256 case WOLFCOSE_ALG_HMAC_256_256: *hmacType = WC_SHA256; break; -#ifdef WOLFSSL_SHA384 +#endif +#ifdef WOLFCOSE_HAVE_HMAC384 case WOLFCOSE_ALG_HMAC_384_384: *hmacType = WC_SHA384; break; #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_HMAC512 case WOLFCOSE_ALG_HMAC_512_512: *hmacType = WC_SHA512; break; @@ -474,15 +477,21 @@ static int wolfCose_HmacCheckKeyLen(int32_t alg, size_t keyLen) size_t minLen = 0; switch (alg) { +#ifdef WOLFCOSE_HAVE_HMAC256 case WOLFCOSE_ALG_HMAC_256_256: minLen = 32u; break; +#endif +#ifdef WOLFCOSE_HAVE_HMAC384 case WOLFCOSE_ALG_HMAC_384_384: minLen = 48u; break; +#endif +#ifdef WOLFCOSE_HAVE_HMAC512 case WOLFCOSE_ALG_HMAC_512_512: minLen = 64u; break; +#endif default: ret = WOLFCOSE_E_COSE_BAD_ALG; break; @@ -496,11 +505,11 @@ static int wolfCose_HmacCheckKeyLen(int32_t alg, size_t keyLen) #endif return ret; } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC */ /* ----- Internal: ECC DER <-> raw r||s conversion ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ECDSA int wolfCose_EccSignRaw(const uint8_t* hash, size_t hashLen, uint8_t* sigBuf, size_t* sigLen, size_t coordSz, WC_RNG* rng, ecc_key* eccKey) @@ -609,7 +618,7 @@ int wolfCose_EccVerifyRaw(const uint8_t* sigBuf, size_t sigLen, } return ret; } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ECDSA */ /* ----- Internal: Protected/Unprotected header encode/decode ----- */ @@ -1123,7 +1132,7 @@ int wc_CoseKey_SetEcc(WOLFCOSE_KEY* key, int32_t crv, ecc_key* eccKey) } #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA int wc_CoseKey_SetEd25519(WOLFCOSE_KEY* key, ed25519_key* edKey) { int ret; @@ -1143,7 +1152,7 @@ int wc_CoseKey_SetEd25519(WOLFCOSE_KEY* key, ed25519_key* edKey) } #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 int wc_CoseKey_SetEd448(WOLFCOSE_KEY* key, ed448_key* edKey) { int ret; @@ -1161,9 +1170,9 @@ int wc_CoseKey_SetEd448(WOLFCOSE_KEY* key, ed448_key* edKey) } return ret; } -#endif /* HAVE_ED448 */ +#endif /* WOLFCOSE_HAVE_ED448 */ -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA int wc_CoseKey_SetMlDsa(WOLFCOSE_KEY* key, int32_t alg, wc_MlDsaKey* mlDsaKey) { @@ -1195,9 +1204,9 @@ int wc_CoseKey_SetMlDsa(WOLFCOSE_KEY* key, int32_t alg, } return ret; } -#endif /* WOLFSSL_HAVE_MLDSA */ +#endif /* WOLFCOSE_HAVE_MLDSA */ -#ifdef WC_RSA_PSS +#ifdef WOLFCOSE_HAVE_RSAPSS int wc_CoseKey_SetRsa(WOLFCOSE_KEY* key, RsaKey* rsaKey) { int ret; @@ -1215,7 +1224,7 @@ int wc_CoseKey_SetRsa(WOLFCOSE_KEY* key, RsaKey* rsaKey) } return ret; } -#endif /* WC_RSA_PSS */ +#endif /* WOLFCOSE_HAVE_RSAPSS */ int wc_CoseKey_SetSymmetric(WOLFCOSE_KEY* key, const uint8_t* data, size_t dataLen) @@ -1389,7 +1398,7 @@ int wc_CoseKey_Encode(WOLFCOSE_KEY* key, uint8_t* out, size_t outSz, } else #endif /* HAVE_ECC */ -#ifdef WC_RSA_PSS +#ifdef WOLFCOSE_HAVE_RSAPSS if (key->kty == WOLFCOSE_KTY_RSA) { /* RFC 8230: {1:3, -1:n_bstr, -2:e_bstr [, -3:d_bstr]} * Export n and d directly into output buffer to avoid @@ -1479,6 +1488,7 @@ int wc_CoseKey_Encode(WOLFCOSE_KEY* key, uint8_t* out, size_t outSz, rsaEncSz = wc_RsaEncryptSize(key->key.rsa); } if (rsaEncSz <= 0) { + /* cppcheck-suppress redundantAssignment */ ret = WOLFCOSE_E_CRYPTO; } else { @@ -1540,8 +1550,8 @@ int wc_CoseKey_Encode(WOLFCOSE_KEY* key, uint8_t* out, size_t outSz, (void)wolfCose_ForceZero(eBuf, sizeof(eBuf)); } else -#endif /* WC_RSA_PSS */ -#ifdef WOLFSSL_HAVE_MLDSA +#endif /* WOLFCOSE_HAVE_RSAPSS */ +#ifdef WOLFCOSE_HAVE_MLDSA if ((key->kty == WOLFCOSE_KTY_OKP) && ((key->crv == WOLFCOSE_CRV_ML_DSA_44) || (key->crv == WOLFCOSE_CRV_ML_DSA_65) || @@ -1657,14 +1667,14 @@ int wc_CoseKey_Encode(WOLFCOSE_KEY* key, uint8_t* out, size_t outSz, } } else -#endif /* WOLFSSL_HAVE_MLDSA */ -#if defined(HAVE_ED25519) || defined(HAVE_ED448) +#endif /* WOLFCOSE_HAVE_MLDSA */ +#if defined(WOLFCOSE_HAVE_EDDSA) || defined(WOLFCOSE_HAVE_ED448) if (key->kty == WOLFCOSE_KTY_OKP) { uint8_t pubBuf[57]; /* Ed448 pub = 57 bytes, Ed25519 = 32 */ word32 pubLen = (word32)sizeof(pubBuf); size_t mapEntries; -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA if (key->crv == WOLFCOSE_CRV_ED25519) { INJECT_FAILURE(WOLF_FAIL_ED25519_EXPORT_PUB, -1) { @@ -1677,7 +1687,7 @@ int wc_CoseKey_Encode(WOLFCOSE_KEY* key, uint8_t* out, size_t outSz, } else #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 if (key->crv == WOLFCOSE_CRV_ED448) { INJECT_FAILURE(WOLF_FAIL_ED448_EXPORT_PUB, -1) { @@ -1728,7 +1738,7 @@ int wc_CoseKey_Encode(WOLFCOSE_KEY* key, uint8_t* out, size_t outSz, if ((ret == WOLFCOSE_SUCCESS) && (key->hasPrivate != 0u)) { uint8_t privBuf[57]; /* Ed448 priv = 57 bytes */ word32 privLen = (word32)sizeof(privBuf); -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA if (key->crv == WOLFCOSE_CRV_ED25519) { INJECT_FAILURE(WOLF_FAIL_ED25519_EXPORT_PRIV, -1) { @@ -1738,7 +1748,7 @@ int wc_CoseKey_Encode(WOLFCOSE_KEY* key, uint8_t* out, size_t outSz, } else #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 if (key->crv == WOLFCOSE_CRV_ED448) { INJECT_FAILURE(WOLF_FAIL_ED448_EXPORT_PRIV, -1) { @@ -1774,7 +1784,7 @@ int wc_CoseKey_Encode(WOLFCOSE_KEY* key, uint8_t* out, size_t outSz, (void)wolfCose_ForceZero(pubBuf, sizeof(pubBuf)); } else -#endif /* HAVE_ED25519 || HAVE_ED448 */ +#endif /* WOLFCOSE_HAVE_EDDSA || WOLFCOSE_HAVE_ED448 */ if (key->kty == WOLFCOSE_KTY_SYMMETRIC) { /* {1: 4, -1: k_bytes} */ size_t mapEntries = 2u + wolfCose_KeyOptionalEntries(key); @@ -2048,7 +2058,7 @@ int wc_CoseKey_Decode(WOLFCOSE_KEY* key, const uint8_t* in, size_t inSz) } else #endif -#ifdef WC_RSA_PSS +#ifdef WOLFCOSE_HAVE_RSAPSS if ((key->kty == WOLFCOSE_KTY_RSA) && (key->key.rsa != NULL)) { /* RFC 8230: -1=n(bstr), -2=e(bstr), -3=d(bstr) */ if ((nData == NULL) || (xData == NULL)) { @@ -2073,7 +2083,7 @@ int wc_CoseKey_Decode(WOLFCOSE_KEY* key, const uint8_t* in, size_t inSz) } else #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA if ((key->kty == WOLFCOSE_KTY_OKP) && (key->key.mldsa != NULL) && ((key->crv == WOLFCOSE_CRV_ML_DSA_44) || @@ -2122,13 +2132,13 @@ int wc_CoseKey_Decode(WOLFCOSE_KEY* key, const uint8_t* in, size_t inSz) } } else -#endif /* WOLFSSL_HAVE_MLDSA */ -#if defined(HAVE_ED25519) || defined(HAVE_ED448) +#endif /* WOLFCOSE_HAVE_MLDSA */ +#if defined(WOLFCOSE_HAVE_EDDSA) || defined(WOLFCOSE_HAVE_ED448) if (key->kty == WOLFCOSE_KTY_OKP) { if (xData == NULL) { ret = WOLFCOSE_E_COSE_BAD_HDR; } -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA else if ((key->crv == WOLFCOSE_CRV_ED25519) && (key->key.ed25519 != NULL)) { if (dData != NULL) { @@ -2150,7 +2160,7 @@ int wc_CoseKey_Decode(WOLFCOSE_KEY* key, const uint8_t* in, size_t inSz) } } #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 else if ((key->crv == WOLFCOSE_CRV_ED448) && (key->key.ed448 != NULL)) { if (dData != NULL) { @@ -2177,7 +2187,7 @@ int wc_CoseKey_Decode(WOLFCOSE_KEY* key, const uint8_t* in, size_t inSz) } } else -#endif /* HAVE_ED25519 || HAVE_ED448 */ +#endif /* WOLFCOSE_HAVE_EDDSA || WOLFCOSE_HAVE_ED448 */ if (key->kty == WOLFCOSE_KTY_SYMMETRIC) { /* nData holds the symmetric k value (parsed from label -1). * Reject the message when the mandatory k parameter is @@ -2205,7 +2215,7 @@ int wc_CoseKey_Decode(WOLFCOSE_KEY* key, const uint8_t* in, size_t inSz) #endif /* WOLFCOSE_KEY_DECODE */ /* ----- Internal: RSA-PSS hash-to-MGF mapping ----- */ -#ifdef WC_RSA_PSS +#ifdef WOLFCOSE_HAVE_RSAPSS static int wolfCose_HashToMgf(enum wc_HashType hashType, int* mgf) { int ret = WOLFCOSE_SUCCESS; @@ -2216,12 +2226,12 @@ static int wolfCose_HashToMgf(enum wc_HashType hashType, int* mgf) else if (hashType == WC_HASH_TYPE_SHA256) { *mgf = WC_MGF1SHA256; } -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_PS384 else if (hashType == WC_HASH_TYPE_SHA384) { *mgf = WC_MGF1SHA384; } #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_PS512 else if (hashType == WC_HASH_TYPE_SHA512) { *mgf = WC_MGF1SHA512; } @@ -3191,7 +3201,7 @@ static int wolfCose_BuildSigStructure(const uint8_t* protectedHdr, scratch, scratchSz, structLen); } -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA /* Map an ML-DSA COSE algorithm to the curve identifier its key must carry, so * a key of the wrong security level cannot satisfy a higher-level alg label. */ static int wolfCose_MlDsaAlgCrv(int32_t alg, int32_t* crv) @@ -3214,7 +3224,7 @@ static int wolfCose_MlDsaAlgCrv(int32_t alg, int32_t* crv) } return ret; } -#endif /* WOLFSSL_HAVE_MLDSA */ +#endif /* WOLFCOSE_HAVE_MLDSA */ #if defined(WOLFCOSE_SIGN1_SIGN) int wc_CoseSign1_Sign(WOLFCOSE_KEY* key, int32_t alg, @@ -3293,7 +3303,7 @@ int wc_CoseSign1_Sign(WOLFCOSE_KEY* key, int32_t alg, } /* Sign based on algorithm */ -#if defined(HAVE_ED25519) || defined(HAVE_ED448) +#if defined(WOLFCOSE_HAVE_EDDSA) || defined(WOLFCOSE_HAVE_ED448) if ((ret == WOLFCOSE_SUCCESS) && (alg == WOLFCOSE_ALG_EDDSA)) { word32 edSigLen = (word32)sizeof(sigBuf); if (key->kty != WOLFCOSE_KTY_OKP) { @@ -3301,7 +3311,7 @@ int wc_CoseSign1_Sign(WOLFCOSE_KEY* key, int32_t alg, } /* EdDSA signs raw Sig_structure (no pre-hash) */ if (ret == WOLFCOSE_SUCCESS) { -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA if (key->crv == WOLFCOSE_CRV_ED25519) { if (key->key.ed25519 == NULL) { ret = WOLFCOSE_E_COSE_KEY_TYPE; @@ -3323,7 +3333,7 @@ int wc_CoseSign1_Sign(WOLFCOSE_KEY* key, int32_t alg, } else #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 if (key->crv == WOLFCOSE_CRV_ED448) { if (key->key.ed448 == NULL) { ret = WOLFCOSE_E_COSE_KEY_TYPE; @@ -3351,8 +3361,8 @@ int wc_CoseSign1_Sign(WOLFCOSE_KEY* key, int32_t alg, } } else -#endif /* HAVE_ED25519 || HAVE_ED448 */ -#ifdef HAVE_ECC +#endif /* WOLFCOSE_HAVE_EDDSA || WOLFCOSE_HAVE_ED448 */ +#ifdef WOLFCOSE_HAVE_ECDSA if ((ret == WOLFCOSE_SUCCESS) && ((alg == WOLFCOSE_ALG_ES256) || (alg == WOLFCOSE_ALG_ES384) || (alg == WOLFCOSE_ALG_ES512))) { enum wc_HashType hashType; @@ -3418,7 +3428,7 @@ int wc_CoseSign1_Sign(WOLFCOSE_KEY* key, int32_t alg, } else #endif -#ifdef WC_RSA_PSS +#ifdef WOLFCOSE_HAVE_RSAPSS if ((ret == WOLFCOSE_SUCCESS) && ((alg == WOLFCOSE_ALG_PS256) || (alg == WOLFCOSE_ALG_PS384) || (alg == WOLFCOSE_ALG_PS512))) { enum wc_HashType hashType; @@ -3477,8 +3487,8 @@ int wc_CoseSign1_Sign(WOLFCOSE_KEY* key, int32_t alg, } } else -#endif /* WC_RSA_PSS */ -#ifdef WOLFSSL_HAVE_MLDSA +#endif /* WOLFCOSE_HAVE_RSAPSS */ +#ifdef WOLFCOSE_HAVE_MLDSA if ((ret == WOLFCOSE_SUCCESS) && ((alg == WOLFCOSE_ALG_ML_DSA_44) || (alg == WOLFCOSE_ALG_ML_DSA_65) || (alg == WOLFCOSE_ALG_ML_DSA_87))) { size_t expectedSigSz = 0; @@ -3526,7 +3536,7 @@ int wc_CoseSign1_Sign(WOLFCOSE_KEY* key, int32_t alg, } } else -#endif /* WOLFSSL_HAVE_MLDSA */ +#endif /* WOLFCOSE_HAVE_MLDSA */ if (ret == WOLFCOSE_SUCCESS) { ret = WOLFCOSE_E_COSE_BAD_ALG; } @@ -3726,13 +3736,13 @@ int wc_CoseSign1_Verify(WOLFCOSE_KEY* key, } /* Verify based on algorithm */ -#if defined(HAVE_ED25519) || defined(HAVE_ED448) +#if defined(WOLFCOSE_HAVE_EDDSA) || defined(WOLFCOSE_HAVE_ED448) if ((ret == WOLFCOSE_SUCCESS) && (alg == WOLFCOSE_ALG_EDDSA)) { int verified = 0; if (key->kty != WOLFCOSE_KTY_OKP) { ret = WOLFCOSE_E_COSE_KEY_TYPE; } -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA if ((ret == WOLFCOSE_SUCCESS) && (key->crv == WOLFCOSE_CRV_ED25519)) { if (key->key.ed25519 == NULL) { ret = WOLFCOSE_E_COSE_KEY_TYPE; @@ -3751,7 +3761,7 @@ int wc_CoseSign1_Verify(WOLFCOSE_KEY* key, } else #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 if ((ret == WOLFCOSE_SUCCESS) && (key->crv == WOLFCOSE_CRV_ED448)) { if (key->key.ed448 == NULL) { ret = WOLFCOSE_E_COSE_KEY_TYPE; @@ -3783,7 +3793,7 @@ int wc_CoseSign1_Verify(WOLFCOSE_KEY* key, } else #endif -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ECDSA if ((ret == WOLFCOSE_SUCCESS) && ((alg == WOLFCOSE_ALG_ES256) || (alg == WOLFCOSE_ALG_ES384) || (alg == WOLFCOSE_ALG_ES512))) { @@ -3844,7 +3854,7 @@ int wc_CoseSign1_Verify(WOLFCOSE_KEY* key, } else #endif -#ifdef WC_RSA_PSS +#ifdef WOLFCOSE_HAVE_RSAPSS if ((ret == WOLFCOSE_SUCCESS) && ((alg == WOLFCOSE_ALG_PS256) || (alg == WOLFCOSE_ALG_PS384) || (alg == WOLFCOSE_ALG_PS512))) { @@ -3903,8 +3913,8 @@ int wc_CoseSign1_Verify(WOLFCOSE_KEY* key, } } else -#endif /* WC_RSA_PSS */ -#ifdef WOLFSSL_HAVE_MLDSA +#endif /* WOLFCOSE_HAVE_RSAPSS */ +#ifdef WOLFCOSE_HAVE_MLDSA if ((ret == WOLFCOSE_SUCCESS) && ((alg == WOLFCOSE_ALG_ML_DSA_44) || (alg == WOLFCOSE_ALG_ML_DSA_65) || (alg == WOLFCOSE_ALG_ML_DSA_87))) { @@ -3940,7 +3950,7 @@ int wc_CoseSign1_Verify(WOLFCOSE_KEY* key, } } else -#endif /* WOLFSSL_HAVE_MLDSA */ +#endif /* WOLFCOSE_HAVE_MLDSA */ if (ret == WOLFCOSE_SUCCESS) { ret = WOLFCOSE_E_COSE_BAD_ALG; } @@ -4068,7 +4078,7 @@ int wc_CoseSign_Sign(const WOLFCOSE_SIGNATURE* signers, size_t signerCount, (signers[i].key->alg != signers[i].algId)) { ret = WOLFCOSE_E_COSE_BAD_ALG; } -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ECDSA else if ((signers[i].algId == WOLFCOSE_ALG_ES256) || (signers[i].algId == WOLFCOSE_ALG_ES384) || (signers[i].algId == WOLFCOSE_ALG_ES512)) { @@ -4093,13 +4103,13 @@ int wc_CoseSign_Sign(const WOLFCOSE_SIGNATURE* signers, size_t signerCount, } } #endif -#if defined(HAVE_ED25519) || defined(HAVE_ED448) +#if defined(WOLFCOSE_HAVE_EDDSA) || defined(WOLFCOSE_HAVE_ED448) else if ((signers[i].algId == WOLFCOSE_ALG_EDDSA) && (signers[i].key->kty != WOLFCOSE_KTY_OKP)) { ret = WOLFCOSE_E_COSE_KEY_TYPE; } #endif -#ifdef WC_RSA_PSS +#ifdef WOLFCOSE_HAVE_RSAPSS else if (((signers[i].algId == WOLFCOSE_ALG_PS256) || (signers[i].algId == WOLFCOSE_ALG_PS384) || (signers[i].algId == WOLFCOSE_ALG_PS512)) && @@ -4107,7 +4117,7 @@ int wc_CoseSign_Sign(const WOLFCOSE_SIGNATURE* signers, size_t signerCount, ret = WOLFCOSE_E_COSE_KEY_TYPE; } #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA else if (((signers[i].algId == WOLFCOSE_ALG_ML_DSA_44) || (signers[i].algId == WOLFCOSE_ALG_ML_DSA_65) || (signers[i].algId == WOLFCOSE_ALG_ML_DSA_87)) && @@ -4237,7 +4247,7 @@ int wc_CoseSign_Sign(const WOLFCOSE_SIGNATURE* signers, size_t signerCount, } /* Sign the hash */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ECDSA if ((ret == WOLFCOSE_SUCCESS) && ((signer->algId == WOLFCOSE_ALG_ES256) || (signer->algId == WOLFCOSE_ALG_ES384) || @@ -4253,11 +4263,11 @@ int wc_CoseSign_Sign(const WOLFCOSE_SIGNATURE* signers, size_t signerCount, } else #endif -#if defined(HAVE_ED25519) || defined(HAVE_ED448) +#if defined(WOLFCOSE_HAVE_EDDSA) || defined(WOLFCOSE_HAVE_ED448) if ((ret == WOLFCOSE_SUCCESS) && (signer->algId == WOLFCOSE_ALG_EDDSA)) { word32 edSigSz = (word32)sizeof(sigBuf); -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA if (signer->key->crv == WOLFCOSE_CRV_ED25519) { if (signer->key->key.ed25519 == NULL) { ret = WOLFCOSE_E_COSE_KEY_TYPE; @@ -4276,7 +4286,7 @@ int wc_CoseSign_Sign(const WOLFCOSE_SIGNATURE* signers, size_t signerCount, } else #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 if (signer->key->crv == WOLFCOSE_CRV_ED448) { if (signer->key->key.ed448 == NULL) { ret = WOLFCOSE_E_COSE_KEY_TYPE; @@ -4300,8 +4310,8 @@ int wc_CoseSign_Sign(const WOLFCOSE_SIGNATURE* signers, size_t signerCount, } } else -#endif /* HAVE_ED25519 || HAVE_ED448 */ -#ifdef WC_RSA_PSS +#endif /* WOLFCOSE_HAVE_EDDSA || WOLFCOSE_HAVE_ED448 */ +#ifdef WOLFCOSE_HAVE_RSAPSS if ((ret == WOLFCOSE_SUCCESS) && ((signer->algId == WOLFCOSE_ALG_PS256) || (signer->algId == WOLFCOSE_ALG_PS384) || @@ -4332,8 +4342,8 @@ int wc_CoseSign_Sign(const WOLFCOSE_SIGNATURE* signers, size_t signerCount, } } else -#endif /* WC_RSA_PSS */ -#ifdef WOLFSSL_HAVE_MLDSA +#endif /* WOLFCOSE_HAVE_RSAPSS */ +#ifdef WOLFCOSE_HAVE_MLDSA if ((ret == WOLFCOSE_SUCCESS) && ((signer->algId == WOLFCOSE_ALG_ML_DSA_44) || (signer->algId == WOLFCOSE_ALG_ML_DSA_65) || @@ -4374,7 +4384,7 @@ int wc_CoseSign_Sign(const WOLFCOSE_SIGNATURE* signers, size_t signerCount, } } else -#endif /* WOLFSSL_HAVE_MLDSA */ +#endif /* WOLFCOSE_HAVE_MLDSA */ if (ret == WOLFCOSE_SUCCESS) { ret = WOLFCOSE_E_COSE_BAD_ALG; } @@ -4665,7 +4675,7 @@ int wc_CoseSign_Verify(const WOLFCOSE_KEY* verifyKey, /* Verify signature. Dispatch by alg (consistent with Sign1_Verify) and * cross-validate the verify-key type against the algorithm. */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ECDSA if ((ret == WOLFCOSE_SUCCESS) && ((alg == WOLFCOSE_ALG_ES256) || (alg == WOLFCOSE_ALG_ES384) || (alg == WOLFCOSE_ALG_ES512))) { @@ -4701,13 +4711,13 @@ int wc_CoseSign_Verify(const WOLFCOSE_KEY* verifyKey, } else #endif -#if defined(HAVE_ED25519) || defined(HAVE_ED448) +#if defined(WOLFCOSE_HAVE_EDDSA) || defined(WOLFCOSE_HAVE_ED448) if ((ret == WOLFCOSE_SUCCESS) && (alg == WOLFCOSE_ALG_EDDSA)) { int verified = 0; if (verifyKey->kty != WOLFCOSE_KTY_OKP) { ret = WOLFCOSE_E_COSE_KEY_TYPE; } -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA if ((ret == WOLFCOSE_SUCCESS) && (verifyKey->crv == WOLFCOSE_CRV_ED25519)) { if (verifyKey->key.ed25519 == NULL) { @@ -4724,7 +4734,7 @@ int wc_CoseSign_Verify(const WOLFCOSE_KEY* verifyKey, } else #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 if ((ret == WOLFCOSE_SUCCESS) && (verifyKey->crv == WOLFCOSE_CRV_ED448)) { if (verifyKey->key.ed448 == NULL) { @@ -4753,8 +4763,8 @@ int wc_CoseSign_Verify(const WOLFCOSE_KEY* verifyKey, } } else -#endif /* HAVE_ED25519 || HAVE_ED448 */ -#ifdef WC_RSA_PSS +#endif /* WOLFCOSE_HAVE_EDDSA || WOLFCOSE_HAVE_ED448 */ +#ifdef WOLFCOSE_HAVE_RSAPSS if ((ret == WOLFCOSE_SUCCESS) && ((alg == WOLFCOSE_ALG_PS256) || (alg == WOLFCOSE_ALG_PS384) || (alg == WOLFCOSE_ALG_PS512))) { @@ -4786,8 +4796,8 @@ int wc_CoseSign_Verify(const WOLFCOSE_KEY* verifyKey, } } else -#endif /* WC_RSA_PSS */ -#ifdef WOLFSSL_HAVE_MLDSA +#endif /* WOLFCOSE_HAVE_RSAPSS */ +#ifdef WOLFCOSE_HAVE_MLDSA if ((ret == WOLFCOSE_SUCCESS) && ((alg == WOLFCOSE_ALG_ML_DSA_44) || (alg == WOLFCOSE_ALG_ML_DSA_65) || (alg == WOLFCOSE_ALG_ML_DSA_87))) { @@ -4820,7 +4830,7 @@ int wc_CoseSign_Verify(const WOLFCOSE_KEY* verifyKey, } } else -#endif /* WOLFSSL_HAVE_MLDSA */ +#endif /* WOLFCOSE_HAVE_MLDSA */ if (ret == WOLFCOSE_SUCCESS) { ret = WOLFCOSE_E_COSE_BAD_ALG; } @@ -4860,8 +4870,8 @@ int wc_CoseSign_Verify(const WOLFCOSE_KEY* verifyKey, /* ----- COSE_Encrypt0 API ----- */ -#if defined(WOLFCOSE_ENCRYPT0) && (defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \ - (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))) +#if defined(WOLFCOSE_ENCRYPT0) && (defined(WOLFCOSE_HAVE_AESGCM) || defined(WOLFCOSE_HAVE_AESCCM) || \ + (defined(WOLFCOSE_HAVE_CHACHA20))) /** * Build the Enc_structure