Automatic chain building for the certs

.gitmodules

@@ -0,0 +1,4 @@
+[submodule "External/tinycbor"]
+	path = External/tinycbor
+	url = https://github.com/intel/tinycbor.git
+	branch = dev

Emulator/RIoT/RIoTCrypt/RiotAes128.c → CyReP/RiotAes128.c

@@ -14,12 +14,10 @@
  *    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  ******************************************************************************/
 
-//
-// 4-MAY-2015; RIoT adaptation (DennisMa;MSFT)
-//
-#include "RiotTarget.h"
-#include "RiotAes128.h"
+#include <RiotTarget.h>
+#include <RiotAes128.h>
 
+// This file contains data tables and is not supposed to be compiled on it's own
 #define _AES_COMPILE_
 #include "RiotAesTables.c"
 
@@ -225,7 +223,7 @@ void RIOT_AES_CBC_128_ENCRYPT(const aes128EncryptKey_t *aes128EncryptKey,
 
 #if AES_ECB_MODE
 void RIOT_AES_ECB_128_ENCRYPT(const aes128EncryptKey_t *aes128EncryptKey,
-                              const uint8_t *in, uint8_t *out, size_t size)
+                              const uint8_t *in, uint8_t *out, uint32_t size)
 {
     uint32_t in32[4];
     uint32_t out32[4];

Emulator/RIoT/RIoTCrypt/RiotAesTables.c → CyReP/RiotAesTables.c

@@ -14,9 +14,7 @@
 *    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 ******************************************************************************/
 
-//
-// 4-MAY-2015; RIoT adaptation (DennisMa;MSFT).
-//
+// This file contains AES data tables and is not supposed to be compiled on it's own
 
 #ifdef _AES_COMPILE_
 
@@ -129,7 +127,7 @@ static const uint32_t Rconst[12] = {
 
 #else
 
-#include "stdint.h"
+#include <stdint.h>
 extern const uint32_t ftable[];
 
 #endif

Emulator/RIoT/RIoTCrypt/RiotBase64.c → CyReP/RiotBase64.c

@@ -1,9 +1,8 @@
 // Copyright (c) Microsoft. All rights reserved.
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
-#include <stdint.h>
-#include <string.h>
-#include "RiotBase64.h"
+#include <RiotTarget.h>
+#include <RiotBase64.h>
 
 #define splitInt(intVal, bytePos) (char)((intVal >> (bytePos << 3)) & 0xFF)
 #define joinChars(a, b, c, d) (uint32_t)((uint32_t)a        +   \
@@ -246,8 +245,11 @@ Base64Encode(
     // Calculate required output buffer length in bytes
     reqSize = (Length == 0) ? (0) : ((((Length - 1) / 3) + 1) * 4);
 
-    // Plus trailing NULL
-    reqSize += 1;
+    // CRLFs after 64 characters
+    reqSize += (reqSize / 64) * 2;
+
+    // Plus trailing CR&NL
+    reqSize += 2;
 
     // Validate length of output buffer
     if (OutLen && (*OutLen < reqSize)) {
@@ -259,6 +261,7 @@ Base64Encode(
     //   b0            b1(+1)          b2(+2)
     // 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
     // |----c1---| |----c2---| |----c3---| |----c4---|
+    uint32_t line = 0;
     while (Length - curPos >= 3)
     {
         char c1 = base64char(Input[curPos] >> 2);
@@ -273,7 +276,13 @@ Base64Encode(
         Output[dstPos++] = c2;
         Output[dstPos++] = c3;
         Output[dstPos++] = c4;
-
+        line += 4;
+        if((line % 64) == 0)
+        {
+            Output[dstPos++] = '\r';
+            Output[dstPos++] = '\n';
+            line = 0;
+        }
     }
 
     if (Length - curPos == 2)
@@ -287,6 +296,7 @@ Base64Encode(
         Output[dstPos++] = c2;
         Output[dstPos++] = c3;
         Output[dstPos++] = '=';
+        line += 4;
     }
     else if (Length - curPos == 1)
     {
@@ -297,10 +307,12 @@ Base64Encode(
         Output[dstPos++] = c2;
         Output[dstPos++] = '=';
         Output[dstPos++] = '=';
+        line += 4;
     }
 
-    // Add NL termination
-    Output[dstPos] = '\n';
+    // Add CR&NL termination
+    Output[dstPos++] = '\r';
+    Output[dstPos++] = '\n';
 