for COSE_Encrypt0 (wrapper for unified builder): @@ -4892,7 +4902,7 @@ int wc_CoseEncrypt0_Encrypt(WOLFCOSE_KEY* key, int32_t alg, uint8_t* out, size_t outSz, size_t* outLen) { int ret = WOLFCOSE_SUCCESS; -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) +#if defined(WOLFCOSE_HAVE_AESGCM) || defined(WOLFCOSE_HAVE_AESCCM) Aes aes; int aesInited = 0; #endif @@ -5005,7 +5015,7 @@ int wc_CoseEncrypt0_Encrypt(WOLFCOSE_KEY* key, int32_t alg, } /* Dispatch encryption by algorithm */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM if ((ret == WOLFCOSE_SUCCESS) && ((alg == WOLFCOSE_ALG_A128GCM) || (alg == WOLFCOSE_ALG_A192GCM) || (alg == WOLFCOSE_ALG_A256GCM))) { @@ -5083,8 +5093,8 @@ int wc_CoseEncrypt0_Encrypt(WOLFCOSE_KEY* key, int32_t alg, } } else -#endif /* HAVE_AESGCM */ -#ifdef HAVE_AESCCM +#endif /* WOLFCOSE_HAVE_AESGCM */ +#ifdef WOLFCOSE_HAVE_AESCCM if ((ret == WOLFCOSE_SUCCESS) && ((alg == WOLFCOSE_ALG_AES_CCM_16_64_128) || (alg == WOLFCOSE_ALG_AES_CCM_16_64_256) || @@ -5162,8 +5172,8 @@ int wc_CoseEncrypt0_Encrypt(WOLFCOSE_KEY* key, int32_t alg, } } else -#endif /* HAVE_AESCCM */ -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#endif /* WOLFCOSE_HAVE_AESCCM */ +#if defined(WOLFCOSE_HAVE_CHACHA20) if ((ret == WOLFCOSE_SUCCESS) && (alg == WOLFCOSE_ALG_CHACHA20_POLY1305)) { if (isDetached != 0) { ret = wc_ChaCha20Poly1305_Encrypt( @@ -5207,7 +5217,7 @@ int wc_CoseEncrypt0_Encrypt(WOLFCOSE_KEY* key, int32_t alg, } } else -#endif /* HAVE_CHACHA && HAVE_POLY1305 */ +#endif /* WOLFCOSE_HAVE_CHACHA20 */ if (ret == WOLFCOSE_SUCCESS) { ret = WOLFCOSE_E_COSE_BAD_ALG; } @@ -5220,7 +5230,7 @@ int wc_CoseEncrypt0_Encrypt(WOLFCOSE_KEY* key, int32_t alg, } /* Cleanup: always executed */ -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) +#if defined(WOLFCOSE_HAVE_AESGCM) || defined(WOLFCOSE_HAVE_AESCCM) if (aesInited != 0) { (void)wc_AesFree(&aes); } @@ -5253,7 +5263,7 @@ int wc_CoseEncrypt0_Decrypt(WOLFCOSE_KEY* key, uint8_t* plaintext, size_t plaintextSz, size_t* plaintextLen) { int ret = WOLFCOSE_SUCCESS; -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) +#if defined(WOLFCOSE_HAVE_AESGCM) || defined(WOLFCOSE_HAVE_AESCCM) Aes aes; int aesInited = 0; #endif @@ -5402,7 +5412,7 @@ int wc_CoseEncrypt0_Decrypt(WOLFCOSE_KEY* key, } /* Dispatch decryption by algorithm */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM if ((ret == WOLFCOSE_SUCCESS) && ((alg == WOLFCOSE_ALG_A128GCM) || (alg == WOLFCOSE_ALG_A192GCM) || (alg == WOLFCOSE_ALG_A256GCM))) { @@ -5436,8 +5446,8 @@ int wc_CoseEncrypt0_Decrypt(WOLFCOSE_KEY* key, } } else -#endif /* HAVE_AESGCM */ -#ifdef HAVE_AESCCM +#endif /* WOLFCOSE_HAVE_AESGCM */ +#ifdef WOLFCOSE_HAVE_AESCCM if ((ret == WOLFCOSE_SUCCESS) && ((alg == WOLFCOSE_ALG_AES_CCM_16_64_128) || (alg == WOLFCOSE_ALG_AES_CCM_16_64_256) || @@ -5477,8 +5487,8 @@ int wc_CoseEncrypt0_Decrypt(WOLFCOSE_KEY* key, } } else -#endif /* HAVE_AESCCM */ -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#endif /* WOLFCOSE_HAVE_AESCCM */ +#if defined(WOLFCOSE_HAVE_CHACHA20) if ((ret == WOLFCOSE_SUCCESS) && (alg == WOLFCOSE_ALG_CHACHA20_POLY1305)) { ret = wc_ChaCha20Poly1305_Decrypt( key->key.symm.key, hdr->iv, @@ -5491,7 +5501,7 @@ int wc_CoseEncrypt0_Decrypt(WOLFCOSE_KEY* key, } } else -#endif /* HAVE_CHACHA && HAVE_POLY1305 */ +#endif /* WOLFCOSE_HAVE_CHACHA20 */ if (ret == WOLFCOSE_SUCCESS) { ret = WOLFCOSE_E_COSE_BAD_ALG; } @@ -5512,7 +5522,7 @@ int wc_CoseEncrypt0_Decrypt(WOLFCOSE_KEY* key, wolfCose_HdrClearOnFail(ret, hdr); /* Cleanup: always executed */ -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) +#if defined(WOLFCOSE_HAVE_AESGCM) || defined(WOLFCOSE_HAVE_AESCCM) if (aesInited != 0) { (void)wc_AesFree(&aes); } @@ -5529,14 +5539,14 @@ int wc_CoseEncrypt0_Decrypt(WOLFCOSE_KEY* key, } #endif /* WOLFCOSE_ENCRYPT0_DECRYPT */ -#endif /* WOLFCOSE_ENCRYPT0 && (HAVE_AESGCM || HAVE_AESCCM || (HAVE_CHACHA && HAVE_POLY1305)) */ +#endif /* WOLFCOSE_ENCRYPT0 && (WOLFCOSE_HAVE_AESGCM || WOLFCOSE_HAVE_AESCCM || (WOLFCOSE_HAVE_CHACHA20)) */ /* ----- * COSE_Mac0 API (RFC 9052 Section 6.2) * Supports HMAC (RFC 9053 Section 3.1) and AES-CBC-MAC (RFC 9053 Section 3.2) * ----- */ -#if defined(WOLFCOSE_MAC0) && (!defined(NO_HMAC) || defined(HAVE_AES_CBC)) +#if defined(WOLFCOSE_MAC0) && (defined(WOLFCOSE_HAVE_HMAC) || defined(WOLFCOSE_HAVE_AESMAC)) /** * Build the MAC_structure for COSE_Mac0 (wrapper for unified builder): @@ -5573,22 +5583,24 @@ static int wolfCose_MacTagSize(int32_t alg, size_t* tagSz) } else { switch (alg) { -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 case WOLFCOSE_ALG_HMAC_256_256: *tagSz = 32; /* SHA-256 output */ break; -#ifdef WOLFSSL_SHA384 +#endif +#ifdef WOLFCOSE_HAVE_HMAC384 case WOLFCOSE_ALG_HMAC_384_384: *tagSz = 48; /* SHA-384 output */ break; #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_HMAC512 case WOLFCOSE_ALG_HMAC_512_512: *tagSz = 64; /* SHA-512 output */ break; #endif -#endif /* !NO_HMAC */ -#ifdef HAVE_AES_CBC +#endif /* WOLFCOSE_HAVE_HMAC */ +#ifdef WOLFCOSE_HAVE_AESMAC case WOLFCOSE_ALG_AES_MAC_128_64: case WOLFCOSE_ALG_AES_MAC_256_64: *tagSz = 8; /* 64-bit tag */ @@ -5606,7 +5618,7 @@ static int wolfCose_MacTagSize(int32_t alg, size_t* tagSz) return ret; } -#ifdef HAVE_AES_CBC +#ifdef WOLFCOSE_HAVE_AESMAC /** * Get AES key size in bytes for AES-CBC-MAC algorithm. */ @@ -5744,18 +5756,21 @@ static int wolfCose_AesCbcMac(const uint8_t* key, size_t keyLen, return ret; } -#endif /* HAVE_AES_CBC */ +#endif /* WOLFCOSE_HAVE_AESMAC */ /** * Check if algorithm is HMAC-based. */ static int wolfCose_IsHmacAlg(int32_t alg) { - return ((alg == WOLFCOSE_ALG_HMAC_256_256) -#ifdef WOLFSSL_SHA384 + return ((0) +#ifdef WOLFCOSE_HAVE_HMAC256 + || (alg == WOLFCOSE_ALG_HMAC_256_256) +#endif +#ifdef WOLFCOSE_HAVE_HMAC384 || (alg == WOLFCOSE_ALG_HMAC_384_384) #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_HMAC512 || (alg == WOLFCOSE_ALG_HMAC_512_512) #endif ) ? 1 : 0; @@ -5782,7 +5797,7 @@ int wc_CoseMac0_Create(const WOLFCOSE_KEY* key, int32_t alg, uint8_t* out, size_t outSz, size_t* outLen) { int ret = WOLFCOSE_SUCCESS; -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC Hmac hmac; int hmacInited = 0; int hmacType = 0; @@ -5867,7 +5882,7 @@ int wc_CoseMac0_Create(const WOLFCOSE_KEY* key, int32_t alg, } /* Compute MAC based on algorithm type */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC if ((ret == WOLFCOSE_SUCCESS) && (wolfCose_IsHmacAlg(alg) != 0)) { if (ret == WOLFCOSE_SUCCESS) { ret = wolfCose_HmacType(alg, &hmacType); @@ -5914,8 +5929,8 @@ int wc_CoseMac0_Create(const WOLFCOSE_KEY* key, int32_t alg, } } else -#endif /* !NO_HMAC */ -#ifdef HAVE_AES_CBC +#endif /* WOLFCOSE_HAVE_HMAC */ +#ifdef WOLFCOSE_HAVE_AESMAC if ((ret == WOLFCOSE_SUCCESS) && (wolfCose_IsAesCbcMacAlg(alg) != 0)) { size_t expectedKeyLen = 0; ret = wolfCose_AesCbcMacKeySize(alg, &expectedKeyLen); @@ -5929,7 +5944,7 @@ int wc_CoseMac0_Create(const WOLFCOSE_KEY* key, int32_t alg, } } else -#endif /* HAVE_AES_CBC */ +#endif /* WOLFCOSE_HAVE_AESMAC */ if (ret == WOLFCOSE_SUCCESS) { /* Unknown algorithm */ ret = WOLFCOSE_E_COSE_BAD_ALG; @@ -5989,7 +6004,7 @@ int wc_CoseMac0_Create(const WOLFCOSE_KEY* key, int32_t alg, } /* Cleanup: always executed */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC if (hmacInited != 0) { (void)wc_HmacFree(&hmac); } @@ -6016,7 +6031,7 @@ int wc_CoseMac0_Verify(const WOLFCOSE_KEY* key, const uint8_t** payload, size_t* payloadLen) { int ret = WOLFCOSE_SUCCESS; -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC Hmac hmac; int hmacInited = 0; int hmacType = 0; @@ -6149,7 +6164,7 @@ int wc_CoseMac0_Verify(const WOLFCOSE_KEY* key, } /* Compute MAC based on algorithm type */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC if ((ret == WOLFCOSE_SUCCESS) && (wolfCose_IsHmacAlg(alg) != 0)) { if (ret == WOLFCOSE_SUCCESS) { ret = wolfCose_HmacType(alg, &hmacType); @@ -6187,8 +6202,8 @@ int wc_CoseMac0_Verify(const WOLFCOSE_KEY* key, } } else -#endif /* !NO_HMAC */ -#ifdef HAVE_AES_CBC +#endif /* WOLFCOSE_HAVE_HMAC */ +#ifdef WOLFCOSE_HAVE_AESMAC if ((ret == WOLFCOSE_SUCCESS) && (wolfCose_IsAesCbcMacAlg(alg) != 0)) { size_t expectedKeyLen = 0; ret = wolfCose_AesCbcMacKeySize(alg, &expectedKeyLen); @@ -6202,7 +6217,7 @@ int wc_CoseMac0_Verify(const WOLFCOSE_KEY* key, } } else -#endif /* HAVE_AES_CBC */ +#endif /* WOLFCOSE_HAVE_AESMAC */ if (ret == WOLFCOSE_SUCCESS) { /* Unknown algorithm */ ret = WOLFCOSE_E_COSE_BAD_ALG; @@ -6236,7 +6251,7 @@ int wc_CoseMac0_Verify(const WOLFCOSE_KEY* key, wolfCose_HdrClearOnFail(ret, hdr); /* Cleanup: always executed */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC if (hmacInited != 0) { (void)wc_HmacFree(&hmac); } @@ -6250,13 +6265,13 @@ int wc_CoseMac0_Verify(const WOLFCOSE_KEY* key, } #endif /* WOLFCOSE_MAC0_VERIFY */ -#endif /* WOLFCOSE_MAC0 && (!NO_HMAC || HAVE_AES_CBC) */ +#endif /* WOLFCOSE_MAC0 && (WOLFCOSE_HAVE_HMAC || WOLFCOSE_HAVE_AESMAC) */ /* ----- COSE_Encrypt Multi-Recipient API (RFC 9052 Section 5.1) ----- */ #if defined(WOLFCOSE_ENCRYPT) && \ - (defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \ - (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))) + (defined(WOLFCOSE_HAVE_AESGCM) || defined(WOLFCOSE_HAVE_AESCCM) || \ + (defined(WOLFCOSE_HAVE_CHACHA20))) /** * Build the Enc_structure for COSE_Encrypt (context = "Encrypt"): @@ -6325,7 +6340,7 @@ int wc_CoseEncrypt_Encrypt(const WOLFCOSE_RECIPIENT* recipients, uint8_t recipientProtectedBuf[WOLFCOSE_PROTECTED_HDR_MAX]; size_t recipientProtectedLen = 0; size_t encStructLen = 0; -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) +#if defined(WOLFCOSE_HAVE_AESGCM) || defined(WOLFCOSE_HAVE_AESCCM) Aes aes; int aesInited = 0; #endif @@ -6598,7 +6613,7 @@ int wc_CoseEncrypt_Encrypt(const WOLFCOSE_RECIPIENT* recipients, ret = WOLFCOSE_E_CBOR_OVERFLOW; } -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM if ((ret == WOLFCOSE_SUCCESS) && ((contentAlgId == WOLFCOSE_ALG_A128GCM) || (contentAlgId == WOLFCOSE_ALG_A192GCM) || @@ -6629,7 +6644,7 @@ int wc_CoseEncrypt_Encrypt(const WOLFCOSE_RECIPIENT* recipients, } else #endif -#ifdef HAVE_AESCCM +#ifdef WOLFCOSE_HAVE_AESCCM if ((ret == WOLFCOSE_SUCCESS) && ((contentAlgId == WOLFCOSE_ALG_AES_CCM_16_64_128) || (contentAlgId == WOLFCOSE_ALG_AES_CCM_16_64_256) || @@ -6665,7 +6680,7 @@ int wc_CoseEncrypt_Encrypt(const WOLFCOSE_RECIPIENT* recipients, } else #endif -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(WOLFCOSE_HAVE_CHACHA20) if ((ret == WOLFCOSE_SUCCESS) && (contentAlgId == WOLFCOSE_ALG_CHACHA20_POLY1305)) { int chRet = wc_ChaCha20Poly1305_Encrypt( @@ -6797,7 +6812,7 @@ int wc_CoseEncrypt_Encrypt(const WOLFCOSE_RECIPIENT* recipients, } /* Cleanup: always scrub CEK material unconditionally */ -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) +#if defined(WOLFCOSE_HAVE_AESGCM) || defined(WOLFCOSE_HAVE_AESCCM) if (aesInited != 0) { (void)wc_AesFree(&aes); } @@ -6845,7 +6860,7 @@ int wc_CoseEncrypt_Decrypt(const WOLFCOSE_RECIPIENT* recipient, size_t encStructLen = 0; size_t recipientsCount = 0; size_t i; -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) +#if defined(WOLFCOSE_HAVE_AESGCM) || defined(WOLFCOSE_HAVE_AESCCM) Aes aes; int aesInited = 0; #endif @@ -7251,7 +7266,7 @@ int wc_CoseEncrypt_Decrypt(const WOLFCOSE_RECIPIENT* recipient, } /* Decrypt with the algorithm declared in the protected header. */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM if ((ret == WOLFCOSE_SUCCESS) && ((alg == WOLFCOSE_ALG_A128GCM) || (alg == WOLFCOSE_ALG_A192GCM) || (alg == WOLFCOSE_ALG_A256GCM))) { @@ -7279,7 +7294,7 @@ int wc_CoseEncrypt_Decrypt(const WOLFCOSE_RECIPIENT* recipient, } else #endif -#ifdef HAVE_AESCCM +#ifdef WOLFCOSE_HAVE_AESCCM if ((ret == WOLFCOSE_SUCCESS) && ((alg == WOLFCOSE_ALG_AES_CCM_16_64_128) || (alg == WOLFCOSE_ALG_AES_CCM_16_64_256) || @@ -7313,7 +7328,7 @@ int wc_CoseEncrypt_Decrypt(const WOLFCOSE_RECIPIENT* recipient, } else #endif -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(WOLFCOSE_HAVE_CHACHA20) if ((ret == WOLFCOSE_SUCCESS) && (alg == WOLFCOSE_ALG_CHACHA20_POLY1305)) { int chRet = wc_ChaCha20Poly1305_Decrypt( @@ -7336,7 +7351,7 @@ int wc_CoseEncrypt_Decrypt(const WOLFCOSE_RECIPIENT* recipient, } /* Cleanup — always runs */ -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) +#if defined(WOLFCOSE_HAVE_AESGCM) || defined(WOLFCOSE_HAVE_AESCCM) if (aesInited != 0) { (void)wc_AesFree(&aes); } @@ -7372,7 +7387,7 @@ int wc_CoseEncrypt_Decrypt(const WOLFCOSE_RECIPIENT* recipient, /* ----- COSE_Mac Multi-Recipient API (RFC 9052 Section 6.1) ----- */ -#if defined(WOLFCOSE_MAC) && (!defined(NO_HMAC) || defined(HAVE_AES_CBC)) +#if defined(WOLFCOSE_MAC) && (defined(WOLFCOSE_HAVE_HMAC) || defined(WOLFCOSE_HAVE_AESMAC)) /** * Build the MAC_structure for COSE_Mac (context = "MAC"): @@ -7425,7 +7440,7 @@ int wc_CoseMac_Create(const WOLFCOSE_RECIPIENT* recipients, const uint8_t* macPayload = NULL; size_t macPayloadLen = 0; size_t i; -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC Hmac hmac; int hashType = 0; int hmacInited = 0; @@ -7504,7 +7519,7 @@ int wc_CoseMac_Create(const WOLFCOSE_RECIPIENT* recipients, } /* Compute MAC: dispatch by algorithm class. */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC if ((ret == WOLFCOSE_SUCCESS) && (wolfCose_IsHmacAlg(macAlgId) != 0)) { if (ret == WOLFCOSE_SUCCESS) { ret = wolfCose_HmacType(macAlgId, &hashType); @@ -7548,8 +7563,8 @@ int wc_CoseMac_Create(const WOLFCOSE_RECIPIENT* recipients, } } else -#endif /* !NO_HMAC */ -#ifdef HAVE_AES_CBC +#endif /* WOLFCOSE_HAVE_HMAC */ +#ifdef WOLFCOSE_HAVE_AESMAC if ((ret == WOLFCOSE_SUCCESS) && (wolfCose_IsAesCbcMacAlg(macAlgId) != 0)) { size_t expectedKeyLen = 0; ret = wolfCose_AesCbcMacKeySize(macAlgId, &expectedKeyLen); @@ -7565,7 +7580,7 @@ int wc_CoseMac_Create(const WOLFCOSE_RECIPIENT* recipients, } } else -#endif /* HAVE_AES_CBC */ +#endif /* WOLFCOSE_HAVE_AESMAC */ if (ret == WOLFCOSE_SUCCESS) { ret = WOLFCOSE_E_COSE_BAD_ALG; } @@ -7668,7 +7683,7 @@ int wc_CoseMac_Create(const WOLFCOSE_RECIPIENT* recipients, *outLen = ctx.idx; } -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC if (hmacInited != 0) { (void)wc_HmacFree(&hmac); } @@ -7715,7 +7730,7 @@ int wc_CoseMac_Verify(const WOLFCOSE_RECIPIENT* recipient, size_t expectedTagLen = 0; uint8_t computedTag[WC_MAX_DIGEST_SIZE]; WOLFCOSE_HDR_STATE hdrState; -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC Hmac hmac; int hashType = 0; int hmacInited = 0; @@ -7908,7 +7923,7 @@ int wc_CoseMac_Verify(const WOLFCOSE_RECIPIENT* recipient, } /* Compute MAC: dispatch by algorithm class. */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC if ((ret == WOLFCOSE_SUCCESS) && (wolfCose_IsHmacAlg(alg) != 0)) { if (ret == WOLFCOSE_SUCCESS) { ret = wolfCose_HmacType(alg, &hashType); @@ -7952,8 +7967,8 @@ int wc_CoseMac_Verify(const WOLFCOSE_RECIPIENT* recipient, } } else -#endif /* !NO_HMAC */ -#ifdef HAVE_AES_CBC +#endif /* WOLFCOSE_HAVE_HMAC */ +#ifdef WOLFCOSE_HAVE_AESMAC if ((ret == WOLFCOSE_SUCCESS) && (wolfCose_IsAesCbcMacAlg(alg) != 0)) { size_t expectedKeyLen = 0; ret = wolfCose_AesCbcMacKeySize(alg, &expectedKeyLen); @@ -7969,7 +7984,7 @@ int wc_CoseMac_Verify(const WOLFCOSE_RECIPIENT* recipient, } } else -#endif /* HAVE_AES_CBC */ +#endif /* WOLFCOSE_HAVE_AESMAC */ if (ret == WOLFCOSE_SUCCESS) { ret = WOLFCOSE_E_COSE_BAD_ALG; } @@ -7985,7 +8000,7 @@ int wc_CoseMac_Verify(const WOLFCOSE_RECIPIENT* recipient, } } -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC if (hmacInited != 0) { (void)wc_HmacFree(&hmac); } @@ -8014,4 +8029,4 @@ int wc_CoseMac_Verify(const WOLFCOSE_RECIPIENT* recipient, } #endif /* WOLFCOSE_MAC_VERIFY */ -#endif /* WOLFCOSE_MAC && (!NO_HMAC || HAVE_AES_CBC) */ +#endif /* WOLFCOSE_MAC && (WOLFCOSE_HAVE_HMAC || WOLFCOSE_HAVE_AESMAC) */ diff --git a/src/wolfcose_internal.h b/src/wolfcose_internal.h index 7c3a9aa..8f8d2b9 100644 --- a/src/wolfcose_internal.h +++ b/src/wolfcose_internal.h @@ -24,13 +24,13 @@ #include #include #include -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) +#if defined(WOLFCOSE_HAVE_AESGCM) || defined(WOLFCOSE_HAVE_AESCCM) #include #endif -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC) #include #endif -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(WOLFCOSE_HAVE_CHACHA20) #include #endif @@ -269,7 +269,7 @@ WOLFCOSE_LOCAL int wolfCose_AeadNonceLen(int32_t alg, size_t* nonceLen); */ WOLFCOSE_LOCAL int wolfCose_AeadTagLen(int32_t alg, size_t* tagLen); -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC) /** * \brief Map COSE HMAC algorithm ID to wolfCrypt HMAC type. * \param alg COSE algorithm ID. @@ -277,9 +277,9 @@ WOLFCOSE_LOCAL int wolfCose_AeadTagLen(int32_t alg, size_t* tagLen); * \return WOLFCOSE_SUCCESS or WOLFCOSE_E_COSE_BAD_ALG. */ WOLFCOSE_LOCAL int wolfCose_HmacType(int32_t alg, int* hmacType); -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ECDSA /** * \brief Sign a hash with ECC, producing raw r||s output. * Wraps wolfCrypt DER signature -> fixed-width r||s conversion. @@ -313,7 +313,7 @@ WOLFCOSE_LOCAL int wolfCose_EccVerifyRaw(const uint8_t* sigBuf, size_t sigLen, const uint8_t* hash, size_t hashLen, size_t coordSz, ecc_key* eccKey, int* verified); -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ECDSA */ #ifdef __cplusplus } diff --git a/tests/test_cose.c b/tests/test_cose.c index cad6ebe..f114ad8 100644 --- a/tests/test_cose.c +++ b/tests/test_cose.c @@ -42,22 +42,22 @@ #include "../src/wolfcose_internal.h" /* For testing internal helpers */ #include "test_suite.h" #include -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 #include #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA #include #endif -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM #include #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 #include #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA #include #endif -#ifdef WC_RSA_PSS +#ifdef WOLFCOSE_HAVE_RSAPSS #include #endif #ifdef WOLFCOSE_TEST_LOG_ENABLE @@ -169,7 +169,7 @@ static void test_cose_key_init(void) TEST_ASSERT(1, "key free null safe"); } -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_cose_key_ecc(void) { WOLFCOSE_KEY key; @@ -240,9 +240,9 @@ static void test_cose_key_ecc(void) (void)wc_ecc_free(&eccKey); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA static void test_cose_key_ed25519(void) { WOLFCOSE_KEY key; @@ -314,7 +314,7 @@ static void test_cose_key_ed25519(void) (void)wc_ed25519_free(&edKey); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ED25519 */ +#endif /* WOLFCOSE_HAVE_EDDSA */ static void test_cose_key_symmetric(void) { @@ -381,7 +381,7 @@ static void test_cose_key_symmetric(void) } /* ----- COSE_Sign1 tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_cose_sign1_ecc(const char* label, int32_t alg, int32_t crv, int keySz) { @@ -523,9 +523,9 @@ static void test_cose_sign1_ecc(const char* label, int32_t alg, int32_t crv, (void)wc_FreeRng(&rng); } } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA static void test_cose_sign1_eddsa(void) { WOLFCOSE_KEY signKey; @@ -610,9 +610,9 @@ static void test_cose_sign1_eddsa(void) (void)wc_FreeRng(&rng); } } -#endif /* HAVE_ED25519 */ +#endif /* WOLFCOSE_HAVE_EDDSA */ -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 static void test_cose_sign1_ed448(void) { WOLFCOSE_KEY signKey; @@ -732,10 +732,10 @@ static void test_cose_sign1_ed448(void) (void)wc_FreeRng(&rng); } } -#endif /* HAVE_ED448 */ +#endif /* WOLFCOSE_HAVE_ED448 */ /* ----- COSE_Encrypt0 tests ----- */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static void test_cose_encrypt0_a128gcm(void) { WOLFCOSE_KEY key; @@ -943,10 +943,10 @@ static void test_cose_encrypt0_with_aad(void) plaintext, sizeof(plaintext), &plaintextLen); TEST_ASSERT(ret != 0, "enc0 missing aad fails"); } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ /* ----- COSE_Encrypt0 ChaCha20-Poly1305 tests ----- */ -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(WOLFCOSE_HAVE_CHACHA20) static void test_cose_encrypt0_chacha20(void) { WOLFCOSE_KEY key; @@ -1100,10 +1100,10 @@ static void test_cose_encrypt0_chacha20_with_aad(void) plaintext, sizeof(plaintext), &plaintextLen); TEST_ASSERT(ret != 0, "enc0 chacha20 missing aad fails"); } -#endif /* HAVE_CHACHA && HAVE_POLY1305 */ +#endif /* WOLFCOSE_HAVE_CHACHA20 && WOLFCOSE_HAVE_CHACHA20 */ /* ----- COSE_Encrypt0 AES-CCM tests ----- */ -#ifdef HAVE_AESCCM +#ifdef WOLFCOSE_HAVE_AESCCM static void test_cose_encrypt0_aes_ccm(void) { WOLFCOSE_KEY key; @@ -1296,10 +1296,10 @@ static void test_cose_aes_ccm_all_params(void) "ccm sweep multi roundtrip"); } } -#endif /* HAVE_AESCCM */ +#endif /* WOLFCOSE_HAVE_AESCCM */ /* ----- COSE_Sign1 RSA-PSS tests ----- */ -#if defined(WC_RSA_PSS) && defined(WOLFSSL_KEY_GEN) +#if defined(WOLFCOSE_HAVE_RSAPSS) && defined(WOLFSSL_KEY_GEN) static void test_cose_sign1_pss(const char* label, int32_t alg) { WOLFCOSE_KEY signKey; @@ -1395,10 +1395,10 @@ static void test_cose_sign1_pss(const char* label, int32_t alg) (void)wc_FreeRng(&rng); } } -#endif /* WC_RSA_PSS && WOLFSSL_KEY_GEN */ +#endif /* WOLFCOSE_HAVE_RSAPSS && WOLFSSL_KEY_GEN */ -/* ----- COSE_Sign1 ML-DSA (ML-DSA) tests ----- */ -#ifdef WOLFSSL_HAVE_MLDSA +/* ----- COSE_Sign1 ML-DSA tests ----- */ +#ifdef WOLFCOSE_HAVE_MLDSA static void test_cose_sign1_ml_dsa(const char* label, int32_t alg, byte level) { WOLFCOSE_KEY signKey; @@ -1560,10 +1560,10 @@ static void test_cose_sign1_ml_dsa_level_mismatch(void) if (dlInited != 0) { (void)wc_MlDsaKey_Free(&dlKey); } if (rngInited != 0) { (void)wc_FreeRng(&rng); } } -#endif /* WOLFSSL_HAVE_MLDSA */ +#endif /* WOLFCOSE_HAVE_MLDSA */ /* ----- COSE_Sign1 with external AAD ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_cose_sign1_with_aad(void) { WOLFCOSE_KEY key; @@ -1643,7 +1643,7 @@ static void test_cose_sign1_with_aad(void) #endif /* ----- COSE_Key RSA encode/decode round-trip ----- */ -#if defined(WC_RSA_PSS) && defined(WOLFSSL_KEY_GEN) +#if defined(WOLFCOSE_HAVE_RSAPSS) && defined(WOLFSSL_KEY_GEN) static void test_cose_key_rsa(void) { WOLFCOSE_KEY key; @@ -1776,10 +1776,10 @@ static void test_cose_key_rsa_scratch_scrubbed(void) (void)wc_FreeRsaKey(&rsaKey); (void)wc_FreeRng(&rng); } -#endif /* WC_RSA_PSS && WOLFSSL_KEY_GEN */ +#endif /* WOLFCOSE_HAVE_RSAPSS && WOLFSSL_KEY_GEN */ /* ----- COSE_Key ML-DSA encode/decode round-trip ----- */ -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA static void test_cose_key_mldsa(const char* label, int32_t alg, int level) { @@ -1872,10 +1872,10 @@ static void test_cose_key_mldsa(const char* label, int32_t alg, (void)wc_MlDsaKey_Free(&dlKey); (void)wc_FreeRng(&rng); } -#endif /* WOLFSSL_HAVE_MLDSA */ +#endif /* WOLFCOSE_HAVE_MLDSA */ /* ----- COSE_Mac0 tests ----- */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 static void test_cose_mac0_hmac256(void) { WOLFCOSE_KEY key; @@ -1996,6 +1996,7 @@ static void test_cose_mac0_short_hmac_key(void) "mac0 short hmac key rejected"); } +#ifdef WOLFCOSE_MAC static void test_cose_mac_payload_validation(void) { WOLFCOSE_KEY key; @@ -2032,6 +2033,7 @@ static void test_cose_mac_payload_validation(void) TEST_ASSERT(ret == WOLFCOSE_E_INVALID_ARG, "mac both payloads rejected"); } +#endif /* WOLFCOSE_MAC */ static void test_cose_mac0_empty_inline_payload(void) { @@ -2069,6 +2071,7 @@ static void test_cose_mac0_empty_inline_payload(void) "mac0 empty payload not detached"); } +#ifdef WOLFCOSE_MAC static void test_cose_mac_multi_per_recipient(void) { WOLFCOSE_KEY key; @@ -2113,8 +2116,9 @@ static void test_cose_mac_multi_per_recipient(void) "multi recipient mac payload len"); } } +#endif /* WOLFCOSE_MAC */ -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_HMAC384 static void test_cose_mac0_hmac384(void) { WOLFCOSE_KEY key; @@ -2150,9 +2154,9 @@ static void test_cose_mac0_hmac384(void) TEST_ASSERT(ret == 0, "mac0 hmac384 verify"); TEST_ASSERT(hdr.alg == WOLFCOSE_ALG_HMAC_384_384, "mac0 hmac384 hdr alg"); } -#endif /* WOLFSSL_SHA384 */ +#endif /* WOLFCOSE_HAVE_HMAC384 */ -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_HMAC512 static void test_cose_mac0_hmac512(void) { WOLFCOSE_KEY key; @@ -2188,7 +2192,7 @@ static void test_cose_mac0_hmac512(void) TEST_ASSERT(ret == 0, "mac0 hmac512 verify"); TEST_ASSERT(hdr.alg == WOLFCOSE_ALG_HMAC_512_512, "mac0 hmac512 hdr alg"); } -#endif /* WOLFSSL_SHA512 */ +#endif /* WOLFCOSE_HAVE_HMAC512 */ static void test_cose_mac0_with_aad(void) { @@ -2250,11 +2254,11 @@ static void test_cose_mac0_with_aad(void) &decPayload, &decPayloadLen); TEST_ASSERT(ret == WOLFCOSE_E_MAC_FAIL, "mac0 missing aad fails"); } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ /* ----- Hardened / error-path / boundary tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_cose_sign1_buffer_too_small(void) { WOLFCOSE_KEY key; @@ -2420,9 +2424,9 @@ static void test_cose_sign1_detached(void) (void)wc_FreeRng(&rng); } } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static void test_cose_encrypt0_buffer_errors(void) { WOLFCOSE_KEY key; @@ -2481,9 +2485,9 @@ static void test_cose_encrypt0_buffer_errors(void) wc_CoseKey_Free(&key); } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC256) static void test_cose_mac0_buffer_errors(void) { WOLFCOSE_KEY key; @@ -2537,7 +2541,7 @@ static void test_cose_mac0_buffer_errors(void) wc_CoseKey_Free(&key); } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ static void test_cose_key_encode_errors(void) { @@ -2585,7 +2589,7 @@ static void test_cose_key_encode_errors(void) ret = wc_CoseKey_Decode(&key, NULL, sizeof(buf)); TEST_ASSERT(ret == WOLFCOSE_E_INVALID_ARG, "decode null buf"); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 /* ECC key encode with buffer too small */ /* empty-brace-scan: allow - test-local temporary scope */ { @@ -2608,7 +2612,7 @@ static void test_cose_key_encode_errors(void) } #endif -#if defined(WC_RSA_PSS) && defined(WOLFSSL_KEY_GEN) +#if defined(WOLFCOSE_HAVE_RSAPSS) && defined(WOLFSSL_KEY_GEN) /* RSA key encode with buffer too small */ /* empty-brace-scan: allow - test-local temporary scope */ { @@ -2635,7 +2639,7 @@ static void test_cose_key_encode_errors(void) } #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA /* ML-DSA key encode with buffer too small */ /* empty-brace-scan: allow - test-local temporary scope */ { @@ -2660,7 +2664,7 @@ static void test_cose_key_encode_errors(void) #endif } -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA static void test_cose_key_set_mldsa_errors(void) { WOLFCOSE_KEY key; @@ -2686,9 +2690,9 @@ static void test_cose_key_set_mldsa_errors(void) (void)wc_MlDsaKey_Free(&dlKey); } -#endif /* WOLFSSL_HAVE_MLDSA */ +#endif /* WOLFCOSE_HAVE_MLDSA */ -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA static void test_cose_key_ed25519_public_only(void) { WOLFCOSE_KEY key, key2; @@ -2756,9 +2760,9 @@ static void test_cose_key_ed25519_public_only(void) (void)wc_ed25519_free(&edKey2); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ED25519 */ +#endif /* WOLFCOSE_HAVE_EDDSA */ -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 static void test_cose_key_ed448_public_only(void) { WOLFCOSE_KEY key; @@ -2799,9 +2803,9 @@ static void test_cose_key_ed448_public_only(void) (void)wc_ed448_free(&edKey2); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ED448 */ +#endif /* WOLFCOSE_HAVE_ED448 */ -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA static void test_cose_key_mldsa_public_only(void) { WOLFCOSE_KEY key; @@ -2875,9 +2879,9 @@ static void test_cose_key_mldsa_public_only(void) (void)wc_MlDsaKey_Free(&dlKey2); (void)wc_FreeRng(&rng); } -#endif /* WOLFSSL_HAVE_MLDSA */ +#endif /* WOLFCOSE_HAVE_MLDSA */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 /* Test ECC public-only key decode (no d label) */ static void test_cose_key_ecc_public_only(void) { @@ -2920,7 +2924,7 @@ static void test_cose_key_ecc_public_only(void) (void)wc_ecc_free(&eccKey2); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ /* Test COSE_Key decode with kid and alg labels */ static void test_cose_key_decode_optional_labels(void) @@ -2970,7 +2974,7 @@ static void test_cose_key_decode_optional_labels(void) /* ----- RFC 9052 interop test vectors (cose-wg/Examples) ----- */ /* ECDSA-01: P-256 / ES256 Sign1 (ecdsa-sig-01.json) */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_rfc_sign1_ecdsa_01(void) { /* Known P-256 public key (x, y from test vector) */ @@ -3048,10 +3052,10 @@ static void test_rfc_sign1_ecdsa_01(void) wc_CoseKey_Free(&key); (void)wc_ecc_free(&eccKey); } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ /* HMAC-01: HMAC-SHA256 Mac0 (mac0-tests/HMac-01.json) */ -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC256) static void test_rfc_mac0_hmac_01(void) { /* Known HMAC-SHA256 symmetric key (32 bytes) */ @@ -3101,9 +3105,9 @@ static void test_rfc_mac0_hmac_01(void) wc_CoseKey_Free(&key); } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static void test_cose_encrypt0_detached(void) { WOLFCOSE_KEY key; @@ -3175,9 +3179,9 @@ static void test_cose_encrypt0_detached(void) TEST_ASSERT(ret != 0, "enc0 detached tampered ct fails"); } } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 static void test_cose_mac0_detached(void) { WOLFCOSE_KEY key; @@ -3294,9 +3298,9 @@ static void test_cose_mac0_detached_with_aad(void) TEST_ASSERT(ret == WOLFCOSE_E_MAC_FAIL, "mac0 detached wrong aad fails"); } } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ -#ifdef HAVE_AES_CBC +#ifdef WOLFCOSE_HAVE_AESMAC /** * Test AES-CBC-MAC algorithms (RFC 9053 Section 3.2) */ @@ -3567,10 +3571,10 @@ static void test_cose_mac0_aes_cbc_mac_detached(void) TEST_ASSERT(ret == WOLFCOSE_E_MAC_FAIL, "mac0 aes detached wrong payload fails"); } } -#endif /* HAVE_AES_CBC */ +#endif /* WOLFCOSE_HAVE_AESMAC */ /* ----- COSE_Sign Multi-Signer Tests (RFC 9052 Section 4.1) ----- */ -#if defined(WOLFCOSE_SIGN) && defined(HAVE_ECC) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) static void test_cose_sign_multi_signer(void) { WOLFCOSE_KEY key1, key2; @@ -3703,7 +3707,7 @@ static void test_cose_sign_multi_signer(void) (void)wc_FreeRng(&rng); } -#if defined(WOLFSSL_HAVE_MLDSA) && defined(WOLFCOSE_SIGN) +#if defined(WOLFCOSE_HAVE_MLDSA) && defined(WOLFCOSE_SIGN) static void test_cose_sign_ml_dsa_level_mismatch(void) { WOLFCOSE_KEY signKey; @@ -4167,7 +4171,7 @@ static void test_cose_sign_detached(void) (void)wc_FreeRng(&rng); } -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA static void test_cose_sign_mixed_algorithms(void) { WOLFCOSE_KEY keyEc, keyEd; @@ -4272,11 +4276,11 @@ static void test_cose_sign_mixed_algorithms(void) (void)wc_ed25519_free(&edKey); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ED25519 */ -#endif /* WOLFCOSE_SIGN && HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_EDDSA */ +#endif /* WOLFCOSE_SIGN && WOLFCOSE_HAVE_ES256 */ /* ----- COSE_Encrypt Multi-Recipient Tests (RFC 9052 Section 5.1) ----- */ -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) && \ +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) && \ defined(WOLFCOSE_KEY_WRAP) static int mutate_first_recipient_protected_alg(uint8_t* msg, size_t msgLen, uint8_t algByte) @@ -4287,7 +4291,7 @@ static int mutate_first_recipient_protected_alg(uint8_t* msg, size_t msgLen, uint64_t tag = 0; const uint8_t* protectedData = NULL; size_t protectedLen = 0; - size_t protectedOffset = 0u; + size_t protectedOffset; (void)XMEMSET(&ctx, 0, sizeof(ctx)); ctx.cbuf = msg; @@ -4775,7 +4779,7 @@ static void test_cose_encrypt_direct_multi_key_alg_mismatch(void) wc_CoseKey_Free(&key2); } -#if defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(HAVE_ECC) && defined(HAVE_HKDF) +#if defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(WOLFCOSE_HAVE_ES256) && defined(HAVE_HKDF) /** * Test ECDH-ES (Ephemeral-Static) encryption and decryption. * - Encrypt with recipient's EC public key @@ -5177,7 +5181,7 @@ static void test_cose_encrypt_ecdh_es_wrong_key_type(void) (void)wc_FreeRng(&rng); } -#endif /* WOLFCOSE_ECDH_ES_DIRECT && HAVE_ECC && HAVE_HKDF */ +#endif /* WOLFCOSE_ECDH_ES_DIRECT && WOLFCOSE_HAVE_ES256 && HAVE_HKDF */ #if defined(WOLFCOSE_KEY_WRAP) /** @@ -5185,7 +5189,7 @@ static void test_cose_encrypt_ecdh_es_wrong_key_type(void) */ static void test_cose_encrypt_kw_wrong_key_type(void) { -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 WOLFCOSE_KEY eccKey; WOLFCOSE_RECIPIENT recipient; ecc_key key; @@ -5228,7 +5232,7 @@ static void test_cose_encrypt_kw_wrong_key_type(void) (void)wc_ecc_free(&key); (void)wc_FreeRng(&rng); -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ } /** @@ -5741,7 +5745,7 @@ static void test_cose_encrypt_kw_wrong_keysize(void) * Test COSE_Encrypt with direct key mode (algId=0) using wrong key type (ECC). * This tests the direct key path in multi-recipient encryption. */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_cose_encrypt_direct_wrong_key_type(void) { WOLFCOSE_KEY eccKey; @@ -5787,12 +5791,12 @@ static void test_cose_encrypt_direct_wrong_key_type(void) (void)wc_ecc_free(&key); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#endif /* WOLFCOSE_ENCRYPT && HAVE_AESGCM */ +#endif /* WOLFCOSE_ENCRYPT && WOLFCOSE_HAVE_AESGCM */ /* ----- COSE_Mac Multi-Recipient Tests (RFC 9052 Section 6.1) ----- */ -#if defined(WOLFCOSE_MAC) && !defined(NO_HMAC) +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) static void test_cose_mac_multi_recipient(void) { WOLFCOSE_KEY key1, key2; @@ -6125,7 +6129,7 @@ static void test_cose_mac_detached(void) /** * Test COSE_Mac with wrong key type (ECC key should fail) */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_cose_mac_wrong_key_type(void) { WOLFCOSE_KEY eccKey; @@ -6168,11 +6172,11 @@ static void test_cose_mac_wrong_key_type(void) (void)wc_ecc_free(&key); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ECC */ -#endif /* WOLFCOSE_MAC && !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_ES256 */ +#endif /* WOLFCOSE_MAC && WOLFCOSE_HAVE_HMAC256 */ /* ----- Phase 1: Algorithm Combination Tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES384 static void test_cose_sign1_es384(void) { WOLFCOSE_KEY key; @@ -6239,7 +6243,9 @@ static void test_cose_sign1_es384(void) (void)wc_FreeRng(&rng); } } +#endif /* WOLFCOSE_HAVE_ES384 */ +#ifdef WOLFCOSE_HAVE_ES512 static void test_cose_sign1_es512(void) { WOLFCOSE_KEY key; @@ -6305,9 +6311,9 @@ static void test_cose_sign1_es512(void) (void)wc_FreeRng(&rng); } } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES512 */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static void test_cose_encrypt0_a192gcm(void) { WOLFCOSE_KEY key; @@ -6355,13 +6361,13 @@ static void test_cose_encrypt0_a192gcm(void) memcmp(plaintext, payload, plaintextLen) == 0, "enc0 a192gcm payload match"); } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ /* ----- * Phase 3B: Negative Crypto Tests (Tamper Detection) * Critical security tests - must detect single-byte tampering * ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_cose_sign1_tampered_sig_byte(void) { WOLFCOSE_KEY key; @@ -6740,9 +6746,9 @@ static void test_cose_sign1_truncated_sig(void) (void)wc_FreeRng(&rng); } } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static void test_cose_encrypt0_tampered_ct_byte(void) { WOLFCOSE_KEY key; @@ -6880,9 +6886,9 @@ static void test_cose_encrypt0_wrong_key(void) plaintext, sizeof(plaintext), &plaintextLen); TEST_ASSERT(ret == WOLFCOSE_E_COSE_DECRYPT_FAIL, "wrong key detected"); } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 static void test_cose_mac0_tampered_tag_byte(void) { WOLFCOSE_KEY key; @@ -6964,10 +6970,10 @@ static void test_cose_mac0_truncated_tag(void) &hdr, &decPayload, &decPayloadLen); TEST_ASSERT(ret != 0, "truncated MAC tag detected"); } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ /* ----- Phase 3A: Boundary Condition Tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_cose_empty_payload(void) { WOLFCOSE_KEY key; @@ -7235,10 +7241,10 @@ static void test_cose_long_kid(void) (void)wc_FreeRng(&rng); } } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ /* ----- Phase 3E: Buffer Overflow Prevention Tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_cose_sign_output_too_small(void) { WOLFCOSE_KEY key; @@ -7340,9 +7346,9 @@ static void test_cose_sign_scratch_too_small(void) (void)wc_FreeRng(&rng); } } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static void test_cose_encrypt_output_too_small(void) { WOLFCOSE_KEY key; @@ -7373,10 +7379,10 @@ static void test_cose_encrypt_output_too_small(void) out, sizeof(out), &outLen); TEST_ASSERT(ret == WOLFCOSE_E_BUFFER_TOO_SMALL, "small encrypt buffer detected"); } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ /* ----- Phase 3C: Malformed CBOR Input Tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_decode_truncated_message(void) { WOLFCOSE_KEY key; @@ -7507,12 +7513,12 @@ static void test_decode_wrong_tag(void) (void)wc_FreeRng(&rng); } } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ /* ----- Additional coverage tests ----- */ /* Test bad/unsupported algorithm handling */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_cose_bad_algorithm(void) { WOLFCOSE_KEY key; @@ -7617,7 +7623,7 @@ static void test_cose_null_params(void) ret = wc_CoseKey_Decode(&key, NULL, sizeof(data)); TEST_ASSERT(ret == WOLFCOSE_E_INVALID_ARG, "decode null data"); -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM /* Encrypt0 with NULL params */ (void)wc_CoseKey_SetSymmetric(&key, data, 16); ret = wc_CoseEncrypt0_Encrypt(NULL, WOLFCOSE_ALG_A128GCM, @@ -7683,7 +7689,7 @@ static void test_cose_null_params(void) } #endif -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC256) /* Mac0 with NULL params */ (void)wc_CoseKey_SetSymmetric(&key, data, 32); ret = wc_CoseMac0_Create(NULL, WOLFCOSE_ALG_HMAC_256_256, @@ -7737,7 +7743,7 @@ static void test_cose_null_params(void) #endif /* Test SetEcc with NULL */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 ret = wc_CoseKey_SetEcc(NULL, WOLFCOSE_CRV_P256, NULL); TEST_ASSERT(ret == WOLFCOSE_E_INVALID_ARG, "SetEcc null key"); @@ -7746,7 +7752,7 @@ static void test_cose_null_params(void) #endif /* Test SetEd25519 with NULL */ -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA ret = wc_CoseKey_SetEd25519(NULL, NULL); TEST_ASSERT(ret == WOLFCOSE_E_INVALID_ARG, "SetEd25519 null key"); @@ -7755,7 +7761,7 @@ static void test_cose_null_params(void) #endif /* Test SetEd448 with NULL */ -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 ret = wc_CoseKey_SetEd448(NULL, NULL); TEST_ASSERT(ret == WOLFCOSE_E_INVALID_ARG, "SetEd448 null key"); @@ -7764,7 +7770,7 @@ static void test_cose_null_params(void) #endif /* Test SetRsa with NULL */ -#ifdef WC_RSA_PSS +#ifdef WOLFCOSE_HAVE_RSAPSS ret = wc_CoseKey_SetRsa(NULL, NULL); TEST_ASSERT(ret == WOLFCOSE_E_INVALID_ARG, "SetRsa null key"); @@ -7773,7 +7779,7 @@ static void test_cose_null_params(void) #endif /* Test SetMlDsa with NULL */ -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA ret = wc_CoseKey_SetMlDsa(NULL, WOLFCOSE_ALG_ML_DSA_44, NULL); TEST_ASSERT(ret == WOLFCOSE_E_INVALID_ARG, "SetMlDsa null key"); @@ -7798,7 +7804,7 @@ static void test_cose_invalid_algorithms(void) (void)wc_CoseKey_Init(&key); (void)wc_CoseKey_SetSymmetric(&key, data, 16); -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM /* Invalid algorithm ID for Encrypt0 */ ret = wc_CoseEncrypt0_Encrypt(&key, 9999, /* invalid alg */ iv, sizeof(iv), data, 16, NULL, 0, NULL, NULL, 0, @@ -7811,7 +7817,7 @@ static void test_cose_invalid_algorithms(void) TEST_ASSERT(ret != 0, "enc0 neg invalid alg rejected"); #endif -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC256) /* Invalid algorithm ID for Mac0 */ (void)wc_CoseKey_SetSymmetric(&key, data, 32); ret = wc_CoseMac0_Create(&key, 9999, /* invalid alg */ @@ -7826,7 +7832,7 @@ static void test_cose_error_paths(void) { TEST_LOG(" [Comprehensive Error Path Tests]\n"); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 /* Test Sign1 with wrong key type (symmetric key for ECC algorithm) */ /* empty-brace-scan: allow - test-local temporary scope */ { @@ -7853,11 +7859,11 @@ static void test_cose_error_paths(void) (void)wc_FreeRng(&rng); } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC256) /* Test Mac0 with wrong key type (ECC key for HMAC) */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 /* empty-brace-scan: allow - test-local temporary scope */ { WOLFCOSE_KEY eccKey; @@ -7887,7 +7893,7 @@ static void test_cose_error_paths(void) (void)wc_ecc_free(&key); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ /* Test Mac0 verify with wrong key */ /* empty-brace-scan: allow - test-local temporary scope */ @@ -7971,11 +7977,11 @@ static void test_cose_error_paths(void) &hdr, &decPayload, &decPayloadLen); TEST_ASSERT(ret == WOLFCOSE_E_MAC_FAIL, "mac0 corrupted tag fails"); } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM /* Test Encrypt0 with wrong key type */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 /* empty-brace-scan: allow - test-local temporary scope */ { WOLFCOSE_KEY eccKey; @@ -8007,7 +8013,7 @@ static void test_cose_error_paths(void) (void)wc_ecc_free(&key); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ /* Test Encrypt0 decrypt with wrong key */ /* empty-brace-scan: allow - test-local temporary scope */ @@ -8090,9 +8096,9 @@ static void test_cose_error_paths(void) &hdr, plaintext, sizeof(plaintext), &plaintextLen); TEST_ASSERT(ret != 0, "enc0 corrupted ct fails"); } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 /* Test Sign1 verify with wrong key */ /* empty-brace-scan: allow - test-local temporary scope */ { @@ -8184,10 +8190,10 @@ static void test_cose_error_paths(void) (void)wc_ecc_free(&eccKey); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ /* Test malformed COSE messages */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 /* empty-brace-scan: allow - test-local temporary scope */ { WOLFCOSE_KEY key; @@ -8242,10 +8248,10 @@ static void test_cose_error_paths(void) (void)wc_ecc_free(&eccKey); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ /* Test buffer too small for sign output */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 /* empty-brace-scan: allow - test-local temporary scope */ { WOLFCOSE_KEY key; @@ -8274,9 +8280,9 @@ static void test_cose_error_paths(void) (void)wc_ecc_free(&eccKey); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM /* Test buffer too small for encrypt output */ /* empty-brace-scan: allow - test-local temporary scope */ { @@ -8302,7 +8308,7 @@ static void test_cose_error_paths(void) } #endif -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC256) /* Test buffer too small for mac output */ /* empty-brace-scan: allow - test-local temporary scope */ { @@ -8327,7 +8333,7 @@ static void test_cose_error_paths(void) #endif /* Test key decode with malformed/missing data */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 /* empty-brace-scan: allow - test-local temporary scope */ { /* ECC key with kty but missing x/y coordinates */ @@ -8351,7 +8357,7 @@ static void test_cose_error_paths(void) } #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA /* empty-brace-scan: allow - test-local temporary scope */ { /* EdDSA key with kty but missing x coordinate */ @@ -8394,7 +8400,7 @@ static void test_cose_error_paths(void) } /* Test header edge cases (partial_iv, alg in unprotected header) */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static void test_cose_header_edge_cases(void) { TEST_LOG(" [Header Edge Cases]\n"); @@ -8458,7 +8464,7 @@ static void test_cose_header_edge_cases(void) (void)wc_CoseKey_SetSymmetric(&key, keyData, sizeof(keyData)); } } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ /* Test COSE_Key with KID field */ static void test_cose_key_with_kid(void) @@ -8501,7 +8507,7 @@ static void test_cose_key_with_kid(void) } } -#ifdef HAVE_ECC +#if defined(WOLFCOSE_HAVE_ES384) || defined(WOLFCOSE_HAVE_ES512) /* Test COSE_Key ECC with P-384 and P-521 curves */ static void test_cose_key_ecc_curves(void) { @@ -8517,7 +8523,7 @@ static void test_cose_key_ecc_curves(void) ret = wc_InitRng(&rng); if (ret != 0) { TEST_ASSERT(0, "rng init"); return; } -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_ES384 /* Test P-384 */ wc_ecc_init(&eccKey); ret = wc_ecc_make_key(&rng, 48, &eccKey); /* 48 bytes = 384 bits */ @@ -8542,7 +8548,7 @@ static void test_cose_key_ecc_curves(void) (void)wc_ecc_free(&eccKey); #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_ES512 /* Test P-521 */ wc_ecc_init(&eccKey); ret = wc_ecc_make_key(&rng, 66, &eccKey); /* 66 bytes = 521 bits */ @@ -8571,7 +8577,7 @@ static void test_cose_key_ecc_curves(void) } #endif -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM /* Test Encrypt0 with all AES-GCM key sizes */ static void test_cose_encrypt0_key_sizes(void) { @@ -8649,7 +8655,7 @@ static void test_cose_encrypt0_key_sizes(void) } #endif -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 /* Test Mac0 with different HMAC key sizes */ static void test_cose_mac0_key_sizes(void) { @@ -9296,7 +9302,7 @@ static void test_cose_oversized_int_narrowing(void) "CoseKey_Decode rejects oversized kty"); } -#ifdef HAVE_ECC +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) static void test_cose_sign_dup_signer_unprot_hdr(void) { WOLFCOSE_KEY key; @@ -9343,9 +9349,9 @@ static void test_cose_sign_dup_signer_unprot_hdr(void) if (eccInited != 0) { (void)wc_ecc_free(&eccKey); } if (rngInited != 0) { (void)wc_FreeRng(&rng); } } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_SIGN && WOLFCOSE_HAVE_ES256 */ -#ifndef NO_HMAC +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) static void test_cose_mac_dup_recipient_unprot_hdr(void) { WOLFCOSE_KEY key; @@ -9384,9 +9390,9 @@ static void test_cose_mac_dup_recipient_unprot_hdr(void) TEST_ASSERT(ret == WOLFCOSE_E_CBOR_MALFORMED, "dup recipient unprotected label rejected (mac)"); } -#endif /* NO_HMAC */ +#endif /* WOLFCOSE_MAC && WOLFCOSE_HAVE_HMAC256 */ -#ifdef HAVE_AESGCM +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) static void test_cose_encrypt_dup_recipient_unprot_hdr(void) { WOLFCOSE_KEY key; @@ -9612,7 +9618,7 @@ static void test_cose_encrypt_multi_per_recipient(void) "multi recipient payload match"); } } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_ENCRYPT && WOLFCOSE_HAVE_AESGCM */ static void test_cose_protected_hdr_content_type(void) { @@ -9820,7 +9826,7 @@ static void test_cose_iv_partial_iv(void) } /* ----- Signature path compliance tests ----- */ -#if defined(HAVE_ECC) && defined(WOLFCOSE_SIGN1_SIGN) +#if defined(WOLFCOSE_HAVE_ES256) && defined(WOLFCOSE_SIGN1_SIGN) static void test_cose_sign1_alg_curve_mismatch(void) { WOLFCOSE_KEY key; @@ -9915,9 +9921,9 @@ static void test_cose_sign1_inconsistent_kid(void) (void)wc_ecc_free(&eccKey); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ECC && WOLFCOSE_SIGN1_SIGN */ +#endif /* WOLFCOSE_HAVE_ES256 && WOLFCOSE_SIGN1_SIGN */ -#if defined(WOLFCOSE_SIGN) && defined(HAVE_ECC) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) static void test_cose_sign_multi_public_only_key(void) { WOLFCOSE_KEY key1, key2; @@ -9974,9 +9980,9 @@ static void test_cose_sign_multi_public_only_key(void) (void)wc_ecc_free(&eccKey2); (void)wc_FreeRng(&rng); } -#endif /* WOLFCOSE_SIGN && HAVE_ECC */ +#endif /* WOLFCOSE_SIGN && WOLFCOSE_HAVE_ES256 */ -#if defined(HAVE_AESGCM) && defined(WOLFCOSE_ENCRYPT0_ENCRYPT) && defined(WOLFCOSE_ENCRYPT0_DECRYPT) +#if defined(WOLFCOSE_HAVE_AESGCM) && defined(WOLFCOSE_ENCRYPT0_ENCRYPT) && defined(WOLFCOSE_ENCRYPT0_DECRYPT) static void test_cose_encrypt0_nonce_length(void) { WOLFCOSE_KEY key; @@ -10057,8 +10063,9 @@ static void test_cose_encrypt0_empty_payload_roundtrip(void) wc_CoseKey_Free(&encKey); wc_CoseKey_Free(&decKey); } -#endif /* HAVE_AESGCM && encrypt0 */ +#endif /* WOLFCOSE_HAVE_AESGCM && encrypt0 */ +#ifdef WOLFCOSE_HAVE_HMAC256 static void test_cose_hmac_type_constants(void) { int ret; @@ -10066,22 +10073,23 @@ static void test_cose_hmac_type_constants(void) TEST_LOG(" [HmacType constants]\n"); -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 ret = wolfCose_HmacType(WOLFCOSE_ALG_HMAC_256_256, &hmacType); TEST_ASSERT((ret == WOLFCOSE_SUCCESS) && (hmacType == WC_SHA256), "HmacType HMAC-256 -> WC_SHA256"); -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_HMAC384 ret = wolfCose_HmacType(WOLFCOSE_ALG_HMAC_384_384, &hmacType); TEST_ASSERT((ret == WOLFCOSE_SUCCESS) && (hmacType == WC_SHA384), "HmacType HMAC-384 -> WC_SHA384"); #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_HMAC512 ret = wolfCose_HmacType(WOLFCOSE_ALG_HMAC_512_512, &hmacType); TEST_ASSERT((ret == WOLFCOSE_SUCCESS) && (hmacType == WC_SHA512), "HmacType HMAC-512 -> WC_SHA512"); #endif -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ } +#endif /* test_cose_hmac_type_constants */ static void test_cose_aead_tag_len(void) { @@ -10090,7 +10098,7 @@ static void test_cose_aead_tag_len(void) TEST_LOG(" [AeadTagLen constants]\n"); -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM ret = wolfCose_AeadTagLen(WOLFCOSE_ALG_A128GCM, &tagLen); TEST_ASSERT((ret == WOLFCOSE_SUCCESS) && (tagLen == 16u), "A128GCM tag length"); @@ -10098,7 +10106,7 @@ static void test_cose_aead_tag_len(void) TEST_ASSERT((ret == WOLFCOSE_SUCCESS) && (tagLen == 16u), "A256GCM tag length"); #endif -#ifdef HAVE_AESCCM +#ifdef WOLFCOSE_HAVE_AESCCM ret = wolfCose_AeadTagLen(WOLFCOSE_ALG_AES_CCM_16_64_128, &tagLen); TEST_ASSERT((ret == WOLFCOSE_SUCCESS) && (tagLen == 8u), "AES-CCM-64 short tag length"); @@ -10106,7 +10114,7 @@ static void test_cose_aead_tag_len(void) TEST_ASSERT((ret == WOLFCOSE_SUCCESS) && (tagLen == 16u), "AES-CCM-128 tag length"); #endif -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(WOLFCOSE_HAVE_CHACHA20) ret = wolfCose_AeadTagLen(WOLFCOSE_ALG_CHACHA20_POLY1305, &tagLen); TEST_ASSERT((ret == WOLFCOSE_SUCCESS) && (tagLen == 16u), "ChaCha20-Poly1305 tag length"); @@ -10120,36 +10128,36 @@ static void test_cose_alg_to_hash_constants(void) TEST_LOG(" [Algorithm-to-hash constants]\n"); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 ret = wolfCose_AlgToHashType(WOLFCOSE_ALG_ES256, &ht); TEST_ASSERT((ret == WOLFCOSE_SUCCESS) && (ht == WC_HASH_TYPE_SHA256), "AlgToHashType ES256 -> SHA-256"); -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_ES384 ret = wolfCose_AlgToHashType(WOLFCOSE_ALG_ES384, &ht); TEST_ASSERT((ret == WOLFCOSE_SUCCESS) && (ht == WC_HASH_TYPE_SHA384), "AlgToHashType ES384 -> SHA-384"); #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_ES512 ret = wolfCose_AlgToHashType(WOLFCOSE_ALG_ES512, &ht); TEST_ASSERT((ret == WOLFCOSE_SUCCESS) && (ht == WC_HASH_TYPE_SHA512), "AlgToHashType ES512 -> SHA-512"); #endif -#endif /* HAVE_ECC */ -#ifdef WC_RSA_PSS +#endif /* WOLFCOSE_HAVE_ES256 */ +#ifdef WOLFCOSE_HAVE_RSAPSS ret = wolfCose_AlgToHashType(WOLFCOSE_ALG_PS256, &ht); TEST_ASSERT((ret == WOLFCOSE_SUCCESS) && (ht == WC_HASH_TYPE_SHA256), "AlgToHashType PS256 -> SHA-256"); -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_PS384 ret = wolfCose_AlgToHashType(WOLFCOSE_ALG_PS384, &ht); TEST_ASSERT((ret == WOLFCOSE_SUCCESS) && (ht == WC_HASH_TYPE_SHA384), "AlgToHashType PS384 -> SHA-384"); #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_PS512 ret = wolfCose_AlgToHashType(WOLFCOSE_ALG_PS512, &ht); TEST_ASSERT((ret == WOLFCOSE_SUCCESS) && (ht == WC_HASH_TYPE_SHA512), "AlgToHashType PS512 -> SHA-512"); #endif -#endif /* WC_RSA_PSS */ +#endif /* WOLFCOSE_HAVE_RSAPSS */ } static void test_cose_build_sig_structure_context(void) @@ -10242,7 +10250,7 @@ static void test_cose_build_sig_structure_context(void) * 99% on src/wolfcose.c is preserved. ----- */ -#if defined(WC_RSA_PSS) && defined(WOLFCOSE_SIGN) && \ +#if defined(WOLFCOSE_HAVE_RSAPSS) && defined(WOLFCOSE_SIGN) && \ defined(WOLFSSL_KEY_GEN) static void test_cose_sign_multi_pss_roundtrip(void) { @@ -10306,7 +10314,7 @@ static void test_cose_sign_multi_pss_roundtrip(void) } #endif -#if defined(WOLFSSL_HAVE_MLDSA) && defined(WOLFCOSE_SIGN) +#if defined(WOLFCOSE_HAVE_MLDSA) && defined(WOLFCOSE_SIGN) static void test_cose_sign_multi_mldsa_roundtrip(void) { WOLFCOSE_KEY key; @@ -10370,7 +10378,7 @@ static void test_cose_sign_multi_mldsa_roundtrip(void) } #endif -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESCCM) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESCCM) static void test_cose_encrypt_multi_ccm_roundtrip(void) { WOLFCOSE_KEY key; @@ -10423,7 +10431,7 @@ static void test_cose_encrypt_multi_ccm_roundtrip(void) } #endif -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_CHACHA20) static void test_cose_encrypt_multi_chacha_roundtrip(void) { WOLFCOSE_KEY key; @@ -10478,7 +10486,7 @@ static void test_cose_encrypt_multi_chacha_roundtrip(void) #endif #if defined(WOLFCOSE_ENCRYPT0_ENCRYPT) && \ - defined(WOLFCOSE_ENCRYPT0_DECRYPT) && defined(HAVE_AESCCM) + defined(WOLFCOSE_ENCRYPT0_DECRYPT) && defined(WOLFCOSE_HAVE_AESCCM) static void test_cose_encrypt0_detached_ccm(void) { WOLFCOSE_KEY key; @@ -10514,7 +10522,7 @@ static void test_cose_encrypt0_detached_ccm(void) #endif #if defined(WOLFCOSE_ENCRYPT0_ENCRYPT) && \ - defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + defined(WOLFCOSE_HAVE_CHACHA20) static void test_cose_encrypt0_detached_chacha(void) { WOLFCOSE_KEY key; @@ -10549,7 +10557,7 @@ static void test_cose_encrypt0_detached_chacha(void) } #endif -#if defined(WOLFCOSE_MAC) && defined(HAVE_AES_CBC) +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_AESMAC) static void test_cose_mac_multi_aescbc_roundtrip(void) { WOLFCOSE_KEY key; @@ -10599,7 +10607,7 @@ static void test_cose_mac_multi_aescbc_roundtrip(void) } #endif -#if defined(HAVE_ECC) && \ +#if defined(WOLFCOSE_HAVE_ES256) && \ defined(WOLFCOSE_KEY_ENCODE) && defined(WOLFCOSE_KEY_DECODE) static void test_cose_key_kid_alg_roundtrip(void) { @@ -10654,8 +10662,8 @@ static void test_cose_key_kid_alg_roundtrip(void) } #endif -#if defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(HAVE_ECC) && \ - defined(HAVE_HKDF) && defined(WOLFSSL_SHA512) +#if defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(WOLFCOSE_HAVE_ES256) && \ + defined(HAVE_HKDF) && defined(WOLFCOSE_HAVE_ES512) static void test_cose_encrypt_ecdh_es_hkdf512(void) { WOLFCOSE_KEY recipientKey; @@ -10720,7 +10728,7 @@ static void test_cose_encrypt_ecdh_es_hkdf512(void) } #endif -#if defined(WOLFCOSE_SIGN) && defined(HAVE_ECC) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) static void test_cose_sign_multi_alg_key_mismatch(void) { WOLFCOSE_KEY key; @@ -10768,8 +10776,8 @@ static void test_cose_sign_multi_alg_key_mismatch(void) } #endif -#if defined(WOLFCOSE_SIGN) && defined(WC_RSA_PSS) && \ - defined(HAVE_ECC) && defined(WOLFSSL_KEY_GEN) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_RSAPSS) && \ + defined(WOLFCOSE_HAVE_ES256) && defined(WOLFSSL_KEY_GEN) static void test_cose_sign_multi_wrong_kty_for_pss(void) { WOLFCOSE_KEY key; @@ -10816,7 +10824,7 @@ static void test_cose_sign_multi_wrong_kty_for_pss(void) } #endif -#if defined(WOLFCOSE_SIGN) && defined(HAVE_ED448) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ED448) static void test_cose_sign_multi_ed448_roundtrip(void) { WOLFCOSE_KEY key; @@ -10887,17 +10895,17 @@ static void