     // Output buffer length
     if (OutLen) {

Emulator/RIoT/RIoTCrypt/RiotCrypt.c → CyReP/RiotCrypt.c

@@ -4,7 +4,14 @@ Microsoft Copyright 2017
 Confidential Information
 
 */
-#include "RiotCrypt.h"
+#include <RiotTarget.h>
+#include <RiotStatus.h>
+#include <RiotSha256.h>
+#include <RiotHmac.h>
+#include <RiotKdf.h>
+#include <RiotEcc.h>
+#include <RiotAes128.h>
+#include <RiotCrypt.h>
 
 #define RIOT_MAX_KDF_FIXED_SIZE     RIOT_MAX_KDF_CONTEXT_LENGTH + \
                                     RIOT_MAX_KDF_LABEL_LENGTH   + 5
@@ -164,7 +171,7 @@ RiotCrypt_DeriveEccKey(
     size_t              labelSize       // IN:  TODO
 )
 {
-    bigval_t    srcVal  = { 0 };
+    bigval_t    srcVal = { { 0 } };
     bigval_t   *pSrcVal = NULL;
 
     if (srcDataSize > sizeof(bigval_t)) {
@@ -182,11 +189,31 @@ RiotCrypt_DeriveEccKey(
                                  pSrcVal, label, labelSize);
 }
 
+RIOT_STATUS
+RiotCrypt_ImportEccPub(
+    uint8_t             *b, // IN: TODO
+    uint32_t            s,  // IN: TODO
+    ecc_publickey       *a  // OUT: TODO
+)
+{
+    if ((*b++ != 0x04) ||
+        (s < 1 + 2 * RIOT_ECC_COORD_BYTES))
+    {
+        return RIOT_INVALID_PARAMETER;
+    }
+
+    BigIntToBigVal(&a->x, b, RIOT_ECC_COORD_BYTES);
+    b += RIOT_ECC_COORD_BYTES;
+    BigIntToBigVal(&a->y, b, RIOT_ECC_COORD_BYTES );
+    a->infinity = 0;
+    return RIOT_SUCCESS;
+}
+
 void
 RiotCrypt_ExportEccPub(
-    RIOT_ECC_PUBLIC     *a,     // IN:  TODO
-    uint8_t             *b,     // OUT: TODO
-    uint32_t            *s      // OUT: TODO
+    const RIOT_ECC_PUBLIC   *a,     // IN:  TODO
+    uint8_t                 *b,     // OUT: TODO
+    uint32_t                *s      // OUT: TODO
 )
 {
     *b++ = 0x04;
@@ -198,7 +225,6 @@ RiotCrypt_ExportEccPub(
     }
 }
 
-
 RIOT_STATUS
 RiotCrypt_Sign(
     RIOT_ECC_SIGNATURE     *sig,        // OUT: TODO

Emulator/RIoT/RIoTCrypt/RiotDerEnc.c → CyReP/RiotDerEnc.c

@@ -4,20 +4,10 @@ Microsoft Copyright 2017
 Confidential Information
 
 */
-#include <stdint.h>
-#include <stdbool.h>
-#include <string.h>
 
-#ifdef WIN32
-    #define WIN32_LEAN_AND_MEAN
-    #include <windows.h>
-    #include <winsock2.h> // TODO: REMOVE THIS
-#else
-    #include <arpa/inet.h>
-#endif
-
-#include "RiotDerEnc.h"
-#include "RiotBase64.h"
+#include <RiotTarget.h>
+#include <RiotDerEnc.h>
+#include <RiotBase64.h>
 
 // 
 // This file contains basic DER-encoding routines that are sufficient to create
@@ -44,7 +34,7 @@ Confidential Information
 // additions. CHECK_SPACE2 when larger objects are being added (and the length
 // is known.)
 #define CHECK_SPACE(_X)      if((_X->Length-_X->Position)<32)        {goto Error;}
-#define CHECK_SPACE2(_X, _N) if(((_X->Length-_X->Position)+(_N))<32) {goto Error;}
+#define CHECK_SPACE2(_X, _N) if((_X->Length-_X->Position)<(_N)) {goto Error;}
 
 static int
 GetIntEncodedNumBytes(
@@ -273,7 +263,7 @@ DERAddIntegerFromArray(
     uint8_t             *Val,
     uint32_t            NumBytes
 )
-// Input integer is assumed unsigned with most signficant byte first.
+// Input integer is assumed unsigned with most significant byte first.
 // A leading zero will be added if the most significant input bit is set.
 // Leading zeros in the input number will be removed.
 {
@@ -290,6 +280,11 @@ DERAddIntegerFromArray(
         numLeadingZeros++;
     }
 