test_cose_sigsize_known_algs(void) TEST_LOG(" [SigSize known algorithms]\n"); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 ret = wolfCose_SigSize(WOLFCOSE_ALG_ES256, &sz); TEST_ASSERT((ret == WOLFCOSE_SUCCESS) && (sz == 64u), "SigSize ES256 -> 64"); -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_ES384 ret = wolfCose_SigSize(WOLFCOSE_ALG_ES384, &sz); TEST_ASSERT((ret == WOLFCOSE_SUCCESS) && (sz == 96u), "SigSize ES384 -> 96"); #endif #endif -#if defined(HAVE_ED25519) || defined(HAVE_ED448) +#if defined(WOLFCOSE_HAVE_EDDSA) || defined(WOLFCOSE_HAVE_ED448) ret = wolfCose_SigSize(WOLFCOSE_ALG_EDDSA, &sz); TEST_ASSERT((ret == WOLFCOSE_SUCCESS) && ((sz == 64u) || (sz == 114u)), "SigSize EDDSA returns curve max"); @@ -11005,7 +11013,7 @@ static void test_cose_key_decode_tstr_alg_rejected(void) /* ----- Negative-path tests for caller-error rejection logic ----- */ -#if defined(HAVE_ECC) +#if defined(WOLFCOSE_HAVE_ES256) static void test_cose_setecc_invalid_curve(void) { WOLFCOSE_KEY key; @@ -11031,7 +11039,7 @@ static void test_cose_setecc_invalid_curve(void) } #endif -#if !defined(NO_HMAC) && defined(WOLFCOSE_MAC0_CREATE) +#if defined(WOLFCOSE_HAVE_HMAC256) && defined(WOLFCOSE_MAC0_CREATE) static void test_cose_mac0_hmac_short_key_rejected(void) { WOLFCOSE_KEY key; @@ -11062,7 +11070,7 @@ static void test_cose_mac0_hmac_short_key_rejected(void) } #endif -#if !defined(NO_HMAC) && defined(WOLFCOSE_MAC0_CREATE) && \ +#if defined(WOLFCOSE_HAVE_HMAC256) && defined(WOLFCOSE_MAC0_CREATE) && \ defined(WOLFCOSE_MAC0_VERIFY) static void test_cose_mac0_verify_short_key_rejected(void) { @@ -11112,7 +11120,7 @@ static void test_cose_mac0_verify_short_key_rejected(void) } #endif -#if !defined(NO_HMAC) && defined(WOLFCOSE_MAC0_CREATE) +#if defined(WOLFCOSE_HAVE_HMAC256) && defined(WOLFCOSE_MAC0_CREATE) static void test_cose_mac0_create_key_alg_mismatch(void) { WOLFCOSE_KEY key; @@ -11145,7 +11153,7 @@ static void test_cose_mac0_create_key_alg_mismatch(void) } #endif -#if defined(HAVE_AESGCM) && defined(WOLFCOSE_ENCRYPT0_ENCRYPT) +#if defined(WOLFCOSE_HAVE_AESGCM) && defined(WOLFCOSE_ENCRYPT0_ENCRYPT) static void test_cose_encrypt0_key_alg_mismatch(void) { WOLFCOSE_KEY key; @@ -11179,7 +11187,7 @@ static void test_cose_encrypt0_key_alg_mismatch(void) } #endif -#if defined(HAVE_ECC) && defined(WOLFCOSE_SIGN1_SIGN) +#if defined(WOLFCOSE_HAVE_ES256) && defined(WOLFCOSE_SIGN1_SIGN) static void test_cose_sign1_key_alg_mismatch(void) { WOLFCOSE_KEY key; @@ -11322,7 +11330,7 @@ static void test_cose_sign1_both_payloads(void) } #endif -#if defined(WOLFCOSE_MAC0_CREATE) && !defined(NO_HMAC) +#if defined(WOLFCOSE_MAC0_CREATE) && defined(WOLFCOSE_HAVE_HMAC256) static void test_cose_mac0_both_payloads(void) { WOLFCOSE_KEY key; @@ -11440,7 +11448,7 @@ static void test_cose_key_decode_symmetric_missing_k(void) "CoseKey_Decode rejects symmetric w/o k"); } -#if defined(HAVE_ECC) +#if defined(WOLFCOSE_HAVE_ES256) static void test_cose_key_decode_ec2_short_coord(void) { WOLFCOSE_KEY key; @@ -11468,7 +11476,7 @@ static void test_cose_key_decode_ec2_short_coord(void) #endif #if defined(WOLFCOSE_ENCRYPT0_ENCRYPT) && \ - defined(WOLFCOSE_ENCRYPT0_DECRYPT) && defined(HAVE_AESCCM) + defined(WOLFCOSE_ENCRYPT0_DECRYPT) && defined(WOLFCOSE_HAVE_AESCCM) static void test_cose_encrypt0_detached_ccm_roundtrip(void) { WOLFCOSE_KEY key; @@ -11517,7 +11525,7 @@ static void test_cose_encrypt0_detached_ccm_roundtrip(void) #if defined(WOLFCOSE_ENCRYPT0_ENCRYPT) && \ defined(WOLFCOSE_ENCRYPT0_DECRYPT) && \ - defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + defined(WOLFCOSE_HAVE_CHACHA20) static void test_cose_encrypt0_detached_chacha_roundtrip(void) { WOLFCOSE_KEY key; @@ -11601,7 +11609,7 @@ static void test_internal_helpers(void) ret = wolfCose_CrvKeySize(9999, &sz); TEST_ASSERT(ret == WOLFCOSE_E_COSE_BAD_ALG, "CrvKeySize bad crv"); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 /* ----- wolfCose_CrvToWcCurve ----- */ /* NULL output pointer */ ret = wolfCose_CrvToWcCurve(WOLFCOSE_CRV_P256, NULL); @@ -11639,7 +11647,7 @@ static void test_internal_helpers(void) ret = wolfCose_AeadTagLen(9999, &sz); TEST_ASSERT(ret == WOLFCOSE_E_COSE_BAD_ALG, "AeadTagLen bad alg"); -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC256) /* ----- wolfCose_HmacType ----- */ /* NULL output pointer */ ret = wolfCose_HmacType(WOLFCOSE_ALG_HMAC_256_256, NULL); @@ -11661,7 +11669,7 @@ static void test_internal_helpers(void) ret = wolfCose_CrvKeySize(WOLFCOSE_CRV_ED448, &sz); TEST_ASSERT(ret == WOLFCOSE_SUCCESS && sz == 57, "CrvKeySize ED448"); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 /* P-521 curve tests */ ret = wolfCose_CrvToWcCurve(WOLFCOSE_CRV_P521, &wcType); TEST_ASSERT(ret == WOLFCOSE_SUCCESS, "CrvToWcCurve P521"); @@ -11671,14 +11679,14 @@ static void test_internal_helpers(void) TEST_ASSERT(ret == WOLFCOSE_SUCCESS, "CrvToWcCurve P384"); #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_ES512 /* ES512 signature size */ ret = wolfCose_SigSize(WOLFCOSE_ALG_ES512, &sz); TEST_ASSERT(ret == WOLFCOSE_SUCCESS && sz == 132, "SigSize ES512"); #endif /* Test AES-CCM-256 key length path */ -#ifdef HAVE_AESCCM +#ifdef WOLFCOSE_HAVE_AESCCM ret = wolfCose_AeadKeyLen(WOLFCOSE_ALG_AES_CCM_16_64_256, &sz); TEST_ASSERT(ret == WOLFCOSE_SUCCESS && sz == 32, "AeadKeyLen CCM-256"); @@ -11696,7 +11704,7 @@ static void test_internal_helpers(void) #endif /* ----- Test wolfCose_EccSignRaw/EccVerifyRaw error paths ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 TEST_LOG(" [ECC Sign/Verify Raw Error Tests]\n"); /* empty-brace-scan: allow - test-local temporary scope */ { @@ -11886,7 +11894,7 @@ static void test_force_failure_crypto(void) return; } -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 /* empty-brace-scan: allow - test-local temporary scope */ { WOLFCOSE_KEY key; @@ -11973,9 +11981,9 @@ static void test_force_failure_crypto(void) (void)wc_ecc_free(&eccKey); wc_CoseKey_Free(&key); } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM /* empty-brace-scan: allow - test-local temporary scope */ { WOLFCOSE_KEY key; @@ -12037,9 +12045,9 @@ static void test_force_failure_crypto(void) wc_CoseKey_Free(&key); } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 /* empty-brace-scan: allow - test-local temporary scope */ { WOLFCOSE_KEY key; @@ -12086,9 +12094,9 @@ static void test_force_failure_crypto(void) wc_CoseKey_Free(&key); } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA /* empty-brace-scan: allow - test-local temporary scope */ { WOLFCOSE_KEY key; @@ -12145,9 +12153,9 @@ static void test_force_failure_crypto(void) (void)wc_ed25519_free(&edKey); wc_CoseKey_Free(&key); } -#endif /* HAVE_ED25519 */ +#endif /* WOLFCOSE_HAVE_EDDSA */ -#if defined(WC_RSA_PSS) && defined(WOLFSSL_KEY_GEN) +#if defined(WOLFCOSE_HAVE_RSAPSS) && defined(WOLFSSL_KEY_GEN) /* empty-brace-scan: allow - test-local temporary scope */ { WOLFCOSE_KEY key; @@ -12207,9 +12215,9 @@ static void test_force_failure_crypto(void) (void)wc_FreeRsaKey(&rsaKey); wc_CoseKey_Free(&key); } -#endif /* WC_RSA_PSS && WOLFSSL_KEY_GEN */ +#endif /* WOLFCOSE_HAVE_RSAPSS && WOLFSSL_KEY_GEN */ -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA /* empty-brace-scan: allow - test-local temporary scope */ { WOLFCOSE_KEY key; @@ -12272,9 +12280,9 @@ static void test_force_failure_crypto(void) (void)wc_MlDsaKey_Free(&dlKey); wc_CoseKey_Free(&key); } -#endif /* WOLFSSL_HAVE_MLDSA */ +#endif /* WOLFCOSE_HAVE_MLDSA */ -#ifdef HAVE_AESCCM +#ifdef WOLFCOSE_HAVE_AESCCM /* empty-brace-scan: allow - test-local temporary scope */ { WOLFCOSE_KEY key; @@ -12351,9 +12359,9 @@ static void test_force_failure_crypto(void) wc_CoseKey_Free(&key); } } -#endif /* HAVE_AESCCM */ +#endif /* WOLFCOSE_HAVE_AESCCM */ -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 /* empty-brace-scan: allow - test-local temporary scope */ { WOLFCOSE_KEY key; @@ -12413,9 +12421,9 @@ static void test_force_failure_crypto(void) (void)wc_ed448_free(&edKey); wc_CoseKey_Free(&key); } -#endif /* HAVE_ED448 */ +#endif /* WOLFCOSE_HAVE_ED448 */ -#if defined(HAVE_ECC) && defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(HAVE_HKDF) +#if defined(WOLFCOSE_HAVE_ES256) && defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(HAVE_HKDF) /* Test ECDH shared secret failure (via ECDH-ES encrypt) */ /* empty-brace-scan: allow - test-local temporary scope */ { @@ -12459,9 +12467,9 @@ static void test_force_failure_crypto(void) (void)wc_ecc_free(&recipEcc); wc_CoseKey_Free(&recipKey); } -#endif /* HAVE_ECC && WOLFCOSE_ECDH_ES_DIRECT && HAVE_HKDF */ +#endif /* WOLFCOSE_HAVE_ES256 && WOLFCOSE_ECDH_ES_DIRECT && HAVE_HKDF */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 /* Test ECC import failure via CoseKey_Decode */ /* empty-brace-scan: allow - test-local temporary scope */ @@ -12496,9 +12504,9 @@ static void test_force_failure_crypto(void) (void)wc_ecc_free(&eccKey); wc_CoseKey_Free(&key); } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA /* Test Ed25519 import failure via CoseKey_Decode */ /* empty-brace-scan: allow - test-local temporary scope */ { @@ -12532,9 +12540,9 @@ static void test_force_failure_crypto(void) (void)wc_ed25519_free(&edKey); wc_CoseKey_Free(&key); } -#endif /* HAVE_ED25519 */ +#endif /* WOLFCOSE_HAVE_EDDSA */ -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 /* Test Ed448 import failure via CoseKey_Decode */ /* empty-brace-scan: allow - test-local temporary scope */ { @@ -12568,9 +12576,9 @@ static void test_force_failure_crypto(void) (void)wc_ed448_free(&edKey); wc_CoseKey_Free(&key); } -#endif /* HAVE_ED448 */ +#endif /* WOLFCOSE_HAVE_ED448 */ -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA /* Test ML-DSA import failure via CoseKey_Decode */ /* empty-brace-scan: allow - test-local temporary scope */ { @@ -12609,10 +12617,10 @@ static void test_force_failure_crypto(void) (void)wc_MlDsaKey_Free(&dlKey); wc_CoseKey_Free(&key); } -#endif /* WOLFSSL_HAVE_MLDSA */ +#endif /* WOLFCOSE_HAVE_MLDSA */ /* Test WOLF_FAIL_HASH - covers hash operations in sign/verify paths */ -#if defined(WC_RSA_PSS) && defined(WOLFSSL_KEY_GEN) +#if defined(WOLFCOSE_HAVE_RSAPSS) && defined(WOLFSSL_KEY_GEN) /* empty-brace-scan: allow - test-local temporary scope */ { WOLFCOSE_KEY hashKey; @@ -12678,7 +12686,7 @@ static void test_force_failure_crypto(void) #endif /* Test import_pub failures - encode public-only key, then test import failure */ -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA /* empty-brace-scan: allow - test-local temporary scope */ { WOLFCOSE_KEY ed25PubKey; @@ -12710,9 +12718,9 @@ static void test_force_failure_crypto(void) (void)wc_ed25519_free(&ed25WolfKey); wc_CoseKey_Free(&ed25PubKey); } -#endif /* HAVE_ED25519 */ +#endif /* WOLFCOSE_HAVE_EDDSA */ -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 /* empty-brace-scan: allow - test-local temporary scope */ { WOLFCOSE_KEY ed448PubKey; @@ -12744,9 +12752,9 @@ static void test_force_failure_crypto(void) (void)wc_ed448_free(&ed448WolfKey); wc_CoseKey_Free(&ed448PubKey); } -#endif /* HAVE_ED448 */ +#endif /* WOLFCOSE_HAVE_ED448 */ -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA /* empty-brace-scan: allow - test-local temporary scope */ { WOLFCOSE_KEY dlPubKey; @@ -12783,7 +12791,7 @@ static void test_force_failure_crypto(void) (void)wc_MlDsaKey_Free(&dlWolfKey); wc_CoseKey_Free(&dlPubKey); } -#endif /* WOLFSSL_HAVE_MLDSA */ +#endif /* WOLFCOSE_HAVE_MLDSA */ (void)wc_FreeRng(&rng); @@ -12798,7 +12806,7 @@ static void test_force_failure_crypto(void) * ======================================================== */ /* ----- Phase 1: Buffer Too Small Tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_buffer_too_small_key_encode(void) { WOLFCOSE_KEY key; @@ -12834,9 +12842,9 @@ static void test_buffer_too_small_key_encode(void) (void)wc_ecc_free(&eccKey); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static void test_buffer_too_small_encrypt(void) { WOLFCOSE_KEY key; @@ -12870,9 +12878,9 @@ static void test_buffer_too_small_encrypt(void) tinyBuf, sizeof(tinyBuf), &outLen); TEST_ASSERT(ret == WOLFCOSE_E_BUFFER_TOO_SMALL, "encrypt tiny output"); } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 static void test_buffer_too_small_mac(void) { WOLFCOSE_KEY key; @@ -12904,10 +12912,10 @@ static void test_buffer_too_small_mac(void) tinyBuf, sizeof(tinyBuf), &outLen); TEST_ASSERT(ret == WOLFCOSE_E_BUFFER_TOO_SMALL, "mac tiny output"); } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ /* ----- Phase 2: Wrong Key Type Tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_wrong_key_type_sign(void) { WOLFCOSE_KEY symmKey; @@ -12944,6 +12952,7 @@ static void test_wrong_key_type_sign(void) (void)wc_FreeRng(&rng); } +#ifdef WOLFCOSE_HAVE_RSAPSS static void test_wrong_key_type_ecc_for_rsa(void) { WOLFCOSE_KEY eccCoseKey; @@ -12972,7 +12981,7 @@ static void test_wrong_key_type_ecc_for_rsa(void) (void)wc_CoseKey_Init(&eccCoseKey); (void)wc_CoseKey_SetEcc(&eccCoseKey, WOLFCOSE_CRV_P256, &eccKey); -#ifdef WC_RSA_PSS +#ifdef WOLFCOSE_HAVE_RSAPSS /* ECC key with RSA algorithm (should fail) */ ret = wc_CoseSign1_Sign(&eccCoseKey, WOLFCOSE_ALG_PS256, NULL, 0, @@ -12992,9 +13001,10 @@ static void test_wrong_key_type_ecc_for_rsa(void) (void)wc_ecc_free(&eccKey); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_RSAPSS */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static void test_wrong_key_type_decrypt(void) { WOLFCOSE_KEY symmKey; @@ -13014,7 +13024,7 @@ static void test_wrong_key_type_decrypt(void) size_t plaintextLen = 0; WOLFCOSE_HDR hdr; int ret; -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 ecc_key eccKey; WOLFCOSE_KEY eccCoseKey; WC_RNG rng; @@ -13037,7 +13047,7 @@ static void test_wrong_key_type_decrypt(void) return; } -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 /* Try to decrypt with ECC key (should fail) */ ret = wc_InitRng(&rng); if (ret != 0) { TEST_ASSERT(0, "rng init"); return; } @@ -13063,9 +13073,9 @@ static void test_wrong_key_type_decrypt(void) TEST_ASSERT(1, "ecc not available, skip"); #endif } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ -#if !defined(NO_HMAC) && defined(HAVE_ECC) +#if defined(WOLFCOSE_HAVE_HMAC256) && defined(WOLFCOSE_HAVE_ES256) static void test_wrong_key_type_mac_verify(void) { WOLFCOSE_KEY symmKey, eccCoseKey; @@ -13122,10 +13132,10 @@ static void test_wrong_key_type_mac_verify(void) (void)wc_ecc_free(&eccKey); (void)wc_FreeRng(&rng); } -#endif /* !NO_HMAC && HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_HMAC256 && WOLFCOSE_HAVE_ES256 */ /* ----- Phase 3: Invalid Algorithm Tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_invalid_sign_algorithm(void) { WOLFCOSE_KEY key; @@ -13166,9 +13176,9 @@ static void test_invalid_sign_algorithm(void) (void)wc_ecc_free(&eccKey); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static void test_invalid_encrypt_algorithm(void) { WOLFCOSE_KEY key; @@ -13200,9 +13210,9 @@ static void test_invalid_encrypt_algorithm(void) out, sizeof(out), &outLen); TEST_ASSERT(ret == WOLFCOSE_E_COSE_BAD_ALG, "invalid encrypt alg"); } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 static void test_invalid_mac_algorithm(void) { WOLFCOSE_KEY key; @@ -13232,7 +13242,7 @@ static void test_invalid_mac_algorithm(void) out, sizeof(out), &outLen); TEST_ASSERT(ret == WOLFCOSE_E_COSE_BAD_ALG, "invalid mac alg"); } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ /* ----- Phase 4: NULL/Invalid Argument Tests ----- */ static void test_null_key_operations(void) @@ -13249,13 +13259,13 @@ static void test_null_key_operations(void) size_t decPayloadLen = 0; WOLFCOSE_HDR hdr; int ret; -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 WC_RNG rng; #endif TEST_LOG(" [NULL Arguments - Various]\n"); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 ret = wc_InitRng(&rng); if (ret == 0) { /* NULL key for sign */ @@ -13277,7 +13287,7 @@ static void test_null_key_operations(void) TEST_ASSERT(ret == WOLFCOSE_E_INVALID_ARG, "verify null key"); #endif -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM /* NULL key for encrypt */ ret = wc_CoseEncrypt0_Encrypt(NULL, WOLFCOSE_ALG_A128GCM, ivBytes, sizeof(ivBytes), @@ -13295,7 +13305,7 @@ static void test_null_key_operations(void) TEST_ASSERT(ret == WOLFCOSE_E_INVALID_ARG, "decrypt null key"); #endif -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 /* NULL key for MAC create */ ret = wc_CoseMac0_Create(NULL, WOLFCOSE_ALG_HMAC_256_256, NULL, 0, @@ -13314,7 +13324,7 @@ static void test_null_key_operations(void) #endif } -#if defined(WOLFCOSE_SIGN) && defined(HAVE_ECC) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) static void test_multi_sign_null_signers(void) { uint8_t payload[] = "Test payload"; @@ -13341,7 +13351,7 @@ static void test_multi_sign_null_signers(void) } #endif -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) static void test_multi_encrypt_null_recipients(void) { uint8_t payload[] = "Test payload"; @@ -13387,7 +13397,7 @@ static void test_multi_encrypt_null_recipients(void) } #endif -#if defined(WOLFCOSE_MAC) && !defined(NO_HMAC) +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) static void test_multi_mac_null_recipients(void) { uint8_t payload[] = "Test payload"; @@ -13424,7 +13434,7 @@ static void test_multi_mac_null_recipients(void) #endif /* ----- Phase 5: CBOR Parsing Error Tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_cbor_truncated_sign1(void) { WOLFCOSE_KEY key; @@ -13465,9 +13475,9 @@ static void test_cbor_truncated_sign1(void) (void)wc_ecc_free(&eccKey); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static void test_cbor_malformed_encrypt0(void) { WOLFCOSE_KEY key; @@ -13538,10 +13548,10 @@ static void test_cbor_missing_iv(void) plaintext, sizeof(plaintext), &plaintextLen); TEST_ASSERT(ret == WOLFCOSE_E_COSE_BAD_HDR, "missing iv detected"); } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ /* ----- Phase 6: Wrong CBOR Tag Tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_wrong_tag_sign1(void) { WOLFCOSE_KEY key; @@ -13597,9 +13607,9 @@ static void test_wrong_tag_sign1(void) (void)wc_ecc_free(&eccKey); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static void test_wrong_tag_encrypt0(void) { WOLFCOSE_KEY key; @@ -13633,9 +13643,9 @@ static void test_wrong_tag_encrypt0(void) plaintext, sizeof(plaintext), &plaintextLen); TEST_ASSERT(ret == WOLFCOSE_E_COSE_BAD_TAG, "wrong tag encrypt0 detected"); } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 static void test_wrong_tag_mac0(void) { WOLFCOSE_KEY key; @@ -13676,10 +13686,10 @@ static void test_wrong_tag_mac0(void) &hdr, &decPayload, &decPayloadLen); TEST_ASSERT(ret == WOLFCOSE_E_COSE_BAD_TAG, "wrong tag mac0 detected"); } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ /* ----- Phase 7: Signature/MAC Verification Failures ----- */ -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA static void test_corrupted_eddsa_signature(void) { WOLFCOSE_KEY key; @@ -13738,9 +13748,9 @@ static void test_corrupted_eddsa_signature(void) (void)wc_ed25519_free(&edKey); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ED25519 */ +#endif /* WOLFCOSE_HAVE_EDDSA */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 static void test_corrupted_mac_tag(void) { WOLFCOSE_KEY key; @@ -13785,10 +13795,10 @@ static void test_corrupted_mac_tag(void) &hdr, &decPayload, &decPayloadLen); TEST_ASSERT(ret == WOLFCOSE_E_MAC_FAIL, "corrupted mac tag detected"); } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ /* ----- Phase 8: ECDH-ES Key Agreement Tests ----- */ -#if defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(HAVE_ECC) && defined(HAVE_HKDF) +#if defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(WOLFCOSE_HAVE_ES256) && defined(HAVE_HKDF) static void test_ecdh_es_wrong_key_type_sender(void) { WOLFCOSE_RECIPIENT recipient; @@ -13830,10 +13840,10 @@ static void test_ecdh_es_wrong_key_type_sender(void) (void)wc_FreeRng(&rng); } -#endif /* WOLFCOSE_ECDH_ES_DIRECT && HAVE_ECC && HAVE_HKDF */ +#endif /* WOLFCOSE_ECDH_ES_DIRECT && WOLFCOSE_HAVE_ES256 && HAVE_HKDF */ /* ----- Phase 9: Multi-recipient KID Encoding Tests ----- */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 static void test_mac0_with_kid(void) { WOLFCOSE_KEY key; @@ -13876,9 +13886,9 @@ static void test_mac0_with_kid(void) TEST_ASSERT(hdr.kidLen == sizeof(kid) - 1, "mac0 kid length"); } } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) static void test_multi_encrypt_with_kids(void) { WOLFCOSE_RECIPIENT recipients[2]; @@ -13934,10 +13944,10 @@ static void test_multi_encrypt_with_kids(void) (void)wc_FreeRng(&rng); } -#endif /* WOLFCOSE_ENCRYPT && HAVE_AESGCM */ +#endif /* WOLFCOSE_ENCRYPT && WOLFCOSE_HAVE_AESGCM */ /* ----- Phase 10: Multi-recipient Decrypt Error Tests ----- */ -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) static void test_multi_decrypt_wrong_key(void) { WOLFCOSE_RECIPIENT createRecip, decryptRecip; @@ -14005,9 +14015,9 @@ static void test_multi_decrypt_wrong_key(void) (void)wc_FreeRng(&rng); } -#endif /* WOLFCOSE_ENCRYPT && HAVE_AESGCM */ +#endif /* WOLFCOSE_ENCRYPT && WOLFCOSE_HAVE_AESGCM */ -#if defined(WOLFCOSE_MAC) && !defined(NO_HMAC) +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) static void test_multi_mac_verify_wrong_key(void) { WOLFCOSE_RECIPIENT createRecip, verifyRecip; @@ -14069,10 +14079,10 @@ static void test_multi_mac_verify_wrong_key(void) &hdr, &decPayload, &decPayloadLen); TEST_ASSERT(ret == WOLFCOSE_E_MAC_FAIL, "multi mac verify wrong key"); } -#endif /* WOLFCOSE_MAC && !NO_HMAC */ +#endif /* WOLFCOSE_MAC && WOLFCOSE_HAVE_HMAC256 */ /* ----- Additional Key Type Tests ----- */ -#if defined(HAVE_ECC) && (defined(HAVE_ED25519) || defined(HAVE_ED448)) +#if defined(WOLFCOSE_HAVE_ES256) && (defined(WOLFCOSE_HAVE_EDDSA) || defined(WOLFCOSE_HAVE_ED448)) static void test_key_type_eddsa_wrong_crv(void) { WOLFCOSE_KEY key; @@ -14113,9 +14123,9 @@ static void test_key_type_eddsa_wrong_crv(void) (void)wc_ecc_free(&eccKey); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ECC && (HAVE_ED25519 || HAVE_ED448) */ +#endif /* WOLFCOSE_HAVE_ES256 && (WOLFCOSE_HAVE_EDDSA || WOLFCOSE_HAVE_ED448) */ -#if defined(HAVE_ED25519) && defined(HAVE_ECC) +#if defined(WOLFCOSE_HAVE_EDDSA) && defined(WOLFCOSE_HAVE_ES256) static void test_key_type_okp_for_ecdsa(void) { WOLFCOSE_KEY key; @@ -14156,10 +14166,10 @@ static void test_key_type_okp_for_ecdsa(void) (void)wc_ed25519_free(&edKey); (void)wc_FreeRng(&rng); } -#endif /* HAVE_ED25519 && HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_EDDSA && WOLFCOSE_HAVE_ES256 */ /* ----- Additional Coverage Tests ----- */ -#if defined(WC_RSA_PSS) && defined(WOLFSSL_KEY_GEN) +#if defined(WOLFCOSE_HAVE_RSAPSS) && defined(WOLFSSL_KEY_GEN) static void test_rsa_key_encode_buffer_small(void) { WOLFCOSE_KEY key; @@ -14201,9 +14211,9 @@ static void test_rsa_key_encode_buffer_small(void) (void)wc_FreeRsaKey(&rsaKey); (void)wc_FreeRng(&rng); } -#endif /* WC_RSA_PSS && WOLFSSL_KEY_GEN */ +#endif /* WOLFCOSE_HAVE_RSAPSS && WOLFSSL_KEY_GEN */ -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA static void test_mldsa_key_encode_buffer_small(void) { WOLFCOSE_KEY key; @@ -14247,7 +14257,7 @@ static void test_mldsa_key_encode_buffer_small(void) (void)wc_MlDsaKey_Free(&dlKey); (void)wc_FreeRng(&rng); } -#endif /* WOLFSSL_HAVE_MLDSA */ +#endif /* WOLFCOSE_HAVE_MLDSA */ static void test_key_decode_bad_kty(void) { @@ -14268,8 +14278,8 @@ static void test_key_decode_bad_kty(void) TEST_ASSERT(ret == WOLFCOSE_SUCCESS || ret < 0, "key decode invalid kty"); } -#if defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(HAVE_ECC) && \ - defined(HAVE_HKDF) && defined(WOLFSSL_SHA512) +#if defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(WOLFCOSE_HAVE_ES256) && \ + defined(HAVE_HKDF) && defined(WOLFCOSE_HAVE_ES512) static void test_ecdh_es_hkdf_512(void) { WOLFCOSE_RECIPIENT recipient; @@ -14318,9 +14328,9 @@ static void test_ecdh_es_hkdf_512(void) (void)wc_ecc_free(&eccWolfKey); (void)wc_FreeRng(&rng); } -#endif /* WOLFCOSE_ECDH_ES_DIRECT && HAVE_ECC && HAVE_HKDF && WOLFSSL_SHA512 */ +#endif /* WOLFCOSE_ECDH_ES_DIRECT && WOLFCOSE_HAVE_ES256 && HAVE_HKDF && WOLFCOSE_HAVE_ES512 */ -#if defined(WOLFCOSE_KEY_WRAP) && defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_KEY_WRAP) && defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) static void test_key_wrap_decrypt_wrong_cek_size(void) { WOLFCOSE_RECIPIENT createRecip, decryptRecip; @@ -14381,9 +14391,9 @@ static void test_key_wrap_decrypt_wrong_cek_size(void) (void)wc_FreeRng(&rng); } -#endif /* WOLFCOSE_KEY_WRAP && WOLFCOSE_ENCRYPT && HAVE_AESGCM */ +#endif /* WOLFCOSE_KEY_WRAP && WOLFCOSE_ENCRYPT && WOLFCOSE_HAVE_AESGCM */ -#if defined(WOLFCOSE_SIGN) && defined(HAVE_ECC) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) static void test_multi_sign_verify_wrong_signer(void) { WOLFCOSE_SIGNATURE signers[2]; @@ -14466,9 +14476,9 @@ static void test_multi_sign_verify_wrong_signer(void) (void)wc_ecc_free(&eccWrongKey); (void)wc_FreeRng(&rng); } -#endif /* WOLFCOSE_SIGN && HAVE_ECC */ +#endif /* WOLFCOSE_SIGN && WOLFCOSE_HAVE_ES256 */ -#if defined(WOLFCOSE_MAC) && !defined(NO_HMAC) +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) static void test_multi_mac_with_kid(void) { WOLFCOSE_RECIPIENT recipients[2]; @@ -14530,10 +14540,10 @@ static void test_multi_mac_with_kid(void) TEST_ASSERT(ret == WOLFCOSE_SUCCESS, "multi mac verify recipient 1"); } } -#endif /* WOLFCOSE_MAC && !NO_HMAC */ +#endif /* WOLFCOSE_MAC && WOLFCOSE_HAVE_HMAC256 */ /* Additional targeted coverage tests */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static void test_encrypt0_detached_buffer_small(void) { WOLFCOSE_KEY key; @@ -14571,9 +14581,9 @@ static void test_encrypt0_detached_buffer_small(void) /* Should fail because detached buffer is too small for payload + tag */ TEST_ASSERT(ret == WOLFCOSE_E_BUFFER_TOO_SMALL, "encrypt0 detached tiny buf"); } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ -#if defined(WOLFCOSE_SIGN) && defined(HAVE_ECC) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) static void test_multi_sign_verify_null_payload(void) { uint8_t scratch[WOLFCOSE_MAX_SCRATCH_SZ]; @@ -14662,9 +14672,9 @@ static void test_multi_sign_wrong_tag(void) (void)wc_ecc_free(&eccKey); (void)wc_FreeRng(&rng); } -#endif /* WOLFCOSE_SIGN && HAVE_ECC */ +#endif /* WOLFCOSE_SIGN && WOLFCOSE_HAVE_ES256 */ -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) static void test_multi_encrypt_decrypt_null_recipient(void) { static const uint8_t dummyMsg[] = { 0x64u, 0x75u, 0x6Du, 0x6Du, 0x79u }; @@ -14684,9 +14694,9 @@ static void test_multi_encrypt_decrypt_null_recipient(void) plaintext, sizeof(plaintext), &plaintextLen); TEST_ASSERT(ret == WOLFCOSE_E_INVALID_ARG, "multi decrypt null recipient"); } -#endif /* WOLFCOSE_ENCRYPT && HAVE_AESGCM */ +#endif /* WOLFCOSE_ENCRYPT && WOLFCOSE_HAVE_AESGCM */ -#if defined(WOLFCOSE_MAC) && !defined(NO_HMAC) +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) static void test_multi_mac_verify_null_recipient(void) { static const uint8_t dummyMsg[] = { 0x64u, 0x75u, 0x6Du, 0x6Du, 0x79u }; @@ -14706,9 +14716,9 @@ static void test_multi_mac_verify_null_recipient(void) &hdr, &decPayload, &decPayloadLen); TEST_ASSERT(ret == WOLFCOSE_E_INVALID_ARG, "multi mac verify null recipient"); } -#endif /* WOLFCOSE_MAC && !NO_HMAC */ +#endif /* WOLFCOSE_MAC && WOLFCOSE_HAVE_HMAC256 */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static void test_encrypt0_decrypt_wrong_key_size(void) { WOLFCOSE_KEY createKey, decryptKey; @@ -14762,10 +14772,10 @@ static void test_encrypt0_decrypt_wrong_key_size(void) plaintext, sizeof(plaintext), &plaintextLen); TEST_ASSERT(ret == WOLFCOSE_E_COSE_KEY_TYPE, "decrypt wrong key size"); } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ /* Test multi-recipient encrypt with detached payload to cover lines 4936-4948 */ -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) static void test_multi_encrypt_with_detached(void) { WOLFCOSE_KEY key; @@ -14810,10 +14820,10 @@ static void test_multi_encrypt_with_detached(void) (void)wc_FreeRng(&rng); } -#endif /* WOLFCOSE_ENCRYPT && HAVE_AESGCM */ +#endif /* WOLFCOSE_ENCRYPT && WOLFCOSE_HAVE_AESGCM */ /* Test multi-recipient decrypt with malformed messages - covers lines 5317-5615 */ -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) static void test_multi_decrypt_malformed_recipients(void) { WOLFCOSE_KEY key; @@ -14875,10 +14885,10 @@ static void test_multi_decrypt_malformed_recipients(void) plaintext, sizeof(plaintext), &plaintextLen); TEST_ASSERT(ret != WOLFCOSE_SUCCESS, "decrypt missing IV"); } -#endif /* WOLFCOSE_ENCRYPT && HAVE_AESGCM */ +#endif /* WOLFCOSE_ENCRYPT && WOLFCOSE_HAVE_AESGCM */ /* Test multi-MAC create with various error conditions - covers lines 5708-5889 */ -#if defined(WOLFCOSE_MAC) && !defined(NO_HMAC) +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) static void test_multi_mac_create_errors(void) { WOLFCOSE_KEY key; @@ -14935,10 +14945,10 @@ static void test_multi_mac_create_errors(void) out, sizeof(out), &outLen); TEST_ASSERT(ret != WOLFCOSE_SUCCESS, "multi mac invalid alg"); } -#endif /* WOLFCOSE_MAC && !NO_HMAC */ +#endif /* WOLFCOSE_MAC && WOLFCOSE_HAVE_HMAC256 */ /* Test multi-MAC verify with various errors - covers lines 5947-6099 */ -#if defined(WOLFCOSE_MAC) && !defined(NO_HMAC) +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) static void test_multi_mac_verify_malformed(void) { WOLFCOSE_KEY key; @@ -15000,10 +15010,10 @@ static void test_multi_mac_verify_malformed(void) &hdr, &decPayload, &decPayloadLen); TEST_ASSERT(ret != WOLFCOSE_SUCCESS, "multi mac verify truncated"); } -#endif /* WOLFCOSE_MAC && !NO_HMAC */ +#endif /* WOLFCOSE_MAC && WOLFCOSE_HAVE_HMAC256 */ /* Test MAC0 verify with unknown algorithm - covers lines 4818-4819 */ -#if defined(WOLFCOSE_MAC) && !defined(NO_HMAC) +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) static void test_mac0_verify_unknown_alg(void) { WOLFCOSE_KEY key; @@ -15040,10 +15050,10 @@ static void test_mac0_verify_unknown_alg(void) &hdr, &decPayload, &decPayloadLen); TEST_ASSERT(ret == WOLFCOSE_E_COSE_BAD_ALG, "mac0 verify unknown alg"); } -#endif /* WOLFCOSE_MAC && !NO_HMAC */ +#endif /* WOLFCOSE_MAC && WOLFCOSE_HAVE_HMAC256 */ /* Test MAC0 verify failure (corrupted tag) - covers lines 4753-4754 */ -#if defined(WOLFCOSE_MAC) && !defined(NO_HMAC) +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) static void test_mac0_verify_corrupted_tag(void) { WOLFCOSE_KEY key; @@ -15090,10 +15100,10 @@ static void test_mac0_verify_corrupted_tag(void) &hdr, &decPayload, &decPayloadLen); TEST_ASSERT(ret == WOLFCOSE_E_MAC_FAIL, "mac0 verify corrupted tag"); } -#endif /* WOLFCOSE_MAC && !NO_HMAC */ +#endif /* WOLFCOSE_MAC && WOLFCOSE_HAVE_HMAC256 */ /* Test multi-encrypt with recipients having KIDs - covers lines 5176-5200 */ -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) static void test_multi_encrypt_recipients_with_kids(void) { WOLFCOSE_KEY key1, key2; @@ -15161,12 +15171,12 @@ static void test_multi_encrypt_recipients_with_kids(void) (void)wc_FreeRng(&rng); } -#endif /* WOLFCOSE_ENCRYPT && HAVE_AESGCM */ +#endif /* WOLFCOSE_ENCRYPT && WOLFCOSE_HAVE_AESGCM */ /* ----- wolfReview Regression Tests ----- */ /* Test #1: wc_CoseSign_Sign encodes outer array as 4 (not 3) */ -#if defined(WOLFCOSE_SIGN) && defined(HAVE_ECC) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) static void test_sign_multi_array_count(void) { WOLFCOSE_KEY key1; @@ -15225,7 +15235,7 @@ static void test_sign_multi_array_count(void) #endif /* Test #2: wc_CoseEncrypt_Encrypt rejects detached mode */ -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) static void test_encrypt_multi_detached_rejected(void) { WOLFCOSE_KEY key1; @@ -15260,7 +15270,7 @@ static void test_encrypt_multi_detached_rejected(void) #endif /* Test #5: wc_CoseEncrypt_Encrypt rejects wrong IV length */ -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) static void test_encrypt_multi_wrong_iv_len(void) { WOLFCOSE_KEY key1; @@ -15294,8 +15304,8 @@ static void test_encrypt_multi_wrong_iv_len(void) #endif /* Test #7: ECDH-ES multi-recipient rejected */ -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) && \ - defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(HAVE_ECC) && defined(HAVE_HKDF) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) && \ + defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(WOLFCOSE_HAVE_ES256) && defined(HAVE_HKDF) static void test_ecdh_es_multi_recipient_rejected(void) { WOLFCOSE_KEY key1, key2; @@ -15521,7 +15531,7 @@ static void test_ecdh_es_recipient_protected_bound(void) #endif /* Test #9: wc_CoseSign_Verify rejects wrong array count */ -#if defined(WOLFCOSE_SIGN) && defined(HAVE_ECC) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) static void test_sign_verify_bad_array_count(void) { WOLFCOSE_KEY key; @@ -15576,44 +15586,44 @@ int test_cose(void) /* Key tests */ test_cose_key_init(); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_cose_key_ecc(); #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA test_cose_key_ed25519(); #endif test_cose_key_symmetric(); -#if defined(WC_RSA_PSS) && defined(WOLFSSL_KEY_GEN) +#if defined(WOLFCOSE_HAVE_RSAPSS) && defined(WOLFSSL_KEY_GEN) test_cose_key_rsa(); test_cose_key_rsa_scratch_scrubbed(); #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA test_cose_key_mldsa("ML-DSA-44", WOLFCOSE_ALG_ML_DSA_44, WC_ML_DSA_44); test_cose_key_mldsa("ML-DSA-65", WOLFCOSE_ALG_ML_DSA_65, WC_ML_DSA_65); test_cose_key_mldsa("ML-DSA-87", WOLFCOSE_ALG_ML_DSA_87, WC_ML_DSA_87); #endif /* Sign1 basic tests */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_cose_sign1_ecc("ES256", WOLFCOSE_ALG_ES256, WOLFCOSE_CRV_P256, 32); test_cose_sign1_with_aad(); test_cose_sign1_detached(); -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_ES384 test_cose_sign1_ecc("ES384", WOLFCOSE_ALG_ES384, WOLFCOSE_CRV_P384, 48); #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_ES512 test_cose_sign1_ecc("ES512", WOLFCOSE_ALG_ES512, WOLFCOSE_CRV_P521, 66); #endif #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA test_cose_sign1_eddsa(); #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 test_cose_sign1_ed448(); #endif /* Encrypt0 basic tests */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM test_cose_encrypt0_a128gcm(); test_cose_encrypt0_a256gcm(); test_cose_encrypt0_with_aad(); @@ -15621,26 +15631,26 @@ int test_cose(void) #endif /* ChaCha20-Poly1305 encryption tests */ -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(WOLFCOSE_HAVE_CHACHA20) test_cose_encrypt0_chacha20(); test_cose_encrypt0_chacha20_with_aad(); #endif /* AES-CCM encryption tests */ -#ifdef HAVE_AESCCM +#ifdef WOLFCOSE_HAVE_AESCCM test_cose_encrypt0_aes_ccm(); test_cose_aes_ccm_all_params(); #endif /* RSA-PSS signature tests */ -#if defined(WC_RSA_PSS) && defined(WOLFSSL_KEY_GEN) +#if defined(WOLFCOSE_HAVE_RSAPSS) && defined(WOLFSSL_KEY_GEN) test_cose_sign1_pss("PS256", WOLFCOSE_ALG_PS256); test_cose_sign1_pss("PS384", WOLFCOSE_ALG_PS384); test_cose_sign1_pss("PS512", WOLFCOSE_ALG_PS512); #endif /* ML-DSA signature tests */ -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA test_cose_sign1_ml_dsa("ML-DSA-44", WOLFCOSE_ALG_ML_DSA_44, WC_ML_DSA_44); test_cose_sign1_ml_dsa("ML-DSA-65", WOLFCOSE_ALG_ML_DSA_65, WC_ML_DSA_65); test_cose_sign1_ml_dsa("ML-DSA-87", WOLFCOSE_ALG_ML_DSA_87, WC_ML_DSA_87); @@ -15648,43 +15658,47 @@ int test_cose(void) #endif /* Mac0 basic tests */ -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC256) test_cose_mac0_hmac256(); test_cose_mac0_short_hmac_key(); +#ifdef WOLFCOSE_MAC test_cose_mac_payload_validation(); +#endif test_cose_mac0_empty_inline_payload(); +#ifdef WOLFCOSE_MAC test_cose_mac_multi_per_recipient(); +#endif test_cose_mac0_with_aad(); test_cose_mac0_detached(); test_cose_mac0_detached_with_aad(); -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_HMAC384 test_cose_mac0_hmac384(); #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_HMAC512 test_cose_mac0_hmac512(); #endif -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ /* AES-CBC-MAC tests */ -#ifdef HAVE_AES_CBC +#ifdef WOLFCOSE_HAVE_AESMAC test_cose_mac0_aes_cbc_mac(); test_cose_mac0_aes_cbc_mac_with_aad(); test_cose_mac0_aes_cbc_mac_detached(); #endif /* RFC 9052 interop test vectors */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_rfc_sign1_ecdsa_01(); #endif -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC256) test_rfc_mac0_hmac_01(); #endif /* Multi-signer tests */ -#if defined(WOLFCOSE_SIGN) && defined(HAVE_ECC) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) test_cose_sign_multi_signer(); test_cose_sign_both_payloads(); -#if defined(WOLFSSL_HAVE_MLDSA) && defined(WOLFCOSE_SIGN) +#if defined(WOLFCOSE_HAVE_MLDSA) && defined(WOLFCOSE_SIGN) test_cose_sign_ml_dsa_level_mismatch(); #endif