+    // Handle zero case. We do not want index outside the buffer.
+    if (numLeadingZeros == NumBytes) {
+        numLeadingZeros--;
+    }
+
     negative = Val[numLeadingZeros] >= 128;
     Context->Buffer[Context->Position++] = 0x02;
 
@@ -314,7 +309,7 @@ DERAddInteger(
     int                  Val
 )
 {
-    long valx = htonl(Val); // TODO: REMOVE USAGE
+    long valx = SWAP32(Val);
     int res = DERAddIntegerFromArray(Context, (uint8_t*)&valx, 4);
     return res;
 }
@@ -331,7 +326,7 @@ DERAddShortExplicitInteger(
     Context->Buffer[Context->Position++] = 0xA0;
     Context->Buffer[Context->Position++] = 3;
 
-    valx = htonl(Val);
+    valx = SWAP32(Val);
     return (DERAddIntegerFromArray(Context, (uint8_t*)&valx, 4));
 Error:
     return -1;
@@ -377,6 +372,25 @@ DERAddBitString(
     return -1;
 }
 
+int
+DERAddSequenceOctets(
+    DERBuilderContext   *Context,
+    uint8_t             Num,
+    uint8_t             *OctetString,
+    uint32_t             OctetStringLen
+)
+{
+    CHECK_SPACE2(Context, OctetStringLen);
+    Context->Buffer[Context->Position++] = 0x80 + Num;
+    EncodeInt(Context->Buffer + Context->Position, OctetStringLen);
+    Context->Position += GetIntEncodedNumBytes(OctetStringLen);
+    memcpy(Context->Buffer + Context->Position, OctetString, OctetStringLen);
+    Context->Position += OctetStringLen;
+    return 0;
+Error:
+    return -1;
+}
+
 int
 DERAddOctetString(
     DERBuilderContext   *Context,
@@ -395,7 +409,6 @@ DERAddOctetString(
     return -1;
 }
 
-
 int
 DERStartSequenceOrSet(
     DERBuilderContext   *Context,
@@ -432,6 +445,7 @@ DERStartExplicit(
 Error:
     return -1;
 }
+
 int
 DERStartEnvelopingOctetString(
     DERBuilderContext   *Context
@@ -548,11 +562,11 @@ typedef struct
 } PEMHeadersFooters;
 
 // We only have a small subset of potential PEM encodings
-const PEMHeadersFooters PEMhf[LAST_CERT_TYPE] = {
-    {28, 26, "-----BEGIN CERTIFICATE-----\n", "-----END CERTIFICATE-----\n"},
-    {27, 25, "-----BEGIN PUBLIC KEY-----\n", "-----END PUBLIC KEY-----\n\0"},
-    {31, 29, "-----BEGIN EC PRIVATE KEY-----\n", "-----END EC PRIVATE KEY-----\n"},
-    {36, 34, "-----BEGIN CERTIFICATE REQUEST-----\n", "-----END CERTIFICATE REQUEST-----\n"}
+const PEMHeadersFooters PEMhf[R_LAST_CERT_TYPE] = {
+    {29, 27, "-----BEGIN CERTIFICATE-----\r\n", "-----END CERTIFICATE-----\r\n"},
+    {28, 26, "-----BEGIN PUBLIC KEY-----\r\n", "-----END PUBLIC KEY-----\r\n"},
+    {32, 30, "-----BEGIN EC PRIVATE KEY-----\r\n", "-----END EC PRIVATE KEY-----\r\n"},
+    {37, 35, "-----BEGIN CERTIFICATE REQUEST-----\r\n", "-----END CERTIFICATE REQUEST-----\r\n"}
 };
 
 int
@@ -568,7 +582,7 @@ DERtoPEM(
     uint32_t    b64Len, reqLen;
 
     // Parameter validation
-    if (!(Context) || !(Type < LAST_CERT_TYPE) || !(PEM)) {
+    if (!(Context) || !(Type < R_LAST_CERT_TYPE) || !(PEM)) {
         return -1;
     }