test_cose_sign_verify_key_alg_mismatch(); @@ -15692,13 +15706,13 @@ int test_cose(void) test_cose_mac0_verify_key_alg_mismatch(); test_cose_sign_with_aad(); test_cose_sign_detached(); -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA test_cose_sign_mixed_algorithms(); #endif #endif /* Multi-recipient encryption tests */ -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) && \ +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) && \ defined(WOLFCOSE_KEY_WRAP) test_cose_encrypt_multi_recipient(); test_cose_encrypt_with_aad(); @@ -15706,7 +15720,7 @@ int test_cose(void) test_cose_encrypt_direct_key_alg_pin_roundtrip(); test_cose_encrypt_direct_alg_id_key_alg_roundtrip(); test_cose_encrypt_direct_multi_key_alg_mismatch(); -#if defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(HAVE_ECC) && defined(HAVE_HKDF) +#if defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(WOLFCOSE_HAVE_ES256) && defined(HAVE_HKDF) test_cose_encrypt_ecdh_es_kid_and_alg_pin(); test_cose_encrypt_ecdh_es_hkdf_256(); test_cose_encrypt_ecdh_es_wrong_key(); @@ -15720,35 +15734,39 @@ int test_cose(void) test_cose_encrypt_kw_mutated_recipient_alg_pin(); test_cose_encrypt_kw_wrong_keysize(); test_cose_encrypt_kw_wrong_key_type(); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_cose_encrypt_direct_wrong_key_type(); #endif #endif /* Multi-recipient MAC tests */ -#if defined(WOLFCOSE_MAC) && !defined(NO_HMAC) +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) test_cose_mac_multi_recipient(); test_cose_mac_multi_recipient_key_alg_mismatch(); test_cose_mac_with_aad(); test_cose_mac_detached(); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_cose_mac_wrong_key_type(); #endif #endif /* Phase 1: Algorithm Combination Tests */ TEST_LOG("\n--- Algorithm Combination Tests ---\n"); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 +#ifdef WOLFCOSE_HAVE_ES384 test_cose_sign1_es384(); +#endif +#ifdef WOLFCOSE_HAVE_ES512 test_cose_sign1_es512(); #endif -#ifdef HAVE_AESGCM +#endif +#ifdef WOLFCOSE_HAVE_AESGCM test_cose_encrypt0_a192gcm(); #endif /* Phase 3B: Negative Crypto Tests (Tamper Detection) */ TEST_LOG("\n--- Negative Crypto Tests ---\n"); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_cose_sign1_tampered_sig_byte(); test_cose_sign1_tampered_protected_hdr(); test_cose_sign1_tampered_payload_byte(); @@ -15756,19 +15774,19 @@ int test_cose(void) test_cose_sign1_trailing_bytes(); test_cose_sign1_hdr_cleared_on_failure(); #endif -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM test_cose_encrypt0_tampered_ct_byte(); test_cose_encrypt0_tampered_tag(); test_cose_encrypt0_wrong_key(); #endif -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 test_cose_mac0_tampered_tag_byte(); test_cose_mac0_truncated_tag(); #endif /* Phase 3A: Boundary Condition Tests */ TEST_LOG("\n--- Boundary Condition Tests ---\n"); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_cose_empty_payload(); test_cose_large_payload(); test_cose_empty_aad(); @@ -15777,40 +15795,40 @@ int test_cose(void) /* Phase 3E: Buffer Overflow Prevention Tests */ TEST_LOG("\n--- Buffer Overflow Prevention Tests ---\n"); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_cose_sign_output_too_small(); test_cose_sign_scratch_too_small(); #endif -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM test_cose_encrypt_output_too_small(); #endif /* Phase 3C: Malformed CBOR Input Tests */ TEST_LOG("\n--- Malformed Input Tests ---\n"); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_decode_truncated_message(); test_decode_wrong_tag(); #endif /* Additional Coverage Tests */ TEST_LOG("\n--- Additional Coverage Tests ---\n"); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_cose_bad_algorithm(); #endif test_cose_null_params(); test_cose_invalid_algorithms(); test_cose_error_paths(); -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM test_cose_header_edge_cases(); #endif test_cose_key_with_kid(); -#ifdef HAVE_ECC +#if defined(WOLFCOSE_HAVE_ES384) || defined(WOLFCOSE_HAVE_ES512) test_cose_key_ecc_curves(); #endif -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM test_cose_encrypt0_key_sizes(); #endif -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 test_cose_mac0_key_sizes(); #endif test_cbor_edge_cases(); @@ -15818,13 +15836,13 @@ int test_cose(void) test_cose_protected_hdr_trailing(); test_cose_protected_hdr_kid(); test_cose_oversized_int_narrowing(); -#ifdef HAVE_ECC +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) test_cose_sign_dup_signer_unprot_hdr(); #endif -#ifndef NO_HMAC +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) test_cose_mac_dup_recipient_unprot_hdr(); #endif -#ifdef HAVE_AESGCM +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) test_cose_encrypt_dup_recipient_unprot_hdr(); test_cose_encrypt_direct_empty_protected(); test_cose_encrypt_recipient_alg_checks(); @@ -15838,87 +15856,89 @@ int test_cose(void) test_cose_cross_bucket_dup(); test_cose_crit_in_unprotected(); test_cose_iv_partial_iv(); -#if defined(HAVE_ECC) && defined(WOLFCOSE_SIGN1_SIGN) +#if defined(WOLFCOSE_HAVE_ES256) && defined(WOLFCOSE_SIGN1_SIGN) test_cose_sign1_alg_curve_mismatch(); test_cose_sign1_inconsistent_kid(); #endif -#if defined(WOLFCOSE_SIGN) && defined(HAVE_ECC) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) test_cose_sign_multi_public_only_key(); #endif test_cose_alg_to_hash_constants(); test_cose_build_sig_structure_context(); test_cose_aead_tag_len(); +#ifdef WOLFCOSE_HAVE_HMAC256 test_cose_hmac_type_constants(); -#if defined(HAVE_AESGCM) && defined(WOLFCOSE_ENCRYPT0_ENCRYPT) && defined(WOLFCOSE_ENCRYPT0_DECRYPT) +#endif +#if defined(WOLFCOSE_HAVE_AESGCM) && defined(WOLFCOSE_ENCRYPT0_ENCRYPT) && defined(WOLFCOSE_ENCRYPT0_DECRYPT) test_cose_encrypt0_nonce_length(); test_cose_encrypt0_empty_payload_roundtrip(); #endif -#if defined(WC_RSA_PSS) && defined(WOLFCOSE_SIGN) && \ +#if defined(WOLFCOSE_HAVE_RSAPSS) && defined(WOLFCOSE_SIGN) && \ defined(WOLFSSL_KEY_GEN) test_cose_sign_multi_pss_roundtrip(); #endif -#if defined(WOLFSSL_HAVE_MLDSA) && defined(WOLFCOSE_SIGN) +#if defined(WOLFCOSE_HAVE_MLDSA) && defined(WOLFCOSE_SIGN) test_cose_sign_multi_mldsa_roundtrip(); #endif -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESCCM) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESCCM) test_cose_encrypt_multi_ccm_roundtrip(); #endif -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_CHACHA20) test_cose_encrypt_multi_chacha_roundtrip(); #endif #if defined(WOLFCOSE_ENCRYPT0_ENCRYPT) && \ - defined(WOLFCOSE_ENCRYPT0_DECRYPT) && defined(HAVE_AESCCM) + defined(WOLFCOSE_ENCRYPT0_DECRYPT) && defined(WOLFCOSE_HAVE_AESCCM) test_cose_encrypt0_detached_ccm(); #endif #if defined(WOLFCOSE_ENCRYPT0_ENCRYPT) && \ - defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + defined(WOLFCOSE_HAVE_CHACHA20) test_cose_encrypt0_detached_chacha(); #endif -#if defined(WOLFCOSE_MAC) && defined(HAVE_AES_CBC) +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_AESMAC) test_cose_mac_multi_aescbc_roundtrip(); #endif -#if defined(HAVE_ECC) && \ +#if defined(WOLFCOSE_HAVE_ES256) && \ defined(WOLFCOSE_KEY_ENCODE) && defined(WOLFCOSE_KEY_DECODE) test_cose_key_kid_alg_roundtrip(); #endif -#if defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(HAVE_ECC) && \ - defined(HAVE_HKDF) && defined(WOLFSSL_SHA512) +#if defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(WOLFCOSE_HAVE_ES256) && \ + defined(HAVE_HKDF) && defined(WOLFCOSE_HAVE_ES512) test_cose_encrypt_ecdh_es_hkdf512(); #endif -#if defined(WOLFCOSE_SIGN) && defined(HAVE_ECC) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) test_cose_sign_multi_alg_key_mismatch(); #endif -#if defined(WOLFCOSE_SIGN) && defined(WC_RSA_PSS) && \ - defined(HAVE_ECC) && defined(WOLFSSL_KEY_GEN) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_RSAPSS) && \ + defined(WOLFCOSE_HAVE_ES256) && defined(WOLFSSL_KEY_GEN) test_cose_sign_multi_wrong_kty_for_pss(); #endif test_cose_decode_unprotected_tstr_label(); test_cose_sigsize_known_algs(); test_cose_decode_tstr_alg_values(); test_cose_key_decode_tstr_alg_rejected(); -#if defined(WOLFCOSE_SIGN) && defined(HAVE_ED448) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ED448) test_cose_sign_multi_ed448_roundtrip(); #endif -#if defined(HAVE_ECC) +#if defined(WOLFCOSE_HAVE_ES256) test_cose_setecc_invalid_curve(); #endif -#if !defined(NO_HMAC) && defined(WOLFCOSE_MAC0_CREATE) +#if defined(WOLFCOSE_HAVE_HMAC256) && defined(WOLFCOSE_MAC0_CREATE) test_cose_mac0_hmac_short_key_rejected(); test_cose_mac0_create_key_alg_mismatch(); #endif -#if !defined(NO_HMAC) && defined(WOLFCOSE_MAC0_CREATE) && \ +#if defined(WOLFCOSE_HAVE_HMAC256) && defined(WOLFCOSE_MAC0_CREATE) && \ defined(WOLFCOSE_MAC0_VERIFY) test_cose_mac0_verify_short_key_rejected(); #endif -#if defined(HAVE_AESGCM) && defined(WOLFCOSE_ENCRYPT0_ENCRYPT) +#if defined(WOLFCOSE_HAVE_AESGCM) && defined(WOLFCOSE_ENCRYPT0_ENCRYPT) test_cose_encrypt0_key_alg_mismatch(); #endif -#if defined(HAVE_ECC) && defined(WOLFCOSE_SIGN1_SIGN) +#if defined(WOLFCOSE_HAVE_ES256) && defined(WOLFCOSE_SIGN1_SIGN) test_cose_sign1_key_alg_mismatch(); test_cose_sign1_verify_key_alg_mismatch(); test_cose_sign1_both_payloads(); #endif -#if defined(WOLFCOSE_MAC0_CREATE) && !defined(NO_HMAC) +#if defined(WOLFCOSE_MAC0_CREATE) && defined(WOLFCOSE_HAVE_HMAC256) test_cose_mac0_both_payloads(); #endif #if defined(WOLFCOSE_KEY_DECODE) @@ -15926,46 +15946,46 @@ int test_cose(void) test_cose_key_decode_trailing_bytes(); test_cose_key_decode_no_material_on_failure(); test_cose_key_decode_symmetric_missing_k(); -#if defined(HAVE_ECC) +#if defined(WOLFCOSE_HAVE_ES256) test_cose_key_decode_ec2_short_coord(); #endif #endif #if defined(WOLFCOSE_ENCRYPT0_ENCRYPT) && \ - defined(WOLFCOSE_ENCRYPT0_DECRYPT) && defined(HAVE_AESCCM) + defined(WOLFCOSE_ENCRYPT0_DECRYPT) && defined(WOLFCOSE_HAVE_AESCCM) test_cose_encrypt0_detached_ccm_roundtrip(); #endif #if defined(WOLFCOSE_ENCRYPT0_ENCRYPT) && \ defined(WOLFCOSE_ENCRYPT0_DECRYPT) && \ - defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + defined(WOLFCOSE_HAVE_CHACHA20) test_cose_encrypt0_detached_chacha_roundtrip(); #endif test_internal_helpers(); /* Hardened / error-path tests */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_cose_sign1_buffer_too_small(); #endif -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM test_cose_encrypt0_buffer_errors(); #endif -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC256) test_cose_mac0_buffer_errors(); #endif test_cose_key_encode_errors(); test_cose_key_decode_optional_labels(); -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA test_cose_key_set_mldsa_errors(); #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA test_cose_key_ed25519_public_only(); #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 test_cose_key_ed448_public_only(); #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA test_cose_key_mldsa_public_only(); #endif -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_cose_key_ecc_public_only(); #endif @@ -15973,153 +15993,155 @@ int test_cose(void) TEST_LOG("\n--- Negative Test Coverage (Phases 1-10) ---\n"); /* Phase 1: Buffer Too Small Tests */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_buffer_too_small_key_encode(); #endif -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM test_buffer_too_small_encrypt(); #endif -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 test_buffer_too_small_mac(); #endif /* Phase 2: Wrong Key Type Tests */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_wrong_key_type_sign(); +#ifdef WOLFCOSE_HAVE_RSAPSS test_wrong_key_type_ecc_for_rsa(); #endif -#ifdef HAVE_AESGCM +#endif +#ifdef WOLFCOSE_HAVE_AESGCM test_wrong_key_type_decrypt(); #endif -#if !defined(NO_HMAC) && defined(HAVE_ECC) +#if defined(WOLFCOSE_HAVE_HMAC256) && defined(WOLFCOSE_HAVE_ES256) test_wrong_key_type_mac_verify(); #endif /* Phase 3: Invalid Algorithm Tests */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_invalid_sign_algorithm(); #endif -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM test_invalid_encrypt_algorithm(); #endif -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 test_invalid_mac_algorithm(); #endif /* Phase 4: NULL/Invalid Argument Tests */ test_null_key_operations(); -#if defined(WOLFCOSE_SIGN) && defined(HAVE_ECC) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) test_multi_sign_null_signers(); #endif -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) test_multi_encrypt_null_recipients(); #endif -#if defined(WOLFCOSE_MAC) && !defined(NO_HMAC) +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) test_multi_mac_null_recipients(); #endif /* Phase 5: CBOR Parsing Error Tests */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_cbor_truncated_sign1(); #endif -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM test_cbor_malformed_encrypt0(); test_cbor_missing_iv(); #endif /* Phase 6: Wrong CBOR Tag Tests */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_wrong_tag_sign1(); #endif -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM test_wrong_tag_encrypt0(); #endif -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 test_wrong_tag_mac0(); #endif /* Phase 7: Signature/MAC Verification Failure Tests */ -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA test_corrupted_eddsa_signature(); #endif -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 test_corrupted_mac_tag(); #endif /* Phase 8: ECDH-ES Key Agreement Tests */ -#if defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(HAVE_ECC) && defined(HAVE_HKDF) +#if defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(WOLFCOSE_HAVE_ES256) && defined(HAVE_HKDF) test_ecdh_es_wrong_key_type_sender(); #endif /* Phase 9: Multi-recipient KID Encoding Tests */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 test_mac0_with_kid(); #endif -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) test_multi_encrypt_with_kids(); #endif /* Phase 10: Multi-recipient Decrypt Error Tests */ -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) test_multi_decrypt_wrong_key(); #endif -#if defined(WOLFCOSE_MAC) && !defined(NO_HMAC) +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) test_multi_mac_verify_wrong_key(); #endif /* Additional Key Type Tests */ -#if defined(HAVE_ECC) && (defined(HAVE_ED25519) || defined(HAVE_ED448)) +#if defined(WOLFCOSE_HAVE_ES256) && (defined(WOLFCOSE_HAVE_EDDSA) || defined(WOLFCOSE_HAVE_ED448)) test_key_type_eddsa_wrong_crv(); #endif -#if defined(HAVE_ED25519) && defined(HAVE_ECC) +#if defined(WOLFCOSE_HAVE_EDDSA) && defined(WOLFCOSE_HAVE_ES256) test_key_type_okp_for_ecdsa(); #endif /* Additional Coverage Tests */ -#if defined(WC_RSA_PSS) && defined(WOLFSSL_KEY_GEN) +#if defined(WOLFCOSE_HAVE_RSAPSS) && defined(WOLFSSL_KEY_GEN) test_rsa_key_encode_buffer_small(); #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA test_mldsa_key_encode_buffer_small(); #endif test_key_decode_bad_kty(); -#if defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(HAVE_ECC) && \ - defined(HAVE_HKDF) && defined(WOLFSSL_SHA512) +#if defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(WOLFCOSE_HAVE_ES256) && \ + defined(HAVE_HKDF) && defined(WOLFCOSE_HAVE_ES512) test_ecdh_es_hkdf_512(); #endif -#if defined(WOLFCOSE_KEY_WRAP) && defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_KEY_WRAP) && defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) test_key_wrap_decrypt_wrong_cek_size(); #endif -#if defined(WOLFCOSE_SIGN) && defined(HAVE_ECC) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) test_multi_sign_verify_wrong_signer(); #endif -#if defined(WOLFCOSE_MAC) && !defined(NO_HMAC) +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) test_multi_mac_with_kid(); #endif /* Additional targeted coverage */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM test_encrypt0_detached_buffer_small(); test_encrypt0_decrypt_wrong_key_size(); #endif -#if defined(WOLFCOSE_SIGN) && defined(HAVE_ECC) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) test_multi_sign_verify_null_payload(); test_multi_sign_wrong_tag(); #endif -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) test_multi_encrypt_decrypt_null_recipient(); #endif -#if defined(WOLFCOSE_MAC) && !defined(NO_HMAC) +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) test_multi_mac_verify_null_recipient(); #endif /* Additional targeted coverage - Phase 2 */ -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) test_multi_encrypt_with_detached(); test_multi_decrypt_malformed_recipients(); test_multi_encrypt_recipients_with_kids(); #endif -#if defined(WOLFCOSE_MAC) && !defined(NO_HMAC) +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) test_multi_mac_create_errors(); test_multi_mac_verify_malformed(); test_mac0_verify_unknown_alg(); @@ -16127,16 +16149,16 @@ int test_cose(void) #endif /* wolfReview regression tests */ -#if defined(WOLFCOSE_SIGN) && defined(HAVE_ECC) +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) test_sign_multi_array_count(); test_sign_verify_bad_array_count(); #endif -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) test_encrypt_multi_detached_rejected(); test_encrypt_multi_wrong_iv_len(); #endif -#if defined(WOLFCOSE_ENCRYPT) && defined(HAVE_AESGCM) && \ - defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(HAVE_ECC) && defined(HAVE_HKDF) +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) && \ + defined(WOLFCOSE_ECDH_ES_DIRECT) && defined(WOLFCOSE_HAVE_ES256) && defined(HAVE_HKDF) test_ecdh_es_multi_recipient_rejected(); test_ecdh_es_multi_recipient_decrypt_rejected(); test_ecdh_es_recipient_protected_bound(); diff --git a/tests/test_interop.c b/tests/test_interop.c index dd5f86b..e49d0aa 100644 --- a/tests/test_interop.c +++ b/tests/test_interop.c @@ -42,10 +42,10 @@ #include #include "test_suite.h" #include -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 #include #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA #include #endif #include @@ -135,7 +135,7 @@ static const uint8_t mac0_vec1_key[] = { static const uint8_t mac0_vec1_payload[] = "This is the content."; /* ----- Sign1 Interop Tests ----- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static void test_interop_sign1_roundtrip(void) { WOLFCOSE_KEY signKey; @@ -219,6 +219,7 @@ static void test_interop_sign1_roundtrip(void) } } +#if defined(WOLFCOSE_HAVE_ES384) static void test_interop_sign1_es384_roundtrip(void) { WOLFCOSE_KEY signKey; @@ -295,7 +296,9 @@ static void test_interop_sign1_es384_roundtrip(void) wc_FreeRng(&rng); } } +#endif /* WOLFCOSE_HAVE_ES384 */ +#if defined(WOLFCOSE_HAVE_ES512) static void test_interop_sign1_es512_roundtrip(void) { WOLFCOSE_KEY signKey; @@ -372,6 +375,7 @@ static void test_interop_sign1_es512_roundtrip(void) wc_FreeRng(&rng); } } +#endif /* WOLFCOSE_HAVE_ES512 */ static void test_interop_sign1_with_aad_roundtrip(void) { @@ -550,10 +554,10 @@ static void test_interop_sign1_detached_roundtrip(void) wc_FreeRng(&rng); } } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES256 */ /* ----- Encrypt0 Interop Tests ----- */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM static void test_interop_encrypt0_roundtrip(void) { WOLFCOSE_KEY key; @@ -780,10 +784,10 @@ static void test_interop_encrypt0_detached(void) TEST_ASSERT(ret == 0, "decrypt detached"); TEST_ASSERT((hdr.flags & WOLFCOSE_HDR_FLAG_DETACHED) != 0, "detached flag"); } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_HAVE_AESGCM */ /* ----- Mac0 Interop Tests ----- */ -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 static void test_interop_mac0_roundtrip(void) { WOLFCOSE_KEY key; @@ -871,6 +875,9 @@ static void test_interop_mac0_with_aad(void) } } +#endif /* WOLFCOSE_HAVE_HMAC256 */ + +#ifdef WOLFCOSE_HAVE_AESMAC static void test_interop_mac0_aes_cbc_mac_128_64(void) { WOLFCOSE_KEY key; @@ -954,7 +961,9 @@ static void test_interop_mac0_aes_cbc_mac_256_128(void) TEST_ASSERT(ret == 0, "verify AES-MAC-256/128"); TEST_ASSERT(hdr.alg == WOLFCOSE_ALG_AES_MAC_256_128, "algorithm"); } +#endif /* WOLFCOSE_HAVE_AESMAC */ +#ifdef WOLFCOSE_HAVE_HMAC256 static void test_interop_mac0_detached(void) { WOLFCOSE_KEY key; @@ -1003,10 +1012,10 @@ static void test_interop_mac0_detached(void) TEST_ASSERT(ret != 0, "wrong detached payload fails"); } } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC256 */ /* ----- EdDSA Interop Tests ----- */ -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA static void test_interop_sign1_eddsa_roundtrip(void) { WOLFCOSE_KEY signKey; @@ -1160,10 +1169,10 @@ static void test_interop_sign1_eddsa_with_aad(void) wc_FreeRng(&rng); } } -#endif /* HAVE_ED25519 */ +#endif /* WOLFCOSE_HAVE_EDDSA */ /* ----- Multi-Signer Interop Tests ----- */ -#ifdef HAVE_ECC +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) static void test_interop_sign_multi_signer(void) { WOLFCOSE_KEY key1, key2; @@ -1277,6 +1286,7 @@ static void test_interop_sign_multi_signer(void) } } +#ifdef WOLFCOSE_HAVE_ES384 static void test_interop_sign_mixed_algorithms(void) { WOLFCOSE_KEY eccKey256, eccKey384; @@ -1388,10 +1398,11 @@ static void test_interop_sign_mixed_algorithms(void) wc_FreeRng(&rng); } } -#endif /* HAVE_ECC */ +#endif /* WOLFCOSE_HAVE_ES384 */ +#endif /* WOLFCOSE_SIGN */ /* ----- Multi-Recipient Interop Tests ----- */ -#ifdef HAVE_AESGCM +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) static void test_interop_encrypt_multi_recipient(void) { WOLFCOSE_KEY cek, kek1, kek2; @@ -1483,9 +1494,9 @@ static void test_interop_encrypt_multi_recipient(void) wc_FreeRng(&rng); } -#endif /* HAVE_AESGCM */ +#endif /* WOLFCOSE_ENCRYPT */ -#ifndef NO_HMAC +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) static void test_interop_mac_multi_recipient(void) { WOLFCOSE_KEY key; @@ -1548,7 +1559,7 @@ static void test_interop_mac_multi_recipient(void) &hdr, &decPayload, &decPayloadLen); TEST_ASSERT(ret == 0, "verify recipient 1"); } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_MAC */ /* ----- Entry point ----- */ int test_interop(void) @@ -1558,21 +1569,25 @@ int test_interop(void) printf("=== COSE Interoperability Tests ===\n\n"); printf("[Sign1 Tests]\n"); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 test_interop_sign1_roundtrip(); +#if defined(WOLFCOSE_HAVE_ES384) test_interop_sign1_es384_roundtrip(); +#endif +#if defined(WOLFCOSE_HAVE_ES512) test_interop_sign1_es512_roundtrip(); +#endif test_interop_sign1_with_aad_roundtrip(); test_interop_sign1_detached_roundtrip(); #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA test_interop_sign1_eddsa_roundtrip(); test_interop_sign1_eddsa_with_aad(); #endif printf("\n[Encrypt0 Tests]\n"); -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM test_interop_encrypt0_roundtrip(); test_interop_encrypt0_a192gcm_roundtrip(); test_interop_encrypt0_a256gcm_roundtrip(); @@ -1581,25 +1596,29 @@ int test_interop(void) #endif printf("\n[Mac0 Tests]\n"); -#ifndef NO_HMAC +#ifdef WOLFCOSE_HAVE_HMAC256 test_interop_mac0_roundtrip(); test_interop_mac0_with_aad(); + test_interop_mac0_detached(); +#endif +#ifdef WOLFCOSE_HAVE_AESMAC test_interop_mac0_aes_cbc_mac_128_64(); test_interop_mac0_aes_cbc_mac_256_128(); - test_interop_mac0_detached(); #endif printf("\n[Multi-Signer Tests]\n"); -#ifdef HAVE_ECC +#if defined(WOLFCOSE_SIGN) && defined(WOLFCOSE_HAVE_ES256) test_interop_sign_multi_signer(); +#ifdef WOLFCOSE_HAVE_ES384 test_interop_sign_mixed_algorithms(); +#endif #endif printf("\n[Multi-Recipient Tests]\n"); -#ifdef HAVE_AESGCM +#if defined(WOLFCOSE_ENCRYPT) && defined(WOLFCOSE_HAVE_AESGCM) test_interop_encrypt_multi_recipient(); #endif -#ifndef NO_HMAC +#if defined(WOLFCOSE_MAC) && defined(WOLFCOSE_HAVE_HMAC256) test_interop_mac_multi_recipient(); #endif diff --git a/tools/wolfcose_tool.c b/tools/wolfcose_tool.c index 8cb7400..ec0c956 100644 --- a/tools/wolfcose_tool.c +++ b/tools/wolfcose_tool.c @@ -44,19 +44,19 @@ #include #include -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ECDSA #include #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA #include #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 #include #endif -#ifdef WC_RSA_PSS +#ifdef WOLFCOSE_HAVE_RSAPSS #include #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA #include #endif @@ -69,7 +69,7 @@ #endif #ifndef WOLFCOSE_TOOL_MAX_KEY - #ifdef WOLFSSL_HAVE_MLDSA + #ifdef WOLFCOSE_HAVE_MLDSA /* ML-DSA-87: pub=2592 + priv=4896 + CBOR overhead */ #define WOLFCOSE_TOOL_MAX_KEY 8192 #else @@ -113,7 +113,7 @@ static int parse_alg(const char* name, int32_t* alg) else if (strcmp(name, "EdDSA") == 0) { *alg = WOLFCOSE_ALG_EDDSA; } -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 else if (strcmp(name, "Ed448") == 0) { *alg = WOLFCOSE_ALG_EDDSA; } @@ -127,7 +127,7 @@ static int parse_alg(const char* name, int32_t* alg) else if (strcmp(name, "A256GCM") == 0) { *alg = WOLFCOSE_ALG_A256GCM; } -#ifdef WC_RSA_PSS +#ifdef WOLFCOSE_HAVE_RSAPSS else if (strcmp(name, "PS256") == 0) { *alg = WOLFCOSE_ALG_PS256; } @@ -138,7 +138,7 @@ static int parse_alg(const char* name, int32_t* alg) *alg = WOLFCOSE_ALG_PS512; } #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA else if (strcmp(name, "ML-DSA-44") == 0) { *alg = WOLFCOSE_ALG_ML_DSA_44; } @@ -149,12 +149,12 @@ static int parse_alg(const char* name, int32_t* alg) *alg = WOLFCOSE_ALG_ML_DSA_87; } #endif -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(WOLFCOSE_HAVE_CHACHA20) else if (strcmp(name, "ChaCha20") == 0) { *alg = WOLFCOSE_ALG_CHACHA20_POLY1305; } #endif -#ifdef HAVE_AESCCM +#ifdef WOLFCOSE_HAVE_AESCCM else if (strcmp(name, "AES-CCM") == 0) { *alg = WOLFCOSE_ALG_AES_CCM_16_128_128; } @@ -162,12 +162,12 @@ static int parse_alg(const char* name, int32_t* alg) else if (strcmp(name, "HMAC256") == 0) { *alg = WOLFCOSE_ALG_HMAC256; } -#ifdef WOLFSSL_SHA384 +#ifdef WOLFCOSE_HAVE_HMAC384 else if (strcmp(name, "HMAC384") == 0) { *alg = WOLFCOSE_ALG_HMAC384; } #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_HMAC512 else if (strcmp(name, "HMAC512") == 0) { *alg = WOLFCOSE_ALG_HMAC512; } @@ -238,7 +238,7 @@ static int tool_keygen(int32_t alg, const char* algStr, const char* outPath) wc_CoseKey_Init(&coseKey); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 if (alg == WOLFCOSE_ALG_ES256) { ecc_key ecc; wc_ecc_init(&ecc); @@ -255,7 +255,7 @@ static int tool_keygen(int32_t alg, const char* algStr, const char* outPath) } else #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA if (alg == WOLFCOSE_ALG_EDDSA && strcmp(algStr, "Ed448") != 0) { ed25519_key ed; wc_ed25519_init(&ed); @@ -272,7 +272,7 @@ static int tool_keygen(int32_t alg, const char* algStr, const char* outPath) } else #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 if (alg == WOLFCOSE_ALG_EDDSA && strcmp(algStr, "Ed448") == 0) { ed448_key ed; wc_ed448_init(&ed); @@ -289,7 +289,7 @@ static int tool_keygen(int32_t alg, const char* algStr, const char* outPath) } else #endif -#if defined(WC_RSA_PSS) && defined(WOLFSSL_KEY_GEN) +#if defined(WOLFCOSE_HAVE_RSAPSS) && defined(WOLFSSL_KEY_GEN) if (alg == WOLFCOSE_ALG_PS256 || alg == WOLFCOSE_ALG_PS384 || alg == WOLFCOSE_ALG_PS512) { RsaKey rsa; @@ -307,7 +307,7 @@ static int tool_keygen(int32_t alg, const char* algStr, const char* outPath) } else #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA if (alg == WOLFCOSE_ALG_ML_DSA_44 || alg == WOLFCOSE_ALG_ML_DSA_65 || alg == WOLFCOSE_ALG_ML_DSA_87) { wc_MlDsaKey dl; @@ -424,7 +424,7 @@ static int tool_sign(const char* keyPath, int32_t alg, const char* algStr, wc_CoseKey_Init(&coseKey); -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ECDSA if (alg == WOLFCOSE_ALG_ES256 || alg == WOLFCOSE_ALG_ES384 || alg == WOLFCOSE_ALG_ES512) { ecc_key ecc; @@ -453,7 +453,7 @@ static int tool_sign(const char* keyPath, int32_t alg, const char* algStr, } else #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA if (alg == WOLFCOSE_ALG_EDDSA && strcmp(algStr, "Ed448") != 0) { ed25519_key ed; wc_ed25519_init(&ed); @@ -481,7 +481,7 @@ static int tool_sign(const char* keyPath, int32_t alg, const char* algStr, } else #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 if (alg == WOLFCOSE_ALG_EDDSA && strcmp(algStr, "Ed448") == 0) { ed448_key ed; wc_ed448_init(&ed); @@ -509,7 +509,7 @@ static int tool_sign(const char* keyPath, int32_t alg, const char* algStr, } else #endif -#ifdef WC_RSA_PSS +#ifdef WOLFCOSE_HAVE_RSAPSS if (alg == WOLFCOSE_ALG_PS256 || alg == WOLFCOSE_ALG_PS384 || alg == WOLFCOSE_ALG_PS512) { RsaKey rsa; @@ -538,7 +538,7 @@ static int tool_sign(const char* keyPath, int32_t alg, const char* algStr, } else #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA if (alg == WOLFCOSE_ALG_ML_DSA_44 || alg == WOLFCOSE_ALG_ML_DSA_65 || alg == WOLFCOSE_ALG_ML_DSA_87) { wc_MlDsaKey dl; @@ -622,7 +622,7 @@ static int tool_verify(const char* keyPath, const char* inPath) crv = coseKey.crv; } -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ECDSA if (ret == 0 && kty == WOLFCOSE_KTY_EC2) { ecc_key ecc; keyMatched = 1; @@ -639,7 +639,7 @@ static int tool_verify(const char* keyPath, const char* inPath) } else #endif -#ifdef WC_RSA_PSS +#ifdef WOLFCOSE_HAVE_RSAPSS if (ret == 0 && kty == WOLFCOSE_KTY_RSA) { RsaKey rsa; keyMatched = 1; @@ -656,7 +656,7 @@ static int tool_verify(const char* keyPath, const char* inPath) } else #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA if (ret == 0 && kty == WOLFCOSE_KTY_OKP && crv == WOLFCOSE_CRV_ED25519) { ed25519_key ed; @@ -674,7 +674,7 @@ static int tool_verify(const char* keyPath, const char* inPath) } else #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 if (ret == 0 && kty == WOLFCOSE_KTY_OKP && crv == WOLFCOSE_CRV_ED448) { ed448_key ed; @@ -692,7 +692,7 @@ static int tool_verify(const char* keyPath, const char* inPath) } else #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA if (ret == 0 && kty == WOLFCOSE_KTY_OKP && (crv == WOLFCOSE_CRV_ML_DSA_44 || crv == WOLFCOSE_CRV_ML_DSA_65 || @@ -733,8 +733,8 @@ static int tool_verify(const char* keyPath, const char* inPath) } /* ----- enc: COSE_Encrypt0 encrypt ----- */ -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \ - (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) +#if defined(WOLFCOSE_HAVE_AESGCM) || defined(WOLFCOSE_HAVE_AESCCM) || \ + (defined(WOLFCOSE_HAVE_CHACHA20)) static int tool_enc(const char* keyPath, int32_t alg, const char* inPath, const char* outPath) { @@ -856,10 +856,10 @@ static int tool_dec(const char* keyPath, const char* inPath, } return ret; } -#endif /* HAVE_AESGCM || HAVE_AESCCM || (HAVE_CHACHA && HAVE_POLY1305) */ +#endif /* WOLFCOSE_HAVE_AESGCM || WOLFCOSE_HAVE_AESCCM || (WOLFCOSE_HAVE_CHACHA20) */ /* ----- mac: COSE_Mac0 create ----- */ -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC) static int tool_mac(const char* keyPath, int32_t alg, const char* inPath, const char* outPath) { @@ -943,7 +943,7 @@ static int tool_macverify(const char* keyPath, const char* inPath) printf("MAC verification OK. Payload: %zu bytes\n", payloadLen); return 0; } -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC */ /* ----- info: dump CBOR structure of a COSE message ----- */ static int tool_info(const char* inPath) @@ -1027,7 +1027,7 @@ static int tool_info(const char* inPath) /* ----- test: in-memory round-trip self-tests for all algorithms ----- */ /* Sign round-trip: keygen -> sign -> verify -> check payload */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 static int test_sign_es256(void) { int ret = 0; @@ -1087,7 +1087,7 @@ static int test_sign_es256(void) } #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA static int test_sign_eddsa(void) { int ret = 0; @@ -1147,7 +1147,7 @@ static int test_sign_eddsa(void) } #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 static int test_sign_ed448(void) { int ret = 0; @@ -1207,7 +1207,7 @@ static int test_sign_ed448(void) } #endif -#if defined(WC_RSA_PSS) && defined(WOLFSSL_KEY_GEN) +#if defined(WOLFCOSE_HAVE_RSAPSS) && defined(WOLFSSL_KEY_GEN) static int test_sign_pss(const char* name, int32_t alg) { int ret = 0; @@ -1267,7 +1267,7 @@ static int test_sign_pss(const char* name, int32_t alg) } #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA static int test_sign_mldsa(const char* name, int32_t alg, byte level) { int ret = 0; @@ -1331,8 +1331,8 @@ static int test_sign_mldsa(const char* name, int32_t alg, byte level) #endif /* Encrypt round-trip: keygen -> encrypt -> decrypt -> check payload */ -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \ - (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) +#if defined(WOLFCOSE_HAVE_AESGCM) || defined(WOLFCOSE_HAVE_AESCCM) || \ + (defined(WOLFCOSE_HAVE_CHACHA20)) static int test_enc_roundtrip(const char* name, int32_t alg, size_t keyLen, size_t nonceLen) { @@ -1391,7 +1391,7 @@ static int test_enc_roundtrip(const char* name, int32_t alg, #endif /* MAC round-trip: keygen -> mac -> macverify -> check payload */ -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC) static int test_mac_roundtrip(const char* name, int32_t alg, size_t keyLen) { int ret = 0; @@ -1453,22 +1453,22 @@ static int tool_test(const char* filter) printf("=== wolfCOSE Round-Trip Tests ===\n\n"); /* --- COSE_Sign1 --- */ -#ifdef HAVE_ECC +#ifdef WOLFCOSE_HAVE_ES256 if (all || strcmp(filter, "ES256") == 0) { tests++; if (test_sign_es256() != 0) failures++; } #endif -#ifdef HAVE_ED25519 +#ifdef WOLFCOSE_HAVE_EDDSA if (all || strcmp(filter, "EdDSA") == 0) { tests++; if (test_sign_eddsa() != 0) failures++; } #endif -#ifdef HAVE_ED448 +#ifdef WOLFCOSE_HAVE_ED448 if (all || strcmp(filter, "Ed448") == 0) { tests++; if (test_sign_ed448() != 0) failures++; } #endif -#if defined(WC_RSA_PSS) && defined(WOLFSSL_KEY_GEN) +#if defined(WOLFCOSE_HAVE_RSAPSS) && defined(WOLFSSL_KEY_GEN) if (all || strcmp(filter, "PS256") == 0) { tests++; if (test_sign_pss("PS256", WOLFCOSE_ALG_PS256) != 0) failures++; @@ -1482,7 +1482,7 @@ static int tool_test(const char* filter) if (test_sign_pss("PS512", WOLFCOSE_ALG_PS512) != 0) failures++; } #endif -#ifdef WOLFSSL_HAVE_MLDSA +#ifdef WOLFCOSE_HAVE_MLDSA if (all || strcmp(filter, "ML-DSA-44") == 0) { tests++; if (test_sign_mldsa("ML-DSA-44", WOLFCOSE_ALG_ML_DSA_44, WC_ML_DSA_44) != 0) @@ -1501,7 +1501,7 @@ static int tool_test(const char* filter) #endif /* --- COSE_Encrypt0 --- */ -#ifdef HAVE_AESGCM +#ifdef WOLFCOSE_HAVE_AESGCM if (all || strcmp(filter, "A128GCM") == 0) { tests++; if (test_enc_roundtrip("A128GCM", WOLFCOSE_ALG_A128GCM, 16, 12) != 0) @@ -1518,7 +1518,7 @@ static int tool_test(const char* filter) failures++; } #endif -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(WOLFCOSE_HAVE_CHACHA20) if (all || strcmp(filter, "ChaCha20") == 0) { tests++; if (test_enc_roundtrip("ChaCha20", @@ -1526,7 +1526,7 @@ static int tool_test(const char* filter) failures++; } #endif -#ifdef HAVE_AESCCM +#ifdef WOLFCOSE_HAVE_AESCCM if (all || strcmp(filter, "AES-CCM") == 0) { tests++; if (test_enc_roundtrip("AES-CCM", @@ -1536,27 +1536,29 @@ static int tool_test(const char* filter) #endif /* --- COSE_Mac0 --- */ -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC) +#ifdef WOLFCOSE_HAVE_HMAC256 if (all || strcmp(filter, "HMAC256") == 0) { tests++; if (test_mac_roundtrip("HMAC256", WOLFCOSE_ALG_HMAC256, 32) != 0) failures++; } -#ifdef WOLFSSL_SHA384 +#endif +#ifdef WOLFCOSE_HAVE_HMAC384 if (all || strcmp(filter, "HMAC384") == 0) { tests++; if (test_mac_roundtrip("HMAC384", WOLFCOSE_ALG_HMAC384, 48) != 0) failures++; } #endif -#ifdef WOLFSSL_SHA512 +#ifdef WOLFCOSE_HAVE_HMAC512 if (all || strcmp(filter, "HMAC512") == 0) { tests++; if (test_mac_roundtrip("HMAC512", WOLFCOSE_ALG_HMAC512, 64) != 0) failures++; } #endif -#endif /* !NO_HMAC */ +#endif /* WOLFCOSE_HAVE_HMAC */ if (tests == 0) { printf(" No matching algorithm: %s\n", filter ? filter : "(none)"); @@ -1653,7 +1655,7 @@ int main(int argc, char* argv[]) } return tool_verify(keyPath, inPath); } -#if !defined(NO_HMAC) +#if defined(WOLFCOSE_HAVE_HMAC) else if (strcmp(cmd, "mac") == 0) { if (keyPath == NULL || algStr == NULL || inPath == NULL || outPath == NULL) { @@ -1671,8 +1673,8 @@ int main(int argc, char* argv[]) return tool_macverify(keyPath, inPath); } #endif -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \ - (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) +#if defined(WOLFCOSE_HAVE_AESGCM) || defined(WOLFCOSE_HAVE_AESCCM) || \ + (defined(WOLFCOSE_HAVE_CHACHA20)) else if (strcmp(cmd, "enc") == 0) { if (keyPath == NULL || algStr == NULL || inPath == NULL || outPath == NULL) { @@ -1690,7 +1692,7 @@ int main(int argc, char* argv[]) } return tool_dec(keyPath, inPath, outPath); } -#endif /* HAVE_AESGCM || HAVE_AESCCM || (HAVE_CHACHA && HAVE_POLY1305) */ +#endif /* WOLFCOSE_HAVE_AESGCM || WOLFCOSE_HAVE_AESCCM || (WOLFCOSE_HAVE_CHACHA20) */ else if (strcmp(cmd, "info") == 0) { if (inPath == NULL) { fprintf(stderr, "info requires -i \n");